From: Todd Malsbary Date: Wed, 9 Mar 2022 21:47:20 +0000 (-0800) Subject: Extract common code from site scripts X-Git-Url: https://gerrit.akraino.org/r/gitweb?a=commitdiff_plain;h=24b64469cd68fe9ae5162b99eb7fb260bcc4e147;p=icn.git Extract common code from site scripts Signed-off-by: Todd Malsbary Change-Id: Ifcd73a78d303342e3796a493830512204e1251de --- diff --git a/deploy/site/common.sh b/deploy/site/common.sh index ade4924..ffd8103 100644 --- a/deploy/site/common.sh +++ b/deploy/site/common.sh @@ -9,25 +9,6 @@ function _gpg_key_fp { gpg --with-colons --list-secret-keys $1 | awk -F: '/fpr/ {print $10;exit}' } -function create_gpg_key { - local -r key_name=$1 - - # Create an rsa4096 key that does not expire - gpg --batch --full-generate-key <${BUILDDIR}/${name}-admin.conf + chmod 600 ${BUILDDIR}/${name}-admin.conf + done + wait_for _is_control_plane_ready +} + +function site_insert_control_plane_network_identity_into_ssh_config { + # This enables logging into the control plane machines from this + # machine without specifying the identify file on the command line + + if [[ ! $(which ipcalc) ]]; then + apt-get install -y ipcalc + fi + + # Create ssh config if it doesn't exist + mkdir -p ${HOME}/.ssh && chmod 700 ${HOME}/.ssh + touch ${HOME}/.ssh/config + chmod 600 ${HOME}/.ssh/config + # Add the entry for the control plane network, host value in ssh + # config is a wildcard + for yaml in ${SCRIPTDIR}/deployment/*.yaml; do + name=$(awk '/name:/ {NAME=$2} /chart: deploy\/cluster/ {print NAME; exit}' ${yaml}) + if [[ ! -z ${name} ]]; then + endpoint=$(helm -n ${SITE_NAMESPACE} get values -a ${name} | awk '/controlPlaneEndpoint:/ {print $2}') + prefix=$(helm -n ${SITE_NAMESPACE} get values -a ${name} | awk '/controlPlanePrefix:/ {print $2}') + host=$(ipcalc ${endpoint}/${prefix} | awk '/Network:/ {sub(/\.0.*/,".*"); print $2}') + if [[ $(grep -c "Host ${host}" ${HOME}/.ssh/config) != 0 ]]; then + sed -i -e '/Host '"${host}"'/,+3 d' ${HOME}/.ssh/config + fi + cat <>${HOME}/.ssh/config +Host ${host} + IdentityFile ${SCRIPTDIR}/id_rsa + StrictHostKeyChecking no + UserKnownHostsFile /dev/null +EOF + fi + done + # Add the identity to authorized keys on this host to enable ssh + # logins via its control plane address + authorized_key=$(cat ${SCRIPTDIR}/id_rsa.pub) + sed -i -e '\!'"${authorized_key}"'!d' ${HOME}/.ssh/authorized_keys + cat ${SCRIPTDIR}/id_rsa.pub >> ~/.ssh/authorized_keys +} + +function _is_cluster_deleted { + for yaml in ${SCRIPTDIR}/deployment/*.yaml; do + name=$(awk '/clusterName:/ {print $2}' ${yaml}) + ! kubectl -n ${SITE_NAMESPACE} get cluster ${name} + done +} + +function site_wait_for_all_deleted { + WAIT_FOR_INTERVAL=60s + WAIT_FOR_TRIES=30 + wait_for _is_cluster_deleted +} diff --git a/deploy/site/pod11/pod11.sh b/deploy/site/pod11/pod11.sh index 856e249..fe49d42 100755 --- a/deploy/site/pod11/pod11.sh +++ b/deploy/site/pod11/pod11.sh @@ -14,51 +14,13 @@ SITE_REPO=${SITE_REPO:-"https://gerrit.akraino.org/r/icn"} SITE_BRANCH=${SITE_BRANCH:-"master"} SITE_PATH=${SITE_PATH:-"deploy/site/pod11/deployment"} -function deploy { - # TODO Replace ICN test key with real key - flux_create_site ${SITE_REPO} ${SITE_BRANCH} ${SITE_PATH} ${FLUX_SOPS_KEY_NAME} -} - -function clean { - kubectl -n flux-system delete kustomization $(flux_site_kustomization_name ${SITE_REPO} ${SITE_BRANCH} ${SITE_PATH}) -} - -function is_cluster_ready { - [[ $(kubectl -n ${SITE_NAMESPACE} get cluster icn -o jsonpath='{.status.conditions[?(@.type=="Ready")].status}') == "True" ]] -} - -function is_control_plane_ready { - # Checking the Cluster resource status is not sufficient, it - # reports the control plane as ready before the nodes forming the - # control plane are ready - local -r replicas=$(kubectl -n ${SITE_NAMESPACE} get kubeadmcontrolplane icn -o jsonpath='{.spec.replicas}') - [[ $(kubectl --kubeconfig=${BUILDDIR}/icn-admin.conf get nodes -l node-role.kubernetes.io/control-plane -o jsonpath='{range .items[*]}{.status.conditions[?(@.type=="Ready")].status}{"\n"}{end}' | grep -c True) == ${replicas} ]] -} - -function wait_for_all_ready { - WAIT_FOR_INTERVAL=60s - WAIT_FOR_TRIES=30 - wait_for is_cluster_ready - clusterctl -n ${SITE_NAMESPACE} get kubeconfig icn >${BUILDDIR}/icn-admin.conf - chmod 600 ${BUILDDIR}/icn-admin.conf - wait_for is_control_plane_ready -} - -function is_cluster_deleted { - ! kubectl -n ${SITE_NAMESPACE} get cluster icn -} - -function wait_for_all_deleted { - WAIT_FOR_INTERVAL=60s - WAIT_FOR_TRIES=30 - wait_for is_cluster_deleted -} - case $1 in - "clean") clean ;; - "deploy") deploy ;; - "wait") wait_for_all_ready ;; - "wait-clean") wait_for_all_deleted ;; + "clean") site_clean ;; + "deploy") + # TODO Replace ICN test key, $FLUX_SOPS_PRIVATE_KEY, with real key + site_deploy ;; + "wait") site_wait_for_all_ready ;; + "wait-clean") site_wait_for_all_deleted ;; *) cat <>${HOME}/.ssh/config -Host ${host} - IdentityFile ${SCRIPTDIR}/id_rsa - StrictHostKeyChecking no - UserKnownHostsFile /dev/null -EOF - done - # Add the identity to authorized keys on this host to enable ssh - # logins via its control plane address - authorized_key=$(cat ${SCRIPTDIR}/id_rsa.pub) - sed -i -e '\!'"${authorized_key}"'!d' ${HOME}/.ssh/authorized_keys - cat ${SCRIPTDIR}/id_rsa.pub >> ~/.ssh/authorized_keys -} - -function wait_for_all_ready { - WAIT_FOR_INTERVAL=60s - WAIT_FOR_TRIES=30 - wait_for is_cluster_ready - for yaml in ${SCRIPTDIR}/deployment/cluster-*.yaml; do - name=$(awk '/clusterName:/ {print $2}' ${yaml}) - clusterctl -n ${SITE_NAMESPACE} get kubeconfig ${name} >${BUILDDIR}/${name}-admin.conf - chmod 600 ${BUILDDIR}/${name}-admin.conf - done - wait_for is_control_plane_ready - insert_control_plane_network_identity_into_ssh_config -} - -function is_cluster_deleted { - for yaml in ${SCRIPTDIR}/deployment/cluster-*.yaml; do - name=$(awk '/clusterName:/ {print $2}' ${yaml}) - ! kubectl -n ${SITE_NAMESPACE} get cluster ${name} - done -} - -function wait_for_all_deleted { - WAIT_FOR_INTERVAL=60s - WAIT_FOR_TRIES=30 - wait_for is_cluster_deleted -} - case $1 in - "clean") clean ;; - "deploy") deploy ;; - "wait") wait_for_all_ready ;; - "wait-clean") wait_for_all_deleted ;; + "clean") site_clean ;; + "deploy") + gpg --import ${FLUX_SOPS_PRIVATE_KEY} + site_deploy + ;; + "wait") + site_wait_for_all_ready + site_insert_control_plane_network_identity_into_ssh_config + ;; + "wait-clean") site_wait_for_all_deleted ;; *) cat <>${HOME}/.ssh/config -Host ${host} - IdentityFile ${SCRIPTDIR}/id_rsa - StrictHostKeyChecking no - UserKnownHostsFile /dev/null -EOF - # Add the identity to authorized keys on this host to enable ssh - # logins via its control plane address - authorized_key=$(cat ${SCRIPTDIR}/id_rsa.pub) - sed -i -e '\!'"${authorized_key}"'!d' ${HOME}/.ssh/authorized_keys - cat ${SCRIPTDIR}/id_rsa.pub >> ~/.ssh/authorized_keys -} - -function wait_for_all_ready { - WAIT_FOR_INTERVAL=60s - WAIT_FOR_TRIES=30 - wait_for is_cluster_ready - clusterctl -n ${SITE_NAMESPACE} get kubeconfig icn >${BUILDDIR}/icn-admin.conf - chmod 600 ${BUILDDIR}/icn-admin.conf - wait_for is_control_plane_ready - insert_control_plane_network_identity_into_ssh_config -} - -function is_cluster_deleted { - ! kubectl -n ${SITE_NAMESPACE} get cluster icn -} - -function wait_for_all_deleted { - WAIT_FOR_INTERVAL=60s - WAIT_FOR_TRIES=30 - wait_for is_cluster_deleted -} - case $1 in - "clean") clean ;; - "deploy") deploy ;; - "wait") wait_for_all_ready ;; - "wait-clean") wait_for_all_deleted ;; + "clean") site_clean ;; + "deploy") + gpg --import ${FLUX_SOPS_PRIVATE_KEY} + site_deploy ;; + "wait") + site_wait_for_all_ready + site_insert_control_plane_network_identity_into_ssh_config + ;; + "wait-clean") site_wait_for_all_deleted ;; *) cat <