-
Notifications
You must be signed in to change notification settings - Fork 192
/
inventory_v2_handlers.go
796 lines (691 loc) · 31.9 KB
/
inventory_v2_handlers.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
package bminventory
import (
"context"
"encoding/json"
"fmt"
"io"
"net/http"
"net/url"
"path"
"strings"
"time"
"github.com/go-openapi/runtime/middleware"
"github.com/go-openapi/strfmt"
"github.com/go-openapi/swag"
"github.com/google/uuid"
"github.com/openshift/assisted-service/internal/common"
eventgen "github.com/openshift/assisted-service/internal/common/events"
"github.com/openshift/assisted-service/internal/constants"
"github.com/openshift/assisted-service/internal/featuresupport"
"github.com/openshift/assisted-service/internal/gencrypto"
"github.com/openshift/assisted-service/internal/host/hostutil"
"github.com/openshift/assisted-service/internal/imageservice"
"github.com/openshift/assisted-service/models"
"github.com/openshift/assisted-service/pkg/auth"
"github.com/openshift/assisted-service/pkg/filemiddleware"
logutil "github.com/openshift/assisted-service/pkg/log"
"github.com/openshift/assisted-service/restapi/operations/installer"
"github.com/pkg/errors"
"gorm.io/gorm"
)
func (b *bareMetalInventory) V2UpdateHost(ctx context.Context, params installer.V2UpdateHostParams) middleware.Responder {
host, err := b.V2UpdateHostInternal(ctx, params, Interactive)
if err != nil {
return common.GenerateErrorResponder(err)
}
return installer.NewV2UpdateHostCreated().WithPayload(&host.Host)
}
func (b *bareMetalInventory) V2RegisterCluster(ctx context.Context, params installer.V2RegisterClusterParams) middleware.Responder {
c, err := b.RegisterClusterInternal(ctx, nil, params)
if err != nil {
return common.GenerateErrorResponder(err)
}
return installer.NewV2RegisterClusterCreated().WithPayload(&c.Cluster)
}
func (b *bareMetalInventory) V2ListClusters(ctx context.Context, params installer.V2ListClustersParams) middleware.Responder {
clusters, err := b.listClustersInternal(ctx, params)
if err != nil {
return common.GenerateErrorResponder(err)
}
return installer.NewV2ListClustersOK().WithPayload(clusters)
}
func (b *bareMetalInventory) V2GetCluster(ctx context.Context, params installer.V2GetClusterParams) middleware.Responder {
c, err := b.GetClusterInternal(ctx, params)
if err != nil {
return common.GenerateErrorResponder(err)
}
return installer.NewV2GetClusterOK().WithPayload(&c.Cluster)
}
func (b *bareMetalInventory) V2DeregisterCluster(ctx context.Context, params installer.V2DeregisterClusterParams) middleware.Responder {
log := logutil.FromContext(ctx, b.log)
cluster, err := common.GetClusterFromDB(b.db, params.ClusterID, common.UseEagerLoading)
if err != nil {
return common.NewApiError(http.StatusNotFound, err)
}
if b.ocmClient != nil {
if err = b.integrateWithAMSClusterDeregistration(ctx, cluster); err != nil {
log.WithError(err).Errorf("Cluster %s failed to integrate with AMS on cluster deregistration", params.ClusterID)
return common.NewApiError(http.StatusInternalServerError, err)
}
}
if err = b.deleteDNSRecordSets(ctx, *cluster); err != nil {
log.Warnf("failed to delete DNS record sets for base domain: %s", cluster.BaseDNSDomain)
}
if err = b.deleteOrUnbindHosts(ctx, cluster); err != nil {
log.WithError(err).Errorf("failed delete or unbind hosts when deregistering cluster: %s", params.ClusterID)
return common.NewApiError(http.StatusInternalServerError, err)
}
if err := b.DeregisterClusterInternal(ctx, cluster); err != nil {
return common.GenerateErrorResponder(err)
}
return installer.NewV2DeregisterClusterNoContent()
}
func (b *bareMetalInventory) V2GetClusterInstallConfig(ctx context.Context, params installer.V2GetClusterInstallConfigParams) middleware.Responder {
cluster, err := b.getCluster(ctx, params.ClusterID.String())
if err != nil {
return common.GenerateErrorResponder(fmt.Errorf("Failed to get cluster %s: %w", params.ClusterID, err))
}
clusterInfraenvs, err := b.getClusterInfraenvs(ctx, cluster)
if err != nil {
return common.GenerateErrorResponder(fmt.Errorf("Failed to get cluster %s infraenvs: %w", params.ClusterID, err))
}
cfg, err := b.installConfigBuilder.GetInstallConfig(cluster, clusterInfraenvs, "")
if err != nil {
return common.GenerateErrorResponder(fmt.Errorf("Failed to get cluster %s install config: %w", params.ClusterID, err))
}
return installer.NewV2GetClusterInstallConfigOK().WithPayload(string(cfg))
}
func (b *bareMetalInventory) V2UpdateClusterInstallConfig(ctx context.Context, params installer.V2UpdateClusterInstallConfigParams) middleware.Responder {
_, err := b.UpdateClusterInstallConfigInternal(ctx, params)
if err != nil {
return common.GenerateErrorResponder(err)
}
return installer.NewV2UpdateClusterInstallConfigCreated()
}
func (b *bareMetalInventory) V2InstallCluster(ctx context.Context, params installer.V2InstallClusterParams) middleware.Responder {
cluster, err := b.InstallClusterInternal(ctx, params)
if err != nil {
return common.GenerateErrorResponder(err)
}
return installer.NewV2InstallClusterAccepted().WithPayload(&cluster.Cluster)
}
func (b *bareMetalInventory) V2CancelInstallation(ctx context.Context, params installer.V2CancelInstallationParams) middleware.Responder {
cluster, err := b.CancelInstallationInternal(ctx, params)
if err != nil {
return common.GenerateErrorResponder(err)
}
return installer.NewV2CancelInstallationAccepted().WithPayload(&cluster.Cluster)
}
func (b *bareMetalInventory) TransformClusterToDay2(ctx context.Context, params installer.TransformClusterToDay2Params) middleware.Responder {
// Does the same thing as TransformClusterToAddingHosts, endpoint maintained for legacy purposes
cluster, err := b.TransformClusterToDay2Internal(ctx, params.ClusterID)
if err != nil {
return common.GenerateErrorResponder(err)
}
return installer.NewTransformClusterToDay2Accepted().WithPayload(&cluster.Cluster)
}
func (b *bareMetalInventory) TransformClusterToAddingHosts(ctx context.Context, params installer.TransformClusterToAddingHostsParams) middleware.Responder {
c, err := b.TransformClusterToDay2Internal(ctx, params.ClusterID)
if err != nil {
return common.GenerateErrorResponder(err)
}
return installer.NewTransformClusterToAddingHostsAccepted().WithPayload(&c.Cluster)
}
func (b *bareMetalInventory) V2ResetCluster(ctx context.Context, params installer.V2ResetClusterParams) middleware.Responder {
log := logutil.FromContext(ctx, b.log)
log.Infof("resetting cluster %s", params.ClusterID)
var cluster *common.Cluster
txSuccess := false
tx := b.db.Begin()
defer func() {
if !txSuccess {
log.Error("reset cluster failed")
tx.Rollback()
}
if r := recover(); r != nil {
log.Error("reset cluster failed")
tx.Rollback()
}
}()
if tx.Error != nil {
log.WithError(tx.Error).Errorf("failed to start db transaction")
return installer.NewV2ResetClusterInternalServerError().WithPayload(
common.GenerateError(http.StatusInternalServerError, errors.New("DB error, failed to start transaction")))
}
var err error
if cluster, err = common.GetClusterFromDBForUpdate(tx, params.ClusterID, common.UseEagerLoading); err != nil {
log.WithError(err).Errorf("failed to find cluster %s", params.ClusterID)
if errors.Is(err, gorm.ErrRecordNotFound) {
return installer.NewV2ResetClusterNotFound().WithPayload(common.GenerateError(http.StatusNotFound, err))
}
return installer.NewV2ResetClusterInternalServerError().WithPayload(common.GenerateError(http.StatusInternalServerError, err))
}
if err := b.clusterApi.ResetCluster(ctx, cluster, "cluster was reset by user", tx); err != nil {
return common.GenerateErrorResponder(err)
}
for _, h := range cluster.Hosts {
if err := b.hostApi.ResetHost(ctx, h, "cluster was reset by user", tx); err != nil {
return common.GenerateErrorResponder(err)
}
b.customizeHost(&cluster.Cluster, h)
}
if err := b.clusterApi.DeleteClusterFiles(ctx, cluster, b.objectHandler); err != nil {
return common.NewApiError(http.StatusInternalServerError, err)
}
if err := b.deleteDNSRecordSets(ctx, *cluster); err != nil {
log.Warnf("failed to delete DNS record sets for base domain: %s", cluster.BaseDNSDomain)
}
if err := tx.Commit().Error; err != nil {
log.Error(err)
return installer.NewV2ResetClusterInternalServerError().WithPayload(
common.GenerateError(http.StatusInternalServerError, errors.New("DB error, failed to commit transaction")))
}
txSuccess = true
return installer.NewV2ResetClusterAccepted().WithPayload(&cluster.Cluster)
}
func (b *bareMetalInventory) V2GetPreflightRequirements(ctx context.Context, params installer.V2GetPreflightRequirementsParams) middleware.Responder {
cluster, err := b.getCluster(ctx, params.ClusterID.String(), common.UseEagerLoading)
if err != nil {
return common.GenerateErrorResponder(err)
}
requirements, err := b.hwValidator.GetPreflightHardwareRequirements(ctx, cluster)
if err != nil {
return common.GenerateErrorResponder(err)
}
return installer.NewV2GetPreflightRequirementsOK().WithPayload(requirements)
}
func (b *bareMetalInventory) V2UploadClusterIngressCert(ctx context.Context, params installer.V2UploadClusterIngressCertParams) middleware.Responder {
log := logutil.FromContext(ctx, b.log)
log.Infof("UploadClusterIngressCert for cluster %s with params %s", params.ClusterID, params.IngressCertParams)
var cluster common.Cluster
if err := b.db.First(&cluster, "id = ?", params.ClusterID).Error; err != nil {
log.WithError(err).Errorf("failed to find cluster %s", params.ClusterID)
if errors.Is(err, gorm.ErrRecordNotFound) {
return installer.NewV2UploadClusterIngressCertNotFound().WithPayload(common.GenerateError(http.StatusNotFound, err))
} else {
return installer.NewV2UploadClusterIngressCertInternalServerError().
WithPayload(common.GenerateError(http.StatusInternalServerError, err))
}
}
if err := b.clusterApi.UploadIngressCert(&cluster); err != nil {
return installer.NewV2UploadClusterIngressCertBadRequest().
WithPayload(common.GenerateError(http.StatusBadRequest, err))
}
objectName := fmt.Sprintf("%s/%s", cluster.ID, constants.Kubeconfig)
exists, err := b.objectHandler.DoesObjectExist(ctx, objectName)
if err != nil {
log.WithError(err).Errorf("Failed to upload ingress ca")
return installer.NewV2UploadClusterIngressCertInternalServerError().
WithPayload(common.GenerateError(http.StatusInternalServerError, err))
}
if exists {
log.Infof("Ingress ca for cluster %s already exists", cluster.ID)
return installer.NewV2UploadClusterIngressCertCreated()
}
noingress := fmt.Sprintf("%s/%s-noingress", cluster.ID, constants.Kubeconfig)
resp, _, err := b.objectHandler.Download(ctx, noingress)
if err != nil {
return installer.NewV2UploadClusterIngressCertInternalServerError().
WithPayload(common.GenerateError(http.StatusInternalServerError, err))
}
kubeconfigData, err := io.ReadAll(resp)
if err != nil {
log.WithError(err).Infof("Failed to convert kubeconfig s3 response to io reader")
return installer.NewV2UploadClusterIngressCertInternalServerError().
WithPayload(common.GenerateError(http.StatusInternalServerError, err))
}
mergedKubeConfig, err := mergeIngressCaIntoKubeconfig(kubeconfigData, []byte(params.IngressCertParams), log)
if err != nil {
return installer.NewV2UploadClusterIngressCertInternalServerError().
WithPayload(common.GenerateError(http.StatusInternalServerError, err))
}
if err := b.objectHandler.Upload(ctx, mergedKubeConfig, objectName); err != nil {
return installer.NewV2UploadClusterIngressCertInternalServerError().
WithPayload(common.GenerateError(http.StatusInternalServerError, errors.Errorf("failed to upload %s to s3", objectName)))
}
return installer.NewV2UploadClusterIngressCertCreated()
}
func (b *bareMetalInventory) V2CompleteInstallation(ctx context.Context, params installer.V2CompleteInstallationParams) middleware.Responder {
// TODO: MGMT-4458
// This function can be removed once the controller will stop sending this request
// The service is already capable of completing the installation on its own
log := logutil.FromContext(ctx, b.log)
log.Infof("complete cluster %s installation", params.ClusterID)
var cluster *common.Cluster
var err error
if cluster, err = common.GetClusterFromDB(b.db, params.ClusterID, common.UseEagerLoading); err != nil {
return common.GenerateErrorResponder(err)
}
if !*params.CompletionParams.IsSuccess {
if _, err := b.clusterApi.CompleteInstallation(ctx, b.db, cluster, false, params.CompletionParams.ErrorInfo); err != nil {
log.WithError(err).Errorf("Failed to set complete cluster state on %s ", params.ClusterID.String())
return common.GenerateErrorResponder(err)
}
} else {
log.Warnf("Cluster %s tried to complete its installation using deprecated CompleteInstallation API. The service decides whether the cluster completed", params.ClusterID)
}
return installer.NewV2CompleteInstallationAccepted().WithPayload(&cluster.Cluster)
}
func (b *bareMetalInventory) V2UpdateClusterLogsProgress(ctx context.Context, params installer.V2UpdateClusterLogsProgressParams) middleware.Responder {
var err error
var currentCluster *common.Cluster
log := logutil.FromContext(ctx, b.log)
log.Infof("update log progress on %s cluster to %s", params.ClusterID, common.LogStateValue(params.LogsProgressParams.LogsState))
currentCluster, err = b.getCluster(ctx, params.ClusterID.String())
if err == nil {
err = b.clusterApi.UpdateLogsProgress(ctx, currentCluster, string(common.LogStateValue(params.LogsProgressParams.LogsState)))
}
if err != nil {
b.log.WithError(err).Errorf("failed to update log progress %s on cluster %s", common.LogStateValue(params.LogsProgressParams.LogsState), params.ClusterID.String())
return common.GenerateErrorResponder(err)
}
return installer.NewV2UpdateClusterLogsProgressNoContent()
}
func (b *bareMetalInventory) V2GetClusterDefaultConfig(_ context.Context, _ installer.V2GetClusterDefaultConfigParams) middleware.Responder {
body := &models.ClusterDefaultConfig{}
body.NtpSource = b.Config.DefaultNTPSource
body.InactiveDeletionHours = int64(b.gcConfig.DeregisterInactiveAfter.Hours())
// TODO(MGMT-9751-remove-single-network)
body.ClusterNetworkCidr = b.Config.DefaultClusterNetworkCidr
body.ServiceNetworkCidr = b.Config.DefaultServiceNetworkCidr
body.ClusterNetworkHostPrefix = b.Config.DefaultClusterNetworkHostPrefix
body.ClusterNetworksIPV4 = []*models.ClusterNetwork{
{
Cidr: models.Subnet(b.Config.DefaultClusterNetworkCidr),
HostPrefix: b.Config.DefaultClusterNetworkHostPrefix,
},
}
body.ServiceNetworksIPV4 = []*models.ServiceNetwork{
{Cidr: models.Subnet(b.Config.DefaultServiceNetworkCidr)},
}
body.ClusterNetworksDualstack = []*models.ClusterNetwork{
{
Cidr: models.Subnet(b.Config.DefaultClusterNetworkCidr),
HostPrefix: b.Config.DefaultClusterNetworkHostPrefix,
},
{
Cidr: models.Subnet(b.Config.DefaultClusterNetworkCidrIPv6),
HostPrefix: b.Config.DefaultClusterNetworkHostPrefixIPv6,
},
}
body.ServiceNetworksDualstack = []*models.ServiceNetwork{
{Cidr: models.Subnet(b.Config.DefaultServiceNetworkCidr)},
{Cidr: models.Subnet(b.Config.DefaultServiceNetworkCidrIPv6)},
}
body.ForbiddenHostnames = append(body.ForbiddenHostnames, hostutil.ForbiddenHostnames...)
return installer.NewV2GetClusterDefaultConfigOK().WithPayload(body)
}
func (b *bareMetalInventory) V2DownloadClusterLogs(ctx context.Context, params installer.V2DownloadClusterLogsParams) middleware.Responder {
log := logutil.FromContext(ctx, b.log)
log.Infof("Downloading logs from cluster %s", params.ClusterID)
fileName, downloadFileName, err := b.getLogFileForDownload(ctx, ¶ms.ClusterID, params.HostID, swag.StringValue(params.LogsType))
if err != nil {
return common.GenerateErrorResponder(err)
}
respBody, contentLength, err := b.objectHandler.Download(ctx, fileName)
if err != nil {
if _, ok := err.(common.NotFound); ok {
log.WithError(err).Warnf("File not found %s", fileName)
return common.NewApiError(http.StatusNotFound, errors.Errorf("Logs of type %s for cluster %s "+
"were not found", swag.StringValue(params.LogsType), params.ClusterID))
}
log.WithError(err).Errorf("failed to download file %s", fileName)
return common.NewApiError(http.StatusInternalServerError, err)
}
return filemiddleware.NewResponder(installer.NewV2DownloadClusterLogsOK().WithPayload(respBody), downloadFileName, contentLength, nil)
}
func (b *bareMetalInventory) V2UploadLogs(ctx context.Context, params installer.V2UploadLogsParams) middleware.Responder {
err := b.v2uploadLogs(ctx, params)
if err != nil {
return common.GenerateErrorResponder(err)
}
return installer.NewV2UploadLogsNoContent()
}
func (b *bareMetalInventory) v2uploadLogs(ctx context.Context, params installer.V2UploadLogsParams) error {
log := logutil.FromContext(ctx, b.log)
log.Infof("Uploading logs from cluster %s", params.ClusterID)
defer func() {
// Closing file and removing all temporary files created by Multipart
if params.Upfile != nil {
params.Upfile.Close()
}
params.HTTPRequest.Body.Close()
err := params.HTTPRequest.MultipartForm.RemoveAll()
if err != nil {
log.WithError(err).Warnf("Failed to delete temporary files used for upload")
}
}()
if params.LogsType == string(models.LogsTypeHost) {
if params.InfraEnvID == nil || params.HostID == nil {
return common.NewApiError(http.StatusInternalServerError, errors.New("infra_env_id and host_id are required for upload host logs"))
}
dbHost, err := common.GetHostFromDB(b.db, params.InfraEnvID.String(), params.HostID.String())
if err != nil {
return err
}
err = b.uploadHostLogs(ctx, dbHost, params.Upfile)
if err != nil {
return err
}
eventgen.SendHostLogsUploadedEvent(ctx, b.eventsHandler, *params.HostID, dbHost.InfraEnvID, common.StrFmtUUIDPtr(params.ClusterID),
hostutil.GetHostnameForMsg(&dbHost.Host))
return nil
}
currentCluster, err := b.getCluster(ctx, params.ClusterID.String())
if err != nil {
return err
}
fileName := b.getLogsFullName(params.ClusterID.String(), params.LogsType)
log.Debugf("Start upload log file %s to bucket %s", fileName, b.S3Bucket)
err = b.objectHandler.UploadStream(ctx, params.Upfile, fileName)
if err != nil {
log.WithError(err).Errorf("Failed to upload %s to s3", fileName)
return common.NewApiError(http.StatusInternalServerError, err)
}
if params.LogsType == string(models.LogsTypeController) {
firstClusterLogCollectionEvent := false
if time.Time(currentCluster.ControllerLogsCollectedAt).Equal(time.Time{}) {
firstClusterLogCollectionEvent = true
}
err = b.clusterApi.SetUploadControllerLogsAt(ctx, currentCluster, b.db)
if err != nil {
log.WithError(err).Errorf("Failed update cluster %s controller_logs_collected_at flag", params.ClusterID)
return common.NewApiError(http.StatusInternalServerError, err)
}
err = b.clusterApi.UpdateLogsProgress(ctx, currentCluster, string(models.LogsStateCollecting))
if err != nil {
log.WithError(err).Errorf("Failed update cluster %s log progress %s", params.ClusterID, string(models.LogsStateCollecting))
return common.NewApiError(http.StatusInternalServerError, err)
}
if firstClusterLogCollectionEvent { // Issue an event only for the very first cluster log collection event.
eventgen.SendClusterLogsUploadedEvent(ctx, b.eventsHandler, params.ClusterID)
}
}
log.Infof("Done uploading file %s", fileName)
return nil
}
func (b *bareMetalInventory) V2GetCredentials(ctx context.Context, params installer.V2GetCredentialsParams) middleware.Responder {
cluster, err := b.GetCredentialsInternal(ctx, params)
if err != nil {
return common.GenerateErrorResponder(err)
}
return installer.NewV2GetCredentialsOK().WithPayload(cluster)
}
func (b *bareMetalInventory) V2ListFeatureSupportLevels(ctx context.Context, params installer.V2ListFeatureSupportLevelsParams) middleware.Responder {
payload := featuresupport.SupportLevelsList
return installer.NewV2ListFeatureSupportLevelsOK().WithPayload(payload)
}
func (b *bareMetalInventory) V2ImportCluster(ctx context.Context, params installer.V2ImportClusterParams) middleware.Responder {
id := strfmt.UUID(uuid.New().String())
cluster, err := b.V2ImportClusterInternal(ctx, nil, &id, params)
if err != nil {
return common.GenerateErrorResponder(err)
}
return installer.NewV2ImportClusterCreated().WithPayload(&cluster.Cluster)
}
func (b *bareMetalInventory) RegenerateInfraEnvSigningKey(ctx context.Context, params installer.RegenerateInfraEnvSigningKeyParams) middleware.Responder {
log := logutil.FromContext(ctx, b.log)
// generate key for signing rhsso image auth tokens
imageTokenKey, err := gencrypto.HMACKey(32)
if err != nil {
log.WithError(err).Error("Failed to generate new infraEnv image token key")
return common.NewApiError(http.StatusInternalServerError, err)
}
infraEnv, err := common.GetInfraEnvFromDB(b.db, params.InfraEnvID)
if err != nil {
return common.GenerateErrorResponder(err)
}
if err = b.db.Model(&common.InfraEnv{}).Where("id = ?", infraEnv.ID.String()).Update("image_token_key", imageTokenKey).Error; err != nil {
log.WithError(err).Errorf("Failed to update image token key for infraEnv %s", params.InfraEnvID)
return common.GenerateErrorResponder(err)
}
return installer.NewRegenerateInfraEnvSigningKeyNoContent()
}
func (b *bareMetalInventory) V2GetPresignedForClusterCredentials(ctx context.Context, params installer.V2GetPresignedForClusterCredentialsParams) middleware.Responder {
log := logutil.FromContext(ctx, b.log)
if err := b.checkFileDownloadAccess(ctx, params.FileName); err != nil {
payload := common.GenerateInfraError(http.StatusForbidden, err)
return installer.NewV2GetPresignedForClusterCredentialsForbidden().WithPayload(payload)
}
// Presigned URL only works with AWS S3 because Scality is not exposed
if !b.objectHandler.IsAwsS3() {
return common.NewApiError(http.StatusBadRequest, errors.New("Failed to generate presigned URL: invalid backend"))
}
fileName := params.FileName
fullFileName := fmt.Sprintf("%s/%s", params.ClusterID.String(), fileName)
duration, _ := time.ParseDuration("10m")
// Kubeconfig-noingress has been created during the installation, but it does not have the ingress CA.
// At the finalizing phase, we create the kubeconfig file and add the ingress CA.
// An ingress CA isn't required for normal login but for oauth login which isn't a common use case.
// Here we fallback to the kubeconfig-noingress for the kubeconfig filename.
if fileName == constants.Kubeconfig {
exists, _ := b.objectHandler.DoesObjectExist(ctx, fullFileName)
if !exists {
fileName = constants.KubeconfigNoIngress
fullFileName = fmt.Sprintf("%s/%s", params.ClusterID.String(), constants.KubeconfigNoIngress)
}
}
url, err := b.objectHandler.GeneratePresignedDownloadURL(ctx, fullFileName, fileName, duration)
if err != nil {
log.WithError(err).Errorf("failed to generate presigned URL: %s from cluster: %s", params.FileName, params.ClusterID.String())
return common.NewApiError(http.StatusInternalServerError, err)
}
return installer.NewV2GetPresignedForClusterCredentialsOK().WithPayload(&models.PresignedURL{URL: &url})
}
func (b *bareMetalInventory) GetInfraEnvDownloadURL(ctx context.Context, params installer.GetInfraEnvDownloadURLParams) middleware.Responder {
infraEnv, err := common.GetInfraEnvFromDB(b.db, params.InfraEnvID)
if err != nil {
return common.GenerateErrorResponder(err)
}
osImage, err := b.osImages.GetOsImageOrLatest(infraEnv.OpenshiftVersion, infraEnv.CPUArchitecture)
if err != nil {
return common.GenerateErrorResponder(common.NewApiError(http.StatusBadRequest, err))
}
if osImage.OpenshiftVersion == nil {
return common.GenerateErrorResponder(errors.Errorf("OS image entry '%+v' missing OpenshiftVersion field", osImage))
}
newURL, expiresAt, err := b.generateImageDownloadURL(ctx, infraEnv.ID.String(), string(*infraEnv.Type), *osImage.OpenshiftVersion, infraEnv.CPUArchitecture, infraEnv.ImageTokenKey)
if err != nil {
return common.GenerateErrorResponder(err)
}
updates := map[string]interface{}{
"download_url": newURL,
"expires_at": *expiresAt,
}
if err = b.db.Model(&common.InfraEnv{}).Where("id = ?", infraEnv.ID.String()).Updates(updates).Error; err != nil {
b.log.WithError(err).Errorf("Failed to update download_url for infraEnv %s", params.InfraEnvID)
return common.GenerateErrorResponder(err)
}
return installer.NewGetInfraEnvDownloadURLOK().WithPayload(&models.PresignedURL{URL: &newURL, ExpiresAt: *expiresAt})
}
func (b *bareMetalInventory) generateImageDownloadURL(ctx context.Context, infraEnvID, imageType, version, arch, imageTokenKey string) (string, *strfmt.DateTime, error) {
urlString, err := imageservice.ImageURL(b.ImageServiceBaseURL, infraEnvID, version, arch, imageType)
if err != nil {
return "", nil, err
}
urlString, err = b.signURL(ctx, infraEnvID, urlString, imageTokenKey)
if err != nil {
return "", nil, err
}
expiresAt, err := gencrypto.ParseExpirationFromURL(urlString)
if err != nil {
return "", nil, err
}
return urlString, expiresAt, nil
}
func (b *bareMetalInventory) signURL(ctx context.Context, infraEnvID, urlString, imageTokenKey string) (string, error) {
log := logutil.FromContext(ctx, b.log)
if b.authHandler.AuthType() == auth.TypeLocal {
var err error
urlString, err = gencrypto.SignURL(urlString, infraEnvID, gencrypto.InfraEnvKey)
if err != nil {
return "", errors.Wrap(err, "failed to sign image URL")
}
} else if b.authHandler.AuthType() == auth.TypeRHSSO {
token, err := gencrypto.JWTForSymmetricKey([]byte(imageTokenKey), b.ImageExpirationTime, infraEnvID)
if err != nil {
return "", errors.Wrapf(err, "failed to generate token for infraEnv %s", infraEnvID)
}
urlString, err = gencrypto.SignURLWithToken(urlString, "image_token", token)
if err != nil {
return "", errors.Wrap(err, "failed to sign image URL with token")
}
} else if b.authHandler.AuthType() == auth.TypeNone {
log.Infof("Auth type is none: image URL will remain as %s", urlString)
}
return urlString, nil
}
const ipxeRedirectScriptFormat = `#!ipxe
chain %s&mac=${net0/mac}
`
const ipxeBootScriptFormat = `#!ipxe
initrd --name initrd %s
kernel %s initrd=initrd coreos.live.rootfs_url=%s random.trust_cpu=on rd.luks.options=discard ignition.firstboot ignition.platform.id=metal console=tty1 console=ttyS1,115200n8 coreos.inst.persistent-kargs="console=tty1 console=ttyS1,115200n8"%s
boot
`
func (b *bareMetalInventory) hostRedirectIPXEScript(ctx context.Context, infraEnv *common.InfraEnv) (string, error) {
parsedURL, err := url.Parse(b.ServiceBaseURL)
if err != nil {
return "", err
}
if b.insecureIPXEURLs {
parsedURL.Scheme = "http"
}
builder := installer.V2DownloadInfraEnvFilesURL{
InfraEnvID: *infraEnv.ID,
FileName: "ipxe-script",
}
redirectUrl := builder.StringFull(parsedURL.Scheme, parsedURL.Host)
redirectUrl, err = b.signURL(ctx, infraEnv.ID.String(), redirectUrl, infraEnv.ImageTokenKey)
if err != nil {
return "", err
}
return fmt.Sprintf(ipxeRedirectScriptFormat, redirectUrl), nil
}
func (b *bareMetalInventory) canServeHostIPXEScript(infraEnv *common.InfraEnv, mac *strfmt.MAC) error {
var hosts []*models.Host
macStr := mac.String()
if err := b.db.Where("infra_env_id = ? and (inventory like ? or inventory like ?)", infraEnv.ID.String(), fmt.Sprintf("%%%s%%", strings.ToUpper(macStr)),
fmt.Sprintf("%%%s%%", strings.ToLower(macStr))).Find(&hosts).Error; err != nil {
return common.NewApiError(http.StatusInternalServerError, errors.Wrapf(err, "IPXE booting skipped. InfraEnv %s: Host with mac %s", infraEnv.ID.String(), macStr))
}
switch len(hosts) {
case 0:
return nil
case 1:
default:
return common.NewApiError(http.StatusInternalServerError, errors.Errorf("IPXE booting skipped. Unexpected number of hosts %d with mac %s", len(hosts), macStr))
}
h := hosts[0]
switch swag.StringValue(h.Status) {
case models.HostStatusInstalled:
return common.NewApiError(http.StatusNotFound, errors.Errorf("IPXE booting skipped. InfraEnv %s: host %s having mac %s is already installed", infraEnv.ID.String(), h.ID.String(), macStr))
case models.HostStatusInstallingInProgress:
if h.Progress != nil {
switch h.Progress.CurrentStage {
case models.HostStageDone, models.HostStageConfiguring, models.HostStageJoined, models.HostStageRebooting, models.HostStageWaitingForIgnition:
return common.NewApiError(http.StatusNotFound, errors.Errorf("IPXE booting skipped. InfraEnv %s: host %s having mac %s is in stage %s", infraEnv.ID.String(), h.ID.String(), macStr,
h.Progress.CurrentStage))
}
}
}
return nil
}
func kernelArgsToSlice(infraEnv *common.InfraEnv) ([]string, error) {
if infraEnv.KernelArguments == nil {
return nil, nil
}
var kernelArguments models.KernelArguments
if err := json.Unmarshal([]byte(swag.StringValue(infraEnv.KernelArguments)), &kernelArguments); err != nil {
return nil, errors.Wrap(err, "failed to unmarshal kernel arguments")
}
var args []string
for _, arg := range kernelArguments {
if arg.Operation != models.KernelArgumentOperationAppend {
return nil, errors.Errorf("only '%s' operation is allowed. got '%s'", models.KernelArgumentOperationAppend,
arg.Operation)
}
args = append(args, arg.Value)
}
return args, nil
}
func kernelArgsAppendStr(infraEnv *common.InfraEnv) (string, error) {
kernelArguments, err := kernelArgsToSlice(infraEnv)
if err != nil {
return "", err
}
if len(kernelArguments) > 0 {
return " " + strings.Join(kernelArguments, " "), nil
}
return "", nil
}
func (b *bareMetalInventory) bootIPXEScript(ctx context.Context, infraEnv *common.InfraEnv) (string, error) {
osImage, err := b.osImages.GetOsImageOrLatest(infraEnv.OpenshiftVersion, infraEnv.CPUArchitecture)
if err != nil {
return "", common.NewApiError(http.StatusBadRequest, err)
}
if osImage.OpenshiftVersion == nil {
return "", errors.Errorf("OS image entry '%+v' missing OpenshiftVersion field", osImage)
}
bootArtifactURLs, err := imageservice.GetBootArtifactURLs(b.ImageServiceBaseURL, infraEnv.ID.String(), osImage, b.insecureIPXEURLs)
if err != nil {
return "", errors.Wrap(err, "failed to generate boot artifact URLs")
}
initrdURL, err := b.signURL(ctx, infraEnv.ID.String(), bootArtifactURLs.InitrdURL, infraEnv.ImageTokenKey)
if err != nil {
return "", errors.Wrap(err, "failed to sign initrd URL")
}
kernelArgumentsStr, err := kernelArgsAppendStr(infraEnv)
if err != nil {
return "", errors.Wrapf(err, "failed to parse kernel arguments %s", swag.StringValue(infraEnv.KernelArguments))
}
return fmt.Sprintf(ipxeBootScriptFormat, initrdURL, bootArtifactURLs.KernelURL, bootArtifactURLs.RootFSURL, kernelArgumentsStr), nil
}
func (b *bareMetalInventory) infraEnvIPXEScript(ctx context.Context, infraEnv *common.InfraEnv, mac *strfmt.MAC, ipxeScriptType *string) (string, error) {
if mac != nil && *mac != "" {
if err := b.canServeHostIPXEScript(infraEnv, mac); err != nil {
return "", err
}
} else if swag.StringValue(ipxeScriptType) == BootOrderControl {
return b.hostRedirectIPXEScript(ctx, infraEnv)
}
return b.bootIPXEScript(ctx, infraEnv)
}
func (b *bareMetalInventory) GetInfraEnvPresignedFileURL(ctx context.Context, params installer.GetInfraEnvPresignedFileURLParams) middleware.Responder {
if params.IpxeScriptType != nil && params.FileName != "ipxe-script" {
return common.NewApiError(http.StatusBadRequest, errors.New(`ipxe_script_type can be set only for "ipxe-script"`))
}
infraEnv, err := common.GetInfraEnvFromDB(b.db, params.InfraEnvID)
if err != nil {
return common.GenerateErrorResponder(err)
}
builder := &installer.V2DownloadInfraEnvFilesURL{
InfraEnvID: params.InfraEnvID,
FileName: params.FileName,
IpxeScriptType: params.IpxeScriptType,
}
filesURL, err := builder.Build()
if err != nil {
return common.GenerateErrorResponder(err)
}
baseURL, err := url.Parse(b.Config.ServiceBaseURL)
if err != nil {
return common.GenerateErrorResponder(err)
}
baseURL.Path = path.Join(baseURL.Path, filesURL.Path)
baseURL.RawQuery = filesURL.RawQuery
signedURL, err := b.signURL(ctx, params.InfraEnvID.String(), baseURL.String(), infraEnv.ImageTokenKey)
if err != nil {
return common.GenerateErrorResponder(err)
}
exp, err := gencrypto.ParseExpirationFromURL(signedURL)
if err != nil {
return common.GenerateErrorResponder(err)
}
return &installer.GetInfraEnvPresignedFileURLOK{
Payload: &models.PresignedURL{
URL: &signedURL,
ExpiresAt: *exp,
},
}
}