New package sshiofs

Signed-off-by: Artiom Diomin <[email protected]>
kubermatic · Apr 26, 2021 · 47c09bf · 47c09bf
1 parent c5fd853
commit 47c09bf
Show file tree

Hide file tree

Showing 17 changed files with 460 additions and 122 deletions.
diff --git a/go.mod b/go.mod
@@ -15,11 +15,11 @@ require (
 	github.com/kubermatic/machine-controller v1.27.4
 	github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de
 	github.com/pkg/errors v0.9.1
-	github.com/pkg/sftp v1.12.0
 	github.com/pmezard/go-difflib v1.0.0
 	github.com/sirupsen/logrus v1.7.0
 	github.com/spf13/cobra v1.1.1
 	github.com/spf13/pflag v1.0.5
+	github.com/stretchr/testify v1.6.1 // indirect
 	go.etcd.io/etcd/v3 v3.3.0-rc.0.0.20200728214110-6c81b20ec8de
 	golang.org/x/crypto v0.0.0-20201217014255-9d1352758620
 	golang.org/x/term v0.0.0-20201117132131-f5c789dd3221

diff --git a/go.sum b/go.sum
@@ -474,8 +474,6 @@ github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxv
 github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/koron-go/prefixw v0.0.0-20181013140428-271b207a7572 h1:2V0/+PacpzfOQpGWfiC7QqsgucPHR23dmsaeb2X0G7M=
 github.com/koron-go/prefixw v0.0.0-20181013140428-271b207a7572/go.mod h1:/2NUAa6KLcI69tZU4Rafvjv8M4WrTS4UImFiaDRBs6A=
-github.com/kr/fs v0.1.0 h1:Jskdu9ieNAYnjxsi0LbQp1ulIKZV1LAFgK1tWhpZgl8=
-github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg=
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
@@ -600,8 +598,6 @@ github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/profile v1.2.1/go.mod h1:hJw3o1OdXxsrSjjVksARp5W95eeEaEfptyVZyv6JUPA=
-github.com/pkg/sftp v1.12.0 h1:/f3b24xrDhkhddlaobPe2JgBqfdt+gC/NYl0QY9IOuI=
-github.com/pkg/sftp v1.12.0/go.mod h1:fUqqXB5vEgVCZ131L+9say31RAri6aF6KDViawhxKK8=
 github.com/pmezard/go-difflib v0.0.0-20151028094244-d8ed2627bdf0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
@@ -793,7 +789,6 @@ golang.org/x/crypto v0.0.0-20191202143827-86a70503ff7e/go.mod h1:LzIPMQfyMNhhGPh
 golang.org/x/crypto v0.0.0-20191206172530-e9b2fee46413/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200414173820-0848c9571904/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20201217014255-9d1352758620 h1:3wPMTskHO3+O6jqTEXyFcsnuxMQOqYSaHsDxcbUXpqA=
 golang.org/x/crypto v0.0.0-20201217014255-9d1352758620/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=

diff --git a/pkg/configupload/configuration.go b/pkg/configupload/configuration.go
@@ -17,18 +17,18 @@ limitations under the License.
 package configupload
 
 import (
-	"bytes"
 	"fmt"
 	"io"
+	"io/fs"
 	"io/ioutil"
-	"os"
 	"path/filepath"
 	"strings"
 
 	"github.com/pkg/errors"
 
 	"k8c.io/kubeone/pkg/archive"
 	"k8c.io/kubeone/pkg/ssh"
+	"k8c.io/kubeone/pkg/ssh/sshiofs"
 )
 
 // Configuration holds a map of generated files
@@ -71,31 +71,40 @@ func (c *Configuration) AddFilePath(filename, filePath, manifestFilePath string)
 
 // UploadTo directory all the files
 func (c *Configuration) UploadTo(conn ssh.Connection, directory string) error {
+	sshfs := sshiofs.New(conn).(sshiofs.MkdirFS)
+
 	for filename, content := range c.files {
 		target := filepath.Join(directory, filename)
 
 		// ensure the base dir exists
 		dir := filepath.Dir(target)
-		_, _, _, err := conn.Exec(fmt.Sprintf(`mkdir -p -- "%s"`, dir))
+		if err := sshfs.MkdirAll(dir, 0700); err != nil {
+			return err
+		}
+
+		f, err := sshfs.Open(target)
 		if err != nil {
-			return errors.Wrapf(err, "failed to create ./%s directory", dir)
+			return err
 		}
+		defer f.Close()
 
-		w, err := conn.File(target, os.O_RDWR|os.O_CREATE|os.O_TRUNC)
+		file := f.(sshiofs.ExtendedFile)
+		if err = file.Truncate(0); err != nil {
+			return err
+		}
+
+		_, err = file.Seek(0, io.SeekStart)
 		if err != nil {
-			return errors.Wrapf(err, "failed to open remote file for write: %s", filename)
+			return err
 		}
-		defer w.Close()
 
-		_, err = io.Copy(w, strings.NewReader(content))
+		_, err = io.Copy(file, strings.NewReader(content))
 		if err != nil {
 			return errors.Wrapf(err, "failed to write remote file %s", filename)
 		}
 
-		if wchmod, ok := w.(interface{ Chmod(os.FileMode) error }); ok {
-			if err := wchmod.Chmod(0644); err != nil {
-				return errors.Wrapf(err, "failed to chmod %s", filename)
-			}
+		if err := file.Chmod(0600); err != nil {
+			return err
 		}
 	}
 
@@ -110,6 +119,8 @@ func (c *Configuration) Download(conn ssh.Connection, source string, prefix stri
 		return errors.Wrapf(err, "%s", stderr)
 	}
 
+	sshfs := sshiofs.New(conn)
+
 	filenames := strings.Split(stdout, "\n")
 	for _, filename := range filenames {
 		fullsource := source + "/" + filename
@@ -119,30 +130,17 @@ func (c *Configuration) Download(conn ssh.Connection, source string, prefix stri
 			localfile = prefix + "/" + localfile
 		}
 
-		var buf bytes.Buffer
-		r, err := conn.File(fullsource, os.O_RDONLY)
+		buf, err := fs.ReadFile(sshfs, fullsource)
 		if err != nil {
-			return errors.Wrapf(err, "failed to open remote file for read: %s", fullsource)
+			return err
 		}
 
-		_, err = io.Copy(&buf, r)
-		if err != nil {
-			return errors.Wrapf(err, "failed to read remote file: %s", fullsource)
-		}
-
-		c.files[localfile] = buf.String()
+		c.files[localfile] = string(buf)
 	}
 
 	return nil
 }
 
-// Debug list filenames and their size to the standard output
-func (c *Configuration) Debug() {
-	for filename, content := range c.files {
-		fmt.Printf("%s: %d bytes\n", filename, len(content))
-	}
-}
-
 // Backup dumps the files into a .tar.gz archive.
 func (c *Configuration) Backup(target string) error {
 	archive, err := archive.NewTarGzip(target)

diff --git a/pkg/etcdutil/etcd.go b/pkg/etcdutil/etcd.go
@@ -20,6 +20,7 @@ import (
 	"crypto/tls"
 	"crypto/x509"
 	"fmt"
+	"io/fs"
 	"time"
 
 	"github.com/pkg/errors"
@@ -28,6 +29,7 @@ import (
 
 	"k8c.io/kubeone/pkg/apis/kubeone"
 	"k8c.io/kubeone/pkg/ssh"
+	"k8c.io/kubeone/pkg/ssh/sshiofs"
 	"k8c.io/kubeone/pkg/ssh/sshtunnel"
 	"k8c.io/kubeone/pkg/state"
 )
@@ -66,33 +68,34 @@ func NewClientConfig(s *state.State, host kubeone.HostConfig) (*clientv3.Config,
 // certificates and key are downloaded over SSH from the
 // /etc/kubernetes/pki/etcd/ directory.
 func LoadTLSConfig(conn ssh.Connection) (*tls.Config, error) {
+	sshfs := sshiofs.New(conn)
 	// Download CA
-	caCertPem, _, _, err := conn.Exec("sudo cat /etc/kubernetes/pki/etcd/ca.crt")
+	caCertPem, err := fs.ReadFile(sshfs, "/etc/kubernetes/pki/etcd/ca.crt")
 	if err != nil {
 		return nil, err
 	}
 
 	// Download cert
-	certPem, _, _, err := conn.Exec("sudo cat /etc/kubernetes/pki/etcd/server.crt")
+	certPem, err := fs.ReadFile(sshfs, "/etc/kubernetes/pki/etcd/server.crt")
 	if err != nil {
 		return nil, err
 	}
 
 	// Download key
-	keyPem, _, _, err := conn.Exec("sudo cat /etc/kubernetes/pki/etcd/server.key")
+	keyPem, err := fs.ReadFile(sshfs, "/etc/kubernetes/pki/etcd/server.key")
 	if err != nil {
 		return nil, err
 	}
 
 	// Add certificate and key to the TLS config
-	cert, err := tls.X509KeyPair([]byte(certPem), []byte(keyPem))
+	cert, err := tls.X509KeyPair(certPem, keyPem)
 	if err != nil {
 		return nil, err
 	}
 
 	// Add CA certificate to the TLS config
 	caCertPool := x509.NewCertPool()
-	caCertPool.AppendCertsFromPEM([]byte(caCertPem))
+	caCertPool.AppendCertsFromPEM(caCertPem)
 
 	return &tls.Config{
 		MinVersion:   tls.VersionTLS12,

diff --git a/pkg/kubeconfig/kubeconfig.go b/pkg/kubeconfig/kubeconfig.go
@@ -17,12 +17,15 @@ limitations under the License.
 package kubeconfig
 
 import (
+	"io/fs"
+
 	"github.com/pkg/errors"
 
 	"k8s.io/client-go/tools/clientcmd"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
 	"k8c.io/kubeone/pkg/ssh"
+	"k8c.io/kubeone/pkg/ssh/sshiofs"
 	"k8c.io/kubeone/pkg/state"
 )
 
@@ -43,12 +46,7 @@ func Download(s *state.State) ([]byte, error) {
 }
 
 func CatKubernetesAdminConf(conn ssh.Connection) ([]byte, error) {
-	konfig, _, _, err := conn.Exec("sudo cat /etc/kubernetes/admin.conf")
-	if err != nil {
-		return nil, err
-	}
-
-	return []byte(konfig), nil
+	return fs.ReadFile(sshiofs.New(conn), "/etc/kubernetes/admin.conf")
 }
 
 // BuildKubernetesClientset builds core kubernetes and apiextensions clientsets

diff --git a/pkg/runner/runner.go b/pkg/runner/runner.go
@@ -17,6 +17,7 @@ limitations under the License.
 package runner
 
 import (
+	"io/fs"
 	"os"
 
 	"github.com/koron-go/prefixw"
@@ -25,6 +26,7 @@ import (
 	kubeoneapi "k8c.io/kubeone/pkg/apis/kubeone"
 	"k8c.io/kubeone/pkg/scripts"
 	"k8c.io/kubeone/pkg/ssh"
+	"k8c.io/kubeone/pkg/ssh/sshiofs"
 )
 
 // Runner bundles a connection to a host with the verbosity and
@@ -39,6 +41,10 @@ type Runner struct {
 // TemplateVariables is a render context for templates
 type TemplateVariables map[string]interface{}
 
+func (r *Runner) NewFS() fs.FS {
+	return sshiofs.New(r.Conn)
+}
+
 func (r *Runner) RunRaw(cmd string) (string, string, error) {
 	if r.Conn == nil {
 		return "", "", errors.New("runner is not tied to an opened SSH connection")
@@ -60,7 +66,7 @@ func (r *Runner) RunRaw(cmd string) (string, string, error) {
 	defer stderr.Close()
 
 	// run the command
-	_, err := r.Conn.Stream(cmd, stdout, stderr)
+	_, err := r.Conn.POpen(cmd, nil, stdout, stderr)
 
 	return stdout.String(), stderr.String(), err
 }

diff --git a/pkg/scripts/ca.go b/pkg/scripts/ca.go
@@ -18,7 +18,7 @@ package scripts
 
 const (
 	copyPKIHomeScriptTemplate = `
-mkdir -p {{ .WORK_DIR }}/pki/etcd
+sudo mkdir -p {{ .WORK_DIR }}/pki/etcd
 sudo cp /etc/kubernetes/pki/ca.crt {{ .WORK_DIR }}/pki/
 sudo cp /etc/kubernetes/pki/ca.key {{ .WORK_DIR }}/pki/
 sudo cp /etc/kubernetes/pki/sa.key {{ .WORK_DIR }}/pki/

diff --git a/pkg/scripts/testdata/TestCopyPKIHome-.-subdir-test.golden b/pkg/scripts/testdata/TestCopyPKIHome-.-subdir-test.golden
@@ -1,7 +1,7 @@
 set -xeu pipefail
 export "PATH=$PATH:/sbin:/usr/local/bin:/opt/bin"
 
-mkdir -p ./subdir/test/pki/etcd
+sudo mkdir -p ./subdir/test/pki/etcd
 sudo cp /etc/kubernetes/pki/ca.crt ./subdir/test/pki/
 sudo cp /etc/kubernetes/pki/ca.key ./subdir/test/pki/
 sudo cp /etc/kubernetes/pki/sa.key ./subdir/test/pki/

diff --git a/pkg/scripts/testdata/TestCopyPKIHome-test-dir1.golden b/pkg/scripts/testdata/TestCopyPKIHome-test-dir1.golden
@@ -1,7 +1,7 @@
 set -xeu pipefail
 export "PATH=$PATH:/sbin:/usr/local/bin:/opt/bin"
 
-mkdir -p test-dir1/pki/etcd
+sudo mkdir -p test-dir1/pki/etcd
 sudo cp /etc/kubernetes/pki/ca.crt test-dir1/pki/
 sudo cp /etc/kubernetes/pki/ca.key test-dir1/pki/
 sudo cp /etc/kubernetes/pki/sa.key test-dir1/pki/