[WIP] OCPEDGE-1505: Enhance Platform none with Fencing Credentials

[mshitrit]

As part of the TNF (Two Nodes Fencing) project we are looking to enhance platform none with fencing credentials.
This is required so users can provide the fencing details as they are mandatory for a TNF cluster.

This change is described in more details in the TNF Enhancement Proposal and is tracked by OCPEDGE-1505 Jira ticket.

[openshift-ci-robot]

@mshitrit: This pull request references OCPEDGE-1505 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.19.0" version, but no target version was set.

In response to this:

As part of the TNF (Two Nodes Fencing) project we are looking to enhance platform none with fencing credentials.
This is required so users can provide the fencing details as they are mandatory for a TNF cluster.

This change is described in more details in the TNF Enhancement Proposal and is tracked by OCPEDGE-1505 Jira ticket.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign jhixson74 for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[patrickdillon]

/test ?

[openshift-ci]

@patrickdillon: The following commands are available to trigger required jobs:

/test altinfra-images

/test aro-unit

/test artifacts-images

/test e2e-agent-compact-ipv4

/test e2e-aws-ovn

/test e2e-aws-ovn-edge-zones-manifest-validation

/test e2e-aws-ovn-upi

/test e2e-azure-ovn

/test e2e-gcp-ovn

/test e2e-gcp-ovn-upi

/test e2e-metal-ipi-ovn-ipv6

/test e2e-openstack-ovn

/test e2e-vsphere-ovn

/test e2e-vsphere-ovn-upi

/test gofmt

/test golint

/test govet

/test images

/test integration-tests

/test integration-tests-nodejoiner

/test okd-scos-images

/test openstack-manifests

/test terraform-images

/test terraform-verify-vendor

/test unit

/test verify-codegen

/test verify-vendor

The following commands are available to trigger optional jobs:

/test altinfra-e2e-aws-custom-security-groups

/test altinfra-e2e-aws-ovn

/test altinfra-e2e-aws-ovn-fips

/test altinfra-e2e-aws-ovn-imdsv2

/test altinfra-e2e-aws-ovn-localzones

/test altinfra-e2e-aws-ovn-proxy

/test altinfra-e2e-aws-ovn-shared-vpc

/test altinfra-e2e-aws-ovn-shared-vpc-local-zones

/test altinfra-e2e-aws-ovn-shared-vpc-wavelength-zones

/test altinfra-e2e-aws-ovn-single-node

/test altinfra-e2e-aws-ovn-wavelengthzones

/test altinfra-e2e-azure-capi-ovn

/test altinfra-e2e-azure-ovn-shared-vpc

/test altinfra-e2e-gcp-capi-ovn

/test altinfra-e2e-gcp-ovn-byo-network-capi

/test altinfra-e2e-gcp-ovn-secureboot-capi

/test altinfra-e2e-gcp-ovn-xpn-capi

/test altinfra-e2e-ibmcloud-capi-ovn

/test altinfra-e2e-nutanix-capi-ovn

/test altinfra-e2e-openstack-capi-ccpmso

/test altinfra-e2e-openstack-capi-ccpmso-zone

/test altinfra-e2e-openstack-capi-dualstack

/test altinfra-e2e-openstack-capi-dualstack-upi

/test altinfra-e2e-openstack-capi-dualstack-v6primary

/test altinfra-e2e-openstack-capi-externallb

/test altinfra-e2e-openstack-capi-nfv-intel

/test altinfra-e2e-openstack-capi-ovn

/test altinfra-e2e-openstack-capi-proxy

/test altinfra-e2e-vsphere-capi-multi-vcenter-ovn

/test altinfra-e2e-vsphere-capi-ovn

/test altinfra-e2e-vsphere-capi-static-ovn

/test altinfra-e2e-vsphere-capi-zones

/test azure-ovn-marketplace-images

/test e2e-agent-4control-ipv4

/test e2e-agent-5control-ipv4

/test e2e-agent-compact-ipv4-appliance-diskimage

/test e2e-agent-compact-ipv4-none-platform

/test e2e-agent-compact-ipv6-minimaliso

/test e2e-agent-ha-dualstack

/test e2e-agent-sno-ipv4-pxe

/test e2e-agent-sno-ipv6

/test e2e-aws-default-config

/test e2e-aws-overlay-mtu-ovn-1200

/test e2e-aws-ovn-custom-iam-profile

/test e2e-aws-ovn-edge-zones

/test e2e-aws-ovn-fips

/test e2e-aws-ovn-heterogeneous

/test e2e-aws-ovn-imdsv2

/test e2e-aws-ovn-proxy

/test e2e-aws-ovn-public-ipv4-pool

/test e2e-aws-ovn-public-ipv4-pool-disabled

/test e2e-aws-ovn-public-subnets

/test e2e-aws-ovn-shared-vpc-custom-security-groups

/test e2e-aws-ovn-shared-vpc-edge-zones

/test e2e-aws-ovn-single-node

/test e2e-aws-ovn-techpreview

/test e2e-aws-ovn-upgrade

/test e2e-aws-ovn-user-provisioned-dns

/test e2e-aws-ovn-workers-rhel8

/test e2e-aws-upi-proxy

/test e2e-azure-default-config

/test e2e-azure-ovn-resourcegroup

/test e2e-azure-ovn-shared-vpc

/test e2e-azure-ovn-techpreview

/test e2e-azure-ovn-upi

/test e2e-azurestack

/test e2e-azurestack-upi

/test e2e-crc

/test e2e-external-aws

/test e2e-external-aws-ccm

/test e2e-gcp-default-config

/test e2e-gcp-ovn-byo-vpc

/test e2e-gcp-ovn-heterogeneous

/test e2e-gcp-ovn-techpreview

/test e2e-gcp-ovn-xpn

/test e2e-gcp-secureboot

/test e2e-gcp-upgrade

/test e2e-gcp-upi-xpn

/test e2e-gcp-user-provisioned-dns

/test e2e-ibmcloud-ovn

/test e2e-metal-assisted

/test e2e-metal-ipi-ovn

/test e2e-metal-ipi-ovn-dualstack

/test e2e-metal-ipi-ovn-swapped-hosts

/test e2e-metal-ipi-ovn-virtualmedia

/test e2e-metal-single-node-live-iso

/test e2e-nutanix-ovn

/test e2e-openstack-ccpmso

/test e2e-openstack-ccpmso-zone

/test e2e-openstack-dualstack

/test e2e-openstack-dualstack-upi

/test e2e-openstack-externallb

/test e2e-openstack-nfv-intel

/test e2e-openstack-proxy

/test e2e-openstack-singlestackv6

/test e2e-powervs-capi-ovn

/test e2e-vsphere-externallb-ovn

/test e2e-vsphere-host-groups-ovn-custom-no-upgrade

/test e2e-vsphere-multi-vcenter-ovn

/test e2e-vsphere-ovn-multi-disk

/test e2e-vsphere-ovn-multi-network

/test e2e-vsphere-ovn-techpreview

/test e2e-vsphere-ovn-upi-zones

/test e2e-vsphere-ovn-zones

/test e2e-vsphere-ovn-zones-techpreview

/test e2e-vsphere-static-ovn

/test okd-scos-e2e-aws-ovn

Use /test all to run the following jobs that were automatically triggered:

pull-ci-openshift-installer-main-altinfra-images

pull-ci-openshift-installer-main-aro-unit

pull-ci-openshift-installer-main-artifacts-images

pull-ci-openshift-installer-main-e2e-agent-4control-ipv4

pull-ci-openshift-installer-main-e2e-agent-5control-ipv4

pull-ci-openshift-installer-main-e2e-agent-compact-ipv4

pull-ci-openshift-installer-main-e2e-agent-compact-ipv4-appliance-diskimage

pull-ci-openshift-installer-main-e2e-agent-compact-ipv4-none-platform

pull-ci-openshift-installer-main-e2e-agent-compact-ipv6-minimaliso

pull-ci-openshift-installer-main-e2e-agent-ha-dualstack

pull-ci-openshift-installer-main-e2e-agent-sno-ipv4-pxe

pull-ci-openshift-installer-main-e2e-agent-sno-ipv6

pull-ci-openshift-installer-main-e2e-aws-ovn

pull-ci-openshift-installer-main-e2e-azure-ovn-resourcegroup

pull-ci-openshift-installer-main-e2e-metal-assisted

pull-ci-openshift-installer-main-e2e-metal-ipi-ovn

pull-ci-openshift-installer-main-e2e-metal-ipi-ovn-dualstack

pull-ci-openshift-installer-main-e2e-metal-ipi-ovn-ipv6

pull-ci-openshift-installer-main-e2e-metal-ipi-ovn-swapped-hosts

pull-ci-openshift-installer-main-e2e-metal-ipi-ovn-virtualmedia

pull-ci-openshift-installer-main-e2e-metal-single-node-live-iso

pull-ci-openshift-installer-main-e2e-vsphere-externallb-ovn

pull-ci-openshift-installer-main-e2e-vsphere-ovn-multi-network

pull-ci-openshift-installer-main-e2e-vsphere-static-ovn

pull-ci-openshift-installer-main-gofmt

pull-ci-openshift-installer-main-golint

pull-ci-openshift-installer-main-govet

pull-ci-openshift-installer-main-images

pull-ci-openshift-installer-main-integration-tests

pull-ci-openshift-installer-main-integration-tests-nodejoiner

pull-ci-openshift-installer-main-okd-scos-e2e-aws-ovn

pull-ci-openshift-installer-main-okd-scos-images

pull-ci-openshift-installer-main-terraform-images

pull-ci-openshift-installer-main-unit

pull-ci-openshift-installer-main-verify-codegen

pull-ci-openshift-installer-main-verify-vendor

In response to this:

/test ?

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[patrickdillon]

/test gofmt golint govet

[patrickdillon]

This LGTM. I will let others with more direct expertise review before tagging approve.

[mshitrit]

/test gofmt golint govet

[mshitrit]

/test gofmt golint govet

[mshitrit]

/test gofmt golint govet

[mshitrit]

I'm not sure if that's the correct location to trigger the validation.
Since this is the agent package I suspect it might be the wrong spot and should be somewhere around here 🤔

[jaypoulz]

We will need to call validate, here, but probably not in this PR.
I think your hunch is correct regarding the platformprovisioncheck file.

[patrickdillon]

The enhancement mentions a feature gate, DualReplicaTopology. These intall config fields should be gated with that feature gate. This is an example of gating an install config field for aws with a feature gate:

https://github.com/openshift/installer/blob/main/pkg/types/aws/validation/featuregates.go

You would need to add the equivalent for the baremetal platform and none.

I did not see the featuregate in openshift api. A feature gate needs to be first merged to openshift api and then vendored into the installer.

[jaypoulz]

Overall I like the general idea, but I'm worried about locking us into the same BMC spec as Baremetal unless we're commiting to offering the same options.

Also, as we discussed this morning, it would be good to verify that the list of credentials is exactly of length 2.

[mshitrit]

/hold
This PR is dependent on openshift/api#2196 which contains the feature gate required here and isn't merged yet

[mshitrit]

/test gofmt golint govet

[openshift-ci]

@mshitrit: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.