From 0cc0558674bfd1db003638f53ff7fed52226cd66 Mon Sep 17 00:00:00 2001
From: Steven Hardy <shardy@redhat.com>
Date: Wed, 18 Dec 2019 13:51:23 +0000
Subject: [PATCH] Convert OS Image cache to use new install-config interface

Since https://github.com/openshift/installer/pull/2757
merged we can mirror the installer referenced images directly
to simulate typical disconnected install scenarios.

This removes some complexity as we no longer need to run the
downloader container on the host, only expose the unprocessed images
via http.

Note this will work with latest 4.4. builds but not 4.3 until
https://github.com/openshift/installer/pull/2835 lands
---
 04_setup_ironic.sh | 30 ++++++++++++++++++------------
 common.sh          | 14 ++++++++------
 ocp_install_env.sh |  3 +++
 rhcos.sh           | 16 +++++++++++++++-
 utils.sh           |  3 +--
 5 files changed, 45 insertions(+), 21 deletions(-)

diff --git a/04_setup_ironic.sh b/04_setup_ironic.sh
index d7b782402..190466482 100755
--- a/04_setup_ironic.sh
+++ b/04_setup_ironic.sh
@@ -56,7 +56,7 @@ if [ -f assets/templates/99_local-registry.yaml ] ; then
 fi
 rm -f $DOCKERFILE
 
-for name in ironic ironic-api ironic-conductor ironic-inspector dnsmasq httpd mariadb ipa-downloader machine-os-downloader vbmc sushy-tools; do
+for name in ironic ironic-api ironic-conductor ironic-inspector dnsmasq httpd mariadb ipa-downloader vbmc sushy-tools; do
     sudo podman ps | grep -w "$name$" && sudo podman kill $name
     sudo podman ps --all | grep -w "$name$" && sudo podman rm $name -f
 done
@@ -69,20 +69,28 @@ fi
 # Create pod
 sudo podman pod create -n ironic-pod 
 
-# Pull the rhcos-downloder image to use from the release, this gets change
-# to use IRONIC_MACHINE_OS_DOWNLOADER_LOCAL_IMAGE if present
-IRONIC_MACHINE_OS_DOWNLOADER_IMAGE=$(oc adm release info --registry-config $REGISTRY_AUTH_FILE $OPENSHIFT_RELEASE_IMAGE --image-for=ironic-machine-os-downloader)
-
 IRONIC_IMAGE=${IRONIC_LOCAL_IMAGE:-$IRONIC_IMAGE}
 IRONIC_IPA_DOWNLOADER_IMAGE=${IRONIC_IPA_DOWNLOADER_LOCAL_IMAGE:-$IRONIC_IPA_DOWNLOADER_IMAGE}
-IRONIC_MACHINE_OS_DOWNLOADER_IMAGE=${IRONIC_MACHINE_OS_DOWNLOADER_LOCAL_IMAGE:-$IRONIC_MACHINE_OS_DOWNLOADER_IMAGE}
 
-for IMAGE in ${IRONIC_IMAGE} ${IRONIC_IPA_DOWNLOADER_IMAGE} ${IRONIC_MACHINE_OS_DOWNLOADER_IMAGE} ${VBMC_IMAGE} ${SUSHY_TOOLS_IMAGE} ; do
+for IMAGE in ${IRONIC_IMAGE} ${IRONIC_IPA_DOWNLOADER_IMAGE} ${VBMC_IMAGE} ${SUSHY_TOOLS_IMAGE} ; do
     sudo -E podman pull $([[ $IMAGE =~ $LOCAL_REGISTRY_ADDRESS.* ]] && echo "--tls-verify=false" ) $IMAGE
 done
 
 rm -rf $REGISTRY_AUTH_FILE
 
+CACHED_MACHINE_OS_IMAGE="${IRONIC_DATA_DIR}/html/images/${MACHINE_OS_IMAGE_NAME}"
+if [ ! -f "${CACHED_MACHINE_OS_IMAGE}" ]; then
+  curl -g --insecure -L -o "${CACHED_MACHINE_OS_IMAGE}" "${MACHINE_OS_IMAGE_URL}"
+  echo "${MACHINE_OS_IMAGE_SHA256} ${CACHED_MACHINE_OS_IMAGE}" | tee ${CACHED_MACHINE_OS_IMAGE}.sha256sum
+  sha256sum --strict --check ${CACHED_MACHINE_OS_IMAGE}.sha256sum
+fi
+CACHED_MACHINE_OS_BOOTSTRAP_IMAGE="${IRONIC_DATA_DIR}/html/images/${MACHINE_OS_BOOTSTRAP_IMAGE_NAME}"
+if [ ! -f "${CACHED_MACHINE_OS_BOOTSTRAP_IMAGE}" ]; then
+  curl -g --insecure -L -o "${CACHED_MACHINE_OS_BOOTSTRAP_IMAGE}" "${MACHINE_OS_BOOTSTRAP_IMAGE_URL}"
+  echo "${MACHINE_OS_BOOTSTRAP_IMAGE_SHA256} ${CACHED_MACHINE_OS_BOOTSTRAP_IMAGE}" | tee ${CACHED_MACHINE_OS_BOOTSTRAP_IMAGE}.sha256sum
+  sha256sum --strict --check ${CACHED_MACHINE_OS_BOOTSTRAP_IMAGE}.sha256sum
+fi
+
 # cached images to the bootstrap VM
 sudo podman run -d --net host --privileged --name httpd --pod ironic-pod \
      -v $IRONIC_DATA_DIR:/shared --entrypoint /bin/runhttpd ${IRONIC_IMAGE}
@@ -90,9 +98,6 @@ sudo podman run -d --net host --privileged --name httpd --pod ironic-pod \
 sudo podman run -d --net host --privileged --name ipa-downloader --pod ironic-pod \
      -v $IRONIC_DATA_DIR:/shared ${IRONIC_IPA_DOWNLOADER_IMAGE} /usr/local/bin/get-resource.sh
 
-sudo podman run -d --net host --privileged --name machine-os-downloader --pod ironic-pod \
-     -v $IRONIC_DATA_DIR:/shared ${IRONIC_MACHINE_OS_DOWNLOADER_IMAGE} /usr/local/bin/get-resource.sh $MACHINE_OS_IMAGE_URL
-
 if [ "$NODES_PLATFORM" = "libvirt" ]; then
     sudo podman run -d --net host --privileged --name vbmc --pod ironic-pod \
          -v "$WORKING_DIR/virtualbmc/vbmc":/root/.vbmc -v "/root/.ssh":/root/ssh \
@@ -106,10 +111,11 @@ fi
 
 # Wait for the downloader containers to finish, if they are updating an existing cache
 # the checks below will pass because old data exists
-sudo podman wait -i 1000 ipa-downloader machine-os-downloader
+sudo podman wait -i 1000 ipa-downloader
 
 # Wait for images to be downloaded/ready
-while ! curl --fail http://localhost/images/rhcos-ootpa-latest.qcow2.md5sum ; do sleep 1 ; done
+while ! curl --fail http://localhost/images/${MACHINE_OS_IMAGE_NAME}.sha256sum ; do sleep 1 ; done
+while ! curl --fail http://localhost/images/${MACHINE_OS_BOOTSTRAP_IMAGE_NAME}.sha256sum ; do sleep 1 ; done
 while ! curl --fail --head http://localhost/images/ironic-python-agent.initramfs ; do sleep 1; done
 while ! curl --fail --head http://localhost/images/ironic-python-agent.tar.headers ; do sleep 1; done
 while ! curl --fail --head http://localhost/images/ironic-python-agent.kernel ; do sleep 1; done
diff --git a/common.sh b/common.sh
index 1b9336287..3451ee857 100644
--- a/common.sh
+++ b/common.sh
@@ -123,7 +123,8 @@ export VM_EXTRADISKS=${VM_EXTRADISKS:-"false"}
 # Ironic vars (Image can be use <NAME>_LOCAL_IMAGE to override)
 export IRONIC_IMAGE="quay.io/metal3-io/ironic:master"
 export IRONIC_IPA_DOWNLOADER_IMAGE="quay.io/metal3-io/ironic-ipa-downloader:master"
-export IRONIC_DATA_DIR="$WORKING_DIR/ironic"
+export IRONIC_DATA_DIR="${WORKING_DIR}/ironic"
+export IRONIC_IMAGES_DIR="${IRONIC_DATA_DIR}/html/images"
 
 # VBMC and Redfish images
 export VBMC_IMAGE=${VBMC_IMAGE:-"quay.io/metal3-io/vbmc"}
@@ -197,11 +198,12 @@ if [ ! -d "$WORKING_DIR" ]; then
   chmod 755 "$WORKING_DIR"
 fi
 
-if [ ! -d "$IRONIC_DATA_DIR" ]; then
-  echo "Creating Ironic Data Dir"
-  sudo mkdir "$IRONIC_DATA_DIR"
-  sudo chown "${USER}:${USER}" "$IRONIC_DATA_DIR"
-  chmod 755 "$IRONIC_DATA_DIR"
+if [ ! -d "$IRONIC_IMAGES_DIR" ]; then
+  echo "Creating Ironic Images Dir"
+  sudo mkdir -p "$IRONIC_IMAGES_DIR"
+  sudo chown -R "${USER}:${USER}" "$IRONIC_DATA_DIR"
+  sudo find $IRONIC_DATA_DIR -type d -print0 | xargs -0 chmod 755
+  sudo chmod -R +r $IRONIC_DATA_DIR
 fi
 
 # Defaults the variable to enable testing a custom machine-api-operator image
diff --git a/ocp_install_env.sh b/ocp_install_env.sh
index e21493dad..8dcde5232 100644
--- a/ocp_install_env.sh
+++ b/ocp_install_env.sh
@@ -6,6 +6,7 @@ export CLUSTER_DOMAIN="${CLUSTER_NAME}.${BASE_DOMAIN}"
 export SSH_PUB_KEY="${SSH_PUB_KEY:-$(cat $HOME/.ssh/id_rsa.pub)}"
 export NETWORK_TYPE=${NETWORK_TYPE:-"OpenShiftSDN"}
 export EXTERNAL_SUBNET=${EXTERNAL_SUBNET:-"192.168.111.0/24"}
+export MIRROR_IP=${MIRROR_IP:-"172.22.0.1"}
 export DNS_VIP=${DNS_VIP:-"192.168.111.2"}
 
 function extract_command() {
@@ -96,6 +97,8 @@ controlPlane:
     baremetal: {}
 platform:
   baremetal:
+    bootstrapOSImage: http://${MIRROR_IP}/images/${MACHINE_OS_BOOTSTRAP_IMAGE_NAME}?sha256=${MACHINE_OS_BOOTSTRAP_IMAGE_UNCOMPRESSED_SHA256}
+    clusterOSImage: http://${MIRROR_IP}/images/${MACHINE_OS_IMAGE_NAME}?sha256=${MACHINE_OS_IMAGE_SHA256}
     dnsVIP: ${DNS_VIP}
     hosts:
 $(master_node_map_to_install_config $NUM_MASTERS)
diff --git a/rhcos.sh b/rhcos.sh
index 0fa97af04..92c83ea7a 100644
--- a/rhcos.sh
+++ b/rhcos.sh
@@ -6,6 +6,20 @@ OPENSHIFT_INSTALLER_MACHINE_OS=${OPENSHIFT_INSTALLER_MACHINE_OS:-https://raw.git
 
 # Get the rhcos.json for that commit, and find the baseURI and openstack image path
 MACHINE_OS_IMAGE_JSON=$(curl "${OPENSHIFT_INSTALLER_MACHINE_OS}")
+
 export MACHINE_OS_INSTALLER_IMAGE_URL=$(echo "${MACHINE_OS_IMAGE_JSON}" | jq -r '.baseURI + .images.openstack.path')
+export MACHINE_OS_INSTALLER_IMAGE_SHA256=$(echo "${MACHINE_OS_IMAGE_JSON}" | jq -r '.images.openstack.sha256')
 export MACHINE_OS_IMAGE_URL=${MACHINE_OS_IMAGE_URL:-${MACHINE_OS_INSTALLER_IMAGE_URL}}
-export MACHINE_OS_IMAGE_FILENAME_LATEST="rhcos-ootpa-latest.qcow2"
+export MACHINE_OS_IMAGE_NAME=$(basename ${MACHINE_OS_IMAGE_URL})
+export MACHINE_OS_IMAGE_SHA256=${MACHINE_OS_IMAGE_SHA256:-${MACHINE_OS_INSTALLER_IMAGE_SHA256}}
+
+export MACHINE_OS_INSTALLER_BOOTSTRAP_IMAGE_URL=$(echo "${MACHINE_OS_IMAGE_JSON}" | jq -r '.baseURI + .images.qemu.path')
+export MACHINE_OS_INSTALLER_BOOTSTRAP_IMAGE_SHA256=$(echo "${MACHINE_OS_IMAGE_JSON}" | jq -r '.images.qemu.sha256')
+export MACHINE_OS_BOOTSTRAP_IMAGE_URL=${MACHINE_OS_BOOTSTRAP_IMAGE_URL:-${MACHINE_OS_INSTALLER_BOOTSTRAP_IMAGE_URL}}
+export MACHINE_OS_BOOTSTRAP_IMAGE_NAME=$(basename ${MACHINE_OS_BOOTSTRAP_IMAGE_URL})
+export MACHINE_OS_BOOTSTRAP_IMAGE_SHA256=${MACHINE_OS_BOOTSTRAP_IMAGE_SHA256:-${MACHINE_OS_INSTALLER_BOOTSTRAP_IMAGE_SHA256}}
+
+# FIXME the installer cache expects an uncompressed sha256
+# https://github.com/openshift/installer/issues/2845
+export MACHINE_OS_INSTALLER_BOOTSTRAP_IMAGE_UNCOMPRESSED_SHA256=$(echo "${MACHINE_OS_IMAGE_JSON}" | jq -r '.images.qemu["uncompressed-sha256"]')
+export MACHINE_OS_BOOTSTRAP_IMAGE_UNCOMPRESSED_SHA256=${MACHINE_OS_BOOTSTRAP_IMAGE_UNCOMPRESSED_SHA256:-${MACHINE_OS_INSTALLER_BOOTSTRAP_IMAGE_UNCOMPRESSED_SHA256}}
diff --git a/utils.sh b/utils.sh
index 42ae8f186..b0a7cc000 100644
--- a/utils.sh
+++ b/utils.sh
@@ -190,9 +190,8 @@ function bmo_config_map {
     
     mkdir -p ocp/deploy
     cp $SCRIPTDIR/metal3-config.yaml ocp/deploy
-    sed -i "s#__MACHINE_OS_IMAGE_URL__#${MACHINE_OS_IMAGE_URL}#" ocp/deploy/metal3-config.yaml
+    sed -i "s#__MACHINE_OS_IMAGE_URL__#http://${MIRROR_IP}/images/${MACHINE_OS_IMAGE_NAME}?sha256=${MACHINE_OS_BOOTSTRAP_IMAGE_SHA256}#" ocp/deploy/metal3-config.yaml
     sed -i "s#provisioning_interface: \"ens3\"#provisioning_interface: \"${CLUSTER_PRO_IF}\"#" ocp/deploy/metal3-config.yaml
-    sed -i "s#cache_url: \"http://192.168.111.1/images\"#cache_url: \"http://${BAREMETAL_IP}/images\"#" ocp/deploy/metal3-config.yaml
     
     cp ocp/deploy/metal3-config.yaml assets/generated/99_metal3-config.yaml
 }