Fake ipa quick test bed

Support/Multitenancy/ironic-env/01-vm-setup.sh

@@ -0,0 +1,99 @@
+set -e
+#install kvm for minikube
+dnf -y install qemu-kvm libvirt virt-install net-tools podman firewalld
+systemctl enable --now libvirtd
+systemctl start firewalld
+systemctl enable firewalld
+# create provisioning network
+cat <<EOF >provisioning.xml
+<network
+	xmlns:dnsmasq='http://libvirt.org/schemas/network/dnsmasq/1.0'>
+	<dnsmasq:options>
+		<!-- Risk reduction for CVE-2020-25684, CVE-2020-25685, and CVE-2020-25686. See: https://access.redhat.com/security/vulnerabilities/RHSB-2021-001 -->
+		<dnsmasq:option value="cache-size=0"/>
+	</dnsmasq:options>
+	<name>provisioning</name>
+	<bridge name='provisioning'/>
+	<forward mode='bridge'></forward>
+</network>
+EOF
+
+cat <<EOF >baremetal.xml
+<network xmlns:dnsmasq='http://libvirt.org/schemas/network/dnsmasq/1.0'>
+  <name>baremetal</name>
+  <forward mode='nat'>
+    <nat>
+      <port start='1024' end='65535'/>
+    </nat>
+  </forward>
+  <bridge name='baremetal' stp='on' delay='0'/>
+  <domain name='ostest.test.metalkube.org' localOnly='yes'/>
+  <dns>
+    <forwarder domain='apps.ostest.test.metalkube.org' addr='127.0.0.1'/>
+  </dns>
+  <ip address='192.168.111.1' netmask='255.255.255.0'>
+    <dhcp>
+      <range start='192.168.111.20' end='192.168.111.60'/>
+      <host mac='00:5c:52:31:3b:9c' name='node-0' ip='192.168.111.20'>
+        <lease expiry='60' unit='minutes'/>
+      </host>
+      <host mac='00:5c:52:31:3b:ad' name='node-1' ip='192.168.111.21'>
+        <lease expiry='60' unit='minutes'/>
+      </host>
+    </dhcp>
+  </ip>
+  <dnsmasq:options>
+    <dnsmasq:option value='cache-size=0'/>
+  </dnsmasq:options>
+</network>
+EOF
+# define networks
+virsh net-define baremetal.xml
+virsh net-start baremetal
+virsh net-autostart baremetal
+
+virsh net-define provisioning.xml
+virsh net-start provisioning
+virsh net-autostart provisioning
+tee -a /etc/NetworkManager/system-connections/provisioning.nmconnection <<EOF
+[connection]
+id=provisioning
+type=bridge
+interface-name=provisioning
+[bridge]
+stp=false
+[ipv4]
+address1=172.22.0.1/24
+method=manual
+[ipv6]
+addr-gen-mode=eui64
+method=disabled
+EOF
+
+chmod 600 /etc/NetworkManager/system-connections/provisioning.nmconnection
+nmcli con load /etc/NetworkManager/system-connections/provisioning.nmconnection
+nmcli con up provisioning
+
+tee /etc/NetworkManager/system-connections/baremetal.nmconnection <<EOF
+[connection]
+id=baremetal
+type=bridge
+interface-name=baremetal
+autoconnect=true
+[bridge]
+stp=false
+[ipv6]
+addr-gen-mode=stable-privacy
+method=ignore
+EOF
+
+chmod 600 /etc/NetworkManager/system-connections/baremetal.nmconnection
+nmcli con load /etc/NetworkManager/system-connections/baremetal.nmconnection
+nmcli con up baremetal
+
+# install minikube
+curl -LO https://storage.googleapis.com/minikube/releases/v1.25.2/minikube-linux-amd64
+install minikube-linux-amd64 /usr/local/bin/minikube
+# Install kubectl
+curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
+install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl

Support/Multitenancy/ironic-env/02-configure-minikube.sh

@@ -0,0 +1,14 @@
+set -e
+minikube config set driver kvm2
+minikube config set memory 4096
+sudo usermod --append --groups libvirt "$(whoami)"
+while /bin/true; do
+  minikube_error=0
+  minikube start --insecure-registry 172.22.0.1:5000 || minikube_error=1
+  if [[ $minikube_error -eq 0 ]]; then
+    break
+  fi
+  sudo su -l -c 'minikube delete --all --purge' "${USER}"
+  sudo ip link delete virbr0
+done
+minikube stop

Support/Multitenancy/ironic-env/03-images-and-run-local-services.sh

@@ -0,0 +1,74 @@
+# Set variables
+REGISTRY_NAME="registry"
+REGISTRY_PORT="5000"
+IMAGE_NAMES=(
+    #    "quay.io/metal3-io/sushy-tools"
+    "quay.io/metal3-io/ironic-client"
+)
+
+# Attach provisioning and baremetal network interfaces to minikube domain
+virsh attach-interface --domain minikube --model virtio --source provisioning --type network --config
+virsh attach-interface --domain minikube --model virtio --source baremetal --type network --config
+podman pod create -n infra-pod || true
+podman pod create -n ironic-pod || true
+# Start podman registry if it's not already running
+if ! podman ps | grep -q "$REGISTRY_NAME"; then
+    podman run -d -p "$REGISTRY_PORT":"$REGISTRY_PORT" --name "$REGISTRY_NAME" docker.io/library/registry:2.7.1
+fi
+
+# Pull images, tag to local registry, and push to registry
+for NAME in "${IMAGE_NAMES[@]}"; do
+    # Pull and tag the image
+    podman pull "$NAME"
+    podman tag "$NAME" 127.0.0.1:"$REGISTRY_PORT"/localimages/"${NAME##*/}"
+    # Push the image to the local registry
+    podman push --tls-verify=false 127.0.0.1:5000/localimages/"${NAME##*/}"
+done
+
+./build-sushytools-image-with-fakeipa-changes.sh
+
+# Define variables for repeated values
+SUSHY_TOOLS_IMAGE="127.0.0.1:5000/localimages/sushy-tools"
+
+# Create directories
+DIRECTORIES=(
+    "/opt/metal3-dev-env/ironic/virtualbmc"
+    "/opt/metal3-dev-env/ironic/virtualbmc/sushy-tools"
+    "/opt/metal3-dev-env/ironic/html/images"
+)
+for DIR in "${DIRECTORIES[@]}"; do
+    mkdir -p "$DIR"
+    chmod -R 755 "$DIR"
+done
+
+# Run httpd container
+podman run -d --net host --name httpd-infra \
+    --pod infra-pod \
+    -v /opt/metal3-dev-env/ironic:/shared \
+    -e PROVISIONING_INTERFACE=provisioning \
+    -e LISTEN_ALL_INTERFACES=false \
+    --entrypoint /bin/runhttpd \
+    quay.io/metal3-io/ironic:latest
+# Set configuration options
+cp conf.py "$HOME/sushy-tools/conf.py"
+
+# Create an htpasswd file
+cat <<'EOF' >"$HOME/sushy-tools/htpasswd"
+admin:$2b$12$/dVOBNatORwKpF.ss99KB.vESjfyONOxyH.UgRwNyZi1Xs/W2pGVS
+EOF
+
+# Generate ssh keys to use for virtual power and add them to authorized_keys
+sudo ssh-keygen -f /root/.ssh/id_rsa_virt_power -P "" -q -y
+sudo cat /root/.ssh/id_rsa_virt_power.pub | sudo tee -a /root/.ssh/authorized_keys
+
+# Create and start a container for sushy-tools
+podman run -d --net host --name sushy-tools --pod infra-pod \
+    -v "$HOME/sushy-tools:/root/sushy" \
+    -v /root/.ssh:/root/ssh \
+    "${SUSHY_TOOLS_IMAGE}"
+
+podman run --entrypoint='["sushy-fake-ipa", "--config", "/root/sushy/conf.py"]' \
+    -d --net host --name fake-ipa --pod infra-pod \
+    -v "$HOME/sushy-tools:/root/sushy" \
+    -v /root/.ssh:/root/ssh \
+    "${SUSHY_TOOLS_IMAGE}"

Support/Multitenancy/ironic-env/04-start-minikube.sh

@@ -0,0 +1,16 @@
+set -e
+
+# Start Minikube with insecure registry flag
+minikube start --insecure-registry 172.22.0.1:5000
+
+# SSH into the Minikube VM and execute the following commands
+sudo su -l -c "minikube ssh sudo brctl addbr ironicendpoint" "${USER}"
+sudo su -l -c "minikube ssh sudo  ip link set ironicendpoint up" "${USER}"
+sudo su -l -c "minikube ssh sudo  brctl addif  ironicendpoint eth2" "${USER}"
+sudo su -l -c "minikube ssh sudo  ip addr add 172.22.0.2/24 dev ironicendpoint" "${USER}"
+
+# Firewall rules
+for i in 8000 80 9999 6385 5050 6180 53 5000; do sudo firewall-cmd --zone=public --add-port=${i}/tcp; done
+for i in 8000 80 9999 6385 5050 6180 53 5000; do sudo firewall-cmd --zone=libvirt --add-port=${i}/tcp; done
+for i in 69 547 546 68 67 5353 6230 6231 6232 6233 6234 6235; do sudo firewall-cmd --zone=libvirt --add-port=${i}/udp; done
+sudo firewall-cmd --zone=libvirt --add-port=8000/tcp