#!/bin/bash
# Provides simple utility functions
# configure_os_server will create and write OS master certificates, node configurations, and OpenShift configurations.
# It is recommended to run the following environment setup functions before configuring the OpenShift server:
# - os::util::environment::setup_all_server_vars
# - os::util::environment::use_sudo -- if your script should be using root privileges
#
# Globals:
# - ALL_IP_ADDRESSES
# - PUBLIC_MASTER_HOST
# - MASTER_CONFIG_DIR
# - MASTER_ADDR
# - API_SCHEME
# - PUBLIC_MASTER_HOST
# - API_PORT
# - KUBELET_SCHEME
# - KUBELET_BIND_HOST
# - KUBELET_PORT
# - NODE_CONFIG_DIR
# - KUBELET_HOST
# - API_BIND_HOST
# - VOLUME_DIR
# - ETCD_DATA_DIR
# - USE_IMAGES
# - USE_SUDO
# Arguments:
# None
# Returns:
# - export ADMIN_KUBECONFIG
# - export CLUSTER_ADMIN_CONTEXT
function configure_os_server() {
# find the same IP that openshift start will bind to. This allows access from pods that have to talk back to master
if [[ -z "${ALL_IP_ADDRESSES-}" ]]; then
ALL_IP_ADDRESSES="$(openshift start --print-ip)"
SERVER_HOSTNAME_LIST="${PUBLIC_MASTER_HOST},localhost,172.30.0.1"
SERVER_HOSTNAME_LIST="${SERVER_HOSTNAME_LIST},kubernetes.default.svc.cluster.local,kubernetes.default.svc,kubernetes.default,kubernetes"
SERVER_HOSTNAME_LIST="${SERVER_HOSTNAME_LIST},openshift.default.svc.cluster.local,openshift.default.svc,openshift.default,openshift"
while read -r IP_ADDRESS
do
SERVER_HOSTNAME_LIST="${SERVER_HOSTNAME_LIST},${IP_ADDRESS}"
done <<< "${ALL_IP_ADDRESSES}"
export ALL_IP_ADDRESSES
export SERVER_HOSTNAME_LIST
fi
echo "[INFO] Creating certificates for the OpenShift server"
openshift admin ca create-master-certs \
--overwrite=false \
--cert-dir="${MASTER_CONFIG_DIR}" \
--hostnames="${SERVER_HOSTNAME_LIST}" \
--master="${MASTER_ADDR}" \
--public-master="${API_SCHEME}://${PUBLIC_MASTER_HOST}:${API_PORT}"
echo "[INFO] Creating OpenShift node config"
openshift admin create-node-config \
--listen="${KUBELET_SCHEME}://${KUBELET_BIND_HOST}:${KUBELET_PORT}" \
--node-dir="${NODE_CONFIG_DIR}" \
--node="${KUBELET_HOST}" \
--hostnames="${KUBELET_HOST}" \
--master="${MASTER_ADDR}" \
--node-client-certificate-authority="${MASTER_CONFIG_DIR}/ca.crt" \
--certificate-authority="${MASTER_CONFIG_DIR}/ca.crt" \
--signer-cert="${MASTER_CONFIG_DIR}/ca.crt" \
--signer-key="${MASTER_CONFIG_DIR}/ca.key" \
--signer-serial="${MASTER_CONFIG_DIR}/ca.serial.txt"
oadm create-bootstrap-policy-file --filename="${MASTER_CONFIG_DIR}/policy.json"
echo "[INFO] Creating OpenShift config"
openshift start \
--write-config=${SERVER_CONFIG_DIR} \
--create-certs=false \
--dns="tcp://${API_HOST}:53" \
--listen="${API_SCHEME}://${API_BIND_HOST}:${API_PORT}" \
--master="${MASTER_ADDR}" \
--public-master="${API_SCHEME}://${PUBLIC_MASTER_HOST}:${API_PORT}" \
--hostname="${KUBELET_HOST}" \
--volume-dir="${VOLUME_DIR}" \
--etcd-dir="${ETCD_DATA_DIR}" \
--images="${USE_IMAGES}"
cp ${SERVER_CONFIG_DIR}/master/master-config.yaml ${SERVER_CONFIG_DIR}/master/master-config.orig.yaml
openshift ex config patch ${SERVER_CONFIG_DIR}/master/master-config.orig.yaml --patch="{\"etcdConfig\": {\"address\": \"${API_HOST}:${ETCD_PORT}\"}}" | \
openshift ex config patch - --patch="{\"etcdConfig\": {\"servingInfo\": {\"bindAddress\": \"${API_HOST}:${ETCD_PORT}\"}}}" | \
openshift ex config patch - --type json --patch="[{\"op\": \"replace\", \"path\": \"/etcdClientInfo/urls\", \"value\": [\"${API_SCHEME}://${API_HOST}:${ETCD_PORT}\"]}]" | \
openshift ex config patch - --patch="{\"etcdConfig\": {\"peerAddress\": \"${API_HOST}:${ETCD_PEER_PORT}\"}}" | \
openshift ex config patch - --patch="{\"etcdConfig\": {\"peerServingInfo\": {\"bindAddress\": \"${API_HOST}:${ETCD_PEER_PORT}\"}}}" | \
openshift ex config patch - --patch="{\"imagePolicyConfig\": {\"maxImagesBulkImportedPerRepository\": ${MAX_IMAGES_BULK_IMPORTED_PER_REPOSITORY:-5}}}" > ${SERVER_CONFIG_DIR}/master/master-config.yaml
# Make oc use ${MASTER_CONFIG_DIR}/admin.kubeconfig, and ignore anything in the running user's $HOME dir
export ADMIN_KUBECONFIG="${MASTER_CONFIG_DIR}/admin.kubeconfig"
export CLUSTER_ADMIN_CONTEXT=$(oc config view --config=${ADMIN_KUBECONFIG} --flatten -o template --template='{{index . "current-context"}}')
local sudo="${USE_SUDO:+sudo}"
${sudo} chmod -R a+rwX "${ADMIN_KUBECONFIG}"
echo "[INFO] To debug: export KUBECONFIG=$ADMIN_KUBECONFIG"
}
readonly -f configure_os_server
# start_os_server starts the OpenShift server, exports the PID of the OpenShift server and waits until openshift server endpoints are available
# It is advised to use this function after a successful run of 'configure_os_server'
#
# Globals:
# - USE_SUDO
# - LOG_DIR
# - ARTIFACT_DIR
# - VOLUME_DIR
# - SERVER_CONFIG_DIR
# - USE_IMAGES
# - MASTER_ADDR
# - MASTER_CONFIG_DIR
# - NODE_CONFIG_DIR
# - API_SCHEME
# - API_HOST
# - API_PORT
# - KUBELET_SCHEME
# - KUBELET_HOST
# - KUBELET_PORT
# Arguments:
# None
# Returns:
# - export OS_PID
function start_os_server() {
local sudo="${USE_SUDO:+sudo}"
local use_latest_images
if [[ -n "${USE_LATEST_IMAGES:-}" ]]; then
use_latest_images="true"
else
use_latest_images="false"
fi
echo "[INFO] `openshift version`"
echo "[INFO] Server logs will be at: ${LOG_DIR}/openshift.log"
echo "[INFO] Test artifacts will be in: ${ARTIFACT_DIR}"
echo "[INFO] Volumes dir is: ${VOLUME_DIR}"
echo "[INFO] Config dir is: ${SERVER_CONFIG_DIR}"
echo "[INFO] Using images: ${USE_IMAGES}"
echo "[INFO] MasterIP is: ${MASTER_ADDR}"
mkdir -p ${LOG_DIR}
echo "[INFO] Scan of OpenShift related processes already up via ps -ef | grep openshift : "
ps -ef | grep openshift
echo "[INFO] Starting OpenShift server"
${sudo} env "PATH=${PATH}" OPENSHIFT_PROFILE=web OPENSHIFT_ON_PANIC=crash openshift start \
--master-config=${MASTER_CONFIG_DIR}/master-config.yaml \
--node-config=${NODE_CONFIG_DIR}/node-config.yaml \
--loglevel=4 --logspec='*importer=5' \
--latest-images="${use_latest_images}" \
&>"${LOG_DIR}/openshift.log" &
export OS_PID=$!
echo "[INFO] OpenShift server start at: "
date
wait_for_url "${API_SCHEME}://${API_HOST}:${API_PORT}/healthz" "apiserver: " 0.25 80
wait_for_url "${KUBELET_SCHEME}://${KUBELET_HOST}:${KUBELET_PORT}/healthz" "[INFO] kubelet: " 0.5 120
wait_for_url "${API_SCHEME}://${API_HOST}:${API_PORT}/healthz/ready" "apiserver(ready): " 0.25 80
wait_for_url "${API_SCHEME}://${API_HOST}:${API_PORT}/api/v1/nodes/${KUBELET_HOST}" "apiserver(nodes): " 0.25 80
echo "[INFO] OpenShift server health checks done at: "
date
}
readonly -f start_os_server
# start_os_master starts the OpenShift master, exports the PID of the OpenShift master and waits until OpenShift master endpoints are available
# It is advised to use this function after a successful run of 'configure_os_server'
#
# Globals:
# - USE_SUDO
# - LOG_DIR
# - ARTIFACT_DIR
# - SERVER_CONFIG_DIR
# - USE_IMAGES
# - MASTER_ADDR
# - MASTER_CONFIG_DIR
# - API_SCHEME
# - API_HOST
# - API_PORT
# Arguments:
# None
# Returns:
# - export OS_PID
function start_os_master() {
local sudo="${USE_SUDO:+sudo}"
echo "[INFO] `openshift version`"
echo "[INFO] Server logs will be at: ${LOG_DIR}/openshift.log"
echo "[INFO] Test artifacts will be in: ${ARTIFACT_DIR}"
echo "[INFO] Config dir is: ${SERVER_CONFIG_DIR}"
echo "[INFO] Using images: ${USE_IMAGES}"
echo "[INFO] MasterIP is: ${MASTER_ADDR}"
mkdir -p ${LOG_DIR}
echo "[INFO] Scan of OpenShift related processes already up via ps -ef | grep openshift : "
ps -ef | grep openshift
echo "[INFO] Starting OpenShift server"
${sudo} env "PATH=${PATH}" OPENSHIFT_PROFILE=web OPENSHIFT_ON_PANIC=crash openshift start master \
--config=${MASTER_CONFIG_DIR}/master-config.yaml \
--loglevel=4 --logspec='*importer=5' \
&>"${LOG_DIR}/openshift.log" &
export OS_PID=$!
echo "[INFO] OpenShift server start at: "
date
wait_for_url "${API_SCHEME}://${API_HOST}:${API_PORT}/healthz" "apiserver: " 0.25 160
wait_for_url "${API_SCHEME}://${API_HOST}:${API_PORT}/healthz/ready" "apiserver(ready): " 0.25 160
echo "[INFO] OpenShift server health checks done at: "
date
}
readonly -f start_os_master
# ensure_iptables_or_die tests if the testing machine has iptables available
# and in PATH. Also test whether current user has sudo privileges.
function ensure_iptables_or_die() {
if [[ -z "$(which iptables)" ]]; then
echo "IPTables not found - the end-to-end test requires a system with iptables for Kubernetes services."
exit 1
fi
set +e
iptables --list > /dev/null 2>&1
if [ $? -ne 0 ]; then
sudo iptables --list > /dev/null 2>&1
if [ $? -ne 0 ]; then
echo "You do not have iptables or sudo privileges. Kubernetes services will not work without iptables access. See https://github.com/kubernetes/kubernetes/issues/1859. Try 'sudo hack/test-end-to-end.sh'."
exit 1
fi
fi
set -e
}
readonly -f ensure_iptables_or_die
# tryuntil loops, retrying an action until it succeeds or times out after 90 seconds.
function tryuntil() {
timeout=$(($(date +%s) + 90))
echo "++ Retrying until success or timeout: ${@}"
while [ 1 ]; do
if eval "${@}" >/dev/null 2>&1; then
return 0
fi
if [[ $(date +%s) -gt $timeout ]]; then
# run it one more time so we can display the output
# for debugging, since above we /dev/null the output
if eval "${@}"; then
return 0
fi
echo "++ timed out"
return 1
fi
done
}
readonly -f tryuntil
# wait_for_command executes a command and waits for it to
# complete or times out after max_wait.
#
# $1 - The command to execute (e.g. curl -fs http://redhat.com)
# $2 - Optional maximum time to wait in ms before giving up (Default: 10000ms)
# $3 - Optional alternate command to determine if the wait should
# exit before the max_wait
function wait_for_command() {
STARTTIME=$(date +%s)
cmd=$1
msg="Waiting for command to finish: '${cmd}'..."
max_wait=${2:-10*TIME_SEC}
fail=${3:-""}
wait=0.2
echo "[INFO] $msg"
expire=$(($(time_now) + $max_wait))
set +e
while [[ $(time_now) -lt $expire ]]; do
eval $cmd
if [ $? -eq 0 ]; then
set -e
ENDTIME=$(date +%s)
echo "[INFO] Success running command: '$cmd' after $(($ENDTIME - $STARTTIME)) seconds"
return 0
fi
#check a failure condition where the success
#command may never be evaluated before timing
#out
if [[ ! -z $fail ]]; then
eval $fail
if [ $? -eq 0 ]; then
set -e
echo "[FAIL] Returning early. Command Failed '$cmd'"
return 1
fi
fi
sleep $wait
done
echo "[ ERR] Gave up waiting for: '$cmd'"
set -e
return 1
}
readonly -f wait_for_command
# wait_for_url_timed attempts to access a url in order to
# determine if it is available to service requests.
#
# $1 - The URL to check
# $2 - Optional prefix to use when echoing a successful result
# $3 - Optional maximum time to wait before giving up (Default: 10s)
function wait_for_url_timed() {
STARTTIME=$(date +%s)
url=$1
prefix=${2:-}
max_wait=${3:-10*TIME_SEC}
wait=0.2
expire=$(($(time_now) + $max_wait))
set +e
while [[ $(time_now) -lt $expire ]]; do
out=$(curl --max-time 2 -fs $url 2>/dev/null)
if [ $? -eq 0 ]; then
set -e
echo ${prefix}${out}
ENDTIME=$(date +%s)
echo "[INFO] Success accessing '$url' after $(($ENDTIME - $STARTTIME)) seconds"
return 0
fi
sleep $wait
done
echo "ERROR: gave up waiting for $url"
set -e
return 1
}
readonly -f wait_for_url_timed
# wait_for_file returns 0 if a file exists, 1 if it does not exist
#
# $1 - The file to check for existence
# $2 - Optional time to sleep between attempts (Default: 0.2s)
# $3 - Optional number of attemps to make (Default: 10)
function wait_for_file() {
file=$1
wait=${2:-0.2}
times=${3:-10}
for i in $(seq 1 $times); do
if [ -f "${file}" ]; then
return 0
fi
sleep $wait
done
echo "ERROR: gave up waiting for file ${file}"
return 1
}
readonly -f wait_for_file
# wait_for_url attempts to access a url in order to
# determine if it is available to service requests.
#
# $1 - The URL to check
# $2 - Optional prefix to use when echoing a successful result
# $3 - Optional time to sleep between attempts (Default: 0.2s)
# $4 - Optional number of attemps to make (Default: 10)
function wait_for_url() {
url=$1
prefix=${2:-}
wait=${3:-0.2}
times=${4:-10}
set_curl_args $wait $times
set +e
cmd="env -i CURL_CA_BUNDLE=${CURL_CA_BUNDLE:-} $(which curl) ${clientcert_args} -fs ${url}"
for i in $(seq 1 $times); do
out=$(${cmd})
if [ $? -eq 0 ]; then
set -e
echo "${prefix}${out}"
return 0
fi
sleep $wait
done
echo "ERROR: gave up waiting for ${url}"
echo $(${cmd})
set -e
return 1
}
readonly -f wait_for_url
# set_curl_args tries to export CURL_ARGS for a program to use.
# will do a wait for the files to exist when using curl with
# SecureTransport (because we must convert the keys to a different
# form).
#
# $1 - Optional time to sleep between attempts (Default: 0.2s)
# $2 - Optional number of attemps to make (Default: 10)
function set_curl_args() {
wait=${1:-0.2}
times=${2:-10}
CURL_CERT=${CURL_CERT:-}
CURL_KEY=${CURL_KEY:-}
clientcert_args="${CURL_EXTRA:-} "
if [ -n "${CURL_CERT}" ]; then
if [ -n "${CURL_KEY}" ]; then
if [[ `curl -V` == *"SecureTransport"* ]]; then
# Convert to a p12 cert for SecureTransport
export CURL_CERT_DIR=$(dirname "${CURL_CERT}")
export CURL_CERT_P12=${CURL_CERT_P12:-${CURL_CERT_DIR}/cert.p12}
export CURL_CERT_P12_PASSWORD=${CURL_CERT_P12_PASSWORD:-password}
if [ ! -f "${CURL_CERT_P12}" ]; then
wait_for_file "${CURL_CERT}" $wait $times
wait_for_file "${CURL_KEY}" $wait $times
openssl pkcs12 -export -inkey "${CURL_KEY}" -in "${CURL_CERT}" -out "${CURL_CERT_P12}" -password "pass:${CURL_CERT_P12_PASSWORD}"
fi
clientcert_args="--cert ${CURL_CERT_P12}:${CURL_CERT_P12_PASSWORD} ${CURL_EXTRA:-}"
else
clientcert_args="--cert ${CURL_CERT} --key ${CURL_KEY} ${CURL_EXTRA:-}"
fi
fi
fi
export CURL_ARGS="${clientcert_args}"
}
readonly -f set_curl_args
# Search for a regular expression in a HTTP response.
#
# $1 - a valid URL (e.g.: http://127.0.0.1:8080)
# $2 - a regular expression or text
function validate_response() {
url=$1
expected_response=$2
wait=${3:-0.2}
times=${4:-10}
set +e
for i in $(seq 1 $times); do
response=`curl $url`
echo $response | grep -q "$expected_response"
if [ $? -eq 0 ]; then
echo "[INFO] Response is valid."
set -e
return 0
fi
sleep $wait
done
echo "[INFO] Response is invalid: $response"
set -e
return 1
}
readonly -f validate_response
# reset_tmp_dir will try to delete the testing directory.
# If it fails will unmount all the mounts associated with
# the test.
#
# $1 expression for which the mounts should be checked
function reset_tmp_dir() {
local sudo="${USE_SUDO:+sudo}"
set +e
${sudo} rm -rf ${BASETMPDIR} &>/dev/null
if [[ $? != 0 ]]; then
echo "[INFO] Unmounting previously used volumes ..."
findmnt -lo TARGET | grep ${BASETMPDIR} | xargs -r ${sudo} umount
${sudo} rm -rf ${BASETMPDIR}
fi
mkdir -p ${BASETMPDIR} ${LOG_DIR} ${ARTIFACT_DIR} ${FAKE_HOME_DIR} ${VOLUME_DIR}
set -e
}
readonly -f reset_tmp_dir
# kill_all_processes function will kill all
# all processes created by the test script.
function kill_all_processes() {
local sudo="${USE_SUDO:+sudo}"
pids=($(jobs -pr))
for i in ${pids[@]-}; do
pgrep -P "${i}" | xargs $sudo kill &> /dev/null
$sudo kill ${i} &> /dev/null
done
}
readonly -f kill_all_processes
# time_now return the time since the epoch in millis
function time_now() {
echo $(date +%s000)
}
readonly -f time_now
# dump_container_logs writes container logs to $LOG_DIR
function dump_container_logs() {
if ! docker version >/dev/null 2>&1; then
return
fi
mkdir -p ${LOG_DIR}
echo "[INFO] Dumping container logs to ${LOG_DIR}"
for container in $(docker ps -aq); do
container_name=$(docker inspect -f "{{.Name}}" $container)
# strip off leading /
container_name=${container_name:1}
if [[ "$container_name" =~ ^k8s_ ]]; then
pod_name=$(echo $container_name | awk 'BEGIN { FS="[_.]+" }; { print $4 }')
container_name=${pod_name}-$(echo $container_name | awk 'BEGIN { FS="[_.]+" }; { print $2 }')
fi
docker logs "$container" >&"${LOG_DIR}/container-${container_name}.log"
done
}
readonly -f dump_container_logs
# delete_empty_logs deletes empty logs
function delete_empty_logs() {
# Clean up zero byte log files
find "${ARTIFACT_DIR}" "${LOG_DIR}" -type f -name '*.log' \( -empty \) -delete
}
readonly -f delete_empty_logs
# truncate_large_logs truncates large logs so we only download the last 20MB
function truncate_large_logs() {
# Clean up large log files so they don't end up on jenkins
local large_files=$(find "${ARTIFACT_DIR}" "${LOG_DIR}" -type f -name '*.log' \( -size +50M \))
for file in ${large_files}; do
mv "${file}" "${file}.tmp"
echo "LOGFILE TOO LONG $(du -h "${file}"), LAST 50M OF LOGFILE:" > "${file}"
tail -c 50M "${file}.tmp" >> "${file}"
rm "${file}.tmp"
done
}
readonly -f truncate_large_logs
######
# start of common functions for extended test group's run.sh scripts
######
# exit run if ginkgo not installed
function ensure_ginkgo_or_die() {
which ginkgo &>/dev/null || (echo 'Run: "go get github.com/onsi/ginkgo/ginkgo"' && exit 1)
}
readonly -f ensure_ginkgo_or_die
# cleanup_openshift saves container logs, saves resources, and kills all processes and containers
function cleanup_openshift() {
LOG_DIR="${LOG_DIR:-${BASETMPDIR}/logs}"
ARTIFACT_DIR="${ARTIFACT_DIR:-${LOG_DIR}}"
API_HOST="${API_HOST:-127.0.0.1}"
API_SCHEME="${API_SCHEME:-https}"
ETCD_PORT="${ETCD_PORT:-4001}"
set +e
dump_container_logs
# pull information out of the server log so that we can get failure management in jenkins to highlight it and
# really have it smack people in their logs. This is a severe correctness problem
grep -a5 "CACHE.*ALTERED" ${LOG_DIR}/openshift.log
echo "[INFO] Dumping etcd contents to ${ARTIFACT_DIR}/etcd_dump.json"
set_curl_args 0 1
curl -s ${clientcert_args} -L "${API_SCHEME}://${API_HOST}:${ETCD_PORT}/v2/keys/?recursive=true" > "${ARTIFACT_DIR}/etcd_dump.json"
echo
if [[ -z "${SKIP_TEARDOWN-}" ]]; then
echo "[INFO] Tearing down test"
kill_all_processes
if docker version >/dev/null 2>&1; then
echo "[INFO] Stopping k8s docker containers"; docker ps | awk 'index($NF,"k8s_")==1 { print $1 }' | xargs -l -r docker stop -t 1 >/dev/null
if [[ -z "${SKIP_IMAGE_CLEANUP-}" ]]; then
echo "[INFO] Removing k8s docker containers"; docker ps -a | awk 'index($NF,"k8s_")==1 { print $1 }' | xargs -l -r docker rm -v >/dev/null
fi
fi
echo "[INFO] Pruning etcd data directory..."
local sudo="${USE_SUDO:+sudo}"
${sudo} rm -rf "${ETCD_DATA_DIR}"
set -u
fi
# TODO soltysh: restore the if back once #8399 is resolved
# if grep -q 'no Docker socket found' "${LOG_DIR}/openshift.log"; then
# the Docker daemon crashed, we need the logs
# journalctl --unit docker.service --since -4hours > "${LOG_DIR}/docker.log"
# fi
journalctl --unit docker.service --since -15minutes > "${LOG_DIR}/docker.log"
delete_empty_logs
truncate_large_logs
echo "[INFO] Cleanup complete"
set -e
}
readonly -f cleanup_openshift
# create a .gitconfig for test-cmd secrets
function create_gitconfig() {
USERNAME=sample-user
PASSWORD=password
BASETMPDIR="${BASETMPDIR:-"/tmp"}"
GITCONFIG_DIR=$(mktemp -d ${BASETMPDIR}/test-gitconfig.XXXX)
touch ${GITCONFIG_DIR}/.gitconfig
git config --file ${GITCONFIG_DIR}/.gitconfig user.name ${USERNAME}
git config --file ${GITCONFIG_DIR}/.gitconfig user.token ${PASSWORD}
echo ${GITCONFIG_DIR}/.gitconfig
}
function create_valid_file() {
BASETMPDIR="${BASETMPDIR:-"/tmp"}"
FILE_DIR=$(mktemp -d ${BASETMPDIR}/test-file.XXXX)
touch ${FILE_DIR}/${1}
echo ${FILE_DIR}/${1}
}
# install the router for the extended tests
function install_router() {
echo "[INFO] Installing the router"
oadm policy add-scc-to-user privileged -z router --config="${ADMIN_KUBECONFIG}"
# Create a TLS certificate for the router
if [[ -n "${CREATE_ROUTER_CERT:-}" ]]; then
echo "[INFO] Generating router TLS certificate"
oadm ca create-server-cert --signer-cert=${MASTER_CONFIG_DIR}/ca.crt \
--signer-key=${MASTER_CONFIG_DIR}/ca.key \
--signer-serial=${MASTER_CONFIG_DIR}/ca.serial.txt \
--hostnames="*.${API_HOST}.xip.io" \
--cert=${MASTER_CONFIG_DIR}/router.crt --key=${MASTER_CONFIG_DIR}/router.key
cat ${MASTER_CONFIG_DIR}/router.crt ${MASTER_CONFIG_DIR}/router.key \
${MASTER_CONFIG_DIR}/ca.crt > ${MASTER_CONFIG_DIR}/router.pem
ROUTER_DEFAULT_CERT="--default-cert=${MASTER_CONFIG_DIR}/router.pem"
fi
openshift admin router --config="${ADMIN_KUBECONFIG}" --images="${USE_IMAGES}" --service-account=router ${ROUTER_DEFAULT_CERT-}
# Set the SYN eater to make router reloads more robust
if [[ -n "${DROP_SYN_DURING_RESTART:-}" ]]; then
# Rewrite the DC for the router to add the environment variable into the pod definition
echo "[INFO] Changing the router DC to drop SYN packets during a reload"
oc set env dc/router -c router DROP_SYN_DURING_RESTART=true
fi
}
readonly -f create_gitconfig
# install registry for the extended tests
function install_registry() {
# The --mount-host option is provided to reuse local storage.
echo "[INFO] Installing the registry"
# For testing purposes, ensure the quota objects are always up to date in the registry by
# disabling project cache.
openshift admin registry --config="${ADMIN_KUBECONFIG}" --images="${USE_IMAGES}" --enforce-quota -o json | \
oc env -f - --output json "REGISTRY_MIDDLEWARE_REPOSITORY_OPENSHIFT_PROJECTCACHETTL=0" | \
oc create -f -
}
readonly -f install_registry
function wait_for_registry() {
local generation=$(oc get dc/docker-registry -o jsonpath='{.metadata.generation}')
local onereplicajs='{.status.observedGeneration},{.status.replicas},{.status.updatedReplicas},{.status.availableReplicas}'
wait_for_command "oc get dc/docker-registry -o jsonpath='$onereplicajs' --config='${ADMIN_KUBECONFIG}' | grep '^$generation,1,1,1$'" $((5*TIME_MIN))
local readyjs='{.items[*].status.conditions[?(@.type=="Ready")].status}'
wait_for_command "oc get pod -l deploymentconfig=docker-registry -o jsonpath='$readyjs' --config='${ADMIN_KUBECONFIG}' | grep -qi true" $TIME_MIN
}
readonly -f wait_for_registry
# Wait for builds to start
# $1 namespace
function os::build:wait_for_start() {
echo "[INFO] Waiting for $1 namespace build to start"
wait_for_command "oc get -n $1 builds | grep -i running" $((10*TIME_MIN)) "oc get -n $1 builds | grep -i -e failed -e error"
BUILD_ID=`oc get -n $1 builds --output-version=v1 --template="{{with index .items 0}}{{.metadata.name}}{{end}}"`
echo "[INFO] Build ${BUILD_ID} started"
}
readonly -f os::build:wait_for_start
# Wait for builds to complete
# $1 namespace
function os::build:wait_for_end() {
echo "[INFO] Waiting for $1 namespace build to complete"
wait_for_command "oc get -n $1 builds | grep -i complete" $((10*TIME_MIN)) "oc get -n $1 builds | grep -i -e failed -e error"
BUILD_ID=`oc get -n $1 builds --output-version=v1 --template="{{with index .items 0}}{{.metadata.name}}{{end}}"`
echo "[INFO] Build ${BUILD_ID} finished"
# TODO: fix
set +e
oc build-logs -n $1 $BUILD_ID > $LOG_DIR/$1build.log
set -e
}
readonly -f os::build:wait_for_end
# enable-selinux/disable-selinux use the shared control variable
# SELINUX_DISABLED to determine whether to re-enable selinux after it
# has been disabled. The goal is to allow temporary disablement of
# selinux enforcement while avoiding enabling enforcement in an
# environment where it is not already enabled.
SELINUX_DISABLED=0
function enable-selinux() {
if [ "${SELINUX_DISABLED}" = "1" ]; then
os::log::info "Re-enabling selinux enforcement"
sudo setenforce 1
SELINUX_DISABLED=0
fi
}
readonly -f enable-selinux
function disable-selinux() {
if selinuxenabled && [ "$(getenforce)" = "Enforcing" ]; then
os::log::info "Temporarily disabling selinux enforcement"
sudo setenforce 0
SELINUX_DISABLED=1
fi
}
readonly -f disable-selinux
######
# end of common functions for extended test group's run.sh scripts
######
function os::log::with-severity() {
local msg=$1
local severity=$2
echo "[$2] ${1}"
}
readonly -f os::log::with-severity
function os::log::info() {
os::log::with-severity "${1}" "INFO"
}
readonly -f os::log::info
function os::log::warn() {
os::log::with-severity "${1}" "WARNING"
}
readonly -f os::log::warn
function os::log::error() {
os::log::with-severity "${1}" "ERROR"
}
readonly -f os::log::error
function find_files() {
find . -not \( \
\( \
-wholename './_output' \
-o -wholename './.*' \
-o -wholename './pkg/assets/bindata.go' \
-o -wholename './pkg/assets/*/bindata.go' \
-o -wholename './pkg/bootstrap/bindata.go' \
-o -wholename './openshift.local.*' \
-o -wholename '*/vendor/*' \
-o -wholename './assets/bower_components/*' \
\) -prune \
\) -name '*.go' | sort -u
}
readonly -f find_files
# Asks golang what it thinks the host platform is. The go tool chain does some
# slightly different things when the target platform matches the host platform.
function os::util::host_platform() {
echo "$(go env GOHOSTOS)/$(go env GOHOSTARCH)"
}
readonly -f os::util::host_platform
function os::util::sed() {
if [[ "$(go env GOHOSTOS)" == "darwin" ]]; then
sed -i '' "$@"
else
sed -i'' "$@"
fi
}
readonly -f os::util::sed
function os::util::base64decode() {
if [[ "$(go env GOHOSTOS)" == "darwin" ]]; then
base64 -D $@
else
base64 -d $@
fi
}
readonly -f os::util::base64decode
function os::util::get_object_assert() {
local object=$1
local request=$2
local expected=$3
res=$(eval oc get $object -o go-template=\"$request\")
if [[ "$res" =~ ^$expected$ ]]; then
echo "Successful get $object $request: $res"
return 0
else
echo "FAIL!"
echo "Get $object $request"
echo " Expected: $expected"
echo " Got: $res"
return 1
fi
}
readonly -f os::util::get_object_assert