blob: 9a9fd8f11a6eab5008ffb9b5e00cd97d79953fb7 [file] [log] [blame]
Jun Hu9e45abc2018-01-17 17:07:36 -05001#!/usr/bin/env python
2
3# ============LICENSE_START==========================================
4# ===================================================================
Jun (Nicolas) Hu8cbcb302018-02-21 14:18:44 -05005# Copyright (c) 2017 AT&T
Jun Hu9e45abc2018-01-17 17:07:36 -05006#
7# Licensed under the Apache License, Version 2.0 (the "License");
8# you may not use this file except in compliance with the License.
9# You may obtain a copy of the License at
10#
11# http://www.apache.org/licenses/LICENSE-2.0
12#
13# Unless required by applicable law or agreed to in writing, software
14# distributed under the License is distributed on an "AS IS" BASIS,
15# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16# See the License for the specific language governing permissions and
17# limitations under the License.
18#============LICENSE_END============================================
19
20#This script will be execute on master host. This script will check whether Kube-DNS is running, and set secrets in cloudify.
21
22import os
23import subprocess
24import pip
25try:
26 import yaml
27except ImportError:
28 pip.main(['install', 'pyyaml'])
29 import yaml
30
31from cloudify import ctx
32from cloudify.exceptions import RecoverableError
33from cloudify import manager
34
35
36def execute_command(_command):
37
38 ctx.logger.debug('_command {0}.'.format(_command))
39
40 subprocess_args = {
41 'args': _command.split(),
42 'stdout': subprocess.PIPE,
43 'stderr': subprocess.PIPE
44 }
45
46 ctx.logger.debug('subprocess_args {0}.'.format(subprocess_args))
47
48 process = subprocess.Popen(**subprocess_args)
49 output, error = process.communicate()
50
51 ctx.logger.debug('command: {0} '.format(_command))
52 ctx.logger.debug('output: {0} '.format(output))
53 ctx.logger.debug('error: {0} '.format(error))
54 ctx.logger.debug('process.returncode: {0} '.format(process.returncode))
55
56 if process.returncode:
57 ctx.logger.error('Running `{0}` returns error.'.format(_command))
58 return False
59
60 return output
61
62
63def check_kubedns_status(_get_pods):
64
65 ctx.logger.debug('get_pods: {0} '.format(_get_pods))
66
67 for pod_line in _get_pods.split('\n'):
68 ctx.logger.debug('pod_line: {0} '.format(pod_line))
69 try:
70 _namespace, _name, _ready, _status, _restarts, _age = pod_line.split()
71 except ValueError:
72 pass
73 else:
74 if 'kube-dns' in _name and 'Running' not in _status:
75 return False
76 elif 'kube-dns' in _name and 'Running' in _status:
77 return True
78 return False
79
80
81if __name__ == '__main__':
82
83 cfy_client = manager.get_rest_client()
84
85 # Checking if the Kubernetes DNS service is running (last step).
86 admin_file_dest = os.path.join(os.path.expanduser('~'), 'admin.conf')
87 os.environ['KUBECONFIG'] = admin_file_dest
88 get_pods = execute_command('kubectl get pods --all-namespaces')
89 if not check_kubedns_status(get_pods):
90 raise RecoverableError('kube-dns not Running')
91
92 # Storing the K master configuration.
93 kubernetes_master_config = {}
94 with open(admin_file_dest, 'r') as outfile:
95 try:
96 kubernetes_master_config = yaml.load(outfile)
97 except yaml.YAMLError as e:
98 RecoverableError(
99 'Unable to read Kubernetes Admin file: {0}: {1}'.format(
100 admin_file_dest, str(e)))
101 ctx.instance.runtime_properties['configuration_file_content'] = \
102 kubernetes_master_config
103
104 clusters = kubernetes_master_config.get('clusters')
105 _clusters = {}
106 for cluster in clusters:
107 __name = cluster.get('name')
108 _cluster = cluster.get('cluster', {})
109 _secret_key = '%s_certificate_authority_data' % __name
110 if cfy_client and not len(cfy_client.secrets.list(key=_secret_key)) == 1:
111 cfy_client.secrets.create(key=_secret_key, value=_cluster.get('certificate-authority-data'))
112 ctx.logger.info('Set secret: {0}.'.format(_secret_key))
113 else:
114 cfy_client.secrets.update(key=_secret_key, value=_cluster.get('certificate-authority-data'))
115 ctx.instance.runtime_properties['%s_certificate_authority_data' % __name] = _cluster.get('certificate-authority-data')
116 _clusters[__name] = _cluster
117 del __name
118
119 contexts = kubernetes_master_config.get('contexts')
120 _contexts = {}
121 for context in contexts:
122 __name = context.get('name')
123 _context = context.get('context', {})
124 _contexts[__name] = _context
125 del __name
126
127 users = kubernetes_master_config.get('users')
128 _users = {}
129 for user in users:
130 __name = user.get('name')
131 _user = user.get('user', {})
132 _secret_key = '%s_client_certificate_data' % __name
133 if cfy_client and not len(cfy_client.secrets.list(key=_secret_key)) == 1:
134 cfy_client.secrets.create(key=_secret_key, value=_user.get('client-certificate-data'))
135 ctx.logger.info('Set secret: {0}.'.format(_secret_key))
136 else:
137 cfy_client.secrets.update(key=_secret_key, value=_user.get('client-certificate-data'))
138 _secret_key = '%s_client_key_data' % __name
139 if cfy_client and not len(cfy_client.secrets.list(key=_secret_key)) == 1:
140 cfy_client.secrets.create(key=_secret_key, value=_user.get('client-key-data'))
141 ctx.logger.info('Set secret: {0}.'.format(_secret_key))
142 else:
143 cfy_client.secrets.update(key=_secret_key, value=_user.get('client-key-data'))
144 ctx.instance.runtime_properties['%s_client_certificate_data' % __name] = _user.get('client-certificate-data')
145 ctx.instance.runtime_properties['%s_client_key_data' % __name] = _user.get('client-key-data')
146 _users[__name] = _user
147 del __name
148
149 ctx.instance.runtime_properties['kubernetes'] = {
150 'clusters': _clusters,
151 'contexts': _contexts,
152 'users': _users
153 }