AGENT-864: New make target to add day2 node with agent #1654
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,72 @@ | ||
| #!/usr/bin/env bash | ||
| set -euxo pipefail | ||
|
|
||
| SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )/.." && pwd )" | ||
|
|
||
| source $SCRIPTDIR/common.sh | ||
| source $SCRIPTDIR/network.sh | ||
| source $SCRIPTDIR/ocp_install_env.sh | ||
| source $SCRIPTDIR/utils.sh | ||
| source $SCRIPTDIR/validation.sh | ||
| source $SCRIPTDIR/agent/common.sh | ||
|
|
||
| early_deploy_validation | ||
|
|
||
| function build_node_joiner() { | ||
|
There was a problem hiding this comment. As per the previous comment, the build function for the node-joiner can be removed one and addressed in a separate card. Note for the future development: the build_local_release function in step 4 already contains the logic for properly building/pushing a local image, it would be useful to extract it and reuse it when a single image update is required |
||
| # Build installer | ||
| pushd . | ||
| cd $OPENSHIFT_INSTALL_PATH | ||
| TAGS="${OPENSHIFT_INSTALLER_BUILD_TAGS:-libvirt baremetal}" DEFAULT_ARCH=$(get_arch) hack/build-node-joiner.sh | ||
| popd | ||
| } | ||
|
|
||
| function approve_csrs() { | ||
| while true; do | ||
|
There was a problem hiding this comment. Since this will be run in a CI job, it would be useful also to have a timeout condition (ie 10mins), to avoid relying on the CI timeout (usually 4h) in case of an issue during the approval |
||
| pending_csrs=$(oc get csr | grep Pending) | ||
| if [[ ${pending_csrs} != "" ]]; then | ||
| echo "Approving CSRs: $pending_csrs" | ||
| echo $pending_csrs | cut -d ' ' -f 1 | xargs oc adm certificate approve | ||
| fi | ||
| sleep 10 | ||
| done | ||
| } | ||
|
|
||
| if [ -z "$KNI_INSTALL_FROM_GIT" ]; then | ||
|
There was a problem hiding this comment. As suggested before, we don't need now this part for local rebuild, so it could be removed |
||
| # Extract node-joiner from the release image | ||
| baremetal_installer_image=$(oc adm release info --image-for=baremetal-installer --registry-config=$PULL_SECRET_FILE) | ||
| container_id=$(podman create --authfile $PULL_SECRET_FILE ${baremetal_installer_image} ls) | ||
| podman start $container_id | ||
| podman export $container_id > baremetal-installer.tar | ||
| tar xf baremetal-installer.tar usr/bin/node-joiner | ||
| cp usr/bin/node-joiner $OCP_DIR/node-joiner | ||
| rm -rf usr baremetal-installer.tar | ||
| podman rm $container_id | ||
| else | ||
| # Build the node-joiner from source | ||
| build_node_joiner | ||
| cp "$OPENSHIFT_INSTALL_PATH/bin/node-joiner" "$OCP_DIR" | ||
| fi | ||
|
|
||
| rm $OCP_DIR/add-node/.openshift_install_state.json | true | ||
|
There was a problem hiding this comment. This should never be required. When running transient commands, the |
||
|
|
||
| get_static_ips_and_macs | ||
|
|
||
|
|
||
| node_joiner="$(realpath "${OCP_DIR}/node-joiner")" | ||
|
|
||
| $node_joiner add-nodes --dir $OCP_DIR/add-node --kubeconfig $OCP_DIR/auth/kubeconfig | ||
|
There was a problem hiding this comment. The primary test interface must be the node-joiner.sh script. What we really need here it's just to download it and run it - ie like a real user would do. |
||
|
|
||
| sudo virt-xml ${CLUSTER_NAME}_extraworker_${AGENT_EXTRAWORKER_NODE_TO_ADD} --add-device --disk "${OCP_DIR}/add-node/node.x86_64.iso,device=cdrom,target.dev=sdc" | ||
| sudo virt-xml ${CLUSTER_NAME}_extraworker_${AGENT_EXTRAWORKER_NODE_TO_ADD} --edit target=sda --disk="boot_order=1" | ||
| sudo virt-xml ${CLUSTER_NAME}_extraworker_${AGENT_EXTRAWORKER_NODE_TO_ADD} --edit target=sdc --disk="boot_order=2" --start | ||
|
There was a problem hiding this comment. For this part we currently have a small tech debt that should be addressed, and very likely this sounds as the right occasion to tackle it. The concept of
There was a problem hiding this comment. Specifically to these lines of code, probably it could be worth to modify this portion of code to take care also of the extraworkers, if defined. The only exception is that the VMs for the extra workers must not be started, so the various functions may required an additional param for that. We do not require to address the pxe / appliance cases now, but it could be useful to prepare the ground for the future developments |
||
|
|
||
| set +ex | ||
|
There was a problem hiding this comment. nit: a small comment could be useful here |
||
| approve_csrs & | ||
| approve_csrs_pid=$! | ||
| trap 'kill -TERM ${approve_csrs_pid}; exit' INT EXIT TERM | ||
| set -ex | ||
|
|
||
| $node_joiner monitor-add-nodes ${AGENT_EXTRA_WORKERS_IPS[${AGENT_EXTRAWORKER_NODE_TO_ADD}]} --kubeconfig $OCP_DIR/auth/kubeconfig | ||
|
There was a problem hiding this comment. As for the previous case, also here the script execution should be used (when available) |
||
|
|
||
| oc get nodes extraworker-${AGENT_EXTRAWORKER_NODE_TO_ADD} | grep Ready | ||
|
There was a problem hiding this comment. I'm not sure about this check, I'd expect that the monitor script will report the proper exit code (forcing then the current script to fail) |
||
|
|
||
| kill -TERM ${approve_csrs_pid} | ||
|
There was a problem hiding this comment. Is this really needed? The trap should already take care of that in any case |
||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,52 @@ | ||
| # Add nodes (day 2) | ||
|
|
||
| Nodes can be added after installation, using the "agent_add_node" make target. | ||
|
|
||
| To add a node, the cluster must be created with extra worker nodes using | ||
| the NUM_EXTRA_WORKERS environment variable. This will configure VMs for extra | ||
| worker nodes, but not include them in the initial cluster installation. | ||
|
|
||
| For example, | ||
|
|
||
| ``` | ||
| export NUM_EXTRA_WORKERS=2 | ||
| ``` | ||
|
|
||
| will create two extra worker nodes, named extraworker-0 and extraworker-1. | ||
|
|
||
| The extra worker nodes must have a minimum disk size of 100GB. This can be specified | ||
| using: | ||
|
|
||
| ``` | ||
| export EXTRA_WORKER_DISK=100 | ||
| ``` | ||
|
|
||
| After the cluster has been installed. To add both nodes to the cluster, run | ||
| these commands: | ||
|
|
||
| ``` | ||
| AGENT_EXTRAWORKER_NODE_TO_ADD=0 make agent_add_node | ||
| AGENT_EXTRAWORKER_NODE_TO_ADD=1 make agent_add_node | ||
| ``` | ||
|
|
||
| The nodes will be sequentially added to the cluster. | ||
|
|
||
| # agent_add_node target | ||
|
|
||
| To add a node to the cluster, the "agent_add_node" target performs the same | ||
| steps a user would need to perform to add a node to the cluster using [the | ||
| node-joiner tool](https://github.com/openshift/installer/blob/master/docs/user/agent/add-node/add-nodes.md). | ||
|
|
||
| Steps: | ||
|
|
||
| * Downloads and executes the [node-joiner.sh](https://github.com/openshift/installer/blob/master/docs/user/agent/add-node/node-joiner.sh) script to generate the ISO (node.x86_64.iso) that can be used to join a | ||
| node to the cluster. This script requires an input file, nodes-config.yaml, which describes | ||
| the node being added. This input file is automatically generated by "agent_add_node" provided | ||
| the cluster was created with extra worker nodes. | ||
|
|
||
| * Boots the extra worker node using the generated ISO. | ||
|
|
||
| * Downloads and executes the [node-joiner-monitor.sh](https://github.com/openshift/installer/blob/master/docs/user/agent/add-node/node-joiner-monitor.sh) script to show progress. The monitor script also displays | ||
| CSRs that will need to be approved for the node to join the cluster. | ||
|
|
||
| * A user would then approve each CSR using "oc adm certificate approve" or equivalent. This target creates a background process that auto approves any CSRs. |
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -32,3 +32,15 @@ | |
| src: "agent-config_bond_yaml.j2" | ||
| dest: "{{ install_path }}/agent-config.yaml" | ||
| when: agent_bond_config != 'none' | ||
|
|
||
| - name: create add-node directory | ||
|
There was a problem hiding this comment. That's not really part of the install-config, it must be placed into its own task file related to add nodes |
||
| ansible.builtin.file: | ||
| path: "{{ install_path }}/add-node" | ||
| state: directory | ||
| when: num_extra_workers != "0" | ||
|
|
||
| - name: write the nodes-config.yaml | ||
| template: | ||
| src: "nodes-config_yaml.j2" | ||
| dest: "{{ install_path }}/add-node/nodes-config.yaml" | ||
| when: agent_bond_config == 'none' and num_extra_workers != "0" | ||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I like the idea of having a separate step, since it will be a useful way to develop/test locally the node-joiner. From an high level point, we should aim to support two different scenarios:
In this scenario, the dev first runs a
make agentto deploy a cluster, then amake agent_add_nodemultiple times while developing. For this reason, the step should be:From a CI point of view, we should have a way to invoke the
agent_add_nodestep when required. We could either override theDEVSCRIPTS_TARGETin a agent workflow (ie here), or add always this step in the make agent and exclude it via a config var. Personally I'd be more inclined to the former optionNow, since the reference card is targeting the second scenario (CI jobs), and since the first one may require more additional work not strictly needed within this sprint, I think it would be better to have a new card for scenario 1 in the carry over epic AGENT-896 and limit this one just to the second scenario. This should also help in simplify the code