Merge pull request #8255 from jhixson74/master_cap_ignite_bootstrap

CORS-3269: Azure CAPI Ignite Bootstrap

Author: openshift-merge-bot[bot]

pkg/infrastructure/azure/azure.go

@@ -21,6 +21,7 @@ import (
 	capz "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
+	"github.com/openshift/installer/pkg/asset/ignition/bootstrap"
 	"github.com/openshift/installer/pkg/asset/manifests/capiutils"
 	"github.com/openshift/installer/pkg/infrastructure/clusterapi"
 	"github.com/openshift/installer/pkg/rhcos"
@@ -43,6 +44,7 @@ type Provider struct {
 var _ clusterapi.PreProvider = (*Provider)(nil)
 var _ clusterapi.InfraReadyProvider = (*Provider)(nil)
 var _ clusterapi.PostProvider = (*Provider)(nil)
+var _ clusterapi.IgnitionProvider = (*Provider)(nil)
 
 // Name returns the name of the provider.
 func (p *Provider) Name() string {
@@ -69,6 +71,7 @@ func (p *Provider) PreProvision(ctx context.Context, in clusterapi.PreProvisionI
 	for k, v := range userTags {
 		tags[k] = ptr.To(v)
 	}
+	p.Tags = tags
 
 	// Create resource group
 	resourcesClientFactory, err := armresources.NewClientFactory(
@@ -98,9 +101,7 @@ func (p *Provider) PreProvision(ctx context.Context, in clusterapi.PreProvisionI
 		return fmt.Errorf("error creating resource group %s: %w", resourceGroupName, err)
 	}
 	logrus.Debugf("ResourceGroup.ID=%s", *resourceGroup.ID)
-
 	p.ResourceGroupName = resourceGroupName
-	p.Tags = tags
 
 	return nil
 }
@@ -116,9 +117,8 @@ func (p *Provider) InfraReady(ctx context.Context, in clusterapi.InfraReadyInput
 	platform := installConfig.Platform.Azure
 	subscriptionID := session.Credentials.SubscriptionID
 	cloudConfiguration := session.CloudConfig
-	resourceGroupName := p.ResourceGroupName
-	tags := p.Tags
 
+	resourceGroupName := p.ResourceGroupName
 	storageAccountName := fmt.Sprintf("cluster%s", randomString(5))
 	containerName := "vhd"
 	blobName := fmt.Sprintf("rhcos%s.vhd", randomString(5))
@@ -155,6 +155,13 @@ func (p *Provider) InfraReady(ctx context.Context, in clusterapi.InfraReadyInput
 		return fmt.Errorf("image length is not alisnged on a 512 byte boundary")
 	}
 
+	userTags := platform.UserTags
+	tags := make(map[string]*string, len(userTags)+1)
+	tags[fmt.Sprintf("kubernetes.io_cluster.%s", in.InfraID)] = ptr.To("owned")
+	for k, v := range userTags {
+		tags[k] = ptr.To(v)
+	}
+
 	tokenCredential := session.TokenCreds
 	storageURL := fmt.Sprintf("https://%s.blob.core.windows.net", storageAccountName)
 	blobURL := fmt.Sprintf("%s/%s/%s", storageURL, containerName, blobName)
@@ -471,3 +478,53 @@ func randomString(length int) string {
 
 	return string(s)
 }
+
+// Ignition provisions the Azure container that holds the bootstrap ignition
+// file.
+func (p Provider) Ignition(ctx context.Context, in clusterapi.IgnitionInput) ([]byte, error) {
+	session, err := in.InstallConfig.Azure.Session()
+	if err != nil {
+		return nil, fmt.Errorf("failed to get session: %w", err)
+	}
+
+	bootstrapIgnData := in.BootstrapIgnData
+	subscriptionID := session.Credentials.SubscriptionID
+	cloudConfiguration := session.CloudConfig
+
+	ignitionContainerName := "ignition"
+	blobName := "bootstrap.ign"
+	blobURL := fmt.Sprintf("%s/%s/%s", p.StorageURL, ignitionContainerName, blobName)
+
+	// Create ignition blob storage container
+	createBlobContainerOutput, err := CreateBlobContainer(ctx, &CreateBlobContainerInput{
+		ContainerName:        ignitionContainerName,
+		SubscriptionID:       subscriptionID,
+		ResourceGroupName:    p.ResourceGroupName,
+		StorageAccountName:   p.StorageAccountName,
+		StorageClientFactory: p.StorageClientFactory,
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	blobIgnitionContainer := createBlobContainerOutput.BlobContainer
+	logrus.Debugf("BlobIgnitionContainer.ID=%s", *blobIgnitionContainer.ID)
+
+	sasURL, err := CreateBlockBlob(ctx, &CreateBlockBlobInput{
+		StorageURL:         p.StorageURL,
+		BlobURL:            blobURL,
+		StorageAccountName: p.StorageAccountName,
+		StorageAccountKeys: p.StorageAccountKeys,
+		CloudConfiguration: cloudConfiguration,
+		BootstrapIgnData:   bootstrapIgnData,
+	})
+	if err != nil {
+		return nil, err
+	}
+	ignShim, err := bootstrap.GenerateIgnitionShimWithCertBundleAndProxy(sasURL, in.InstallConfig.Config.AdditionalTrustBundle, in.InstallConfig.Config.Proxy)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create ignition shim: %w", err)
+	}
+
+	return ignShim, nil
+}

pkg/infrastructure/azure/storage.go

@@ -1,18 +1,24 @@
 package azure
 
 import (
+	"bytes"
 	"context"
 	"fmt"
 	"sync"
+	"time"
 
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/arm"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/cloud"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore/streaming"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
 	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage"
 	"github.com/Azure/azure-sdk-for-go/sdk/storage/azblob"
+	"github.com/Azure/azure-sdk-for-go/sdk/storage/azblob/blob"
+	"github.com/Azure/azure-sdk-for-go/sdk/storage/azblob/blockblob"
 	"github.com/Azure/azure-sdk-for-go/sdk/storage/azblob/pageblob"
+	"github.com/Azure/azure-sdk-for-go/sdk/storage/azblob/sas"
 	"github.com/sirupsen/logrus"
 
 	aztypes "github.com/openshift/installer/pkg/types/azure"
@@ -181,15 +187,15 @@ type CreatePageBlobOutput struct {
 
 // CreatePageBlob creates a blob and uploads a file from a URL to it.
 func CreatePageBlob(ctx context.Context, in *CreatePageBlobInput) (*CreatePageBlobOutput, error) {
-	logrus.Debugf("Getting blob credentials")
+	logrus.Debugf("Getting page blob credentials")
 
 	// XXX: Should try all of them until one is successful
 	sharedKeyCredential, err := azblob.NewSharedKeyCredential(in.StorageAccountName, *in.StorageAccountKeys[0].Value)
 	if err != nil {
-		return nil, fmt.Errorf("failed to get shared crdentials for storage account: %w", err)
+		return nil, fmt.Errorf("failed to get shared credentials for storage account: %w", err)
 	}
 
-	logrus.Debugf("Getting blob client")
+	logrus.Debugf("Getting page blob client")
 	pageBlobClient, err := pageblob.NewClientWithSharedKeyCredential(
 		in.BlobURL,
 		sharedKeyCredential,
@@ -318,3 +324,63 @@ func doUploadPagesFromURL(ctx context.Context, pageBlobClient *pageblob.Client,
 	logrus.Debugf("Done uploading")
 	return res
 }
+
+// CreateBlockBlobInput containers the input parameters used for creating a
+// block blob.
+type CreateBlockBlobInput struct {
+	StorageURL         string
+	BlobURL            string
+	StorageAccountName string
+	BootstrapIgnData   []byte
+	StorageAccountKeys []armstorage.AccountKey
+	CloudConfiguration cloud.Configuration
+}
+
+// CreateBlockBlobOutput contains the return values after creating a block
+// blob.
+type CreateBlockBlobOutput struct {
+	PageBlobClient      *pageblob.Client
+	SharedKeyCredential *azblob.SharedKeyCredential
+}
+
+// CreateBlockBlob creates a block blob and uploads a file from a URL to it.
+func CreateBlockBlob(ctx context.Context, in *CreateBlockBlobInput) (string, error) {
+	logrus.Debugf("Getting block blob credentials")
+
+	// XXX: Should try all of them until one is successful
+	sharedKeyCredential, err := azblob.NewSharedKeyCredential(in.StorageAccountName, *in.StorageAccountKeys[0].Value)
+	if err != nil {
+		return "", fmt.Errorf("failed to get shared crdentials for storage account: %w", err)
+	}
+
+	logrus.Debugf("Getting block blob client")
+	blockBlobClient, err := blockblob.NewClientWithSharedKeyCredential(
+		in.BlobURL,
+		sharedKeyCredential,
+		&blockblob.ClientOptions{
+			ClientOptions: azcore.ClientOptions{
+				Cloud: in.CloudConfiguration,
+			},
+		},
+	)
+	if err != nil {
+		return "", fmt.Errorf("failed to get page blob client: %w", err)
+	}
+
+	logrus.Debugf("Creating block blob")
+
+	accessTier := blob.AccessTierHot
+	_, err = blockBlobClient.Upload(ctx, streaming.NopCloser(bytes.NewReader(in.BootstrapIgnData)), &blockblob.UploadOptions{
+		Tier: &accessTier,
+	})
+	if err != nil {
+		return "", fmt.Errorf("failed to create block blob: %w", err)
+	}
+
+	sasURL, err := blockBlobClient.GetSASURL(sas.BlobPermissions{Read: true}, time.Now().Add(time.Minute*60), &blob.GetSASURLOptions{})
+	if err != nil {
+		return "", fmt.Errorf("failed to get SAS URL: %w", err)
+	}
+
+	return sasURL, nil
+}