35649efd45
Include upgrade improvements in the activation stage for kube- apiserver port update. Changes: - Split the portieris webhook backup/disable to a separate script; - Add a script to update the kube-apiserver server certificate with the management IPs in the controller hosts; - Move the script that handles the parameter updates for kubernetes as well as the port update from a beggining position (#04) to be executed more torwards the end of the activation (#120). Test plan: PASS: Upgrade activation - stx10->11 - AIO-SX* and AIO-DX PASS: Upgrade activation rollback - stx11->10 - AIO-SX* and AIO-DX *AIO-SX upgrade included portieris (to validade the splited script) Story: 2011399 Task: 52560 Depends-on: https://review.opendev.org/c/starlingx/config/+/955534 Change-Id: I2e17e036badf418555ac6c024f3c3dc0d84e5470 Signed-off-by: Marcelo de Castro Loebens <Marcelo.DeCastroLoebens@windriver.com>
108 lines
3.1 KiB
Python
108 lines
3.1 KiB
Python
#!/usr/bin/python
|
|
# Copyright (c) 2025 Wind River Systems, Inc.
|
|
#
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
#
|
|
# This script uses puppet to include the management IP on kube
|
|
# apiserver certificate SANs on upgrades from stx10 to stx11.
|
|
#
|
|
|
|
import logging
|
|
import os
|
|
import sys
|
|
import time
|
|
|
|
from oslo_config import cfg
|
|
from oslo_context import context as mycontext
|
|
from six.moves import configparser
|
|
from software.utilities.utils import configure_logging
|
|
from sysinv.conductor import rpcapiproxy as conductor_rpcapi
|
|
|
|
LOG = logging.getLogger('main_logger')
|
|
|
|
SUCCESS = 0
|
|
ERROR = 1
|
|
RETRIES = 3
|
|
|
|
CONF = cfg.CONF
|
|
SYSINV_CONFIG_FILE = '/etc/sysinv/sysinv.conf'
|
|
KUBE_CERT_SANS_UPDATE_FLAG = '/etc/platform/.upgrade_kube_apiserver_cert_sans_updated'
|
|
|
|
|
|
def get_conductor_rpc_bind_ip():
|
|
ini_str = '[DEFAULT]\n' + open(SYSINV_CONFIG_FILE, 'r').read()
|
|
config_applied = configparser.RawConfigParser()
|
|
config_applied.read_string(ini_str)
|
|
|
|
conductor_bind_ip = None
|
|
if config_applied.has_option('DEFAULT', 'rpc_zeromq_conductor_bind_ip'):
|
|
conductor_bind_ip = \
|
|
config_applied.get('DEFAULT', 'rpc_zeromq_conductor_bind_ip')
|
|
return conductor_bind_ip
|
|
|
|
|
|
def update_kube_apiserver_cert_rpc():
|
|
CONF.rpc_zeromq_conductor_bind_ip = get_conductor_rpc_bind_ip()
|
|
context = mycontext.get_admin_context()
|
|
rpcapi = conductor_rpcapi.ConductorAPI(topic=conductor_rpcapi.MANAGER_TOPIC)
|
|
rpcapi.update_kube_apiserver_cert_sans(context)
|
|
|
|
|
|
def check_kube_apiserver_cert_updated():
|
|
return os.path.exists(KUBE_CERT_SANS_UPDATE_FLAG)
|
|
|
|
|
|
def main():
|
|
# Initialize variables
|
|
action = None
|
|
from_release = None
|
|
to_release = None
|
|
arg = 1
|
|
|
|
# Process command-line arguments
|
|
while arg < len(sys.argv):
|
|
if arg == 1:
|
|
from_release = sys.argv[arg]
|
|
elif arg == 2:
|
|
to_release = sys.argv[arg]
|
|
elif arg == 3:
|
|
action = sys.argv[arg]
|
|
elif arg == 4:
|
|
# port = int(sys.argv[arg])
|
|
pass
|
|
else:
|
|
print(f"Invalid option {sys.argv[arg]}.")
|
|
return ERROR
|
|
arg += 1
|
|
|
|
configure_logging()
|
|
LOG.info(
|
|
"%s invoked from_release = %s invoked to_release = %s action = %s"
|
|
% (sys.argv[0], from_release, to_release, action)
|
|
)
|
|
|
|
for retry in range(0, RETRIES):
|
|
try:
|
|
if action == "activate" and from_release == "24.09":
|
|
if not check_kube_apiserver_cert_updated():
|
|
update_kube_apiserver_cert_rpc()
|
|
else:
|
|
LOG.info("Nothing to do. "
|
|
"Skipping kube-apiserver certificate update.")
|
|
except Exception as ex:
|
|
if retry == RETRIES - 1:
|
|
LOG.error("Error in kube-apiserver certificate update. "
|
|
"Please verify logs.")
|
|
return ERROR
|
|
else:
|
|
LOG.exception(ex)
|
|
LOG.error("Exception ocurred during script execution, "
|
|
"retrying after 5 seconds.")
|
|
time.sleep(5)
|
|
else:
|
|
return SUCCESS
|
|
|
|
|
|
if __name__ == "__main__":
|
|
sys.exit(main())
|