Enhanced ops script (#18)

* removed print-etcd-cert-paths and introduced print-etcd-cheatsheet.sh * Added command to script and minor changes to script * Updated ops/Dockerfile and docs * Added license headers * Added check to script for empty variables * Addressed review comment --------- Co-authored-by: aaronfern <[email protected]>
gardener · Dec 6, 2023 · cc195ef · cc195ef
1 parent bdc439e
commit cc195ef
Show file tree

Hide file tree

Showing 16 changed files with 401 additions and 20 deletions.
diff --git a/cmd/etcd_test.go b/cmd/etcd_test.go
@@ -1,3 +1,17 @@
+// Copyright 2023 SAP SE or an SAP affiliate company
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
 package cmd
 
 import (

diff --git a/docs/deployment/ops.md b/docs/deployment/ops.md
@@ -50,17 +50,110 @@ There are two options to upload the docker image:
 
 Now you have a new container as a part of the pod. You can exec into this newly created container and freely run any bash command or any etcdctl command.
 
-### Get ETCD PKI resource paths
+### Get ETCD PKI resource paths and common commands
 
 If TLS has been enabled then you will need to provide paths to CA-Cert, Server-Cert and  Server-Key to connect to etcd process via `etcdctl`. To get the paths a convenience script is provided which will print all required PKI resource paths.
+This script also doubles up as a cheatsheet that contains some of the most common `etcdctl` commands that an operator might use along with their PKI resource paths
 
 ```bash
-> print-etcd-cert-paths
+> print-etcd-cheatsheet
  📌 ETCD PKI resource paths:
   --------------------------------------------------
   --cacert=proc/<etcd-wrapper-process-id>/root/var/etcd/ssl/client/ca/bundle.crt
   --cert=proc/<etcd-wrapper-process-id>/root/var/etcd/ssl/client/client/tls.crt
   --key=proc/<etcd-wrapper-process-id>/root/var/etcd/ssl/client/client/tls.key
+
+ 📌 ETCD configuration path:
+  --------------------------------------------------
+  In etcd-wrapper: proc/<etcd-wrapper-process-id>/root/home/nonroot/etcd.conf.yaml
+  In etcd-backup-restore: proc/<backup-restore-process-id>/root/home/nonroot/etcd.conf.yaml
+
+ 📌 ETCD data directory:
+  --------------------------------------------------
+  proc/<etcd-wrapper-process-id>/root/var/etcd/data
+
+ 📌 ETCD maintenance commands:
+  --------------------------------------------------
+  List all etcd members:
+  etcdctl member list -w table \
+  --cacert=proc/<etcd-wrapper-process-id>/root/var/etcd/ssl/client/ca/bundle.crt \
+  --cert=proc/<etcd-wrapper-process-id>/root/var/etcd/ssl/client/client/tls.crt \
+  --key=proc/<etcd-wrapper-process-id>/root/var/etcd/ssl/client/client/tls.key \
+  --endpoints=https://etcd-main-local:2379
+
+  Update etcd member peer URL:
+  etcdctl member update <member-id> \
+  --peer-urls=<new-peer-url-to-set> \
+  --cacert=proc/<etcd-wrapper-process-id>/root/var/etcd/ssl/client/ca/bundle.crt \
+  --cert=proc/<etcd-wrapper-process-id>/root/var/etcd/ssl/client/client/tls.crt \
+  --key=proc/<etcd-wrapper-process-id>/root/var/etcd/ssl/client/client/tls.key \
+  --endpoints=https://etcd-main-local:2379
+
+  Get endpoint status for the etcd cluster:
+  etcdctl endpoint -w table --cluster status \
+  --cacert=proc/<etcd-wrapper-process-id>/root/var/etcd/ssl/client/ca/bundle.crt \
+  --cert=proc/<etcd-wrapper-process-id>/root/var/etcd/ssl/client/client/tls.crt \
+  --key=proc/<etcd-wrapper-process-id>/root/var/etcd/ssl/client/client/tls.key \
+  --endpoints=https://etcd-main-local:2379
+
+  List all alarms:
+  etcdctl alarm list \
+  --cacert=proc/<etcd-wrapper-process-id>/root/var/etcd/ssl/client/ca/bundle.crt \
+  --cert=proc/<etcd-wrapper-process-id>/root/var/etcd/ssl/client/client/tls.crt \
+  --key=proc/<etcd-wrapper-process-id>/root/var/etcd/ssl/client/client/tls.key \
+  --endpoints=https://etcd-main-local:2379
+
+  Disarm all alarms:
+  etcdctl alarm disarm \
+  --cacert=proc/<etcd-wrapper-process-id>/root/var/etcd/ssl/client/ca/bundle.crt \
+  --cert=proc/<etcd-wrapper-process-id>/root/var/etcd/ssl/client/client/tls.crt \
+  --key=proc/<etcd-wrapper-process-id>/root/var/etcd/ssl/client/client/tls.key \
+  --endpoints=https://etcd-main-local:2379
+
+  Defragment etcd:
+  etcdctl defrag \
+  --cacert=proc/<etcd-wrapper-process-id>/root/var/etcd/ssl/client/ca/bundle.crt \
+  --cert=proc/<etcd-wrapper-process-id>/root/var/etcd/ssl/client/client/tls.crt \
+  --key=proc/<etcd-wrapper-process-id>/root/var/etcd/ssl/client/client/tls.key \
+  --endpoints=https://etcd-main-local:2379
+
+  Change leadership:
+  etcdctl move-leader <new-leader-member-id> \
+  --cacert=proc/<etcd-wrapper-process-id>/root/var/etcd/ssl/client/ca/bundle.crt \
+  --cert=proc/<etcd-wrapper-process-id>/root/var/etcd/ssl/client/client/tls.crt \
+  --key=proc/<etcd-wrapper-process-id>/root/var/etcd/ssl/client/client/tls.key \
+  --endpoints=https://etcd-main-local:2379
+
+ 📌 ETCD Key-Value commands:
+  --------------------------------------------------
+
+  Get key details:
+  etcdctl get <key> \
+  --cacert=proc/<etcd-wrapper-process-id>/root/var/etcd/ssl/client/ca/bundle.crt \
+  --cert=proc/<etcd-wrapper-process-id>/root/var/etcd/ssl/client/client/tls.crt \
+  --key=proc/<etcd-wrapper-process-id>/root/var/etcd/ssl/client/client/tls.key \
+  --endpoints=https://etcd-main-local:2379
+
+  Get only value for a given key:
+  etcdctl get <key> --print-value-only \
+  --cacert=proc/<etcd-wrapper-process-id>/root/var/etcd/ssl/client/ca/bundle.crt \
+  --cert=proc/<etcd-wrapper-process-id>/root/var/etcd/ssl/client/client/tls.crt \
+  --key=proc/<etcd-wrapper-process-id>/root/var/etcd/ssl/client/client/tls.key \
+  --endpoints=https://etcd-main-local:2379
+
+  List all keys:
+  etcdctl get "" --prefix --keys-only \
+  --cacert=proc/<etcd-wrapper-process-id>/root/var/etcd/ssl/client/ca/bundle.crt \
+  --cert=proc/<etcd-wrapper-process-id>/root/var/etcd/ssl/client/client/tls.crt \
+  --key=proc/<etcd-wrapper-process-id>/root/var/etcd/ssl/client/client/tls.key \
+  --endpoints=https://etcd-main-local:2379
+
+  Put a value against a key:
+  etcdctl put <key> <value> \
+  --cacert=proc/<etcd-wrapper-process-id>/root/var/etcd/ssl/client/ca/bundle.crt \
+  --cert=proc/<etcd-wrapper-process-id>/root/var/etcd/ssl/client/client/tls.crt \
+  --key=proc/<etcd-wrapper-process-id>/root/var/etcd/ssl/client/client/tls.key \
+  --endpoints=https://etcd-main-local:2379
 ```
 
 ### Work directory

diff --git a/hack/local-dev/cleanup.sh b/hack/local-dev/cleanup.sh
@@ -1,4 +1,18 @@
 #!/usr/bin/env bash
+# Copyright 2023 SAP SE or an SAP affiliate company
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 
 set -o errexit
 set -o nounset

diff --git a/hack/local-dev/etcd-down.sh b/hack/local-dev/etcd-down.sh
@@ -1,4 +1,18 @@
 #!/usr/bin/env bash
+# Copyright 2023 SAP SE or an SAP affiliate company
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 
 set -o errexit
 set -o nounset

diff --git a/hack/local-dev/etcd-up.sh b/hack/local-dev/etcd-up.sh
@@ -1,4 +1,18 @@
 #!/usr/bin/env bash
+# Copyright 2023 SAP SE or an SAP affiliate company
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 
 set -o errexit
 set -o nounset

diff --git a/hack/local-dev/generate_k8s_resources.sh b/hack/local-dev/generate_k8s_resources.sh
@@ -1,4 +1,18 @@
 #!/usr/bin/env bash
+# Copyright 2023 SAP SE or an SAP affiliate company
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 
 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" &>/dev/null && pwd)"
 

diff --git a/hack/local-dev/generate_pki.sh b/hack/local-dev/generate_pki.sh
@@ -1,4 +1,18 @@
 #!/usr/bin/env bash
+# Copyright 2023 SAP SE or an SAP affiliate company
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 
 set -o errexit
 set -o nounset

diff --git a/hack/local-dev/kind.sh b/hack/local-dev/kind.sh
@@ -1,4 +1,18 @@
 #!/usr/bin/env bash
+# Copyright 2023 SAP SE or an SAP affiliate company
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 
 set -o errexit
 set -o nounset

diff --git a/internal/signal/signal_test.go b/internal/signal/signal_test.go
@@ -1,3 +1,17 @@
+// Copyright 2023 SAP SE or an SAP affiliate company
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
 package signal
 
 import (

diff --git a/internal/testutil/tls.go b/internal/testutil/tls.go
@@ -1,3 +1,17 @@
+// Copyright 2023 SAP SE or an SAP affiliate company
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
 package testutil
 
 import (

diff --git a/internal/types/constants.go b/internal/types/constants.go
@@ -1,3 +1,17 @@
+// Copyright 2023 SAP SE or an SAP affiliate company
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
 package types
 
 import "go.uber.org/zap/zapcore"

diff --git a/internal/util/http_test.go b/internal/util/http_test.go
@@ -1,3 +1,17 @@
+// Copyright 2023 SAP SE or an SAP affiliate company
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
 package util
 
 import (

diff --git a/internal/util/retry_test.go b/internal/util/retry_test.go
@@ -1,3 +1,17 @@
+// Copyright 2023 SAP SE or an SAP affiliate company
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
 package util
 
 import (

diff --git a/ops/Dockerfile b/ops/Dockerfile
@@ -20,7 +20,7 @@ RUN apk update \
     && mkdir -p work \
     && chown -R 65532:65532 work
 
-COPY --chown=65532:65532 --chmod=744 ops/print-etcd-cert-paths.sh /usr/local/bin/print-etcd-cert-paths
+COPY --chown=65532:65532 --chmod=744 ops/print-etcd-cheatsheet.sh /usr/local/bin/print-etcd-cheatsheet
 COPY --from=source /usr/local/bin/etcdctl /usr/local/bin
 
 ENTRYPOINT ["/bin/bash"]
diff --git a/ops/print-etcd-cert-paths.sh b/ops/print-etcd-cert-paths.sh