Merge pull request #214 from gabemontero/ipv6-disc-boot-removed

DEVEXP-507: bootstrap as removed for IPv6
openshift · Jan 14, 2020 · 1afe3cf · 1afe3cf
2 parents 40505e0 + 536845c
commit 1afe3cf
Show file tree

Hide file tree

Showing 5 changed files with 131 additions and 24 deletions.
diff --git a/pkg/operatorstatus/operatorstatus.go b/pkg/operatorstatus/operatorstatus.go
@@ -24,6 +24,8 @@ const (
 	ClusterOperatorName = "openshift-samples"
 	doingDelete         = "DeletionInProgress"
 	nonX86              = "NonX86Platform"
+	ipv6                = "IPv6Platform"
+	tbr                 = "TermsBasedRegistryUnreacahable"
 )
 
 // ClusterOperatorHandler allows for wrappering access to configv1.ClusterOperator
@@ -81,7 +83,7 @@ func (o *ClusterOperatorHandler) setOperatorStatusWithoutInterrogatingConfig(pro
 
 }
 
-func (o *ClusterOperatorHandler) UpdateOperatorStatus(cfg *v1.Config, deletionInProgress bool) error {
+func (o *ClusterOperatorHandler) UpdateOperatorStatus(cfg *v1.Config, deletionInProgress, tbrInaccessible bool) error {
 	if deletionInProgress {
 		o.setOperatorStatusWithoutInterrogatingConfig(configv1.ConditionTrue, cfg, doingDelete)
 		// will ignore errors in delete path, but we at least log them above
@@ -93,6 +95,9 @@ func (o *ClusterOperatorHandler) UpdateOperatorStatus(cfg *v1.Config, deletionIn
 		return nil
 
 	}
+	if tbrInaccessible {
+		o.setOperatorStatusWithoutInterrogatingConfig(configv1.ConditionFalse, cfg, tbr)
+	}
 
 	errs := []error{}
 	degraded, degradedReason, degradedDetail := util.ClusterOperatorStatusDegradedCondition(cfg)

diff --git a/pkg/stub/config.go b/pkg/stub/config.go
@@ -278,6 +278,9 @@ func (h *Handler) ProcessManagementField(cfg *v1.Config) (bool, bool, error) {
 		// now actually process removed state
 		if cfg.Spec.ManagementState != cfg.Status.ManagementState ||
 			util.ConditionTrue(cfg, v1.SamplesExist) {
+			//reset bootstrap flag
+			h.tbrCheckFailed = false
+
 			logrus.Println("management state set to removed so deleting samples")
 			err := h.CleanUpOpenshiftNamespaceOnDelete(cfg)
 			if err != nil {
@@ -307,6 +310,9 @@ func (h *Handler) ProcessManagementField(cfg *v1.Config) (bool, bool, error) {
 		}
 		return false, false, nil
 	case operatorsv1api.Managed:
+		//reset bootstrap flag
+		h.tbrCheckFailed = false
+
 		if cfg.Spec.ManagementState != cfg.Status.ManagementState {
 			logrus.Println("management state set to managed")
 			if util.ConditionFalse(cfg, v1.ImportCredentialsExist) {
@@ -317,6 +323,9 @@ func (h *Handler) ProcessManagementField(cfg *v1.Config) (bool, bool, error) {
 		// to deal with config change processing
 		return true, false, nil
 	case operatorsv1api.Unmanaged:
+		//reset bootstrap flag
+		h.tbrCheckFailed = false
+
 		if cfg.Spec.ManagementState != cfg.Status.ManagementState {
 			logrus.Println("management state set to unmanaged")
 			cfg.Status.ManagementState = operatorsv1api.Unmanaged

diff --git a/pkg/stub/handler.go b/pkg/stub/handler.go
@@ -1,6 +1,7 @@
 package stub
 
 import (
+	"crypto/tls"
 	"fmt"
 	"io/ioutil"
 	"os"
@@ -30,17 +31,17 @@ import (
 	configv1client "github.com/openshift/client-go/config/clientset/versioned/typed/config/v1"
 	imagev1client "github.com/openshift/client-go/image/clientset/versioned/typed/image/v1"
 	imagev1lister "github.com/openshift/client-go/image/listers/image/v1"
+	configv1lister "github.com/openshift/client-go/samples/listers/samples/v1"
 	templatev1client "github.com/openshift/client-go/template/clientset/versioned/typed/template/v1"
 	templatev1lister "github.com/openshift/client-go/template/listers/template/v1"
-	configv1lister "github.com/openshift/client-go/samples/listers/samples/v1"
 
 	operatorsv1api "github.com/openshift/api/operator/v1"
 	v1 "github.com/openshift/api/samples/v1"
 	"github.com/openshift/cluster-samples-operator/pkg/cache"
 	sampopclient "github.com/openshift/cluster-samples-operator/pkg/client"
-	"github.com/openshift/cluster-samples-operator/pkg/util"
 	"github.com/openshift/cluster-samples-operator/pkg/metrics"
 	operatorstatus "github.com/openshift/cluster-samples-operator/pkg/operatorstatus"
+	"github.com/openshift/cluster-samples-operator/pkg/util"
 
 	sampleclientv1 "github.com/openshift/client-go/samples/clientset/versioned/typed/samples/v1"
 )
@@ -145,6 +146,7 @@ type Handler struct {
 	upsertInProgress bool
 	secretRetryCount int8
 	version          string
+	tbrCheckFailed   bool
 }
 
 // prepSamplesWatchEvent decides whether an upsert of the sample should be done, as well as data for either doing the upsert or checking the status of a prior upsert;
@@ -304,6 +306,39 @@ func (h *Handler) updateCfgArch(cfg *v1.Config) *v1.Config {
 	return cfg
 }
 
+func (h *Handler) tbrInaccessible() bool {
+	if h.configclient == nil {
+		// unit test environment
+		return false
+	}
+	err := wait.PollImmediate(5*time.Second, 3*time.Minute, func() (bool, error) {
+		tlsConf := &tls.Config{}
+		conn, err := tls.Dial("tcp", "registry.redhat.io:443", tlsConf)
+		if err != nil {
+			logrus.Infof("test connection to registry.redhat.io failed with %s", err.Error())
+			return false, nil
+		}
+		defer conn.Close()
+		err = conn.Handshake()
+		if err != nil {
+			logrus.Infof("test connection to registry.redhat.io experienced SSL handshake error %s", err.Error())
+			// these can be intermittent as well so we'll retry
+			return false, nil
+		}
+		logrus.Infof("test connection to registry.redhat.io successful")
+		return true, nil
+
+	})
+
+	if err == nil {
+		h.tbrCheckFailed = true
+		return false
+	}
+
+	logrus.Infof("unable to establish HTTPS connection to registry.redhat.io after 3 minutes, bootstrap to Removed")
+	return true
+}
+
 func (h *Handler) CreateDefaultResourceIfNeeded(cfg *v1.Config) (*v1.Config, error) {
 	// assume the caller has call lock on the mutex .. out pattern is to have that as
 	// high up the stack as possible ... loc because need to
@@ -354,7 +389,17 @@ func (h *Handler) CreateDefaultResourceIfNeeded(cfg *v1.Config) (*v1.Config, err
 		cfg.Kind = "Config"
 		cfg.APIVersion = v1.GroupName + "/" + v1.Version
 		cfg = h.updateCfgArch(cfg)
-		cfg.Spec.ManagementState = operatorsv1api.Managed
+		switch {
+		// TODO as we gain content for non x86 platforms we can remove the nonx86 check
+		case util.IsNonX86Arch(cfg):
+			cfg.Spec.ManagementState = operatorsv1api.Removed
+			cfg.Status.Version = h.version
+		case h.tbrInaccessible():
+			cfg.Spec.ManagementState = operatorsv1api.Removed
+			cfg.Status.Version = h.version
+		default:
+			cfg.Spec.ManagementState = operatorsv1api.Managed
+		}
 		h.AddFinalizer(cfg)
 		// we should get a watch event for the default pull secret, but just in case
 		// we miss the watch event, as well as reducing churn with not starting the
@@ -509,11 +554,11 @@ func (h *Handler) Handle(event util.Event) error {
 		// and event delete flag true
 		if event.Deleted {
 			logrus.Info("A previous delete attempt has been successfully completed")
-			h.cvowrapper.UpdateOperatorStatus(cfg, true)
+			h.cvowrapper.UpdateOperatorStatus(cfg, true, h.tbrCheckFailed)
 			return nil
 		}
 		if cfg.DeletionTimestamp != nil {
-			h.cvowrapper.UpdateOperatorStatus(cfg, true)
+			h.cvowrapper.UpdateOperatorStatus(cfg, true, h.tbrCheckFailed)
 			// before we kick off the delete cycle though, we make sure a prior creation
 			// cycle is not still in progress, because we don't want the create adding back
 			// in things we just deleted ... if an upsert is still in progress, return an error;
@@ -588,11 +633,7 @@ func (h *Handler) Handle(event util.Event) error {
 		// Every time we see a change to the Config object, update the ClusterOperator status
 		// based on the current conditions of the Config.
 		cfg = h.refetchCfgMinimizeConflicts(cfg)
-		//TODO remove this setting of version once we start getting samples for z or ppc
-		if util.IsNonX86Arch(cfg) {
-			cfg.Status.Version = h.version
-		}
-		err := h.cvowrapper.UpdateOperatorStatus(cfg, false)
+		err := h.cvowrapper.UpdateOperatorStatus(cfg, false, h.tbrCheckFailed)
 		if err != nil {
 			logrus.Errorf("error updating cluster operator status: %v", err)
 			return err
@@ -628,12 +669,6 @@ func (h *Handler) Handle(event util.Event) error {
 			return h.crdwrapper.UpdateStatus(cfg, dbg)
 		}
 
-		//TODO adjust this check as we start getting samples for z or ppc
-		if util.IsNonX86Arch(cfg) {
-			logrus.Printf("samples are not installed on non-x86 architectures")
-			return nil
-		}
-
 		h.buildSkipFilters(cfg)
 		configChanged := false
 		configChangeRequiresUpsert := false

diff --git a/pkg/util/util.go b/pkg/util/util.go
@@ -57,7 +57,7 @@ func ConditionUnknown(s *samplev1.Config, c samplev1.ConfigConditionType) bool {
 	return false
 }
 
-func AnyConditionUnknown(s *samplev1.Config, ) bool {
+func AnyConditionUnknown(s *samplev1.Config) bool {
 	for _, rc := range s.Status.Conditions {
 		if rc.Status == corev1.ConditionUnknown {
 			return true
@@ -150,7 +150,6 @@ const (
 	// numConfigConditionType is a helper constant that captures the number possible conditions
 	// defined above in this const block
 	numconfigConditionType = 7
-
 )
 
 // ClusterOperatorStatusAvailableCondition return values are as follows:
@@ -295,7 +294,7 @@ func ClusterOperatorStatusProgressingCondition(s *samplev1.Config, degradedState
 
 // ClusterNeedsCreds checks the conditions that drive whether the operator complains about
 // needing credentials to import RHEL content
-func ClusterNeedsCreds(s *samplev1.Config, ) bool {
+func ClusterNeedsCreds(s *samplev1.Config) bool {
 	if strings.TrimSpace(s.Spec.SamplesRegistry) != "" &&
 		strings.TrimSpace(s.Spec.SamplesRegistry) != "registry.redhat.io" {
 		return false

diff --git a/test/e2e/cluster_samples_operator_test.go b/test/e2e/cluster_samples_operator_test.go
@@ -3,6 +3,7 @@ package e2e
 import (
 	"fmt"
 	"io/ioutil"
+	"net"
 	"os"
 	"path/filepath"
 	"strings"
@@ -36,7 +37,7 @@ import (
 
 var (
 	kubeConfig     *rest.Config
-	operatorClient *configv1client.ConfigV1Client
+	configClient   *configv1client.ConfigV1Client
 	kubeClient     *kubeset.Clientset
 	imageClient    *imageset.Clientset
 	templateClient *templateset.Clientset
@@ -56,8 +57,8 @@ func setupClients(t *testing.T) {
 			t.Fatalf("%#v", err)
 		}
 	}
-	if operatorClient == nil {
-		operatorClient, err = configv1client.NewForConfig(kubeConfig)
+	if configClient == nil {
+		configClient, err = configv1client.NewForConfig(kubeConfig)
 		if err != nil {
 			t.Fatalf("%#v", err)
 		}
@@ -153,6 +154,49 @@ func verifyX86(t *testing.T) bool {
 	return true
 }
 
+func verifyIPv6(t *testing.T) bool {
+	err := wait.PollImmediate(1*time.Second, 1*time.Minute, func() (bool, error) {
+		networkConfig, err := configClient.Networks().Get("cluster", metav1.GetOptions{})
+		if !stub.IsRetryableAPIError(err) && err != nil {
+			t.Logf("verifyIPv6 got unretryable error %s", err.Error())
+			return false, err
+		}
+		if err != nil {
+			t.Logf("verifyIPv6 got retryable error %s", err.Error())
+			return false, nil
+		}
+		if len(networkConfig.Status.ClusterNetwork) == 0 {
+			t.Logf("verifyIPv6 sees no cluster networks in network config yet")
+			return false, nil
+		}
+		for _, entry := range networkConfig.Status.ClusterNetwork {
+			t.Logf("verifyIPv6 looking at CIDR %s", entry.CIDR)
+			if len(entry.CIDR) > 0 {
+				ip, _, err := net.ParseCIDR(entry.CIDR)
+				if err != nil {
+					return false, err
+				}
+				if ip.To4() != nil {
+					t.Logf("verifyIPv6 found ipv4 %s", ip.String())
+					return true, nil
+				}
+				t.Logf("verifyIPv6 IP %s not ipv4", ip.String())
+			}
+		}
+		t.Logf("verifyIPv6 done looping through cluster networks, found no ipv4")
+		if len(networkConfig.Status.ClusterNetwork) == 0 {
+			return false, nil
+		}
+		return false, fmt.Errorf("verifyIPv6 determined this is a IPIv6 env")
+	})
+	if err != nil {
+		t.Logf("verifyIpv6 either could not access network cluster config or ipv6 only: %s", err.Error())
+		return true
+	}
+	t.Logf("verifyIpv6 saying not to abort for ipv6")
+	return false
+}
+
 func verifySecretPresent(t *testing.T) {
 	setupClients(t)
 	secClient := kubeClient.CoreV1().Secrets("openshift")
@@ -211,7 +255,7 @@ func verifyClusterOperatorConditionsComplete(t *testing.T, expectedVersion strin
 	var state *configv1.ClusterOperator
 	var err error
 	err = wait.PollImmediate(1*time.Second, 10*time.Minute, func() (bool, error) {
-		state, err = operatorClient.ClusterOperators().Get(operator.ClusterOperatorName, metav1.GetOptions{})
+		state, err = configClient.ClusterOperators().Get(operator.ClusterOperatorName, metav1.GetOptions{})
 		if err != nil {
 			t.Logf("%v", err)
 			return false, nil
@@ -485,6 +529,9 @@ func validateContent(t *testing.T, timeToCompare *kapis.Time) {
 	if !verifyX86(t) {
 		return
 	}
+	if verifyIPv6(t) {
+		return
+	}
 
 	contentDir := getContentDir(t)
 	content := getSamplesNames(contentDir, nil, t)
@@ -592,6 +639,9 @@ func verifyDeletedImageStreamNotRecreated(t *testing.T) {
 	if !verifyX86(t) {
 		return
 	}
+	if verifyIPv6(t) {
+		return
+	}
 
 	err := imageClient.ImageV1().ImageStreams("openshift").Delete("jenkins", &metav1.DeleteOptions{})
 	if err != nil {
@@ -653,6 +703,9 @@ func verifyDeletedTemplatesNotRecreated(t *testing.T) {
 	if !verifyX86(t) {
 		return
 	}
+	if verifyIPv6(t) {
+		return
+	}
 
 	err := templateClient.TemplateV1().Templates("openshift").Delete("jenkins-ephemeral", &metav1.DeleteOptions{})
 	if err != nil {
@@ -930,6 +983,9 @@ func TestSkippedProcessing(t *testing.T) {
 	if !verifyX86(t) {
 		return
 	}
+	if verifyIPv6(t) {
+		return
+	}
 
 	err := verifyConditionsCompleteSamplesAdded(t)
 	if err != nil {
@@ -1014,6 +1070,9 @@ func TestRecreateDeletedManagedSample(t *testing.T) {
 	if !verifyX86(t) {
 		return
 	}
+	if verifyIPv6(t) {
+		return
+	}
 
 	verifyOperatorUp(t)
 	// first make sure we are at normal state