diff --git a/test/e2e/mcd_test.go b/test/e2e/mcd_test.go index 8517a4258e..36459d5d14 100644 --- a/test/e2e/mcd_test.go +++ b/test/e2e/mcd_test.go @@ -2,6 +2,7 @@ package e2e_test import ( "fmt" + "os/exec" "strings" "testing" "time" @@ -12,6 +13,7 @@ import ( "github.com/openshift/machine-config-operator/test/e2e/framework" "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/fields" "k8s.io/apimachinery/pkg/labels" "k8s.io/apimachinery/pkg/util/uuid" "k8s.io/apimachinery/pkg/util/wait" @@ -143,6 +145,112 @@ func TestMCDeployed(t *testing.T) { } } +func TestUpdateSSH(t *testing.T) { + cs := framework.NewClientSet("") + + // create a dummy MC with an sshKey for user Core + mcName := fmt.Sprintf("sshkeys-worker-%s", uuid.NewUUID()) + mcadd := &mcv1.MachineConfig{} + mcadd.ObjectMeta = metav1.ObjectMeta{ + Name: mcName, + Labels: mcLabelForWorkers(), + } + // create a new MC that adds a valid user & ssh keys + tempUser := ignv2_2types.PasswdUser{ + Name: "core", + SSHAuthorizedKeys: []ignv2_2types.SSHAuthorizedKey{ + "1234_test", + "abc_test", + }, + } + mcadd.Spec = mcv1.MachineConfigSpec{ + Config: ignv2_2types.Config{ + Ignition: ignv2_2types.Ignition{ + Version: "2.2.0", + }, + Passwd: ignv2_2types.Passwd{ + Users: []ignv2_2types.PasswdUser{tempUser}, + }, + }, + } + _, err := cs.MachineConfigs().Create(mcadd) + if err != nil { + t.Errorf("failed to create machine config %v", err) + } + + // grab the latest worker- MC + var newMCName string + if err := wait.PollImmediate(2*time.Second, 5*time.Minute, func() (bool, error) { + mcp, err := cs.MachineConfigPools().Get("worker", metav1.GetOptions{}) + if err != nil { + return false, err + } + for _, mc := range mcp.Status.Configuration.Source { + if mc.Name == mcName { + newMCName = mcp.Status.Configuration.Name + return true, nil + } + } + return false, nil + }); err != nil { + t.Errorf("machine config hasn't been picked by the pool: %v", err) + } + + visited := make(map[string]bool) + if err := wait.Poll(2*time.Second, 10*time.Minute, func() (bool, error) { + nodes, err := getNodesByRole(cs, "worker") + if err != nil { + return false, err + } + for _, node := range nodes { + if visited[node.Name] { + continue + } + // check that the new MC is in the annotations and that the MCD state is Done. + if node.Annotations[constants.CurrentMachineConfigAnnotationKey] == newMCName && + node.Annotations[constants.MachineConfigDaemonStateAnnotationKey] == constants.MachineConfigDaemonStateDone { + // find the MCD pod that has spec.nodeNAME = node.Name and get its name: + listOptions := metav1.ListOptions{ + FieldSelector: fields.SelectorFromSet(fields.Set{"spec.nodeName": node.Name}).String(), + } + listOptions.LabelSelector = labels.SelectorFromSet(labels.Set{"k8s-app": "machine-config-daemon"}).String() + + mcdList, err := cs.Pods("openshift-machine-config-operator").List(listOptions) + if err != nil { + return false, nil + } + if len(mcdList.Items) != 1 { + t.Logf("did not find any mcd pods") + return false, nil + } + mcdName := mcdList.Items[0].ObjectMeta.Name + + // now rsh into that daemon and grep the authorized key file to check if 1234_test was written + // must do both commands in same shell, combine commands into one exec.Command() + found, err := exec.Command("oc", "rsh", "-n", "openshift-machine-config-operator", mcdName, + "grep", "1234_test", "/rootfs/home/core/.ssh/authorized_keys").CombinedOutput() + if err != nil { + t.Logf("unable to read authorized_keys on daemon: %s got: %s got err: %v", mcdName, found, err) + return false, nil + } + if !strings.Contains(string(found), "1234_test") { + t.Logf("updated ssh keys not found in authorized_keys, got %s", found) + return false, nil + } + + visited[node.Name] = true + if len(visited) == len(nodes) { + return true, nil + } + continue + } + } + return false, nil + }); err != nil { + t.Errorf("machine config didn't result in ssh keys being on any worker: %v", err) + } +} + func getNodesByRole(cs *framework.ClientSet, role string) ([]v1.Node, error) { listOptions := metav1.ListOptions{ LabelSelector: labels.SelectorFromSet(labels.Set{fmt.Sprintf("node-role.kubernetes.io/%s", role): ""}).String(),