fix findings

Signed-off-by: Kimmo Lehto <[email protected]>

Author: kke

action/apply.go

@@ -49,15 +49,15 @@ type Apply struct {
 //	gatherK0sFacts := &phase.GatherK0sFacts{} // advisable to get the title from the phase itself instead of hardcoding the title.
 //	apply.Phases.InsertBefore(gatherK0sFacts.Title(), &myCustomPhase{}) // insert a custom phase before the GatherK0sFacts phase
 func NewApply(opts ApplyOptions) *Apply {
-	lockPhase := &phase.Lock{}
-	unlockPhase := lockPhase.UnlockPhase()
+	// lockPhase := &phase.Lock{}
+	// unlockPhase := lockPhase.UnlockPhase()
 	apply := &Apply{
 		ApplyOptions: opts,
 		Phases: phase.Phases{
 			&phase.DefaultK0sVersion{},
-            &phase.Connect{},
-            &phase.DetectOS{},
-			lockPhase,
+			&phase.Connect{},
+			&phase.DetectOS{},
+			// lockPhase,
 			&phase.PrepareHosts{},
 			&phase.GatherFacts{},
 			&phase.ValidateHosts{},
@@ -90,13 +90,13 @@ func NewApply(opts ApplyOptions) *Apply {
 			&phase.ResetControllers{NoDrain: opts.NoDrain},
 			&phase.RunHooks{Stage: "after", Action: "apply"},
 			&phase.ApplyManifests{},
-			unlockPhase,
-			&phase.Disconnect{},
+			// unlockPhase,
 		},
 	}
 	if opts.KubeconfigOut != nil {
-		apply.Phases.InsertBefore(unlockPhase.Title(), &phase.GetKubeconfig{APIAddress: opts.KubeconfigAPIAddress, User: opts.KubeconfigUser, Cluster: opts.KubeconfigCluster})
+		apply.Phases = append(apply.Phases, &phase.GetKubeconfig{APIAddress: opts.KubeconfigAPIAddress, User: opts.KubeconfigUser, Cluster: opts.KubeconfigCluster})
 	}
+	apply.Phases = append(apply.Phases, &phase.Disconnect{})
 
 	return apply
 }

configurer/interface.go

@@ -58,4 +58,6 @@ type Configurer interface {
 	SetPath(string, string)
 	SystemTime(os.Host) (time.Time, error)
 	Touch(os.Host, string, time.Time, ...exec.Option) error
+	Dir(string) string
+	Base(string) string
 }

configurer/linux.go

@@ -296,3 +296,13 @@ func (l *Linux) SystemTime(h os.Host) (time.Time, error) {
 	}
 	return time.Unix(unixTime, 0), nil
 }
+
+// Dir returns the directory part of a path
+func (l *Linux) Dir(p string) string {
+	return path.Dir(p)
+}
+
+// Base returns the base part of a path
+func (l *Linux) Base(p string) string {
+	return path.Base(p)
+}

configurer/windows.go

@@ -1,14 +1,14 @@
 package configurer
 
 import (
-	"bufio"
 	"fmt"
-	"path/filepath"
+	"path"
 	"strconv"
 	"strings"
 	"sync"
 	"time"
 
+	"github.com/k0sproject/k0sctl/internal/shell"
 	"github.com/k0sproject/rig/exec"
 	"github.com/k0sproject/rig/os"
 	ps "github.com/k0sproject/rig/pkg/powershell"
@@ -29,10 +29,10 @@ func (w *BaseWindows) OSKind() string {
 func (w *BaseWindows) initPaths() {
 	w.pathOnce.Do(func() {
 		w.paths = map[string]string{
-			"K0sBinaryPath":      `C:\\Program Files\\k0s\\k0s.exe`,
-			"K0sConfigPath":      `C:\\ProgramData\\k0s\\k0s.yaml`,
-			"K0sJoinTokenPath":   `C:\\ProgramData\\k0s\\k0stoken`,
-			"DataDirDefaultPath": `C:\\ProgramData\\k0s`,
+			"K0sBinaryPath":      `C:/Program Files/k0s/k0s.exe`,
+			"K0sConfigPath":      `C:/etc/k0s/k0s.yaml`,
+			"K0sJoinTokenPath":   `C:/etc/k0s/k0stoken`,
+			"DataDirDefaultPath": `C:/var/lib/k0s`,
 		}
 	})
 }
@@ -93,7 +93,7 @@ func (w *BaseWindows) Arch(h os.Host) (string, error) {
 
 // K0sCmdf can be used to construct k0s commands in sprintf style.
 func (w *BaseWindows) K0sCmdf(template string, args ...interface{}) string {
-	return fmt.Sprintf(`& %s %s`, ps.DoubleQuotePath(w.K0sBinaryPath()), fmt.Sprintf(template, args...))
+	return fmt.Sprintf(`%s %s`, ps.DoubleQuotePath(ps.ToWindowsPath(w.K0sBinaryPath())), fmt.Sprintf(template, args...))
 }
 
 // K0sctlLockFilePath returns a path to a lock file
@@ -104,20 +104,41 @@ func (w *BaseWindows) K0sctlLockFilePath(h os.Host) string {
 
 // TempFile returns a temp file path
 func (w *BaseWindows) TempFile(h os.Host) (string, error) {
-	// Use .NET to generate a temp file path
-	return h.ExecOutput(ps.Cmd(`[System.IO.Path]::GetTempFileName()`))
+	output, err := h.ExecOutput(ps.Cmd(`[System.IO.Path]::GetTempFileName()`))
+	if err != nil {
+		return "", fmt.Errorf("failed to create temp file: %w", err)
+	}
+	output = strings.TrimSpace(output)
+	// Normalize to use forward slashes
+	output, err = shell.Unquote(output)
+	if err != nil {
+		return "", fmt.Errorf("failed to parse temp file path: %w", err)
+	}
+	output = strings.ReplaceAll(output, "\\", "/")
+	return output, nil
 }
 
 // TempDir returns a temp dir path
 func (w *BaseWindows) TempDir(h os.Host) (string, error) {
 	// Create a unique temp directory and output its path
 	script := `$p = Join-Path ([System.IO.Path]::GetTempPath()) ([System.Guid]::NewGuid().ToString()); New-Item -ItemType Directory -Path $p | Out-Null; Write-Output $p`
-	return h.ExecOutput(ps.Cmd(script))
+	output, err := h.ExecOutput(ps.Cmd(script))
+	if err != nil {
+		return "", fmt.Errorf("failed to create temp dir: %w", err)
+	}
+	output = strings.TrimSpace(output)
+	// Normalize to use forward slashes
+	output, err = shell.Unquote(output)
+	if err != nil {
+		return "", fmt.Errorf("failed to parse temp dir path: %w", err)
+	}
+	output = strings.ReplaceAll(output, "\\", "/")
+	return output, nil
 }
 
 // DownloadURL performs a download from a URL on the host
 func (w *BaseWindows) DownloadURL(h os.Host, url, destination string, opts ...exec.Option) error {
-	cmd := ps.Cmd(fmt.Sprintf(`Invoke-WebRequest -UseBasicParsing -Uri %s -OutFile %s`, ps.SingleQuote(url), ps.DoubleQuotePath(destination)))
+	cmd := ps.Cmd(fmt.Sprintf(`Invoke-WebRequest -UseBasicParsing -Uri %s -OutFile %s`, ps.SingleQuote(url), ps.DoubleQuotePath(ps.ToWindowsPath(destination))))
 	if err := h.Exec(cmd, opts...); err != nil {
 		return fmt.Errorf("download failed: %w", err)
 	}
@@ -127,19 +148,19 @@ func (w *BaseWindows) DownloadURL(h os.Host, url, destination string, opts ...ex
 // ReplaceK0sTokenPath replaces the config path in the service stub
 func (w *BaseWindows) ReplaceK0sTokenPath(h os.Host, spath string) error {
 	// Replace literal REPLACEME with actual token path
-	cmd := ps.Cmd(fmt.Sprintf(`(Get-Content -Path %s) -replace 'REPLACEME', %s | Set-Content -Path %s -Encoding ascii`, ps.DoubleQuotePath(spath), ps.SingleQuote(w.K0sJoinTokenPath()), ps.DoubleQuotePath(spath)))
+	cmd := ps.Cmd(fmt.Sprintf(`(Get-Content -Path %s) -replace 'REPLACEME', %s | Set-Content -Path %s -Encoding ascii`, ps.DoubleQuotePath(ps.ToWindowsPath(spath)), ps.SingleQuote(ps.ToWindowsPath(w.K0sJoinTokenPath())), ps.DoubleQuotePath(ps.ToWindowsPath(spath))))
 	return h.Exec(cmd)
 }
 
 // FileContains returns true if a file contains the substring
 func (w *BaseWindows) FileContains(h os.Host, path, s string) bool {
-	cmd := ps.Cmd(fmt.Sprintf(`if (Select-String -Path %s -Pattern %s -SimpleMatch -Quiet) { exit 0 } else { exit 1 }`, ps.DoubleQuotePath(path), ps.SingleQuote(s)))
+	cmd := ps.Cmd(fmt.Sprintf(`if (Select-String -Path %s -Pattern %s -SimpleMatch -Quiet) { exit 0 } else { exit 1 }`, ps.DoubleQuotePath(ps.ToWindowsPath(path)), ps.SingleQuote(ps.ToWindowsPath(s))))
 	return h.Exec(cmd) == nil
 }
 
 // MoveFile moves a file on the host
 func (w *BaseWindows) MoveFile(h os.Host, src, dst string) error {
-	return h.Exec(ps.Cmd(fmt.Sprintf(`Move-Item -Force -Path %s -Destination %s`, ps.DoubleQuotePath(src), ps.DoubleQuotePath(dst))))
+	return h.Exec(ps.Cmd(fmt.Sprintf(`Move-Item -Force -Path %s -Destination %s`, ps.DoubleQuotePath(ps.ToWindowsPath(src)), ps.DoubleQuotePath(ps.ToWindowsPath(dst)))))
 }
 
 // Chown is a no-op on Windows; ownership semantics differ and are not managed here
@@ -149,17 +170,18 @@ func (w *BaseWindows) Chown(h os.Host, path, owner string, _ ...exec.Option) err
 
 // KubeconfigPath returns the path to a kubeconfig on the host
 func (w *BaseWindows) KubeconfigPath(h os.Host, dataDir string) string {
-	win := &os.Windows{}
-	adminConfPath := filepath.Join(dataDir, "pki", "admin.conf")
-	if win.FileExist(h, adminConfPath) {
+	adminConfPath := path.Join(dataDir, "pki", "admin.conf")
+	adminConfPath = strings.ReplaceAll(adminConfPath, "\\", "/")
+	adminConfPath = ps.ToWindowsPath(adminConfPath)
+	if err := h.Exec(ps.Cmd(fmt.Sprintf(`Test-Path -Path %s`, ps.DoubleQuotePath(adminConfPath))), exec.Sudo(h)); err == nil {
 		return adminConfPath
 	}
-	return filepath.Join(dataDir, "kubelet.conf")
+	return path.Join(dataDir, "kubelet.conf")
 }
 
 // KubectlCmdf returns a command line in sprintf manner for running kubectl on the host using the kubeconfig from KubeconfigPath
 func (w *BaseWindows) KubectlCmdf(h os.Host, dataDir, s string, args ...interface{}) string {
-	return fmt.Sprintf(`$env:KUBECONFIG=%s; %s`, ps.DoubleQuotePath(w.KubeconfigPath(h, dataDir)), w.K0sCmdf(`kubectl %s`, fmt.Sprintf(s, args...)))
+	return ps.Cmd(fmt.Sprintf(`$env:KUBECONFIG=%s; %s`, ps.DoubleQuotePath(ps.ToWindowsPath(w.KubeconfigPath(h, dataDir))), w.K0sCmdf(`kubectl %s`, fmt.Sprintf(s, args...))))
 }
 
 // HTTPStatus makes a HTTP GET request to the url and returns the status code or an error
@@ -177,37 +199,60 @@ func (w *BaseWindows) HTTPStatus(h os.Host, url string) (int, error) {
 
 // PrivateInterface tries to find a private network interface (not implemented for Windows yet)
 func (w *BaseWindows) PrivateInterface(h os.Host) (string, error) {
-	out, err := h.ExecOutput(ps.Cmd(`(Get-NetConnectionProfile -NetworkCategory Private | Select-Object -First 1).InterfaceAlias`))
-	if err != nil || strings.TrimSpace(out) == "" {
-		out, err = h.ExecOutput(ps.Cmd(`(Get-NetConnectionProfile | Select-Object -First 1).InterfaceAlias`))
-	}
-	if err != nil || strings.TrimSpace(out) == "" {
-		return "", fmt.Errorf("failed to detect a private network interface, define the host privateInterface manually: %w", err)
+	cmd := ps.Cmd(`
+$if = Get-NetIPAddress -AddressFamily IPv4 |
+  Where-Object { $_.IPAddress -match '^(10\.|172\.(1[6-9]|2[0-9]|3[0-1])\.|192\.168\.)' } |
+  Sort-Object InterfaceMetric |
+  Select-Object -First 1 -ExpandProperty InterfaceAlias;
+if (-not $if) {
+  $if = Get-NetRoute -DestinationPrefix '0.0.0.0/0' |
+    Sort-Object RouteMetric, InterfaceMetric |
+    Select-Object -First 1 -ExpandProperty InterfaceAlias
+};
+$if`)
+	cmd = strings.ReplaceAll(cmd, "\n", " ")
+	cmd = strings.ReplaceAll(cmd, "\t", " ")
+	output, err := h.ExecOutput(cmd, exec.Sudo(h))
+	if err != nil {
+		return "", fmt.Errorf("failed to detect private network interface: %s", err)
 	}
-	sc := bufio.NewScanner(strings.NewReader(out))
-	if sc.Scan() {
-		return strings.TrimSpace(sc.Text()), nil
+
+	iface := strings.TrimSpace(output)
+	if iface == "" {
+		return "", fmt.Errorf("no private interface found, define host privateInterface manually")
 	}
-	return "", fmt.Errorf("failed to detect a private network interface")
+
+	return iface, nil
 }
 
 // PrivateAddress resolves internal ip from private interface (not implemented for Windows yet)
 func (w *BaseWindows) PrivateAddress(h os.Host, iface, publicip string) (string, error) {
-	ip, err := h.ExecOutput(ps.Cmd(fmt.Sprintf(`(Get-NetIPAddress -AddressFamily IPv4 -InterfaceAlias %s).IPAddress`, ps.SingleQuote(iface))))
-	if err != nil || strings.TrimSpace(ip) == "" {
-		if !strings.HasPrefix(iface, "vEthernet") {
-			ve := fmt.Sprintf("vEthernet (%s)", iface)
-			ip, err = h.ExecOutput(ps.Cmd(fmt.Sprintf(`(Get-NetIPAddress -AddressFamily IPv4 -InterfaceAlias %s).IPAddress`, ps.SingleQuote(ve))))
-		}
-	}
+	cmd := ps.Cmd(fmt.Sprintf(`
+(Get-NetIPAddress -InterfaceAlias %s -AddressFamily IPv4 |
+  Where-Object {
+    $_.AddressState -eq 'Preferred' -and
+    $_.IPAddress -match '^(10\.|172\.(1[6-9]|2[0-9]|3[0-1])\.|192\.168\.)' -and
+    $_.IPAddress -ne '%s'
+  } |
+  Select-Object -First 1 -ExpandProperty IPAddress)
+`, ps.SingleQuote(iface), publicip))
+	cmd = strings.ReplaceAll(cmd, "\n", " ")
+	cmd = strings.ReplaceAll(cmd, "\t", " ")
+	output, err := h.ExecOutput(cmd)
 	if err != nil {
-		return "", fmt.Errorf("failed to get IP address for interface %s: %w", iface, err)
+		return "", fmt.Errorf("failed to get IP for interface %s: %s", iface, err)
+	}
+
+	ip := strings.TrimSpace(output)
+	if ip == "" {
+		return "", fmt.Errorf("no IPv4 address found for interface %s", iface)
 	}
-	addr := strings.TrimSpace(ip)
-	if addr != "" && addr != publicip {
-		return addr, nil
+
+	if ip == publicip {
+		return "", fmt.Errorf("resolved IP equals public IP, no private address found")
 	}
-	return "", fmt.Errorf("not found")
+
+	return ip, nil
 }
 
 // UpsertFile creates a file in path with content only if the file does not exist already
@@ -219,25 +264,25 @@ func (w *BaseWindows) UpsertFile(h os.Host, path, content string) error {
 	// Write content to temp file
 	if err := h.Exec(ps.Cmd(fmt.Sprintf(`Set-Content -Path %s -Value @'
 %s
-'@ -Encoding ascii`, ps.DoubleQuotePath(tmpf), content))); err != nil {
+'@ -Encoding ascii`, ps.DoubleQuotePath(ps.ToWindowsPath(tmpf)), content))); err != nil {
 		return err
 	}
 
 	// Atomically move if destination does not exist
-	script := ps.Cmd(fmt.Sprintf(`if (!(Test-Path -Path %s)) { Move-Item -Path %s -Destination %s } else { Remove-Item -Path %s -Force }`, ps.DoubleQuotePath(path), ps.DoubleQuotePath(tmpf), ps.DoubleQuotePath(path), ps.DoubleQuotePath(tmpf)))
+	script := ps.Cmd(fmt.Sprintf(`if (!(Test-Path -Path %s)) { Move-Item -Path %s -Destination %s } else { Remove-Item -Path %s -Force }`, ps.DoubleQuotePath(ps.ToWindowsPath(path)), ps.DoubleQuotePath(ps.ToWindowsPath(tmpf)), ps.DoubleQuotePath(ps.ToWindowsPath(path)), ps.DoubleQuotePath(ps.ToWindowsPath(tmpf))))
 	if err := h.Exec(script); err != nil {
 		return fmt.Errorf("upsert failed: %w", err)
 	}
 
 	// Ensure temp file is gone
-	if h.Exec(ps.Cmd(fmt.Sprintf(`Test-Path -Path %s`, ps.DoubleQuotePath(tmpf)))) == nil {
+	if h.Exec(ps.Cmd(fmt.Sprintf(`Test-Path -Path %s`, ps.DoubleQuotePath(ps.ToWindowsPath(tmpf))))) == nil {
 		return fmt.Errorf("upsert failed")
 	}
 	return nil
 }
 
 func (w *BaseWindows) DeleteDir(h os.Host, path string, opts ...exec.Option) error {
-	return h.Exec(ps.Cmd(fmt.Sprintf(`Remove-Item -Recurse -Force -Path %s`, ps.DoubleQuotePath(path))), opts...)
+	return h.Exec(ps.Cmd(fmt.Sprintf(`Remove-Item -Recurse -Force -Path %s`, ps.DoubleQuotePath(ps.ToWindowsPath(path)))), opts...)
 }
 
 func (w *BaseWindows) MachineID(h os.Host) (string, error) {
@@ -257,3 +302,21 @@ func (w *BaseWindows) SystemTime(h os.Host) (time.Time, error) {
 	}
 	return time.Unix(unixTime, 0), nil
 }
+
+// Dir returns the directory part of a path
+func (w *BaseWindows) Dir(path string) string {
+	index := strings.LastIndexAny(path, `\/`)
+	if index == -1 {
+		return "."
+	}
+	return path[:index]
+}
+
+// Base returns the last element of a path
+func (w *BaseWindows) Base(path string) string {
+	index := strings.LastIndexAny(path, `\/`)
+	if index == -1 {
+		return path
+	}
+	return path[index+1:]
+}

phase/download_k0s.go

@@ -77,6 +77,11 @@ func (p *DownloadK0s) downloadK0s(_ context.Context, h *cluster.Host) error {
 	if err != nil {
 		return fmt.Errorf("failed to determine k0s download url: %w", err)
 	}
+	// Esnure directory exists
+	log.Debugf("%s: ensuring k0s install directory exists %s", h, h.Configurer.Dir(tmp))
+	if err := h.SudoFsys().MkDirAll(h.Configurer.Dir(tmp), fs.FileMode(0o755)); err != nil {
+		return fmt.Errorf("failed to create k0s install directory: %w", err)
+	}
 	if err := h.Configurer.DownloadURL(h, url, tmp, exec.Sudo(h)); err != nil {
 		return fmt.Errorf("failed to download k0s binary: %w", err)
 	}

phase/install_binaries.go

@@ -67,6 +67,7 @@ func (p *InstallBinaries) Run(ctx context.Context) error {
 }
 
 func (p *InstallBinaries) installBinary(_ context.Context, h *cluster.Host) error {
+	logrus.Debugf("%s: installing k0s binary from tempfile %s to %s", h, h.Metadata.K0sBinaryTempFile, h.K0sInstallLocation())
 	if err := h.UpdateK0sBinary(h.Metadata.K0sBinaryTempFile, p.Config.Spec.K0s.Version); err != nil {
 		return fmt.Errorf("failed to install k0s binary: %w", err)
 	}