Bug 1826100: vSphere allow users to specify existing folder

[patrickdillon]

Before this PR, we were always creating a folder with the cluster ID (incorrectly ignoring the folder specified in the install config). Now, if users specify a folder in the install config, terraform will expect there to be an existing folder and will use it for installation. If none is specified, a folder will be created with install config.

TODO:

• set folder value from ic or default to cluster id in tfvars and cloud config
• terraform: conditionally create folder resource or use existing folder data source
• terraform: support nested folder data source
• update destroy
• validation to ensure specified folder exists
• update readme/docs for folder paramater

Folder Paths
vSphere libraries seem to use a mixture of relative and absolute paths. Some of these issues only seem to arise when using nested folders; that is, a relative path is ok for a top-level folder but an absolute path is required for a nested folder. This is the case for the Machine API provider and terraform import_ova resource. The cloud config and terraform virtual machine resource need relative paths.

Validation
Adds static validation to ensure absolute path is provided in the install config:

FATAL failed to fetch Master Machines: failed to load asset "Install Config": invalid "install-config.yaml" file: platform.vsphere.folder: Invalid value: "/wrong/vm/padillon-test/subfolder": folder must be absolute path: expected prefix /dc1/vm/ 

Adds API validation to ensure that a specified folder exists when installing to the cluster:

FATAL failed to fetch Cluster: failed to fetch dependency of "Cluster": failed to generate asset "Platform Provisioning Check": platform.vsphere.folder: Invalid value: "/dc1/vm/wrong/subfolder": folder '/dc1/vm/wrong/subfolder' not found 

[openshift-ci-robot]

@patrickdillon: This pull request references Bugzilla bug 1826100, which is valid. The bug has been updated to refer to the pull request using the external bug tracker.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target release (4.5.0) matches configured target release for branch (4.5.0)
• bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

In response to this:

Bug 1826100: vSphere allow users to specify existing folder [WIP]

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[patrickdillon]

/hold
WIP see TODO

[patrickdillon]

/test e2e-vsphere

[abhinavdahiya]

one thing we should make sure is that the cloudproviderconfig is also configured to match the changes here.

[patrickdillon]

/retest

[patrickdillon]

/retest

[patrickdillon]

cc @dav1x

[patrickdillon]

/retest
upi image is failing to d/l matchbox but url is working for me...
update: looks like github is having outages.

[patrickdillon]

/test e2e-vsphere

one thing we should make sure is that the cloudproviderconfig is also configured to match the changes here.

I updated 91151a4 with this change. vSphere cloud provider config was using the clustername--not cluster id.

API server seemed to be failing in the last run...

E0423 15:11:42.182268       1 reflector.go:178] github.com/openshift/client-go/user/informers/externalversions/factory.go:101: Failed to list *v1.Group: the server is currently unable to handle the request (get groups.user.openshift.io)
W0423 15:11:42.696634       1 clientconn.go:1208] grpc: addrConn.createTransport failed to connect to {https://localhost:2379  <nil> 0 <nil>}. Err :connection error: desc = "transport: Error while dialing dial tcp [::1]:2379: connect: connection refused". Reconnecting...

[patrickdillon]

/test e2e-vsphere

[openshift-ci-robot]

@patrickdillon: This pull request references Bugzilla bug 1826100, which is valid.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target release (4.5.0) matches configured target release for branch (4.5.0)
• bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

In response to this:

Bug 1826100: vSphere allow users to specify existing folder [WIP]

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[patrickdillon]

@jcpowermac This requires an update to destroy. Can you take a look at the implementation in the latest commit?

When destroying VMs we check whether VMs are tagged and have a tagged parent folder. If we don't create the folder, the folder isn't tagged. I took the easiest option and just removed the folder check, so now we just we delete any tagged VM regardless of parent folder.

From what I can see this seems perfectly acceptable. Do you know if the extra check is just a safeguard or does it account for any (corner) cases?

The other option would be to add the folder path to the cluster metadata and find a reference to untagged BYO folders by path. Not too much work but probably better to avoid unnecessary complexity if we don't need it.

[jcpowermac]

@jcpowermac This requires an update to destroy. Can you take a look at the implementation in the latest commit?

When destroying VMs we check whether VMs are tagged and have a tagged parent folder. If we don't create the folder, the folder isn't tagged. I took the easiest option and just removed the folder check, so now we just we delete any tagged VM regardless of parent folder.

From what I can see this seems perfectly acceptable. Do you know if the extra check is just a safeguard or does it account for any (corner) cases?

That is the only reason I wrote it that way...as a safeguard.

The other option would be to add the folder path to the cluster metadata and find a reference to untagged BYO folders by path. Not too much work but probably better to avoid unnecessary complexity if we don't need it.

@patrickdillon That seems perfectly fine to me.
I doubt that a customer will tag one of their virtual machines with the openshift created tag.

[patrickdillon]

/test e2e-vsphere

[openshift-ci-robot]

@patrickdillon: This pull request references Bugzilla bug 1826100, which is valid.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target release (4.5.0) matches configured target release for branch (4.5.0)
• bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

In response to this:

Bug 1826100: vSphere allow users to specify existing folder [WIP]

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[abhinavdahiya]

what if the user already gave us the folder path prefixed with /<datacenter>/vm/ ?

[abhinavdahiya]

we should try to error out saying you have prefixed it, we would like un-prefixed.

[patrickdillon]

we should try to error out saying you have prefixed it, we would like un-prefixed.

I can easily add some static validation.

what if the user already gave us the folder path prefixed with //vm/

When create cluster is run validation would run to look for a folder called /<datacenter>/vm//<datacenter>/vm/. Assuming it doesn't exist, the install would abort.

I have probably been thinking about this too much, but my approach has been to rely on the API validation because it is difficult to determine what is actually a valid name and what isn't.

/<datacenter>/vm/<datacenter>/vm is technically a valid folder name. I haven't tested much with the leading /... vsphere seems to convert / to %20 or something like that.

I think we could probably safely statically validate a leading / and I can confirm that with a little more testing.

I also think it is a safe assumption that although it might be allowed no one will really name their folder /<datacenter>/vm/ and it is much more likely they are making a mistake.

I will work on adding these.

[patrickdillon]

@rgolangh suggested requiring the absolute path, which could actually make things simpler and be easier to validate.

[abhinavdahiya]

can we update the godoc for the field inaddition to this customization document.

[patrickdillon]

Hm. Machine API cannot find nested folder when I specify relative path.

This PR is 2 steps forward 1 step back.

/this-is-fine

[openshift-ci-robot]

@patrickdillon:

In response to this:

Hm. Machine API cannot find nested folder when I specify relative path.

This PR is 2 steps forward 1 step back.

/this-is-fine

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[abhinavdahiya]

There missing validation test for this, but we can add those later on...

[openshift-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: abhinavdahiya

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [abhinavdahiya]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-ci-robot]

@patrickdillon: The following test failed, say /retest to rerun all failed tests:

Test name	Commit	Details	Rerun command
ci/prow/e2e-ovirt	2d49e7f	link	/test e2e-ovirt

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-ci-robot]

@patrickdillon: Some pull requests linked via external trackers have merged: . The following pull requests linked via external trackers have not merged:

• openshift/installer#3485 is open
  Bugzilla bug 1826100 has been moved to the MODIFIED state.

In response to this:

Bug 1826100: vSphere allow users to specify existing folder

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.