derive load balancer targets from associated networks

ci-operator/step-registry/ipi/conf/vsphere/check/ipi-conf-vsphere-check-commands.sh

@@ -107,6 +107,7 @@ metadata:
 spec:
   vcpus: 0
   memory: 0
+  requiresPool: \"${VSPHERE_BASTION_LEASED_RESOURCE}\"
   networks: 1" | oc create --kubeconfig ${SA_KUBECONFIG} -f -
 fi
 
@@ -162,20 +163,28 @@ for LEASE in $LEASES; do
   oc get leases.vspherecapacitymanager.splat.io -n vsphere-infra-helpers --kubeconfig ${SA_KUBECONFIG} ${LEASE} -o json > /tmp/lease.json
   VCENTER=$(cat /tmp/lease.json | jq -r '.status.server')
   NETWORK_PATH=$(cat /tmp/lease.json | jq -r '.status.topology.networks[0]')
-  portgroup_name=$(echo $NETWORK_PATH | cut -d '/' -f 4)
-
+  NETWORK_RESOURCE=$(cat /tmp/lease.json | jq -r '.metadata.ownerReferences[] | select(.kind=="Network") | .name')
+
+  portgroup_name=$(echo $NETWORK_PATH | cut -d '/' -f 4)  
 
   bastion_leased_resource=$(cat /tmp/lease.json | jq .metadata.labels.VSPHERE_BASTION_LEASED_RESOURCE)
   extra_leased_resource=$(cat /tmp/lease.json | jq .metadata.labels.VSPHERE_EXTRA_LEASED_RESOURCE)
 
+  NETWORK_CACHE_PATH="${SHARED_DIR}/NETWORK_${NETWORK_RESOURCE}.json"
+
+  if [ ! -f $NETWORK_CACHE_PATH ]; then
+    log caching network resource ${NETWORK_RESOURCE}
+    oc get networks.vspherecapacitymanager.splat.io -n vsphere-infra-helpers --kubeconfig ${SA_KUBECONFIG} ${NETWORK_RESOURCE} -o json > ${NETWORK_CACHE_PATH}
+  fi
+
   if [ ${bastion_leased_resource} != "null" ]; then
     log "setting bastion portgroup ${portgroup_name} in vsphere_context.sh"  
     cat >>"${SHARED_DIR}/vsphere_context.sh" <<EOF    
 export vsphere_bastion_portgroup="${portgroup_name}"
 EOF
 
   elif [ ${extra_leased_resource} != "null" ]; then
-    log "setting extra leased networrk ${portgroup_name} in vsphere_context.sh"  
+    log "setting extra leased network ${portgroup_name} in vsphere_context.sh"  
     cat >>"${SHARED_DIR}/vsphere_context.sh" <<EOF
 export vsphere_extra_portgroup_${extra_leased_resource}="${portgroup_name}"
 EOF
@@ -311,23 +320,23 @@ EOF
 # randomly delete may fail, this shouldn't cause an immediate issue
 # but should eventually be cleaned up.
 
-set +e
-for LEASE in $LEASES; do
-  cat $SHARED_DIR/LEASE_$LEASE.json | jq -r '.status.envVars' > /tmp/envvars
-  source /tmp/envvars
-
-  export GOVC_USERNAME="${pool_usernames[$vsphere_url]}"
-  export GOVC_PASSWORD="${pool_passwords[$vsphere_url]}"
-  export GOVC_TLS_CA_CERTS=/var/run/vault/vsphere-ibmcloud-ci/vcenter-certificate
-
-  echo "$(date -u --rfc-3339=seconds) - Find virtual machines attached to ${vsphere_portgroup} in DC ${vsphere_datacenter} and destroy"
-  govc ls -json "${vsphere_portgroup}" |
-  jq '.elements[]?.Object.Vm[]?.Value' |
-  xargs -I {} --no-run-if-empty govc ls -json -L VirtualMachine:{} |
-  jq '.elements[].Path | select((contains("ova") or test("\\bci-segment-[0-9]?[0-9]?[0-9]-bastion\\b")) | not)' |
-  xargs -I {} --no-run-if-empty govc vm.destroy {}
-done
-set -e
+# set +e
+# for LEASE in $LEASES; do
+#   cat $SHARED_DIR/LEASE_$LEASE.json | jq -r '.status.envVars' > /tmp/envvars
+#   source /tmp/envvars
+
+#   export GOVC_USERNAME="${pool_usernames[$vsphere_url]}"
+#   export GOVC_PASSWORD="${pool_passwords[$vsphere_url]}"
+#   export GOVC_TLS_CA_CERTS=/var/run/vault/vsphere-ibmcloud-ci/vcenter-certificate
+
+#   echo "$(date -u --rfc-3339=seconds) - Find virtual machines attached to ${vsphere_portgroup} in DC ${vsphere_datacenter} and destroy"
+#   govc ls -json "${vsphere_portgroup}" |
+#   jq '.elements[]?.Object.Vm[]?.Value' |
+#   xargs -I {} --no-run-if-empty govc ls -json -L VirtualMachine:{} |
+#   jq '.elements[].Path | select((contains("ova") or test("\\bci-segment-[0-9]?[0-9]?[0-9]-bastion\\b")) | not)' |
+#   xargs -I {} --no-run-if-empty govc vm.destroy {}
+# done
+# set -e
 
 log "writing the platform spec"
 echo $platformSpec | jq -r yamlify2 | sed --expression='s/^/    /g' > $SHARED_DIR/platform.yaml

ci-operator/step-registry/ipi/conf/vsphere/lb/external/ipi-conf-vsphere-lb-external-commands.sh

@@ -9,6 +9,10 @@ if [[ -z "${LEASED_RESOURCE}" ]]; then
   exit 1
 fi
 
+function log() {
+  echo "$(date -u --rfc-3339=seconds) - ${1}"
+}
+
 # notes: jcallen: we need vlanid and primaryrouterhostname
 declare vlanid
 declare primaryrouterhostname
@@ -132,19 +136,14 @@ backend ${EP_NAMES[$i]}
   default-server verify none inter 10s downinter 5s rise 2 fall 3 slowstart 60s maxconn 250 maxqueue 256 weight 100
 EOF
 
-  for ip in {10..127}; do
-    ipaddress=$(jq -r --argjson N "$ip" --arg PRH "$primaryrouterhostname" --arg VLANID "$vlanid" '.[$PRH][$VLANID].ipAddresses[$N]' "${SUBNETS_CONFIG}")
-    echo "   "server ${EP_NAMES[$i]}-${ip} ${ipaddress}:${EP_PORTS[$i]} check check-ssl >>$HAPROXY_PATH
-    if [[ -n "${VSPHERE_EXTRA_LEASED_RESOURCE:-}" ]]; then
-      for extra_leased_resource in ${VSPHERE_EXTRA_LEASED_RESOURCE}; do
-          extra_router=$(awk -F. '{print $1}' <(echo "${extra_leased_resource}"))
-	  extra_phydc=$(awk -F. '{print $2}' <(echo "${extra_leased_resource}"))
-	  extra_vlanid=$(awk -F. '{print $3}' <(echo "${extra_leased_resource}"))
-	  extra_primaryrouterhostname="${extra_router}.${extra_phydc}"
-	  ipaddress=$(jq -r --argjson N "$ip" --arg PRH "$extra_primaryrouterhostname" --arg VLANID "$extra_vlanid" '.[$PRH][$VLANID].ipAddresses[$N]' "${SUBNETS_CONFIG}")
-	  echo "   "server ${EP_NAMES[$i]}${extra_vlanid}-${ip} ${ipaddress}:${EP_PORTS[$i]} check check-ssl >>$HAPROXY_PATH
-      done 
-    fi
+  # read shared network configuration
+  for _networkJSON in $(ls -d $SHARED_DIR/NETWORK*); do
+    log "creating endpoints for haproxy for network ${_networkJSON}"
+    ADDRS=$(cat $_networkJSON | jq -r .spec.ipAddresses[] | tail -n +5)
+    for ip in $ADDRS; do    
+      log "server ${EP_NAMES[$i]}-${ip} ${ip}:${EP_PORTS[$i]} check check-ssl"
+      echo "   "server ${EP_NAMES[$i]}-${ip} ${ip}:${EP_PORTS[$i]} check check-ssl >>$HAPROXY_PATH
+    done
   done
 done