From c28fad51ddb84726708db13b46773b38c733ca2f Mon Sep 17 00:00:00 2001 From: yy Date: Wed, 18 Oct 2023 11:29:04 +0800 Subject: [PATCH] add secret to set mongo uri, delete preset from license. --- controllers/license/Dockerfile | 4 +- controllers/license/Makefile | 4 +- controllers/license/cmd/launcher/main.go | 35 ----- controllers/license/cmd/preset/main.go | 141 ------------------ .../license/config/manager/manager.yaml | 7 +- .../license/deploy/manifests/deploy.yaml | 7 +- .../license/deploy/manifests/secret.yaml.tmpl | 7 + 7 files changed, 19 insertions(+), 186 deletions(-) delete mode 100644 controllers/license/cmd/launcher/main.go delete mode 100644 controllers/license/cmd/preset/main.go create mode 100644 controllers/license/deploy/manifests/secret.yaml.tmpl diff --git a/controllers/license/Dockerfile b/controllers/license/Dockerfile index c82354f221f..3b62cb38731 100644 --- a/controllers/license/Dockerfile +++ b/controllers/license/Dockerfile @@ -5,7 +5,5 @@ WORKDIR / USER 65532:65532 COPY bin/controller-licenseissuer-$TARGETARCH /manager -COPY bin/preset-$TARGETARCH /preset -COPY bin/launcher-$TARGETARCH /launcher -ENTRYPOINT ["/launcher"] \ No newline at end of file +ENTRYPOINT ["/manager"] \ No newline at end of file diff --git a/controllers/license/Makefile b/controllers/license/Makefile index 5c037fb35ab..d4c4e5df67c 100644 --- a/controllers/license/Makefile +++ b/controllers/license/Makefile @@ -71,9 +71,7 @@ build: manifests generate fmt vet ## Build manager binary. LD_FLAGS=""; \ [ -n "$(CRYPTOKEY)" ] && LD_FLAGS+="-X ${CONTROLLER_PKG}/crypto.encryptionKey=${CRYPTOKEY} -X ${CONTROLLER_PKG}/database.cryptoKey=${CRYPTOKEY}"; \ [ -n "$(LICENSE_KEY)" ] && LD_FLAGS+=" -X ${CONTROLLER_LICENSE}/util/key.EncryptionKey=${LICENSE_KEY}"; \ - CGO_ENABLED=0 GOOS=linux go build -ldflags "$${LD_FLAGS}" -o bin/manager cmd/manager/main.go && \ - CGO_ENABLED=0 GOOS=linux go build -o bin/preset-${GOARCH} cmd/preset/main.go && chmod +x bin/preset-${GOARCH} && \ - CGO_ENABLED=0 GOOS=linux go build -o bin/launcher-${GOARCH} cmd/launcher/main.go && chmod +x bin/launcher-${GOARCH} + CGO_ENABLED=0 GOOS=linux go build -ldflags "$${LD_FLAGS}" -o bin/manager cmd/manager/main.go .PHONY: run diff --git a/controllers/license/cmd/launcher/main.go b/controllers/license/cmd/launcher/main.go deleted file mode 100644 index d1b1971e9a9..00000000000 --- a/controllers/license/cmd/launcher/main.go +++ /dev/null @@ -1,35 +0,0 @@ -package main - -import ( - "os" - "os/exec" - "sync" - - "github.com/labring/sealos/controllers/pkg/utils/logger" -) - -func main() { - launch("/preset", "/manager") -} - -func run(path string) error { - // nosemgrep: go.lang.security.audit.dangerous-exec-command.dangerous-exec-command - cmd := exec.Command(path) - cmd.Stdout = os.Stdout - cmd.Stderr = os.Stderr - return cmd.Run() -} - -func launch(path ...string) { - var wg sync.WaitGroup - for _, p := range path { - wg.Add(1) - go func(p string) { - defer wg.Done() - if err := run(p); err != nil { - logger.Error(err, "Failed to run "+p) - } - }(p) - } - wg.Wait() -} diff --git a/controllers/license/cmd/preset/main.go b/controllers/license/cmd/preset/main.go deleted file mode 100644 index 81024d20948..00000000000 --- a/controllers/license/cmd/preset/main.go +++ /dev/null @@ -1,141 +0,0 @@ -package main - -import ( - "context" - "crypto/sha256" - "encoding/base64" - "encoding/hex" - "fmt" - "os" - "time" - - "github.com/google/uuid" - userUtil "github.com/labring/sealos/controllers/license/internal/util/user" - "go.mongodb.org/mongo-driver/bson" - "go.mongodb.org/mongo-driver/mongo" - mongoOptions "go.mongodb.org/mongo-driver/mongo/options" - "k8s.io/apimachinery/pkg/runtime" - ctrl "sigs.k8s.io/controller-runtime" -) - -var ( - scheme = runtime.NewScheme() - presetLog = ctrl.Log.WithName("preset") - SaltKey = os.Getenv("SaltKey") -) - -const MaxRetryConnectDB = 10 - -func main() { - // TODO do something - err := presetUser(context.Background()) - if err != nil { - presetLog.Error(err, "failed to preset root user") - os.Exit(1) - } - presetLog.Info("preset root user successfully") -} - -func presetUser(ctx context.Context) error { - //init mongodb database - client, err := initMongoDB(ctx) - defer client.Disconnect(context.Background()) - if err != nil { - presetLog.Error(err, "unable to connect to database") - os.Exit(1) - } - - // preset root user - uuid := uuid.New().String() - passwd := HashPassword(userUtil.DefaultPassword, SaltKey) - user := NewUser(uuid, userUtil.DefaultUser, userUtil.DefaultUser, passwd, userUtil.DefaultK8sUser) - userDB := os.Getenv("MONGO_USER_DB") - userCol := os.Getenv("MONGO_USER_COL") - collection := client.Database(userDB).Collection(userCol) - - // check if the user already exists - exist := IsExists(ctx, collection) - if exist { - presetLog.Info("root user already exists") - return nil - } - // insert root user - insertResult, err := collection.InsertOne(context.Background(), user) - if err != nil { - presetLog.Error(err, "failed to insert root user") - return err - } - presetLog.Info("insert root user successfully", "insertResult", insertResult) - return nil -} - -func IsExists(ctx context.Context, collection *mongo.Collection) bool { - filter := bson.M{"password_user": userUtil.DefaultUser} - var existingUser userUtil.User - err := collection.FindOne(ctx, filter).Decode(&existingUser) - return err == nil -} - -func NewUser(uid, name, passwordUser, password, k8sUser string) userUtil.User { - return userUtil.User{ - UID: uid, - Name: name, - PasswordUser: passwordUser, - Password: password, - // to iso string - CreatedTime: time.Now().Format(time.RFC3339), - K8sUsers: []userUtil.K8sUser{ - { - Name: k8sUser, - }, - }, - } -} - -func HashPassword(password string, saltKey string) string { - hash := sha256.New() - validSalt, err := DecodeBase64(saltKey) - if err != nil { - presetLog.Error(err, "failed to decode salt") - os.Exit(1) - } - hash.Write([]byte(password + string(validSalt))) - return hex.EncodeToString(hash.Sum(nil)) -} - -func DecodeBase64(s string) ([]byte, error) { - data, err := base64.StdEncoding.DecodeString(s) - if err != nil { - presetLog.Error(err, "failed to decode base64") - return nil, err - } - return data, nil -} - -func initMongoDB(ctx context.Context) (*mongo.Client, error) { - var client *mongo.Client - var err error - MongoURI := os.Getenv("MONGO_URI") - clientOptions := mongoOptions.Client().ApplyURI(MongoURI) - for i := 0; i < MaxRetryConnectDB; i++ { - client, err = mongo.Connect(ctx, clientOptions) - if err != nil { - presetLog.Error(err, "failed to connect to mongo") - time.Sleep(5 * time.Second) - continue - } - err = client.Ping(ctx, nil) - if err != nil { - presetLog.Error(err, "failed to ping mongo") - time.Sleep(5 * time.Second) - continue - } - presetLog.Info("connect to mongo successfully") - break - } - if err != nil { - return nil, fmt.Errorf("failed to connect to mongo: %w", err) - } - return client, nil - -} diff --git a/controllers/license/config/manager/manager.yaml b/controllers/license/config/manager/manager.yaml index 46df8d7de38..12a7f0756ea 100644 --- a/controllers/license/config/manager/manager.yaml +++ b/controllers/license/config/manager/manager.yaml @@ -72,8 +72,11 @@ spec: - --leader-elect image: controller:latest env: - - name: MONOGOURI - value: "" + - name: MONGO_URI + valueFrom: + secretKeyRef: + name: license-secret + key: MONGO_URI name: manager securityContext: allowPrivilegeEscalation: false diff --git a/controllers/license/deploy/manifests/deploy.yaml b/controllers/license/deploy/manifests/deploy.yaml index 33c1358a068..03c9f97cb93 100644 --- a/controllers/license/deploy/manifests/deploy.yaml +++ b/controllers/license/deploy/manifests/deploy.yaml @@ -373,8 +373,11 @@ spec: command: - /manager env: - - name: MONOGOURI - value: "" + - name: MONGO_URI + valueFrom: + secretKeyRef: + key: MONGO_URI + name: license-secret image: ghcr.io/labring/sealos-license-controller:latest livenessProbe: httpGet: diff --git a/controllers/license/deploy/manifests/secret.yaml.tmpl b/controllers/license/deploy/manifests/secret.yaml.tmpl new file mode 100644 index 00000000000..2740fd47ab1 --- /dev/null +++ b/controllers/license/deploy/manifests/secret.yaml.tmpl @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Secret +metadata: + name: license-secret + namespace: license-system +stringData: + MONGO_URI: "{{ .MONGO_URI }}" \ No newline at end of file