removed usage of pull-secret.

andfasano · andfasano · commit 5a3e543a3bf9 · 2024-04-24T07:52:24.000-04:00
command now generates directly an exit code file.
random namespace generation.
config file name customizable.
diff --git a/docs/user/agent/add-nodes.md b/docs/user/agent/add-nodes.md
@@ -3,7 +3,6 @@
 ## Pre-requisites
 1. The `oc` tool must be available in the execution environment (the "user host").
 2. The user host has a valid network connection to the target OpenShift cluster to be expanded.
-3. The user host has a valid pull-secret.
 
 ## Setup
 1. Download the [node-joiner.sh](./node-joiner.sh) script in a working directory in
@@ -66,16 +65,24 @@ hosts:
           macAddress: 00:02:46:e3:9e:9c
 
 ## ISO generation
-Run the [node-joiner.sh](./node-joiner.sh) by specifying the location of the current pull secret:
+Run the [node-joiner.sh](./node-joiner.sh):
 ```bash
-$ ./node-joiner.sh ~/config/pull-secret
+$ ./node-joiner.sh
 ```
-The script will generate a temporary namespace `openshift-node-joiner` in the target cluster,
+The script will generate a temporary namespace prefixed with `openshift-node-joiner` in the target cluster,
 where a pod will be launched to execute the effective node-joiner workload.
 In case of success, the `agent-addnodes.x86_64.iso` ISO image will be downloaded in the assets folder.
 
+### Configuration file name
+By default the script looks for a configuration file named `nodes-config.yaml`. It's possible to specify a 
+different config file name, as the first parameter of the script:
+
+```bash
+$ ./node-joiner.sh config.yaml
+```
+
 ## Nodes joining
-Use the iso image to boot all the nodes listed in the `nodes-config.yaml` file, and wait for the related
+Use the iso image to boot all the nodes listed in the configuration file, and wait for the related
 certificate signing requests (CSRs) to appear. When adding a new node to the cluster, two pending CSRs will
 be generated, and they must be manually approved by the user.
 Use the following command to monitor the pending certificates:
diff --git a/docs/user/agent/node-joiner.sh b/docs/user/agent/node-joiner.sh
@@ -1,30 +1,32 @@
 #!/bin/bash
 
-if [ $# -lt 1 ]; then
-    echo "./node-joiner.sh <pull secret path>"
-    echo "Usage example:"
-    echo "$ ./node-joiner.sh ~/config/my-pull-secret"
+set -eu
 
-    exit 1
+# Config file
+nodesConfigFile=${1:-"nodes-config.yaml"}
+if [ ! -f $nodesConfigFile ]; then
+  echo "Cannot find the config file $nodesConfigFile"
+  exit 1
 fi
-pullSecret=$1
+
+# Generate a random namespace name
+namespace="openshift-node-joiner-$(cat /dev/urandom | tr -dc 'a-z' | head -c 10)"
 
 # Extract the installer image pullspec and release version.
-releaseImage=$(oc get clusterversion version -o=jsonpath='{.status.history[?(@.state == "Completed")].image}')
-nodeJoinerPullspec=$(oc adm release info -a "$pullSecret" --image-for=installer "$releaseImage")
+nodeJoinerPullspec=$(oc get is installer -n openshift -o=jsonpath='{.spec.tags[0].from.name}')
 
 # Create the namespace to run the node-joiner, along with the required roles and bindings.
 staticResources=$(cat <<EOF
 apiVersion: v1
 kind: Namespace
 metadata:
-  name: openshift-node-joiner
+  name: ${namespace}
 ---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: node-joiner
-  namespace: openshift-node-joiner
+  namespace: ${namespace}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -55,7 +57,7 @@ metadata:
 subjects:
 - kind: ServiceAccount
   name: node-joiner
-  namespace: openshift-node-joiner
+  namespace: ${namespace}
 roleRef:
   kind: ClusterRole
   name: node-joiner
@@ -65,15 +67,15 @@ EOF
 echo "$staticResources" | oc apply -f -
 
 # Generate a configMap to store the user configuration
-oc create configmap nodes-config --from-file=nodes-config.yaml -n openshift-node-joiner -o yaml --dry-run=client | oc apply -f -
+oc create configmap nodes-config --from-file=nodes-config.yaml=${nodesConfigFile} -n ${namespace} -o yaml --dry-run=client | oc apply -f -
 
 # Runt the node-joiner pod to generate the ISO
 nodeJoinerPod=$(cat <<EOF
 apiVersion: v1
 kind: Pod
 metadata:
   name: node-joiner
-  namespace: openshift-node-joiner
+  namespace: ${namespace}
   annotations:
     openshift.io/scc: anyuid
   labels:
@@ -93,39 +95,36 @@ spec:
       mountPath: /config
     - name: assets
       mountPath: /assets
-    command: ["/bin/sh", "-c", "cp /config/nodes-config.yaml /assets; HOME=/assets node-joiner add-nodes --dir=/assets --log-level=debug; echo \$? > /assets/completed; sleep 600"]    
+    command: ["/bin/sh", "-c", "cp /config/nodes-config.yaml /assets; HOME=/assets node-joiner add-nodes --dir=/assets --log-level=debug; sleep 600"]    
   volumes:
   - name: nodes-config
     configMap: 
       name: nodes-config
-      namespace: openshift-node-joiner
+      namespace: ${namespace}
   - name: assets
     emptyDir: 
       sizeLimit: "4Gi"
 EOF
 )
 echo "$nodeJoinerPod" | oc apply -f -
 
-# Wait until the node-joiner was completed.
 while true; do 
-  if oc exec node-joiner -n openshift-node-joiner -- test -e /assets/completed >/dev/null 2>&1; then
+  if oc exec node-joiner -n ${namespace} -- test -e /assets/exit_code >/dev/null 2>&1; then
     break
   else 
     echo "Waiting for node-joiner pod to complete..."
     sleep 10s
   fi
 done
 
-# In case of success, let's extract the ISO, otherwise the logs are shown for troubleshooting the error.
-completed=$(oc exec node-joiner -n openshift-node-joiner -- cat /assets/completed)
-if [ "$completed" = 0 ]; then
+res=$(oc exec node-joiner -n ${namespace} -- cat /assets/exit_code)
+if [ "$res" = 0 ]; then
   echo "node-joiner successfully completed, extracting ISO image..."
-  oc cp -n openshift-node-joiner node-joiner:/assets/agent-addnodes.x86_64.iso agent-addnodes.x86_64.iso
+  oc cp -n ${namespace} node-joiner:/assets/agent-addnodes.x86_64.iso agent-addnodes.x86_64.iso
 else
-  oc logs node-joiner -n openshift-node-joiner 
+  oc logs node-joiner -n ${namespace}
   echo "node-joiner failed"
 fi
 
-# Remove all the resources previously created.
 echo "Cleaning up"
-oc delete namespace openshift-node-joiner --grace-period=0 >/dev/null 2>&1 &
+oc delete namespace "${namespace}" --grace-period=0 >/dev/null 2>&1 &
diff --git a/pkg/nodejoiner/addnodes.go b/pkg/nodejoiner/addnodes.go
@@ -1,7 +1,8 @@
 package nodejoiner
 
 import (
-	"context"
+	"os"
+	"path/filepath"
 
 	"github.com/openshift/installer/pkg/asset"
 	"github.com/openshift/installer/pkg/asset/agent/image"
@@ -10,6 +11,10 @@ import (
 	"github.com/openshift/installer/pkg/asset/store"
 )
 
+const (
+	addNodesResultFile = "exit_code"
+)
+
 // NewAddNodesCommand creates a new command for add nodes.
 func NewAddNodesCommand(directory string, kubeConfig string) error {
 	// Store the current parameters into the assets folder, so
@@ -22,12 +27,20 @@ func NewAddNodesCommand(directory string, kubeConfig string) error {
 		return err
 	}
 
-	ctx := context.Background()
-
 	fetcher := store.NewAssetsFetcher(directory)
-	return fetcher.FetchAndPersist(ctx, []asset.WritableAsset{
+	err = fetcher.FetchAndPersist([]asset.WritableAsset{
 		&workflow.AgentWorkflowAddNodes{},
 		&image.AgentImage{},
-		// To be completed
 	})
+
+	// Save the exit code result
+	exitCode := "0"
+	if err != nil {
+		exitCode = "1"
+	}
+	if err2 := os.WriteFile(filepath.Join(directory, addNodesResultFile), []byte(exitCode), 0644); err2 != nil {
+		return err2
+	}
+
+	return err
 }
