baremetal: static IP for bootstrap node #5787
Conversation
openshift-ci
bot
added
the
do-not-merge/work-in-progress
data/data/bootstrap/baremetal/files/etc/NetworkManager/conf.d/99-baremetal.conf
Outdated
Show resolved
Hide resolved
data/data/bootstrap/baremetal/files/etc/NetworkManager/conf.d/99-baremetal.conf
Outdated
Show resolved
Hide resolved
data/data/bootstrap/baremetal/files/etc/NetworkManager/conf.d/99-baremetal.conf
Outdated
Show resolved
Hide resolved
honza
force-pushed
the
bootstrap-static-ip
branch
2 times, most recently
from
4f30c1b to
0192704
Compare
honza
changed the title
openshift-ci
bot
removed
the
do-not-merge/work-in-progress
honza
force-pushed
the
bootstrap-static-ip
branch
from
0192704 to
7cca21d
Compare
|
LGTM |
|
@honza would be great if you could add when the 2 new configs added to the install config should be set. Maybe here #5787 (comment) is a good place. |
|
@sadasu The link in your comment is broken: where would you like me to add these comments? |
|
...a/bootstrap/baremetal/files/etc/NetworkManager/system-connections/ens3.nmconnection.template
Outdated
Show resolved
Hide resolved
...a/bootstrap/baremetal/files/etc/NetworkManager/system-connections/ens3.nmconnection.template
Outdated
Show resolved
Hide resolved
honza
force-pushed
the
bootstrap-static-ip
branch
2 times, most recently
from
bbee643 to
a3535e2
Compare
There was a problem hiding this comment.
Should we be checking that we pick the CIDR from the network that contains the BootstrapExternalStaticIP? In this implementation, we would be picking the 1st network's CIDR. Is that what we want?
There was a problem hiding this comment.
In a dual stack environment I think you'll always want the external IP to be the first (v4) network, although technically in the DHCP dual stack scenario I guess the NIC could get an IP on both networks
If we ever want IPI to support a case like https://issues.redhat.com/browse/METAL-163 where the BMCs are only accessible via v6, we'd need to revise this for the case where the provisioning network is disabled so the user can specify two IPs.
Considering that a follow-up seems reasonable to me, although we'd end up having to make the install-config interface a list like the networks if that becomes a requirement
There was a problem hiding this comment.
I don't think this is what we're looking for. For a start, we're trying to configure the External interface, and this variable is for the Provisioning interface,
But also I don't know that you can just stick a MAC address as an interface name in NetworkManager? Nothing in https://networkmanager.dev/docs/api/latest/settings-connection.html suggests that to me.
In #5698 passing the MAC only worked because there is code that runs in the script that looks up the interface name for that MAC using NetworkManager https://github.com/openshift/installer/pull/5698/files#diff-6f24f49f3938f9f97f5429b1280c21ccb462b377705ad4f9a7f526316caa2784R31. What we have here is a much harder problem because we need networking to be set up in the initramfs, before we even get to run any code.
It looks from https://networkmanager.dev/docs/api/latest/NetworkManager.conf.html#connection-sections that there might be a way to set in the NetworkManager config which device a connection gets mapped to when interface-name doesn't appear It seems like either:
[connection-external]
match-device=mac:<external mac>
or
[device-external]
match-device=mac:<external mac>
allowed-connections=uuid:<connection UUID>
[device-provisioning]
match-device=mac:<provisioning mac>
allowed-connections=except:uuid:<connection UUID>
might possibly be the magic incantation.
There was a problem hiding this comment.
What we have here is a much harder problem because we need networking to be set up in the initramfs, before we even get to run any code.
@zaneb I don't think that's the case on the bootstrap VM, unlike the other hosts we're not pulling ignition in the ramdisk via the network, because it's injected via the fw-cfg qemu interface instead.
I agree we need to use the ExternalMACAddress though, but I think we can just use mac-address in the [ethernet] section to specify the device, e.g similar to these docs (not tested this myself though)
There was a problem hiding this comment.
I agree we need to use the ExternalMACAddress though, but I think we can just use mac-address in the [ethernet] section to specify the device, e.g similar to these docs (not tested this myself though)
Just added these changes
There was a problem hiding this comment.
Ah yep, that looks correct, here is the doc: https://networkmanager.dev/docs/api/latest/settings-802-3-ethernet.html
If specified, this connection will only apply to the Ethernet device whose permanent MAC address matches. This property does not change the MAC address of the device (i.e. MAC spoofing).
That's exactly what we want.
honza
force-pushed
the
bootstrap-static-ip
branch
from
a3535e2 to
dae3fa0
Compare
honza
force-pushed
the
bootstrap-static-ip
branch
from
dae3fa0 to
2f3b1eb
Compare
|
/hold Revision 4e5a726 was retested 9 times: holding |
openshift-ci
bot
added
the
do-not-merge/hold
|
/hold cancel |
openshift-ci
bot
removed
the
do-not-merge/hold
|
/test e2e-metal-ipi-ovn-ipv6 |
|
@honza: The following tests failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
The e2e-metal-ipi-ovn-ipv6 appears to be permafailing (not just here). Logs show that the cluster is being bootstrapped successfully, so the failures are not related to this patch. |
|
/override ci/prow/e2e-metal-ipi-ovn-ipv6 |
|
@rna-afk: rna-afk unauthorized: /override is restricted to Repo administrators, approvers in top level OWNERS file, and the following github teams:openshift: openshift-release-oversight. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/override ci/prow/e2e-metal-ipi-ovn-ipv6 |
|
@sdodson: Overrode contexts on behalf of sdodson: ci/prow/e2e-metal-ipi-ovn-ipv6 DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
This configures static IP for the bootstrap external NIC Requires openshift/installer#5787
This configures static IP for the bootstrap external NIC Requires openshift/installer#5787
18 participants
Add new configuration fields to
install-config.yamlthat will enable the cluster operator to set up static networking for the bootstrap nodeThis is the implementation of the Bootstrap external IP OpenShift enhancement.