Ensure the configure hook detects the API server coming up (#3009)

canonical · Apr 1, 2022 · 4d7eef6 · 4d7eef6
1 parent b971877
commit 4d7eef6
Show file tree

Hide file tree

Showing 5 changed files with 98 additions and 12 deletions.
diff --git a/microk8s-resources/actions/common/utils.sh b/microk8s-resources/actions/common/utils.sh
@@ -825,6 +825,15 @@ fetch_as() {
 
 ############################# Strict functions ######################################
 
+log_init () {
+  echo `date +"[%m-%d %H:%M:%S]" start logging` > $SNAP_COMMON/var/log/microk8s.log
+}
+
+log () {
+  echo -n `date +"[%m-%d %H:%M:%S]"` >> $SNAP_COMMON/var/log/microk8s.log
+  echo ": $@" >> $SNAP_COMMON/var/log/microk8s.log
+}
+
 is_strict() {
   # Return 0 if we are in strict mode
   if cat $SNAP/meta/snap.yaml | grep confinement | grep -q strict
@@ -878,15 +887,14 @@ check_snap_interfaces() {
     then
         snapctl set-health blocked "You must connect ${missing[*]} before proceeding"
         exit 0
-    else
-        if [ $1 -gt 0 ]
-        then
-            snapctl start --enable ${SNAP_NAME}
-            snapctl set-health okay
-        fi
     fi
 }
 
+enable_snap() {
+  snapctl start --enable ${SNAP_NAME}
+  snapctl set-health okay
+}
+
 exit_if_not_root() {
   # test if we run with sudo
   if [ "$EUID" -ne 0 ]

diff --git a/snap/hooks/configure b/snap/hooks/configure
@@ -9,7 +9,10 @@ fi
 
 source $SNAP/actions/common/utils.sh
 
-check_snap_interfaces 0  # Check for interfaces but do not start until this script has run.
+ARCH="$($SNAP/bin/uname -m)"
+export LD_LIBRARY_PATH="$SNAP/lib:$SNAP/usr/lib:$SNAP/lib/$ARCH-linux-gnu:$SNAP/usr/lib/$ARCH-linux-gnu"
+
+check_snap_interfaces # Check for interfaces but do not start until this script has run.
 
 need_api_restart=false
 need_proxy_restart=false
@@ -358,8 +361,6 @@ then
   chgrp snap_microk8s -R ${SNAP_COMMON}/addons ${SNAP_DATA}/credentials/ ${SNAP_DATA}/certs/ ${SNAP_DATA}/args/ ${SNAP_DATA}/var/lock/ ${SNAP_DATA}/var/kubernetes/backend/ ${SNAP_DATA}/tmp/ || true
 fi
 
-try_copy_users_to_snap_microk8s
-
 if ! [ -e "${SNAP_DATA}/opt/cni/bin/flanneld" ]
 then
   # cover situation where cilium was installed prior to this update
@@ -603,6 +604,8 @@ fi
 # Refresh calico if needed
 refresh_calico_if_needed
 
+enable_snap
+
 # Restart reconfigured services
 if ${need_api_restart} ||
    ${need_proxy_restart} ||
@@ -654,4 +657,3 @@ then
   fi
 fi
 
-check_snap_interfaces 1  # Check for interfaces and enable all services.
diff --git a/snap/hooks/connect-plug-account-control b/snap/hooks/connect-plug-account-control
@@ -0,0 +1 @@
+./configure
diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml
@@ -53,9 +53,12 @@ slots:
 hooks:
   configure:
     plugs:
+      - account-control
       - dot-kube
+      - network
   install:
     plugs:
+      - account-control
       - network-bind
       - firewall-control
       - network-control
@@ -69,93 +72,162 @@ hooks:
   connect-plug-network-control:
     plugs:
       - dot-kube
+      - network
       - kernel-module-control
       - network-control
   disconnect-plug-network-control:
     plugs:
       - dot-kube
       - kernel-module-control
+      - network
+      - network-control
+  connect-plug-account-control:
+    plugs:
+      - dot-kube
+      - network
+      - network-bind
       - network-control
   connect-plug-docker-privileged:
     plugs:
       - dot-kube
+      - network
       - network-bind
+      - network-control
   connect-plug-kubernetes-support:
     plugs:
       - dot-kube
+      - network
       - network-bind
+      - network-control
   connect-plug-k8s-kubelet:
     plugs:
       - dot-kube
+      - network
       - network-bind
+      - network-control
   connect-plug-k8s-kubeproxy:
     plugs:
       - dot-kube
+      - network
       - network-bind
+      - network-control
   connect-plug-dot-kube:
     plugs:
       - dot-kube
+      - network
       - network-bind
+      - network-control
   connect-plug-network:
     plugs:
       - dot-kube
+      - network
       - network-bind
+      - network-control
   connect-plug-network-bind:
     plugs:
       - dot-kube
+      - network
       - network-bind
+      - network-control
   connect-plug-network-observe:
     plugs:
       - dot-kube
+      - network
       - network-bind
+      - network-control
   connect-plug-firewall-control:
     plugs:
       - dot-kube
+      - network
       - network-bind
+      - network-control
   connect-plug-process-control:
     plugs:
       - dot-kube
+      - network
       - network-bind
+      - network-control
   connect-plug-kernel-module-observe:
     plugs:
       - dot-kube
+      - network
       - network-bind
+      - network-control
   connect-plug-mount-observe:
     plugs:
       - dot-kube
+      - network
       - network-bind
+      - network-control
   connect-plug-hardware-observe:
     plugs:
       - dot-kube
+      - network
       - network-bind
+      - network-control
   connect-plug-system-observe:
     plugs:
       - dot-kube
+      - network
       - network-bind
+      - network-control
   connect-plug-home:
     plugs:
       - dot-kube
+      - network
       - network-bind
+      - network-control
   connect-plug-opengl:
     plugs:
       - dot-kube
+      - network
       - network-bind
+      - network-control
   connect-plug-k8s-journald:
     plugs:
       - dot-kube
+      - network
       - network-bind
+      - network-control
   connect-plug-cifs-mount:
     plugs:
       - dot-kube
+      - network
       - network-bind
   connect-plug-fuse-support:
     plugs:
       - dot-kube
+      - network
       - network-bind
   connect-plug-kernel-crypto-api:
     plugs:
       - dot-kube
+      - network
+      - network-bind
+  connect-plug-dot-config-helm:
+    plugs:
+      - dot-kube
+      - network
+      - network-bind
+      - network-control
+  connect-plug-log-observe:
+    plugs:
+      - dot-kube
+      - network
       - network-bind
+      - network-control
+  connect-plug-login-session-observe:
+    plugs:
+      - dot-kube
+      - network
+      - network-bind
+      - network-control
+  connect-plug-home-read-all:
+    plugs:
+      - dot-kube
+      - network
+      - network-bind
+      - network-control
 
 apps:
   microk8s:
@@ -337,6 +409,7 @@ apps:
     plugs:
       - docker-unprivileged
       - dot-kube
+      - network
       - home-read-all
       - firewall-control
       - network-bind

diff --git a/tests/connect-all-interfaces.sh b/tests/connect-all-interfaces.sh
@@ -10,7 +10,8 @@ fi
 for i in account-control \
          docker-privileged \
          kubernetes-support \
-         k8s-journald k8s-kubelet \
+         k8s-journald \
+         k8s-kubelet \
          k8s-kubeproxy \
          dot-kube \
          network \
@@ -23,7 +24,8 @@ for i in account-control \
          mount-observe \
          hardware-observe \
          system-observe \
-         home opengl \
+         home \
+         opengl \
          home-read-all \
          login-session-observe \
          log-observe \