Skip to content

Commit

Permalink
Remove some cert approval related hacks.
Browse files Browse the repository at this point in the history
This patch cleans up some hacks that are no longer needed.  CSRs for
masters are automatically approved by a service runningon the
bootstrap node during the bootstrap process.

Workers is where we are still missing some pieces.  Move the fix-certs
cron job to the register_hosts script, which is where worker
deployment is kicked off.

Also remove the add-machine-ips and link-machine-and-node scripts.
cluster-api-provider-baremetal should now be automatically populating
the addresses field of Machines based on introspection data it gets
out of the BareMetalHost object for workers.  Removing these scripts
ensures we only rely on that code, and not a dev-script hack.
  • Loading branch information
russellb committed Jul 23, 2019
1 parent 71d2216 commit 35a8fcc
Show file tree
Hide file tree
Showing 4 changed files with 5 additions and 103 deletions.
25 changes: 0 additions & 25 deletions 06_create_cluster.sh
Original file line number Diff line number Diff line change
Expand Up @@ -65,32 +65,7 @@ if [ $(sudo podman ps | grep -w -e "ironic-api$" -e "ironic-conductor$" -e "iron
exit 1
fi

# Run the fix_certs.sh script periodically as a workaround for
# https://github.com/openshift-metalkube/dev-scripts/issues/260
sudo systemd-run --on-active=30s --on-unit-active=1m --unit=fix_certs.service $(dirname $0)/fix_certs.sh

# Call openshift-installer to deploy the bootstrap node and masters
create_cluster ocp

echo "Cluster up, you can interact with it via oc --config ${KUBECONFIG} <command>"

# The deployment is complete, but we must manually add the IPs for the masters,
# as we don't have a way to do that automatically yet. This is required for
# CSRs to get auto approved for masters.
# https://github.com/openshift-metal3/dev-scripts/issues/260
# https://github.com/metal3-io/baremetal-operator/issues/242
./add-machine-ips.sh

# Bounce the machine approver to get it to notice the changes.
oc scale deployment -n openshift-cluster-machine-approver --replicas=0 machine-approver
while [ ! $(oc get deployment -n openshift-cluster-machine-approver machine-approver -o json | jq .spec.replicas) ]
do
echo "Scaling down machine-approver..."
done
echo "Scaling up machine-approver..."
oc scale deployment -n openshift-cluster-machine-approver --replicas=1 machine-approver

# Wait a tiny bit, then list the csrs
sleep 5
oc get csr
# END Hack
31 changes: 5 additions & 26 deletions 11_register_hosts.sh
Original file line number Diff line number Diff line change
Expand Up @@ -83,29 +83,8 @@ oc --config ocp/auth/kubeconfig apply -f $SCRIPTDIR/ocp/master_crs.yaml --namesp

oc --config ocp/auth/kubeconfig apply -f $SCRIPTDIR/ocp/worker_crs.yaml --namespace=openshift-machine-api

# We automate waiting for a worker to come up and adding IPs to it for the
# default virt configuration. This is a helpful step for the common dev setup,
# and it also runs in CI. For any other env, we just skip this, because we
# can't automatically figure out the mapping between Machines and Nodes in
# other cases, and must rely on running the link-machine-and-node.sh manually.

if [ "${NODES_PLATFORM}" != "libvirt" ] || [ "$(list_workers | wc -l)" != "1" ]; then
exit 0
fi

wait_for_worker() {
worker=$1
echo "Waiting for worker $worker to appear ..."
while [ "$(oc get nodes | grep $worker)" = "" ]; do sleep 5; done
TIMEOUT_MINUTES=15
echo "$worker registered, waiting $TIMEOUT_MINUTES minutes for Ready condition ..."
oc wait node/$worker --for=condition=Ready --timeout=$[${TIMEOUT_MINUTES} * 60]s
}

wait_for_worker worker-0

# Ensures IPs get set on the worker Machine
# Run only with single worker deployments as a workaround for issue #421
if [ "$(list_workers | wc -l)" == 1 ]; then
./add-machine-ips.sh
fi
# Run the fix_certs.sh script periodically as a workaround for
# https://github.com/openshift-metalkube/dev-scripts/issues/260 This is only
# required to approve certs for workers, as the master certs are approved
# automatically during the bootstrap phase.
sudo systemd-run --on-active=30s --on-unit-active=1m --unit=fix_certs.service $(dirname $0)/fix_certs.sh
17 changes: 0 additions & 17 deletions add-machine-ips.sh

This file was deleted.

35 changes: 0 additions & 35 deletions link-machine-and-node.sh

This file was deleted.

0 comments on commit 35a8fcc

Please sign in to comment.