Skip to content

Commit

Permalink
Merge pull request #30 from omertuc/dry
Browse files Browse the repository at this point in the history
Dry run mode
  • Loading branch information
omertuc authored Oct 17, 2023
2 parents 20d24db + 4fe5d77 commit 234efd6
Show file tree
Hide file tree
Showing 11 changed files with 86 additions and 50 deletions.
6 changes: 4 additions & 2 deletions run_seed.sh
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ if [[ ! -d backup ]]; then
cat backup/blobs/sha256/$(cat backup/blobs/sha256/$(cat backup/index.json | jq '.manifests[0].digest' -r | cut -d ':' -f2) | jq '.layers[0].digest' -r | cut -d ':' -f2) | tar -xz -C backup
fi

rm -rf backup/etc backup/var backup/etc_orig backup/var_orig
rm -rf backup/etc backup/var backup/etc_orig backup/var_orig backup/etcd_orig backup/etcd

tar -C backup -xzf backup/etc.tgz
tar -C backup -xzf backup/var.tgz
Expand Down Expand Up @@ -52,7 +52,9 @@ cargo run --release -- \
--cn-san-replace *.apps.test-cluster.redhat.com:*.apps.new-name.foo.com \
--cn-san-replace 192.168.127.10:192.168.127.11 \
--summary-file summary.yaml \
--extend-expiration
--extend-expiration \
--dry-run
# --regenerate-server-ssh-keys backup/etc/ssh/ \

cargo run --manifest-path etcddump/Cargo.toml --release -- --etcd-endpoint localhost:2379 --output-dir backup/etcd

Expand Down
10 changes: 9 additions & 1 deletion src/cli.rs
Original file line number Diff line number Diff line change
Expand Up @@ -69,12 +69,18 @@ pub(crate) struct Cli {
pub(crate) threads: Option<usize>,

/// Regenerate server SSH keys and write to this directory
#[clap(long, value_parser = clap::value_parser!(ClioPath).exists().is_dir())]
#[clap(long, group = "dry", value_parser = clap::value_parser!(ClioPath).exists().is_dir())]
pub(crate) regenerate_server_ssh_keys: Option<ClioPath>,

/// Generate a summary
#[clap(long, value_parser = clap::value_parser!(ClioPath))]
pub(crate) summary_file: Option<ClioPath>,

/// Don't actually commit anything to etcd/disk. Useful for validating that a cluster can be
/// recertified error-free before turning it into a seed image.
/// Note: the act of reading from etcd might sometimes cause changes to etcd
#[clap(long, group = "dry")]
pub(crate) dry_run: bool,
}

/// All the user requested customizations, coalesced into a single struct for convenience
Expand All @@ -87,6 +93,7 @@ pub(crate) struct Customizations {

/// All parsed CLI arguments, coalesced into a single struct for convenience
pub(crate) struct ParsedCLI {
pub(crate) dry_run: bool,
pub(crate) etcd_endpoint: Option<String>,
pub(crate) static_dirs: Vec<ClioPath>,
pub(crate) static_files: Vec<ClioPath>,
Expand All @@ -101,6 +108,7 @@ pub(crate) fn parse_cli() -> Result<ParsedCLI> {
let cli = Cli::parse();

Ok(ParsedCLI {
dry_run: cli.dry_run,
etcd_endpoint: cli.etcd_endpoint,
static_dirs: cli.static_dir,
static_files: cli.static_file,
Expand Down
6 changes: 3 additions & 3 deletions src/cluster_crypto/cert_key_pair.rs
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ use super::{
};
use crate::{
cluster_crypto::{crypto_utils::key_from_file, locations::LocationValueType},
file_utils::{add_recert_edited_annotation, get_filesystem_yaml, recreate_yaml_at_location_with_new_pem},
file_utils::{add_recert_edited_annotation, commit_file, get_filesystem_yaml, recreate_yaml_at_location_with_new_pem},
k8s_etcd::{get_etcd_yaml, InMemoryK8sEtcd},
rsa_key_pool::RsaKeyPool,
Customizations,
Expand Down Expand Up @@ -355,7 +355,7 @@ impl CertKeyPair {
.encode_pem(),
)?;

Ok(tokio::fs::write(
commit_file(
&filelocation.path,
match &filelocation.content_location {
FileContentLocation::Raw(location_value_type) => match &location_value_type {
Expand Down Expand Up @@ -383,7 +383,7 @@ impl CertKeyPair {
}
},
)
.await?)
.await
}
}

Expand Down
4 changes: 2 additions & 2 deletions src/cluster_crypto/distributed_jwt.rs
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ use super::{
locations::{FileContentLocation, FileLocation, K8sLocation, Location, LocationValueType, Locations},
};
use crate::{
file_utils::encode_resource_data_entry,
file_utils::{commit_file, encode_resource_data_entry},
k8s_etcd::{get_etcd_yaml, InMemoryK8sEtcd},
};
use anyhow::{bail, Context, Result};
Expand Down Expand Up @@ -112,7 +112,7 @@ impl DistributedJwt {
}

pub(crate) async fn commit_to_filesystem(&self, filelocation: &FileLocation) -> Result<()> {
tokio::fs::write(
commit_file(
&filelocation.path,
match &filelocation.content_location {
FileContentLocation::Raw(pem_location_info) => match &pem_location_info {
Expand Down
6 changes: 4 additions & 2 deletions src/cluster_crypto/distributed_private_key.rs
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,9 @@ use super::{
signee::Signee,
};
use crate::{
file_utils::{add_recert_edited_annotation, get_filesystem_yaml, read_file_to_string, recreate_yaml_at_location_with_new_pem},
file_utils::{
add_recert_edited_annotation, commit_file, get_filesystem_yaml, read_file_to_string, recreate_yaml_at_location_with_new_pem,
},
k8s_etcd::InMemoryK8sEtcd,
rsa_key_pool::RsaKeyPool,
Customizations,
Expand Down Expand Up @@ -102,7 +104,7 @@ impl DistributedPrivateKey {
PrivateKey::Ec(ec_bytes) => pem::Pem::new("EC PRIVATE KEY", ec_bytes.as_ref()),
};

tokio::fs::write(
commit_file(
&filelocation.path,
match &filelocation.content_location {
FileContentLocation::Raw(pem_location_info) => match &pem_location_info {
Expand Down
6 changes: 4 additions & 2 deletions src/cluster_crypto/distributed_public_key.rs
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,9 @@ use super::{
pem_utils,
};
use crate::{
file_utils::{add_recert_edited_annotation, get_filesystem_yaml, read_file_to_string, recreate_yaml_at_location_with_new_pem},
file_utils::{
add_recert_edited_annotation, commit_file, get_filesystem_yaml, read_file_to_string, recreate_yaml_at_location_with_new_pem,
},
k8s_etcd::{get_etcd_yaml, InMemoryK8sEtcd},
};
use std::fmt::Display;
Expand Down Expand Up @@ -91,7 +93,7 @@ impl DistributedPublicKey {
PublicKey::Ec(_) => bail!("ECDSA public key not yet supported for filesystem commit"),
};

tokio::fs::write(
commit_file(
&filelocation.path,
match &filelocation.content_location {
FileContentLocation::Raw(pem_location_info) => match &pem_location_info {
Expand Down
16 changes: 15 additions & 1 deletion src/file_utils.rs
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,23 @@ use crate::cluster_crypto::{
use anyhow::{bail, Context, Result};
use base64::{engine::general_purpose::STANDARD as base64_standard, Engine as _};
use serde_json::Value;
use std::path::{Path, PathBuf};
use std::{
path::{Path, PathBuf},
sync::atomic::Ordering::Relaxed,
};
use tokio::io::AsyncReadExt;

// Global dry run flag
pub(crate) static DRY_RUN: std::sync::atomic::AtomicBool = std::sync::atomic::AtomicBool::new(false);

pub async fn commit_file(path: impl AsRef<Path>, contents: impl AsRef<[u8]>) -> Result<()> {
if !DRY_RUN.load(Relaxed) {
tokio::fs::write(path, contents).await?;
}

Ok(())
}

pub(crate) fn globvec(location: &Path, globstr: &str) -> Result<Vec<PathBuf>> {
let mut globoptions = glob::MatchOptions::new();
globoptions.require_literal_leading_dot = true;
Expand Down
22 changes: 1 addition & 21 deletions src/k8s_etcd.rs
Original file line number Diff line number Diff line change
@@ -1,9 +1,8 @@
use crate::cluster_crypto::locations::K8sResourceLocation;
use crate::ouger::{ouger, OUGER_SERVER_PORT};
use crate::ouger::ouger;
use anyhow::{bail, Context, Result};
use etcd_client::{Client as EtcdClient, GetOptions};
use futures_util::future::join_all;
use reqwest::Client;
use serde_json::Value;
use std::collections::{HashMap, HashSet};
use std::sync::Arc;
Expand Down Expand Up @@ -162,25 +161,6 @@ impl InMemoryK8sEtcd {
}
}

pub(crate) async fn wait_for_ouger() {
let mut tries = 0;
while tries < 100 {
if Client::new()
.get(format!("http://localhost:{OUGER_SERVER_PORT}/healthz"))
.send()
.await
.is_ok()
{
return;
}

tokio::time::sleep(tokio::time::Duration::from_millis(100)).await;
tries += 1;
}

panic!("Ouger server did not start in time");
}

pub(crate) async fn get_etcd_yaml(client: &InMemoryK8sEtcd, k8slocation: &K8sResourceLocation) -> Result<Option<Value>> {
let etcd_result = client
.get(k8slocation.as_etcd_key())
Expand Down
23 changes: 17 additions & 6 deletions src/main.rs
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,10 @@ use clio::ClioPath;
use cluster_crypto::ClusterCryptoObjects;
use etcd_client::Client as EtcdClient;
use k8s_etcd::InMemoryK8sEtcd;
use std::{path::Path, sync::Arc};
use std::{
path::Path,
sync::{atomic::Ordering::Relaxed, Arc},
};

mod cli;
mod cluster_crypto;
Expand Down Expand Up @@ -39,6 +42,10 @@ async fn main_internal(parsed_cli: ParsedCLI) -> Result<()> {
None => None,
}));

if parsed_cli.dry_run {
file_utils::DRY_RUN.store(true, Relaxed);
}

let cluster_crypto = recertify(
Arc::clone(&in_memory_etcd_client),
parsed_cli.static_dirs.clone(),
Expand All @@ -55,6 +62,7 @@ async fn main_internal(parsed_cli: ParsedCLI) -> Result<()> {
parsed_cli.static_dirs,
parsed_cli.regenerate_server_ssh_keys.as_deref(),
parsed_cli.summary_file,
parsed_cli.dry_run,
)
.await
.context("finalizing")?;
Expand Down Expand Up @@ -99,6 +107,7 @@ async fn finalize(
static_dirs: Vec<ClioPath>,
regenerate_server_ssh_keys: Option<&Path>,
summary_file: Option<ClioPath>,
dry_run: bool,
) -> Result<()> {
cluster_crypto
.commit_to_etcd_and_disk(&in_memory_etcd_client)
Expand All @@ -120,11 +129,13 @@ async fn finalize(
}

// Since we're using an in-memory fake etcd, we need to also commit the changes to the real
// etcd after we're done
in_memory_etcd_client
.commit_to_actual_etcd()
.await
.context("commiting etcd cache to actual etcd")?;
// etcd after we're done (unless we're doing a dry run)
if !dry_run {
in_memory_etcd_client
.commit_to_actual_etcd()
.await
.context("commiting etcd cache to actual etcd")?;
}

// Serialize cluster_crypto into the summary file if requested
if let Some(summary_file) = summary_file {
Expand Down
16 changes: 8 additions & 8 deletions src/ocp_postprocess/cluster_domain_rename/filesystem_rename.rs
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ use super::{
rename_utils::fix_oauth_metadata,
rename_utils::{fix_kcm_pod, fix_machineconfig},
};
use crate::file_utils::{self, read_file_to_string};
use crate::file_utils::{self, commit_file, read_file_to_string};
use anyhow::{self, Context, Result};
use futures_util::future::join_all;
use serde_json::Value;
Expand All @@ -29,7 +29,7 @@ pub(crate) async fn fix_filesystem_kcm_pods(generated_infra_id: &str, dir: &Path

fix_kcm_pod(&mut pod, &generated_infra_id)?;

tokio::fs::write(
commit_file(
file_path,
serde_json::to_string(&pod).context("serializing kube-controller-manager-pod.yaml")?,
)
Expand Down Expand Up @@ -68,7 +68,7 @@ pub(crate) async fn fix_filesystem_kcm_configs(generated_infra_id: &str, dir: &P

fix_kcm_extended_args(&mut config, &generated_infra_id)?;

tokio::fs::write(
commit_file(
file_path,
serde_json::to_string(&config).context("serializing kube-controller-manager config.yaml")?,
)
Expand Down Expand Up @@ -107,7 +107,7 @@ pub(crate) async fn fix_filesystem_kube_apiserver_configs(cluster_domain: &str,

fix_api_server_arguments(&mut config, &cluster_domain)?;

tokio::fs::write(
commit_file(
file_path,
serde_json::to_string(&config).context("serializing kube-apiserver config.yaml")?,
)
Expand Down Expand Up @@ -146,7 +146,7 @@ pub(crate) async fn fix_filesystem_kube_apiserver_oauth_metadata(cluster_domain:

fix_oauth_metadata(&mut config, &cluster_domain)?;

tokio::fs::write(
commit_file(
file_path,
serde_json::to_string(&config).context("serializing kube-apiserver oauthMetadata")?,
)
Expand Down Expand Up @@ -182,7 +182,7 @@ pub(crate) async fn fix_filesystem_currentconfig(cluster_domain: &str, dir: &Pat

fix_machineconfig(&mut config, &cluster_domain)?;

tokio::fs::write(file_path, serde_json::to_string(&config).context("serializing currentconfig")?)
commit_file(file_path, serde_json::to_string(&config).context("serializing currentconfig")?)
.await
.context("writing currentconfig to disk")?;

Expand Down Expand Up @@ -210,7 +210,7 @@ pub(crate) async fn fix_filesystem_apiserver_url_env_files(cluster_domain: &str,
let contents = read_file_to_string(file_path.clone()).await.context("reading apiserver-url.env")?;

// write back to disk
tokio::fs::write(file_path, fix_apiserver_url_file(contents.as_bytes().into(), &cluster_domain)?)
commit_file(file_path, fix_apiserver_url_file(contents.as_bytes().into(), &cluster_domain)?)
.await
.context("writing kubeconfig to disk")?;

Expand Down Expand Up @@ -251,7 +251,7 @@ pub(crate) async fn fix_filesystem_kubeconfigs(cluster_domain: &str, dir: &Path)
.await
.context("fixing kubeconfig")?;

tokio::fs::write(file_path, serde_yaml::to_string(&yaml_value).context("serializing kubeconfig")?)
commit_file(file_path, serde_yaml::to_string(&yaml_value).context("serializing kubeconfig")?)
.await
.context("writing kubeconfig to disk")?;

Expand Down
21 changes: 19 additions & 2 deletions src/ouger.rs
Original file line number Diff line number Diff line change
@@ -1,6 +1,4 @@
use crate::k8s_etcd;
use anyhow::{ensure, Context, Result};
use k8s_etcd::wait_for_ouger;
use reqwest::Client;
use std::process::{Child, Command};

Expand All @@ -16,6 +14,25 @@ impl Drop for OugerChildProcess {
}
}

async fn wait_for_ouger() {
let mut tries = 0;
while tries < 100 {
if Client::new()
.get(format!("http://localhost:{OUGER_SERVER_PORT}/healthz"))
.send()
.await
.is_ok()
{
return;
}

tokio::time::sleep(tokio::time::Duration::from_millis(100)).await;
tries += 1;
}

panic!("Ouger server did not start in time");
}

pub(crate) async fn launch_ouger_server() -> Result<OugerChildProcess> {
let ouger_child_process = OugerChildProcess(
Command::new("ouger_server")
Expand Down

0 comments on commit 234efd6

Please sign in to comment.