Hello community, here is the log from the commit of package kubic-control for openSUSE:Factory checked in at 2019-04-26 22:55:55 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/kubic-control (Old) and /work/SRC/openSUSE:Factory/.kubic-control.new.5536 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kubic-control" Fri Apr 26 22:55:55 2019 rev:3 rq:698209 version:0.4.0 Changes: -------- --- /work/SRC/openSUSE:Factory/kubic-control/kubic-control.changes 2019-04-19 18:39:24.503262848 +0200 +++ /work/SRC/openSUSE:Factory/.kubic-control.new.5536/kubic-control.changes 2019-04-26 22:55:58.541256152 +0200 @@ -1,0 +2,15 @@ +Fri Apr 26 14:09:33 CEST 2019 - ku...@suse.de + +- Update to version 0.4.0 + - Rework communication for removing nodes + - Add support for cilium + - Bug fixes + +------------------------------------------------------------------- +Thu Apr 25 16:12:15 CEST 2019 - ku...@suse.de + +- Update to version 0.3.0 + - Add support for RBAC management to kubicctl + - Add support to create user certificates to kubicctl + +------------------------------------------------------------------- Old: ---- kubic-control-0.2.1.tar.xz New: ---- kubic-control-0.4.0.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ kubic-control.spec ++++++ --- /var/tmp/diff_new_pack.fvSyHG/_old 2019-04-26 22:56:00.149255116 +0200 +++ /var/tmp/diff_new_pack.fvSyHG/_new 2019-04-26 22:56:00.153255113 +0200 @@ -17,7 +17,7 @@ Name: kubic-control -Version: 0.2.1 +Version: 0.4.0 Release: 0 Summary: Simple setup tool for kubernetes License: Apache-2.0 ++++++ kubic-control-0.2.1.tar.xz -> kubic-control-0.4.0.tar.xz ++++++ Binary files old/kubic-control-0.2.1/.git/index and new/kubic-control-0.4.0/.git/index differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubic-control-0.2.1/.git/logs/HEAD new/kubic-control-0.4.0/.git/logs/HEAD --- old/kubic-control-0.2.1/.git/logs/HEAD 2019-04-18 14:39:41.592935299 +0200 +++ new/kubic-control-0.4.0/.git/logs/HEAD 2019-04-26 14:07:15.557798664 +0200 @@ -1 +1 @@ -0000000000000000000000000000000000000000 6665a06488a12d17faf5d0e0d47295d6e96b8b3e Thorsten Kukuk <ku...@thkukuk.de> 1555591181 +0200 clone: from https://github.com/thkukuk/kubic-control +0000000000000000000000000000000000000000 8789ce66da490b5f82b3fa885f8bb57f4f530a09 Thorsten Kukuk <ku...@thkukuk.de> 1556280435 +0200 clone: from https://github.com/thkukuk/kubic-control diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubic-control-0.2.1/.git/logs/refs/heads/master new/kubic-control-0.4.0/.git/logs/refs/heads/master --- old/kubic-control-0.2.1/.git/logs/refs/heads/master 2019-04-18 14:39:41.592935299 +0200 +++ new/kubic-control-0.4.0/.git/logs/refs/heads/master 2019-04-26 14:07:15.557798664 +0200 @@ -1 +1 @@ -0000000000000000000000000000000000000000 6665a06488a12d17faf5d0e0d47295d6e96b8b3e Thorsten Kukuk <ku...@thkukuk.de> 1555591181 +0200 clone: from https://github.com/thkukuk/kubic-control +0000000000000000000000000000000000000000 8789ce66da490b5f82b3fa885f8bb57f4f530a09 Thorsten Kukuk <ku...@thkukuk.de> 1556280435 +0200 clone: from https://github.com/thkukuk/kubic-control diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubic-control-0.2.1/.git/logs/refs/remotes/origin/HEAD new/kubic-control-0.4.0/.git/logs/refs/remotes/origin/HEAD --- old/kubic-control-0.2.1/.git/logs/refs/remotes/origin/HEAD 2019-04-18 14:39:41.592935299 +0200 +++ new/kubic-control-0.4.0/.git/logs/refs/remotes/origin/HEAD 2019-04-26 14:07:15.557798664 +0200 @@ -1 +1 @@ -0000000000000000000000000000000000000000 6665a06488a12d17faf5d0e0d47295d6e96b8b3e Thorsten Kukuk <ku...@thkukuk.de> 1555591181 +0200 clone: from https://github.com/thkukuk/kubic-control +0000000000000000000000000000000000000000 8789ce66da490b5f82b3fa885f8bb57f4f530a09 Thorsten Kukuk <ku...@thkukuk.de> 1556280435 +0200 clone: from https://github.com/thkukuk/kubic-control Binary files old/kubic-control-0.2.1/.git/objects/pack/pack-a6007c132993c72fc484c0cc5ad73cab05f65a68.idx and new/kubic-control-0.4.0/.git/objects/pack/pack-a6007c132993c72fc484c0cc5ad73cab05f65a68.idx differ Binary files old/kubic-control-0.2.1/.git/objects/pack/pack-a6007c132993c72fc484c0cc5ad73cab05f65a68.pack and new/kubic-control-0.4.0/.git/objects/pack/pack-a6007c132993c72fc484c0cc5ad73cab05f65a68.pack differ Binary files old/kubic-control-0.2.1/.git/objects/pack/pack-fa681be18b28df10ad5bbcf34d4024f7b5d4bfd2.idx and new/kubic-control-0.4.0/.git/objects/pack/pack-fa681be18b28df10ad5bbcf34d4024f7b5d4bfd2.idx differ Binary files old/kubic-control-0.2.1/.git/objects/pack/pack-fa681be18b28df10ad5bbcf34d4024f7b5d4bfd2.pack and new/kubic-control-0.4.0/.git/objects/pack/pack-fa681be18b28df10ad5bbcf34d4024f7b5d4bfd2.pack differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubic-control-0.2.1/.git/packed-refs new/kubic-control-0.4.0/.git/packed-refs --- old/kubic-control-0.2.1/.git/packed-refs 2019-04-18 14:39:41.592935299 +0200 +++ new/kubic-control-0.4.0/.git/packed-refs 2019-04-26 14:07:15.557798664 +0200 @@ -1,5 +1,8 @@ # pack-refs with: peeled fully-peeled sorted -6665a06488a12d17faf5d0e0d47295d6e96b8b3e refs/remotes/origin/master +8789ce66da490b5f82b3fa885f8bb57f4f530a09 refs/remotes/origin/master +8753d28f8536fa50a7e9e5873348475a4a9652d5 refs/tags/0.3.0 11f0daf7e39c6c8ca826819b9fa230952c167fc4 refs/tags/v0.1.0 02cfb06685013a9b6a38b31ab421c3b37f3ae3cb refs/tags/v0.2.0 6665a06488a12d17faf5d0e0d47295d6e96b8b3e refs/tags/v0.2.1 +8753d28f8536fa50a7e9e5873348475a4a9652d5 refs/tags/v0.3.0 +8789ce66da490b5f82b3fa885f8bb57f4f530a09 refs/tags/v0.4.0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubic-control-0.2.1/.git/refs/heads/master new/kubic-control-0.4.0/.git/refs/heads/master --- old/kubic-control-0.2.1/.git/refs/heads/master 2019-04-18 14:39:41.592935299 +0200 +++ new/kubic-control-0.4.0/.git/refs/heads/master 2019-04-26 14:07:15.557798664 +0200 @@ -1 +1 @@ -6665a06488a12d17faf5d0e0d47295d6e96b8b3e +8789ce66da490b5f82b3fa885f8bb57f4f530a09 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubic-control-0.2.1/README.md new/kubic-control-0.4.0/README.md --- old/kubic-control-0.2.1/README.md 2019-04-18 14:39:41.596935314 +0200 +++ new/kubic-control-0.4.0/README.md 2019-04-26 14:07:15.557798664 +0200 @@ -30,7 +30,12 @@ contains `Kubic-Control-CA.crt`, `user.key` and `user.crt`. For the admin role, this need to be a copy of admin.key and admin.crt. For other users, you need to create corresponding certificates and sign them with -`Kubic-Control-CA.crt`. +`Kubic-Control-CA.crt`. If you call `kubicctl` as root and there is no +`user.crt` in `~/.config/kubicctl`, the admin certificates from +`/etc/kubicd/pki` are used if they exist. +Certificates for additional users can be created with `kubicctl certificates +create <account>`. + Please take care of this certificates and store them secure, this are the passwords to access kubicd! @@ -71,9 +76,17 @@ The second file, `rbac.conf`, is mandatory, else nobody can access `kubicd`, all requests will be rejected. The default file can be found in -`/usr/share/defaults/kubicd/kubicd.conf`. Changed entries should be written +`/usr/share/defaults/kubicd/rbac.conf`. Changed entries should be written to `/etc/kubicd/rbac.conf`. +## RBAC + +`rbac.conf` contains the roles as key and the users, who are allowed to use +this functionality as comma seperated list. `kubicctl rbac list` will print +out a list of current configured roles and the corresponding users. `kubicctl +rbac add <role> <user>` will add the user to the role. + + ## Notes `Kubicd` does not store any informations about the state of the kubernetes diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubic-control-0.2.1/VERSION new/kubic-control-0.4.0/VERSION --- old/kubic-control-0.2.1/VERSION 2019-04-18 14:39:41.596935314 +0200 +++ new/kubic-control-0.4.0/VERSION 2019-04-26 14:07:15.557798664 +0200 @@ -1 +1 @@ -0.2.1 +0.4.0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubic-control-0.2.1/api/api.pb.go new/kubic-control-0.4.0/api/api.pb.go --- old/kubic-control-0.2.1/api/api.pb.go 2019-04-18 14:39:41.616935386 +0200 +++ new/kubic-control-0.4.0/api/api.pb.go 2019-04-26 14:07:15.609798852 +0200 @@ -37,7 +37,7 @@ func (m *StatusReply) String() string { return proto.CompactTextString(m) } func (*StatusReply) ProtoMessage() {} func (*StatusReply) Descriptor() ([]byte, []int) { - return fileDescriptor_api_d955562b5e1094dd, []int{0} + return fileDescriptor_api_7ed840694d811469, []int{0} } func (m *StatusReply) XXX_Unmarshal(b []byte) error { return xxx_messageInfo_StatusReply.Unmarshal(m, b) @@ -84,7 +84,7 @@ func (m *InitRequest) String() string { return proto.CompactTextString(m) } func (*InitRequest) ProtoMessage() {} func (*InitRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_api_d955562b5e1094dd, []int{1} + return fileDescriptor_api_7ed840694d811469, []int{1} } func (m *InitRequest) XXX_Unmarshal(b []byte) error { return xxx_messageInfo_InitRequest.Unmarshal(m, b) @@ -130,7 +130,7 @@ func (m *AddNodeRequest) String() string { return proto.CompactTextString(m) } func (*AddNodeRequest) ProtoMessage() {} func (*AddNodeRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_api_d955562b5e1094dd, []int{2} + return fileDescriptor_api_7ed840694d811469, []int{2} } func (m *AddNodeRequest) XXX_Unmarshal(b []byte) error { return xxx_messageInfo_AddNodeRequest.Unmarshal(m, b) @@ -169,7 +169,7 @@ func (m *RemoveNodeRequest) String() string { return proto.CompactTextString(m) } func (*RemoveNodeRequest) ProtoMessage() {} func (*RemoveNodeRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_api_d955562b5e1094dd, []int{3} + return fileDescriptor_api_7ed840694d811469, []int{3} } func (m *RemoveNodeRequest) XXX_Unmarshal(b []byte) error { return xxx_messageInfo_RemoveNodeRequest.Unmarshal(m, b) @@ -208,7 +208,7 @@ func (m *RebootNodeRequest) String() string { return proto.CompactTextString(m) } func (*RebootNodeRequest) ProtoMessage() {} func (*RebootNodeRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_api_d955562b5e1094dd, []int{4} + return fileDescriptor_api_7ed840694d811469, []int{4} } func (m *RebootNodeRequest) XXX_Unmarshal(b []byte) error { return xxx_messageInfo_RebootNodeRequest.Unmarshal(m, b) @@ -246,7 +246,7 @@ func (m *Version) String() string { return proto.CompactTextString(m) } func (*Version) ProtoMessage() {} func (*Version) Descriptor() ([]byte, []int) { - return fileDescriptor_api_d955562b5e1094dd, []int{5} + return fileDescriptor_api_7ed840694d811469, []int{5} } func (m *Version) XXX_Unmarshal(b []byte) error { return xxx_messageInfo_Version.Unmarshal(m, b) @@ -283,7 +283,7 @@ func (m *Empty) String() string { return proto.CompactTextString(m) } func (*Empty) ProtoMessage() {} func (*Empty) Descriptor() ([]byte, []int) { - return fileDescriptor_api_d955562b5e1094dd, []int{6} + return fileDescriptor_api_7ed840694d811469, []int{6} } func (m *Empty) XXX_Unmarshal(b []byte) error { return xxx_messageInfo_Empty.Unmarshal(m, b) @@ -329,7 +329,7 @@ InitMaster(ctx context.Context, in *InitRequest, opts ...grpc.CallOption) (Kubeadm_InitMasterClient, error) // Add a new worker node to the cluster AddNode(ctx context.Context, in *AddNodeRequest, opts ...grpc.CallOption) (*StatusReply, error) - RemoveNode(ctx context.Context, in *RemoveNodeRequest, opts ...grpc.CallOption) (*StatusReply, error) + RemoveNode(ctx context.Context, in *RemoveNodeRequest, opts ...grpc.CallOption) (Kubeadm_RemoveNodeClient, error) RebootNode(ctx context.Context, in *RebootNodeRequest, opts ...grpc.CallOption) (*StatusReply, error) // Upgrade cluster to newest version (as of kubeadm on master) UpgradeKubernetes(ctx context.Context, in *Empty, opts ...grpc.CallOption) (Kubeadm_UpgradeKubernetesClient, error) @@ -386,13 +386,36 @@ return out, nil } -func (c *kubeadmClient) RemoveNode(ctx context.Context, in *RemoveNodeRequest, opts ...grpc.CallOption) (*StatusReply, error) { - out := new(StatusReply) - err := c.cc.Invoke(ctx, "/api.Kubeadm/RemoveNode", in, out, opts...) +func (c *kubeadmClient) RemoveNode(ctx context.Context, in *RemoveNodeRequest, opts ...grpc.CallOption) (Kubeadm_RemoveNodeClient, error) { + stream, err := c.cc.NewStream(ctx, &_Kubeadm_serviceDesc.Streams[1], "/api.Kubeadm/RemoveNode", opts...) if err != nil { return nil, err } - return out, nil + x := &kubeadmRemoveNodeClient{stream} + if err := x.ClientStream.SendMsg(in); err != nil { + return nil, err + } + if err := x.ClientStream.CloseSend(); err != nil { + return nil, err + } + return x, nil +} + +type Kubeadm_RemoveNodeClient interface { + Recv() (*StatusReply, error) + grpc.ClientStream +} + +type kubeadmRemoveNodeClient struct { + grpc.ClientStream +} + +func (x *kubeadmRemoveNodeClient) Recv() (*StatusReply, error) { + m := new(StatusReply) + if err := x.ClientStream.RecvMsg(m); err != nil { + return nil, err + } + return m, nil } func (c *kubeadmClient) RebootNode(ctx context.Context, in *RebootNodeRequest, opts ...grpc.CallOption) (*StatusReply, error) { @@ -405,7 +428,7 @@ } func (c *kubeadmClient) UpgradeKubernetes(ctx context.Context, in *Empty, opts ...grpc.CallOption) (Kubeadm_UpgradeKubernetesClient, error) { - stream, err := c.cc.NewStream(ctx, &_Kubeadm_serviceDesc.Streams[1], "/api.Kubeadm/UpgradeKubernetes", opts...) + stream, err := c.cc.NewStream(ctx, &_Kubeadm_serviceDesc.Streams[2], "/api.Kubeadm/UpgradeKubernetes", opts...) if err != nil { return nil, err } @@ -451,7 +474,7 @@ InitMaster(*InitRequest, Kubeadm_InitMasterServer) error // Add a new worker node to the cluster AddNode(context.Context, *AddNodeRequest) (*StatusReply, error) - RemoveNode(context.Context, *RemoveNodeRequest) (*StatusReply, error) + RemoveNode(*RemoveNodeRequest, Kubeadm_RemoveNodeServer) error RebootNode(context.Context, *RebootNodeRequest) (*StatusReply, error) // Upgrade cluster to newest version (as of kubeadm on master) UpgradeKubernetes(*Empty, Kubeadm_UpgradeKubernetesServer) error @@ -502,22 +525,25 @@ return interceptor(ctx, in, info, handler) } -func _Kubeadm_RemoveNode_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(RemoveNodeRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(KubeadmServer).RemoveNode(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/api.Kubeadm/RemoveNode", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(KubeadmServer).RemoveNode(ctx, req.(*RemoveNodeRequest)) +func _Kubeadm_RemoveNode_Handler(srv interface{}, stream grpc.ServerStream) error { + m := new(RemoveNodeRequest) + if err := stream.RecvMsg(m); err != nil { + return err } - return interceptor(ctx, in, info, handler) + return srv.(KubeadmServer).RemoveNode(m, &kubeadmRemoveNodeServer{stream}) +} + +type Kubeadm_RemoveNodeServer interface { + Send(*StatusReply) error + grpc.ServerStream +} + +type kubeadmRemoveNodeServer struct { + grpc.ServerStream +} + +func (x *kubeadmRemoveNodeServer) Send(m *StatusReply) error { + return x.ServerStream.SendMsg(m) } func _Kubeadm_RebootNode_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { @@ -586,10 +612,6 @@ Handler: _Kubeadm_AddNode_Handler, }, { - MethodName: "RemoveNode", - Handler: _Kubeadm_RemoveNode_Handler, - }, - { MethodName: "RebootNode", Handler: _Kubeadm_RebootNode_Handler, }, @@ -605,6 +627,11 @@ ServerStreams: true, }, { + StreamName: "RemoveNode", + Handler: _Kubeadm_RemoveNode_Handler, + ServerStreams: true, + }, + { StreamName: "UpgradeKubernetes", Handler: _Kubeadm_UpgradeKubernetes_Handler, ServerStreams: true, @@ -613,30 +640,30 @@ Metadata: "api.proto", } -func init() { proto.RegisterFile("api.proto", fileDescriptor_api_d955562b5e1094dd) } +func init() { proto.RegisterFile("api.proto", fileDescriptor_api_7ed840694d811469) } -var fileDescriptor_api_d955562b5e1094dd = []byte{ - // 344 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x92, 0x4d, 0x4b, 0xf3, 0x40, - 0x10, 0x80, 0xdf, 0xf4, 0x45, 0x63, 0xa6, 0x58, 0xed, 0x0a, 0x12, 0x04, 0xa1, 0x44, 0x84, 0x5e, - 0xac, 0x5a, 0x15, 0xbc, 0xf6, 0xa0, 0x20, 0xc5, 0x1e, 0x22, 0x7a, 0x2d, 0x9b, 0xec, 0x18, 0x43, - 0xcd, 0xce, 0x9a, 0xdd, 0x54, 0xfa, 0x33, 0xfd, 0x47, 0x92, 0xb4, 0x49, 0x5b, 0x6d, 0x91, 0x1e, - 0xe7, 0xe3, 0x99, 0x65, 0x9e, 0x59, 0x70, 0xb8, 0x8a, 0x3b, 0x2a, 0x25, 0x43, 0xec, 0x3f, 0x57, - 0xb1, 0xd7, 0x83, 0xfa, 0x93, 0xe1, 0x26, 0xd3, 0x3e, 0xaa, 0xf7, 0x09, 0x73, 0xc1, 0xd6, 0x59, - 0x18, 0xa2, 0xd6, 0xae, 0xd5, 0xb2, 0xda, 0x3b, 0x7e, 0x19, 0xe6, 0x95, 0x04, 0xb5, 0xe6, 0x11, - 0xba, 0xb5, 0x96, 0xd5, 0x76, 0xfc, 0x32, 0xf4, 0x42, 0xa8, 0x3f, 0xc8, 0xd8, 0xf8, 0xf8, 0x91, - 0xa1, 0x36, 0xec, 0x0c, 0xd8, 0x28, 0x0b, 0x30, 0x95, 0x68, 0x50, 0x0f, 0xc7, 0x98, 0xea, 0x98, - 0x64, 0x31, 0xcd, 0xf1, 0x9b, 0xf3, 0xca, 0xcb, 0xb4, 0xc0, 0x4e, 0xa1, 0xa1, 0x48, 0x0c, 0x25, - 0x9a, 0x4f, 0x4a, 0x47, 0xb1, 0x8c, 0x66, 0xe3, 0x77, 0x15, 0x89, 0x41, 0x95, 0xf4, 0xce, 0xa1, - 0xd1, 0x13, 0x62, 0x40, 0x02, 0xcb, 0x77, 0x8e, 0x01, 0x24, 0x09, 0x1c, 0x4a, 0x9e, 0xa0, 0x9e, - 0xcd, 0x77, 0xf2, 0xcc, 0x20, 0x4f, 0x78, 0x5d, 0x68, 0xfa, 0x98, 0xd0, 0x18, 0x37, 0x65, 0x02, - 0x22, 0xb3, 0x01, 0x73, 0x02, 0x76, 0xb9, 0x8a, 0x0b, 0xf6, 0xf2, 0xba, 0x65, 0xe8, 0xd9, 0xb0, - 0x75, 0x97, 0x28, 0x33, 0xe9, 0x7e, 0xd5, 0xc0, 0xee, 0x67, 0x01, 0x72, 0x91, 0xb0, 0x6b, 0x80, - 0xdc, 0xdb, 0x23, 0xd7, 0x06, 0x53, 0xb6, 0xdf, 0xc9, 0x2f, 0xb3, 0x20, 0xf2, 0x68, 0x9a, 0x59, - 0xb8, 0x8e, 0xf7, 0xef, 0xc2, 0x62, 0x5d, 0xb0, 0x67, 0x22, 0xd8, 0x41, 0xd1, 0xb0, 0xac, 0x65, - 0x15, 0xc5, 0x6e, 0x01, 0xe6, 0x2e, 0xd8, 0x61, 0xd1, 0xf1, 0x4b, 0xce, 0x7a, 0xb2, 0x34, 0x52, - 0x91, 0x3f, 0x14, 0xad, 0x24, 0x6f, 0xa0, 0xf9, 0xac, 0xa2, 0x94, 0x0b, 0xec, 0x57, 0x37, 0x67, - 0x50, 0x34, 0x16, 0x2a, 0xd6, 0xac, 0x77, 0x09, 0x7b, 0xf7, 0x68, 0xc2, 0xb7, 0x1c, 0x0a, 0x49, - 0xbe, 0xc6, 0xd1, 0x5f, 0x50, 0xb0, 0x5d, 0x7c, 0xe7, 0xab, 0xef, 0x00, 0x00, 0x00, 0xff, 0xff, - 0x57, 0x65, 0x10, 0x64, 0xdb, 0x02, 0x00, 0x00, +var fileDescriptor_api_7ed840694d811469 = []byte{ + // 347 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x92, 0x4f, 0x4b, 0xc3, 0x40, + 0x10, 0xc5, 0x4d, 0x45, 0x63, 0xa6, 0x58, 0xed, 0x0a, 0x12, 0x04, 0xa1, 0x44, 0x84, 0x5e, 0xac, + 0x5a, 0x15, 0xc4, 0x5b, 0x0f, 0x0a, 0x52, 0xec, 0x21, 0xa2, 0xd7, 0xb2, 0xc9, 0x8e, 0x31, 0xd4, + 0xec, 0xae, 0xd9, 0x4d, 0xa5, 0x9f, 0xd3, 0x2f, 0x24, 0x9b, 0x76, 0xfb, 0x47, 0x5b, 0xa4, 0xc7, + 0x79, 0x33, 0x6f, 0x1e, 0xfb, 0x9b, 0x05, 0x8f, 0xca, 0xb4, 0x25, 0x73, 0xa1, 0x05, 0xd9, 0xa4, + 0x32, 0x0d, 0x3a, 0x50, 0x7d, 0xd6, 0x54, 0x17, 0x2a, 0x44, 0xf9, 0x31, 0x22, 0x3e, 0xb8, 0xaa, + 0x88, 0x63, 0x54, 0xca, 0x77, 0x1a, 0x4e, 0x73, 0x27, 0xb4, 0xa5, 0xe9, 0x64, 0xa8, 0x14, 0x4d, + 0xd0, 0xaf, 0x34, 0x9c, 0xa6, 0x17, 0xda, 0x32, 0x88, 0xa1, 0xfa, 0xc8, 0x53, 0x1d, 0xe2, 0x67, + 0x81, 0x4a, 0x93, 0x33, 0x20, 0x83, 0x22, 0xc2, 0x9c, 0xa3, 0x46, 0xd5, 0x1f, 0x62, 0xae, 0x52, + 0xc1, 0xcb, 0x6d, 0x5e, 0x58, 0x9f, 0x75, 0x5e, 0xc7, 0x0d, 0x72, 0x0a, 0x35, 0x29, 0x58, 0x9f, + 0xa3, 0xfe, 0x12, 0xf9, 0x20, 0xe5, 0xc9, 0x64, 0xfd, 0xae, 0x14, 0xac, 0x37, 0x15, 0x83, 0x73, + 0xa8, 0x75, 0x18, 0xeb, 0x09, 0x86, 0x36, 0xe7, 0x18, 0x80, 0x0b, 0x86, 0x7d, 0x4e, 0x33, 0x54, + 0x93, 0xfd, 0x9e, 0x51, 0x7a, 0x46, 0x08, 0xda, 0x50, 0x0f, 0x31, 0x13, 0x43, 0x5c, 0xd7, 0x13, + 0x09, 0xa1, 0xd7, 0xf0, 0x9c, 0x80, 0x6b, 0x9f, 0xe2, 0x83, 0xbb, 0xf8, 0x5c, 0x5b, 0x06, 0x2e, + 0x6c, 0xdd, 0x67, 0x52, 0x8f, 0xda, 0xdf, 0x15, 0x70, 0xbb, 0x45, 0x84, 0x94, 0x65, 0xe4, 0x1a, + 0xc0, 0x70, 0x7b, 0xa2, 0x4a, 0x63, 0x4e, 0xf6, 0x5b, 0xe6, 0x32, 0x73, 0x20, 0x8f, 0xc6, 0xca, + 0xdc, 0x75, 0x82, 0x8d, 0x0b, 0x87, 0xb4, 0xc1, 0x9d, 0x80, 0x20, 0x07, 0xe5, 0xc0, 0x22, 0x96, + 0x65, 0x2e, 0x72, 0x07, 0x30, 0x63, 0x41, 0x0e, 0xcb, 0x89, 0x3f, 0x70, 0x56, 0xe4, 0xdd, 0x1a, + 0xaf, 0x65, 0x32, 0xf5, 0xfe, 0x82, 0xb4, 0x34, 0xf5, 0x06, 0xea, 0x2f, 0x32, 0xc9, 0x29, 0xc3, + 0xee, 0xf4, 0xea, 0x04, 0xca, 0xc1, 0x12, 0xc6, 0x8a, 0xc0, 0x4b, 0xd8, 0x7b, 0x40, 0x1d, 0xbf, + 0x1b, 0x53, 0x2c, 0xf8, 0x5b, 0x9a, 0xfc, 0x67, 0x8a, 0xb6, 0xcb, 0x0f, 0x7d, 0xf5, 0x13, 0x00, + 0x00, 0xff, 0xff, 0x6e, 0x87, 0x73, 0x92, 0xdd, 0x02, 0x00, 0x00, } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubic-control-0.2.1/api/api.proto new/kubic-control-0.4.0/api/api.proto --- old/kubic-control-0.2.1/api/api.proto 2019-04-18 14:39:41.596935314 +0200 +++ new/kubic-control-0.4.0/api/api.proto 2019-04-26 14:07:15.557798664 +0200 @@ -23,7 +23,7 @@ rpc InitMaster (InitRequest) returns (stream StatusReply) {} // Add a new worker node to the cluster rpc AddNode (AddNodeRequest) returns (StatusReply) {} - rpc RemoveNode (RemoveNodeRequest) returns (StatusReply) {} + rpc RemoveNode (RemoveNodeRequest) returns (stream StatusReply) {} rpc RebootNode (RebootNodeRequest) returns (StatusReply) {} // Upgrade cluster to newest version (as of kubeadm on master) rpc UpgradeKubernetes (Empty) returns (stream StatusReply) {} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubic-control-0.2.1/cmd/kubicd/main.go new/kubic-control-0.4.0/cmd/kubicd/main.go --- old/kubic-control-0.2.1/cmd/kubicd/main.go 2019-04-18 14:39:41.596935314 +0200 +++ new/kubic-control-0.4.0/cmd/kubicd/main.go 2019-04-26 14:07:15.557798664 +0200 @@ -60,18 +60,17 @@ return kubeadm.UpgradeKubernetes(in, stream) } +func (s *server) RemoveNode(in *pb.RemoveNodeRequest, stream pb.Kubeadm_RemoveNodeServer) error { + log.Printf("Received: remove node %v", in.NodeNames) + return kubeadm.RemoveNode(in, stream) +} + func (s *server) AddNode(ctx context.Context, in *pb.AddNodeRequest) (*pb.StatusReply, error) { log.Printf("Received: add node %v", in.NodeNames) status, message := kubeadm.AddNode(in.NodeNames) return &pb.StatusReply{Success: status, Message: message}, nil } -func (s *server) RemoveNode(ctx context.Context, in *pb.RemoveNodeRequest) (*pb.StatusReply, error) { - log.Printf("Received: remove node %v", in.NodeNames) - status, message := kubeadm.RemoveNode(in.NodeNames) - return &pb.StatusReply{Success: status, Message: message}, nil -} - func (s *server) RebootNode(ctx context.Context, in *pb.RebootNodeRequest) (*pb.StatusReply, error) { log.Printf("Received: reboot node %v", in.NodeNames) status, message := kubeadm.RebootNode(in.NodeNames) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubic-control-0.2.1/pkg/certificates/certificates.go new/kubic-control-0.4.0/pkg/certificates/certificates.go --- old/kubic-control-0.2.1/pkg/certificates/certificates.go 2019-04-18 14:39:41.596935314 +0200 +++ new/kubic-control-0.4.0/pkg/certificates/certificates.go 2019-04-26 14:07:15.557798664 +0200 @@ -32,6 +32,7 @@ subCmd.AddCommand( + CreateCertsCmd(), InitializeCertsCmd(), ) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubic-control-0.2.1/pkg/certificates/create.go new/kubic-control-0.4.0/pkg/certificates/create.go --- old/kubic-control-0.2.1/pkg/certificates/create.go 1970-01-01 01:00:00.000000000 +0100 +++ new/kubic-control-0.4.0/pkg/certificates/create.go 2019-04-26 14:07:15.557798664 +0200 @@ -0,0 +1,52 @@ +// Copyright 2019 Thorsten Kukuk +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package certificates + +import ( + "os" + "fmt" + + "github.com/spf13/cobra" +) + +func CreateCertsCmd() *cobra.Command { + var subCmd = &cobra.Command { + Use: "create <user>", + Short: "Cerate certificate for an user", + Run: createCerts, + Args: cobra.ExactArgs(1), + } + + return subCmd +} + +func createCerts (cmd *cobra.Command, args []string) { + user := args[0] + + err := CreateUser(PKI_dir, user) + if err != nil { + fmt.Fprintf(os.Stderr, "Error creating certificate for user '%s': %v\n", + user, err) + return + } + err = SignUser(PKI_dir, user) + if err != nil { + fmt.Fprintf(os.Stderr, "Error signing certificate for user '%s': %v\n", + user, err) + return + } + fmt.Printf("Signed certificates for user '%s' created in '%s'.\n", + user, PKI_dir) +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubic-control-0.2.1/pkg/certificates/initialize.go new/kubic-control-0.4.0/pkg/certificates/initialize.go --- old/kubic-control-0.2.1/pkg/certificates/initialize.go 2019-04-18 14:39:41.596935314 +0200 +++ new/kubic-control-0.4.0/pkg/certificates/initialize.go 2019-04-26 14:07:15.557798664 +0200 @@ -15,14 +15,12 @@ package certificates import ( + "os" + "fmt" + "github.com/spf13/cobra" ) -// var ( -// PKI_dir string - //cfg, cfg_err = ini.LooseLoad("/usr/share/defaults/kubicd/kubicd.conf", "/etc/kubicd/kubicd.conf") -//) - func InitializeCertsCmd() *cobra.Command { var subCmd = &cobra.Command { Use: "initialize", @@ -37,22 +35,28 @@ func initializeCerts (cmd *cobra.Command, args []string) { err := CreateCA(PKI_dir) if err != nil { + fmt.Fprintf(os.Stderr, "Error creating CA: %v\n", err) return } err = CreateUser(PKI_dir, "KubicD") if err != nil { + fmt.Fprintf(os.Stderr, "Error creating user 'KubicD': %v\n", err) return } err = SignUser(PKI_dir, "KubicD") if err != nil { + fmt.Fprintf(os.Stderr, "Error signing user 'KubicD': %v\n", err) return } err = CreateUser(PKI_dir, "admin") if err != nil { + fmt.Fprintf(os.Stderr, "Error creating user 'admin': %v\n", err) return } err = SignUser(PKI_dir, "admin") if err != nil { + fmt.Fprintf(os.Stderr, "Error signing user 'admin': %v\n", err) return } + fmt.Printf("All certificates and the CA are created and can be found in '%s'\n", PKI_dir) } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubic-control-0.2.1/pkg/kubeadm/initMaster.go new/kubic-control-0.4.0/pkg/kubeadm/initMaster.go --- old/kubic-control-0.2.1/pkg/kubeadm/initMaster.go 2019-04-18 14:39:41.596935314 +0200 +++ new/kubic-control-0.4.0/pkg/kubeadm/initMaster.go 2019-04-26 14:07:15.561798678 +0200 @@ -32,6 +32,7 @@ func InitMaster(in *pb.InitRequest, stream pb.Kubeadm_InitMasterServer) error { arg_socket := "--cri-socket=/run/crio/crio.sock" + arg_pod_network := in.PodNetworking arg_pod_network_cidr := "" arg_kubernetes_version := "" @@ -57,6 +58,16 @@ return nil } + // verify, that we got only a supported pod network + if len(arg_pod_network) < 1 { + arg_pod_network = "flannel" + } else if !strings.EqualFold(arg_pod_network, "flannel") && !strings.EqualFold(arg_pod_network, "cilium") { + if err := stream.Send(&pb.StatusReply{Success: false, Message: "Unsupported pod network, please use 'flannel' or 'cilium'"}); err != nil { + return err + } + return nil + } + success, message := ExecuteCmd("systemctl", "enable", "--now", "crio") if success != true { if err := stream.Send(&pb.StatusReply{Success: success, Message: message}); err != nil { @@ -73,7 +84,7 @@ return nil } - if (strings.EqualFold(in.PodNetworking, "flannel")) { + if strings.EqualFold(arg_pod_network, "flannel") { arg_pod_network_cidr = "--pod-network-cidr=10.244.0.0/16" } if len (in.KubernetesVersion) > 0 { @@ -90,8 +101,13 @@ if err := stream.Send(&pb.StatusReply{Success: true, Message: "Initialize Kubernetes control-plane"}); err != nil { return err } - success, message = ExecuteCmd("kubeadm", "init", arg_socket, - arg_pod_network_cidr, arg_kubernetes_version) + if len(arg_pod_network_cidr) > 0 { + success, message = ExecuteCmd("kubeadm", "init", arg_socket, + arg_pod_network_cidr, arg_kubernetes_version) + } else { + success, message = ExecuteCmd("kubeadm", "init", arg_socket, + arg_kubernetes_version) + } if success != true { ResetMaster() if err := stream.Send(&pb.StatusReply{Success: success, Message: message}); err != nil { @@ -100,17 +116,33 @@ return nil } - // Setting up flannel - if err := stream.Send(&pb.StatusReply{Success: true, Message: "Deploy flannel"}); err != nil { - return err - } - success, message = ExecuteCmd("kubectl", "--kubeconfig=/etc/kubernetes/admin.conf", "apply", "-f", "https://raw.githubusercontent.com/coreos/flannel/bc79dd1505b0c8681ece4de4c0d86c5cd2643275/Documentation/kube-flannel.yml") - if success != true { - ResetMaster() - if err := stream.Send(&pb.StatusReply{Success: success, Message: message}); err != nil { - return err + if strings.EqualFold(arg_pod_network, "flannel") { + // Setting up flannel + if err := stream.Send(&pb.StatusReply{Success: true, Message: "Deploy flannel"}); err != nil { + return err + } + success, message = ExecuteCmd("kubectl", "--kubeconfig=/etc/kubernetes/admin.conf", "apply", "-f", "https://raw.githubusercontent.com/coreos/flannel/bc79dd1505b0c8681ece4de4c0d86c5cd2643275/Documentation/kube-flannel.yml") + if success != true { + ResetMaster() + if err := stream.Send(&pb.StatusReply{Success: success, Message: message}); err != nil { + return err + } + return nil + } + } else if strings.EqualFold(arg_pod_network, "cilium") { + // Setting up cilium + if err := stream.Send(&pb.StatusReply{Success: true, Message: "Deploy cilium"}); err != nil { + return err + } + // success, message = ExecuteCmd("kubectl", "--kubeconfig=/etc/kubernetes/admin.conf", "apply", "-f", "https://raw.githubusercontent.com/kubic-project/k8s-manifests/cilium/cilium.yaml") + success, message = ExecuteCmd("kubectl", "--kubeconfig=/etc/kubernetes/admin.conf", "apply", "-f", "https://raw.githubusercontent.com/kubic-project/k8s-manifests/65cc2ac79b2ed2448b366f9d89c1bf43e35c827f/cilium.yaml") + if success != true { + ResetMaster() + if err := stream.Send(&pb.StatusReply{Success: success, Message: message}); err != nil { + return err + } + return nil } - return nil } // Setting up kured diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubic-control-0.2.1/pkg/kubeadm/removeNode.go new/kubic-control-0.4.0/pkg/kubeadm/removeNode.go --- old/kubic-control-0.2.1/pkg/kubeadm/removeNode.go 2019-04-18 14:39:41.596935314 +0200 +++ new/kubic-control-0.4.0/pkg/kubeadm/removeNode.go 2019-04-26 14:07:15.561798678 +0200 @@ -14,37 +14,71 @@ package kubeadm -func RemoveNode(nodeName string) (bool, string) { +import ( + pb "github.com/thkukuk/kubic-control/api" +) + +func RemoveNode(in *pb.RemoveNodeRequest, stream pb.Kubeadm_RemoveNodeServer) error { + // XXX in.NodeNames could be a list of Nodes ... // salt host names are not identical with kubernetes node name. - hostname, err := GetNodeName(nodeName) - if err != nil { - return false, err.Error() + hostname, herr := GetNodeName(in.NodeNames) + if herr != nil { + if err := stream.Send(&pb.StatusReply{Success: false, Message: herr.Error()}); err != nil { + return err + } + return nil + } + + if err := stream.Send(&pb.StatusReply{Success: true, Message: "Draining node " + hostname + "..."}); err != nil { + return err } success, message := ExecuteCmd("kubectl", "--kubeconfig=/etc/kubernetes/admin.conf", "drain", hostname, "--delete-local-data", "--force", "--ignore-daemonsets") if success != true { - return success, message + if err := stream.Send(&pb.StatusReply{Success: success, Message: message}); err != nil { + return err + } + return nil + } + + if err := stream.Send(&pb.StatusReply{Success: true, Message: "Removing node " + hostname + "from Kubernetes"}); err != nil { + return err } success, message = ExecuteCmd("kubectl", "--kubeconfig=/etc/kubernetes/admin.conf", "delete", "node", hostname) if success != true { - return success, message + if err := stream.Send(&pb.StatusReply{Success: success, Message: message}); err != nil { + return err + } + return nil } - success, message = ExecuteCmd("salt", nodeName, "cmd.run", "kubeadm reset --force") + if err := stream.Send(&pb.StatusReply{Success: true, Message: "Cleanup node " + hostname + "..."}); err != nil { + return err + } + success, message = ExecuteCmd("salt", in.NodeNames, "cmd.run", "kubeadm reset --force") if success != true { - return success, message + if err := stream.Send(&pb.StatusReply{Success: success, Message: message}); err != nil { + return err + } + return nil } // Try some system cleanup, ignore if fails - ExecuteCmd("salt", nodeName, "cmd.run", "sed -i -e 's|^REBOOT_METHOD=kured|REBOOT_METHOD=auto|g' /etc/transactional-update.conf") - ExecuteCmd("salt", nodeName, "grains.delkey", "kubicd") - ExecuteCmd("salt", nodeName, "cmd.run", "\"iptables -t nat -F && iptables -t mangle -F && iptables -X\"") - ExecuteCmd("salt", nodeName, "cmd.run", "\"ip link delete cni0; ip link delete flannel.1\"") - ExecuteCmd("salt", nodeName, "service.disable", "kubelet") - ExecuteCmd("salt", nodeName, "service.stop", "kubelet") - ExecuteCmd("salt", nodeName, "service.disable", "crio") - ExecuteCmd("salt", nodeName, "service.stop", "crio") - return true, "" + ExecuteCmd("salt", in.NodeNames, "cmd.run", "sed -i -e 's|^REBOOT_METHOD=kured|REBOOT_METHOD=auto|g' /etc/transactional-update.conf") + ExecuteCmd("salt", in.NodeNames, "grains.delkey", "kubicd") + success, message = ExecuteCmd("salt", in.NodeNames, "cmd.run", "\"iptables -t nat -F && iptables -t mangle -F && iptables -X\"") + if err := stream.Send(&pb.StatusReply{Success: true, Message: "Warning: removal of iptables failed: "+message}); err != nil { + return err + } + success, message = ExecuteCmd("salt", in.NodeNames, "cmd.run", "\"ip link delete cni0; ip link delete flannel.1\"") + if err := stream.Send(&pb.StatusReply{Success: true, Message: "Warning: removal of network interfaces failed: "+message}); err != nil { + return err + } + ExecuteCmd("salt", in.NodeNames, "service.disable", "kubelet") + ExecuteCmd("salt", in.NodeNames, "service.stop", "kubelet") + ExecuteCmd("salt", in.NodeNames, "service.disable", "crio") + ExecuteCmd("salt", in.NodeNames, "service.stop", "crio") + return nil } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubic-control-0.2.1/pkg/kubeadm/upgradeKubernetes.go new/kubic-control-0.4.0/pkg/kubeadm/upgradeKubernetes.go --- old/kubic-control-0.2.1/pkg/kubeadm/upgradeKubernetes.go 2019-04-18 14:39:41.596935314 +0200 +++ new/kubic-control-0.4.0/pkg/kubeadm/upgradeKubernetes.go 2019-04-26 14:07:15.561798678 +0200 @@ -34,7 +34,7 @@ // Check if kuberadm and kubelet is new enough on all nodes // salt '*' --out=yaml pkg.version kubernetes-kubeadm kubernetes-kubelet - if err := stream.Send(&pb.StatusReply{Success: success, Message: "Validate whether the cluster is upgradeable..."}); err != nil { + if err := stream.Send(&pb.StatusReply{Success: true, Message: "Validate whether the cluster is upgradeable..."}); err != nil { return err } success, message = ExecuteCmd("kubeadm", "upgrade", "plan", kubernetes_version) @@ -45,7 +45,7 @@ return nil } - if err := stream.Send(&pb.StatusReply{Success: success, Message: "Upgrade the control plane..."}); err != nil { + if err := stream.Send(&pb.StatusReply{Success: true, Message: "Upgrade the control plane..."}); err != nil { return err } success, message = ExecuteCmd("kubeadm", "upgrade", "apply", "v"+kubernetes_version, "--yes") @@ -69,7 +69,7 @@ var failedNodes = "" for i := range nodelist { - if err := stream.Send(&pb.StatusReply{Success: success, Message: "Upgrade "+nodelist[i]+"..."}); err != nil { + if err := stream.Send(&pb.StatusReply{Success: true, Message: "Upgrade "+nodelist[i]+"..."}); err != nil { return err } hostname, err := GetNodeName(nodelist[i]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubic-control-0.2.1/pkg/kubicctl/initMaster.go new/kubic-control-0.4.0/pkg/kubicctl/initMaster.go --- old/kubic-control-0.2.1/pkg/kubicctl/initMaster.go 2019-04-18 14:39:41.596935314 +0200 +++ new/kubic-control-0.4.0/pkg/kubicctl/initMaster.go 2019-04-26 14:07:15.561798678 +0200 @@ -38,7 +38,7 @@ Args: cobra.ExactArgs(0), } - subCmd.PersistentFlags().StringVar(&podNetwork, "pod-network", podNetwork, "pod network should be used") + subCmd.PersistentFlags().StringVar(&podNetwork, "pod-network", podNetwork, "pod network, valid values are 'flannel' or 'cilium'") return subCmd } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubic-control-0.2.1/pkg/kubicctl/removeNode.go new/kubic-control-0.4.0/pkg/kubicctl/removeNode.go --- old/kubic-control-0.2.1/pkg/kubicctl/removeNode.go 2019-04-18 14:39:41.596935314 +0200 +++ new/kubic-control-0.4.0/pkg/kubicctl/removeNode.go 2019-04-26 14:07:15.561798678 +0200 @@ -18,8 +18,9 @@ "context" "time" "fmt" + "os" + "io" - log "github.com/sirupsen/logrus" "github.com/spf13/cobra" pb "github.com/thkukuk/kubic-control/api" ) @@ -46,7 +47,7 @@ } defer conn.Close() - c := pb.NewKubeadmClient(conn) + client := pb.NewKubeadmClient(conn) // var deadlineMin = flag.Int("deadline_min", 10, "Default deadline in minutes.") // clientDeadline := time.Now().Add(time.Duration(*deadlineMin) * time.Minute) @@ -54,14 +55,32 @@ ctx, cancel := context.WithTimeout(context.Background(), time.Minute) defer cancel() - r, err := c.RemoveNode(ctx, &pb.RemoveNodeRequest{NodeNames: nodes}) + stream, err := client.RemoveNode(ctx, &pb.RemoveNodeRequest{NodeNames: nodes}) if err != nil { - log.Errorf("could not initialize: %v", err) + fmt.Fprintf(os.Stderr, "could not initialize: %v", err) return } - if r.Success { - fmt.Printf("Node %s removed\n", nodes) - } else { - log.Errorf("Removing node %s failed: %s", nodes, r.Message) - } + + for { + r, err := stream.Recv() + if err == io.EOF { + break + } + if err != nil { + if r == nil { + fmt.Fprintf(os.Stderr, "Removing node %s failed: %v\n", nodes, err) + } else { + fmt.Fprintf(os.Stderr, "Removing node %s failed: %s\n%v\n", r.Message, err) + } + os.Exit(1) + } + if (r.Success != true) { + fmt.Fprintf(os.Stderr, "%s\n", r.Message) + os.Exit(1) + } else { + fmt.Printf("%s\n", r.Message) + } + } + + fmt.Printf("Node %s removed\n", nodes) } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubic-control-0.2.1/pkg/kubicctl/root.go new/kubic-control-0.4.0/pkg/kubicctl/root.go --- old/kubic-control-0.2.1/pkg/kubicctl/root.go 2019-04-18 14:39:41.596935314 +0200 +++ new/kubic-control-0.4.0/pkg/kubicctl/root.go 2019-04-26 14:07:15.561798678 +0200 @@ -26,6 +26,7 @@ "github.com/spf13/cobra" homedir "github.com/mitchellh/go-homedir" "github.com/thkukuk/kubic-control/pkg/certificates" + "github.com/thkukuk/kubic-control/pkg/rbac" ) const ( @@ -86,6 +87,7 @@ UpgradeKubernetesCmd(), FetchKubeconfigCmd(), certificates.CertificatesCmd(), + rbac.RBACCmd(), ) var err error diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubic-control-0.2.1/pkg/rbac/addAccount.go new/kubic-control-0.4.0/pkg/rbac/addAccount.go --- old/kubic-control-0.2.1/pkg/rbac/addAccount.go 1970-01-01 01:00:00.000000000 +0100 +++ new/kubic-control-0.4.0/pkg/rbac/addAccount.go 2019-04-26 14:07:15.561798678 +0200 @@ -0,0 +1,77 @@ +// Copyright 2019 Thorsten Kukuk +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package rbac + +import ( + "os" + "fmt" + "strings" + + "github.com/spf13/cobra" + "gopkg.in/ini.v1" +) + +func AddAccountCmd() *cobra.Command { + var subCmd = &cobra.Command { + Use: "add <role> <user>", + Short: "Add user account to a role", + Run: addAccount, + Args: cobra.ExactArgs(2), + } + + return subCmd +} + +func addAccount (cmd *cobra.Command, args []string) { + role := args[0] + user := args[1] + entry := "" + + cfg, err := ini.LooseLoad("/usr/share/defaults/kubicd/rbac.conf", "/etc/kubicd/rbac.conf") + if err != nil { + fmt.Fprintf(os.Stderr, "Cannot load rbac.conf: %v\n", err) + os.Exit(1) + } + + if !cfg.Section("").HasKey(role) { + fmt.Printf("Adding new role: '%s'\n", role) + } else { + entry = cfg.Section("").Key(role).String() + } + userList := strings.Split(entry, ",") + for i := range userList { + if user == strings.TrimSpace(userList[i]) { + fmt.Printf("User already part of '%s'\n", role) + return + } + } + if len(entry) > 0 { + entry = entry + "," + user + } else { + entry = user + } + wcfg, werr := ini.LooseLoad("/etc/kubicd/rbac.conf") + if werr != nil { + fmt.Fprintf(os.Stderr, "Cannot open /etc/kubicd/rbac.conf: %v\n", + werr) + os.Exit(1) + } + wcfg.Section("").Key(role).SetValue(entry) + werr = wcfg.SaveTo("/etc/kubicd/rbac.conf") + if werr != nil { + fmt.Fprintf(os.Stderr, "Writing rbac.conf failed: %v\n", werr) + os.Exit (1) + } +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubic-control-0.2.1/pkg/rbac/listRoles.go new/kubic-control-0.4.0/pkg/rbac/listRoles.go --- old/kubic-control-0.2.1/pkg/rbac/listRoles.go 1970-01-01 01:00:00.000000000 +0100 +++ new/kubic-control-0.4.0/pkg/rbac/listRoles.go 2019-04-26 14:07:15.561798678 +0200 @@ -0,0 +1,48 @@ +// Copyright 2019 Thorsten Kukuk +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package rbac + +import ( + "os" + "fmt" + + "github.com/spf13/cobra" + "gopkg.in/ini.v1" +) + +func ListRolesCmd() *cobra.Command { + var subCmd = &cobra.Command { + Use: "list", + Short: "List roles and accounts", + Run: listRoles, + Args: cobra.ExactArgs(0), + } + + return subCmd +} + +func listRoles (cmd *cobra.Command, args []string) { + cfg, err := ini.LooseLoad("/usr/share/defaults/kubicd/rbac.conf", "/etc/kubicd/rbac.conf") + if err != nil { + fmt.Fprintf(os.Stderr, "Cannot load rbac.conf: %v\n", err) + os.Exit(1) + } + + roleList := cfg.Section("").KeyStrings() + for i := range roleList { + entry := cfg.Section("").Key(roleList[i]).String() + fmt.Printf("%s: %s\n", roleList[i], entry) + } +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubic-control-0.2.1/pkg/rbac/rbac.go new/kubic-control-0.4.0/pkg/rbac/rbac.go --- old/kubic-control-0.2.1/pkg/rbac/rbac.go 1970-01-01 01:00:00.000000000 +0100 +++ new/kubic-control-0.4.0/pkg/rbac/rbac.go 2019-04-26 14:07:15.561798678 +0200 @@ -0,0 +1,34 @@ +// Copyright 2019 Thorsten Kukuk +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package rbac + +import ( + "github.com/spf13/cobra" +) + +func RBACCmd() *cobra.Command { + var subCmd = &cobra.Command { + Use: "rbac", + Short: "Manage RBAC rules", + } + + subCmd.AddCommand( + AddAccountCmd(), +// RemoveAccountCmd(), + ListRolesCmd(), + ) + + return subCmd +}