Use the new cluster hosted ironic pod to deploy the BMO

02_configure_host.sh

@@ -135,6 +135,11 @@ for port in 80 5050 6385 ; do
     fi
 done
 
+# Allow access to httpd on baremetal network for image cache.
+if ! sudo iptables -C INPUT -i baremetal -p tcp -m tcp --dport 80 -j ACCEPT > /dev/null 2>&1; then
+    sudo iptables -I INPUT -i baremetal -p tcp -m tcp --dport 80 -j ACCEPT
+fi
+
 # Allow ipmi to the virtual bmc processes that we just started
 if [ "${RHEL8}" = "True" ] ; then
     sudo firewall-cmd --zone=libvirt --add-port=6230-6235/udp

08_deploy_bmo.sh

@@ -3,7 +3,7 @@
 set -ex
 
 source logging.sh
-#source common.sh
+source common.sh
 eval "$(go env)"
 
 # Get the latest bits for baremetal-operator
@@ -13,9 +13,27 @@ export BMOPATH="$GOPATH/src/github.com/metal3-io/baremetal-operator"
 cp -r $BMOPATH/deploy ocp/.
 sed -i 's/namespace: .*/namespace: openshift-machine-api/g' ocp/deploy/role_binding.yaml
 
+cp $SCRIPTDIR/operator_ironic.yaml ocp/deploy
+cp $SCRIPTDIR/ironic_bmo_configmap.yaml ocp/deploy
+sed -i "s#__RHCOS_IMAGE_URL__#${RHCOS_IMAGE_URL}#" ocp/deploy/ironic_bmo_configmap.yaml
+
+# Kill the dnsmasq container on the host since it is performing DHCP and doesn't
+# allow our pod in openshift to take over.  We don't want to take down all of ironic
+# as it makes cleanup "make clean" not work properly.
+for name in dnsmasq ironic-inspector ; do
+    sudo podman ps | grep -w "$name$" && sudo podman stop $name
+done
+
 # Start deploying on the new cluster
 oc --config ocp/auth/kubeconfig apply -f ocp/deploy/service_account.yaml --namespace=openshift-machine-api
 oc --config ocp/auth/kubeconfig apply -f ocp/deploy/role.yaml --namespace=openshift-machine-api
 oc --config ocp/auth/kubeconfig apply -f ocp/deploy/role_binding.yaml
 oc --config ocp/auth/kubeconfig apply -f ocp/deploy/crds/metal3_v1alpha1_baremetalhost_crd.yaml
-oc --config ocp/auth/kubeconfig apply -f ocp/deploy/operator.yaml --namespace=openshift-machine-api
+
+oc --config ocp/auth/kubeconfig apply -f ocp/deploy/ironic_bmo_configmap.yaml --namespace=openshift-machine-api
+# I'm leaving this as is for debugging but we could easily generate a random password here.
+oc --config ocp/auth/kubeconfig delete secret mariadb-password --namespace=openshift-machine-api || true
+oc --config ocp/auth/kubeconfig create secret generic mariadb-password --from-literal password=password --namespace=openshift-machine-api
+
+oc --config ocp/auth/kubeconfig adm --as system:admin policy add-scc-to-user privileged system:serviceaccount:openshift-machine-api:baremetal-operator
+oc --config ocp/auth/kubeconfig apply -f ocp/deploy/operator_ironic.yaml -n openshift-machine-api

ironic_bmo_configmap.yaml

@@ -0,0 +1,15 @@
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: ironic-bmo-configmap
+data:
+  http_port: "6180"
+  provisioning_interface: "ens3"
+  provisioning_ip: "172.22.0.3/24"
+  dhcp_range: "172.22.0.10,172.22.0.100"
+  deploy_kernel_url: "http://172.22.0.3:6180/images/ironic-python-agent.kernel"
+  deploy_ramdisk_url: "http://172.22.0.3:6180/images/ironic-python-agent.initramfs"
+  ironic_endpoint: "http://172.22.0.3:6385/v1/"
+  ironic_inspector_endpoint: "http://172.22.0.3:5050/v1/"
+  cache_url: "http://192.168.111.1/images"
+  rhcos_image_url: "__RHCOS_IMAGE_URL__"

operator_ironic.yaml

@@ -0,0 +1,288 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: metal3-baremetal-operator
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      name: metal3-baremetal-operator
+  template:
+    metadata:
+      labels:
+        name: metal3-baremetal-operator
+    spec:
+      serviceAccountName: metal3-baremetal-operator
+      hostNetwork: true
+      initContainers:
+        - name: ipa-downloader
+          image: quay.io/metal3-io/ironic-ipa-downloader:master
+          command:
+            - /usr/local/bin/get-resource.sh
+          imagePullPolicy: Always
+          securityContext:
+            privileged: true
+          volumeMounts:
+            - mountPath: /shared
+              name: ironic-data-volume
+          env:
+            - name: CACHEURL
+              valueFrom:
+                configMapKeyRef:
+                  name: ironic-bmo-configmap
+                  key: cache_url
+        - name: rhcos-downloader
+          image: quay.io/openshift-metal3/rhcos-downloader:master
+          command:
+            - /usr/local/bin/get-resource.sh
+          imagePullPolicy: Always
+          securityContext:
+            privileged: true
+          volumeMounts:
+            - mountPath: /shared
+              name: ironic-data-volume
+          env:
+            - name: RHCOS_IMAGE_URL
+              valueFrom:
+                configMapKeyRef:
+                  name: ironic-bmo-configmap
+                  key: rhcos_image_url
+            - name: CACHEURL
+              valueFrom:
+                configMapKeyRef:
+                  name: ironic-bmo-configmap
+                  key: cache_url
+        - name: static-ip-set
+          image: quay.io/metal3-io/static-ip-manager:latest
+          command:
+            - /set-static-ip
+          imagePullPolicy: Always
+          securityContext:
+            privileged: true
+          env:
+            - name: PROVISIONING_IP
+              valueFrom:
+                configMapKeyRef:
+                  name: ironic-bmo-configmap
+                  key: provisioning_ip
+            - name: PROVISIONING_INTERFACE
+              valueFrom:
+                configMapKeyRef:
+                  name: ironic-bmo-configmap
+                  key: provisioning_interface
+      containers:
+        - name: baremetal-operator
+          image: quay.io/metal3-io/baremetal-operator:master
+          ports:
+            - containerPort: 60000
+              name: metrics
+          command:
+            - /baremetal-operator
+          imagePullPolicy: Always
+          env:
+            - name: WATCH_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: OPERATOR_NAME
+              value: "baremetal-operator"
+            - name: DEPLOY_KERNEL_URL
+              valueFrom:
+                configMapKeyRef:
+                  name: ironic-bmo-configmap
+                  key: deploy_kernel_url
+            - name: DEPLOY_RAMDISK_URL
+              valueFrom:
+                configMapKeyRef:
+                  name: ironic-bmo-configmap
+                  key: deploy_ramdisk_url
+            - name: IRONIC_ENDPOINT
+              valueFrom:
+                configMapKeyRef:
+                  name: ironic-bmo-configmap
+                  key: ironic_endpoint
+            - name: IRONIC_INSPECTOR_ENDPOINT
+              valueFrom:
+                configMapKeyRef:
+                  name: ironic-bmo-configmap
+                  key: ironic_inspector_endpoint
+        - name: ironic-dnsmasq
+          image: quay.io/metal3-io/ironic:master
+          imagePullPolicy: Always
+          securityContext:
+            privileged: true
+          command:
+            - /bin/rundnsmasq
+          volumeMounts:
+            - mountPath: /shared
+              name: ironic-data-volume
+          env:
+            - name: HTTP_PORT
+              valueFrom:
+                configMapKeyRef:
+                  name: ironic-bmo-configmap
+                  key: http_port
+            - name: PROVISIONING_INTERFACE
+              valueFrom:
+                configMapKeyRef:
+                  name: ironic-bmo-configmap
+                  key: provisioning_interface
+            - name: DHCP_RANGE
+              valueFrom:
+                configMapKeyRef:
+                  name: ironic-bmo-configmap
+                  key: dhcp_range
+        - name: mariadb
+          image: quay.io/metal3-io/ironic:master
+          imagePullPolicy: Always
+          securityContext:
+            privileged: true
+          command:
+            - /bin/runmariadb
+          volumeMounts:
+            - mountPath: /shared
+              name: ironic-data-volume
+          env:
+            - name: MARIADB_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: mariadb-password
+                  key: password
+        - name: ironic-httpd
+          image: quay.io/metal3-io/ironic:master
+          imagePullPolicy: Always
+          securityContext:
+            privileged: true
+          command:
+            - /bin/runhttpd
+          volumeMounts:
+            - mountPath: /shared
+              name: ironic-data-volume
+          env:
+            - name: HTTP_PORT
+              valueFrom:
+                configMapKeyRef:
+                  name: ironic-bmo-configmap
+                  key: http_port
+            - name: PROVISIONING_INTERFACE
+              valueFrom:
+                configMapKeyRef:
+                  name: ironic-bmo-configmap
+                  key: provisioning_interface
+        - name: ironic-conductor
+          image: quay.io/metal3-io/ironic:master
+          imagePullPolicy: Always
+          securityContext:
+            privileged: true
+          command:
+            - /bin/runironic-conductor
+          volumeMounts:
+            - mountPath: /shared
+              name: ironic-data-volume
+          env:
+            - name: MARIADB_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: mariadb-password
+                  key: password
+            - name: HTTP_PORT
+              valueFrom:
+                configMapKeyRef:
+                  name: ironic-bmo-configmap
+                  key: http_port
+            - name: PROVISIONING_INTERFACE
+              valueFrom:
+                configMapKeyRef:
+                  name: ironic-bmo-configmap
+                  key: provisioning_interface
+        - name: ironic-api
+          image: quay.io/metal3-io/ironic:master
+          imagePullPolicy: Always
+          securityContext:
+            privileged: true
+          command:
+            - /bin/runironic-api
+          volumeMounts:
+            - mountPath: /shared
+              name: ironic-data-volume
+          env:
+            - name: MARIADB_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: mariadb-password
+                  key: password
+            - name: HTTP_PORT
+              valueFrom:
+                configMapKeyRef:
+                  name: ironic-bmo-configmap
+                  key: http_port
+            - name: PROVISIONING_INTERFACE
+              valueFrom:
+                configMapKeyRef:
+                  name: ironic-bmo-configmap
+                  key: provisioning_interface
+        - name: ironic-exporter
+          image: quay.io/metal3-io/ironic:master
+          imagePullPolicy: Always
+          securityContext:
+            privileged: true
+          command:
+            - /bin/runironic-exporter
+          volumeMounts:
+            - mountPath: /shared
+              name: ironic-data-volume
+          env:
+            - name: MARIADB_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: mariadb-password
+                  key: password
+            - name: HTTP_PORT
+              valueFrom:
+                configMapKeyRef:
+                  name: ironic-bmo-configmap
+                  key: http_port
+            - name: PROVISIONING_INTERFACE
+              valueFrom:
+                configMapKeyRef:
+                  name: ironic-bmo-configmap
+                  key: provisioning_interface
+        - name: ironic-inspector
+          image: quay.io/metal3-io/ironic-inspector:master
+          imagePullPolicy: Always
+          securityContext:
+            privileged: true
+          volumeMounts:
+            - mountPath: /shared
+              name: ironic-data-volume
+          env:
+            - name: PROVISIONING_INTERFACE
+              valueFrom:
+                configMapKeyRef:
+                  name: ironic-bmo-configmap
+                  key: provisioning_interface
+        - name: static-ip-refresh
+          image: quay.io/metal3-io/static-ip-manager:latest
+          command:
+            - /refresh-static-ip
+          imagePullPolicy: Always
+          securityContext:
+            privileged: true
+          env:
+            - name: PROVISIONING_IP
+              valueFrom:
+                configMapKeyRef:
+                  name: ironic-bmo-configmap
+                  key: provisioning_ip
+            - name: PROVISIONING_INTERFACE
+              valueFrom:
+                configMapKeyRef:
+                  name: ironic-bmo-configmap
+                  key: provisioning_interface
+      volumes:
+        - name: ironic-data-volume
+          emptyDir: {}

run_ci.sh

@@ -25,6 +25,14 @@ function getlogs(){
     oc --request-timeout=5s get clusterversion/version > $LOGDIR/cluster_version.log || true
     oc --request-timeout=5s get clusteroperators > $LOGDIR/cluster_operators.log || true
     oc --request-timeout=5s get pods --all-namespaces | grep -v Running | grep -v Completed  > $LOGDIR/failing_pods.log || true
+
+    # Baremetal Operator info
+    mkdir -p $LOGDIR/baremetal-operator
+    BMO_POD=$(oc --request-timeout=5s get pods --namespace openshift-machine-api | grep metal3-baremetal-operator | awk '{print $1}')
+    BMO_CONTAINERS=$(oc --request-timeout=5s get pods ${BMO_POD} -n openshift-machine-api -o jsonpath="{.spec['containers','initContainers'][*].name}")
+    for c in ${BMO_CONTAINERS}; do
+        oc --request-timeout=5s logs ${BMO_POD} -c ${c} --namespace openshift-machine-api > $LOGDIR/baremetal-operator/${c}.log
+    done
 }
 trap getlogs EXIT