Additional none driver changes

kubernetes · May 26, 2017 · f4a8ece · f4a8ece
1 parent 8861309
commit f4a8ece
Show file tree

Hide file tree

Showing 14 changed files with 140 additions and 177 deletions.
diff --git a/cmd/minikube/cmd/start.go b/cmd/minikube/cmd/start.go
@@ -21,7 +21,6 @@ import (
 	"io/ioutil"
 	"os"
 	"os/exec"
-	"path"
 	"path/filepath"
 	"strconv"
 	"strings"
@@ -150,7 +149,7 @@ func runStart(cmd *cobra.Command, args []string) {
 	}
 
 	fmt.Println("Moving files into cluster...")
-	if err := cluster.UpdateCluster(host, host.Driver, kubernetesConfig); err != nil {
+	if err := cluster.UpdateCluster(host.Driver, kubernetesConfig); err != nil {
 		glog.Errorln("Error updating cluster: ", err)
 		cmdUtil.MaybeReportErrorAndExit(err)
 	}
@@ -162,16 +161,10 @@ func runStart(cmd *cobra.Command, args []string) {
 	}
 
 	fmt.Println("Starting cluster components...")
-	if host.DriverName == "none" {
-		if err := cluster.StartClusterLocal(host, kubernetesConfig); err != nil {
-			glog.Errorln("Error starting cluster: ", err)
-			cmdUtil.MaybeReportErrorAndExit(err)
-		}
-	} else {
-		if err := cluster.StartClusterSSH(host, kubernetesConfig); err != nil {
-			glog.Errorln("Error starting cluster: ", err)
-			cmdUtil.MaybeReportErrorAndExit(err)
-		}
+
+	if err := cluster.StartCluster(api, kubernetesConfig); err != nil {
+		glog.Errorln("Error starting cluster: ", err)
+		cmdUtil.MaybeReportErrorAndExit(err)
 	}
 
 	fmt.Println("Connecting to cluster...")
@@ -189,9 +182,6 @@ func runStart(cmd *cobra.Command, args []string) {
 	var kubeConfigFile string
 	if kubeConfigEnv == "" {
 		kubeConfigFile = constants.KubeconfigPath
-		if config.VMDriver == "none" {
-			kubeConfigFile = path.Join(os.Getenv(constants.MinikubeHome), ".kube", "config")
-		}
 	} else {
 		kubeConfigFile = filepath.SplitList(kubeConfigEnv)[0]
 	}
@@ -246,15 +236,20 @@ func runStart(cmd *cobra.Command, args []string) {
 	}
 
 	if config.VMDriver == "none" {
-		username := os.Getenv("SUDO_USER")
-		fmt.Println("username: ", username)
-		command := fmt.Sprintf("/bin/chown -R %s %s; /bin/chown -R %s %s", username, constants.GetMinipath(),
-			username, path.Join(os.Getenv(constants.MinikubeHome), ".kube"))
-		_, err := exec.Command("bash", "-c", command).Output()
-		if err != nil {
-			glog.Errorln("Error modifying priveleges for none driver: ", err)
-			cmdUtil.MaybeReportErrorAndExit(err)
-		}
+		fmt.Println(`===================
+WARNING: IT IS RECOMMENDED NOT TO RUN THE NONE DRIVER ON PERSONAL WORKSTATIONS
+	The 'none' driver will run an insecure kubernetes apiserver as root that may leave the host vulnerable to CSRF attacks
+
+When using the none driver, the kubectl config and credentials generated will be root owned and will appear in the root home directory.
+You will need to move the files to the appropriate location and then set the correct permissions.  An example of this is below:
+	sudo mv /root/.kube $HOME/.kube # this will overwrite any config you have.  You may have to append the file contents manually
+	sudo chown -R $USER $HOME/.kube
+	sudo chgrp -R $USER $HOME/.kube
+	
+    sudo mv /root/.minikube $HOME/.minikube # this will overwrite any config you have.  You may have to append the file contents manually
+	sudo chown -R $USER $HOME/.minikube
+	sudo chgrp -R $USER $HOME/.minikube 
+This can also be done automatically by setting the env var CHANGE_MINIKUBE_NONE_USER=true`)
 	}
 }
 

diff --git a/hack/jenkins/common.sh b/hack/jenkins/common.sh
@@ -40,20 +40,22 @@ MINIKUBE_WANTREPORTERRORPROMPT=False sudo ./out/minikube-${OS_ARCH} delete \
 || MINIKUBE_WANTREPORTERRORPROMPT=False ./out/minikube-${OS_ARCH} delete \
 || true
 sudo rm -rf $HOME/.minikube || true
+sudo rm -rf $HOME/.kube || true
 
 # See the default image
 ./out/minikube-${OS_ARCH} start -h | grep iso
 
 # Allow this to fail, we'll switch on the return code below.
 set +e
-out/e2e-${OS_ARCH} -minikube-args="--vm-driver=${VM_DRIVER} --v=10" -test.v -test.timeout=30m -binary=out/minikube-${OS_ARCH}
+${SUDO_PREFIX}out/e2e-${OS_ARCH} -minikube-args="--vm-driver=${VM_DRIVER} --v=10" -test.v -test.timeout=30m -binary=out/minikube-${OS_ARCH}
 result=$?
 set -e
 
 MINIKUBE_WANTREPORTERRORPROMPT=False sudo ./out/minikube-${OS_ARCH} delete \
 || MINIKUBE_WANTREPORTERRORPROMPT=False ./out/minikube-${OS_ARCH} delete \
 || true
 sudo rm -rf $HOME/.minikube || true
+sudo rm -rf $HOME/.kube || true
 
 if [[ $result -eq 0 ]]; then
   status="success"

diff --git a/hack/jenkins/linux_integration_tests_none.sh b/hack/jenkins/linux_integration_tests_none.sh
@@ -15,60 +15,22 @@
 # limitations under the License.
 
 
-# This script downloads the test files from the build bucket and makes some executable.
+# This script runs the integration tests on a Linux machine for the Virtualbox Driver
 
 # The script expects the following env variables:
-# OS_ARCH: The operating system and the architecture separated by a hyphen '-' (e.g. darwin-amd64, linux-amd64, windows-amd64)
-# VM_DRIVER: the vm-driver to use for the test
-# EXTRA_BUILD_ARGS: additional flags to pass into minikube start
-# JOB_NAME: the name of the logfile and check name to update on github
+# MINIKUBE_LOCATION: GIT_COMMIT from upstream build.
+# COMMIT: Actual commit ID from upstream build
+# EXTRA_BUILD_ARGS (optional): Extra args to be passed into the minikube integrations tests
+# access_token: The Github API access token. Injected by the Jenkins credential provider. 
+
 
 set -e
 
 OS_ARCH="linux-amd64"
 VM_DRIVER="none"
 JOB_NAME="Linux-None"
 EXTRA_BUILD_ARGS="$EXTRA_BUILD_ARGS --use-vendored-driver"
-MINIKUBE_HOME="$HOME"
-
-# Copy only the files we need to this workspace
-mkdir -p out/ testdata/
-gsutil cp gs://minikube-builds/${MINIKUBE_LOCATION}/minikube-${OS_ARCH} out/
-gsutil cp gs://minikube-builds/${MINIKUBE_LOCATION}/e2e-${OS_ARCH} out/
-gsutil cp gs://minikube-builds/${MINIKUBE_LOCATION}/testdata/busybox.yaml testdata/
-gsutil cp gs://minikube-builds/${MINIKUBE_LOCATION}/testdata/pvc.yaml testdata/
-gsutil cp gs://minikube-builds/${MINIKUBE_LOCATION}/testdata/busybox-mount-test.yaml testdata/
-
-# Set the executable bit on the e2e binary and out binary
-chmod +x out/e2e-${OS_ARCH}
-chmod +x out/minikube-${OS_ARCH}
-
-MINIKUBE_WANTREPORTERRORPROMPT=False \
-	./out/minikube-${OS_ARCH} delete || true
-
-rm -rf $HOME/.minikube || true
-
-# See the default image
-./out/minikube-${OS_ARCH} start -h | grep iso
-
-# Allow this to fail, we'll switch on the return code below.
-set +e
-sudo -E out/e2e-${OS_ARCH} -minikube-args="--vm-driver=${VM_DRIVER} --v=100 ${EXTRA_BUILD_ARGS}" -test.v -test.timeout=30m -binary=out/minikube-${OS_ARCH}
-result=$?
-set -e
-
-if [[ $result -eq 0 ]]; then
-  status="success"
-else
-  status="failure"
-fi
-
-set +x
-target_url="https://storage.googleapis.com/minikube-builds/logs/${MINIKUBE_LOCATION}/${JOB_NAME}.txt"
-curl "https://api.github.com/repos/kubernetes/minikube/statuses/${COMMIT}?access_token=$access_token" \
-  -H "Content-Type: application/json" \
-  -X POST \
-  -d "{\"state\": \"$status\", \"description\": \"Jenkins\", \"target_url\": \"$target_url\", \"context\": \"${JOB_NAME}\"}"
-set -x
+SUDO_PREFIX="sudo "
 
-exit $result
+# Download files and set permissions
+source common.sh
diff --git a/pkg/minikube/assets/vm_assets.go b/pkg/minikube/assets/vm_assets.go
@@ -18,13 +18,11 @@ package assets
 
 import (
 	"bytes"
-	"fmt"
 	"io"
 	"os"
-	"os/exec"
+	"os/user"
 	"path/filepath"
 	"strconv"
-	"strings"
 
 	"github.com/pkg/errors"
 )
@@ -157,31 +155,30 @@ func CopyFileLocal(f CopyableFile) error {
 		return errors.Wrap(err, "Error changing file permissions")
 	}
 
-	if os.Getenv("KEEP_SUDO_FOR_MINIKUBE_NONE") == "" {
+	_, err = io.Copy(target, f)
+	if err != nil {
+		return errors.Wrap(err, "Error copying file to target location")
+	}
+
+	if os.Getenv("CHANGE_MINIKUBE_NONE_USER") != "" {
 		username := os.Getenv("SUDO_USER")
-		fmt.Println(username)
-		command := fmt.Sprintf("/bin/chown %s %s", username, targetPath)
-		fmt.Println(command)
-		args := strings.Split(command, " ")
-		binary := args[0]
-		args = append(args[:0], args[1:]...)
-		cmd := exec.Command(binary, args...)
-		if err := cmd.Start(); err != nil {
-			return err
+		if username == "" {
+			return nil
+		}
+		usr, err := user.Lookup(username)
+		if err != nil {
+			return errors.Wrap(err, "Error looking up user")
 		}
-		command = fmt.Sprintf("/bin/chgrp %s %s", username, targetPath)
-		fmt.Println(command)
-		args = strings.Split(command, " ")
-		binary = args[0]
-		args = append(args[:0], args[1:]...)
-		cmd = exec.Command(binary, args...)
-		if err := cmd.Start(); err != nil {
-			return err
+		uid, err := strconv.Atoi(usr.Uid)
+		if err != nil {
+			return errors.Wrapf(err, "Error parsing uid for user: %s", username)
 		}
-
-		_, err = io.Copy(target, f)
+		gid, err := strconv.Atoi(usr.Gid)
 		if err != nil {
-			return errors.Wrap(err, "Error copying file to target location")
+			return errors.Wrapf(err, "Error parsing gid for user: %s", username)
+		}
+		if err := os.Chown(targetPath, uid, gid); err != nil {
+			return errors.Wrapf(err, "Error changing ownership for: %s", targetPath)
 		}
 	}
 	return nil

diff --git a/pkg/minikube/cluster/cluster.go b/pkg/minikube/cluster/cluster.go
@@ -165,58 +165,27 @@ func GetLocalkubeStatus(api libmachine.API) (string, error) {
 	}
 }
 
-type sshAble interface {
-	RunSSHCommand(string) (string, error)
-}
-
 // StartCluster starts a k8s cluster on the specified Host.
-func StartClusterLocal(h *host.Host, kubernetesConfig KubernetesConfig) error {
-	startCommand, err := GetStartCommand(kubernetesConfig)
-	if err != nil {
-		return errors.Wrapf(err, "Error generating start command: %s", err)
-	}
-	glog.Infoln(startCommand)
-	output, err := RunCommand(h, startCommand, true)
-	glog.Infoln(output)
+func StartCluster(api libmachine.API, kubernetesConfig KubernetesConfig) error {
+	h, err := CheckIfApiExistsAndLoad(api)
 	if err != nil {
-		return errors.Wrapf(err, "Error running ssh command: %s", startCommand)
-	}
-
-	checkRunning := func() error {
-		s, err := h.Driver.GetState()
-		glog.Infoln("Machine state: ", s)
-		if err != nil {
-			return errors.Wrap(err, "Error getting state for host")
-		}
-		if s != state.Running {
-			return fmt.Errorf("Machine is in the wrong state: %s, expected  %s", s, state.Running)
-		}
-		return nil
-	}
-
-	if err := util.RetryAfter(6, checkRunning, 5*time.Second); err != nil {
-		return err
+		return errors.Wrap(err, "Error checking that api exists and loading it")
 	}
 
-	return nil
-}
-
-// StartCluster starts a k8s cluster on the specified Host.
-func StartClusterSSH(h sshAble, kubernetesConfig KubernetesConfig) error {
 	startCommand, err := GetStartCommand(kubernetesConfig)
 	if err != nil {
 		return errors.Wrapf(err, "Error generating start command: %s", err)
 	}
 	glog.Infoln(startCommand)
-	output, err := h.RunSSHCommand(startCommand)
+	output, err := RunCommand(h, startCommand, true)
 	glog.Infoln(output)
 	if err != nil {
 		return errors.Wrapf(err, "Error running ssh command: %s", startCommand)
 	}
 	return nil
 }
 
-func UpdateCluster(h sshAble, d drivers.Driver, config KubernetesConfig) error {
+func UpdateCluster(d drivers.Driver, config KubernetesConfig) error {
 	copyableFiles := []assets.CopyableFile{}
 	var localkubeFile assets.CopyableFile
 	var err error