diff --git a/02_configure_host.sh b/02_configure_host.sh index 4c7782700..356393390 100755 --- a/02_configure_host.sh +++ b/02_configure_host.sh @@ -310,7 +310,8 @@ mkdir -p "${M3PATH}" # of the path detect_mismatch "${BMO_LOCAL_IMAGE:-}" "${BMOPATH}" clone_repo "${BMOREPO}" "${BMOBRANCH}" "${BMOPATH}" "${BMOCOMMIT}" - +# edit cloned bmo to run ironic without hostnetwork access +cp -f ironic.yaml "${BMOPATH}/ironic-deployment/base/ironic.yaml" detect_mismatch "${CAPM3_LOCAL_IMAGE:-}" "${CAPM3PATH}" clone_repo "${CAPM3REPO}" "${CAPM3BRANCH}" "${CAPM3PATH}" "${CAPM3COMMIT}" diff --git a/03_launch_mgmt_cluster.sh b/03_launch_mgmt_cluster.sh index 084940ada..542a30ebe 100755 --- a/03_launch_mgmt_cluster.sh +++ b/03_launch_mgmt_cluster.sh @@ -16,7 +16,7 @@ export REPO_IMAGE_PREFIX="quay.io" declare -a BMO_IRONIC_ARGS # -k is for keepalived -BMO_IRONIC_ARGS=(-k) +BMO_IRONIC_ARGS=() if [ "${IRONIC_TLS_SETUP}" == "true" ]; then BMO_IRONIC_ARGS+=("-t") fi @@ -138,7 +138,7 @@ function update_images(){ # function launch_ironic() { pushd "${BMOPATH}" - + _INTERFACE="eth0" inspector_default=$(grep USE_IRONIC_INSPECTOR "${BMOPATH}/ironic-deployment/default/ironic_bmo_configmap.env" || true) # Update Configmap parameters with correct urls @@ -147,9 +147,7 @@ function launch_ironic() { # called PROVISIONER_IP and CIDR in dev-env cat << EOF | sudo tee "${IRONIC_DATA_DIR}/ironic_bmo_configmap.env" HTTP_PORT=${HTTP_PORT} -PROVISIONING_IP=${CLUSTER_BARE_METAL_PROVISIONER_IP} -PROVISIONING_CIDR=${BARE_METAL_PROVISIONER_CIDR} -PROVISIONING_INTERFACE=${BARE_METAL_PROVISIONER_INTERFACE} +PROVISIONING_INTERFACE=${_INTERFACE} DHCP_RANGE=${CLUSTER_DHCP_RANGE} DEPLOY_KERNEL_URL=${DEPLOY_KERNEL_URL} DEPLOY_RAMDISK_URL=${DEPLOY_RAMDISK_URL} @@ -159,6 +157,9 @@ CACHEURL=http://${BARE_METAL_PROVISIONER_URL_HOST}/images RESTART_CONTAINER_CERTIFICATE_UPDATED="${RESTART_CONTAINER_CERTIFICATE_UPDATED}" IRONIC_RAMDISK_SSH_KEY=${SSH_PUB_KEY_CONTENT} IRONIC_USE_MARIADB=${IRONIC_USE_MARIADB:-false} +IRONIC_EXTERNAL_IP=172.22.0.2 +IRONIC_EXTERNAL_CALLBACK_URL=https://172.22.0.2:30085 +IRONIC_BASE_URL=https://172.22.0.2:30085 ${inspector_default} IPA_BASEURI=${IPA_BASEURI} IPA_BRANCH=${IPA_BRANCH} @@ -182,7 +183,7 @@ EOF fi # Copy the generated configmap for ironic deployment - cp "${IRONIC_DATA_DIR}/ironic_bmo_configmap.env" "${BMOPATH}/ironic-deployment/components/keepalived/ironic_bmo_configmap.env" + cp "${IRONIC_DATA_DIR}/ironic_bmo_configmap.env" "${BMOPATH}/ironic-deployment/default/ironic_bmo_configmap.env" # Update manifests to use the correct images. # Note: Even though the manifests are not used for local deployment we need @@ -470,6 +471,7 @@ function start_management_cluster () { sudo su -l -c "minikube ssh sudo ip link set $BARE_METAL_PROVISIONER_INTERFACE up" "${USER}" sudo su -l -c "minikube ssh sudo brctl addif $BARE_METAL_PROVISIONER_INTERFACE eth2" "${USER}" sudo su -l -c "minikube ssh sudo ip addr add $INITIAL_BARE_METAL_PROVISIONER_BRIDGE_IP/$BARE_METAL_PROVISIONER_CIDR dev $BARE_METAL_PROVISIONER_INTERFACE" "${USER}" + minikube ssh sudo ip addr add 172.22.0.2/24 dev ironicendpoint fi fi } diff --git a/config_example.sh b/config_example.sh index 115494ef5..ae5d67d91 100644 --- a/config_example.sh +++ b/config_example.sh @@ -79,7 +79,7 @@ # # Force deletion of the BMO and CAPM3 repositories before cloning them again # -#export FORCE_REPO_UPDATE="${FORCE_REPO_UPDATE:-false}" +export FORCE_REPO_UPDATE=false # # Run a local baremetal operator instead of deploying in Kubernetes @@ -113,8 +113,11 @@ # Set the driver. The default value is 'mixed' (alternate nodes between ipmi # and redfish). Can also be set explicitly to ipmi/redfish/redfish-virtualmedia. # -#export BMC_DRIVER="mixed" - +export BMC_DRIVER="redfish-virtualmedia" +# Ports +export HTTP_PORT="${HTTP_PORT:-30080}" +export IRONIC_INSPECTOR_PORT="${IRONIC_INSPECTOR_PORT:-30050}" +export IRONIC_API_PORT="${IRONIC_API_PORT:-30085}" # # Set libvirt firmware and BMC bootMode # Choose "legacy" (bios), "UEFI", or "UEFISecureBoot" @@ -179,7 +182,7 @@ #export CLUSTER_APIENDPOINT_IP="192.168.111.249" # Cluster provisioning Interface -#export BARE_METAL_PROVISIONER_INTERFACE="ironicendpoint" +# export BARE_METAL_PROVISIONER_INTERFACE="eth0" # POD CIDR #export POD_CIDR=${POD_CIDR:-"192.168.0.0/18"} diff --git a/ironic.yaml b/ironic.yaml new file mode 100644 index 000000000..b85e17e19 --- /dev/null +++ b/ironic.yaml @@ -0,0 +1,112 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: ironic +spec: + replicas: 1 + minReadySeconds: 10 + strategy: + # We cannot run Ironic with more than one replica at a time. The recreate + # strategy makes sure that the old pod is gone before a new is started. + type: Recreate + selector: + matchLabels: + name: ironic + template: + metadata: + labels: + name: ironic + spec: + containers: + - name: ironic + image: quay.io/metal3-io/ironic + imagePullPolicy: Always + command: + - /bin/runironic + volumeMounts: + - mountPath: /shared + name: ironic-data-volume + envFrom: + - configMapRef: + name: ironic-bmo-configmap + securityContext: + allowPrivilegeEscalation: true + privileged: true + runAsUser: 0 # ironic + runAsGroup: 0 # ironic + - name: ironic-log-watch + image: quay.io/metal3-io/ironic + imagePullPolicy: Always + command: + - /bin/runlogwatch.sh + volumeMounts: + - mountPath: /shared + name: ironic-data-volume + securityContext: + allowPrivilegeEscalation: true + privileged: true + runAsUser: 0 # ironic + runAsGroup: 0 # ironic + - name: ironic-httpd + image: quay.io/metal3-io/ironic + imagePullPolicy: Always + command: + - /bin/runhttpd + volumeMounts: + - mountPath: /shared + name: ironic-data-volume + envFrom: + - configMapRef: + name: ironic-bmo-configmap + securityContext: + allowPrivilegeEscalation: true + privileged: true + runAsUser: 0 # ironic + runAsGroup: 0 # ironic + initContainers: + - name: ironic-ipa-downloader + image: quay.io/metal3-io/ironic-ipa-downloader + imagePullPolicy: Always + command: + - /usr/local/bin/get-resource.sh + envFrom: + - configMapRef: + name: ironic-bmo-configmap + volumeMounts: + - mountPath: /shared + name: ironic-data-volume + securityContext: + allowPrivilegeEscalation: true + privileged: true + runAsUser: 0 # ironic + runAsGroup: 0 # ironic + volumes: + - name: ironic-data-volume + emptyDir: {} + securityContext: + runAsNonRoot: false + seccompProfile: + type: RuntimeDefault + fsGroup: 0 +--- +apiVersion: v1 +kind: Service +metadata: + name: expose-ironic-to-provisioning-network +spec: + type: NodePort + selector: + name: ironic + ports: + - name: ironic + port: 6385 + targetPort: 6385 + nodePort: 30085 + - name: inspector + port: 5050 + targetPort: 5050 + nodePort: 30050 + - name: httpd + port: 30080 + targetPort: 30080 + nodePort: 30080 \ No newline at end of file diff --git a/lib/common.sh b/lib/common.sh index 096a5c7bc..dd11f28ea 100644 --- a/lib/common.sh +++ b/lib/common.sh @@ -303,7 +303,7 @@ export IRONIC_TLS_SETUP=${IRONIC_TLS_SETUP:-"true"} export IRONIC_BASIC_AUTH=${IRONIC_BASIC_AUTH:-"true"} export IPA_DOWNLOADER_IMAGE=${IPA_DOWNLOADER_IMAGE:-"${CONTAINER_REGISTRY}/metal3-io/ironic-ipa-downloader"} export IRONIC_IMAGE=${IRONIC_IMAGE:-"${CONTAINER_REGISTRY}/metal3-io/ironic:${IRONIC_TAG}"} -export IRONIC_CLIENT_IMAGE=${IRONIC_CLIENT_IMAGE:-"${CONTAINER_REGISTRY}/metal3-io/ironic-client"} +export IRONIC_CLIENT_IMAGE=${IRONIC_CLIENT_IMAGE:-"${CONTAINER_REGISTRY}/metal3-io/ironic-client:main_20240124_4de85c1"} export IRONIC_DATA_DIR="$WORKING_DIR/ironic" export IRONIC_IMAGE_DIR="$IRONIC_DATA_DIR/html/images" export IRONIC_NAMESPACE="${IRONIC_NAMESPACE:-baremetal-operator-system}" diff --git a/tests/roles/run_tests/tasks/move.yml b/tests/roles/run_tests/tasks/move.yml index ad3d78dca..e838c5de5 100644 --- a/tests/roles/run_tests/tasks/move.yml +++ b/tests/roles/run_tests/tasks/move.yml @@ -64,7 +64,10 @@ state: absent namespace: "{{ IRONIC_NAMESPACE }}" when: EPHEMERAL_CLUSTER == "minikube" - + + - name: delete ironic ip + shell: "minikube ssh sudo ip addr del 172.22.0.2/24 dev ironicendpoint" + - name: Label baremetalhost CRD to pivot. shell: "kubectl label --overwrite crds baremetalhosts.metal3.io {{ item }}" with_items: @@ -122,6 +125,8 @@ args: chdir: "{{ BMOPATH }}" + - name: add ironic ip + shell: "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no metal3@192.168.111.249 sudo ip addr add 172.22.0.2/24 dev ironicendpoint" # Install Ironic - name: Install Ironic shell: "{{ BMOPATH }}/tools/deploy.sh -i {{ BMO_IRONIC_ARGS }}" diff --git a/tests/roles/run_tests/tasks/move_back.yml b/tests/roles/run_tests/tasks/move_back.yml index 947544532..15caf4c62 100644 --- a/tests/roles/run_tests/tasks/move_back.yml +++ b/tests/roles/run_tests/tasks/move_back.yml @@ -9,6 +9,10 @@ namespace: "{{ IRONIC_NAMESPACE }}" kubeconfig: "/tmp/kubeconfig-{{ CLUSTER_NAME }}.yaml" + - name: delete ironic ip + shell: "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no metal3@192.168.111.249 sudo ip addr del 172.22.0.2/24 dev ironicendpoint" + - name: add ironic ip + shell: "minikube ssh sudo ip addr add 172.22.0.2/24 dev ironicendpoint" # Install BMO in Source cluster - name: Install Baremetal Operator in Source cluster shell: "{{ BMOPATH }}/tools/deploy.sh -b {{ BMO_IRONIC_ARGS }}" diff --git a/tests/roles/run_tests/vars/main.yml b/tests/roles/run_tests/vars/main.yml index 9fda43e92..7bcccce54 100644 --- a/tests/roles/run_tests/vars/main.yml +++ b/tests/roles/run_tests/vars/main.yml @@ -94,7 +94,7 @@ IPAM_INSECURE_DIAGNOSTICS: "true" # Args to pass to the deploy.sh script when deploying Ironic and BMO # [k]eepalived [t]ls [n]o basic auth or [m]ariadb -BMO_IRONIC_ARGS: "-k {{ (IRONIC_TLS_SETUP == 'true') | ternary('-t', '') }} {{ (IRONIC_BASIC_AUTH == 'true') | ternary('', '-n') }} {{ (IRONIC_USE_MARIADB == 'true') | ternary('-m', '') }}" +BMO_IRONIC_ARGS: "{{ (IRONIC_TLS_SETUP == 'true') | ternary('-t', '') }} {{ (IRONIC_BASIC_AUTH == 'true') | ternary('', '-n') }} {{ (IRONIC_USE_MARIADB == 'true') | ternary('-m', '') }}" provision_cluster_actions: - "ci_test_provision"