def sequence_keysystem(ops: command.Operations,
skip_verify_keygateway: bool = False) -> None:
"set up and verify functionality of the keyserver and keygateway"
ops.add_command(
iterative_verifier(verify.check_supervisor_accessible, 30.0))
ops.add_subcommand(setup.setup_keyserver)
ops.add_command(iterative_verifier(verify.check_keystatics, 60.0))
ops.add_subcommand(setup.admit_keyserver)
if configuration.get_config().is_kerberos_enabled():
ops.add_subcommand(setup.setup_keygateway)
if not skip_verify_keygateway:
ops.add_command(verify.check_keygateway)
else:
ops.add_operation("skip keygateway verification", lambda: None)
else:
ops.add_operation("skip keygateway enablement (kerberos is disabled)",
lambda: None)
def sequence_supervisor(ops: command.Operations,
skip_verify_keygateway: bool = False) -> None:
"set up and verify functionality of entire supervisor node (keysystem + ssh)"
config = configuration.get_config()
ops.add_subcommand(sequence_keysystem,
skip_verify_keygateway=skip_verify_keygateway)
ops.add_command(iterative_verifier(verify.check_certs_on_supervisor, 20.0))
ops.add_subcommand(setup.setup_prometheus)
ops.add_subcommand(sequence_ssh)
ops.add_subcommand(setup.setup_bootstrap_registry)
ops.add_subcommand(setup.update_registry)
ops.add_command(deploy.launch_flannel)
ops.add_command(deploy.launch_dns_addon)
ops.add_command(deploy.launch_flannel_monitor)
ops.add_command(deploy.launch_dns_monitor)
if config.user_grant_domain != '':
ops.add_command(deploy.launch_user_grant)
else:
ops.add_operation("skip pre-deploying user-grant (not configured)",
lambda: None)
for node in config.nodes:
if node.kind == 'supervisor':
ops.add_subcommand(infra.infra_sync, node.hostname)
def sequence_ssh(ops: command.Operations) -> None:
"set up and verify ssh access to the supervisor node"
ops.add_command(access.access_ssh)
ops.add_subcommand(setup.setup_supervisor_ssh)
ops.add_command(iterative_verifier(verify.check_ssh_with_certs, 20.0))
def sequence_cluster(ops: command.Operations) -> None:
"set up and verify kubernetes infrastructure operation"
ops.add_command(iterative_verifier(verify.check_online, 120.0))
ops.add_command(iterative_verifier(verify.check_systemd_services, 120.0))
ops.add_command(iterative_verifier(verify.check_etcd_health, 120.0))
ops.add_command(iterative_verifier(verify.check_kube_health, 120.0))
ops.add_command(iterative_verifier(verify.check_pull, 120.0))
ops.add_command(iterative_verifier(verify.check_flannel_pods, 210.0))
ops.add_command(iterative_verifier(verify.check_exec, 120.0))
ops.add_command(iterative_verifier(verify.check_flannel, 120.0))
ops.add_command(iterative_verifier(verify.check_dns, 120.0))
if configuration.get_config().user_grant_domain == '':
ops.add_operation("skip verifying user-grant (not configured)",
lambda: None)
elif not verify.is_user_grant_verifiable():
ops.add_operation("skip verifying user-grant (no client certificate)",
lambda: None)
else:
ops.add_operation("verify that user-grant is working properly",
iterative_verifier(verify.check_user_grant, 120.0))