Merge pull request openshift#7649 from honza/terraform-poc

METAL-871: Remove terraform-provider-ironic

Author: openshift-merge-bot[bot]

data/data/baremetal/bootstrap/main.tf

@@ -2,18 +2,6 @@ provider "libvirt" {
   uri = var.libvirt_uri
 }
 
-provider "ironic" {
-  url                = var.ironic_uri
-  inspector          = var.inspector_uri
-  microversion       = "1.56"
-  timeout            = 900
-  auth_strategy      = "http_basic"
-  ironic_username    = var.ironic_username
-  ironic_password    = var.ironic_password
-  inspector_username = var.ironic_username
-  inspector_password = var.ironic_password
-}
-
 resource "libvirt_pool" "bootstrap" {
   name = "${var.cluster_id}-bootstrap"
   type = "dir"

data/data/bootstrap/baremetal/files/etc/containers/systemd/image-customization.container

@@ -9,28 +9,29 @@ After=network-online.target ironic-volume.service build-ironic-env.service extra
 [Container]
 ContainerName=image-customization
 Image=$CUSTOMIZATION_IMAGE
-Exec=/image-customization-server --nmstate-dir=${NMSTATE_DIR} --images-publish-addr=http://0.0.0.0:8084
+Exec=/image-customization-controller --namespace=openshift-machine-api --images-publish-addr=http://0.0.0.0:8084 --metrics-addr=0.0.0.0:7373
 Network=host
 PodmanArgs=--secret pull-secret,mode=400
-Volume=${NMSTATE_DIR}/:${NMSTATE_DIR}/:z,ro
 Volume=ironic.volume:/shared:z
 Volume=/etc/containers:/tmp/containers:z
+Volume=${AUTH_DIR}:/auth:z,ro
+Volume=/opt/openshift:/opt/openshift:z,ro
 Environment="DEPLOY_ISO=/shared/html/images/ironic-python-agent.iso"
 Environment="DEPLOY_INITRD=/shared/html/images/ironic-python-agent.initramfs"
 Environment="IRONIC_BASE_URL=${IRONIC_BASE_URL}"
+Environment="IRONIC_INSPECTOR_BASE_URL=${IRONIC_BASE_URL}"
 Environment="IRONIC_RAMDISK_SSH_KEY=${IRONIC_RAMDISK_SSH_KEY}"
 Environment="IRONIC_AGENT_IMAGE=${IRONIC_AGENT_IMAGE}"
 Environment="IP_OPTIONS=${EXTERNAL_IP_OPTIONS}"
 Environment="REGISTRIES_CONF_PATH=/tmp/containers/registries.conf"
+Environment="KUBECONFIG=/opt/openshift/auth/kubeconfig-loopback"
 
 [Service]
 EnvironmentFile=/etc/ironic.env
-Environment="NMSTATE_DIR=/tmp/nmstate"
+Restart=always
 ExecStartPre=/usr/local/bin/setup-image-data.sh
 TimeoutStartSec=600
 ExecStopPost=podman secret rm pull-secret
-ExecStopPost=-rm -rf ${NMSTATE_DIR}
-Restart=on-abnormal
 
 [Install]
 WantedBy=multi-user.target

data/data/bootstrap/baremetal/files/etc/containers/systemd/ironic.container.template

@@ -25,6 +25,7 @@ Environment="IRONIC_HTPASSWD=${IRONIC_HTPASSWD}"
 Environment="INSPECTOR_HTPASSWD=${IRONIC_HTPASSWD}"
 Environment="IRONIC_KERNEL_PARAMS=${IRONIC_KERNEL_PARAMS}"
 Environment="HTTP_PORT=${HTTP_PORT}"
+Environment="OS_DEFAULT__FORCE_RAW_IMAGES=False"
 
 [Service]
 EnvironmentFile=/etc/ironic.env

data/data/bootstrap/baremetal/files/etc/containers/systemd/metal3-baremetal-operator.container

@@ -0,0 +1,31 @@
+[Unit]
+Description=Metal3 deployment service
+BindsTo=ironic-volume.service
+Requires=build-metal3-env.service wait-iptables-init.service image-customization.service build-ironic-env.service
+Wants=network-online.target ironic-httpd.service ironic-ramdisk-logs.service
+After=network-online.target ironic-volume.service build-ironic-env.service image-customization.service build-metal3-env.service
+
+[Container]
+ContainerName=baremetal-operator
+Image=$METAL3_BAREMETAL_OPERATOR_IMAGE
+Exec=/baremetal-operator -build-preprov-image
+Network=host
+Volume=${AUTH_DIR}:/auth:z,ro
+Volume=/opt/openshift:/opt/openshift:z,ro
+Environment="XDG_RUNTIME_DIR=/run/user/${UID}"
+Environment="KUBECONFIG=/opt/openshift/auth/kubeconfig-loopback"
+Environment="DEPLOY_KERNEL_URL=file:///shared/html/images/ironic-python-agent.kernel"
+Environment="IRONIC_HTPASSWD=${IRONIC_HTPASSWD}"
+Environment="INSPECTOR_HTPASSWD=${IRONIC_HTPASSWD}"
+Environment="IRONIC_KERNEL_PARAMS=${IRONIC_KERNEL_PARAMS}"
+Environment="HTTP_PORT=${HTTP_PORT}"
+Environment="IRONIC_ENDPOINT=${IRONIC_ENDPOINT}"
+Environment="IRONIC_EXTERNAL_URL_V6=${IRONIC_EXTERNAL_URL_V6}"
+
+[Service]
+EnvironmentFile=/etc/metal3.env
+Restart=always
+RestartSec=10
+
+[Install]
+WantedBy=multi-user.target

data/data/bootstrap/baremetal/files/etc/metal3.env.template

@@ -0,0 +1,3 @@
+AUTH_DIR=/opt/metal3/auth
+IRONIC_ENDPOINT="http://{{.PlatformData.BareMetal.IronicUsername}}:{{.PlatformData.BareMetal.IronicPassword}}@localhost:6385/v1"
+IRONIC_EXTERNAL_URL_V6="{{.PlatformData.BareMetal.ExternalURLv6}}"

data/data/bootstrap/baremetal/files/usr/local/bin/build-metal3-env.sh

@@ -0,0 +1,14 @@
+#!/usr/bin/env sh
+
+set -euo pipefail
+
+# shellcheck disable=SC1091
+. /usr/local/bin/release-image.sh
+
+export KUBECONFIG=/opt/openshift/auth/kubeconfig-loopback
+
+build_metal3_env() {
+    printf 'METAL3_BAREMETAL_OPERATOR_IMAGE="%s"\n' "$(image_for baremetal-operator)"
+}
+
+build_metal3_env | tee -a /etc/metal3.env

data/data/bootstrap/baremetal/files/usr/local/bin/master-bmh-update.sh

@@ -2,57 +2,32 @@
 
 set -euo pipefail
 
-# shellcheck disable=SC1091
-. /usr/local/bin/release-image.sh
-
 export KUBECONFIG=/opt/openshift/auth/kubeconfig-loopback
 
 # Wait till the baremetalhosts are populated
 until oc get baremetalhosts -n openshift-machine-api; do
-   echo Waiting for BareMetalHosts to appear...
+   echo Waiting for BareMetalHosts CRD to appear...
    sleep 20
 done
 
-AUTH_DIR=/opt/metal3/auth
-set +x
-ironic_url="$(printf 'http://%s:%s@localhost:6385/v1' "$(cat "${AUTH_DIR}/ironic/username")" "$(cat "${AUTH_DIR}/ironic/password")")"
-inspector_url="$(printf 'http://%s:%s@localhost:5050/v1' "$(cat "${AUTH_DIR}/ironic-inspector/username")" "$(cat "${AUTH_DIR}/ironic-inspector/password")")"
-
-# Wait for a master to appear.
-while [ "$(curl -s "${ironic_url}/nodes" | jq '.nodes[] | .uuid' | wc -l)" -lt 1 ]; do
-    echo waiting for a master node to show up
+while [ "$(oc get bmh -n openshift-machine-api -o name | wc -l)" -lt 1  ]; do
+    echo "Waiting for bmh"
     sleep 20
 done
 
-# Wait for the nodes to become active after introspection.
-# Probably don't need this but I want to be 100% sure.
-while curl -s "${ironic_url}/nodes" | jq '.nodes[] | .provision_state' | grep -v active; do
-    echo Waiting for nodes to become active
+while [ "$(oc get bmh -n openshift-machine-api -l installer.openshift.io/role=master -o json | jq '.items[].status.provisioning.state' | grep -v provisioned -c)" -gt 0  ]; do
+    echo "Waiting for masters to become provisioned"
+    oc get bmh -A
     sleep 20
 done
 
-echo Nodes are all active
-
-BAREMETAL_OPERATOR_IMAGE=$(image_for baremetal-operator)
-
-for node in $(curl -s "${ironic_url}/nodes" | jq -r '.nodes[] | .uuid'); do
-    name=$(curl -H "X-OpenStack-Ironic-API-Version: 1.9" -s "${ironic_url}/nodes/${node}" | jq -r .name)
-    echo "Host $name, UUID: $node"
-    # And use the baremetal operator tool to load the introspection data into
-    # the BareMetalHost CRs as annotations, which BMO then picks up.
-    HARDWARE_DETAILS=$(podman run --quiet --net=host \
-        --rm \
-        --entrypoint /get-hardware-details \
-        "${BAREMETAL_OPERATOR_IMAGE}" \
-        "${inspector_url}" "$node" | jq '{hardware: .}')
-
-     oc annotate --overwrite -n openshift-machine-api baremetalhosts "$name" 'baremetalhost.metal3.io/status'="$HARDWARE_DETAILS" 'baremetalhost.metal3.io/paused-'
-done
-
-# This delay is needed to ensure that Terraform sees that the hosts are
-# deployed before we stop ironic. Terraform is polling every 10s.
-sleep 30
 # Shut down ironic containers so that the API VIP can fail over to the control
 # plane.
 echo "Stopping provisioning services..."
-systemctl stop ironic.service
+systemctl --no-block stop ironic.service
+while systemctl is-active metal3-baremetal-operator.service; do
+    sleep 10
+done
+
+echo "Unpause all baremetal hosts"
+oc annotate --overwrite -n openshift-machine-api baremetalhosts --all "baremetalhost.metal3.io/paused-"

data/data/bootstrap/baremetal/files/usr/local/bin/setup-image-data.sh.template

@@ -4,31 +4,5 @@ set -euo pipefail
 
 export KUBECONFIG=/opt/openshift/auth/kubeconfig-loopback
 
-mkdir -p "${NMSTATE_DIR}"
-
-get_nmstate() {
-    local host="$1"
-    until oc get -n openshift-machine-api baremetalhost "${host}" >/dev/null; do
-        echo "Waiting for Host ${host} to appear..." >&2
-        sleep 10
-    done
-
-    local secret_name
-    secret_name="$(oc get -n openshift-machine-api baremetalhost "${host}" -o jsonpath="{.spec.preprovisioningNetworkDataName}")"
-    if [ -n "${secret_name}" ]; then
-        until oc get -n openshift-machine-api secret "${secret_name}" >/dev/null; do
-            echo "Waiting for Secret ${secret_name} to appear..." >&2
-            sleep 10
-        done
-        oc get -n openshift-machine-api secret "${secret_name}" -o jsonpath="{.data.nmstate}" | base64 -d >"${NMSTATE_DIR}/${host}.yaml"
-    else
-        touch "${NMSTATE_DIR}/${host}.yaml"
-    fi
-}
-
-{{range .PlatformData.BareMetal.Hosts}}
-get_nmstate "{{.Name}}"
-{{end}}
-
 # Create a podman secret for the image-customization-server
 base64 -w 0 /root/.docker/config.json | podman secret create pull-secret -

data/data/bootstrap/baremetal/systemd/units/build-ironic-env.service.template

@@ -8,7 +8,7 @@ After=network-online.target crio.service release-image.service
 EnvironmentFile=/etc/ironic-network.env
 Environment="PROVISIONING_MAC={{.PlatformData.BareMetal.ProvisioningInterfaceMAC}}"
 Environment="PROVISIONING_NETWORK_TYPE={{.PlatformData.BareMetal.ProvisioningNetwork}}"
-Environment="IRONIC_IP={{.PlatformData.BareMetal.APIVIP}}"
+Environment="IRONIC_IP={{index .PlatformData.BareMetal.APIVIPs 0}}"
 Environment="IRONIC_USERNAME={{.PlatformData.BareMetal.IronicUsername}}"
 ExecStart=/usr/local/bin/build-ironic-env.sh
 Type=oneshot

data/data/bootstrap/baremetal/systemd/units/build-metal3-env.service.template

@@ -0,0 +1,13 @@
+[Unit]
+Description=Build Metal3 environment
+Requires=release-image.service
+Wants=network-online.target crio.service
+After=network-online.target crio.service release-image.service
+
+[Service]
+ExecStart=/usr/local/bin/build-metal3-env.sh
+Type=oneshot
+RemainAfterExit=true
+
+[Install]
+WantedBy=multi-user.target