From 8460bc9db6e44489a120f433779ebbb554bee453 Mon Sep 17 00:00:00 2001 From: ehila Date: Mon, 22 Sep 2025 09:45:23 -0400 Subject: [PATCH] feat: add support for TNF agent based install added ENABLE_TWO_NODE_FENCING internal variable to help identify fencing for templating. added fencing block in jinja baremetal install config added BMC driver validation for two node fencing to make sure only redfish is used Signed-off-by: ehila --- .../install-config_baremetal_yaml.j2 | 21 ++++++++++++---- agent/roles/manifests/vars/main.yml | 1 + common.sh | 24 +++++++++++++++++++ config_example.sh | 4 ++++ utils.sh | 2 +- 5 files changed, 46 insertions(+), 6 deletions(-) diff --git a/agent/roles/manifests/templates/install-config_baremetal_yaml.j2 b/agent/roles/manifests/templates/install-config_baremetal_yaml.j2 index 62b615c15..fb38847e8 100644 --- a/agent/roles/manifests/templates/install-config_baremetal_yaml.j2 +++ b/agent/roles/manifests/templates/install-config_baremetal_yaml.j2 @@ -1,4 +1,9 @@ {% import 'net_macros.yaml' as net %} +{% set hostnames = agent_nodes_hostnames.split(',') %} +{% set bmc_addresses = agent_nodes_bmc_addresses.split(',') %} +{% set bmc_passwords = agent_nodes_bmc_passwords.split(',') %} +{% set bmc_usernames = agent_nodes_bmc_usernames.split(',') %} +{% set bmc_verify_cas = agent_nodes_bmc_verify_cas.split(',') %} apiVersion: v1 baseDomain: {{ base_domain }} compute: @@ -21,6 +26,17 @@ controlPlane: hyperthreading: Enabled name: master replicas: {{ num_masters }} +{% if enable_two_node_fencing %} + fencing: + credentials: +{% for hostname in hostnames %} + - hostname: {{hostname}} + address: {{ bmc_addresses[loop.index0] }} + username: {{ bmc_usernames[loop.index0] }} + password: {{ bmc_passwords[loop.index0] }} + certificateVerification: {{ 'Enabled' if bmc_verify_cas[loop.index0] else 'Disabled' }} +{% endfor %} +{% endif %} fips: {{ fips_mode }} metadata: name: {{ cluster_name }} @@ -60,7 +76,6 @@ networking: networkType: {{ network_type }} platform: {% set macs = agent_nodes_macs.split(',') %} -{% set hostnames = agent_nodes_hostnames.split(',') %} {% set ips = agent_nodes_ips.split(',') %} {% set ipsv6 = agent_nodes_ipsv6.split(',') %} baremetal: @@ -75,10 +90,6 @@ platform: - {{ ingress_vip }} {% endfor %} {% if agent_install_config_bm_hosts == "true" %} -{% set bmc_addresses = agent_nodes_bmc_addresses.split(',') %} -{% set bmc_passwords = agent_nodes_bmc_passwords.split(',') %} -{% set bmc_usernames = agent_nodes_bmc_usernames.split(',') %} -{% set bmc_verify_cas = agent_nodes_bmc_verify_cas.split(',') %} provisioningHostIP: {{ cluster_provisioning_ip }} provisioningNetworkInterface: {{ cluster_provisioning_interface }} provisioningNetworkCIDR: {{ provisioning_network }} diff --git a/agent/roles/manifests/vars/main.yml b/agent/roles/manifests/vars/main.yml index 5306a2ff5..9e5a73c18 100644 --- a/agent/roles/manifests/vars/main.yml +++ b/agent/roles/manifests/vars/main.yml @@ -30,6 +30,7 @@ cluster_provisioning_interface: "{{ lookup('env', 'CLUSTER_PRO_IF') }}" cluster_subnet_v4: "{{ lookup('env', 'CLUSTER_SUBNET_V4') }}" cluster_subnet_v6: "{{ lookup('env', 'CLUSTER_SUBNET_V6') }}" enable_local_registry: "{{ lookup('env', 'ENABLE_LOCAL_REGISTRY') != '' }}" +enable_two_node_fencing: "{{ lookup('env', 'ENABLE_TWO_NODE_FENCING', default='') == 'true' }}" external_subnet_v4: "{{ lookup('env', 'EXTERNAL_SUBNET_V4') }}" external_subnet_v6: "{{ lookup('env', 'EXTERNAL_SUBNET_V6') }}" external_subnet_v4_prefixlen: "{{ lookup('env', 'EXTERNAL_SUBNET_V4') | ansible.utils.ipaddr('prefix') }}" diff --git a/common.sh b/common.sh index 7e74de9e4..634247b9e 100644 --- a/common.sh +++ b/common.sh @@ -397,6 +397,22 @@ fi export ENABLE_LOCAL_REGISTRY=${ENABLE_LOCAL_REGISTRY:-} +# Helper variable for TNF, normally not meant to be configurable by user. +# When two node fencing is detected we set this variable because the installer +# validation will fail if fencing credentials are not present when two masters +# and no arbiter are set. +# Skip on agent scenarios to avoid accidental overrides. +export ENABLE_TWO_NODE_FENCING=${ENABLE_TWO_NODE_FENCING:-false} +if [[ -z ${AGENT_E2E_TEST_SCENARIO:-} ]] && [[ ${NUM_ARBITERS} -eq 0 ]] && [[ ${NUM_MASTERS} -eq 2 ]]; then + export ENABLE_TWO_NODE_FENCING="true" +fi + +# Only redfish BMC driver is supported for two node fencing +if [[ "${BMC_DRIVER}" != "redfish" ]] && [[ "${ENABLE_TWO_NODE_FENCING:-}" == "true" ]]; then + printf "Only redfish BMC driver is supported for Two Node Fencing deployments: BMC_DRIVER=${BMC_DRIVER}, ENABLE_TWO_NODE_FENCING=${ENABLE_TWO_NODE_FENCING}" + exit 1 +fi + # Defaults the DISABLE_MULTICAST variable export DISABLE_MULTICAST=${DISABLE_MULTICAST:-false} @@ -479,6 +495,14 @@ if [[ ! -z ${AGENT_E2E_TEST_SCENARIO} ]]; then export ARBITER_DISK=50 export NUM_WORKERS=0 ;; + "TNF" ) + export NUM_MASTERS=2 + export MASTER_VCPU=8 + export MASTER_DISK=100 + export MASTER_MEMORY=32768 + export NUM_WORKERS=0 + export ENABLE_TWO_NODE_FENCING="true" + ;; "HA" ) export NUM_MASTERS=3 export MASTER_VCPU=4 diff --git a/config_example.sh b/config_example.sh index 145b3735d..ec71c39a4 100755 --- a/config_example.sh +++ b/config_example.sh @@ -812,6 +812,10 @@ set -x # - TNA_IPV6 # - TNA_IPV4_DHCP # - TNA_IPV6_DHCP +# - TNF_IPV4 +# - TNF_IPV6 +# - TNF_IPV4_DHCP +# - TNA_IPV6_DHCP # - HA_IPV4 # - HA_IPV6 # - HA_IPV4_DHCP diff --git a/utils.sh b/utils.sh index 696a5e89f..5e4c4f75c 100755 --- a/utils.sh +++ b/utils.sh @@ -312,7 +312,7 @@ function node_map_to_install_config_fencing_credentials() { return 0 fi - if [[ ${NUM_ARBITERS} -eq 0 ]] && [[ "${NUM_MASTERS}" -eq 2 ]]; then + if [ "${ENABLE_TWO_NODE_FENCING:-}" == "true" ]; then cat <