Warnings that k8s service may not work #657
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,102 @@ | ||
| package cmdutil | ||
|
|
||
| import ( | ||
| "fmt" | ||
| "os" | ||
| "strings" | ||
| "syscall" | ||
|
|
||
| "github.com/spf13/cobra" | ||
| ) | ||
|
|
||
| const initialProcesEnvironmentVariables = "/proc/1/environ" | ||
|
|
||
| // paths to validate if root in the owner | ||
maci3jka marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| var pathsOwnershipCheck = []string{"/sys", "/proc", "/dev/kmsg"} | ||
|
|
||
| // HookVerifyResources checks ownership of dirs required for k8s to run. | ||
| // HookVerifyResources if verbose true prints out list of potenital issues. | ||
| // If potential issue found pops up warning for user. | ||
| func HookVerifyResources(verbose bool) func(*cobra.Command, []string) { | ||
maci3jka marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| return func(cmd *cobra.Command, args []string) { | ||
maci3jka marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| errMsgs := VerifyPaths() | ||
|
|
||
| // printing report | ||
| if len(errMsgs) > 0 { | ||
| if verbose { | ||
| cmd.PrintErrln("Warning: When validating required resources potential issues found:") | ||
| for _, errMsg := range errMsgs { | ||
| cmd.PrintErrln("\t", errMsg) | ||
| } | ||
| } | ||
| if lxd, err := validateLXD(); lxd { | ||
| cmd.PrintErrln("The lxc profile for MicroK8s might be missing.") | ||
maci3jka marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| cmd.PrintErrln("For running k8s inside LXD container refer to " + | ||
| "https://documentation.ubuntu.com/canonical-kubernetes/latest/snap/howto/install/lxd/") | ||
| } else if err != nil { | ||
| cmd.PrintErrf(err.Error()) | ||
|
|
||
| } | ||
| } | ||
| } | ||
| } | ||
|
|
||
| func VerifyPaths() []string { | ||
|
There was a problem hiding this comment. does this need to be public? |
||
| var errMsg []string | ||
| // check ownership of required dirs | ||
| for _, pathToCheck := range pathsOwnershipCheck { | ||
| if err := validateRootOwnership(pathToCheck); err != nil { | ||
| errMsg = append(errMsg, err.Error()) | ||
| } | ||
| } | ||
| return errMsg | ||
| } | ||
|
|
||
| func getOwnership(path string) (int, int, error) { | ||
maci3jka marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| info, err := os.Stat(path) | ||
| if err != nil { | ||
| if os.IsNotExist(err) { | ||
| return 0, 0, fmt.Errorf("%s do not exist", path) | ||
| } else { | ||
| return 0, 0, err | ||
| } | ||
| } | ||
| if stat, ok := info.Sys().(*syscall.Stat_t); ok { | ||
| return int(stat.Uid), int(stat.Gid), nil | ||
| } else { | ||
| return 0, 0, fmt.Errorf("cannot access %s", path) | ||
| } | ||
| } | ||
|
|
||
| // validateRootOwnership checks if given path owner root and root group. | ||
| func validateRootOwnership(path string) error { | ||
| UID, GID, err := getOwnership(path) | ||
| if err != nil { | ||
| return err | ||
| } | ||
| if UID != 0 { | ||
| return fmt.Errorf("owner of %s is user with UID %d expected 0", path, UID) | ||
| } | ||
| if GID != 0 { | ||
| return fmt.Errorf("owner of %s is group with GID %d expected 0", path, GID) | ||
| } | ||
| return nil | ||
| } | ||
|
|
||
| // validateLXD checks if k8s runs in lxd container if so returns link to documentation | ||
| func validateLXD() (bool, error) { | ||
maci3jka marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| dat, err := os.ReadFile(initialProcesEnvironmentVariables) | ||
maci3jka marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| if err != nil { | ||
| // if permission to file is missing we still want to display info about lxd | ||
| if os.IsPermission(err) { | ||
| return true, err | ||
| } | ||
| return false, err | ||
| } | ||
| env := string(dat) | ||
| if strings.Contains(env, "container=lxc") { | ||
|
|
||
maci3jka marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| return true, nil | ||
| } | ||
| return false, nil | ||
| } | ||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Process
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
also add a short comment please