diff --git a/pkg/cluster/bootstrap.go b/pkg/cluster/bootstrap.go index ca9e4e093f..dd47fa8bd7 100644 --- a/pkg/cluster/bootstrap.go +++ b/pkg/cluster/bootstrap.go @@ -21,13 +21,14 @@ func (c *Cluster) Bootstrap(ctx context.Context) error { return err } - runBootstrap, err := c.shouldBootstrapLoad(ctx) + shouldBootstrap, err := c.shouldBootstrapLoad(ctx) if err != nil { return err } - c.shouldBootstrap = runBootstrap - if runBootstrap { + c.shouldBootstrap = shouldBootstrap + + if shouldBootstrap { if err := c.bootstrap(ctx); err != nil { return err } @@ -93,15 +94,18 @@ func (c *Cluster) shouldBootstrapLoad(ctx context.Context) (bool, error) { // bootstrapped touches a file to indicate that bootstrap has been completed. func (c *Cluster) bootstrapped() error { - if err := os.MkdirAll(filepath.Dir(c.bootstrapStamp()), 0700); err != nil { + stamp := c.bootstrapStamp() + if err := os.MkdirAll(filepath.Dir(stamp), 0700); err != nil { return err } - if _, err := os.Stat(c.bootstrapStamp()); err == nil { + // return if file already exists + if _, err := os.Stat(stamp); err == nil { return nil } - f, err := os.Create(c.bootstrapStamp()) + // otherwise try to create it + f, err := os.Create(stamp) if err != nil { return err } diff --git a/pkg/cluster/encrypt.go b/pkg/cluster/encrypt.go index 5dd2b51a6a..5238622078 100644 --- a/pkg/cluster/encrypt.go +++ b/pkg/cluster/encrypt.go @@ -19,9 +19,7 @@ import ( // storageKey returns the etcd key for storing bootstrap data for a given passphrase. // The key is derived from the sha256 hash of the passphrase. func storageKey(passphrase string) string { - d := sha256.New() - d.Write([]byte(passphrase)) - return "/bootstrap/" + hex.EncodeToString(d.Sum(nil)[:])[:12] + return "/bootstrap/" + keyHash(passphrase) } // keyHash returns the first 12 characters of the sha256 sum of the passphrase. diff --git a/pkg/cluster/https.go b/pkg/cluster/https.go index 33cd29a577..d7fa1f0aed 100644 --- a/pkg/cluster/https.go +++ b/pkg/cluster/https.go @@ -36,22 +36,23 @@ func (c *Cluster) newListener(ctx context.Context) (net.Listener, http.Handler, storage := tlsStorage(ctx, c.config.DataDir, c.runtime) return dynamiclistener.NewListener(tcp, storage, cert, key, dynamiclistener.Config{ - CN: version.Program, - Organization: []string{version.Program}, + ExpirationDaysCheck: config.CertificateRenewDays, + Organization: []string{version.Program}, + SANs: append(c.config.SANs, "localhost", "kubernetes", "kubernetes.default", "kubernetes.default.svc."+c.config.ClusterDomain), + CN: version.Program, TLSConfig: &tls.Config{ ClientAuth: tls.RequestClientCert, MinVersion: c.config.TLSMinVersion, CipherSuites: c.config.TLSCipherSuites, }, - SANs: append(c.config.SANs, "localhost", "kubernetes", "kubernetes.default", "kubernetes.default.svc."+c.config.ClusterDomain), - ExpirationDaysCheck: config.CertificateRenewDays, }) } // initClusterAndHTTPS sets up the dynamic tls listener, request router, // and cluster database. Once the database is up, it starts the supervisor http server. func (c *Cluster) initClusterAndHTTPS(ctx context.Context) error { - l, handler, err := c.newListener(ctx) + // Set up dynamiclistener TLS listener and request handler + listener, handler, err := c.newListener(ctx) if err != nil { return err } @@ -76,7 +77,7 @@ func (c *Cluster) initClusterAndHTTPS(ctx context.Context) error { // Start the supervisor http server on the tls listener go func() { - err := server.Serve(l) + err := server.Serve(listener) logrus.Fatalf("server stopped: %v", err) }() diff --git a/pkg/cluster/managed.go b/pkg/cluster/managed.go index 88c1b354b2..ba00e2e59e 100644 --- a/pkg/cluster/managed.go +++ b/pkg/cluster/managed.go @@ -5,13 +5,10 @@ package cluster import ( "context" - "net" "net/http" - "strings" "time" "github.com/rancher/k3s/pkg/cluster/managed" - "github.com/rancher/kine/pkg/endpoint" "github.com/sirupsen/logrus" )