[CE-402] Unable to create k8s host using cert/key

1. Disable the base64 encoding check for the cert/key file. 2. Update NFS sharing dir path in templates file. 3. Update module layer to handle k8s SSL CA certificate. Change-Id: I04a5e9fdf81e26bfdeab283b8cf2570b5314e61d Signed-off-by: luke <[email protected]>
hyperledger-cello · Jul 6, 2018 · f012b10 · f012b10
1 parent beab111
commit f012b10
Show file tree

Hide file tree

Showing 9 changed files with 16 additions and 13 deletions.
diff --git a/src/agent/k8s/host_operations.py b/src/agent/k8s/host_operations.py
@@ -37,10 +37,8 @@ def _get_config_from_params(self, k8s_params):
             k8s_config.password = k8s_params.get('K8SPassword')
 
         elif k8s_params.get('K8SCredType') == K8S_CRED_TYPE['cert']:
-            cert_content = \
-                base64.decodestring(str.encode(k8s_params.get('K8SCert')))
-            key_content = \
-                base64.decodestring(str.encode(k8s_params.get('K8SKey')))
+            cert_content = k8s_params.get('K8SCert')
+            key_content = k8s_params.get('K8SKey')
             k8s_config.cert_file = \
                 config.kube_config._create_temp_file_with_content(cert_content)
             k8s_config.key_file = \
@@ -65,6 +63,7 @@ def _get_config_from_params(self, k8s_params):
             k8s_config.verify_ssl = False
         else:
             k8s_config.verify_ssl = True
+            k8s_config.ssl_ca_cert = k8s_params.get('K8SSslCert')
 
         client.Configuration.set_default(k8s_config)
 

diff --git a/src/agent/k8s/templates/fabric-1-0-explorer.tpl b/src/agent/k8s/templates/fabric-1-0-explorer.tpl
@@ -12,7 +12,7 @@ spec:
       namespace: {{clusterName}}
       name: {{clusterName}}-explorer-pvc
     nfs:
-      path: /cello/{{clusterName}}/resources/
+      path: /{{clusterName}}/resources/
       server: {{nfsServer}} # change to your nfs server ip here.
 ---
 

diff --git a/src/agent/k8s/templates/orderer0.ordererorg.tpl b/src/agent/k8s/templates/orderer0.ordererorg.tpl
@@ -62,7 +62,6 @@ spec:
        - name: certificate
          persistentVolumeClaim:
              claimName: {{clusterName}}-ordererorg-pvc
-           #path: /cello
          #persistentVolumeClaim:
          #  claimName: nfs
 

diff --git a/src/agent/k8s/templates/ordererorg-pvc.tpl b/src/agent/k8s/templates/ordererorg-pvc.tpl
@@ -12,7 +12,7 @@ spec:
     namespace: {{clusterName}}
     name: {{clusterName}}-ordererorg-pvc
   nfs:
-    path: /cello/{{clusterName}}/resources/crypto-config/ordererOrganizations/ordererorg
+    path: /{{clusterName}}/resources/crypto-config/ordererOrganizations/ordererorg
     server: {{nfsServer}}  #change to your nfs server ip here
 
 ---

diff --git a/src/agent/k8s/templates/org1-cli.tpl b/src/agent/k8s/templates/org1-cli.tpl
@@ -11,7 +11,7 @@ spec:
       namespace: {{clusterName}}
       name: {{clusterName}}-org1-resources-pvc
     nfs:
-      path: /cello/{{clusterName}}/resources
+      path: /{{clusterName}}/resources
       server: {{nfsServer}} # change to your nfs server ip here.
 ---
 

diff --git a/src/agent/k8s/templates/org1-pvc.tpl b/src/agent/k8s/templates/org1-pvc.tpl
@@ -12,7 +12,7 @@ spec:
     namespace: {{clusterName}}
     name: {{clusterName}}-org1-pvc
   nfs:
-    path: /cello/{{clusterName}}/resources/crypto-config/peerOrganizations/org1
+    path: /{{clusterName}}/resources/crypto-config/peerOrganizations/org1
     server: {{nfsServer}}  #change to your nfs server ip here
 
 ---

diff --git a/src/agent/k8s/templates/org2-cli.tpl b/src/agent/k8s/templates/org2-cli.tpl
@@ -11,7 +11,7 @@ spec:
       namespace: {{clusterName}}
       name: {{clusterName}}-org2-resources-pvc
     nfs:
-      path: /cello/{{clusterName}}/resources
+      path: /{{clusterName}}/resources
       server: {{nfsServer}} # change to your nfs server ip here.
 ---
 

diff --git a/src/agent/k8s/templates/org2-pvc.tpl b/src/agent/k8s/templates/org2-pvc.tpl
@@ -12,7 +12,7 @@ spec:
     namespace: {{clusterName}}
     name: {{clusterName}}-org2-pvc
   nfs:
-    path: /cello/{{clusterName}}/resources/crypto-config/peerOrganizations/org2
+    path: /{{clusterName}}/resources/crypto-config/peerOrganizations/org2
     server: {{nfsServer}}  #change to your nfs server ip here
 
 ---

diff --git a/src/resources/host_api.py b/src/resources/host_api.py
@@ -303,11 +303,15 @@ def host_actions():
 
 
 def create_k8s_host(name, capacity, log_type, request):
-    if "k8s_ssl" in request and request["k8s_ssl"] == "on":
+    if request.get("k8s_ssl") == "on" and request.get("ssl_ca") is not None:
         k8s_ssl = "true"
+        k8s_ssl_ca = request["ssl_ca"]
     else:
         k8s_ssl = "false"
+        k8s_ssl_ca = None
+
     request['use_ssl'] = k8s_ssl
+    request['use_ssl_ca'] = k8s_ssl_ca
 
     k8s_must_have_params = {
         'Name': name,
@@ -316,7 +320,8 @@ def create_k8s_host(name, capacity, log_type, request):
         'K8SAddress': request['worker_api'],
         'K8SCredType': request['k8s_cred_type'],
         'K8SNfsServer': request['k8s_nfs_server'],
-        'K8SUseSsl': request['use_ssl']
+        'K8SUseSsl': request['use_ssl'],
+        'K8SSslCert': request['use_ssl_ca']
     }
 
     if k8s_must_have_params['K8SCredType'] == K8S_CRED_TYPE['account']: