Skip to content

CASMPET-7713 - Add script to join fabric manager nodes to spire #94

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
spillerc-hpe merged 4 commits into from
Jan 8, 2026
Merged

CASMPET-7713 - Add script to join fabric manager nodes to spire #94

spillerc-hpe merged 4 commits into from
Jan 8, 2026

Conversation

@spillerc-hpe
Copy link
Contributor

@spillerc-hpe spillerc-hpe commented Jan 8, 2026

Summary and Scope

Added a new script fix-spire-on-fmn.sh to join Fabric Manager nodes to the Spire authentication system. This script is modeled after the existing fix-spire-on-storage.sh script but targets FabricManager nodes (identified by SubRole == "FabricManager" in SLS) instead of Ceph storage nodes. The script automates the process of registering these nodes with Spire, including health checks, token generation, configuration deployment, and service enablement.

This is a backwards compatible new feature that adds functionality without impacting existing behavior.

Issues and Related PRs

Testing

Tested on:

  • surtur

Test description:

  • Script execution: Verified the script successfully identifies Fabric Manager nodes from SLS and joins them to Spire
  • Health checks: Confirmed the script properly waits for Spire server readiness before proceeding
  • Re-run safety: Tested that the script correctly identifies already-joined nodes and skips them
  • Cleanup logic: Verified that nodes previously joined to Spire are properly cleaned up and re-joined
  • Error handling: Tested error scenarios including missing FabricManager nodes and unavailable Spire services
  • Were continuous integration tests run? [Standard CI/CD pipeline would run if applicable]
  • Was upgrade tested? N/A - New script addition only
  • Was downgrade tested? N/A - New script addition only
  • Were new tests created? No

Risks and Mitigations

Risks:

  • Script uses a dedicated registration type (type=fmn) for Fabric Manager nodes in token generation
  • Requires SSH access to Fabric Manager nodes
  • Must be run from a management node (not PIT)

Mitigations:

  • Script includes comprehensive health checks and retry logic
  • Safely handles already-joined nodes to allow re-runs
  • Clear error messages guide users when prerequisites aren't met

Pull Request Checklist

  • Version number(s) incremented, if applicable
  • Copyrights updated (MIT License with HPE copyright included)
  • License file intact
  • Target branch correct
  • CHANGELOG.md updated
  • Testing is appropriate and complete, if applicable
  • RPM spec file updated to include new script
  • HPC Product Announcement prepared, if applicable

@spillerc-hpe spillerc-hpe requested a review from a team as a code owner January 8, 2026 09:29
@spillerc-hpe spillerc-hpe merged commit 0625069 into master Jan 8, 2026
2 checks passed
@spillerc-hpe spillerc-hpe mentioned this pull request Jan 8, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bo-quan bo-quan bo-quan approved these changes

@studenym-hpe studenym-hpe studenym-hpe approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@spillerc-hpe @bo-quan @studenym-hpe