3 # ============LICENSE_START==========================================
4 # ===================================================================
5 # Copyright © 2017 AT&T
7 # Licensed under the Apache License, Version 2.0 (the "License");
8 # you may not use this file except in compliance with the License.
9 # You may obtain a copy of the License at
11 # http://www.apache.org/licenses/LICENSE-2.0
13 # Unless required by applicable law or agreed to in writing, software
14 # distributed under the License is distributed on an "AS IS" BASIS,
15 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 # See the License for the specific language governing permissions and
17 # limitations under the License.
18 #============LICENSE_END============================================
20 #This script will be execute on master host. This script will check whether Kube-DNS is running, and set secrets in cloudify.
28 pip.main(['install', 'pyyaml'])
31 from cloudify import ctx
32 from cloudify.exceptions import RecoverableError
33 from cloudify import manager
36 def execute_command(_command):
38 ctx.logger.debug('_command {0}.'.format(_command))
41 'args': _command.split(),
42 'stdout': subprocess.PIPE,
43 'stderr': subprocess.PIPE
46 ctx.logger.debug('subprocess_args {0}.'.format(subprocess_args))
48 process = subprocess.Popen(**subprocess_args)
49 output, error = process.communicate()
51 ctx.logger.debug('command: {0} '.format(_command))
52 ctx.logger.debug('output: {0} '.format(output))
53 ctx.logger.debug('error: {0} '.format(error))
54 ctx.logger.debug('process.returncode: {0} '.format(process.returncode))
56 if process.returncode:
57 ctx.logger.error('Running `{0}` returns error.'.format(_command))
63 def check_kubedns_status(_get_pods):
65 ctx.logger.debug('get_pods: {0} '.format(_get_pods))
67 for pod_line in _get_pods.split('\n'):
68 ctx.logger.debug('pod_line: {0} '.format(pod_line))
70 _namespace, _name, _ready, _status, _restarts, _age = pod_line.split()
74 if 'kube-dns' in _name and 'Running' not in _status:
76 elif 'kube-dns' in _name and 'Running' in _status:
81 if __name__ == '__main__':
83 cfy_client = manager.get_rest_client()
85 # Checking if the Kubernetes DNS service is running (last step).
86 admin_file_dest = os.path.join(os.path.expanduser('~'), 'admin.conf')
87 os.environ['KUBECONFIG'] = admin_file_dest
88 get_pods = execute_command('kubectl get pods --all-namespaces')
89 if not check_kubedns_status(get_pods):
90 raise RecoverableError('kube-dns not Running')
92 # Storing the K master configuration.
93 kubernetes_master_config = {}
94 with open(admin_file_dest, 'r') as outfile:
96 kubernetes_master_config = yaml.load(outfile)
97 except yaml.YAMLError as e:
99 'Unable to read Kubernetes Admin file: {0}: {1}'.format(
100 admin_file_dest, str(e)))
101 ctx.instance.runtime_properties['configuration_file_content'] = \
102 kubernetes_master_config
104 clusters = kubernetes_master_config.get('clusters')
106 for cluster in clusters:
107 __name = cluster.get('name')
108 _cluster = cluster.get('cluster', {})
109 _secret_key = '%s_certificate_authority_data' % __name
110 if cfy_client and not len(cfy_client.secrets.list(key=_secret_key)) == 1:
111 cfy_client.secrets.create(key=_secret_key, value=_cluster.get('certificate-authority-data'))
112 ctx.logger.info('Set secret: {0}.'.format(_secret_key))
114 cfy_client.secrets.update(key=_secret_key, value=_cluster.get('certificate-authority-data'))
115 ctx.instance.runtime_properties['%s_certificate_authority_data' % __name] = _cluster.get('certificate-authority-data')
116 _clusters[__name] = _cluster
119 contexts = kubernetes_master_config.get('contexts')
121 for context in contexts:
122 __name = context.get('name')
123 _context = context.get('context', {})
124 _contexts[__name] = _context
127 users = kubernetes_master_config.get('users')
130 __name = user.get('name')
131 _user = user.get('user', {})
132 _secret_key = '%s_client_certificate_data' % __name
133 if cfy_client and not len(cfy_client.secrets.list(key=_secret_key)) == 1:
134 cfy_client.secrets.create(key=_secret_key, value=_user.get('client-certificate-data'))
135 ctx.logger.info('Set secret: {0}.'.format(_secret_key))
137 cfy_client.secrets.update(key=_secret_key, value=_user.get('client-certificate-data'))
138 _secret_key = '%s_client_key_data' % __name
139 if cfy_client and not len(cfy_client.secrets.list(key=_secret_key)) == 1:
140 cfy_client.secrets.create(key=_secret_key, value=_user.get('client-key-data'))
141 ctx.logger.info('Set secret: {0}.'.format(_secret_key))
143 cfy_client.secrets.update(key=_secret_key, value=_user.get('client-key-data'))
144 ctx.instance.runtime_properties['%s_client_certificate_data' % __name] = _user.get('client-certificate-data')
145 ctx.instance.runtime_properties['%s_client_key_data' % __name] = _user.get('client-key-data')
146 _users[__name] = _user
149 ctx.instance.runtime_properties['kubernetes'] = {
150 'clusters': _clusters,
151 'contexts': _contexts,