Skip to content

Commit

Permalink
cmd/openshift-install/create: One shot console access
Browse files Browse the repository at this point in the history 
The console may become optional [1], so teach the installer to handle
its absence gracefully.

We've waited on the console since way back in ff53523 (add logs at
end of install for kubeadmin, consoleURL, 2018-12-06, openshift#806).  Back
then, install-complete timing was much less organized, and since
e17ba3c (cmd: wait for the cluster to be initialized, 2019-01-25, openshift#1132)
we've blocked on ClusterVersion going Available=True. So the current
dependency chain is:

1. Console route admission blocks console operator from going
   Available=True in its ClusterOperator.
2. Console ClusterOperator blocks cluster-version operator from
   going Available=True in ClusterVersion.
3. ClusterVersion blocks installer's waitForInitializedCluster.

So we no longer need to wait for the route to show up, and can fail
fast if we get a clear IsNotFound.  I'm keeping a bit of polling so we
don't fail an install on a temporary network hiccup.

We don't want to drop the console check entirely, because when it is
found, we want:

* To continue to log that access pathway on install-complete.
* To continue to append the router CA to the kubeconfig.

That latter point has been done since 4033577 (append router CA to
cluster CA in kubeconfig, 2019-02-12, openshift#1242).  The motication in that
commit message is not explicit, but the idea is to support folks who
naively run 'oc login' with the kubeadmin kubeconfig [2] (despite that
kubeconfig already having cluster-root access) when the console
route's cert's CA happens to be something that the user's local trust
store doesn't include by default.

[1]: openshift/enhancements#922
[2]: openshift#1541 (comment)
  • Loading branch information
@wking
wking committed Oct 27, 2021
1 parent 6ef9b15 commit dca82df
Showing 1 changed file with 20 additions and 13 deletions.
33 changes: 20 additions & 13 deletions cmd/openshift-install/create.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ import (
"github.com/sirupsen/logrus"
"github.com/spf13/cobra"
corev1 "k8s.io/api/core/v1"
apierrors "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/fields"
"k8s.io/apimachinery/pkg/util/wait"
Expand Down Expand Up @@ -485,8 +486,8 @@ func waitForInitializedCluster(ctx context.Context, config *rest.Config) error {
return errors.Wrap(err, "failed to initialize the cluster")
}

// waitForConsole returns the console URL from the route 'console' in namespace openshift-console
func waitForConsole(ctx context.Context, config *rest.Config) (string, error) {
// getConsole returns the console URL from the route 'console' in namespace openshift-console
func getConsole(ctx context.Context, config *rest.Config) (string, error) {
url := ""
// Need to keep these updated if they change
consoleNamespace := "openshift-console"
Expand All @@ -496,8 +497,8 @@ func waitForConsole(ctx context.Context, config *rest.Config) (string, error) {
return "", errors.Wrap(err, "creating a route client")
}

consoleRouteTimeout := 10 * time.Minute
logrus.Infof("Waiting up to %v for the openshift-console route to be created...", consoleRouteTimeout)
consoleRouteTimeout := 2 * time.Minute
logrus.Infof("Checking to see if there is a route at %s/%s...", consoleNamespace, consoleRouteName)
consoleRouteContext, cancel := context.WithTimeout(ctx, consoleRouteTimeout)
defer cancel()
// Poll quickly but only log when the response
Expand All @@ -517,7 +518,11 @@ func waitForConsole(ctx context.Context, config *rest.Config) (string, error) {
} else {
err = err2
}
} else if apierrors.IsNotFound(err) {
logrus.Debug("OpenShift console route does not exist")
cancel()
}

if err != nil {
silenceRemaining--
if silenceRemaining == 0 {
Expand Down Expand Up @@ -551,8 +556,10 @@ func logComplete(directory, consoleURL string) error {
}
logrus.Info("Install complete!")
logrus.Infof("To access the cluster as the system:admin user when using 'oc', run 'export KUBECONFIG=%s'", kubeconfig)
logrus.Infof("Access the OpenShift web-console here: %s", consoleURL)
logrus.Infof("Login to the console with user: %q, and password: %q", "kubeadmin", pw)
if consoleURL != "" {
logrus.Infof("Access the OpenShift web-console here: %s", consoleURL)
logrus.Infof("Login to the console with user: %q, and password: %q", "kubeadmin", pw)
}
return nil
}

Expand All @@ -561,13 +568,13 @@ func waitForInstallComplete(ctx context.Context, config *rest.Config, directory
return err
}

consoleURL, err := waitForConsole(ctx, config)
if err != nil {
return err
}

if err = addRouterCAToClusterCA(ctx, config, rootOpts.dir); err != nil {
return err
consoleURL, err := getConsole(ctx, config)
if err == nil {
if err = addRouterCAToClusterCA(ctx, config, rootOpts.dir); err != nil {
return err
}
} else {
logrus.Warnf("Cluster does not have a console available: %v", err)
}

return logComplete(rootOpts.dir, consoleURL)
Expand Down

0 comments on commit dca82df

Please sign in to comment.