openstack: Create server groups in the CAPI flow

pierreprinetti · pierreprinetti · commit 25c0a610f281 · 2024-04-26T11:45:36.000+02:00
CAPO doesn't create server groups; it needs the server groups referred
to in Machines to be created in the PreProvision hook.
diff --git a/pkg/infrastructure/openstack/clusterapi/clusterapi.go b/pkg/infrastructure/openstack/clusterapi/clusterapi.go
@@ -10,6 +10,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
 	configv1 "github.com/openshift/api/config/v1"
+	mapov1alpha1 "github.com/openshift/api/machine/v1alpha1"
 	"github.com/openshift/installer/pkg/asset/manifests"
 	"github.com/openshift/installer/pkg/asset/manifests/capiutils"
 	"github.com/openshift/installer/pkg/infrastructure/clusterapi"
@@ -32,13 +33,16 @@ func (p Provider) Name() string {
 
 var _ clusterapi.PreProvider = Provider{}
 
-// PreProvision tags the VIP ports and creates the security groups that are needed during CAPI provisioning.
+// PreProvision tags the VIP ports, and creates the security groups and the
+// server groups defined in the Machine manifests.
 func (p Provider) PreProvision(ctx context.Context, in clusterapi.PreProvisionInput) error {
 	var (
-		infraID        = in.InfraID
-		installConfig  = in.InstallConfig
-		rhcosImage     = string(*in.RhcosImage)
-		manifestsAsset = in.ManifestsAsset
+		infraID          = in.InfraID
+		installConfig    = in.InstallConfig
+		rhcosImage       = string(*in.RhcosImage)
+		manifestsAsset   = in.ManifestsAsset
+		machineManifests = in.MachineManifests
+		workersAsset     = in.WorkersAsset
 	)
 
 	if err := preprovision.TagVIPPorts(ctx, installConfig, infraID); err != nil {
@@ -71,6 +75,30 @@ func (p Provider) PreProvision(ctx context.Context, in clusterapi.PreProvisionIn
 		}
 	}
 
+	{
+		capiMachines := make([]capo.OpenStackMachine, 0, len(machineManifests))
+		for i := range machineManifests {
+			if m, ok := machineManifests[i].(*capo.OpenStackMachine); ok {
+				capiMachines = append(capiMachines, *m)
+			}
+		}
+
+		var workerSpecs []mapov1alpha1.OpenstackProviderSpec
+		{
+			machineSets, err := workersAsset.MachineSets()
+			if err != nil {
+				return fmt.Errorf("failed to extract MachineSets from the worker assets: %w", err)
+			}
+			workerSpecs = make([]mapov1alpha1.OpenstackProviderSpec, 0, len(machineSets))
+			for _, machineSet := range machineSets {
+				workerSpecs = append(workerSpecs, *machineSet.Spec.Template.Spec.ProviderSpec.Value.Object.(*mapov1alpha1.OpenstackProviderSpec))
+			}
+		}
+		if err := preprovision.ServerGroups(ctx, installConfig, capiMachines, workerSpecs); err != nil {
+			return fmt.Errorf("failed to create server groups: %w", err)
+		}
+	}
+
 	return nil
 }
 
diff --git a/pkg/infrastructure/openstack/preprovision/servergroups.go b/pkg/infrastructure/openstack/preprovision/servergroups.go
@@ -0,0 +1,101 @@
+package preprovision
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/gophercloud/gophercloud/openstack/compute/v2/extensions/servergroups"
+	"github.com/gophercloud/gophercloud/pagination"
+	"github.com/sirupsen/logrus"
+	capo "sigs.k8s.io/cluster-api-provider-openstack/api/v1beta1"
+
+	mapov1alpha1 "github.com/openshift/api/machine/v1alpha1"
+	"github.com/openshift/installer/pkg/asset/installconfig"
+	tfvars "github.com/openshift/installer/pkg/tfvars/openstack"
+	"github.com/openshift/installer/pkg/types/openstack"
+	"github.com/openshift/installer/pkg/types/openstack/defaults"
+)
+
+// ServerGroups creates server groups referenced by name in the Machine
+// manifests if they don't exist already. The newly created server groups have
+// the policy defined in the install-config's machine-pools.
+func ServerGroups(_ context.Context, installConfig *installconfig.InstallConfig, capiMachines []capo.OpenStackMachine, mapoWorkerProviderSpecs []mapov1alpha1.OpenstackProviderSpec) error {
+	logrus.Debugf("Creating the server groups")
+	computeClient, err := defaults.NewServiceClient("compute", defaults.DefaultClientOpts(installConfig.Config.Platform.OpenStack.Cloud))
+	if err != nil {
+		return fmt.Errorf("failed to build an OpenStack client: %w", err)
+	}
+	computeClient.Microversion = "2.64"
+
+	var masterPolicy, workerPolicy openstack.ServerGroupPolicy
+	{
+		if masterMP := installConfig.Config.ControlPlane; masterMP != nil {
+			masterPolicy = tfvars.GetServerGroupPolicy(masterMP.Platform.OpenStack, installConfig.Config.OpenStack.DefaultMachinePlatform)
+		} else {
+			masterPolicy = tfvars.GetServerGroupPolicy(nil, installConfig.Config.OpenStack.DefaultMachinePlatform)
+		}
+
+		if workerMP := installConfig.Config.WorkerMachinePool(); workerMP != nil {
+			workerPolicy = tfvars.GetServerGroupPolicy(workerMP.Platform.OpenStack, installConfig.Config.OpenStack.DefaultMachinePlatform)
+		} else {
+			workerPolicy = tfvars.GetServerGroupPolicy(nil, installConfig.Config.OpenStack.DefaultMachinePlatform)
+		}
+	}
+
+	// serverGroups is the set of server groups to be created.
+	serverGroups := make(map[string]openstack.ServerGroupPolicy, len(capiMachines)+len(mapoWorkerProviderSpecs))
+	for _, machine := range capiMachines {
+		if _, ok := machine.Labels["cluster.x-k8s.io/control-plane"]; !ok {
+			logrus.Debugf("Found unexpected machine %q among the CAPI Machine manifests", machine.GetName())
+			continue
+		}
+		if sgParam := machine.Spec.ServerGroup; sgParam != nil && sgParam.Filter != nil && sgParam.Filter.Name != nil {
+			serverGroupName := *sgParam.Filter.Name
+			if visitedPolicy, ok := serverGroups[serverGroupName]; ok {
+				if masterPolicy != visitedPolicy {
+					return fmt.Errorf("server group %q is referenced with different policies in the install-config machine-pools", serverGroupName)
+				}
+				continue
+			}
+			serverGroups[serverGroupName] = masterPolicy
+		}
+	}
+	for _, providerSpec := range mapoWorkerProviderSpecs {
+		if serverGroupName := providerSpec.ServerGroupName; serverGroupName != "" {
+			if visitedPolicy, ok := serverGroups[serverGroupName]; ok {
+				if workerPolicy != visitedPolicy {
+					return fmt.Errorf("server group %q is referenced with different policies in the install-config machine-pools", serverGroupName)
+				}
+				continue
+			}
+			serverGroups[serverGroupName] = workerPolicy
+		}
+	}
+
+	// Remove existing server groups from the list of resources to be created.
+	if err = servergroups.List(computeClient, nil).EachPage(func(p pagination.Page) (bool, error) {
+		sgs, err := servergroups.ExtractServerGroups(p)
+		if err != nil {
+			return false, err
+		}
+
+		for i := range sgs {
+			delete(serverGroups, sgs[i].Name)
+		}
+		return true, nil
+	}); err != nil {
+		return fmt.Errorf("failed to list server groups: %w", err)
+	}
+
+	// Create the server groups referenced by name in the Machine manifests, that don't exist already.
+	for name, policy := range serverGroups {
+		logrus.Debugf("Creating server group %q with policy %q", name, policy)
+		if _, err := servergroups.Create(computeClient, servergroups.CreateOpts{
+			Name:   name,
+			Policy: string(policy),
+		}).Extract(); err != nil {
+			return fmt.Errorf("failed to create server group %q: %w", name, err)
+		}
+	}
+	return nil
+}
diff --git a/pkg/tfvars/openstack/openstack.go b/pkg/tfvars/openstack/openstack.go
@@ -125,13 +125,13 @@ func TFVars(
 		rootVolumeSize = rootVolume.Size
 	}
 
-	masterServerGroupPolicy := getServerGroupPolicy(mastermpool, defaultmpool, types_openstack.SGPolicySoftAntiAffinity)
+	masterServerGroupPolicy := GetServerGroupPolicy(mastermpool, defaultmpool)
 	masterServerGroupName := masterSpecs[0].ServerGroupName
 	if masterSpecs[0].ServerGroupID != "" {
 		return nil, fmt.Errorf("the field ServerGroupID is not implemented in the Installer. Please use ServerGroupName for automatic creation of the Control Plane server group")
 	}
 
-	workerServerGroupPolicy := getServerGroupPolicy(workermpool, defaultmpool, types_openstack.SGPolicySoftAntiAffinity)
+	workerServerGroupPolicy := GetServerGroupPolicy(workermpool, defaultmpool)
 	var workerServerGroupNames []string
 	{
 		for _, workerConfig := range workerSpecs {
@@ -272,12 +272,13 @@ func isOctaviaSupported(serviceCatalog *tokens.ServiceCatalog) (bool, error) {
 	return true, nil
 }
 
-func getServerGroupPolicy(machinePool, defaultMachinePool *types_openstack.MachinePool, defaultPolicy types_openstack.ServerGroupPolicy) types_openstack.ServerGroupPolicy {
+// GetServerGroupPolicy returns the server group policy set in the given machine-pool, or in the default one, or falls back to soft-anti-affinity.
+func GetServerGroupPolicy(machinePool, defaultMachinePool *types_openstack.MachinePool) types_openstack.ServerGroupPolicy {
 	if machinePool != nil && machinePool.ServerGroupPolicy.IsSet() {
 		return machinePool.ServerGroupPolicy
 	}
 	if defaultMachinePool != nil && defaultMachinePool.ServerGroupPolicy.IsSet() {
 		return defaultMachinePool.ServerGroupPolicy
 	}
-	return defaultPolicy
+	return types_openstack.SGPolicySoftAntiAffinity
 }

Original file line number	Diff line number	Diff line change
`@@ -125,13 +125,13 @@ func TFVars(`
`125`	`125`	`rootVolumeSize = rootVolume.Size`
`126`	`126`	`}`
`127`	`127`
`128`		`- masterServerGroupPolicy := getServerGroupPolicy(mastermpool, defaultmpool, types_openstack.SGPolicySoftAntiAffinity)`
	`128`	`+ masterServerGroupPolicy := GetServerGroupPolicy(mastermpool, defaultmpool)`
`129`	`129`	`masterServerGroupName := masterSpecs[0].ServerGroupName`
`130`	`130`	`if masterSpecs[0].ServerGroupID != "" {`
`131`	`131`	`return nil, fmt.Errorf("the field ServerGroupID is not implemented in the Installer. Please use ServerGroupName for automatic creation of the Control Plane server group")`
`132`	`132`	`}`
`133`	`133`
`134`		`- workerServerGroupPolicy := getServerGroupPolicy(workermpool, defaultmpool, types_openstack.SGPolicySoftAntiAffinity)`
	`134`	`+ workerServerGroupPolicy := GetServerGroupPolicy(workermpool, defaultmpool)`
`135`	`135`	`var workerServerGroupNames []string`
`136`	`136`	`{`
`137`	`137`	`for _, workerConfig := range workerSpecs {`
`@@ -272,12 +272,13 @@ func isOctaviaSupported(serviceCatalog *tokens.ServiceCatalog) (bool, error) {`
`272`	`272`	`return true, nil`
`273`	`273`	`}`
`274`	`274`
`275`		`-func getServerGroupPolicy(machinePool, defaultMachinePool *types_openstack.MachinePool, defaultPolicy types_openstack.ServerGroupPolicy) types_openstack.ServerGroupPolicy {`
	`275`	`+// GetServerGroupPolicy returns the server group policy set in the given machine-pool, or in the default one, or falls back to soft-anti-affinity.`
	`276`	`+func GetServerGroupPolicy(machinePool, defaultMachinePool *types_openstack.MachinePool) types_openstack.ServerGroupPolicy {`
`276`	`277`	`if machinePool != nil && machinePool.ServerGroupPolicy.IsSet() {`
`277`	`278`	`return machinePool.ServerGroupPolicy`
`278`	`279`	`}`
`279`	`280`	`if defaultMachinePool != nil && defaultMachinePool.ServerGroupPolicy.IsSet() {`
`280`	`281`	`return defaultMachinePool.ServerGroupPolicy`
`281`	`282`	`}`
`282`		`- return defaultPolicy`
	`283`	`+ return types_openstack.SGPolicySoftAntiAffinity`
`283`	`284`	`}`