Gitiles
Code Review Sign In
gerrit-dev.monogon.dev / monogon / 3fe6615bd837038023b9839fb7300030999c60ff / . / metropolis / cli / metroctl / cmd_takeownership.go
blob: 2c373407b92a9424dd9ceb48a961563b6b14fa84 [file] [log] [blame]
Lorenz Bruna9b455f2021-12-07 03:53:22 +0100[diff] [blame]1package main
2
3import (
4 "context"
Lorenz Bruna9b455f2021-12-07 03:53:22 +0100[diff] [blame]5 "log"
6 "net"
7 "os"
Lorenz Brun20d1dd12022-07-01 12:21:42 +0000[diff] [blame]8 "os/exec"
Lorenz Bruna9b455f2021-12-07 03:53:22 +0100[diff] [blame]9
Lorenz Bruna9b455f2021-12-07 03:53:22 +0100[diff] [blame]10 "github.com/spf13/cobra"
11
Mateusz Zalega18a67b02022-08-02 13:37:50 +0200[diff] [blame]12 "source.monogon.dev/metropolis/cli/metroctl/core"
Lorenz Bruna9b455f2021-12-07 03:53:22 +0100[diff] [blame]13 clicontext "source.monogon.dev/metropolis/cli/pkg/context"
14 "source.monogon.dev/metropolis/node"
15 "source.monogon.dev/metropolis/node/core/rpc"
Serge Bazanskidc1bec42021-12-16 17:38:53 +0100[diff] [blame]16 apb "source.monogon.dev/metropolis/proto/api"
Lorenz Bruna9b455f2021-12-07 03:53:22 +0100[diff] [blame]17)
18
19var takeownershipCommand = &cobra.Command{
Mateusz Zalegab1e7ee42022-07-08 12:19:02 +0200[diff] [blame]20 Use: "takeownership",
Lorenz Bruna9b455f2021-12-07 03:53:22 +0100[diff] [blame]21 Short: "Takes ownership of a new Metropolis cluster",
22 Long: `This takes ownership of a new Metropolis cluster by asking the new
23cluster to issue an owner certificate to for the owner key generated by a
Mateusz Zalegab1e7ee42022-07-08 12:19:02 +0200[diff] [blame]24previous invocation of metroctl install on this machine. A single cluster
25endpoint must be provided with the --endpoints parameter.`,
26 Args: cobra.ExactArgs(0),
27 Run: doTakeOwnership,
Lorenz Bruna9b455f2021-12-07 03:53:22 +0100[diff] [blame]28}
29
Mateusz Zalegab1e7ee42022-07-08 12:19:02 +0200[diff] [blame]30func doTakeOwnership(cmd *cobra.Command, _ []string) {
31 if len(flags.clusterEndpoints) != 1 {
32 log.Fatalf("takeownership requires a single cluster endpoint to be provided with the --endpoints parameter.")
33 }
Mateusz Zalegab1e7ee42022-07-08 12:19:02 +0200[diff] [blame]34
Mateusz Zalega18464502022-07-14 16:18:26 +0200[diff] [blame]35 // Retrieve the cluster owner's private key, and use it to construct
36 // ephemeral credentials. Then, dial the cluster.
Serge Bazanskicf23ebc2023-03-14 17:02:04 +0100[diff] [blame]37 opk, err := core.GetOwnerKey(flags.configPath)
38 if err == core.NoCredentialsError {
Lorenz Bruna9b455f2021-12-07 03:53:22 +0100[diff] [blame]39 log.Fatalf("Owner key does not exist. takeownership needs to be executed on the same system that has previously installed the cluster using metroctl install.")
Lorenz Bruna9b455f2021-12-07 03:53:22 +0100[diff] [blame]40 }
Mateusz Zalega18464502022-07-14 16:18:26 +0200[diff] [blame]41 if err != nil {
42 log.Fatalf("Couldn't get owner's key: %v", err)
Lorenz Bruna9b455f2021-12-07 03:53:22 +0100[diff] [blame]43 }
Mateusz Zalega18464502022-07-14 16:18:26 +0200[diff] [blame]44 ctx := clicontext.WithInterrupt(context.Background())
Mateusz Zalega18a67b02022-08-02 13:37:50 +0200[diff] [blame]45 cc, err := core.DialCluster(ctx, opk, nil, flags.proxyAddr, flags.clusterEndpoints, rpcLogger)
Mateusz Zalega18464502022-07-14 16:18:26 +0200[diff] [blame]46 if err != nil {
47 log.Fatalf("While dialing the cluster: %v", err)
Lorenz Bruna9b455f2021-12-07 03:53:22 +0100[diff] [blame]48 }
Mateusz Zalega18464502022-07-14 16:18:26 +0200[diff] [blame]49 aaa := apb.NewAAAClient(cc)
Lorenz Bruna9b455f2021-12-07 03:53:22 +0100[diff] [blame]50
Mateusz Zalega18464502022-07-14 16:18:26 +0200[diff] [blame]51 ownerCert, err := rpc.RetrieveOwnerCertificate(ctx, aaa, opk)
Lorenz Bruna9b455f2021-12-07 03:53:22 +0100[diff] [blame]52 if err != nil {
53 log.Fatalf("Failed to retrive owner certificate from cluster: %v", err)
54 }
Serge Bazanskicf23ebc2023-03-14 17:02:04 +0100[diff] [blame]55 if err := core.WriteOwnerCertificate(flags.configPath, ownerCert.Certificate[0]); err != nil {
Lorenz Bruna9b455f2021-12-07 03:53:22 +0100[diff] [blame]56 log.Printf("Failed to store retrieved owner certificate: %v", err)
57 log.Fatalln("Sorry, the cluster has been lost as taking ownership cannot be repeated. Fix the reason the file couldn't be written and reinstall the node.")
58 }
Lorenz Brun20d1dd12022-07-01 12:21:42 +0000[diff] [blame]59 log.Print("Successfully retrieved owner credentials! You now own this cluster. Setting up kubeconfig now...")
60
Lorenz Brun20d1dd12022-07-01 12:21:42 +0000[diff] [blame]61 // If the user has metroctl in their path, use the metroctl from path as
62 // a credential plugin. Otherwise use the path to the currently-running
63 // metroctl.
64 metroctlPath := "metroctl"
65 if _, err := exec.LookPath("metroctl"); err != nil {
66 metroctlPath, err = os.Executable()
67 if err != nil {
68 log.Fatalf("Failed to create kubectl entry as metroctl is neither in PATH nor can its absolute path be determined: %v", err)
69 }
70 }
Serge Bazanski1f8cad72023-03-20 16:58:10 +0100[diff] [blame]71 // TODO(q3k, issues/144): this only works as long as all nodes are kubernetes controller
72 // nodes. This won't be the case for too long. Figure this out.
73 apiserver := "https://" + net.JoinHostPort(flags.clusterEndpoints[0], node.KubernetesAPIWrappedPort.PortString())
74 if err := core.InstallKubeletConfig(metroctlPath, connectOptions(), "metroctl", apiserver); err != nil {
Serge Bazanskicf23ebc2023-03-14 17:02:04 +0100[diff] [blame]75 log.Fatalf("Failed to install metroctl/k8s integration: %v", err)
Lorenz Brun20d1dd12022-07-01 12:21:42 +0000[diff] [blame]76 }
77 log.Println("Success! kubeconfig is set up. You can now run kubectl --context=metropolis ... to access the Kubernetes cluster.")
Lorenz Bruna9b455f2021-12-07 03:53:22 +0100[diff] [blame]78}
79
80func init() {
81 rootCmd.AddCommand(takeownershipCommand)
82}