mirror of
https://gerrit.hackerspace.pl/hscloud
synced 2025-01-20 15:13:53 +00:00
radex
274e70f557
Change-Id: I01fa3c40ac00cfa022d438163ba9e2d3ef66ac72 Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/2090 Reviewed-by: q3k <q3k@hackerspace.pl>
77 lines
2.2 KiB
Go
77 lines
2.2 KiB
Go
package main
|
|
|
|
import (
|
|
"log"
|
|
"path/filepath"
|
|
"strings"
|
|
|
|
"github.com/spf13/cobra"
|
|
|
|
"code.hackerspace.pl/hscloud/cluster/clustercfg/certs"
|
|
"code.hackerspace.pl/hscloud/cluster/clustercfg/clusters"
|
|
"code.hackerspace.pl/hscloud/go/workspace"
|
|
)
|
|
|
|
var flagFQDNs []string
|
|
|
|
var gencertsCmd = &cobra.Command{
|
|
Use: "gencerts",
|
|
Short: "(re)generate keys/certs for a hscloud cluster",
|
|
Long: `
|
|
If you're adding a new cluster node, run this. It will populate the appropriate
|
|
certs/secrets folders with new certs/keys.
|
|
|
|
By default, the nodes to generate certificates for are automatically discovered
|
|
by querying the local Nix machines defined in //ops, looking for anything that
|
|
has hscloud.kube.controller.enabled. That can be slow and/or incorrect. To override
|
|
node names, set --fqdn (either comma-separate them or repeat flags).
|
|
`,
|
|
Run: func(cmd *cobra.Command, args []string) {
|
|
ws, err := workspace.Get()
|
|
if err != nil {
|
|
log.Fatalf("Could not figure out workspace: %v", err)
|
|
}
|
|
|
|
clusterName := flagCluster
|
|
cluster, ok := clusters.Clusters[clusterName]
|
|
if !ok {
|
|
log.Fatalf("Unknown cluster: %q", clusterName)
|
|
}
|
|
|
|
fqdns := flagFQDNs
|
|
if len(fqdns) == 0 {
|
|
log.Printf("--fqdn not set, figuring out machines from Nix...")
|
|
|
|
if clusterName != "k0" {
|
|
log.Fatalf("Only k0 cluster supported for automatic machine discovery.")
|
|
}
|
|
|
|
err = workspace.EvalHscloudNix(cmd.Context(), &fqdns, "ops.exports.kubeMachineNames")
|
|
if err != nil {
|
|
log.Fatalf("Could not figure out Kubernetes machine FQDNs: %v", err)
|
|
}
|
|
}
|
|
|
|
for _, fqdn := range fqdns {
|
|
parts := strings.Split(fqdn, ".")
|
|
if len(parts) != 3 || parts[1] != "hswaw" || parts[2] != "net" {
|
|
log.Fatalf("Invalid FQDN %q: must be xxx.hswaw.net.", fqdn)
|
|
}
|
|
}
|
|
|
|
log.Printf("Cluster: -c %s", clusterName)
|
|
log.Printf("Machines: --fqdn %s", strings.Join(fqdns, ","))
|
|
|
|
path := filepath.Join(ws, "cluster")
|
|
c := certs.Prepare(path, cluster, fqdns)
|
|
if err := c.Ensure(); err != nil {
|
|
log.Fatalf("Failed: %v", err)
|
|
}
|
|
log.Printf("Done.")
|
|
},
|
|
}
|
|
|
|
func init() {
|
|
gencertsCmd.Flags().StringSliceVar(&flagFQDNs, "fqdn", nil, "List of machine FQDNs to generate certs for. If not set, will be automatically figured out from Nix modules in local checkout (slow).")
|
|
rootCmd.AddCommand(gencertsCmd)
|
|
}
|