diff --git a/sysinv/cgts-client/cgts-client/cgtsclient/tests/v1/test_kube_rootca_update_shell.py b/sysinv/cgts-client/cgts-client/cgtsclient/tests/v1/test_kube_rootca_update_shell.py new file mode 100644 index 0000000000..b647b35866 --- /dev/null +++ b/sysinv/cgts-client/cgts-client/cgtsclient/tests/v1/test_kube_rootca_update_shell.py @@ -0,0 +1,168 @@ +# +# Copyright (c) 2021 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +import mock + +from cgtsclient.tests import test_shell +from cgtsclient.v1.ihost import ihost +from cgtsclient.v1.kube_rootca_update import KubeRootCAUpdate + + +class KubeRootCAUpdateTest(test_shell.ShellTest): + + def setUp(self): + super(KubeRootCAUpdateTest, self).setUp() + + self.fake_kube_rootca_update = { + 'from_rootca_cert': 'oldCert', + 'to_rootca_cert': 'newCert', + 'state': 'update-started', + 'uuid': 'cb737aba-1820-4184-b0dc-9b073822af48', + 'capabilities': {}, + 'created_at': 'fake-created-time', + 'updated_at': 'fake-updated-time', + } + self.fake_kube_rootca_host_update = { + 'hostname': 'fake-hostname', + 'uuid': '88d31a2d-c82e-429f-a52d-f03f860bb620', + 'personality': 'fake-personality', + 'state': 'None', + 'target_rootca_cert': 'fake-target_rootca_cert', + 'effective_rootca_cert': 'fake-effective_rootca_cert', + 'created_at': 'fake-created-time', + 'updated_at': 'fake-updated-time', + } + self.mock_get_endpoint_return_value = 'http://fakelocalhost:6385/v1' + + def tearDown(self): + super(KubeRootCAUpdateTest, self).tearDown() + + def _check_rootca_update(self, fake_kube_rootca_update, results): + self.assertIn(fake_kube_rootca_update['from_rootca_cert'], results) + self.assertIn(fake_kube_rootca_update['to_rootca_cert'], results) + self.assertIn(fake_kube_rootca_update['state'], results) + self.assertIn(fake_kube_rootca_update['uuid'], results) + self.assertIn(fake_kube_rootca_update['created_at'], results) + self.assertIn(fake_kube_rootca_update['updated_at'], results) + + def _check_rootca_host_update(self, fake_kube_rootca_host_update, results): + self.assertIn(fake_kube_rootca_host_update['effective_rootca_cert'], results) + self.assertIn(fake_kube_rootca_host_update['target_rootca_cert'], results) + self.assertIn(fake_kube_rootca_host_update['state'], results) + self.assertIn(fake_kube_rootca_host_update['created_at'], results) + self.assertIn(fake_kube_rootca_host_update['updated_at'], results) + + @mock.patch('cgtsclient.v1.kube_rootca_update.KubeRootCAUpdateManager.create') + @mock.patch('cgtsclient.v1.kube_rootca_update.KubeRootCAUpdateManager.get') + @mock.patch('cgtsclient.client._get_ksclient') + @mock.patch('cgtsclient.client._get_endpoint') + def test_kube_rootca_update_start(self, mock_get_endpoint, mock_get_client, + mock_get, mock_create): + mock_get_endpoint.return_value = self.mock_get_endpoint_return_value + mock_create.return_value = KubeRootCAUpdate(None, self.fake_kube_rootca_update, True) + mock_get.return_value = KubeRootCAUpdate(None, self.fake_kube_rootca_update, True) + + self.make_env() + results = self.shell("kube-rootca-update-start") + self._check_rootca_update(self.fake_kube_rootca_update, results) + + @mock.patch('cgtsclient.v1.kube_rootca_update.KubeRootCAUpdateManager.create') + @mock.patch('cgtsclient.v1.kube_rootca_update.KubeRootCAUpdateManager.get_list') + @mock.patch('cgtsclient.client._get_ksclient') + @mock.patch('cgtsclient.client._get_endpoint') + def test_kube_rootca_update_show_current_update(self, mock_get_endpoint, mock_get_client, + mock_get_list, mock_create): + mock_get_endpoint.return_value = self.mock_get_endpoint_return_value + mock_create.return_value = KubeRootCAUpdate(None, self.fake_kube_rootca_update, True) + mock_get_list.return_value = [KubeRootCAUpdate(None, self.fake_kube_rootca_update, True)] + + self.make_env() + results = self.shell("kube-rootca-update-show") + self._check_rootca_update(self.fake_kube_rootca_update, results) + + @mock.patch('cgtsclient.v1.kube_rootca_update.KubeRootCAUpdateManager.host_update_list') + @mock.patch('cgtsclient.client._get_ksclient') + @mock.patch('cgtsclient.client._get_endpoint') + def test_kube_rootca_update_list_current_update(self, mock_get_endpoint, mock_get_client, + mock_update_list): + mock_get_endpoint.return_value = self.mock_get_endpoint_return_value + mock_update_list.return_value = [KubeRootCAUpdate(None, self.fake_kube_rootca_host_update, True)] + self.make_env() + results = self.shell("kube-rootca-host-update-list") + self.assertIn(self.fake_kube_rootca_host_update['hostname'], results) + self.assertIn(self.fake_kube_rootca_host_update['personality'], results) + self._check_rootca_host_update(self.fake_kube_rootca_host_update, results) + + @mock.patch('cgtsclient.v1.kube_rootca_update.KubeRootCAUpdateManager.create') + @mock.patch('cgtsclient.v1.kube_rootca_update.KubeRootCAUpdateManager.rootCA_pods_update') + @mock.patch('cgtsclient.client._get_ksclient') + @mock.patch('cgtsclient.client._get_endpoint') + def test_kube_rootca_pods_update(self, mock_get_endpoint, mock_get_client, + mock_pods_update, mock_create): + self.fake_kube_rootca_update['state'] = 'updated-host-trust-both-cas' + mock_get_endpoint.return_value = self.mock_get_endpoint_return_value + mock_create.return_value = KubeRootCAUpdate(None, self.fake_kube_rootca_update, True) + self.fake_kube_rootca_update['state'] = 'updating-pods-trust-both-cas' + mock_pods_update.return_value = KubeRootCAUpdate(None, self.fake_kube_rootca_update, True) + + self.make_env() + results = self.shell("kube-rootca-pods-update --phase=trust-both-cas") + self._check_rootca_update(self.fake_kube_rootca_update, results) + + @mock.patch('cgtsclient.v1.kube_rootca_update.KubeRootCAUpdateManager.create') + @mock.patch('cgtsclient.v1.ihost.ihostManager.kube_update_rootca') + @mock.patch('cgtsclient.v1.ihost._find_ihost') + @mock.patch('cgtsclient.client._get_ksclient') + @mock.patch('cgtsclient.client._get_endpoint') + def test_kube_rootca_host_update(self, mock_get_endpoint, mock_get_client, + mock_get_host, mock_host_update, mock_create): + fake_controller = {'id': '0', + 'uuid': '1127ea5e-067b-11ec-9a03-0242ac130003', + 'hostname': 'fake-hostname', + 'personality': 'controller', + 'administrative': 'unlocked', + 'operational': 'enabled', + 'availability': 'available'} + self.fake_kube_rootca_host_update['state'] = 'updating-host-trust-both-cas' + mock_get_host.return_value = ihost(None, fake_controller, True) + mock_get_endpoint.return_value = self.mock_get_endpoint_return_value + mock_create.return_value = KubeRootCAUpdate(None, self.fake_kube_rootca_update, True) + mock_host_update.return_value = KubeRootCAUpdate(None, self.fake_kube_rootca_host_update, True) + + self.make_env() + results = self.shell("kube-rootca-host-update --phase=trust-both-cas fake-hostname") + self._check_rootca_host_update(self.fake_kube_rootca_host_update, results) + + @mock.patch('cgtsclient.v1.kube_rootca_update.KubeRootCAUpdateManager.create') + @mock.patch('cgtsclient.v1.kube_rootca_update.KubeRootCAUpdateManager.update_complete') + @mock.patch('cgtsclient.client._get_ksclient') + @mock.patch('cgtsclient.client._get_endpoint') + def test_kube_rootca_update_complete(self, mock_get_endpoint, mock_get_client, + mock_update_complete, mock_create): + self.fake_kube_rootca_update['state'] = 'updated-pods-trust-new-ca' + mock_get_endpoint.return_value = self.mock_get_endpoint_return_value + mock_create.return_value = KubeRootCAUpdate(None, self.fake_kube_rootca_update, True) + self.fake_kube_rootca_update['state'] = 'update-completed' + mock_update_complete.return_value = KubeRootCAUpdate(None, self.fake_kube_rootca_update, True) + + self.make_env() + results = self.shell("kube-rootca-update-complete") + self._check_rootca_update(self.fake_kube_rootca_update, results) + + @mock.patch('cgtsclient.v1.kube_rootca_update.KubeRootCAUpdateManager.create') + @mock.patch('cgtsclient.v1.kube_rootca_update.KubeRootCAUpdateManager.update_complete') + @mock.patch('cgtsclient.client._get_ksclient') + @mock.patch('cgtsclient.client._get_endpoint') + def test_kube_rootca_update_abort(self, mock_get_endpoint, mock_get_client, + mock_update_complete, mock_create): + mock_get_endpoint.return_value = self.mock_get_endpoint_return_value + mock_create.return_value = KubeRootCAUpdate(None, self.fake_kube_rootca_update, True) + self.fake_kube_rootca_update['state'] = 'update-aborted' + mock_update_complete.return_value = KubeRootCAUpdate(None, self.fake_kube_rootca_update, True) + + self.make_env() + results = self.shell("kube-rootca-update-abort") + self._check_rootca_update(self.fake_kube_rootca_update, results) diff --git a/sysinv/cgts-client/cgts-client/cgtsclient/v1/client.py b/sysinv/cgts-client/cgts-client/cgtsclient/v1/client.py index e037cb5fc7..c6c53cf749 100644 --- a/sysinv/cgts-client/cgts-client/cgtsclient/v1/client.py +++ b/sysinv/cgts-client/cgts-client/cgtsclient/v1/client.py @@ -57,6 +57,7 @@ from cgtsclient.v1 import iuser from cgtsclient.v1 import kube_cluster from cgtsclient.v1 import kube_cmd_version from cgtsclient.v1 import kube_host_upgrade +from cgtsclient.v1 import kube_rootca_update from cgtsclient.v1 import kube_upgrade from cgtsclient.v1 import kube_version from cgtsclient.v1 import label @@ -175,3 +176,4 @@ class Client(http.HTTPClient): self.device_image_state = device_image_state.DeviceImageStateManager(self) self.device_label = device_label.DeviceLabelManager(self) self.restore = restore.RestoreManager(self) + self.kube_rootca_update = kube_rootca_update.KubeRootCAUpdateManager(self) diff --git a/sysinv/cgts-client/cgts-client/cgtsclient/v1/ihost.py b/sysinv/cgts-client/cgts-client/cgtsclient/v1/ihost.py index 7caaf545f6..bc6bab3949 100644 --- a/sysinv/cgts-client/cgts-client/cgtsclient/v1/ihost.py +++ b/sysinv/cgts-client/cgts-client/cgtsclient/v1/ihost.py @@ -138,6 +138,14 @@ class ihostManager(base.Manager): body=post_body) return self.resource_class(self, body) + def kube_update_rootca(self, hostid, phase): + post_body = {} + post_body['phase'] = phase + resp, body = self.api.json_request( + 'POST', self._path(hostid) + "/kube_update_ca", + body=post_body) + return self.resource_class(self, body) + def device_image_update(self, hostid): path = self._path(hostid) + "/device_image_update" resp, body = self.api.json_request('POST', path) diff --git a/sysinv/cgts-client/cgts-client/cgtsclient/v1/kube_rootca_update.py b/sysinv/cgts-client/cgts-client/cgtsclient/v1/kube_rootca_update.py new file mode 100644 index 0000000000..22ddb995cc --- /dev/null +++ b/sysinv/cgts-client/cgts-client/cgtsclient/v1/kube_rootca_update.py @@ -0,0 +1,99 @@ +# +# Copyright (c) 2021 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +from cgtsclient.common import base + + +class KubeRootCAUpdate(base.Resource): + def __repr__(self): + return "" % self._info + + +class KubeRootCAUpdateManager(base.Manager): + resource_class = KubeRootCAUpdate + + @staticmethod + def _path(uuid=None): + return 'v1/kube_rootca_update/%s' % uuid if uuid else 'v1/kube_rootca_update/' + + def create(self, force): + """Create a new entry for kubernetes rootca update operation """ + return self._create(self._path() + '?force=' + str(force), {}) + + def get(self, uuid=None): + """Retrieve the details of a given kubernetes rootca update. + + :param uuid: uuid of update + """ + + try: + return self._list(self._path(uuid))[0] + except IndexError: + return None + + def get_list(self, uuid=None): + """Retrieve the details of a given kubernetes rootca update. + + :param uuid: uuid of update + """ + try: + return self._list(self._path(uuid), 'kube_rootca_updates') + except IndexError: + return [] + + def rootCA_upload(self, pem_content): + """Retrieve the details of a given kubernetes rootca update. + + :param pem_content: the content of the PEM file to be uploaded + """ + + path = self._path('upload_cert') + return self._upload(path, pem_content) + + def rootCA_generate(self, expiry_date=None, subject=None): + """Generate a root CA to be applied during + kubernetes rootca update procedure. + + :param expiry_date: stores data from CLI arg expiry_date. + A datetime string in ISO 8601 format (YYYY-MM-DD) + specifying the expiry date for the certificate to be + generated. + :param subject: A string specifying the subject to be set + for the certificate. + """ + + path = self._path('generate_cert') + generate_body = {} + generate_body['expiry_date'] = expiry_date + generate_body['subject'] = subject + return self._create(path, generate_body) + + def rootCA_pods_update(self, phase): + """Kubernetes rootca update for pods. + + :param phase: the phase of the update request. + """ + + post_body = {} + post_body['phase'] = phase + resp, body = self.api.json_request('POST', self._path() + "pods", + body=post_body) + return self.resource_class(self, body) + + def host_update_list(self): + """Retrieves Kubernetes root CA update status by hosts""" + + return self._list(self._path('hosts'), 'kube_host_updates') + + def update_complete(self, patch, force): + """Marks the Kubernetes rootca update as complete + + :param patch: a json PATCH document to apply on complete API. + :param force: A CLI argument to indicate if the API should ignore + minor alarms on eventual health checks. + """ + + return self._update(self._path() + '?force=' + str(force), patch) diff --git a/sysinv/cgts-client/cgts-client/cgtsclient/v1/kube_rootca_update_shell.py b/sysinv/cgts-client/cgts-client/cgtsclient/v1/kube_rootca_update_shell.py new file mode 100755 index 0000000000..63758794c8 --- /dev/null +++ b/sysinv/cgts-client/cgts-client/cgtsclient/v1/kube_rootca_update_shell.py @@ -0,0 +1,192 @@ +# +# Copyright (c) 2021 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +# All Rights Reserved. +# + +from cgtsclient.common import utils +from cgtsclient import exc +from cgtsclient.v1 import ihost as ihost_utils + + +# Kubernetes constants +KUBE_ROOTCA_UPDATE_COMPLETED = 'update-completed' +KUBE_ROOTCA_UPDATE_ABORTED = 'update-aborted' + + +def _print_kube_rootca_update_show(obj): + fields = ['uuid', 'state', 'from_rootca_cert', 'to_rootca_cert', + 'created_at', 'updated_at'] + optional_fields = [] + data = [(f, getattr(obj, f, '')) for f in fields] + if optional_fields: + data += [(f, getattr(obj, f, '')) for f in optional_fields + if hasattr(obj, f)] + utils.print_tuple_list(data) + + +def _print_kube_rootca_host_update_show(obj): + fields = ['uuid', 'state', 'effective_rootca_cert', + 'target_rootca_cert', 'created_at', 'updated_at'] + optional_fields = [] + data = [(f, getattr(obj, f, '')) for f in fields] + if optional_fields: + data += [(f, getattr(obj, f, '')) for f in optional_fields + if hasattr(obj, f)] + utils.print_tuple_list(data) + + +@utils.arg('hostnameorid', metavar='', + help="Name or ID of host") +@utils.arg('--phase', + choices=['trust-both-cas', 'update-certs', 'trust-new-ca'], + help="Specify the phase of the update") +def do_kube_rootca_host_update(cc, args): + """Update root CA certificate on a host.""" + + ihost = ihost_utils._find_ihost(cc, args.hostnameorid) + if args.phase in ['trust-both-cas', 'update-certs', 'trust-new-ca']: + kube_update_host_rootca = cc.ihost.kube_update_rootca(ihost.uuid, + args.phase) + else: + raise exc.CommandError('Invalid phase value: %s' % args.phase) + + _print_kube_rootca_host_update_show(kube_update_host_rootca) + + +@utils.arg('--phase', + choices=['trust-both-cas', 'trust-new-ca'], + help="Specify the phase of the update") +def do_kube_rootca_pods_update(cc, args): + """Update root CA certificate for pods.""" + + if args.phase in ['trust-both-cas', 'trust-new-ca']: + kube_rootca_update = \ + cc.kube_rootca_update.rootCA_pods_update(args.phase) + else: + raise exc.CommandError('Invalid phase value: %s' % args.phase) + + _print_kube_rootca_update_show(kube_rootca_update) + + +@utils.arg('-f', '--force', + action='store_true', + default=False, + help="Ignore non management-affecting alarms") +def do_kube_rootca_update_start(cc, args): + """Start a new procedure for kubernetes rootCA update """ + + kube_rootca_update = cc.kube_rootca_update.create(args.force) + uuid = getattr(kube_rootca_update, 'uuid', '') + + try: + kube_rootca_update = cc.kube_rootca_update.get(uuid) + except exc.HTTPNotFound: + raise exc.CommandError('Created kubernetes rootca update UUID not found: %s' + % uuid) + + _print_kube_rootca_update_show(kube_rootca_update) + + +@utils.arg('certificate_file', + metavar='', + help='Path to the kubernetes certificate file (in PEM format) to upload.') +def do_kube_rootca_update_upload_cert(cc, args): + """Upload new kubernetes rootCA """ + + certificate_file = args.certificate_file + try: + with open(certificate_file, 'rb') as sec_file: + cert_upload = cc.kube_rootca_update.rootCA_upload(sec_file) + except Exception: + raise exc.CommandError("Error: Could not open file %s." % + certificate_file) + + if cert_upload.get("error"): + print(cert_upload.get("error")) + else: + # Show new rootca certificate identifier - + print("Uploaded new rootca certificate: %s" % cert_upload.get("success")) + + +@utils.arg('--expiry-date', + default=None, + help='Optional argument to define expiry date ' + 'in the format of YYYY-MM-DD for k8s root' + 'CA to be generated') +@utils.arg('--subject', + default=None, + help='Subject to be set on new kubernetes root CA.Should ' + 'have the format = and ' + 'supports C(Country), ST(State/Province), L(Locality) ' + 'O(Organization), OU(OrganizationalUnit), ' + 'CN(CommonName) subject parameters. An example is an ' + 'entry like C=US ST=California L=San Francisco ' + 'O=StarlingX OU=Company1 CN=Subject Example') +def do_kube_rootca_update_generate_cert(cc, args): + """Generate new kubernetes rootCA""" + + certificate = cc.kube_rootca_update.rootCA_generate(args.expiry_date, args.subject) + + if certificate.error: + print(certificate.error) + else: + # Show new rootca certificate identifier - + print("Generated new rootca certificate: %s" % certificate.success) + + +def do_kube_rootca_update_show(cc, args): + """Retrieves kubernetes rootCA update status""" + + update_status = cc.kube_rootca_update.get_list() + + fields = ['uuid', 'state', 'from_rootca_cert', 'to_rootca_cert', + 'created_at', 'updated_at'] + + utils.print_list(update_status, fields, fields) + + +def do_kube_rootca_host_update_list(cc, args): + """Retrieves kubernetes rootCA update status on each host""" + + update_status_list = cc.kube_rootca_update.host_update_list() + + fields = ['hostname', 'personality', 'state', 'effective_rootca_cert', + 'target_rootca_cert', 'created_at', 'updated_at'] + + utils.print_list(update_status_list, fields, fields) + + +@utils.arg('-f', '--force', + action='store_true', + default=False, + help="Ignore non management-affecting alarms") +def do_kube_rootca_update_complete(cc, args): + """Marks the rootca update as complete""" + + patch = [] + patch.append({'op': 'replace', + 'path': '/state', + 'value': KUBE_ROOTCA_UPDATE_COMPLETED}) + + update_status = cc.kube_rootca_update.update_complete(patch, args.force) + _print_kube_rootca_update_show(update_status) + + +@utils.arg('-f', '--force', + action='store_true', + default=False, + help="Ignore non management-affecting alarms") +def do_kube_rootca_update_abort(cc, args): + """Marks the rootca update as aborted""" + + patch = [] + patch.append({'op': 'replace', + 'path': '/state', + 'value': KUBE_ROOTCA_UPDATE_ABORTED}) + + update_status = cc.kube_rootca_update.update_complete(patch, args.force) + _print_kube_rootca_update_show(update_status) diff --git a/sysinv/cgts-client/cgts-client/cgtsclient/v1/shell.py b/sysinv/cgts-client/cgts-client/cgtsclient/v1/shell.py index 318089a765..2d7b043eb3 100644 --- a/sysinv/cgts-client/cgts-client/cgtsclient/v1/shell.py +++ b/sysinv/cgts-client/cgts-client/cgtsclient/v1/shell.py @@ -43,6 +43,7 @@ from cgtsclient.v1 import isystem_shell from cgtsclient.v1 import iuser_shell from cgtsclient.v1 import kube_cluster_shell +from cgtsclient.v1 import kube_rootca_update_shell from cgtsclient.v1 import kube_upgrade_shell from cgtsclient.v1 import kube_version_shell from cgtsclient.v1 import label_shell @@ -125,6 +126,7 @@ COMMAND_MODULES = [ kube_cluster_shell, kube_version_shell, kube_upgrade_shell, + kube_rootca_update_shell, device_image_shell, device_image_state_shell, device_label_shell, diff --git a/sysinv/sysinv/sysinv/sysinv/api/controllers/v1/kube_rootca_update.py b/sysinv/sysinv/sysinv/sysinv/api/controllers/v1/kube_rootca_update.py index 9c643fd6a5..c1b243247a 100644 --- a/sysinv/sysinv/sysinv/sysinv/api/controllers/v1/kube_rootca_update.py +++ b/sysinv/sysinv/sysinv/sysinv/api/controllers/v1/kube_rootca_update.py @@ -597,6 +597,9 @@ class KubeRootCAUpdateController(rest.RestController): rpc_host_update_list = pecan.request.dbapi.kube_rootca_host_update_get_list() hostnames = [host.hostname for host in rpc_host_update_list] + + LOG.debug("Starting cleanup procedure") + self._clear_kubernetes_resources(hostnames) # cleanup kube_rootca_host_update table @@ -615,21 +618,25 @@ class KubeRootCAUpdateController(rest.RestController): # cleanup kube_rootca_update table for completion if update_state == kubernetes.KUBE_ROOTCA_UPDATE_COMPLETED: pecan.request.dbapi.kube_rootca_update_destroy(rpc_kube_rootca_update.id) + LOG.debug("Removed procedure entry on kube_rootca_update table") # If applicable, notify dcmanager that the update is completed system = pecan.request.dbapi.isystem_get_one() role = system.get('distributed_cloud_role') if role == constants.DISTRIBUTED_CLOUD_ROLE_SYSTEMCONTROLLER: dc_api.notify_dcmanager_kube_rootca_update_completed() + LOG.info("Kubernetes rootca update completed") # clear update in progess alarm if self.fm_api.get_fault(fm_constants.FM_ALARM_ID_KUBE_ROOTCA_UPDATE_IN_PROGRESS, self.alarm_instance_id): + LOG.debug("Removing KUBE ROOTCA UPDATE IN PROGRESS alarm") self.fm_api.clear_fault(fm_constants.FM_ALARM_ID_KUBE_ROOTCA_UPDATE_IN_PROGRESS, self.alarm_instance_id) # raise update aborted alarm if this is an abort if update_state == kubernetes.KUBE_ROOTCA_UPDATE_ABORTED: + LOG.debug("Raising KUBE ROOTCA PROCEDURE ABORTED alarm") fault = fm_api.Fault( alarm_id=fm_constants.FM_ALARM_ID_KUBE_ROOTCA_UPDATE_ABORTED, alarm_state=fm_constants.FM_ALARM_STATE_SET, @@ -714,11 +721,8 @@ class KubeRootCAHostUpdateController(rest.RestController): # Get all the host update state host_updates_temp = [] - try: - host_updates_temp = \ - pecan.request.dbapi.kube_rootca_host_update_get_list() - except exception.NotFound: - pass + host_updates_temp = \ + pecan.request.dbapi.kube_rootca_host_update_get_list() host_updates = [host_update for host_update in host_updates_temp if host_update.state is not None] diff --git a/sysinv/sysinv/sysinv/sysinv/common/kubernetes.py b/sysinv/sysinv/sysinv/sysinv/common/kubernetes.py index 233d7d9716..71f81aa8dd 100644 --- a/sysinv/sysinv/sysinv/sysinv/common/kubernetes.py +++ b/sysinv/sysinv/sysinv/sysinv/common/kubernetes.py @@ -93,25 +93,25 @@ KUBE_HOST_UPGRADING_KUBELET_FAILED = 'upgrading-kubelet-failed' KUBE_ROOTCA_UPDATE_STARTED = 'update-started' KUBE_ROOTCA_UPDATE_CERT_UPLOADED = 'update-new-rootca-cert-uploaded' KUBE_ROOTCA_UPDATE_CERT_GENERATED = 'update-new-rootca-cert-generated' -KUBE_ROOTCA_UPDATING_PODS_TRUSTBOTHCAS = 'updating-pods-trustBothCAs' -KUBE_ROOTCA_UPDATED_PODS_TRUSTBOTHCAS = 'updated-pods-trustBothCAs' -KUBE_ROOTCA_UPDATING_PODS_TRUSTBOTHCAS_FAILED = 'updating-pods-trustBothCAs-failed' -KUBE_ROOTCA_UPDATING_PODS_TRUSTNEWCA = 'updating-pods-trustNewCA' -KUBE_ROOTCA_UPDATED_PODS_TRUSTNEWCA = 'updated-pods-trustNewCA' -KUBE_ROOTCA_UPDATING_PODS_TRUSTNEWCA_FAILED = 'updating-pods-trustNewCA-failed' +KUBE_ROOTCA_UPDATING_PODS_TRUSTBOTHCAS = 'updating-pods-trust-both-cas' +KUBE_ROOTCA_UPDATED_PODS_TRUSTBOTHCAS = 'updated-pods-trust-both-cas' +KUBE_ROOTCA_UPDATING_PODS_TRUSTBOTHCAS_FAILED = 'updating-pods-trust-both-cas-failed' +KUBE_ROOTCA_UPDATING_PODS_TRUSTNEWCA = 'updating-pods-trust-new-ca' +KUBE_ROOTCA_UPDATED_PODS_TRUSTNEWCA = 'updated-pods-trust-new-ca' +KUBE_ROOTCA_UPDATING_PODS_TRUSTNEWCA_FAILED = 'updating-pods-trust-new-ca-failed' KUBE_ROOTCA_UPDATE_COMPLETED = 'update-completed' KUBE_ROOTCA_UPDATE_ABORTED = 'update-aborted' # Kubernetes rootca host update states -KUBE_ROOTCA_UPDATING_HOST_TRUSTBOTHCAS = 'updating-host-trustBothCAs' -KUBE_ROOTCA_UPDATED_HOST_TRUSTBOTHCAS = 'updated-host-trustBothCAs' -KUBE_ROOTCA_UPDATING_HOST_TRUSTBOTHCAS_FAILED = 'updating-host-trustBothCAs-failed' -KUBE_ROOTCA_UPDATING_HOST_UPDATECERTS = 'updating-host-updateCerts' -KUBE_ROOTCA_UPDATED_HOST_UPDATECERTS = 'updated-host-updateCerts' -KUBE_ROOTCA_UPDATING_HOST_UPDATECERTS_FAILED = 'updating-host-updateCerts-failed' -KUBE_ROOTCA_UPDATING_HOST_TRUSTNEWCA = 'updating-host-trustNewCA' -KUBE_ROOTCA_UPDATED_HOST_TRUSTNEWCA = 'updated-host-trustNewCA' -KUBE_ROOTCA_UPDATING_HOST_TRUSTNEWCA_FAILED = 'updating-host-trustNewCA-failed' +KUBE_ROOTCA_UPDATING_HOST_TRUSTBOTHCAS = 'updating-host-trust-both-cas' +KUBE_ROOTCA_UPDATED_HOST_TRUSTBOTHCAS = 'updated-host-trust-both-cas' +KUBE_ROOTCA_UPDATING_HOST_TRUSTBOTHCAS_FAILED = 'updating-host-trust-both-cas-failed' +KUBE_ROOTCA_UPDATING_HOST_UPDATECERTS = 'updating-host-update-certs' +KUBE_ROOTCA_UPDATED_HOST_UPDATECERTS = 'updated-host-update-certs' +KUBE_ROOTCA_UPDATING_HOST_UPDATECERTS_FAILED = 'updating-host-update-certs-failed' +KUBE_ROOTCA_UPDATING_HOST_TRUSTNEWCA = 'updating-host-trust-new-ca' +KUBE_ROOTCA_UPDATED_HOST_TRUSTNEWCA = 'updated-host-trust-new-ca' +KUBE_ROOTCA_UPDATING_HOST_TRUSTNEWCA_FAILED = 'updating-host-trust-new-ca-failed' # Kubeadm and Kubelet default versions KUBERNETES_DEFAULT_VERSION = '1.18.1' diff --git a/sysinv/sysinv/sysinv/sysinv/conductor/manager.py b/sysinv/sysinv/sysinv/sysinv/conductor/manager.py index 174b7573b9..ac68008a4e 100644 --- a/sysinv/sysinv/sysinv/sysinv/conductor/manager.py +++ b/sysinv/sysinv/sysinv/sysinv/conductor/manager.py @@ -14175,7 +14175,7 @@ class ConductorManager(service.PeriodicService): try: new_cert_id = cutils.build_cert_identifier(cert) except Exception: - msg = "Failed to extract subject and serial number" \ + msg = "Failed to extract subject and serial number " \ "from new root CA" LOG.error(msg) return dict(success="", error=msg)