Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

disable post-start functions that are done in snc #4560

Open
wants to merge 7 commits into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
71 changes: 3 additions & 68 deletions pkg/crc/cluster/cluster.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@ package cluster
import (
"context"
"crypto/x509"
"encoding/base64"
"encoding/json"
"fmt"
"math"
Expand All @@ -22,7 +21,6 @@ import (
crctls "github.com/crc-org/crc/v2/pkg/crc/tls"
"github.com/crc-org/crc/v2/pkg/crc/validation"
crcstrings "github.com/crc-org/crc/v2/pkg/strings"
"github.com/pborman/uuid"
)

// #nosec G101
Expand Down Expand Up @@ -180,40 +178,6 @@ func EnsureSSHKeyPresentInTheCluster(ctx context.Context, ocConfig oc.Config, ss
return nil
}

func EnsurePullSecretPresentInTheCluster(ctx context.Context, ocConfig oc.Config, pullSec PullSecretLoader) error {
if err := WaitForOpenshiftResource(ctx, ocConfig, "secret"); err != nil {
return err
}

stdout, stderr, err := ocConfig.RunOcCommandPrivate("get", "secret", "pull-secret", "-n", "openshift-config", "-o", `jsonpath="{['data']['\.dockerconfigjson']}"`)
if err != nil {
return fmt.Errorf("Failed to get pull secret %v: %s", err, stderr)
}
decoded, err := base64.StdEncoding.DecodeString(stdout)
if err != nil {
return err
}
if err := validation.ImagePullSecret(string(decoded)); err == nil {
return nil
}

logging.Info("Adding user's pull secret to the cluster...")
content, err := pullSec.Value()
if err != nil {
return err
}
base64OfPullSec := base64.StdEncoding.EncodeToString([]byte(content))
cmdArgs := []string{"patch", "secret", "pull-secret", "-p",
fmt.Sprintf(`'{"data":{".dockerconfigjson":"%s"}}'`, base64OfPullSec),
"-n", "openshift-config", "--type", "merge"}

_, stderr, err = ocConfig.RunOcCommandPrivate(cmdArgs...)
if err != nil {
return fmt.Errorf("Failed to add Pull secret %v: %s", err, stderr)
}
return nil
}

func EnsureGeneratedClientCAPresentInTheCluster(ctx context.Context, ocConfig oc.Config, sshRunner *ssh.Runner, selfSignedCACert *x509.Certificate, adminCert string) error {
selfSignedCAPem := crctls.CertToPem(selfSignedCACert)
if err := WaitForOpenshiftResource(ctx, ocConfig, "configmaps"); err != nil {
Expand All @@ -233,13 +197,10 @@ func EnsureGeneratedClientCAPresentInTheCluster(ctx context.Context, ocConfig oc
}

logging.Info("Updating root CA cert to admin-kubeconfig-client-ca configmap...")
jsonPath := fmt.Sprintf(`'{"data": {"ca-bundle.crt": %q}}'`, selfSignedCAPem)
cmdArgs := []string{"patch", "configmap", "admin-kubeconfig-client-ca",
"-n", "openshift-config", "--patch", jsonPath}
_, stderr, err = ocConfig.RunOcCommand(cmdArgs...)
if err != nil {
return fmt.Errorf("Failed to patch admin-kubeconfig-client-ca config map with new CA` %v: %s", err, stderr)
if err := sshRunner.CopyData(selfSignedCAPem, "/opt/crc/custom-ca.crt", 0644); err != nil {
return fmt.Errorf("Failed to copy generated CA file to VM: %v", err)
}

if err := sshRunner.CopyFile(constants.KubeconfigFilePath, ocConfig.KubeconfigPath, 0644); err != nil {
return fmt.Errorf("Failed to copy generated kubeconfig file to VM: %v", err)
}
Expand Down Expand Up @@ -320,32 +281,6 @@ func RemoveOldRenderedMachineConfig(ocConfig oc.Config) error {
return nil
}

func EnsureClusterIDIsNotEmpty(ctx context.Context, ocConfig oc.Config) error {
if err := WaitForOpenshiftResource(ctx, ocConfig, "clusterversion"); err != nil {
return err
}

stdout, stderr, err := ocConfig.RunOcCommand("get", "clusterversion", "version", "-o", `jsonpath="{['spec']['clusterID']}"`)
if err != nil {
return fmt.Errorf("Failed to get clusterversion %v: %s", err, stderr)
}
if strings.TrimSpace(stdout) != "" {
return nil
}

logging.Info("Updating cluster ID...")
clusterID := uuid.New()
cmdArgs := []string{"patch", "clusterversion", "version", "-p",
fmt.Sprintf(`'{"spec":{"clusterID":"%s"}}'`, clusterID), "--type", "merge"}

_, stderr, err = ocConfig.RunOcCommand(cmdArgs...)
if err != nil {
return fmt.Errorf("Failed to update cluster ID %v: %s", err, stderr)
}

return nil
}

func AddProxyConfigToCluster(ctx context.Context, sshRunner *ssh.Runner, ocConfig oc.Config, proxy *httpproxy.ProxyConfig) error {
type trustedCA struct {
Name string `json:"name"`
Expand Down
33 changes: 4 additions & 29 deletions pkg/crc/cluster/kubeadmin_password.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@

"github.com/crc-org/crc/v2/pkg/crc/constants"
"github.com/crc-org/crc/v2/pkg/crc/logging"
"github.com/crc-org/crc/v2/pkg/crc/oc"
"github.com/crc-org/crc/v2/pkg/crc/ssh"
"golang.org/x/crypto/bcrypt"
)

Expand All @@ -29,7 +29,7 @@
}

// UpdateKubeAdminUserPassword updates the htpasswd secret
func UpdateKubeAdminUserPassword(ctx context.Context, ocConfig oc.Config, newPassword string) error {
func UpdateKubeAdminUserPassword(ctx context.Context, sshRunner *ssh.Runner, newPassword string) error {

Check failure on line 32 in pkg/crc/cluster/kubeadmin_password.go

View workflow job for this annotation

GitHub Actions / build (windows-2022, 1.22)

unused-parameter: parameter 'ctx' seems to be unused, consider removing or renaming it as _ (revive)

Check failure on line 32 in pkg/crc/cluster/kubeadmin_password.go

View workflow job for this annotation

GitHub Actions / build (macOS-13, 1.22)

unused-parameter: parameter 'ctx' seems to be unused, consider removing or renaming it as _ (revive)

Check failure on line 32 in pkg/crc/cluster/kubeadmin_password.go

View workflow job for this annotation

GitHub Actions / build (macOS-14, 1.22)

unused-parameter: parameter 'ctx' seems to be unused, consider removing or renaming it as _ (revive)

Check failure on line 32 in pkg/crc/cluster/kubeadmin_password.go

View workflow job for this annotation

GitHub Actions / build (ubuntu-latest, 1.22)

unused-parameter: parameter 'ctx' seems to be unused, consider removing or renaming it as _ (revive)

Check failure on line 32 in pkg/crc/cluster/kubeadmin_password.go

View workflow job for this annotation

GitHub Actions / build (ubuntu-20.04, 1.22)

unused-parameter: parameter 'ctx' seems to be unused, consider removing or renaming it as _ (revive)
if newPassword != "" {
logging.Infof("Overriding password for kubeadmin user")
if err := os.WriteFile(constants.GetKubeAdminPasswordPath(), []byte(strings.TrimSpace(newPassword)), 0600); err != nil {
Expand All @@ -41,39 +41,14 @@
if err != nil {
return fmt.Errorf("Cannot read the kubeadmin user password from file: %w", err)
}
credentials := map[string]string{
"developer": "developer",
"kubeadmin": kubeAdminPassword,
}

if err := WaitForOpenshiftResource(ctx, ocConfig, "secret"); err != nil {
if err := sshRunner.CopyDataPrivileged([]byte(kubeAdminPassword), "/opt/crc/pass_kubeadmin", 0600); err != nil {
return err
}

given, stderr, err := ocConfig.RunOcCommandPrivate("get", "secret", "htpass-secret", "-n", "openshift-config", "-o", `jsonpath="{.data.htpasswd}"`)
if err != nil {
return fmt.Errorf("%s:%v", stderr, err)
}
ok, externals, err := compareHtpasswd(given, credentials)
if err != nil {
if err := sshRunner.CopyDataPrivileged([]byte("developer"), "/opt/crc/pass_developer", 0600); err != nil {
return err
}
if ok {
return nil
}

logging.Infof("Changing the password for the kubeadmin user")
expected, err := getHtpasswd(credentials, externals)
if err != nil {
return err
}
cmdArgs := []string{"patch", "secret", "htpass-secret", "-p",
fmt.Sprintf(`'{"data":{"htpasswd":"%s"}}'`, expected),
"-n", "openshift-config", "--type", "merge"}
_, stderr, err = ocConfig.RunOcCommandPrivate(cmdArgs...)
if err != nil {
return fmt.Errorf("Failed to update kubeadmin password %v: %s", err, stderr)
}
return nil
}

Expand Down
76 changes: 17 additions & 59 deletions pkg/crc/machine/start.go
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,6 @@
libmachinestate "github.com/crc-org/machine/libmachine/state"
"github.com/docker/go-units"
"github.com/pkg/errors"
"golang.org/x/crypto/ssh"
)

const minimumMemoryForMonitoring = 14336
Expand Down Expand Up @@ -109,45 +108,30 @@
return nil
}

func growRootFileSystem(sshRunner *crcssh.Runner, preset crcPreset.Preset, persistentVolumeSize int) error {

Check failure on line 111 in pkg/crc/machine/start.go

View workflow job for this annotation

GitHub Actions / build (windows-2022, 1.22)

func `growRootFileSystem` is unused (unused)

Check failure on line 111 in pkg/crc/machine/start.go

View workflow job for this annotation

GitHub Actions / build (macOS-13, 1.22)

func `growRootFileSystem` is unused (unused)

Check failure on line 111 in pkg/crc/machine/start.go

View workflow job for this annotation

GitHub Actions / build (macOS-14, 1.22)

func `growRootFileSystem` is unused (unused)

Check failure on line 111 in pkg/crc/machine/start.go

View workflow job for this annotation

GitHub Actions / build (ubuntu-latest, 1.22)

func `growRootFileSystem` is unused (unused)

Check failure on line 111 in pkg/crc/machine/start.go

View workflow job for this annotation

GitHub Actions / build (ubuntu-20.04, 1.22)

func `growRootFileSystem` is unused (unused)
rootPart, err := getrootPartition(sshRunner, preset)
if err != nil {
return err
}

// with '/dev/[sv]da4' as input, run 'growpart /dev/[sv]da 4'
if _, _, err := sshRunner.RunPrivileged(fmt.Sprintf("Growing %s partition", rootPart), "/usr/bin/growpart", rootPart[:len("/dev/.da")], rootPart[len("/dev/.da"):]); err != nil {
var exitErr *ssh.ExitError
if !errors.As(err, &exitErr) {
if preset == crcPreset.Microshift {
lvFullName := "rhel/root"
if err := growLVForMicroshift(sshRunner, lvFullName, rootPart, persistentVolumeSize); err != nil {
return err
}
if exitErr.ExitStatus() != 1 {
logging.Infof("Resizing %s filesystem", rootPart)
rootFS := "/sysroot"
if _, _, err := sshRunner.RunPrivileged(fmt.Sprintf("Remounting %s read/write", rootFS), "mount -o remount,rw", rootFS); err != nil {
return err
}
logging.Debugf("No free space after %s, nothing to do", rootPart)
return nil
}

if preset == crcPreset.Microshift {
lvFullName := "rhel/root"
if err := growLVForMicroshift(sshRunner, lvFullName, rootPart, persistentVolumeSize); err != nil {
if _, _, err = sshRunner.RunPrivileged(fmt.Sprintf("Growing %s filesystem", rootFS), "xfs_growfs", rootFS); err != nil {
return err
}
}

logging.Infof("Resizing %s filesystem", rootPart)
rootFS := "/sysroot"
if _, _, err := sshRunner.RunPrivileged(fmt.Sprintf("Remounting %s read/write", rootFS), "mount -o remount,rw", rootFS); err != nil {
return err
}
if _, _, err = sshRunner.RunPrivileged(fmt.Sprintf("Growing %s filesystem", rootFS), "xfs_growfs", rootFS); err != nil {
return err
}

return nil
}

func getrootPartition(sshRunner *crcssh.Runner, preset crcPreset.Preset) (string, error) {

Check failure on line 134 in pkg/crc/machine/start.go

View workflow job for this annotation

GitHub Actions / build (windows-2022, 1.22)

func `getrootPartition` is unused (unused)

Check failure on line 134 in pkg/crc/machine/start.go

View workflow job for this annotation

GitHub Actions / build (macOS-13, 1.22)

func `getrootPartition` is unused (unused)

Check failure on line 134 in pkg/crc/machine/start.go

View workflow job for this annotation

GitHub Actions / build (macOS-14, 1.22)

func `getrootPartition` is unused (unused)

Check failure on line 134 in pkg/crc/machine/start.go

View workflow job for this annotation

GitHub Actions / build (ubuntu-latest, 1.22)

func `getrootPartition` is unused (unused)

Check failure on line 134 in pkg/crc/machine/start.go

View workflow job for this annotation

GitHub Actions / build (ubuntu-20.04, 1.22)

func `getrootPartition` is unused (unused)
diskType := "xfs"
if preset == crcPreset.Microshift {
diskType = "LVM2_member"
Expand All @@ -167,7 +151,7 @@
return rootPart, nil
}

func growLVForMicroshift(sshRunner *crcssh.Runner, lvFullName string, rootPart string, persistentVolumeSize int) error {

Check failure on line 154 in pkg/crc/machine/start.go

View workflow job for this annotation

GitHub Actions / build (windows-2022, 1.22)

func `growLVForMicroshift` is unused (unused)

Check failure on line 154 in pkg/crc/machine/start.go

View workflow job for this annotation

GitHub Actions / build (macOS-13, 1.22)

func `growLVForMicroshift` is unused (unused)

Check failure on line 154 in pkg/crc/machine/start.go

View workflow job for this annotation

GitHub Actions / build (macOS-14, 1.22)

func `growLVForMicroshift` is unused (unused)

Check failure on line 154 in pkg/crc/machine/start.go

View workflow job for this annotation

GitHub Actions / build (ubuntu-latest, 1.22)

func `growLVForMicroshift` is unused (unused)

Check failure on line 154 in pkg/crc/machine/start.go

View workflow job for this annotation

GitHub Actions / build (ubuntu-20.04, 1.22)

func `growLVForMicroshift` is unused (unused)
if _, _, err := sshRunner.RunPrivileged("Resizing the physical volume(PV)", "/usr/sbin/pvresize", "--devices", rootPart, rootPart); err != nil {
return err
}
Expand Down Expand Up @@ -427,11 +411,6 @@
return nil, errors.Wrap(err, "Error updating public key")
}

// Trigger disk resize, this will be a no-op if no disk size change is needed
if err := growRootFileSystem(sshRunner, startConfig.Preset, startConfig.PersistentVolumeSize); err != nil {
return nil, errors.Wrap(err, "Error updating filesystem size")
}

// Start network time synchronization if `CRC_DEBUG_ENABLE_STOP_NTP` is not set
if stopNtp, _ := strconv.ParseBool(os.Getenv("CRC_DEBUG_ENABLE_STOP_NTP")); stopNtp {
logging.Info("Stopping network time synchronization in CRC VM")
Expand Down Expand Up @@ -519,11 +498,6 @@
return nil, err
}

if client.useVSock() {
if err := ensureRoutesControllerIsRunning(sshRunner, ocConfig); err != nil {
return nil, err
}
}
logging.Info("Adding microshift context to kubeconfig...")
if err := mergeKubeConfigFile(constants.KubeconfigFilePath); err != nil {
return nil, err
Expand All @@ -542,6 +516,15 @@
return nil, errors.Wrap(err, "Failed to check certificate validity")
}

// copy the pull secret into /opt/crc/pull-secret in the instance
pullSecret, err := startConfig.PullSecret.Value()
if err != nil {
return nil, err
}
if err := sshRunner.CopyDataPrivileged([]byte(pullSecret), "/opt/crc/pull-secret", 0600); err != nil {
return nil, errors.Wrap(err, "Unable to send pull-secret to instance")
}

logging.Info("Starting kubelet service")
sd := systemd.NewInstanceSystemdCommander(sshRunner)
if err := sd.Start("kubelet"); err != nil {
Expand All @@ -567,10 +550,6 @@
return nil, err
}

if err := cluster.EnsurePullSecretPresentInTheCluster(ctx, ocConfig, startConfig.PullSecret); err != nil {
return nil, errors.Wrap(err, "Failed to update cluster pull secret")
}

if err := cluster.EnsureSSHKeyPresentInTheCluster(ctx, ocConfig, constants.GetPublicKeyPath()); err != nil {
return nil, errors.Wrap(err, "Failed to update ssh public key to machine config")
}
Expand All @@ -579,20 +558,10 @@
return nil, errors.Wrap(err, "Failed to update pull secret on the disk")
}

if err := cluster.UpdateKubeAdminUserPassword(ctx, ocConfig, startConfig.KubeAdminPassword); err != nil {
if err := cluster.UpdateKubeAdminUserPassword(ctx, sshRunner, startConfig.KubeAdminPassword); err != nil {
return nil, errors.Wrap(err, "Failed to update kubeadmin user password")
}

if err := cluster.EnsureClusterIDIsNotEmpty(ctx, ocConfig); err != nil {
return nil, errors.Wrap(err, "Failed to update cluster ID")
}

if client.useVSock() {
if err := ensureRoutesControllerIsRunning(sshRunner, ocConfig); err != nil {
return nil, err
}
}

if client.monitoringEnabled() {
logging.Info("Enabling cluster monitoring operator...")
if err := cluster.StartMonitoring(ocConfig); err != nil {
Expand Down Expand Up @@ -829,17 +798,6 @@
}
}

func ensureRoutesControllerIsRunning(sshRunner *crcssh.Runner, ocConfig oc.Config) error {
// Check if the bundle have `/opt/crc/routes-controller.yaml` file and if it has
// then use it to create the resource for the routes controller.
_, _, err := sshRunner.Run("ls", "/opt/crc/routes-controller.yaml")
if err != nil {
return err
}
_, _, err = ocConfig.RunOcCommand("apply", "-f", "/opt/crc/routes-controller.yaml")
return err
}

func updateKubeconfig(ctx context.Context, ocConfig oc.Config, sshRunner *crcssh.Runner, kubeconfigFilePath string) error {
selfSignedCAKey, selfSignedCACert, err := crctls.GetSelfSignedCA()
if err != nil {
Expand Down
23 changes: 0 additions & 23 deletions pkg/crc/services/dns/dns.go
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,6 @@ import (
"github.com/crc-org/crc/v2/pkg/crc/network"
"github.com/crc-org/crc/v2/pkg/crc/network/httpproxy"
"github.com/crc-org/crc/v2/pkg/crc/services"
"github.com/crc-org/crc/v2/pkg/crc/systemd"
"github.com/crc-org/crc/v2/pkg/crc/systemd/states"
)

const (
Expand All @@ -28,10 +26,6 @@ func init() {
}

func RunPostStart(serviceConfig services.ServicePostStartConfig) error {
if err := setupDnsmasq(serviceConfig); err != nil {
return err
}

if err := runPostStartForOS(serviceConfig); err != nil {
return err
}
Expand All @@ -44,23 +38,6 @@ func RunPostStart(serviceConfig services.ServicePostStartConfig) error {
return network.UpdateResolvFileOnInstance(serviceConfig.SSHRunner, resolvFileValues)
}

func setupDnsmasq(serviceConfig services.ServicePostStartConfig) error {
if serviceConfig.NetworkMode == network.UserNetworkingMode {
return nil
}

if err := createDnsmasqDNSConfig(serviceConfig); err != nil {
return err
}
sd := systemd.NewInstanceSystemdCommander(serviceConfig.SSHRunner)
if state, err := sd.Status(dnsmasqService); err != nil || state != states.Running {
if err := sd.Enable(dnsmasqService); err != nil {
return err
}
}
return sd.Start(dnsmasqService)
}

func getResolvFileValues(serviceConfig services.ServicePostStartConfig) (network.ResolvFileValues, error) {
dnsServers, err := dnsServers(serviceConfig)
if err != nil {
Expand Down
Loading
Loading