starlingx/config
Code Issues Proposed changes

Merge "Revert "Host-unlock: delete and recreate k8s cluster-info configmap""

Browse Source
This commit is contained in:
Zuul
2024-11-14 01:38:41 +00:00
committed by Gerrit Code Review
parent a1d6ed1a42 72631fdd60
commit 3bf53e181b
1 changed files with 0 additions and 109 deletions
Download Patch File Download Diff File Expand all files Collapse all files

109
sysinv/sysinv/sysinv/sysinv/puppet/kubernetes.py
View File

@@ -13,7 +13,6 @@ import netaddr
import os import os
import random import random
import re import re
import ruamel.yaml as yaml
import tempfile import tempfile
from ast import literal_eval from ast import literal_eval
@@ -266,94 +265,6 @@ class KubernetesPuppet(base.BasePuppet):
return config return config
def _retry_on_recreate_clusterinfo(ex): # pylint: disable=no-self-argument
LOG.warn('Retrying in _recreate_clusterinfo_configmap')
return True
def _delete_recreate_clusterinfo_configmap(self, token):
""" This parses cluster-info configMap and determines whether the
jws signed token is present. If present, no further action
is required. If missing, we delete the configMap and recreate it.
This creates temporary file /var/run/kubernetes/cluster-info.yaml.
The file is not longer required once the configMap has been corrected.
"""
try:
cluster_info_yaml_path = "/var/run/kubernetes/cluster-info.yaml"
with open(cluster_info_yaml_path, "w") as cluster_info_file:
get_configmap_cmd = ['kubectl', KUBECONFIG, 'get', 'configmap',
'-n', 'kube-public', 'cluster-info', '-o', 'yaml']
proc = subprocess.Popen(get_configmap_cmd,
stdout=cluster_info_file,
stderr=subprocess.PIPE,
universal_newlines=True)
stdout, stderr = proc.communicate()
if proc.returncode != 0:
LOG.error('Error in executing %s: %s'
% (get_configmap_cmd, stderr))
raise exception.SysinvException("Error retrieving cluster-info configmap")
with open(cluster_info_yaml_path, "r") as cluster_info_file:
newyaml = yaml.YAML(typ='safe')
config = newyaml.load(cluster_info_file)
if config:
all_jws_tokens = list(config['data'].keys())
else:
LOG.error("Failed to load cluster-info configmap."
" Probably empty file. Returning ...")
if os.path.exists(cluster_info_yaml_path):
os.remove(cluster_info_yaml_path)
return
# New token looks like this "9wlh53.1cbjiwhoc55loeyh".
# Key in the cluster-info configmap data section:
# "jws-kubeconfig-9wlh53:"
new_jws_token = "jws-kubeconfig-" + token.split('.')[0]
# If newly created token already exists in the configmap,
# we remove the temporary file and return or else we continue
# for its recreation.
if new_jws_token in all_jws_tokens:
LOG.info("cluster-info confimap is already updated with"
" the new token. Nothing to do.")
if os.path.exists(cluster_info_yaml_path):
os.remove(cluster_info_yaml_path)
return
self._kube_operator.kube_delete_config_map("cluster-info", "kube-public")
LOG.debug("cluster-info configmap retrieved and deleted.")
except Exception as ex:
LOG.error("Error retrieving or deleting cluster-info configmap: %s" % ex)
raise ex
try:
@retry(stop_max_attempt_number=6,
wait_fixed=10 * 1000,
retry_on_exception=__class__._retry_on_recreate_clusterinfo)
def _recreate_clusterinfo_configmap():
create_configmap_cmd = ['kubectl', KUBECONFIG, 'apply',
'-f', cluster_info_yaml_path]
proc = subprocess.Popen(create_configmap_cmd,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
universal_newlines=True)
stdout, stderr = proc.communicate()
if proc.returncode != 0:
LOG.error('Error in executing %s: %s'
% (create_configmap_cmd, stderr))
raise exception.SysinvException("Error recreating cluster-info configmap")
_recreate_clusterinfo_configmap()
if os.path.exists(cluster_info_yaml_path):
os.remove(cluster_info_yaml_path)
LOG.info("cluster-info configmap deleted and recreated.")
except Exception as ex:
LOG.error("Failed to recreate cluster-info configmap: %s. \
Use file %s to recreate it"
% (ex, cluster_info_yaml_path))
def _retry_on_token(ex): # pylint: disable=no-self-argument def _retry_on_token(ex): # pylint: disable=no-self-argument
LOG.warn('Retrying in _get_kubernetes_join_cmd') LOG.warn('Retrying in _get_kubernetes_join_cmd')
return True return True
@@ -465,26 +376,6 @@ class KubernetesPuppet(base.BasePuppet):
" --cri-socket /var/run/containerd/containerd.sock" " --cri-socket /var/run/containerd/containerd.sock"
join_cmd = join_cmd.strip() + join_cmd_additions join_cmd = join_cmd.strip() + join_cmd_additions
LOG.info('get_kubernetes_join_cmd join_cmd=%s' % join_cmd) LOG.info('get_kubernetes_join_cmd join_cmd=%s' % join_cmd)
# TODO: Remove this Upstream workaround
# https://discuss.kubernetes.io/t/cluster-info-configmap-does-not-yet-contain-a-jws-signature/14985
# for an intermittent bug that fails to JWS sign and update the
# cluster-info configmap with the above created token which is
# required for 'kubeadm node join'.
#
# Example join command:
# "kubeadm join 192.168.206.1:6443 --token 9wlh53.1cbjiwhoc55loeyh
# --discovery-token-ca-cert-hash sha256:e0016f1c8c4fd7b2f9da41
# --control-plane --certificate-key e5918adac992895983ea03ced0
# --apiserver-advertise-address 192.168.206.3
# --cri-socket /var/run/containerd/containerd.sock"
if join_cmd:
token = join_cmd.split()[4]
try:
self._delete_recreate_clusterinfo_configmap(token)
except Exception as ex:
LOG.exception("Error delete and recreating cluster-info configmap. %s" % ex)
except Exception: except Exception:
LOG.warning("Exception generating bootstrap token") LOG.warning("Exception generating bootstrap token")
raise exception.SysinvException( raise exception.SysinvException(