Gitiles
Code Review Sign In
gerrit-dev.monogon.dev / monogon / af821c801fb70dc3d178dc3ca0c3d4538f9f29aa / . / metropolis / cli / metroctl / cmd_takeownership.go
blob: adad3cfd4832c9a813d1581625578f72a0d71a19 [file] [log] [blame]
Lorenz Bruna9b455f2021-12-07 03:53:22 +0100[diff] [blame]1package main
2
3import (
4 "context"
Tim Windelschmidtd5f851b2024-04-23 14:59:37 +0200[diff] [blame]5 "errors"
Lorenz Bruna9b455f2021-12-07 03:53:22 +0100[diff] [blame]6 "log"
Lorenz Bruna9b455f2021-12-07 03:53:22 +0100[diff] [blame]7 "os"
Lorenz Brun20d1dd12022-07-01 12:21:42 +0000[diff] [blame]8 "os/exec"
Lorenz Bruna9b455f2021-12-07 03:53:22 +0100[diff] [blame]9
Lorenz Bruna9b455f2021-12-07 03:53:22 +0100[diff] [blame]10 "github.com/spf13/cobra"
Serge Bazanski925ec3d2024-02-05 14:38:20 +0100[diff] [blame]11 "google.golang.org/grpc"
Lorenz Bruna9b455f2021-12-07 03:53:22 +0100[diff] [blame]12
Mateusz Zalega18a67b02022-08-02 13:37:50 +0200[diff] [blame]13 "source.monogon.dev/metropolis/cli/metroctl/core"
Lorenz Bruna9b455f2021-12-07 03:53:22 +0100[diff] [blame]14 clicontext "source.monogon.dev/metropolis/cli/pkg/context"
Lorenz Bruna9b455f2021-12-07 03:53:22 +0100[diff] [blame]15 "source.monogon.dev/metropolis/node/core/rpc"
Serge Bazanski925ec3d2024-02-05 14:38:20 +0100[diff] [blame]16 "source.monogon.dev/metropolis/node/core/rpc/resolver"
Serge Bazanskidc1bec42021-12-16 17:38:53 +0100[diff] [blame]17 apb "source.monogon.dev/metropolis/proto/api"
Lorenz Bruna9b455f2021-12-07 03:53:22 +0100[diff] [blame]18)
19
20var takeownershipCommand = &cobra.Command{
Mateusz Zalegab1e7ee42022-07-08 12:19:02 +0200[diff] [blame]21 Use: "takeownership",
Lorenz Bruna9b455f2021-12-07 03:53:22 +0100[diff] [blame]22 Short: "Takes ownership of a new Metropolis cluster",
23 Long: `This takes ownership of a new Metropolis cluster by asking the new
24cluster to issue an owner certificate to for the owner key generated by a
Mateusz Zalegab1e7ee42022-07-08 12:19:02 +0200[diff] [blame]25previous invocation of metroctl install on this machine. A single cluster
26endpoint must be provided with the --endpoints parameter.`,
27 Args: cobra.ExactArgs(0),
28 Run: doTakeOwnership,
Lorenz Bruna9b455f2021-12-07 03:53:22 +0100[diff] [blame]29}
30
Mateusz Zalegab1e7ee42022-07-08 12:19:02 +0200[diff] [blame]31func doTakeOwnership(cmd *cobra.Command, _ []string) {
Tim Windelschmidt0a8797d2024-03-04 18:58:47 +0100[diff] [blame]32 ctx := clicontext.WithInterrupt(context.Background())
Mateusz Zalegab1e7ee42022-07-08 12:19:02 +0200[diff] [blame]33 if len(flags.clusterEndpoints) != 1 {
34 log.Fatalf("takeownership requires a single cluster endpoint to be provided with the --endpoints parameter.")
35 }
Tim Windelschmidt0a8797d2024-03-04 18:58:47 +0100[diff] [blame]36
37 contextName, err := cmd.Flags().GetString("context")
38 if err != nil || contextName == "" {
39 log.Fatalf("takeownership requires a valid context name to be provided with the --context parameter.")
40 }
Serge Bazanski7eeef0f2024-02-05 14:40:15 +0100[diff] [blame]41
42 ca, err := core.GetClusterCAWithTOFU(ctx, connectOptions())
43 if err != nil {
44 log.Fatalf("Could not retrieve cluster CA: %v", err)
45 }
Mateusz Zalegab1e7ee42022-07-08 12:19:02 +0200[diff] [blame]46
Mateusz Zalega18464502022-07-14 16:18:26 +0200[diff] [blame]47 // Retrieve the cluster owner's private key, and use it to construct
48 // ephemeral credentials. Then, dial the cluster.
Serge Bazanskicf23ebc2023-03-14 17:02:04 +0100[diff] [blame]49 opk, err := core.GetOwnerKey(flags.configPath)
Tim Windelschmidtd5f851b2024-04-23 14:59:37 +0200[diff] [blame]50 if errors.Is(err, core.NoCredentialsError) {
Lorenz Bruna9b455f2021-12-07 03:53:22 +0100[diff] [blame]51 log.Fatalf("Owner key does not exist. takeownership needs to be executed on the same system that has previously installed the cluster using metroctl install.")
Lorenz Bruna9b455f2021-12-07 03:53:22 +0100[diff] [blame]52 }
Mateusz Zalega18464502022-07-14 16:18:26 +0200[diff] [blame]53 if err != nil {
54 log.Fatalf("Couldn't get owner's key: %v", err)
Lorenz Bruna9b455f2021-12-07 03:53:22 +0100[diff] [blame]55 }
Serge Bazanski925ec3d2024-02-05 14:38:20 +0100[diff] [blame]56 opts, err := core.DialOpts(ctx, connectOptions())
57 if err != nil {
58 log.Fatalf("While configuring cluster dial opts: %v", err)
59 }
Serge Bazanski7eeef0f2024-02-05 14:40:15 +0100[diff] [blame]60 creds, err := rpc.NewEphemeralCredentials(opk, rpc.WantRemoteCluster(ca))
Serge Bazanski925ec3d2024-02-05 14:38:20 +0100[diff] [blame]61 if err != nil {
62 log.Fatalf("While generating ephemeral credentials: %v", err)
63 }
64 opts = append(opts, grpc.WithTransportCredentials(creds))
65
66 cc, err := grpc.Dial(resolver.MetropolisControlAddress, opts...)
Mateusz Zalega18464502022-07-14 16:18:26 +0200[diff] [blame]67 if err != nil {
68 log.Fatalf("While dialing the cluster: %v", err)
Lorenz Bruna9b455f2021-12-07 03:53:22 +0100[diff] [blame]69 }
Mateusz Zalega18464502022-07-14 16:18:26 +0200[diff] [blame]70 aaa := apb.NewAAAClient(cc)
Lorenz Bruna9b455f2021-12-07 03:53:22 +0100[diff] [blame]71
Mateusz Zalega18464502022-07-14 16:18:26 +0200[diff] [blame]72 ownerCert, err := rpc.RetrieveOwnerCertificate(ctx, aaa, opk)
Lorenz Bruna9b455f2021-12-07 03:53:22 +0100[diff] [blame]73 if err != nil {
74 log.Fatalf("Failed to retrive owner certificate from cluster: %v", err)
75 }
Serge Bazanski925ec3d2024-02-05 14:38:20 +0100[diff] [blame]76
Serge Bazanskicf23ebc2023-03-14 17:02:04 +0100[diff] [blame]77 if err := core.WriteOwnerCertificate(flags.configPath, ownerCert.Certificate[0]); err != nil {
Lorenz Bruna9b455f2021-12-07 03:53:22 +0100[diff] [blame]78 log.Printf("Failed to store retrieved owner certificate: %v", err)
79 log.Fatalln("Sorry, the cluster has been lost as taking ownership cannot be repeated. Fix the reason the file couldn't be written and reinstall the node.")
80 }
Lorenz Brun20d1dd12022-07-01 12:21:42 +0000[diff] [blame]81 log.Print("Successfully retrieved owner credentials! You now own this cluster. Setting up kubeconfig now...")
82
Lorenz Brun20d1dd12022-07-01 12:21:42 +0000[diff] [blame]83 // If the user has metroctl in their path, use the metroctl from path as
84 // a credential plugin. Otherwise use the path to the currently-running
85 // metroctl.
86 metroctlPath := "metroctl"
87 if _, err := exec.LookPath("metroctl"); err != nil {
88 metroctlPath, err = os.Executable()
89 if err != nil {
90 log.Fatalf("Failed to create kubectl entry as metroctl is neither in PATH nor can its absolute path be determined: %v", err)
91 }
92 }
Serge Bazanski1f8cad72023-03-20 16:58:10 +0100[diff] [blame]93 // TODO(q3k, issues/144): this only works as long as all nodes are kubernetes controller
94 // nodes. This won't be the case for too long. Figure this out.
Tim Windelschmidtb37d7d82023-06-14 19:06:44 +0200[diff] [blame]95 configName := "metroctl"
Serge Bazanski568c38c2024-02-05 14:40:39 +0100[diff] [blame]96 if err := core.InstallKubeletConfig(ctx, metroctlPath, connectOptions(), configName, flags.clusterEndpoints[0]); err != nil {
Serge Bazanskicf23ebc2023-03-14 17:02:04 +0100[diff] [blame]97 log.Fatalf("Failed to install metroctl/k8s integration: %v", err)
Lorenz Brun20d1dd12022-07-01 12:21:42 +0000[diff] [blame]98 }
Tim Windelschmidtb37d7d82023-06-14 19:06:44 +0200[diff] [blame]99 log.Printf("Success! kubeconfig is set up. You can now run kubectl --context=%s ... to access the Kubernetes cluster.", configName)
Lorenz Bruna9b455f2021-12-07 03:53:22 +0100[diff] [blame]100}
101
102func init() {
Tim Windelschmidt0a8797d2024-03-04 18:58:47 +0100[diff] [blame]103 takeownershipCommand.Flags().String("context", "metroctl", "The name for the kubernetes context to configure")
Lorenz Bruna9b455f2021-12-07 03:53:22 +0100[diff] [blame]104 rootCmd.AddCommand(takeownershipCommand)
105}