Browse code
Add gssapi build flags
Jordan Liggitt authored on 2016/07/07 01:50:18Showing 8 changed files
- HACKING.md
- Makefile
- hack/build-cross.sh
- hack/common.sh
- hack/test-cmd.sh
- hack/test-end-to-end-docker.sh
- origin.spec
- test/end-to-end/core.sh
| ... | ... |
@@ -470,6 +470,29 @@ Version, %commit, and %ldflags values on your own or you may use |
| 470 | 470 |
[tito](https://github.com/dgoodwin/tito) to build |
| 471 | 471 |
and tag releases. |
| 472 | 472 |
|
| 473 |
+## GSSAPI-enabled builds |
|
| 474 |
+ |
|
| 475 |
+When built with GSSAPI support, the `oc` client supports logging in with Kerberos credentials on Linux and OS X. |
|
| 476 |
+GSSAPI-enabled builds of `oc` cannot be cross-compiled, but must be built on the target platform with the GSSAPI header files available. |
|
| 477 |
+ |
|
| 478 |
+On Linux, ensure the `krb5-devel` package is installed: |
|
| 479 |
+ |
|
| 480 |
+ $ sudo yum install -y krb5-devel |
|
| 481 |
+ |
|
| 482 |
+On OS X, you can obtain header files via Homebrew: |
|
| 483 |
+ |
|
| 484 |
+ $ brew install homebrew/dupes/heimdal --without-x11 |
|
| 485 |
+ |
|
| 486 |
+Once dependencies are in place, build with the `gssapi` tag: |
|
| 487 |
+ |
|
| 488 |
+ $ hack/build-go.sh cmd/oc -tags=gssapi |
|
| 489 |
+ |
|
| 490 |
+Verify that the GSSAPI feature is enabled with `oc version`: |
|
| 491 |
+ |
|
| 492 |
+ $ oc version |
|
| 493 |
+ ... |
|
| 494 |
+ features: Basic-Auth GSSAPI Kerberos SPNEGO |
|
| 495 |
+ |
|
| 473 | 496 |
## Swagger API Documentation |
| 474 | 497 |
|
| 475 | 498 |
OpenShift and Kubernetes integrate with the [Swagger 2.0 API framework](http://swagger.io) which aims to make it easier to document and write clients for RESTful APIs. When you start OpenShift, the Swagger API endpoint is exposed at `https://localhost:8443/swaggerapi`. The Swagger UI makes it easy to view your documentation - to view the docs for your local version of OpenShift start the server with CORS enabled: |
| ... | ... |
@@ -24,7 +24,7 @@ fi |
| 24 | 24 |
|
| 25 | 25 |
# Build the primary client/server for all platforms |
| 26 | 26 |
OS_BUILD_PLATFORMS=("${platforms[@]}")
|
| 27 |
-os::build::build_binaries "${OS_CROSS_COMPILE_TARGETS[@]}"
|
|
| 27 |
+OS_GOFLAGS_LINUX_AMD64="-tags=gssapi" os::build::build_binaries "${OS_CROSS_COMPILE_TARGETS[@]}"
|
|
| 28 | 28 |
|
| 29 | 29 |
# Build image binaries for a subset of platforms. Image binaries are currently |
| 30 | 30 |
# linux-only, and are compiled with flags to make them static for use in Docker |
| ... | ... |
@@ -317,8 +317,13 @@ os::build::internal::build_binaries() {
|
| 317 | 317 |
fi |
| 318 | 318 |
|
| 319 | 319 |
if [[ ${#nonstatics[@]} -gt 0 ]]; then
|
| 320 |
+ # allow per-os/arch build flags like OS_GOFLAGS_LINUX_AMD64 |
|
| 321 |
+ local platform_goflags_envvar=OS_GOFLAGS_$(echo ${platform} | tr '[:lower:]/' '[:upper:]_')
|
|
| 322 |
+ local platform_goflags |
|
| 323 |
+ eval "platform_goflags=(${!platform_goflags_envvar:-})"
|
|
| 324 |
+ |
|
| 320 | 325 |
GOOS=${platform%/*} GOARCH=${platform##*/} go install \
|
| 321 |
- "${goflags[@]:+${goflags[@]}}" \
|
|
| 326 |
+ "${goflags[@]:+${goflags[@]}}" "${platform_goflags[@]:+${platform_goflags[@]}}" \
|
|
| 322 | 327 |
-ldflags "${version_ldflags}" \
|
| 323 | 328 |
"${nonstatics[@]}"
|
| 324 | 329 |
|
| ... | ... |
@@ -137,8 +137,12 @@ else |
| 137 | 137 |
fi |
| 138 | 138 |
|
| 139 | 139 |
# Check openshift version |
| 140 |
-out=$(openshift version) |
|
| 141 |
-echo openshift: $out |
|
| 140 |
+echo "openshift version:" |
|
| 141 |
+openshift version |
|
| 142 |
+ |
|
| 143 |
+# Check oc version |
|
| 144 |
+echo "oc version:" |
|
| 145 |
+oc version |
|
| 142 | 146 |
|
| 143 | 147 |
# profile the web |
| 144 | 148 |
export OPENSHIFT_PROFILE="${WEB_PROFILE-}"
|
| ... | ... |
@@ -84,7 +84,8 @@ out=$( |
| 84 | 84 |
) |
| 85 | 85 |
|
| 86 | 86 |
# Setup |
| 87 |
-echo "[INFO] `openshift version`" |
|
| 87 |
+echo "[INFO] openshift version: `openshift version`" |
|
| 88 |
+echo "[INFO] oc version: `oc version`" |
|
| 88 | 89 |
echo "[INFO] Using images: ${USE_IMAGES}"
|
| 89 | 90 |
|
| 90 | 91 |
echo "[INFO] Starting OpenShift containerized server" |
| ... | ... |
@@ -55,6 +55,7 @@ ExclusiveArch: x86_64 |
| 55 | 55 |
Source0: https://%{import_path}/archive/%{commit}/%{name}-%{version}.tar.gz
|
| 56 | 56 |
BuildRequires: systemd |
| 57 | 57 |
BuildRequires: golang = %{golang_version}
|
| 58 |
+BuildRequires: krb5-devel |
|
| 58 | 59 |
Requires: %{name}-clients = %{version}-%{release}
|
| 59 | 60 |
Requires: iptables |
| 60 | 61 |
Obsoletes: openshift < %{package_refector_version}
|
| ... | ... |
@@ -187,10 +188,9 @@ pushd _thirdpartyhacks |
| 187 | 187 |
popd |
| 188 | 188 |
export GOPATH=$(pwd)/_build:$(pwd)/_thirdpartyhacks:%{buildroot}%{gopath}:%{gopath}
|
| 189 | 189 |
# Build all linux components we care about |
| 190 |
-for cmd in oc openshift dockerregistry |
|
| 191 |
-do |
|
| 192 |
- go install -ldflags "%{ldflags}" %{import_path}/cmd/${cmd}
|
|
| 193 |
-done |
|
| 190 |
+go install -ldflags "%{ldflags}" %{import_path}/cmd/dockerregistry
|
|
| 191 |
+go install -ldflags "%{ldflags}" -tags=gssapi %{import_path}/cmd/openshift
|
|
| 192 |
+go install -ldflags "%{ldflags}" -tags=gssapi %{import_path}/cmd/oc
|
|
| 194 | 193 |
go test -c -o _build/bin/extended.test -ldflags "%{ldflags}" %{import_path}/test/extended
|
| 195 | 194 |
|
| 196 | 195 |
%if 0%{?make_redistributable}
|
| ... | ... |
@@ -45,6 +45,10 @@ function wait_for_app() {
|
| 45 | 45 |
} |
| 46 | 46 |
|
| 47 | 47 |
os::test::junit::declare_suite_start "end-to-end/core" |
| 48 |
+ |
|
| 49 |
+echo "[INFO] openshift version: `openshift version`" |
|
| 50 |
+echo "[INFO] oc version: `oc version`" |
|
| 51 |
+ |
|
| 48 | 52 |
# service dns entry is visible via master service |
| 49 | 53 |
# find the IP of the master service by asking the API_HOST to verify DNS is running there |
| 50 | 54 |
MASTER_SERVICE_IP="$(dig "@${API_HOST}" "kubernetes.default.svc.cluster.local." +short A | head -n 1)"
|