From 35a8fcc41878a0e1e859d77d6c395f5b1b460f68 Mon Sep 17 00:00:00 2001 From: Russell Bryant Date: Tue, 23 Jul 2019 13:33:01 -0400 Subject: [PATCH] Remove some cert approval related hacks. This patch cleans up some hacks that are no longer needed. CSRs for masters are automatically approved by a service runningon the bootstrap node during the bootstrap process. Workers is where we are still missing some pieces. Move the fix-certs cron job to the register_hosts script, which is where worker deployment is kicked off. Also remove the add-machine-ips and link-machine-and-node scripts. cluster-api-provider-baremetal should now be automatically populating the addresses field of Machines based on introspection data it gets out of the BareMetalHost object for workers. Removing these scripts ensures we only rely on that code, and not a dev-script hack. --- 06_create_cluster.sh | 25 ------------------------- 11_register_hosts.sh | 31 +++++-------------------------- add-machine-ips.sh | 17 ----------------- link-machine-and-node.sh | 35 ----------------------------------- 4 files changed, 5 insertions(+), 103 deletions(-) delete mode 100755 add-machine-ips.sh delete mode 100755 link-machine-and-node.sh diff --git a/06_create_cluster.sh b/06_create_cluster.sh index f1e887ed3..e6fd3ca5d 100755 --- a/06_create_cluster.sh +++ b/06_create_cluster.sh @@ -65,32 +65,7 @@ if [ $(sudo podman ps | grep -w -e "ironic-api$" -e "ironic-conductor$" -e "iron exit 1 fi -# Run the fix_certs.sh script periodically as a workaround for -# https://github.com/openshift-metalkube/dev-scripts/issues/260 -sudo systemd-run --on-active=30s --on-unit-active=1m --unit=fix_certs.service $(dirname $0)/fix_certs.sh - # Call openshift-installer to deploy the bootstrap node and masters create_cluster ocp echo "Cluster up, you can interact with it via oc --config ${KUBECONFIG} " - -# The deployment is complete, but we must manually add the IPs for the masters, -# as we don't have a way to do that automatically yet. This is required for -# CSRs to get auto approved for masters. -# https://github.com/openshift-metal3/dev-scripts/issues/260 -# https://github.com/metal3-io/baremetal-operator/issues/242 -./add-machine-ips.sh - -# Bounce the machine approver to get it to notice the changes. -oc scale deployment -n openshift-cluster-machine-approver --replicas=0 machine-approver -while [ ! $(oc get deployment -n openshift-cluster-machine-approver machine-approver -o json | jq .spec.replicas) ] -do - echo "Scaling down machine-approver..." -done -echo "Scaling up machine-approver..." -oc scale deployment -n openshift-cluster-machine-approver --replicas=1 machine-approver - -# Wait a tiny bit, then list the csrs -sleep 5 -oc get csr -# END Hack diff --git a/11_register_hosts.sh b/11_register_hosts.sh index 120ac7b04..bf7f9acae 100755 --- a/11_register_hosts.sh +++ b/11_register_hosts.sh @@ -83,29 +83,8 @@ oc --config ocp/auth/kubeconfig apply -f $SCRIPTDIR/ocp/master_crs.yaml --namesp oc --config ocp/auth/kubeconfig apply -f $SCRIPTDIR/ocp/worker_crs.yaml --namespace=openshift-machine-api -# We automate waiting for a worker to come up and adding IPs to it for the -# default virt configuration. This is a helpful step for the common dev setup, -# and it also runs in CI. For any other env, we just skip this, because we -# can't automatically figure out the mapping between Machines and Nodes in -# other cases, and must rely on running the link-machine-and-node.sh manually. - -if [ "${NODES_PLATFORM}" != "libvirt" ] || [ "$(list_workers | wc -l)" != "1" ]; then - exit 0 -fi - -wait_for_worker() { - worker=$1 - echo "Waiting for worker $worker to appear ..." - while [ "$(oc get nodes | grep $worker)" = "" ]; do sleep 5; done - TIMEOUT_MINUTES=15 - echo "$worker registered, waiting $TIMEOUT_MINUTES minutes for Ready condition ..." - oc wait node/$worker --for=condition=Ready --timeout=$[${TIMEOUT_MINUTES} * 60]s -} - -wait_for_worker worker-0 - -# Ensures IPs get set on the worker Machine -# Run only with single worker deployments as a workaround for issue #421 -if [ "$(list_workers | wc -l)" == 1 ]; then - ./add-machine-ips.sh -fi +# Run the fix_certs.sh script periodically as a workaround for +# https://github.com/openshift-metalkube/dev-scripts/issues/260 This is only +# required to approve certs for workers, as the master certs are approved +# automatically during the bootstrap phase. +sudo systemd-run --on-active=30s --on-unit-active=1m --unit=fix_certs.service $(dirname $0)/fix_certs.sh diff --git a/add-machine-ips.sh b/add-machine-ips.sh deleted file mode 100755 index 9cfe3e633..000000000 --- a/add-machine-ips.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/bash -set -x -set -e - -source logging.sh -source utils.sh -source common.sh -source ocp_install_env.sh - -for node in $(oc --config ocp/auth/kubeconfig get nodes -o template --template='{{range .items}}{{.metadata.uid}}:{{.metadata.name}}{{"\n"}}{{end}}'); do - node_name=$(echo $node | cut -f2 -d':') - machine_name=$CLUSTER_NAME-$node_name - if [[ "$machine_name" == *"worker"* ]]; then - machine_name=$(oc --config ocp/auth/kubeconfig get machines -n openshift-machine-api | grep $node_name | cut -f1 -d' ') - fi - $SCRIPTDIR/link-machine-and-node.sh "$machine_name" "$node" -done diff --git a/link-machine-and-node.sh b/link-machine-and-node.sh deleted file mode 100755 index 0b1820000..000000000 --- a/link-machine-and-node.sh +++ /dev/null @@ -1,35 +0,0 @@ -#!/bin/bash - -source utils.sh - -set -x -set -e - -machine="$1" -node="$2" - -if [ -z "$machine" -o -z "$node" ]; then - echo "Usage: $0 MACHINE NODE" - exit 1 -fi - -uid=$(echo $node | cut -f1 -d':') -node_name=$(echo $node | cut -f2 -d':') - -# BEGIN Hack #260 -# Hack workaround for openshift-metalkube/dev-scripts#260 until it's done automatically -# Also see https://github.com/metalkube/cluster-api-provider-baremetal/issues/49 -oc --config ocp/auth/kubeconfig proxy & -proxy_pid=$! - -PROXY_API_PATH="http://localhost:8001/apis/machine.openshift.io/v1beta1/namespaces/openshift-machine-api/machines" -wait_for_json oc_proxy "${PROXY_API_PATH}" 10 -H "Accept: application/json" -H "Content-Type: application/json" - -addresses=$(oc --config ocp/auth/kubeconfig get node ${node_name} -o json | jq -c '.status.addresses') - -curl -X PATCH \ - ${PROXY_API_PATH}/${machine}/status \ - -H "Content-type: application/merge-patch+json" \ - -d '{"status":{"addresses":'"${addresses}"',"nodeRef":{"kind":"Node","name":"'"${node_name}"'","uid":"'"${uid}"'"}}}' - -kill $proxy_pid