Resolve restore bootstrap (k3s-io#4704)

pkg/bootstrap/bootstrap.go

@@ -87,9 +87,12 @@ func WriteToDiskFromStorage(r io.Reader, bootstrap *config.ControlRuntimeBootstr
  if err := os.MkdirAll(filepath.Dir(path), 0700); err != nil {
  return errors.Wrapf(err, "failed to mkdir %s", filepath.Dir(path))
  }
- if err := ioutil.WriteFile(path, bsf.Content, 0600); err != nil {
+ if err := os.WriteFile(path, bsf.Content, 0600); err != nil {
  return errors.Wrapf(err, "failed to write to %s", path)
  }
+ if err := os.Chtimes(path, bsf.Timestamp, bsf.Timestamp); err != nil {
+ return errors.Wrapf(err, "failed to update modified time on %s", path)
+ }
  }
 
  return nil

pkg/cluster/bootstrap.go

@@ -13,11 +13,13 @@ import (
  "path"
  "path/filepath"
  "reflect"
+ "strconv"
  "strings"
  "time"
 
  "github.com/k3s-io/kine/pkg/client"
  "github.com/k3s-io/kine/pkg/endpoint"
+ "github.com/otiai10/copy"
  "github.com/rancher/k3s/pkg/bootstrap"
  "github.com/rancher/k3s/pkg/clientaccess"
  "github.com/rancher/k3s/pkg/daemons/config"
@@ -225,15 +227,6 @@ func (c *Cluster) shouldBootstrapLoad(ctx context.Context) (bool, bool, error) {
  }
  }
 
- // Check the stamp file to see if we have successfully bootstrapped using this token.
- // NOTE: The fact that we use a hash of the token to generate the stamp
- // means that it is unsafe to use the same token for multiple clusters.
- // stamp := c.bootstrapStamp()
- // if _, err := os.Stat(stamp); err == nil {
- // logrus.Info("Cluster bootstrap already complete")
- // return false, nil
- // }
-
  // No errors and no bootstrap stamp, need to bootstrap.
  return true, false, nil
 }
@@ -517,12 +510,31 @@ func (c *Cluster) ReconcileBootstrapData(ctx context.Context, buf io.ReadSeeker,
  }
  }
 
+ if c.config.ClusterReset {
+ serverTLSDir := filepath.Join(c.config.DataDir, "tls")
+ tlsBackupDir := filepath.Join(c.config.DataDir, "tls-"+strconv.Itoa(int(time.Now().Unix())))
+
+ logrus.Infof("Cluster reset: backing up certificates directory to " + tlsBackupDir)
+
+ if _, err := os.Stat(serverTLSDir); err != nil {
+ return err
+ }
+ if err := copy.Copy(serverTLSDir, tlsBackupDir); err != nil {
+ return err
+ }
+ }
+
  for path, res := range results {
  switch {
  case res.disk:
  updateDisk = true
  logrus.Warn("datastore newer than " + path)
  case res.db:
+ if c.config.ClusterReset {
+ logrus.Infof("Cluster reset: replacing file on disk: " + path)
+ updateDisk = true
+ continue
+ }
  logrus.Fatal(path + " newer than datastore and could cause cluster outage. Remove the file from disk and restart to be recreated from datastore.")
  case res.conflict:
  logrus.Warnf("datastore / disk conflict: %s newer than in the datastore", path)
@@ -606,7 +618,7 @@ func (c *Cluster) compareConfig() error {
  if !reflect.DeepEqual(clusterControl.CriticalControlArgs, c.config.CriticalControlArgs) {
  logrus.Debugf("This is the server CriticalControlArgs: %#v", clusterControl.CriticalControlArgs)
  logrus.Debugf("This is the local CriticalControlArgs: %#v", c.config.CriticalControlArgs)
- return errors.New("Unable to join cluster due to critical configuration value mismatch")
+ return errors.New("unable to join cluster due to critical configuration value mismatch")
  }
  return nil
 }

pkg/etcd/etcd.go

@@ -204,9 +204,11 @@ func (e *ETCD) Reset(ctx context.Context, rebootstrap func() error) error {
  continue
  }
 
- // storageBootstrap() - runtime structure has been written with correct certificate data
- if err := rebootstrap(); err != nil {
- logrus.Fatal(err)
+ if rebootstrap != nil {
+ // storageBootstrap() - runtime structure has been written with correct certificate data
+ if err := rebootstrap(); err != nil {
+ logrus.Fatal(err)
+ }
  }
 
  // call functions to rewrite them from daemons/control/server.go (prepare())