Serge Bazanski | 9f0e1e8 | 2023-03-31 22:36:54 +0000 | [diff] [blame] | 1 | package main |
| 2 | |
| 3 | import ( |
| 4 | "log" |
| 5 | "path/filepath" |
| 6 | "strings" |
| 7 | |
| 8 | "github.com/spf13/cobra" |
| 9 | |
| 10 | "code.hackerspace.pl/hscloud/cluster/clustercfg/certs" |
| 11 | "code.hackerspace.pl/hscloud/go/workspace" |
| 12 | ) |
| 13 | |
| 14 | var flagFQDNs []string |
| 15 | |
| 16 | var gencertsCmd = &cobra.Command{ |
| 17 | Use: "gencerts", |
| 18 | Short: "(re)generate keys/certs for k0 cluster", |
| 19 | Long: ` |
| 20 | If you're adding a new cluster node, run this. It will populate //cluster/secrets |
| 21 | and //cluster/certificates with new certs/keys. |
| 22 | |
| 23 | By default, the nodes to generate certificates for are automatically discovered |
| 24 | by querying the local Nix machines defined in //ops, looking for anything that |
| 25 | has hscloud.kube.controller.enabled. That can be slow and/or incorrect. To override |
| 26 | node names, set --fqdn (either comma-separate them or repeat flags). |
| 27 | `, |
| 28 | Run: func(cmd *cobra.Command, args []string) { |
| 29 | ws, err := workspace.Get() |
| 30 | if err != nil { |
| 31 | log.Fatalf("Could not figure out workspace: %v", err) |
| 32 | } |
| 33 | path := filepath.Join(ws, "cluster") |
| 34 | |
| 35 | fqdns := flagFQDNs |
| 36 | if len(fqdns) == 0 { |
| 37 | log.Printf("--fqdn not set, figuring out machines from Nix...") |
| 38 | err = workspace.EvalHscloudNix(cmd.Context(), &fqdns, "ops.exports.kubeMachineNames") |
| 39 | if err != nil { |
| 40 | log.Fatalf("Could not figure out Kubernetes machine FQDNs: %v", err) |
| 41 | } |
| 42 | } |
| 43 | |
| 44 | for _, fqdn := range fqdns { |
| 45 | parts := strings.Split(fqdn, ".") |
| 46 | if len(parts) != 3 || parts[1] != "hswaw" || parts[2] != "net" { |
| 47 | log.Fatalf("Invalid FQDN %q: must be xxx.hswaw.net.", fqdn) |
| 48 | } |
| 49 | } |
| 50 | |
| 51 | log.Printf("Machines: --fqdn %s", strings.Join(fqdns, ",")) |
| 52 | c := certs.Prepare(path, fqdns) |
| 53 | if err := c.Ensure(); err != nil { |
| 54 | log.Fatalf("Failed: %v", err) |
| 55 | } |
| 56 | log.Printf("Done.") |
| 57 | }, |
| 58 | } |
| 59 | |
| 60 | func init() { |
| 61 | gencertsCmd.Flags().StringSliceVar(&flagFQDNs, "fqdn", nil, "List of machine FQDNs to generate certs for. If not set, will be automatically figured out from Nix modules in local checkout (slow).") |
| 62 | rootCmd.AddCommand(gencertsCmd) |
| 63 | } |