cluster/clustercfg/cmd_gencerts.go - hscloud - Gitiles

 package main

 import (
 	"log"
 	"path/filepath"
 	"strings"

 	"github.com/spf13/cobra"

 	"code.hackerspace.pl/hscloud/cluster/clustercfg/certs"
 	"code.hackerspace.pl/hscloud/go/workspace"
 )

 var flagFQDNs []string

 var gencertsCmd = &cobra.Command{
 	Use:   "gencerts",
 	Short: "(re)generate keys/certs for k0 cluster",
 	Long: `
 If you're adding a new cluster node, run this. It will populate //cluster/secrets
 and //cluster/certificates with new certs/keys.

 By default, the nodes to generate certificates for are automatically discovered
 by querying the local Nix machines defined in //ops, looking for anything that
 has hscloud.kube.controller.enabled. That can be slow and/or incorrect. To override
 node names, set --fqdn (either comma-separate them or repeat flags).
 `,
 	Run: func(cmd *cobra.Command, args []string) {
 		ws, err := workspace.Get()
 		if err != nil {
 			log.Fatalf("Could not figure out workspace: %v", err)
 		}
 		path := filepath.Join(ws, "cluster")

 		fqdns := flagFQDNs
 		if len(fqdns) == 0 {
 			log.Printf("--fqdn not set, figuring out machines from Nix...")
 			err = workspace.EvalHscloudNix(cmd.Context(), &fqdns, "ops.exports.kubeMachineNames")
 			if err != nil {
 				log.Fatalf("Could not figure out Kubernetes machine FQDNs: %v", err)
 			}
 		}

 		for _, fqdn := range fqdns {
 			parts := strings.Split(fqdn, ".")
 			if len(parts) != 3 || parts[1] != "hswaw" || parts[2] != "net" {
 				log.Fatalf("Invalid FQDN %q: must be xxx.hswaw.net.", fqdn)
 			}
 		}

 		log.Printf("Machines: --fqdn %s", strings.Join(fqdns, ","))
 		c := certs.Prepare(path, fqdns)
 		if err := c.Ensure(); err != nil {
 			log.Fatalf("Failed: %v", err)
 		}
 		log.Printf("Done.")
 	},
 }

 func init() {
 	gencertsCmd.Flags().StringSliceVar(&flagFQDNs, "fqdn", nil, "List of machine FQDNs to generate certs for. If not set, will be automatically figured out from Nix modules in local checkout (slow).")
 	rootCmd.AddCommand(gencertsCmd)
 }
	package main

	import (
	"log"
	"path/filepath"
	"strings"

	"github.com/spf13/cobra"

	"code.hackerspace.pl/hscloud/cluster/clustercfg/certs"
	"code.hackerspace.pl/hscloud/go/workspace"
	)

	var flagFQDNs []string

	var gencertsCmd = &cobra.Command{
	Use: "gencerts",
	Short: "(re)generate keys/certs for k0 cluster",
	Long: `
	If you're adding a new cluster node, run this. It will populate //cluster/secrets
	and //cluster/certificates with new certs/keys.

	By default, the nodes to generate certificates for are automatically discovered
	by querying the local Nix machines defined in //ops, looking for anything that
	has hscloud.kube.controller.enabled. That can be slow and/or incorrect. To override
	node names, set --fqdn (either comma-separate them or repeat flags).
	`,
	Run: func(cmd *cobra.Command, args []string) {
	ws, err := workspace.Get()
	if err != nil {
	log.Fatalf("Could not figure out workspace: %v", err)
	}
	path := filepath.Join(ws, "cluster")

	fqdns := flagFQDNs
	if len(fqdns) == 0 {
	log.Printf("--fqdn not set, figuring out machines from Nix...")
	err = workspace.EvalHscloudNix(cmd.Context(), &fqdns, "ops.exports.kubeMachineNames")
	if err != nil {
	log.Fatalf("Could not figure out Kubernetes machine FQDNs: %v", err)
	}
	}

	for _, fqdn := range fqdns {
	parts := strings.Split(fqdn, ".")
	if len(parts) != 3 \|\| parts[1] != "hswaw" \|\| parts[2] != "net" {
	log.Fatalf("Invalid FQDN %q: must be xxx.hswaw.net.", fqdn)
	}
	}

	log.Printf("Machines: --fqdn %s", strings.Join(fqdns, ","))
	c := certs.Prepare(path, fqdns)
	if err := c.Ensure(); err != nil {
	log.Fatalf("Failed: %v", err)
	}
	log.Printf("Done.")
	},
	}

	func init() {
	gencertsCmd.Flags().StringSliceVar(&flagFQDNs, "fqdn", nil, "List of machine FQDNs to generate certs for. If not set, will be automatically figured out from Nix modules in local checkout (slow).")
	rootCmd.AddCommand(gencertsCmd)
	}