diff --git a/hack/test-cmd.sh b/hack/test-cmd.sh index c168323eaa81..a34a33a23191 100755 --- a/hack/test-cmd.sh +++ b/hack/test-cmd.sh @@ -86,11 +86,11 @@ do SERVER_HOSTNAME_LIST="${SERVER_HOSTNAME_LIST},${IP_ADDRESS}" done <<< "${ALL_IP_ADDRESSES}" -# Create certificates -openshift admin create-all-certs --overwrite=false --cert-dir="${CERT_DIR}" --hostnames="${SERVER_HOSTNAME_LIST}" --nodes="${API_HOST}" --master="${MASTER_ADDR}" --public-master="${API_SCHEME}://${PUBLIC_MASTER_HOST}" +openshift admin create-master-certs --overwrite=false --cert-dir="${CERT_DIR}" --hostnames="${SERVER_HOSTNAME_LIST}" --master="${MASTER_ADDR}" --public-master="${API_SCHEME}://${PUBLIC_MASTER_HOST}" +openshift admin create-node-config --listen="https://0.0.0.0:10250" --node-dir="${CERT_DIR}/node-${API_HOST}" --node="${API_HOST}" --hostnames="${SERVER_HOSTNAME_LIST}" --master="${MASTER_ADDR}" --certificate-authority="${CERT_DIR}/ca/cert.crt" --signer-cert="${CERT_DIR}/ca/cert.crt" --signer-key="${CERT_DIR}/ca/key.key" --signer-serial="${CERT_DIR}/ca/serial.txt" # Start openshift -OPENSHIFT_ON_PANIC=crash openshift start --master="${API_SCHEME}://${API_HOST}:${API_PORT}" --listen="${API_SCHEME}://${API_HOST}:${API_PORT}" --hostname="${API_HOST}" --volume-dir="${VOLUME_DIR}" --cert-dir="${CERT_DIR}" --etcd-dir="${ETCD_DATA_DIR}" 1>&2 & +OPENSHIFT_ON_PANIC=crash openshift start --master="${API_SCHEME}://${API_HOST}:${API_PORT}" --listen="${API_SCHEME}://${API_HOST}:${API_PORT}" --hostname="${API_HOST}" --volume-dir="${VOLUME_DIR}" --cert-dir="${CERT_DIR}" --etcd-dir="${ETCD_DATA_DIR}" --create-certs=false 1>&2 & OS_PID=$! if [[ "${API_SCHEME}" == "https" ]]; then diff --git a/hack/test-end-to-end.sh b/hack/test-end-to-end.sh index aab17818815f..cc8c99da0b22 100755 --- a/hack/test-end-to-end.sh +++ b/hack/test-end-to-end.sh @@ -184,7 +184,8 @@ do SERVER_HOSTNAME_LIST="${SERVER_HOSTNAME_LIST},${IP_ADDRESS}" done <<< "${ALL_IP_ADDRESSES}" -openshift admin create-all-certs --overwrite=false --cert-dir="${CERT_DIR}" --hostnames="${SERVER_HOSTNAME_LIST}" --nodes="127.0.0.1" --master="${MASTER_ADDR}" --public-master="${API_SCHEME}://${PUBLIC_MASTER_HOST}" +openshift admin create-master-certs --overwrite=false --cert-dir="${CERT_DIR}" --hostnames="${SERVER_HOSTNAME_LIST}" --master="${MASTER_ADDR}" --public-master="${API_SCHEME}://${PUBLIC_MASTER_HOST}" +openshift admin create-node-config --listen="https://0.0.0.0:10250" --node-dir="${CERT_DIR}/node-127.0.0.1" --node="127.0.0.1" --hostnames="${SERVER_HOSTNAME_LIST}" --master="${MASTER_ADDR}" --certificate-authority="${CERT_DIR}/ca/cert.crt" --signer-cert="${CERT_DIR}/ca/cert.crt" --signer-key="${CERT_DIR}/ca/key.key" --signer-serial="${CERT_DIR}/ca/serial.txt" echo "[INFO] Starting OpenShift server" diff --git a/hack/test-extended.sh b/hack/test-extended.sh index 5bc08ea5a49f..8e06dc2db109 100755 --- a/hack/test-extended.sh +++ b/hack/test-extended.sh @@ -54,15 +54,26 @@ start_server() { SERVER_HOSTNAME_LIST="${SERVER_HOSTNAME_LIST},${IP_ADDRESS}" done <<< "${ALL_IP_ADDRESSES}" - echo "[INFO] Create certificates for the OpenShift server" - sudo env "PATH=${PATH}" openshift admin create-all-certs \ + echo "[INFO] Create certificates for the OpenShift master" + env "PATH=${PATH}" openshift admin create-master-certs \ --overwrite=false \ --cert-dir="${CERT_DIR}" \ --hostnames="${SERVER_HOSTNAME_LIST}" \ - --nodes="127.0.0.1" \ --master="https://${OS_MASTER_ADDR}" \ --public-master="https://${OS_MASTER_ADDR}" + echo "[INFO] Create certificates for the OpenShift node" + env "PATH=${PATH}" openshift admin create-node-config \ + --listen="https://0.0.0.0:10250" \ + --node-dir="${CERT_DIR}/node-127.0.0.1" \ + --node="127.0.0.1" \ + --hostnames="${SERVER_HOSTNAME_LIST}" \ + --master="https://${OS_MASTER_ADDR}" \ + --certificate-authority="${CERT_DIR}/ca/cert.crt" \ + --signer-cert="${CERT_DIR}/ca/cert.crt" \ + --signer-key="${CERT_DIR}/ca/key.key" \ + --signer-serial="${CERT_DIR}/ca/serial.txt" + echo "[INFO] Starting OpenShift server" sudo env "PATH=${PATH}" openshift start \ --listen="https://0.0.0.0:${OS_MASTER_PORT}" \ diff --git a/pkg/cmd/admin/admin.go b/pkg/cmd/admin/admin.go index 73a35eb35438..ff11f98995e7 100644 --- a/pkg/cmd/admin/admin.go +++ b/pkg/cmd/admin/admin.go @@ -2,7 +2,7 @@ package admin import ( "fmt" - "os" + "io" "github.com/spf13/cobra" @@ -28,21 +28,19 @@ Note: This is a beta release of OpenShift and may change significantly. See https://github.com/openshift/origin for the latest information on OpenShift. ` -func NewCommandAdmin(name, fullName string) *cobra.Command { +func NewCommandAdmin(name, fullName string, out io.Writer) *cobra.Command { // Main command cmd := &cobra.Command{ Use: name, Short: "tools for managing an OpenShift cluster", Long: fmt.Sprintf(longDesc), Run: func(c *cobra.Command, args []string) { - c.SetOutput(os.Stdout) + c.SetOutput(out) c.Help() }, } f := clientcmd.New(cmd.PersistentFlags()) - //in := os.Stdin - out := os.Stdout templates.UseAdminTemplates(cmd) @@ -54,17 +52,15 @@ func NewCommandAdmin(name, fullName string) *cobra.Command { cmd.AddCommand(config.NewCmdConfig(fullName, "config")) // TODO: these probably belong in a sub command - cmd.AddCommand(admin.NewCommandCreateKubeConfig()) - cmd.AddCommand(admin.NewCommandCreateBootstrapPolicyFile()) - cmd.AddCommand(admin.NewCommandOverwriteBootstrapPolicy(out)) - cmd.AddCommand(admin.NewCommandNodeConfig()) + cmd.AddCommand(admin.NewCommandCreateKubeConfig(admin.CreateKubeConfigCommandName, fullName+" "+admin.CreateKubeConfigCommandName, out)) + cmd.AddCommand(admin.NewCommandCreateBootstrapPolicyFile(admin.CreateBootstrapPolicyFileCommand, fullName+" "+admin.CreateBootstrapPolicyFileCommand, out)) + cmd.AddCommand(admin.NewCommandOverwriteBootstrapPolicy(admin.OverwriteBootstrapPolicyCommandName, fullName+" "+admin.OverwriteBootstrapPolicyCommandName, fullName+" "+admin.CreateBootstrapPolicyFileCommand, out)) + cmd.AddCommand(admin.NewCommandNodeConfig(admin.NodeConfigCommandName, fullName+" "+admin.NodeConfigCommandName, out)) // TODO: these should be rolled up together - cmd.AddCommand(admin.NewCommandCreateAllCerts()) - cmd.AddCommand(admin.NewCommandCreateClientCert()) - cmd.AddCommand(admin.NewCommandCreateNodeClientCert()) - cmd.AddCommand(admin.NewCommandCreateServerCert()) - cmd.AddCommand(admin.NewCommandCreateSignerCert()) - cmd.AddCommand(admin.NewCommandCreateClient()) + cmd.AddCommand(admin.NewCommandCreateMasterCerts(admin.CreateMasterCertsCommandName, fullName+" "+admin.CreateMasterCertsCommandName, out)) + cmd.AddCommand(admin.NewCommandCreateClient(admin.CreateClientCommandName, fullName+" "+admin.CreateClientCommandName, out)) + cmd.AddCommand(admin.NewCommandCreateServerCert(admin.CreateServerCertCommandName, fullName+" "+admin.CreateServerCertCommandName, out)) + cmd.AddCommand(admin.NewCommandCreateSignerCert(admin.CreateSignerCertCommandName, fullName+" "+admin.CreateSignerCertCommandName, out)) if name == fullName { cmd.AddCommand(version.NewVersionCommand(fullName)) diff --git a/pkg/cmd/openshift/openshift.go b/pkg/cmd/openshift/openshift.go index a017ef2b75f3..aadc2d571dd0 100644 --- a/pkg/cmd/openshift/openshift.go +++ b/pkg/cmd/openshift/openshift.go @@ -57,7 +57,7 @@ func CommandFor(basename string) *cobra.Command { case "osc": cmd = cli.NewCommandCLI(basename, basename) case "osadm": - cmd = admin.NewCommandAdmin(basename, basename) + cmd = admin.NewCommandAdmin(basename, basename, os.Stdout) default: cmd = NewCommandOpenShift() } @@ -83,7 +83,7 @@ func NewCommandOpenShift() *cobra.Command { startAllInOne, _ := start.NewCommandStartAllInOne() root.AddCommand(startAllInOne) - root.AddCommand(admin.NewCommandAdmin("admin", "openshift admin")) + root.AddCommand(admin.NewCommandAdmin("admin", "openshift admin", os.Stdout)) root.AddCommand(cli.NewCommandCLI("cli", "openshift cli")) root.AddCommand(cli.NewCmdKubectl("kube")) root.AddCommand(newExperimentalCommand("openshift", "ex")) diff --git a/pkg/cmd/server/admin/create_bootstrappolicy_file.go b/pkg/cmd/server/admin/create_bootstrappolicy_file.go index 1762f31ccb21..20c32eef89af 100644 --- a/pkg/cmd/server/admin/create_bootstrappolicy_file.go +++ b/pkg/cmd/server/admin/create_bootstrappolicy_file.go @@ -4,6 +4,7 @@ import ( "bytes" "errors" "fmt" + "io" "io/ioutil" "os" "path" @@ -32,15 +33,15 @@ type CreateBootstrapPolicyFileOptions struct { OpenShiftSharedResourcesNamespace string } -func NewCommandCreateBootstrapPolicyFile() *cobra.Command { +func NewCommandCreateBootstrapPolicyFile(commandName string, fullName string, out io.Writer) *cobra.Command { options := &CreateBootstrapPolicyFileOptions{} cmd := &cobra.Command{ - Use: CreateBootstrapPolicyFileCommand, + Use: commandName, Short: "Create bootstrap policy for OpenShift.", Run: func(c *cobra.Command, args []string) { if err := options.Validate(args); err != nil { - fmt.Println(err.Error()) + fmt.Fprintln(c.Out(), err.Error()) c.Help() return } @@ -50,6 +51,7 @@ func NewCommandCreateBootstrapPolicyFile() *cobra.Command { } }, } + cmd.SetOutput(out) flags := cmd.Flags() diff --git a/pkg/cmd/server/admin/create_client.go b/pkg/cmd/server/admin/create_client.go index 570fb0120d24..cbe8b1b6ff71 100644 --- a/pkg/cmd/server/admin/create_client.go +++ b/pkg/cmd/server/admin/create_client.go @@ -3,6 +3,7 @@ package admin import ( "errors" "fmt" + "io" "io/ioutil" "path" @@ -12,6 +13,8 @@ import ( "github.com/GoogleCloudPlatform/kubernetes/pkg/util" ) +const CreateClientCommandName = "create-api-client-config" + type CreateClientOptions struct { GetSignerCertOptions *GetSignerCertOptions @@ -25,15 +28,15 @@ type CreateClientOptions struct { PublicAPIServerURL string } -func NewCommandCreateClient() *cobra.Command { +func NewCommandCreateClient(commandName string, fullName string, out io.Writer) *cobra.Command { options := &CreateClientOptions{GetSignerCertOptions: &GetSignerCertOptions{}} cmd := &cobra.Command{ - Use: "create-api-client-config", + Use: commandName, Short: "Create a portable client folder containing a client certificate, a client key, a server certificate authority, and a .kubeconfig file.", Run: func(c *cobra.Command, args []string) { if err := options.Validate(args); err != nil { - fmt.Println(err.Error()) + fmt.Fprintln(c.Out(), err.Error()) c.Help() return } @@ -43,6 +46,7 @@ func NewCommandCreateClient() *cobra.Command { } }, } + cmd.SetOutput(out) flags := cmd.Flags() diff --git a/pkg/cmd/server/admin/create_clientcert.go b/pkg/cmd/server/admin/create_clientcert.go index 7bd3933adee2..bf377c5eec26 100644 --- a/pkg/cmd/server/admin/create_clientcert.go +++ b/pkg/cmd/server/admin/create_clientcert.go @@ -2,10 +2,8 @@ package admin import ( "errors" - "fmt" "github.com/golang/glog" - "github.com/spf13/cobra" "github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user" "github.com/GoogleCloudPlatform/kubernetes/pkg/util" @@ -25,40 +23,6 @@ type CreateClientCertOptions struct { Overwrite bool } -func NewCommandCreateClientCert() *cobra.Command { - options := &CreateClientCertOptions{GetSignerCertOptions: &GetSignerCertOptions{}} - - cmd := &cobra.Command{ - Use: "create-client-cert", - Short: "Create client certificate", - Run: func(c *cobra.Command, args []string) { - if err := options.Validate(args); err != nil { - fmt.Println(err.Error()) - c.Help() - return - } - - if _, err := options.CreateClientCert(); err != nil { - fmt.Println(err.Error()) - c.Help() - return - } - }, - } - - flags := cmd.Flags() - BindGetSignerCertOptions(options.GetSignerCertOptions, flags, "") - - flags.StringVar(&options.CertFile, "cert", "openshift.local.certificates/user/cert.crt", "The certificate file.") - flags.StringVar(&options.KeyFile, "key", "openshift.local.certificates/user/key.key", "The key file.") - - flags.StringVar(&options.User, "user", "", "The scope qualified username.") - flags.Var(&options.Groups, "groups", "The list of groups this user belongs to. Comma delimited list") - flags.BoolVar(&options.Overwrite, "overwrite", true, "Overwrite existing cert files if found. If false, any existing file will be left as-is.") - - return cmd -} - func (o CreateClientCertOptions) Validate(args []string) error { if len(args) != 0 { return errors.New("no arguments are supported") diff --git a/pkg/cmd/server/admin/create_kubeconfig.go b/pkg/cmd/server/admin/create_kubeconfig.go index 860d2e0e83c7..68d082e76c23 100644 --- a/pkg/cmd/server/admin/create_kubeconfig.go +++ b/pkg/cmd/server/admin/create_kubeconfig.go @@ -3,6 +3,7 @@ package admin import ( "errors" "fmt" + "io" "io/ioutil" "os" "path/filepath" @@ -14,6 +15,8 @@ import ( clientcmdapi "github.com/GoogleCloudPlatform/kubernetes/pkg/client/clientcmd/api" ) +const CreateKubeConfigCommandName = "create-kubeconfig" + type CreateKubeConfigOptions struct { APIServerURL string PublicAPIServerURL string @@ -27,11 +30,11 @@ type CreateKubeConfigOptions struct { KubeConfigFile string } -func NewCommandCreateKubeConfig() *cobra.Command { +func NewCommandCreateKubeConfig(commandName string, fullName string, out io.Writer) *cobra.Command { options := &CreateKubeConfigOptions{} cmd := &cobra.Command{ - Use: "create-kubeconfig", + Use: commandName, Short: "Create a basic .kubeconfig file from client certs", Long: ` Create's a .kubeconfig file at <--kubeconfig> that looks like this: @@ -60,7 +63,7 @@ users: `, Run: func(c *cobra.Command, args []string) { if err := options.Validate(args); err != nil { - fmt.Println(err.Error()) + fmt.Fprintln(c.Out(), err.Error()) c.Help() return } @@ -70,6 +73,7 @@ users: } }, } + cmd.SetOutput(out) flags := cmd.Flags() diff --git a/pkg/cmd/server/admin/create_allcerts.go b/pkg/cmd/server/admin/create_mastercerts.go similarity index 66% rename from pkg/cmd/server/admin/create_allcerts.go rename to pkg/cmd/server/admin/create_mastercerts.go index aad3d1a9df0d..82d685de2e04 100644 --- a/pkg/cmd/server/admin/create_allcerts.go +++ b/pkg/cmd/server/admin/create_mastercerts.go @@ -3,6 +3,7 @@ package admin import ( "errors" "fmt" + "io" "path" "path/filepath" @@ -12,12 +13,13 @@ import ( "github.com/GoogleCloudPlatform/kubernetes/pkg/util" ) -type CreateAllCertsOptions struct { +const CreateMasterCertsCommandName = "create-master-certs" + +type CreateMasterCertsOptions struct { CertDir string SignerName string Hostnames util.StringList - NodeList util.StringList APIServerURL string PublicAPIServerURL string @@ -25,24 +27,25 @@ type CreateAllCertsOptions struct { Overwrite bool } -func NewCommandCreateAllCerts() *cobra.Command { - options := &CreateAllCertsOptions{} +func NewCommandCreateMasterCerts(commandName string, fullName string, out io.Writer) *cobra.Command { + options := &CreateMasterCertsOptions{} cmd := &cobra.Command{ - Use: "create-all-certs", - Short: "Create all certificates for OpenShift All-In-One", + Use: commandName, + Short: "Create all certificates for an OpenShift master. To create node certificates, try openshift admin create-node-config", Run: func(c *cobra.Command, args []string) { if err := options.Validate(args); err != nil { - fmt.Println(err.Error()) + fmt.Fprintln(c.Out(), err.Error()) c.Help() return } - if err := options.CreateAllCerts(); err != nil { + if err := options.CreateMasterCerts(); err != nil { glog.Fatal(err) } }, } + cmd.SetOutput(out) flags := cmd.Flags() @@ -52,13 +55,12 @@ func NewCommandCreateAllCerts() *cobra.Command { flags.StringVar(&options.APIServerURL, "master", "https://localhost:8443", "The API server's URL.") flags.StringVar(&options.PublicAPIServerURL, "public-master", "", "The API public facing server's URL (if applicable).") flags.Var(&options.Hostnames, "hostnames", "Every hostname or IP you want server certs to be valid for. Comma delimited list") - flags.Var(&options.NodeList, "nodes", "The names of all static nodes you'd like to generate certificates for. Comma delimited list") flags.BoolVar(&options.Overwrite, "overwrite", true, "Overwrite existing cert files if found. If false, any existing file will be left as-is.") return cmd } -func (o CreateAllCertsOptions) Validate(args []string) error { +func (o CreateMasterCertsOptions) Validate(args []string) error { if len(args) != 0 { return errors.New("no arguments are supported") } @@ -78,7 +80,7 @@ func (o CreateAllCertsOptions) Validate(args []string) error { return nil } -func (o CreateAllCertsOptions) CreateAllCerts() error { +func (o CreateMasterCertsOptions) CreateMasterCerts() error { glog.V(2).Infof("Creating all certs with: %#v", o) signerCertOptions := CreateSignerCertOptions{ @@ -139,63 +141,6 @@ func (o CreateAllCertsOptions) CreateAllCerts() error { } } - for _, nodeName := range o.NodeList { - serverCertInfo := DefaultNodeServingCertInfo(o.CertDir, nodeName) - nodeServerCertOptions := CreateServerCertOptions{ - GetSignerCertOptions: &getSignerCertOptions, - - CertFile: serverCertInfo.CertFile, - KeyFile: serverCertInfo.KeyFile, - - Hostnames: []string{nodeName}, - Overwrite: o.Overwrite, - } - - if err := nodeServerCertOptions.Validate(nil); err != nil { - return err - } - if _, err := nodeServerCertOptions.CreateServerCert(); err != nil { - return err - } - - clientCertInfo := DefaultNodeClientCertInfo(o.CertDir, nodeName) - - nodeCertOptions := CreateNodeClientCertOptions{ - GetSignerCertOptions: &getSignerCertOptions, - - CertFile: clientCertInfo.CertFile, - KeyFile: clientCertInfo.KeyFile, - - NodeName: nodeName, - Overwrite: o.Overwrite, - } - if err := nodeCertOptions.Validate(nil); err != nil { - return err - } - if _, err := nodeCertOptions.CreateNodeClientCert(); err != nil { - return err - } - - createKubeConfigOptions := CreateKubeConfigOptions{ - APIServerURL: o.APIServerURL, - PublicAPIServerURL: o.PublicAPIServerURL, - APIServerCAFile: getSignerCertOptions.CertFile, - ServerNick: "master", - - CertFile: nodeCertOptions.CertFile, - KeyFile: nodeCertOptions.KeyFile, - UserNick: nodeName, - - KubeConfigFile: DefaultNodeKubeConfigFile(o.CertDir, nodeName), - } - if err := createKubeConfigOptions.Validate(nil); err != nil { - return err - } - if _, err := createKubeConfigOptions.CreateKubeConfig(); err != nil { - return err - } - } - for _, serverCertInfo := range DefaultServerCerts(o.CertDir) { serverCertOptions := CreateServerCertOptions{ GetSignerCertOptions: &getSignerCertOptions, diff --git a/pkg/cmd/server/admin/create_nodeclientcerts.go b/pkg/cmd/server/admin/create_nodeclientcerts.go deleted file mode 100644 index 64d7d571de69..000000000000 --- a/pkg/cmd/server/admin/create_nodeclientcerts.go +++ /dev/null @@ -1,101 +0,0 @@ -package admin - -import ( - "errors" - "fmt" - - "github.com/golang/glog" - "github.com/spf13/cobra" - - "github.com/GoogleCloudPlatform/kubernetes/pkg/util" - - "github.com/openshift/origin/pkg/cmd/server/bootstrappolicy" - "github.com/openshift/origin/pkg/cmd/server/crypto" -) - -type CreateNodeClientCertOptions struct { - GetSignerCertOptions *GetSignerCertOptions - - CertFile string - KeyFile string - - NodeName string - - Overwrite bool -} - -func NewCommandCreateNodeClientCert() *cobra.Command { - options := &CreateNodeClientCertOptions{GetSignerCertOptions: &GetSignerCertOptions{}} - - cmd := &cobra.Command{ - Use: "create-node-cert", - Short: "Create node certificate", - Run: func(c *cobra.Command, args []string) { - if err := options.Validate(args); err != nil { - fmt.Println(err.Error()) - c.Help() - return - } - - if _, err := options.CreateNodeClientCert(); err != nil { - glog.Fatal(err) - } - }, - } - - flags := cmd.Flags() - BindGetSignerCertOptions(options.GetSignerCertOptions, flags, "") - - flags.StringVar(&options.CertFile, "cert", "openshift.local.certificates/user/cert.crt", "The certificate file.") - flags.StringVar(&options.KeyFile, "key", "openshift.local.certificates/user/key.key", "The key file.") - - flags.StringVar(&options.NodeName, "node-name", "", "The name of the node.") - flags.BoolVar(&options.Overwrite, "overwrite", true, "Overwrite existing cert files if found. If false, any existing file will be left as-is.") - - return cmd -} - -func (o CreateNodeClientCertOptions) Validate(args []string) error { - if len(args) != 0 { - return errors.New("no arguments are supported") - } - if len(o.CertFile) == 0 { - return errors.New("cert must be provided") - } - if len(o.KeyFile) == 0 { - return errors.New("key must be provided") - } - if len(o.NodeName) == 0 { - return errors.New("node-name must be provided") - } - - if o.GetSignerCertOptions == nil { - return errors.New("signer options are required") - } - if err := o.GetSignerCertOptions.Validate(); err != nil { - return err - } - - return nil -} - -func (o CreateNodeClientCertOptions) CreateNodeClientCert() (*crypto.TLSCertificateConfig, error) { - glog.V(2).Infof("Creating a node client cert with: %#v and %#v", o, o.GetSignerCertOptions) - - nodeCertOptions := CreateClientCertOptions{ - GetSignerCertOptions: o.GetSignerCertOptions, - - CertFile: o.CertFile, - KeyFile: o.KeyFile, - - User: "system:node-" + o.NodeName, - Groups: util.StringList([]string{bootstrappolicy.NodesGroup}), - Overwrite: o.Overwrite, - } - - if err := nodeCertOptions.Validate(nil); err != nil { - return nil, err - } - - return nodeCertOptions.CreateClientCert() -} diff --git a/pkg/cmd/server/admin/create_nodeconfig.go b/pkg/cmd/server/admin/create_nodeconfig.go index bccce0eb0844..c213e6c0db09 100644 --- a/pkg/cmd/server/admin/create_nodeconfig.go +++ b/pkg/cmd/server/admin/create_nodeconfig.go @@ -3,6 +3,7 @@ package admin import ( "errors" "fmt" + "io" "io/ioutil" "net" "os" @@ -16,6 +17,7 @@ import ( klatest "github.com/GoogleCloudPlatform/kubernetes/pkg/api/latest" "github.com/GoogleCloudPlatform/kubernetes/pkg/master/ports" "github.com/GoogleCloudPlatform/kubernetes/pkg/util" + "github.com/openshift/origin/pkg/cmd/server/bootstrappolicy" "github.com/openshift/origin/pkg/cmd/flagtypes" configapi "github.com/openshift/origin/pkg/cmd/server/api" @@ -24,6 +26,8 @@ import ( "github.com/openshift/origin/pkg/cmd/util/variable" ) +const NodeConfigCommandName = "create-node-config" + type CreateNodeConfigOptions struct { GetSignerCertOptions *GetSignerCertOptions @@ -46,15 +50,15 @@ type CreateNodeConfigOptions struct { APIServerURL string } -func NewCommandNodeConfig() *cobra.Command { +func NewCommandNodeConfig(commandName string, fullName string, out io.Writer) *cobra.Command { options := NewDefaultCreateNodeConfigOptions() cmd := &cobra.Command{ - Use: "create-node-config", + Use: commandName, Short: "Create a portable client folder containing a client certificate, a client key, a server certificate authority, and a .kubeconfig file.", Run: func(c *cobra.Command, args []string) { if err := options.Validate(args); err != nil { - fmt.Println(err.Error()) + fmt.Fprintln(c.Out(), err.Error()) c.Help() return } @@ -64,6 +68,7 @@ func NewCommandNodeConfig() *cobra.Command { } }, } + cmd.SetOutput(out) flags := cmd.Flags() @@ -215,16 +220,20 @@ func (o CreateNodeConfigOptions) CreateNodeFolder() error { func (o CreateNodeConfigOptions) MakeClientCert(clientCertFile, clientKeyFile string) error { if o.IsCreateClientCertificate() { - createNodeClientCert := CreateNodeClientCertOptions{ + createNodeClientCert := CreateClientCertOptions{ GetSignerCertOptions: o.GetSignerCertOptions, - CertFile: clientCertFile, - KeyFile: clientKeyFile, - NodeName: o.NodeName, + + CertFile: clientCertFile, + KeyFile: clientKeyFile, + + User: "system:node-" + o.NodeName, + Groups: util.StringList([]string{bootstrappolicy.NodesGroup}), } + if err := createNodeClientCert.Validate(nil); err != nil { return err } - if _, err := createNodeClientCert.CreateNodeClientCert(); err != nil { + if _, err := createNodeClientCert.CreateClientCert(); err != nil { return err } diff --git a/pkg/cmd/server/admin/create_nodeconfig_test.go b/pkg/cmd/server/admin/create_nodeconfig_test.go index 6ec8aa397a58..11792d8e7885 100644 --- a/pkg/cmd/server/admin/create_nodeconfig_test.go +++ b/pkg/cmd/server/admin/create_nodeconfig_test.go @@ -102,7 +102,7 @@ func executeNodeConfig(args []string) string { }, } - root.AddCommand(NewCommandNodeConfig()) + root.AddCommand(NewCommandNodeConfig("create-node-config", "openshift admin", ioutil.Discard)) root.SetArgs(argsToUse) root.Execute() diff --git a/pkg/cmd/server/admin/create_servercert.go b/pkg/cmd/server/admin/create_servercert.go index 8445b956d7ec..b94b5d905eef 100644 --- a/pkg/cmd/server/admin/create_servercert.go +++ b/pkg/cmd/server/admin/create_servercert.go @@ -3,6 +3,7 @@ package admin import ( "errors" "fmt" + "io" "github.com/golang/glog" "github.com/spf13/cobra" @@ -12,6 +13,8 @@ import ( "github.com/openshift/origin/pkg/cmd/server/crypto" ) +const CreateServerCertCommandName = "create-server-cert" + type CreateServerCertOptions struct { GetSignerCertOptions *GetSignerCertOptions @@ -22,15 +25,15 @@ type CreateServerCertOptions struct { Overwrite bool } -func NewCommandCreateServerCert() *cobra.Command { +func NewCommandCreateServerCert(commandName string, fullName string, out io.Writer) *cobra.Command { options := &CreateServerCertOptions{GetSignerCertOptions: &GetSignerCertOptions{}} cmd := &cobra.Command{ - Use: "create-server-cert", + Use: commandName, Short: "Create server certificate", Run: func(c *cobra.Command, args []string) { if err := options.Validate(args); err != nil { - fmt.Println(err.Error()) + fmt.Fprintln(c.Out(), err.Error()) c.Help() return } @@ -40,6 +43,7 @@ func NewCommandCreateServerCert() *cobra.Command { } }, } + cmd.SetOutput(out) flags := cmd.Flags() BindGetSignerCertOptions(options.GetSignerCertOptions, flags, "") diff --git a/pkg/cmd/server/admin/create_signercert.go b/pkg/cmd/server/admin/create_signercert.go index 88d73a876566..72d22cdf1edd 100644 --- a/pkg/cmd/server/admin/create_signercert.go +++ b/pkg/cmd/server/admin/create_signercert.go @@ -3,6 +3,7 @@ package admin import ( "errors" "fmt" + "io" "github.com/golang/glog" "github.com/spf13/cobra" @@ -11,6 +12,8 @@ import ( "github.com/openshift/origin/pkg/cmd/server/crypto" ) +const CreateSignerCertCommandName = "create-signer-cert" + type CreateSignerCertOptions struct { CertFile string KeyFile string @@ -28,15 +31,15 @@ func BindSignerCertOptions(options *CreateSignerCertOptions, flags *pflag.FlagSe flags.BoolVar(&options.Overwrite, prefix+"overwrite", options.Overwrite, "Overwrite existing cert files if found. If false, any existing file will be left as-is.") } -func NewCommandCreateSignerCert() *cobra.Command { +func NewCommandCreateSignerCert(commandName string, fullName string, out io.Writer) *cobra.Command { options := &CreateSignerCertOptions{Overwrite: true} cmd := &cobra.Command{ - Use: "create-signer-cert", + Use: commandName, Short: "Create signer certificate", Run: func(c *cobra.Command, args []string) { if err := options.Validate(args); err != nil { - fmt.Println(err.Error()) + fmt.Fprintln(c.Out(), err.Error()) c.Help() return } @@ -46,6 +49,7 @@ func NewCommandCreateSignerCert() *cobra.Command { } }, } + cmd.SetOutput(out) BindSignerCertOptions(options, cmd.Flags(), "") diff --git a/pkg/cmd/server/admin/overwrite_bootstrappolicy.go b/pkg/cmd/server/admin/overwrite_bootstrappolicy.go index 47a1d133106f..4c1d3fccebbe 100644 --- a/pkg/cmd/server/admin/overwrite_bootstrappolicy.go +++ b/pkg/cmd/server/admin/overwrite_bootstrappolicy.go @@ -28,22 +28,27 @@ import ( templateapi "github.com/openshift/origin/pkg/template/api" ) +const OverwriteBootstrapPolicyCommandName = "overwrite-policy" + type OverwriteBootstrapPolicyOptions struct { File string MasterConfigFile string - Force bool - Out io.Writer + + Force bool + Out io.Writer + CreateBootstrapPolicyCommand string } -func NewCommandOverwriteBootstrapPolicy(out io.Writer) *cobra.Command { +func NewCommandOverwriteBootstrapPolicy(commandName string, fullName string, createBootstrapPolicyCommand string, out io.Writer) *cobra.Command { options := &OverwriteBootstrapPolicyOptions{Out: out} + options.CreateBootstrapPolicyCommand = createBootstrapPolicyCommand cmd := &cobra.Command{ - Use: "overwrite-policy", + Use: commandName, Short: "Reset the policy to the default values", Run: func(c *cobra.Command, args []string) { if err := options.Validate(args); err != nil { - fmt.Println(err.Error()) + fmt.Fprintln(c.Out(), err.Error()) c.Help() return } @@ -53,11 +58,12 @@ func NewCommandOverwriteBootstrapPolicy(out io.Writer) *cobra.Command { } }, } + cmd.SetOutput(out) flags := cmd.Flags() flags.BoolVarP(&options.Force, "force", "f", false, "You must confirm you really want to reset your policy. This will delete any custom settings you may have.") - flags.StringVar(&options.File, "filename", "", "The policy template file containing roles and bindings. One can be created with '"+CreateBootstrapPolicyFileFullCommand+"'.") + flags.StringVar(&options.File, "filename", "", "The policy template file containing roles and bindings. One can be created with '"+createBootstrapPolicyCommand+"'.") flags.StringVar(&options.MasterConfigFile, "master-config", "master.yaml", "Location of the master configuration file to run from in order to connect to etcd and directly modify the policy.") return cmd @@ -91,13 +97,14 @@ func (o OverwriteBootstrapPolicyOptions) OverwriteBootstrapPolicy() error { return err } - return OverwriteBootstrapPolicy(etcdHelper, masterConfig.PolicyConfig.MasterAuthorizationNamespace, o.File, o.Force, o.Out) + return OverwriteBootstrapPolicy(etcdHelper, masterConfig.PolicyConfig.MasterAuthorizationNamespace, o.File, o.CreateBootstrapPolicyCommand, o.Force, o.Out) } -func OverwriteBootstrapPolicy(etcdHelper tools.EtcdHelper, masterNamespace, policyFile string, change bool, out io.Writer) error { +func OverwriteBootstrapPolicy(etcdHelper tools.EtcdHelper, masterNamespace, policyFile, createBootstrapPolicyCommand string, change bool, out io.Writer) error { if !change { fmt.Fprintf(out, "Performing a dry run of policy overwrite:\n\n") } + mapper := cmdclientcmd.ShortcutExpander{kubectl.ShortcutExpander{latest.RESTMapper}} typer := api.Scheme clientMapper := resource.ClientMapperFunc(func(mapping *meta.RESTMapping) (resource.RESTClient, error) { @@ -120,7 +127,7 @@ func OverwriteBootstrapPolicy(etcdHelper tools.EtcdHelper, masterNamespace, poli return r.Visit(func(info *resource.Info) error { template, ok := info.Object.(*templateapi.Template) if !ok { - return errors.New("policy must be contained in a template. One can be created with '" + CreateBootstrapPolicyFileFullCommand + "'.") + return errors.New("policy must be contained in a template. One can be created with '" + createBootstrapPolicyCommand + "'.") } for _, item := range template.Objects { diff --git a/pkg/cmd/server/origin/master.go b/pkg/cmd/server/origin/master.go index 14f4cfae0a27..3b2d131bd15e 100644 --- a/pkg/cmd/server/origin/master.go +++ b/pkg/cmd/server/origin/master.go @@ -461,7 +461,7 @@ func (c *MasterConfig) ensureComponentAuthorizationRules() { if _, err := registry.GetPolicy(ctx, authorizationapi.PolicyName); kapierror.IsNotFound(err) { glog.Infof("No master policy found. Creating bootstrap policy based on: %v", c.Options.PolicyConfig.BootstrapPolicyFile) - if err := admin.OverwriteBootstrapPolicy(c.EtcdHelper, c.Options.PolicyConfig.MasterAuthorizationNamespace, c.Options.PolicyConfig.BootstrapPolicyFile, true, ioutil.Discard); err != nil { + if err := admin.OverwriteBootstrapPolicy(c.EtcdHelper, c.Options.PolicyConfig.MasterAuthorizationNamespace, c.Options.PolicyConfig.BootstrapPolicyFile, admin.CreateBootstrapPolicyFileFullCommand, true, ioutil.Discard); err != nil { glog.Errorf("Error creating bootstrap policy: %v", err) } diff --git a/pkg/cmd/server/start/start_master.go b/pkg/cmd/server/start/start_master.go index d6a93b34d38a..fa3782d06397 100644 --- a/pkg/cmd/server/start/start_master.go +++ b/pkg/cmd/server/start/start_master.go @@ -253,44 +253,20 @@ func (o MasterOptions) CreateCerts() error { if err != nil { return err } - mintAllCertsOptions := admin.CreateAllCertsOptions{ + mintAllCertsOptions := admin.CreateMasterCertsOptions{ CertDir: o.MasterArgs.CertArgs.CertDir, SignerName: signerName, Hostnames: hostnames.List(), - NodeList: o.MasterArgs.NodeList, APIServerURL: masterAddr.String(), PublicAPIServerURL: publicMasterAddr.String(), } if err := mintAllCertsOptions.Validate(nil); err != nil { return err } - if err := mintAllCertsOptions.CreateAllCerts(); err != nil { + if err := mintAllCertsOptions.CreateMasterCerts(); err != nil { return err } - rootCAFile := admin.DefaultRootCAFile(o.MasterArgs.CertArgs.CertDir) - for _, clientCertInfo := range admin.DefaultClientCerts(o.MasterArgs.CertArgs.CertDir) { - createKubeConfigOptions := admin.CreateKubeConfigOptions{ - APIServerURL: masterAddr.String(), - PublicAPIServerURL: publicMasterAddr.String(), - APIServerCAFile: rootCAFile, - ServerNick: "master", - - CertFile: clientCertInfo.CertLocation.CertFile, - KeyFile: clientCertInfo.CertLocation.KeyFile, - UserNick: clientCertInfo.SubDir, - - KubeConfigFile: admin.DefaultKubeConfigFilename(o.MasterArgs.CertArgs.CertDir, clientCertInfo.SubDir), - } - - if err := createKubeConfigOptions.Validate(nil); err != nil { - return err - } - if _, err := createKubeConfigOptions.CreateKubeConfig(); err != nil { - return err - } - } - return nil } diff --git a/test/integration/bootstrap_policy_test.go b/test/integration/bootstrap_policy_test.go index daf1af9b38aa..94d3fd94604d 100644 --- a/test/integration/bootstrap_policy_test.go +++ b/test/integration/bootstrap_policy_test.go @@ -99,7 +99,7 @@ func TestOverwritePolicyCommand(t *testing.T) { t.Errorf("unexpected error: %v", err) } - if err := admin.OverwriteBootstrapPolicy(etcdHelper, masterConfig.PolicyConfig.MasterAuthorizationNamespace, masterConfig.PolicyConfig.BootstrapPolicyFile, true, ioutil.Discard); err != nil { + if err := admin.OverwriteBootstrapPolicy(etcdHelper, masterConfig.PolicyConfig.MasterAuthorizationNamespace, masterConfig.PolicyConfig.BootstrapPolicyFile, admin.CreateBootstrapPolicyFileFullCommand, true, ioutil.Discard); err != nil { t.Errorf("unexpected error: %v", err) }