Merge pull request #1466 from dtantsur/ironic-standalone-operator

Initial support for ironic-standalone-operator
metal3-io · Nov 27, 2024 · e50c71a · e50c71a
2 parents 758476e + bb69cf9
commit e50c71a
Show file tree

Hide file tree

Showing 7 changed files with 151 additions and 29 deletions.
diff --git a/02_configure_host.sh b/02_configure_host.sh
@@ -321,6 +321,9 @@ clone_repo "${IPAMREPO}" "${IPAMBRANCH}" "${IPAMPATH}" "${IPAMCOMMIT}"
 detect_mismatch "${CAPI_LOCAL_IMAGE:-}" "${CAPIPATH}"
 clone_repo "${CAPIREPO}" "${CAPIBRANCH}" "${CAPIPATH}" "${CAPICOMMIT}"
 
+detect_mismatch "${IRSO_LOCAL_IMAGE:-}" "${IRSOPATH}"
+clone_repo "${IRSOREPO}" "${IRSOBRANCH}" "${IRSOPATH}" "${IRSOCOMMIT}"
+
 # MariaDB and Ironic source is not needed unless the images are built locally
 # If the repo path does not match with the IMAGE location that means the image
 # is built from a repo that is not under dev-env's control thus there is no

diff --git a/03_launch_mgmt_cluster.sh b/03_launch_mgmt_cluster.sh
@@ -224,6 +224,99 @@ EOF
   popd
 }
 
+launch_ironic_standalone_operator() {
+  # TODO(dtantsur): IPA branch support
+  cat > "${IRSOPATH}/config/manager/manager.env" <<EOF
+IRONIC_IMAGE=$(get_component_image "${IRONIC_LOCAL_IMAGE:-${IRONIC_IMAGE}}")
+MARIADB_IMAGE=$(get_component_image "${MARIADB_LOCAL_IMAGE:-${MARIADB_IMAGE}}")
+KEEPALIVED_IMAGE=$(get_component_image "${IRONIC_KEEPALIVED_LOCAL_IMAGE:-${IRONIC_KEEPALIVED_IMAGE}}")
+RAMDISK_DOWNLOADER_IMAGE=$(get_component_image "${IPA_DOWNLOADER_LOCAL_IMAGE:-${IPA_DOWNLOADER_IMAGE}}")
+EOF
+
+  make -C "${IRSOPATH}" install deploy IMG="$(get_component_image "${IRSO_LOCAL_IMAGE:-${IRSO_IMAGE}}")"
+  kubectl wait --for=condition=Available --timeout=60s \
+    -n ironic-standalone-operator-system deployment/ironic-standalone-operator-controller-manager
+}
+
+launch_ironic_via_irso() {
+  if [ "${IRONIC_BASIC_AUTH}" != "true" ]; then
+    echo "Not possible to use ironic-standalone-operator without authentication"
+    exit 1
+  fi
+  kubectl create secret generic ironic-auth -n "${IRONIC_NAMESPACE}" \
+    --from-file=username="${IRONIC_AUTH_DIR}ironic-username"  \
+    --from-file=password="${IRONIC_AUTH_DIR}ironic-password"
+
+  local ironic="${IRONIC_DATA_DIR}/ironic.yaml"
+  cat > "${ironic}" <<EOF
+---
+apiVersion: metal3.io/v1alpha1
+kind: Ironic
+metadata:
+  name: ironic
+  namespace: "${IRONIC_NAMESPACE}"
+spec:
+  credentialsRef:
+    name: ironic-auth
+  networking:
+    dhcp:
+      rangeBegin: "${CLUSTER_DHCP_RANGE_START}"
+      rangeEnd: "${CLUSTER_DHCP_RANGE_END}"
+      networkCIDR: "${BARE_METAL_PROVISIONER_NETWORK}"
+    interface: "${BARE_METAL_PROVISIONER_INTERFACE}"
+    ipAddress: "${CLUSTER_BARE_METAL_PROVISIONER_IP}"
+    ipAddressManager: keepalived
+  deployRamdisk:
+    sshKey: "${SSH_PUB_KEY_CONTENT}"
+EOF
+
+  if [[ "${NODES_PLATFORM}" == "libvirt" ]]; then
+      cat >> "${ironic}" <<EOF
+    extraKernelParams: "console=ttyS0"
+EOF
+  fi
+
+  if [[ -r "${IRONIC_CERT_FILE}" ]] && [[ -r "${IRONIC_KEY_FILE}" ]]; then
+    kubectl create secret tls ironic-cert -n "${IRONIC_NAMESPACE}" --key="${IRONIC_KEY_FILE}" --cert="${IRONIC_CERT_FILE}"
+      cat >> "${ironic}" <<EOF
+  tlsRef:
+    name: ironic-cert
+EOF
+  fi
+  # This is not used by Ironic currently but is needed by BMO
+  if [[ -r "${IRONIC_CACERT_FILE}" ]] && [[ -r "${IRONIC_CAKEY_FILE}" ]]; then
+    kubectl create secret tls ironic-cacert -n "${IRONIC_NAMESPACE}" --key="${IRONIC_CAKEY_FILE}" --cert="${IRONIC_CACERT_FILE}"
+  fi
+
+  if [[ "${IRONIC_USE_MARIADB}" == "true" ]]; then
+      cat >> "${ironic}" <<EOF
+  databaseRef:
+    name: ironic-db
+---
+apiVersion: metal3.io/v1alpha1
+kind: IronicDatabase
+metadata:
+  name: ironic-db
+  namespace: "${IRONIC_NAMESPACE}"
+spec: {}
+EOF
+  fi
+
+  # NOTE(dtantsur): the webhook may not be ready immediately, retry if needed
+  while ! kubectl create -f "${ironic}"; do
+    sleep 3
+  done
+
+  if ! kubectl wait --for=condition=Ready --timeout="${IRONIC_ROLLOUT_WAIT}m" -n "${IRONIC_NAMESPACE}" ironic/ironic; then
+    # FIXME(dtantsur): remove this when Ironic objects are collected in the CI
+    kubectl get -n "${IRONIC_NAMESPACE}" -o yaml ironic/ironic
+    if [[ "${IRONIC_USE_MARIADB}" == "true" ]]; then
+      kubectl get -n "${IRONIC_NAMESPACE}" -o yaml ironicdatabase/ironic-db
+    fi
+    exit 1
+  fi
+}
+
 #
 # Launch and configure fakeIPA
 #
@@ -311,56 +404,57 @@ function update_capm3_imports(){
   popd
 }
 
-#
-# Update the CAPM3 and BMO manifests to use local images as defined in variables
-#
-function update_component_image(){
-  IMPORT=$1
-  ORIG_IMAGE=$2
+function get_component_image(){
+  local ORIG_IMAGE=$1
   # Split the image IMAGE_NAME AND IMAGE_TAG, if any tag exist
-  TMP_IMAGE="${ORIG_IMAGE##*/}"
-  TMP_IMAGE_NAME="${TMP_IMAGE%%:*}"
-  TMP_IMAGE_TAG="${TMP_IMAGE##*:}"
+  local TMP_IMAGE="${ORIG_IMAGE##*/}"
+  local TMP_IMAGE_NAME="${TMP_IMAGE%%:*}"
+  local TMP_IMAGE_TAG="${TMP_IMAGE##*:}"
   # Assign the image tag to latest if there is no tag in the image
   if [ "${TMP_IMAGE_NAME}" == "${TMP_IMAGE_TAG}" ]; then
     TMP_IMAGE_TAG="latest"
   fi
 
+  echo "${REGISTRY}/localimages/${TMP_IMAGE_NAME}:${TMP_IMAGE_TAG}"
+}
+
+#
+# Update the CAPM3 and BMO manifests to use local images as defined in variables
+#
+function update_component_image(){
+  local IMPORT=$1
+  local ORIG_IMAGE=$2
+  local TMP_IMAGE
+  TMP_IMAGE="$(get_component_image "$ORIG_IMAGE")"
+  if [[ "${IMPORT}" == "IPAM" ]]; then
+    export MANIFEST_IMG_IPAM="${TMP_IMAGE%:*}"
+    export MANIFEST_TAG_IPAM="${TMP_IMAGE##*:}"
+  else
+    export MANIFEST_IMG="${TMP_IMAGE%:*}"
+    export MANIFEST_TAG="${TMP_IMAGE##*:}"
+  fi
+
   # NOTE: It is assumed that we are already in the correct directory to run make
   case "${IMPORT}" in
     "BMO")
-      export MANIFEST_IMG="${REGISTRY}/localimages/${TMP_IMAGE_NAME}"
-      export MANIFEST_TAG="${TMP_IMAGE_TAG}"
       make set-manifest-image-bmo
       ;;
     "CAPM3")
-      export MANIFEST_IMG="${REGISTRY}/localimages/${TMP_IMAGE_NAME}"
-      export MANIFEST_TAG="${TMP_IMAGE_TAG}"
       make set-manifest-image
       ;;
     "IPAM")
-      export MANIFEST_IMG_IPAM="${REGISTRY}/localimages/$TMP_IMAGE_NAME"
-      export MANIFEST_TAG_IPAM="$TMP_IMAGE_TAG"
       make set-manifest-image-ipam
       ;;
     "Ironic")
-      export MANIFEST_IMG="${REGISTRY}/localimages/${TMP_IMAGE_NAME}"
-      export MANIFEST_TAG="${TMP_IMAGE_TAG}"
       make set-manifest-image-ironic
       ;;
     "Mariadb")
-      export MANIFEST_IMG="${REGISTRY}/localimages/${TMP_IMAGE_NAME}"
-      export MANIFEST_TAG="${TMP_IMAGE_TAG}"
       make set-manifest-image-mariadb
       ;;
     "Keepalived")
-      export MANIFEST_IMG="${REGISTRY}/localimages/${TMP_IMAGE_NAME}"
-      export MANIFEST_TAG="${TMP_IMAGE_TAG}"
       make set-manifest-image-keepalived
       ;;
     "IPA-downloader")
-      export MANIFEST_IMG="${REGISTRY}/localimages/${TMP_IMAGE_NAME}"
-      export MANIFEST_TAG="${TMP_IMAGE_TAG}"
       make set-manifest-image-ipa-downloader
       ;;
   esac
@@ -562,7 +656,12 @@ if [ "${EPHEMERAL_CLUSTER}" != "tilt" ]; then
   launch_cluster_api_provider_metal3
   BMO_NAME_PREFIX="${NAMEPREFIX}"
   launch_baremetal_operator
-  launch_ironic
+  launch_ironic_standalone_operator
+  if [[ "${USE_IRSO}" == true ]]; then
+    launch_ironic_via_irso
+  else
+    launch_ironic
+  fi
 
   if [[ "${BMO_RUN_LOCAL}" != true ]]; then
     if ! kubectl rollout status deployment "${BMO_NAME_PREFIX}"-controller-manager -n "${IRONIC_NAMESPACE}" --timeout="${BMO_ROLLOUT_WAIT}"m; then

diff --git a/config_example.sh b/config_example.sh
@@ -213,3 +213,6 @@
 # To enable FakeIPA and run dev-env on a fake platform
 # export NODES_PLATFORM="fake"
 # export FAKE_IPA_IMAGE=192.168.111.1:5000/localimages/fake-ipa
+
+# Whether to use ironic-standalone-operator to deploy Ironic.
+# export USE_IRSO="true"
diff --git a/lib/common.sh b/lib/common.sh
@@ -155,6 +155,12 @@ export CAPM3_BASE_URL="${CAPM3_BASE_URL:-metal3-io/cluster-api-provider-metal3}"
 export CAPM3REPO="${CAPM3REPO:-https://github.com/${CAPM3_BASE_URL}}"
 export CAPM3RELEASEBRANCH="${CAPM3RELEASEBRANCH:-main}"
 
+export USE_IRSO="${USE_IRSO:-false}"
+export IRSOPATH="${IRSOPATH:-${M3PATH}/ironic-standalone-operator}"
+export IRSO_BASE_URL="${IRSO_BASE_URL:-metal3-io/ironic-standalone-operator}"
+export IRSOREPO="${IRSOREPO:-https://github.com/${IRSO_BASE_URL}}"
+export IRSOBRANCH="${IRSOBRANCH:-main}"
+
 if [[ "${CAPM3RELEASEBRANCH}" == "release-1.6" ]]; then
   export CAPM3BRANCH="${CAPM3BRANCH:-release-1.6}"
   export IPAMBRANCH="${IPAMBRANCH:-release-1.6}"
@@ -181,6 +187,7 @@ export BMOCOMMIT="${BMOCOMMIT:-HEAD}"
 export CAPM3COMMIT="${CAPM3COMMIT:-HEAD}"
 export IPAMCOMMIT="${IPAMCOMMIT:-HEAD}"
 export CAPICOMMIT="${CAPICOMMIT:-HEAD}"
+export IRSOCOMMIT="${IRSOCOMMIT:-HEAD}"
 
 export IRONIC_IMAGE_PATH="${IRONIC_IMAGE_PATH:-/tmp/ironic-image}"
 export IRONIC_IMAGE_REPO="${IRONIC_IMAGE_REPO:-https://github.com/metal3-io/ironic-image.git}"
@@ -198,6 +205,7 @@ export BUILD_BMO_LOCALLY="${BUILD_BMO_LOCALLY:-false}"
 export BUILD_CAPI_LOCALLY="${BUILD_CAPI_LOCALLY:-false}"
 export BUILD_IRONIC_IMAGE_LOCALLY="${BUILD_IRONIC_IMAGE_LOCALLY:-false}"
 export BUILD_MARIADB_IMAGE_LOCALLY="${BUILD_MARIADB_IMAGE_LOCALLY:-false}"
+export BUILD_IRSO_LOCALLY="${BUILD_IRSO_LOCALLY:-false}"
 
 # If IRONIC_FROM_SOURCE has a "true" value that
 # automatically requires BUILD_IRONIC_IMAGE_LOCALLY to have "true" value too
@@ -225,6 +233,9 @@ fi
 if [[ "${BUILD_MARIADB_IMAGE_LOCALLY}" == "true" ]]; then
   export MARIADB_LOCAL_IMAGE="${MARIADB_IMAGE_PATH}"
 fi
+if [[ "${BUILD_IRSO_LOCALLY}" == "true" ]]; then
+  export IRSO_LOCAL_IMAGE="${IRSOPATH}"
+fi
 
 export BMO_RUN_LOCAL="${BMO_RUN_LOCAL:-false}"
 export CAPM3_RUN_LOCAL="${CAPM3_RUN_LOCAL:-false}"
@@ -251,6 +262,7 @@ export IRONIC_TAG="${IRONIC_TAG:-latest}"
 export BARE_METAL_OPERATOR_TAG="${BARE_METAL_OPERATOR_TAG:-latest}"
 export KEEPALIVED_TAG="${KEEPALIVED_TAG:-latest}"
 export MARIADB_TAG="${MARIADB_TAG:-latest}"
+export IRSO_TAG="${IRSO_TAG:-latest}"
 
 # Docker Hub proxy registry (or docker.io if no proxy)
 export DOCKER_HUB_PROXY="${DOCKER_HUB_PROXY:-docker.io}"
@@ -311,6 +323,7 @@ export IRONIC_DATA_DIR="$WORKING_DIR/ironic"
 export IRONIC_IMAGE_DIR="$IRONIC_DATA_DIR/html/images"
 export IRONIC_NAMESPACE="${IRONIC_NAMESPACE:-baremetal-operator-system}"
 export NAMEPREFIX="${NAMEPREFIX:-baremetal-operator}"
+export IRSO_IMAGE=${IRSO_IMAGE:-"${CONTAINER_REGISTRY}/metal3-io/ironic-standalone-operator:${IRSO_TAG}"}
 
 # iPXE vars of ironic-image
 export BUILD_IPXE="${BUILD_IPXE:-false}"
@@ -389,6 +402,7 @@ TEST_MAX_TIME="${TEST_MAX_TIME:-240}"
 FAILS=0
 RESULT_STR=""
 BMO_ROLLOUT_WAIT="${BMO_ROLLOUT_WAIT:-5}"
+IRONIC_ROLLOUT_WAIT="${IRONIC_ROLLOUT_WAIT:-10}"
 
 # Avoid printing skipped Ansible tasks
 export ANSIBLE_DISPLAY_SKIPPED_HOSTS="no"

diff --git a/lib/ironic_basic_auth.sh b/lib/ironic_basic_auth.sh
@@ -9,15 +9,15 @@ if [ "${IRONIC_BASIC_AUTH}" == "true" ]; then
     if [ -z "${IRONIC_USERNAME:-}" ]; then
         if [ ! -f "${IRONIC_AUTH_DIR}ironic-username" ]; then
             IRONIC_USERNAME="$(uuidgen)"
-            echo "$IRONIC_USERNAME" > "${IRONIC_AUTH_DIR}ironic-username"
+            echo -n "$IRONIC_USERNAME" > "${IRONIC_AUTH_DIR}ironic-username"
         else
             IRONIC_USERNAME="$(cat "${IRONIC_AUTH_DIR}ironic-username")"
         fi
     fi
     if [ -z "${IRONIC_PASSWORD:-}" ]; then
         if [ ! -f "${IRONIC_AUTH_DIR}ironic-password" ]; then
             IRONIC_PASSWORD="$(uuidgen)"
-            echo "$IRONIC_PASSWORD" > "${IRONIC_AUTH_DIR}ironic-password"
+            echo -n "$IRONIC_PASSWORD" > "${IRONIC_AUTH_DIR}ironic-password"
         else
             IRONIC_PASSWORD="$(cat "${IRONIC_AUTH_DIR}ironic-password")"
         fi

diff --git a/lib/network.sh b/lib/network.sh
@@ -82,16 +82,16 @@ else
 fi
 
 # Calculate DHCP range
-network_address ironic_dhcp_range_start "$BARE_METAL_PROVISIONER_NETWORK" 10
-network_address ironic_dhcp_range_end "$BARE_METAL_PROVISIONER_NETWORK" 100
+network_address CLUSTER_DHCP_RANGE_START "$BARE_METAL_PROVISIONER_NETWORK" 10
+network_address CLUSTER_DHCP_RANGE_END "$BARE_METAL_PROVISIONER_NETWORK" 100
 # The nex range is for IPAM to know what is the pool that porovisioned noodes
 # can get IP's from
 network_address IPAM_PROVISIONING_POOL_RANGE_START "$BARE_METAL_PROVISIONER_NETWORK" 100
 network_address IPAM_PROVISIONING_POOL_RANGE_END "$BARE_METAL_PROVISIONER_NETWORK" 200
 
 export IPAM_PROVISIONING_POOL_RANGE_START
 export IPAM_PROVISIONING_POOL_RANGE_END
-export CLUSTER_DHCP_RANGE=${CLUSTER_DHCP_RANGE:-"$ironic_dhcp_range_start,$ironic_dhcp_range_end"}
+export CLUSTER_DHCP_RANGE=${CLUSTER_DHCP_RANGE:-"$CLUSTER_DHCP_RANGE_START,$CLUSTER_DHCP_RANGE_END"}
 
 EXTERNAL_SUBNET=${EXTERNAL_SUBNET:-""}
 if [[ -n "${EXTERNAL_SUBNET}" ]]; then

diff --git a/vars.md b/vars.md
@@ -138,6 +138,9 @@ assured that they are persisted.
 | IPA_BASEURI | IPA downloader will download IPA from this url | | https://tarballs.opendev.org/openstack/ironic-python-agent/dib |
 | IPA_BRANCH | The last part of the name of the IPA archive | | master |
 | IPA_FLAVOR | The middle part of the name of the IPA archive | | centos9 |
+| IRSOREPO | Ironic Standalone Operator git repository URL | | https://github.com/metal3-io/ironic-standalone-operator.git |
+| IRSOBRANCH | Ironic Standalone Operator git repository branch to checkout | | main |
+| IRSOCOMMIT | Ironic Standalone Operator git commit to checkout on IRSOBRANCH | | HEAD |
 <!-- markdownlint-enable MD013 MD034 -->
 
 **NOTE** `(BMO/CAPI/CAPM3/IPAM)RELEASE` variables are also affecting the