WIP Use ironic-standalone-operator to provision Ironic

Signed-off-by: Dmitry Tantsur <dtantsur@protonmail.com>
metal3-io · Nov 25, 2024 · a029bd7 · a029bd7
1 parent 0ec3dd6
commit a029bd7
Show file tree

Hide file tree

Showing 4 changed files with 93 additions and 6 deletions.
diff --git a/03_launch_mgmt_cluster.sh b/03_launch_mgmt_cluster.sh
@@ -238,6 +238,84 @@ EOF
     -n ironic-standalone-operator-system deployment/ironic-standalone-operator-controller-manager
 }
 
+launch_ironic_via_irso() {
+  if [ "${IRONIC_BASIC_AUTH}" != "true" ]; then
+    echo "Not possible to use ironic-standalone-operator without authentication"
+    exit 1
+  fi
+  kubectl create secret generic ironic-auth -n "${IRONIC_NAMESPACE}" \
+    --from-file=username="${IRONIC_AUTH_DIR}ironic-username"  \
+    --from-file=password="${IRONIC_AUTH_DIR}ironic-password"
+
+  local ironic="${IRONIC_DATA_DIR}/ironic.yaml"
+  cat > "${ironic}" <<EOF
+---
+apiVersion: metal3.io/v1alpha1
+kind: Ironic
+metadata:
+  name: ironic
+  namespace: "${IRONIC_NAMESPACE}"
+spec:
+  credentialsRef:
+    name: ironic-auth
+  networking:
+    dhcp:
+      rangeBegin: "${CLUSTER_DHCP_RANGE_START}"
+      rangeEnd: "${CLUSTER_DHCP_RANGE_END}"
+      networkCIDR: "${BARE_METAL_PROVISIONER_NETWORK}"
+    interface: "${BARE_METAL_PROVISIONER_INTERFACE}"
+    ipAddress: "${CLUSTER_BARE_METAL_PROVISIONER_IP}"
+    ipAddressManager: keepalived
+  ramdiskSSHKey: "${IRONIC_RAMDISK_SSH_KEY}"
+EOF
+
+  if [[ "${NODES_PLATFORM}" == "libvirt" ]]; then
+      cat >> "${ironic}" <<EOF
+  ramdiskExtraKernelParams: "console=ttyS0"
+EOF
+  fi
+
+  if [[ -r "${IRONIC_CERT_FILE}" ]] && [[ -r "${IRONIC_KEY_FILE}" ]]; then
+    kubectl create secret tls ironic-cert -n "${IRONIC_NAMESPACE}" --key="${IRONIC_KEY_FILE}" --cert="${IRONIC_CERT_FILE}"
+      cat >> "${ironic}" <<EOF
+  tlsRef:
+    name: ironic-cert
+EOF
+  fi
+  # This is not used by Ironic currently but is needed by BMO
+  if [[ -r "${IRONIC_CACERT_FILE}" ]] && [[ -r "${IRONIC_CAKEY_FILE}" ]]; then
+    kubectl create secret tls ironic-cacert -n "${IRONIC_NAMESPACE}" --key="${IRONIC_CAKEY_FILE}" --cert="${IRONIC_CACERT_FILE}"
+  fi
+
+  if [[ "${IRONIC_USE_MARIADB}" == "true" ]]; then
+      cat >> "${ironic}" <<EOF
+  databaseRef:
+    name: ironic-db
+---
+apiVersion: metal3.io/v1alpha1
+kind: IronicDatabase
+metadata:
+  name: ironic-db
+  namespace: "${IRONIC_NAMESPACE}"
+spec: {}
+EOF
+  fi
+
+  # NOTE(dtantsur): the webhook may not be ready immediately, retry if needed
+  while ! kubectl create -f "${ironic}"; do
+    sleep 3
+  done
+
+  if ! kubectl wait --for=condition=Ready --timeout="${IRONIC_ROLLOUT_WAIT}m" -n "${IRONIC_NAMESPACE}" ironic/ironic; then
+    # FIXME(dtantsur): remove this when Ironic objects are collected in the CI
+    kubectl get -n "${IRONIC_NAMESPACE}" -o yaml ironic/ironic
+    if [[ "${IRONIC_USE_MARIADB}" == "true" ]]; then
+      kubectl get -n "${IRONIC_NAMESPACE}" -o yaml ironicdatabase/ironic-db
+    fi
+    exit 1
+  fi
+}
+
 #
 # Launch and configure fakeIPA
 #
@@ -578,7 +656,11 @@ if [ "${EPHEMERAL_CLUSTER}" != "tilt" ]; then
   BMO_NAME_PREFIX="${NAMEPREFIX}"
   launch_baremetal_operator
   launch_ironic_standalone_operator
-  launch_ironic
+  if [[ "${USE_IRSO}" == true ]]; then
+    launch_ironic_via_irso
+  else
+    launch_ironic
+  fi
 
   if [[ "${BMO_RUN_LOCAL}" != true ]]; then
     if ! kubectl rollout status deployment "${BMO_NAME_PREFIX}"-controller-manager -n "${IRONIC_NAMESPACE}" --timeout="${BMO_ROLLOUT_WAIT}"m; then

diff --git a/lib/common.sh b/lib/common.sh
@@ -155,6 +155,8 @@ export CAPM3_BASE_URL="${CAPM3_BASE_URL:-metal3-io/cluster-api-provider-metal3}"
 export CAPM3REPO="${CAPM3REPO:-https://github.com/${CAPM3_BASE_URL}}"
 export CAPM3RELEASEBRANCH="${CAPM3RELEASEBRANCH:-main}"
 
+# FIXME(dtantsur): flip to false until we're ready to do the switch
+export USE_IRSO="${USE_IRSO:-true}"
 export IRSOPATH="${IRSOPATH:-${M3PATH}/ironic-standalone-operator}"
 export IRSO_BASE_URL="${IRSO_BASE_URL:-metal3-io/ironic-standalone-operator}"
 export IRSOREPO="${IRSOREPO:-https://github.com/${IRSO_BASE_URL}}"
@@ -204,6 +206,8 @@ export BUILD_BMO_LOCALLY="${BUILD_BMO_LOCALLY:-false}"
 export BUILD_CAPI_LOCALLY="${BUILD_CAPI_LOCALLY:-false}"
 export BUILD_IRONIC_IMAGE_LOCALLY="${BUILD_IRONIC_IMAGE_LOCALLY:-false}"
 export BUILD_MARIADB_IMAGE_LOCALLY="${BUILD_MARIADB_IMAGE_LOCALLY:-false}"
+# FIXME(dtantsur): flip to false once everything merges
+export BUILD_IRSO_LOCALLY="${BUILD_IRSO_LOCALLY:-true}"
 
 # If IRONIC_FROM_SOURCE has a "true" value that
 # automatically requires BUILD_IRONIC_IMAGE_LOCALLY to have "true" value too
@@ -400,6 +404,7 @@ TEST_MAX_TIME="${TEST_MAX_TIME:-240}"
 FAILS=0
 RESULT_STR=""
 BMO_ROLLOUT_WAIT="${BMO_ROLLOUT_WAIT:-5}"
+IRONIC_ROLLOUT_WAIT="${IRONIC_ROLLOUT_WAIT:-10}"
 
 # Avoid printing skipped Ansible tasks
 export ANSIBLE_DISPLAY_SKIPPED_HOSTS="no"

diff --git a/lib/ironic_basic_auth.sh b/lib/ironic_basic_auth.sh
@@ -9,15 +9,15 @@ if [ "${IRONIC_BASIC_AUTH}" == "true" ]; then
     if [ -z "${IRONIC_USERNAME:-}" ]; then
         if [ ! -f "${IRONIC_AUTH_DIR}ironic-username" ]; then
             IRONIC_USERNAME="$(uuidgen)"
-            echo "$IRONIC_USERNAME" > "${IRONIC_AUTH_DIR}ironic-username"
+            echo -n "$IRONIC_USERNAME" > "${IRONIC_AUTH_DIR}ironic-username"
         else
             IRONIC_USERNAME="$(cat "${IRONIC_AUTH_DIR}ironic-username")"
         fi
     fi
     if [ -z "${IRONIC_PASSWORD:-}" ]; then
         if [ ! -f "${IRONIC_AUTH_DIR}ironic-password" ]; then
             IRONIC_PASSWORD="$(uuidgen)"
-            echo "$IRONIC_PASSWORD" > "${IRONIC_AUTH_DIR}ironic-password"
+            echo -n "$IRONIC_PASSWORD" > "${IRONIC_AUTH_DIR}ironic-password"
         else
             IRONIC_PASSWORD="$(cat "${IRONIC_AUTH_DIR}ironic-password")"
         fi

diff --git a/lib/network.sh b/lib/network.sh
@@ -82,16 +82,16 @@ else
 fi
 
 # Calculate DHCP range
-network_address ironic_dhcp_range_start "$BARE_METAL_PROVISIONER_NETWORK" 10
-network_address ironic_dhcp_range_end "$BARE_METAL_PROVISIONER_NETWORK" 100
+network_address CLUSTER_DHCP_RANGE_START "$BARE_METAL_PROVISIONER_NETWORK" 10
+network_address CLUSTER_DHCP_RANGE_END "$BARE_METAL_PROVISIONER_NETWORK" 100
 # The nex range is for IPAM to know what is the pool that porovisioned noodes
 # can get IP's from
 network_address IPAM_PROVISIONING_POOL_RANGE_START "$BARE_METAL_PROVISIONER_NETWORK" 100
 network_address IPAM_PROVISIONING_POOL_RANGE_END "$BARE_METAL_PROVISIONER_NETWORK" 200
 
 export IPAM_PROVISIONING_POOL_RANGE_START
 export IPAM_PROVISIONING_POOL_RANGE_END
-export CLUSTER_DHCP_RANGE=${CLUSTER_DHCP_RANGE:-"$ironic_dhcp_range_start,$ironic_dhcp_range_end"}
+export CLUSTER_DHCP_RANGE=${CLUSTER_DHCP_RANGE:-"$CLUSTER_DHCP_RANGE_START,$CLUSTER_DHCP_RANGE_END"}
 
 EXTERNAL_SUBNET=${EXTERNAL_SUBNET:-""}
 if [[ -n "${EXTERNAL_SUBNET}" ]]; then