Changes needed for IPv6

Add support for provisioing over IPv6 Conflicts: data/data/bootstrap/baremetal/files/usr/local/bin/startironic.sh.template pkg/asset/ignition/bootstrap/bootstrap.go pkg/types/baremetal/defaults/platform.go
openshift · Jan 22, 2020 · 58dca79 · 58dca79
1 parent ae27357
commit 58dca79
Show file tree

Hide file tree

Showing 2 changed files with 35 additions and 15 deletions.
diff --git a/data/data/bootstrap/baremetal/files/usr/local/bin/startironic.sh.template b/data/data/bootstrap/baremetal/files/usr/local/bin/startironic.sh.template
@@ -32,7 +32,7 @@ fi
 # Wait for the interface to come up
 # This is how the ironic container currently detects IRONIC_IP, this could probably be improved by using
 # nmcli show provisioning there instead, but we need to confirm that works with the static-ip-manager
-while [ -z "$(ip -4 address show dev "$PROVISIONING_NIC" | grep -oP '(?<=inet\s)\d+(\.\d+){3}' | head -n 1)" ]; do
+while [ -z "$(ip -o addr show dev $PROVISIONING_NIC | grep -v link)" ]; do
     sleep 1
 done
 
@@ -50,13 +50,6 @@ while ! iptables -L; do
   sleep 1
 done
 
-# Add firewall rules to ensure the IPA ramdisk can reach httpd, Ironic and the Inspector API on the host
-for port in 80 5050 6385 ; do
-    if ! sudo iptables -C INPUT -i $PROVISIONING_NIC -p tcp -m tcp --dport $port -j ACCEPT > /dev/null 2>&1; then
-        sudo iptables -I INPUT -i $PROVISIONING_NIC -p tcp -m tcp --dport $port -j ACCEPT
-    fi
-done
-
 # Start dnsmasq, http, mariadb, and ironic containers using same image
 # Currently we do this outside of a pod because we need to ensure the images
 # are downloaded before starting the API pods
@@ -73,10 +66,18 @@ podman run -d --net host --privileged --name httpd \
      --env PROVISIONING_INTERFACE=$PROVISIONING_NIC \
      -v $IRONIC_SHARED_VOLUME:/shared:z --entrypoint /bin/runhttpd ${IRONIC_IMAGE}
 
-# Set CACHEURL to the default route, so we try to consume any images cached on the host
-# running the VM (dev-scripts configures a cache here), if none is found then the
-# downloader containers just skip and download from the internet location
-CACHEURL="http://$(ip r | grep $PROVISIONING_NIC | awk '/default/ {print $3};')/images"
+{{ if .PlatformData.BareMetal.ProvisioningIPv6 }}
+IPTABLES=ip6tables
+{{ else }}
+IPTABLES=iptables
+{{ end }}
+
+
+# Set CACHEURL to the the same IP as is used in RHCOS_BOOT_IMAGE_URL, assuming any cache would
+# be the same host, if none is found then the downloader containers just skip and download
+# from the internet location ( IP=n.n.n.n:nn or [x:x::x]:nn )
+IP=$(echo $RHCOS_BOOT_IMAGE_URL | sed -e 's/.*:\/\/\([^/]*\)\/.*/\1/g' )
+CACHEURL="http://$IP/images"
 podman run -d --net host --name ipa-downloader \
      --env CACHEURL=${CACHEURL} \
      -v $IRONIC_SHARED_VOLUME:/shared:z ${IPA_DOWNLOADER_IMAGE} /usr/local/bin/get-resource.sh
@@ -85,6 +86,16 @@ podman run -d --net host --name coreos-downloader \
      --env CACHEURL=${CACHEURL} \
      -v $IRONIC_SHARED_VOLUME:/shared:z ${COREOS_DOWNLOADER_IMAGE} /usr/local/bin/get-resource.sh $RHCOS_BOOT_IMAGE_URL
 
+
+# Add firewall rules to ensure the IPA ramdisk can reach httpd, Ironic and the Inspector API on the host
+for port in 80 5050 6385 ; do
+    if ! sudo $IPTABLES -C INPUT -i $PROVISIONING_NIC -p tcp -m tcp --dport $port -j ACCEPT > /dev/null 2>&1; then
+        sudo $IPTABLES -I INPUT -i $PROVISIONING_NIC -p tcp -m tcp --dport $port -j ACCEPT
+    fi
+done
+
+
+
 # Wait for images to be downloaded/ready
 podman wait -i 1000 ipa-downloader
 podman wait -i 1000 coreos-downloader

diff --git a/pkg/tfvars/baremetal/baremetal.go b/pkg/tfvars/baremetal/baremetal.go
@@ -29,6 +29,14 @@ type config struct {
 	InstanceInfos []map[string]interface{} `json:"instance_infos"`
 }
 
+func wrapIPv6(ip string) string{
+    if strings.Contains(ip, ":"){
+        return "["+ip+"]"
+    }
+    return ip
+}
+
+
 // TFVars generates bare metal specific Terraform variables.
 func TFVars(libvirtURI, bootstrapProvisioningIP, bootstrapOSImage, externalBridge, provisioningBridge string, platformHosts []*baremetal.Host, image string) ([]byte, error) {
 	bootstrapOSImage, err := cache.DownloadImageFile(bootstrapOSImage)
@@ -59,8 +67,8 @@ func TFVars(libvirtURI, bootstrapProvisioningIP, bootstrapOSImage, externalBridg
 			Password: host.BMC.Password,
 		}
 		driverInfo := accessDetails.DriverInfo(credentials)
-		driverInfo["deploy_kernel"] = fmt.Sprintf("http://%s/images/ironic-python-agent.kernel", bootstrapProvisioningIP)
-		driverInfo["deploy_ramdisk"] = fmt.Sprintf("http://%s/images/ironic-python-agent.initramfs", bootstrapProvisioningIP)
+		driverInfo["deploy_kernel"] = fmt.Sprintf("http://%s/images/ironic-python-agent.kernel", wrapIPv6(bootstrapProvisioningIP))
+		driverInfo["deploy_ramdisk"] = fmt.Sprintf("http://%s/images/ironic-python-agent.initramfs", wrapIPv6(bootstrapProvisioningIP))
 
 		// Host Details
 		hostMap := map[string]interface{}{
@@ -78,6 +86,7 @@ func TFVars(libvirtURI, bootstrapProvisioningIP, bootstrapOSImage, externalBridg
 		propertiesMap := map[string]interface{}{
 			"local_gb": profile.LocalGB,
 			"cpu_arch": profile.CPUArch,
+			"capabilities": "boot_mode:uefi",
 		}
 
 		// Root device hints
@@ -103,7 +112,7 @@ func TFVars(libvirtURI, bootstrapProvisioningIP, bootstrapOSImage, externalBridg
 		// ref https://github.com/openshift/ironic-rhcos-downloader/pull/12
 		imageFilename := path.Base(strings.TrimSuffix(imageURL.String(), ".gz"))
 		compressedImageFilename := strings.Replace(imageFilename, "openstack", "compressed", 1)
-		cacheImageURL := fmt.Sprintf("http://%s/images/%s/%s", bootstrapProvisioningIP, imageFilename, compressedImageFilename)
+		cacheImageURL := fmt.Sprintf("http://%s/images/%s/%s", wrapIPv6(bootstrapProvisioningIP), imageFilename, compressedImageFilename)
 		cacheChecksumURL := fmt.Sprintf("%s.md5sum", cacheImageURL)
 		instanceInfo := map[string]interface{}{
 			"root_gb":        25, // FIXME(stbenjam): Needed until https://storyboard.openstack.org/#!/story/2005165