Jun Hu | 9e45abc | 2018-01-17 17:07:36 -0500 | [diff] [blame] | 1 | #!/usr/bin/env python |
| 2 | |
| 3 | # ============LICENSE_START========================================== |
| 4 | # =================================================================== |
Jun (Nicolas) Hu | 8cbcb30 | 2018-02-21 14:18:44 -0500 | [diff] [blame] | 5 | # Copyright (c) 2017 AT&T |
Jun Hu | 9e45abc | 2018-01-17 17:07:36 -0500 | [diff] [blame] | 6 | # |
| 7 | # Licensed under the Apache License, Version 2.0 (the "License"); |
| 8 | # you may not use this file except in compliance with the License. |
| 9 | # You may obtain a copy of the License at |
| 10 | # |
| 11 | # http://www.apache.org/licenses/LICENSE-2.0 |
| 12 | # |
| 13 | # Unless required by applicable law or agreed to in writing, software |
| 14 | # distributed under the License is distributed on an "AS IS" BASIS, |
| 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 16 | # See the License for the specific language governing permissions and |
| 17 | # limitations under the License. |
| 18 | #============LICENSE_END============================================ |
| 19 | |
| 20 | #This script will be execute on master host. This script will check whether Kube-DNS is running, and set secrets in cloudify. |
| 21 | |
| 22 | import os |
| 23 | import subprocess |
| 24 | import pip |
| 25 | try: |
| 26 | import yaml |
| 27 | except ImportError: |
| 28 | pip.main(['install', 'pyyaml']) |
| 29 | import yaml |
| 30 | |
| 31 | from cloudify import ctx |
| 32 | from cloudify.exceptions import RecoverableError |
| 33 | from cloudify import manager |
| 34 | |
| 35 | |
| 36 | def execute_command(_command): |
| 37 | |
| 38 | ctx.logger.debug('_command {0}.'.format(_command)) |
| 39 | |
| 40 | subprocess_args = { |
| 41 | 'args': _command.split(), |
| 42 | 'stdout': subprocess.PIPE, |
| 43 | 'stderr': subprocess.PIPE |
| 44 | } |
| 45 | |
| 46 | ctx.logger.debug('subprocess_args {0}.'.format(subprocess_args)) |
| 47 | |
| 48 | process = subprocess.Popen(**subprocess_args) |
| 49 | output, error = process.communicate() |
| 50 | |
| 51 | ctx.logger.debug('command: {0} '.format(_command)) |
| 52 | ctx.logger.debug('output: {0} '.format(output)) |
| 53 | ctx.logger.debug('error: {0} '.format(error)) |
| 54 | ctx.logger.debug('process.returncode: {0} '.format(process.returncode)) |
| 55 | |
| 56 | if process.returncode: |
| 57 | ctx.logger.error('Running `{0}` returns error.'.format(_command)) |
| 58 | return False |
| 59 | |
| 60 | return output |
| 61 | |
| 62 | |
| 63 | def check_kubedns_status(_get_pods): |
| 64 | |
| 65 | ctx.logger.debug('get_pods: {0} '.format(_get_pods)) |
| 66 | |
| 67 | for pod_line in _get_pods.split('\n'): |
| 68 | ctx.logger.debug('pod_line: {0} '.format(pod_line)) |
| 69 | try: |
| 70 | _namespace, _name, _ready, _status, _restarts, _age = pod_line.split() |
| 71 | except ValueError: |
| 72 | pass |
| 73 | else: |
| 74 | if 'kube-dns' in _name and 'Running' not in _status: |
| 75 | return False |
| 76 | elif 'kube-dns' in _name and 'Running' in _status: |
| 77 | return True |
| 78 | return False |
| 79 | |
| 80 | |
| 81 | if __name__ == '__main__': |
| 82 | |
| 83 | cfy_client = manager.get_rest_client() |
| 84 | |
| 85 | # Checking if the Kubernetes DNS service is running (last step). |
| 86 | admin_file_dest = os.path.join(os.path.expanduser('~'), 'admin.conf') |
| 87 | os.environ['KUBECONFIG'] = admin_file_dest |
| 88 | get_pods = execute_command('kubectl get pods --all-namespaces') |
| 89 | if not check_kubedns_status(get_pods): |
| 90 | raise RecoverableError('kube-dns not Running') |
| 91 | |
| 92 | # Storing the K master configuration. |
| 93 | kubernetes_master_config = {} |
| 94 | with open(admin_file_dest, 'r') as outfile: |
| 95 | try: |
| 96 | kubernetes_master_config = yaml.load(outfile) |
| 97 | except yaml.YAMLError as e: |
| 98 | RecoverableError( |
| 99 | 'Unable to read Kubernetes Admin file: {0}: {1}'.format( |
| 100 | admin_file_dest, str(e))) |
| 101 | ctx.instance.runtime_properties['configuration_file_content'] = \ |
| 102 | kubernetes_master_config |
| 103 | |
| 104 | clusters = kubernetes_master_config.get('clusters') |
| 105 | _clusters = {} |
| 106 | for cluster in clusters: |
| 107 | __name = cluster.get('name') |
| 108 | _cluster = cluster.get('cluster', {}) |
| 109 | _secret_key = '%s_certificate_authority_data' % __name |
| 110 | if cfy_client and not len(cfy_client.secrets.list(key=_secret_key)) == 1: |
| 111 | cfy_client.secrets.create(key=_secret_key, value=_cluster.get('certificate-authority-data')) |
| 112 | ctx.logger.info('Set secret: {0}.'.format(_secret_key)) |
| 113 | else: |
| 114 | cfy_client.secrets.update(key=_secret_key, value=_cluster.get('certificate-authority-data')) |
| 115 | ctx.instance.runtime_properties['%s_certificate_authority_data' % __name] = _cluster.get('certificate-authority-data') |
| 116 | _clusters[__name] = _cluster |
| 117 | del __name |
| 118 | |
| 119 | contexts = kubernetes_master_config.get('contexts') |
| 120 | _contexts = {} |
| 121 | for context in contexts: |
| 122 | __name = context.get('name') |
| 123 | _context = context.get('context', {}) |
| 124 | _contexts[__name] = _context |
| 125 | del __name |
| 126 | |
| 127 | users = kubernetes_master_config.get('users') |
| 128 | _users = {} |
| 129 | for user in users: |
| 130 | __name = user.get('name') |
| 131 | _user = user.get('user', {}) |
| 132 | _secret_key = '%s_client_certificate_data' % __name |
| 133 | if cfy_client and not len(cfy_client.secrets.list(key=_secret_key)) == 1: |
| 134 | cfy_client.secrets.create(key=_secret_key, value=_user.get('client-certificate-data')) |
| 135 | ctx.logger.info('Set secret: {0}.'.format(_secret_key)) |
| 136 | else: |
| 137 | cfy_client.secrets.update(key=_secret_key, value=_user.get('client-certificate-data')) |
| 138 | _secret_key = '%s_client_key_data' % __name |
| 139 | if cfy_client and not len(cfy_client.secrets.list(key=_secret_key)) == 1: |
| 140 | cfy_client.secrets.create(key=_secret_key, value=_user.get('client-key-data')) |
| 141 | ctx.logger.info('Set secret: {0}.'.format(_secret_key)) |
| 142 | else: |
| 143 | cfy_client.secrets.update(key=_secret_key, value=_user.get('client-key-data')) |
| 144 | ctx.instance.runtime_properties['%s_client_certificate_data' % __name] = _user.get('client-certificate-data') |
| 145 | ctx.instance.runtime_properties['%s_client_key_data' % __name] = _user.get('client-key-data') |
| 146 | _users[__name] = _user |
| 147 | del __name |
| 148 | |
| 149 | ctx.instance.runtime_properties['kubernetes'] = { |
| 150 | 'clusters': _clusters, |
| 151 | 'contexts': _contexts, |
| 152 | 'users': _users |
| 153 | } |