-
Notifications
You must be signed in to change notification settings - Fork 87
/
bootstrap.go
123 lines (100 loc) · 3.68 KB
/
bootstrap.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
package apiserver
import (
"io/ioutil"
"os"
"path/filepath"
"github.com/pkg/errors"
kotsv1beta1 "github.com/replicatedhq/kots/kotskinds/apis/kots/v1beta1"
identity "github.com/replicatedhq/kots/pkg/kotsadmidentity"
identitystore "github.com/replicatedhq/kots/pkg/kotsadmidentity/store"
"github.com/replicatedhq/kots/pkg/store"
"k8s.io/client-go/kubernetes/scheme"
)
type BootstrapParams struct {
AutoCreateClusterToken string
}
func bootstrap(params BootstrapParams) error {
if err := store.GetStore().Init(); err != nil {
return errors.Wrap(err, "failed to init store")
}
if err := bootstrapClusterToken(params.AutoCreateClusterToken); err != nil {
return errors.Wrap(err, "failed to bootstrap cluster token")
}
return nil
}
func bootstrapClusterToken(autoCreateClusterToken string) error {
if autoCreateClusterToken == "" {
return errors.New("autoCreateClusterToken is not set")
}
_, err := store.GetStore().GetClusterIDFromDeployToken(autoCreateClusterToken)
if err == nil {
return nil
}
if err != nil && !store.GetStore().IsNotFound(err) {
return errors.Wrap(err, "failed to lookup cluster ID")
}
_, err = store.GetStore().CreateNewCluster("", true, "this-cluster", autoCreateClusterToken)
if err != nil {
return errors.Wrap(err, "failed to create cluster")
}
return nil
}
func bootstrapIdentity() error {
err := identitystore.GetStore().CreateDexDatabase("dex", "dex", os.Getenv("DEX_PGPASSWORD"))
if err != nil {
return errors.Wrap(err, "failed to create identity db")
}
// After snapshot restore, we need to create dex db for each app.
// But the password has to match the one in the app's secret.
// The secret is restored after kotsadm comes up, but we can get it from
// the app's archive files.
apps, err := store.GetStore().ListInstalledApps()
if err != nil {
return errors.Wrap(err, "failed to list apps")
}
for _, app := range apps {
needsBootstrap, err := identity.AppIdentityNeedsBootstrap(app.Slug)
if err != nil {
return errors.Wrapf(err, "failed to check identity needs bootstrap for app %s", app.Slug)
}
if !needsBootstrap {
continue
}
latestVersion, err := store.GetStore().GetLatestAppVersion(app.ID)
if err != nil {
return errors.Wrap(err, "failed to get latest app version")
}
currentArchivePath, err := ioutil.TempDir("", "kotsadm")
if err != nil {
return errors.Wrap(err, "failed to create temp dir")
}
defer os.RemoveAll(currentArchivePath)
err = store.GetStore().GetAppVersionArchive(app.ID, latestVersion.Sequence, currentArchivePath)
if err != nil {
return errors.Wrap(err, "failed to get current archive")
}
decode := scheme.Codecs.UniversalDeserializer().Decode
identityConfigFile := filepath.Join(currentArchivePath, "upstream", "userdata", "identityconfig.yaml")
identityConfigData, err := ioutil.ReadFile(identityConfigFile)
if os.IsNotExist(err) {
continue
} else if err != nil {
return errors.Wrapf(err, "failed to get stat identity config file for app %s", app.Slug)
}
obj, gvk, err := decode([]byte(identityConfigData), nil, nil)
if err != nil {
return errors.Wrap(err, "failed to decode config data")
}
if gvk.Group != "kots.io" || gvk.Version != "v1beta1" || gvk.Kind != "IdentityConfig" {
return errors.Errorf("expected IdentityConfig, but found %s/%s/%s", gvk.Group, gvk.Version, gvk.Kind)
}
identityConfig := obj.(*kotsv1beta1.IdentityConfig)
identityConfigFile, err = identity.InitAppIdentityConfig(app.Slug, identityConfig.Spec.Storage)
if err != nil {
return errors.Wrap(err, "failed to init identity config")
}
// don't need the temp file. it should be identical to the one loaded from userdata
_ = os.Remove(identityConfigFile)
}
return nil
}