From f012b1007ed181d7bc88a131f9eb9eba2441f177 Mon Sep 17 00:00:00 2001 From: luke Date: Fri, 6 Jul 2018 10:22:38 +0000 Subject: [PATCH] [CE-402] Unable to create k8s host using cert/key 1. Disable the base64 encoding check for the cert/key file. 2. Update NFS sharing dir path in templates file. 3. Update module layer to handle k8s SSL CA certificate. Change-Id: I04a5e9fdf81e26bfdeab283b8cf2570b5314e61d Signed-off-by: luke --- src/agent/k8s/host_operations.py | 7 +++---- src/agent/k8s/templates/fabric-1-0-explorer.tpl | 2 +- src/agent/k8s/templates/orderer0.ordererorg.tpl | 1 - src/agent/k8s/templates/ordererorg-pvc.tpl | 2 +- src/agent/k8s/templates/org1-cli.tpl | 2 +- src/agent/k8s/templates/org1-pvc.tpl | 2 +- src/agent/k8s/templates/org2-cli.tpl | 2 +- src/agent/k8s/templates/org2-pvc.tpl | 2 +- src/resources/host_api.py | 9 +++++++-- 9 files changed, 16 insertions(+), 13 deletions(-) diff --git a/src/agent/k8s/host_operations.py b/src/agent/k8s/host_operations.py index a6c551a3a..e01e3772c 100644 --- a/src/agent/k8s/host_operations.py +++ b/src/agent/k8s/host_operations.py @@ -37,10 +37,8 @@ def _get_config_from_params(self, k8s_params): k8s_config.password = k8s_params.get('K8SPassword') elif k8s_params.get('K8SCredType') == K8S_CRED_TYPE['cert']: - cert_content = \ - base64.decodestring(str.encode(k8s_params.get('K8SCert'))) - key_content = \ - base64.decodestring(str.encode(k8s_params.get('K8SKey'))) + cert_content = k8s_params.get('K8SCert') + key_content = k8s_params.get('K8SKey') k8s_config.cert_file = \ config.kube_config._create_temp_file_with_content(cert_content) k8s_config.key_file = \ @@ -65,6 +63,7 @@ def _get_config_from_params(self, k8s_params): k8s_config.verify_ssl = False else: k8s_config.verify_ssl = True + k8s_config.ssl_ca_cert = k8s_params.get('K8SSslCert') client.Configuration.set_default(k8s_config) diff --git a/src/agent/k8s/templates/fabric-1-0-explorer.tpl b/src/agent/k8s/templates/fabric-1-0-explorer.tpl index b95335365..bc4bc1fc1 100644 --- a/src/agent/k8s/templates/fabric-1-0-explorer.tpl +++ b/src/agent/k8s/templates/fabric-1-0-explorer.tpl @@ -12,7 +12,7 @@ spec: namespace: {{clusterName}} name: {{clusterName}}-explorer-pvc nfs: - path: /cello/{{clusterName}}/resources/ + path: /{{clusterName}}/resources/ server: {{nfsServer}} # change to your nfs server ip here. --- diff --git a/src/agent/k8s/templates/orderer0.ordererorg.tpl b/src/agent/k8s/templates/orderer0.ordererorg.tpl index 14ded5309..4e946a35f 100644 --- a/src/agent/k8s/templates/orderer0.ordererorg.tpl +++ b/src/agent/k8s/templates/orderer0.ordererorg.tpl @@ -62,7 +62,6 @@ spec: - name: certificate persistentVolumeClaim: claimName: {{clusterName}}-ordererorg-pvc - #path: /cello #persistentVolumeClaim: # claimName: nfs diff --git a/src/agent/k8s/templates/ordererorg-pvc.tpl b/src/agent/k8s/templates/ordererorg-pvc.tpl index 7c21344e9..24fae76cd 100644 --- a/src/agent/k8s/templates/ordererorg-pvc.tpl +++ b/src/agent/k8s/templates/ordererorg-pvc.tpl @@ -12,7 +12,7 @@ spec: namespace: {{clusterName}} name: {{clusterName}}-ordererorg-pvc nfs: - path: /cello/{{clusterName}}/resources/crypto-config/ordererOrganizations/ordererorg + path: /{{clusterName}}/resources/crypto-config/ordererOrganizations/ordererorg server: {{nfsServer}} #change to your nfs server ip here --- diff --git a/src/agent/k8s/templates/org1-cli.tpl b/src/agent/k8s/templates/org1-cli.tpl index b37800376..68713d9bf 100644 --- a/src/agent/k8s/templates/org1-cli.tpl +++ b/src/agent/k8s/templates/org1-cli.tpl @@ -11,7 +11,7 @@ spec: namespace: {{clusterName}} name: {{clusterName}}-org1-resources-pvc nfs: - path: /cello/{{clusterName}}/resources + path: /{{clusterName}}/resources server: {{nfsServer}} # change to your nfs server ip here. --- diff --git a/src/agent/k8s/templates/org1-pvc.tpl b/src/agent/k8s/templates/org1-pvc.tpl index 4558bd511..a513a7b8c 100644 --- a/src/agent/k8s/templates/org1-pvc.tpl +++ b/src/agent/k8s/templates/org1-pvc.tpl @@ -12,7 +12,7 @@ spec: namespace: {{clusterName}} name: {{clusterName}}-org1-pvc nfs: - path: /cello/{{clusterName}}/resources/crypto-config/peerOrganizations/org1 + path: /{{clusterName}}/resources/crypto-config/peerOrganizations/org1 server: {{nfsServer}} #change to your nfs server ip here --- diff --git a/src/agent/k8s/templates/org2-cli.tpl b/src/agent/k8s/templates/org2-cli.tpl index 86cefac95..d90e4fb83 100644 --- a/src/agent/k8s/templates/org2-cli.tpl +++ b/src/agent/k8s/templates/org2-cli.tpl @@ -11,7 +11,7 @@ spec: namespace: {{clusterName}} name: {{clusterName}}-org2-resources-pvc nfs: - path: /cello/{{clusterName}}/resources + path: /{{clusterName}}/resources server: {{nfsServer}} # change to your nfs server ip here. --- diff --git a/src/agent/k8s/templates/org2-pvc.tpl b/src/agent/k8s/templates/org2-pvc.tpl index 2eb390b93..6a3c66010 100644 --- a/src/agent/k8s/templates/org2-pvc.tpl +++ b/src/agent/k8s/templates/org2-pvc.tpl @@ -12,7 +12,7 @@ spec: namespace: {{clusterName}} name: {{clusterName}}-org2-pvc nfs: - path: /cello/{{clusterName}}/resources/crypto-config/peerOrganizations/org2 + path: /{{clusterName}}/resources/crypto-config/peerOrganizations/org2 server: {{nfsServer}} #change to your nfs server ip here --- diff --git a/src/resources/host_api.py b/src/resources/host_api.py index 6cce8b621..ec8bea8c9 100644 --- a/src/resources/host_api.py +++ b/src/resources/host_api.py @@ -303,11 +303,15 @@ def host_actions(): def create_k8s_host(name, capacity, log_type, request): - if "k8s_ssl" in request and request["k8s_ssl"] == "on": + if request.get("k8s_ssl") == "on" and request.get("ssl_ca") is not None: k8s_ssl = "true" + k8s_ssl_ca = request["ssl_ca"] else: k8s_ssl = "false" + k8s_ssl_ca = None + request['use_ssl'] = k8s_ssl + request['use_ssl_ca'] = k8s_ssl_ca k8s_must_have_params = { 'Name': name, @@ -316,7 +320,8 @@ def create_k8s_host(name, capacity, log_type, request): 'K8SAddress': request['worker_api'], 'K8SCredType': request['k8s_cred_type'], 'K8SNfsServer': request['k8s_nfs_server'], - 'K8SUseSsl': request['use_ssl'] + 'K8SUseSsl': request['use_ssl'], + 'K8SSslCert': request['use_ssl_ca'] } if k8s_must_have_params['K8SCredType'] == K8S_CRED_TYPE['account']: