feat: enable token based node join process (#23)

* feat: enable token based node join process

adds a new way of deploying clusters. now we also support deploying one
controller node and then from there generate a token to add other nodes
manually.

this makes helmvm to behave closer to how kurl works.

* bug: return error on unsupported installation method

* feat: requiring root for localhost as single node deployment

* chore: rolling back "only root can applies" policy

this commit rolls back the policy that was restricting the "apply"
command to be run only by "root" users when deploying a single node
cluster using only localhost.

Author: ricardomaraschini

README.md

@@ -33,6 +33,63 @@ $ ./helmvm install --multi-node
 
 In this case, it's not necessary to execute this command exclusively on a Linux x86_64 machine. You have the flexibility to use any architecture for the process.
 
+## Deploying Individual Nodes
+
+HelmVM also facilitates deploying individual nodes through the use of tokens, deviating from the centralized approach.
+To follow this path, you need to exclude yourself from the centralized management facilitated via SSH.
+
+### Installing a Multi-Node Setup using Token-Based Deployment
+
+All operations should be executed directly on the Linux servers and require root privileges.
+Begin by deploying the first node:
+
+```
+server-0# helmvm install
+```
+
+After the cluster is online, you can generate a token to enable the addition of other nodes:
+
+```
+server-0# helmvm node token create --role controller
+INFO[0000] Creating node join token for role controller
+WARN[0000] You are opting out of the centralized cluster management.
+WARN[0000] Through the centralized management you can manage all your
+WARN[0000] cluster nodes from a single location. If you decide to move
+WARN[0000] on the centralized management won't be available anymore
+? Do you want to use continue ? Yes
+INFO[0002] Token created successfully.
+INFO[0002] This token is valid for 24h0m0s hours.
+INFO[0002] You can now run the following command in a remote node to add it
+INFO[0002] to the cluster as a "controller" node:
+helmvm node join --role "controller" "<token redacted>"
+server-0# 
+```
+
+Upon generating the token, you will be prompted to continue; press Enter to proceed (you will be opting out of the centralized management).
+The role in the command above can be either "controller" or "worker", with the generated token tailored to the selected role.
+Copy the command provided and run it on the server you wish to join to the cluster:
+
+```
+server-1# helmvm node join --role "controller" "<token redacted>"
+```
+
+For this to function, you must ensure that the HelmVM binary is present on all nodes within the cluster.
+
+
+### Upgrading clusters
+
+If your installation employs centralized management, simply download the newer version of HelmVM and execute:
+
+```
+$ helmvm apply
+```
+
+For installations without centralized management, download HelmVM, upload it to each server in your cluster, and execute the following command as **root** on each server:
+
+```
+# helmvm node upgrade
+```
+
 ## Interacting with the cluster
 
 Once the cluster has been deployed you can open a new terminal to interact with it using `kubectl`:

cmd/helmvm/install.go

@@ -35,7 +35,7 @@ func runPostApply(ctx context.Context) error {
 	orig := log.Log
 	rig.SetLogger(logger)
 	defer func() {
-		logger.Infof("post apply process finished")
+		logger.Infof("Post apply process finished")
 		close(logger)
 		<-end
 		log.Log = orig
@@ -152,7 +152,7 @@ func copyUserProvidedConfig(c *cli.Context) error {
 func ensureK0sctlConfig(c *cli.Context, nodes []infra.Node) error {
 	bundledir := c.String("bundle-dir")
 	bundledir = strings.TrimRight(bundledir, "/")
-	multi := c.Bool("multi-node")
+	multi := c.Bool("multi-node") || len(nodes) > 0
 	cfgpath := defaults.PathToConfig("k0sctl.yaml")
 	if usercfg := c.String("config"); usercfg != "" {
 		logrus.Infof("Using %s config file", usercfg)
@@ -229,10 +229,15 @@ func runK0sctlKubeconfig(ctx context.Context) error {
 	}
 	defer fp.Close()
 	cfgpath := defaults.PathToConfig("k0sctl.yaml")
+	if _, err := os.Stat(cfgpath); err != nil {
+		os.RemoveAll(kpath)
+		return fmt.Errorf("cluster configuration not found")
+	}
 	kctl := exec.Command(bin, "kubeconfig", "-c", cfgpath, "--disable-telemetry")
 	kctl.Stderr = fp
 	kctl.Stdout = fp
 	if err := kctl.Run(); err != nil {
+		os.RemoveAll(kpath)
 		return fmt.Errorf("unable to run kubeconfig: %w", err)
 	}
 	logrus.Infof("Kubeconfig saved to %s", kpath)
@@ -310,6 +315,12 @@ var installCommand = &cli.Command{
 		},
 	},
 	Action: func(c *cli.Context) error {
+		if defaults.DecentralizedInstall() {
+			logrus.Warnf("Decentralized install was detected. To manage the cluster")
+			logrus.Warnf("you have to use the '%s node' commands instead.", defaults.BinaryName())
+			logrus.Warnf("Run '%s node --help' for more information.", defaults.BinaryName())
+			return fmt.Errorf("decentralized install detected")
+		}
 		logrus.Infof("Materializing binaries")
 		if err := goods.Materialize(); err != nil {
 			return fmt.Errorf("unable to materialize binaries: %w", err)

cmd/helmvm/join.go

@@ -0,0 +1,171 @@
+package main
+
+import (
+	"bytes"
+	"fmt"
+	"io"
+	"os"
+	"os/exec"
+	"runtime"
+
+	"github.com/sirupsen/logrus"
+	"github.com/urfave/cli/v2"
+
+	"github.com/replicatedhq/helmvm/pkg/defaults"
+	"github.com/replicatedhq/helmvm/pkg/goods"
+)
+
+var joinCommand = &cli.Command{
+	Name:  "join",
+	Usage: "Join the current node to an existing cluster",
+	Flags: []cli.Flag{
+		&cli.StringFlag{
+			Name:  "role",
+			Usage: "The role of the node (can be controller or worker)",
+			Value: "worker",
+		},
+	},
+	Action: func(c *cli.Context) error {
+		if err := canRunJoin(c); err != nil {
+			return err
+		}
+		logrus.Infof("Materializing binaries")
+		if err := goods.Materialize(); err != nil {
+			return fmt.Errorf("unable to materialize binaries: %w", err)
+		}
+		logrus.Infof("Saving token to disk")
+		if err := saveTokenToDisk(c.Args().First()); err != nil {
+			return fmt.Errorf("unable to save token to disk: %w", err)
+		}
+		logrus.Infof("Installing binary")
+		if err := installK0sBinary(); err != nil {
+			return fmt.Errorf("unable to install k0s binary: %w", err)
+		}
+		logrus.Infof("Joining node to cluster")
+		if err := runK0sInstallCommand(c.String("role")); err != nil {
+			return fmt.Errorf("unable to join node to cluster: %w", err)
+		}
+		logrus.Infof("Creating systemd unit file")
+		if err := createSystemdUnitFile(c.String("role")); err != nil {
+			return fmt.Errorf("unable to create systemd unit file: %w", err)
+		}
+		logrus.Infof("Starting service")
+		if err := startK0sService(); err != nil {
+			return fmt.Errorf("unable to start service: %w", err)
+		}
+		return nil
+	},
+}
+
+// saveTokenToDisk saves the provided token in "/etc/k0s/join-token".
+func saveTokenToDisk(token string) error {
+	if err := os.MkdirAll("/etc/k0s", 0755); err != nil {
+		return err
+	}
+	data := []byte(token)
+	if err := os.WriteFile("/etc/k0s/join-token", data, 0644); err != nil {
+		return err
+	}
+	return nil
+}
+
+// installK0sBinary saves the embedded k0s binary to disk under /usr/local/bin.
+func installK0sBinary() error {
+	in, err := os.Open(defaults.K0sBinaryPath())
+	if err != nil {
+		return fmt.Errorf("unable to open embedded k0s binary: %w", err)
+	}
+	defer in.Close()
+	out, err := os.OpenFile("/usr/local/bin/k0s", os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0755)
+	if err != nil {
+		return fmt.Errorf("unable to open k0s binary: %w", err)
+	}
+	defer out.Close()
+	if _, err := io.Copy(out, in); err != nil {
+		return fmt.Errorf("unable to copy k0s binary: %w", err)
+	}
+	return nil
+}
+
+// startK0sService starts the k0s service.
+func startK0sService() error {
+	cmd := exec.Command("/usr/local/bin/k0s", "start")
+	stdout := bytes.NewBuffer(nil)
+	stderr := bytes.NewBuffer(nil)
+	cmd.Stdout = stdout
+	cmd.Stderr = stderr
+	if err := cmd.Run(); err != nil {
+		logrus.Errorf("service start failed:")
+		fmt.Fprintf(os.Stderr, "%s\n", stderr.String())
+		fmt.Fprintf(os.Stdout, "%s\n", stdout.String())
+		return err
+	}
+	return nil
+}
+
+// canRunJoin checks if we can run the join command. Checks if we are running on linux,
+// if we are root, and if a token has been provided through the command line.
+func canRunJoin(c *cli.Context) error {
+	if runtime.GOOS != "linux" {
+		return fmt.Errorf("join command is only supported on linux")
+	}
+	if os.Getuid() != 0 {
+		return fmt.Errorf("join command must be run as root")
+	}
+	if c.Args().Len() != 1 {
+		return fmt.Errorf("usage: %s node join <token>", defaults.BinaryName())
+	}
+	if role := c.String("role"); role != "controller" && role != "worker" {
+		return fmt.Errorf("role must be either controller or worker")
+	}
+	return nil
+}
+
+// createSystemdUnitFile links the k0s systemd unit file.
+func createSystemdUnitFile(role string) error {
+	dst := fmt.Sprintf("/etc/systemd/system/%s.service", defaults.BinaryName())
+	if _, err := os.Stat(dst); err == nil {
+		if err := os.Remove(dst); err != nil {
+			return err
+		}
+	}
+	src := "/etc/systemd/system/k0scontroller.service"
+	if role == "worker" {
+		src = "/etc/systemd/system/k0sworker.service"
+	}
+	if err := os.Symlink(src, dst); err != nil {
+		return err
+	}
+	cmd := exec.Command("systemctl", "daemon-reload")
+	stdout := bytes.NewBuffer(nil)
+	stderr := bytes.NewBuffer(nil)
+	cmd.Stdout = stdout
+	cmd.Stderr = stderr
+	if err := cmd.Run(); err != nil {
+		logrus.Errorf("systemctl reload failed:")
+		fmt.Fprintf(os.Stderr, "%s\n", stderr.String())
+		fmt.Fprintf(os.Stdout, "%s\n", stdout.String())
+		return err
+	}
+	return nil
+}
+
+// runK0sInstallCommand runs the 'k0s install' command using the provided role.
+func runK0sInstallCommand(role string) error {
+	a := []string{"install", role, "--token-file", "/etc/k0s/join-token", "--force"}
+	if role == "controller" {
+		a = append(a, "--enable-worker")
+	}
+	cmd := exec.Command("/usr/local/bin/k0s", a...)
+	stdout := bytes.NewBuffer(nil)
+	stderr := bytes.NewBuffer(nil)
+	cmd.Stdout = stdout
+	cmd.Stderr = stderr
+	if err := cmd.Run(); err != nil {
+		logrus.Errorf("install failed:")
+		fmt.Fprintf(os.Stderr, "%s\n", stderr.String())
+		fmt.Fprintf(os.Stdout, "%s\n", stdout.String())
+		return err
+	}
+	return nil
+}

cmd/helmvm/node.go

@@ -16,6 +16,9 @@ var nodeCommands = &cli.Command{
 		nodeStopCommand,
 		nodeStartCommand,
 		nodeListCommand,
+		tokenCommands,
+		joinCommand,
+		upgradeCommand,
 	},
 }
 

cmd/helmvm/shell.go

@@ -38,6 +38,10 @@ var shellCommand = &cli.Command{
 	Name:  "shell",
 	Usage: "Starts a shell with access to the running cluster",
 	Action: func(c *cli.Context) error {
+		cfgpath := defaults.PathToConfig("kubeconfig")
+		if _, err := os.Stat(cfgpath); err != nil {
+			return fmt.Errorf("kubeconfig not found at %s", cfgpath)
+		}
 		shpath := os.Getenv("SHELL")
 		if shpath == "" {
 			shpath = "/bin/bash"