forked from suse-edge/Factory
Compare commits
23 Commits
Author | SHA256 | Date | |
---|---|---|---|
5ece6cd64e
|
|||
0da5de1c06
|
|||
27af056dce
|
|||
e233adfec2
|
|||
8617c36789
|
|||
aa56c231d4
|
|||
29dd8dda17
|
|||
6012f480b0
|
|||
110a7b1f7c
|
|||
343fcd24b7
|
|||
03d7a39ead
|
|||
e2d38a867c
|
|||
eecd30e90d
|
|||
fc0cfda2c0
|
|||
582aaaa424
|
|||
a94cde2a35
|
|||
ad01fecc4f
|
|||
d59126b517
|
|||
19394a8b03
|
|||
ca7da400d0
|
|||
c69044ff2b
|
|||
60f0bdd5f0
|
|||
4e4f9e591a
|
@@ -19,11 +19,11 @@ RUN sed -i -e 's%^# rpm.install.excludedocs = no.*%rpm.install.excludedocs = yes
|
||||
|
||||
#!ArchExclusiveLine: x86_64
|
||||
RUN if [ "$(uname -m)" = "x86_64" ];then \
|
||||
zypper --installroot /installroot --non-interactive install --no-recommends syslinux python311-devel python311 python311-pip python311-sushy-oem-idrac python311-proliantutils python311-sushy python311-pyinotify python3-ironicclient git curl sles-release tar gzip vim gawk dnsmasq dosfstools apache2 apache2-mod_wsgi ipcalc ipmitool iproute2 procps qemu-tools sqlite3 util-linux xorriso tftp ipxe-bootimgs python311-sushy-tools crudini openstack-ironic; \
|
||||
zypper --installroot /installroot --non-interactive install --no-recommends syslinux python311-devel python311 python311-pip python311-sushy-oem-idrac python311-proliantutils python311-sushy python311-pyinotify python3-ironicclient git curl sles-release tar gzip vim gawk dnsmasq dosfstools apache2 apache2-mod_wsgi ipcalc ipmitool iproute2 bind-utils procps qemu-tools sqlite3 util-linux xorriso tftp ipxe-bootimgs python311-sushy-tools crudini openstack-ironic; \
|
||||
fi
|
||||
#!ArchExclusiveLine: aarch64
|
||||
RUN if [ "$(uname -m)" = "aarch64" ];then \
|
||||
zypper --installroot /installroot --non-interactive install --no-recommends python311-devel python311 python311-pip python311-sushy-oem-idrac python311-proliantutils python311-sushy python311-pyinotify python3-ironicclient git curl sles-release tar gzip vim gawk dnsmasq dosfstools apache2 apache2-mod_wsgi ipcalc ipmitool iproute2 procps qemu-tools sqlite3 util-linux xorriso tftp ipxe-bootimgs python311-sushy-tools crudini openstack-ironic; \
|
||||
zypper --installroot /installroot --non-interactive install --no-recommends python311-devel python311 python311-pip python311-sushy-oem-idrac python311-proliantutils python311-sushy python311-pyinotify python3-ironicclient git curl sles-release tar gzip vim gawk dnsmasq dosfstools apache2 apache2-mod_wsgi ipcalc ipmitool iproute2 bind-utils procps qemu-tools sqlite3 util-linux xorriso tftp ipxe-bootimgs python311-sushy-tools crudini openstack-ironic; \
|
||||
fi
|
||||
|
||||
# DATABASE
|
||||
|
@@ -1,4 +1,5 @@
|
||||
Listen {{ env.IPXE_TLS_PORT }}
|
||||
Listen 0.0.0.0:{{ env.IPXE_TLS_PORT }}
|
||||
Listen [::]:{{ env.IPXE_TLS_PORT }}
|
||||
|
||||
<VirtualHost *:{{ env.IPXE_TLS_PORT }}>
|
||||
ErrorLog /dev/stderr
|
||||
|
@@ -1,4 +1,5 @@
|
||||
Listen {{ env.VMEDIA_TLS_PORT }}
|
||||
Listen 0.0.0.0:{{ env.VMEDIA_TLS_PORT }}
|
||||
Listen [::]:{{ env.VMEDIA_TLS_PORT }}
|
||||
|
||||
<VirtualHost *:{{ env.VMEDIA_TLS_PORT }}>
|
||||
ErrorLog /dev/stderr
|
||||
@@ -10,13 +11,11 @@ Listen {{ env.VMEDIA_TLS_PORT }}
|
||||
SSLCertificateFile {{ env.IRONIC_VMEDIA_CERT_FILE }}
|
||||
SSLCertificateKeyFile {{ env.IRONIC_VMEDIA_KEY_FILE }}
|
||||
|
||||
<Directory ~ "/shared/html">
|
||||
Order deny,allow
|
||||
deny from all
|
||||
<Directory "/shared/html/">
|
||||
Require all granted
|
||||
</Directory>
|
||||
<Directory ~ "/shared/html/(redfish|ilo)/">
|
||||
Order allow,deny
|
||||
allow from all
|
||||
Require all granted
|
||||
</Directory>
|
||||
</VirtualHost>
|
||||
|
||||
|
@@ -12,11 +12,21 @@
|
||||
|
||||
|
||||
{% if env.LISTEN_ALL_INTERFACES | lower == "true" %}
|
||||
Listen {{ env.IRONIC_LISTEN_PORT }}
|
||||
Listen 0.0.0.0:{{ env.IRONIC_LISTEN_PORT }}
|
||||
Listen [::]:{{ env.IRONIC_LISTEN_PORT }}
|
||||
<VirtualHost *:{{ env.IRONIC_LISTEN_PORT }}>
|
||||
{% else %}
|
||||
Listen {{ env.IRONIC_URL_HOST }}:{{ env.IRONIC_LISTEN_PORT }}
|
||||
<VirtualHost {{ env.IRONIC_URL_HOST }}:{{ env.IRONIC_LISTEN_PORT }}>
|
||||
{% if env.ENABLE_IPV4 %}
|
||||
Listen {{ env.IRONIC_IP }}:{{ env.IRONIC_LISTEN_PORT }}
|
||||
{% endif %}
|
||||
{% if env.ENABLE_IPV6 %}
|
||||
Listen [{{ env.IRONIC_IPV6 }}]:{{ env.IRONIC_LISTEN_PORT }}
|
||||
{% endif %}
|
||||
{% if env.IRONIC_URL_HOSTNAME is defined and env.IRONIC_URL_HOSTNAME|length %}
|
||||
<VirtualHost {{ env.IRONIC_URL_HOSTNAME }}:{{ env.IRONIC_LISTEN_PORT }}>
|
||||
{% else %}
|
||||
<VirtualHost {% if env.ENABLE_IPV4 %}{{ env.IRONIC_IP }}:{{ env.IRONIC_LISTEN_PORT }}{% endif %} {% if env.ENABLE_IPV6 %}[{{ env.IRONIC_IPV6 }}]:{{ env.IRONIC_LISTEN_PORT }}{% endif %}>
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
|
||||
{% if env.IRONIC_PRIVATE_PORT == "unix" %}
|
||||
|
@@ -1,8 +1,14 @@
|
||||
ServerRoot {{ env.HTTPD_DIR }}
|
||||
{%- if env.LISTEN_ALL_INTERFACES | lower == "true" %}
|
||||
Listen {{ env.HTTP_PORT }}
|
||||
Listen 0.0.0.0:{{ env.HTTP_PORT }}
|
||||
Listen [::]:{{ env.HTTP_PORT }}
|
||||
{% else %}
|
||||
Listen {{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}
|
||||
{% if env.ENABLE_IPV4 %}
|
||||
Listen {{ env.IRONIC_IP }}:{{ env.HTTP_PORT }}
|
||||
{% endif %}
|
||||
{% if env.ENABLE_IPV6 %}
|
||||
Listen [{{ env.IRONIC_IPV6 }}]:{{ env.HTTP_PORT }}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
Include /etc/httpd/conf.modules.d/*.conf
|
||||
User ironic-suse
|
||||
|
@@ -25,7 +25,13 @@ rpc_transport = none
|
||||
use_stderr = true
|
||||
# NOTE(dtantsur): the default md5 is not compatible with FIPS mode
|
||||
hash_ring_algorithm = sha256
|
||||
{% if env.ENABLE_IPV4 %}
|
||||
my_ip = {{ env.IRONIC_IP }}
|
||||
{% endif %}
|
||||
{% if env.ENABLE_IPV6 %}
|
||||
my_ipv6 = {{ env.IRONIC_IPV6 }}
|
||||
{% endif %}
|
||||
|
||||
host = {{ env.IRONIC_CONDUCTOR_HOST }}
|
||||
tempdir = {{ env.IRONIC_TMP_DATA_DIR }}
|
||||
|
||||
@@ -65,7 +71,7 @@ port = {{ env.IRONIC_PRIVATE_PORT }}
|
||||
{% endif %}
|
||||
public_endpoint = {{ env.IRONIC_BASE_URL }}
|
||||
{% else %}
|
||||
host_ip = {% if env.LISTEN_ALL_INTERFACES | lower == "true" %}::{% else %}{{ env.IRONIC_IP }}{% endif %}
|
||||
host_ip = {{ env.IRONIC_HOST_IP }}
|
||||
port = {{ env.IRONIC_LISTEN_PORT }}
|
||||
{% if env.IRONIC_TLS_SETUP == "true" %}
|
||||
enable_ssl_api = true
|
||||
@@ -181,7 +187,7 @@ cipher_suite_versions = 3,17
|
||||
# containers are in host networking.
|
||||
auth_strategy = http_basic
|
||||
http_basic_auth_user_file = {{ env.IRONIC_RPC_HTPASSWD_FILE }}
|
||||
host_ip = {% if env.LISTEN_ALL_INTERFACES | lower == "true" %}::{% else %}{{ env.IRONIC_IP }}{% endif %}
|
||||
host_ip = {{ env.IRONIC_HOST_IP }}
|
||||
{% if env.IRONIC_TLS_SETUP == "true" %}
|
||||
use_ssl = true
|
||||
cafile = {{ env.IRONIC_CACERT_FILE }}
|
||||
|
@@ -51,6 +51,14 @@ export IRONIC_IPA_COLLECTORS=${IRONIC_IPA_COLLECTORS:-default,logs}
|
||||
|
||||
wait_for_interface_or_ip
|
||||
|
||||
if [[ "$(echo "$LISTEN_ALL_INTERFACES" | tr '[:upper:]' '[:lower:]')" == "true" ]]; then
|
||||
export IRONIC_HOST_IP="::"
|
||||
elif [[ -n "${ENABLE_IPV6}" ]]; then
|
||||
export IRONIC_HOST_IP="$IRONIC_IPV6"
|
||||
else
|
||||
export IRONIC_HOST_IP="$IRONIC_IP"
|
||||
fi
|
||||
|
||||
# Hostname to use for the current conductor instance.
|
||||
export IRONIC_CONDUCTOR_HOST=${IRONIC_CONDUCTOR_HOST:-${IRONIC_URL_HOST}}
|
||||
|
||||
@@ -92,4 +100,11 @@ render_j2_config "/etc/ironic/ironic.conf.j2" \
|
||||
configure_json_rpc_auth
|
||||
|
||||
# Make sure ironic traffic bypasses any proxies
|
||||
export NO_PROXY="${NO_PROXY:-},$IRONIC_IP"
|
||||
export NO_PROXY="${NO_PROXY:-}"
|
||||
|
||||
if [[ -n "$IRONIC_IPV6" ]]; then
|
||||
export NO_PROXY="${NO_PROXY},${IRONIC_IPV6}"
|
||||
fi
|
||||
if [[ -n "$IRONIC_IP" ]]; then
|
||||
export NO_PROXY="${NO_PROXY},${IRONIC_IP}"
|
||||
fi
|
||||
|
@@ -5,9 +5,11 @@ set -euxo pipefail
|
||||
# Export IRONIC_IP to avoid needing to lean on IRONIC_URL_HOST for consumption in
|
||||
# e.g. dnsmasq configuration
|
||||
export IRONIC_IP="${IRONIC_IP:-}"
|
||||
export IRONIC_IPV6="${IRONIC_IPV6:-}"
|
||||
PROVISIONING_INTERFACE="${PROVISIONING_INTERFACE:-}"
|
||||
PROVISIONING_IP="${PROVISIONING_IP:-}"
|
||||
PROVISIONING_MACS="${PROVISIONING_MACS:-}"
|
||||
IRONIC_URL_HOSTNAME="${IRONIC_URL_HOSTNAME:-}"
|
||||
IPXE_CUSTOM_FIRMWARE_DIR="${IPXE_CUSTOM_FIRMWARE_DIR:-/shared/custom_ipxe_firmware}"
|
||||
CUSTOM_CONFIG_DIR="${CUSTOM_CONFIG_DIR:-/conf}"
|
||||
CUSTOM_DATA_DIR="${CUSTOM_DATA_DIR:-/data}"
|
||||
@@ -33,6 +35,85 @@ export LOCAL_DB_URI="sqlite:///${IRONIC_DB_DIR}/ironic.sqlite"
|
||||
|
||||
export IRONIC_USE_MARIADB=${IRONIC_USE_MARIADB:-false}
|
||||
|
||||
|
||||
get_ip_of_hostname()
|
||||
{
|
||||
if [[ "$#" -ne 2 ]]; then
|
||||
echo "${FUNCNAME}: two parameters required, $# provided" >&2
|
||||
return 1
|
||||
fi
|
||||
|
||||
case $2 in
|
||||
4)
|
||||
QUERY="a";;
|
||||
6)
|
||||
QUERY="aaaa";;
|
||||
*)
|
||||
echo "${FUNCNAME}: the second parameter should be [a|aaaa] for A and AAAA records"
|
||||
return 1;;
|
||||
esac
|
||||
|
||||
local HOSTNAME=$1
|
||||
|
||||
echo $(nslookup -type=${QUERY} "${HOSTNAME}" | tail -n2 | grep -w "Address:" | cut -d " " -f2)
|
||||
}
|
||||
|
||||
get_interface_of_ip()
|
||||
{
|
||||
local IP_VERS=""
|
||||
|
||||
if [[ "$#" -gt 2 ]]; then
|
||||
echo "${FUNCNAME}: too many parameters" >&2
|
||||
return 1
|
||||
fi
|
||||
|
||||
if [[ "$#" -eq 2 ]]; then
|
||||
case $2 in
|
||||
4|6)
|
||||
local IP_VERS="-${2}"
|
||||
;;
|
||||
*)
|
||||
echo "${FUNCNAME}: the second parameter should be [4|6] (or missing for both)" >&2
|
||||
return 2
|
||||
;;
|
||||
esac
|
||||
fi
|
||||
|
||||
local IP_ADDR=$1
|
||||
|
||||
# Convert the address using ipcalc which strips out the subnet.
|
||||
# For IPv6 addresses, this will give the short-form address
|
||||
IP_ADDR="$(ipcalc "${IP_ADDR}" | grep "^Address:" | awk '{print $2}')"
|
||||
|
||||
echo $(ip ${IP_VERS} -br addr show scope global | grep -i " ${IP_ADDR}/" | cut -f 1 -d ' ' | cut -f 1 -d '@')
|
||||
}
|
||||
|
||||
get_ip_of_interface()
|
||||
{
|
||||
local IP_VERS=""
|
||||
|
||||
if [[ "$#" -gt 2 ]]; then
|
||||
echo "${FUNCNAME}: too many parameters" >&2
|
||||
return 1
|
||||
fi
|
||||
|
||||
if [[ "$#" -eq 2 ]]; then
|
||||
case $2 in
|
||||
4|6)
|
||||
local IP_VERS="-${2}"
|
||||
;;
|
||||
*)
|
||||
echo "${FUNCNAME}: the second parameter should be [4|6] (or missing for both)" >&2
|
||||
return 2
|
||||
;;
|
||||
esac
|
||||
fi
|
||||
|
||||
local IFACE=$1
|
||||
|
||||
echo $(ip ${IP_VERS} -br addr show scope global up dev ${IFACE} | awk '{print $3}' | sed -e 's%/.*%%' | head -n 1)
|
||||
}
|
||||
|
||||
get_provisioning_interface()
|
||||
{
|
||||
if [[ -n "$PROVISIONING_INTERFACE" ]]; then
|
||||
@@ -41,13 +122,7 @@ get_provisioning_interface()
|
||||
return
|
||||
fi
|
||||
|
||||
local interface="provisioning"
|
||||
|
||||
if [[ -n "${PROVISIONING_IP}" ]]; then
|
||||
if ip -br addr show | grep -i " ${PROVISIONING_IP}/" &>/dev/null; then
|
||||
interface="$(ip -br addr show | grep -i " ${PROVISIONING_IP}/" | cut -f 1 -d ' ' | cut -f 1 -d '@')"
|
||||
fi
|
||||
fi
|
||||
local interface=""
|
||||
|
||||
for mac in ${PROVISIONING_MACS//,/ }; do
|
||||
if ip -br link show up | grep -i "$mac" &>/dev/null; then
|
||||
@@ -71,32 +146,105 @@ wait_for_interface_or_ip()
|
||||
# available on an interface, otherwise we look at $PROVISIONING_INTERFACE
|
||||
# for an IP
|
||||
if [[ -n "${PROVISIONING_IP}" ]]; then
|
||||
# Convert the address using ipcalc which strips out the subnet.
|
||||
# For IPv6 addresses, this will give the short-form address
|
||||
IRONIC_IP="$(ipcalc "${PROVISIONING_IP}" | grep "^Address:" | awk '{print $2}')"
|
||||
export IRONIC_IP
|
||||
until grep -F " ${IRONIC_IP}/" <(ip -br addr show); do
|
||||
echo "Waiting for ${IRONIC_IP} to be configured on an interface"
|
||||
local IFACE_OF_IP=""
|
||||
|
||||
until [[ -n "$IFACE_OF_IP" ]]; do
|
||||
echo "Waiting for ${PROVISIONING_IP} to be configured on an interface..."
|
||||
IFACE_OF_IP="$(get_interface_of_ip "${PROVISIONING_IP}")"
|
||||
sleep 1
|
||||
done
|
||||
|
||||
echo "Found $PROVISIONING_IP on interface \"${IFACE_OF_IP}\"!"
|
||||
|
||||
export PROVISIONING_INTERFACE="$IFACE_OF_IP"
|
||||
# If the IP contains a colon, then it's an IPv6 address
|
||||
if [[ "$PROVISIONING_IP" =~ .*:.* ]]; then
|
||||
export IRONIC_IPV6="$PROVISIONING_IP"
|
||||
else
|
||||
export IRONIC_IP="$PROVISIONING_IP"
|
||||
fi
|
||||
elif [[ -n "${PROVISIONING_INTERFACE}" ]]; then
|
||||
until [[ -n "$IRONIC_IPV6" ]] || [[ -n "$IRONIC_IP" ]]; do
|
||||
echo "Waiting for ${PROVISIONING_INTERFACE} interface to be configured..."
|
||||
|
||||
IRONIC_IPV6="$(get_ip_of_interface "${PROVISIONING_INTERFACE}" 6)"
|
||||
sleep 1
|
||||
|
||||
IRONIC_IP="$(get_ip_of_interface "${PROVISIONING_INTERFACE}" 4)"
|
||||
sleep 1
|
||||
done
|
||||
|
||||
if [[ -n "$IRONIC_IPV6" ]]; then
|
||||
echo "Found $IRONIC_IPV6 on interface \"${PROVISIONING_INTERFACE}\"!"
|
||||
export IRONIC_IPV6
|
||||
fi
|
||||
if [[ -n "$IRONIC_IP" ]]; then
|
||||
echo "Found $IRONIC_IP on interface \"${PROVISIONING_INTERFACE}\"!"
|
||||
export IRONIC_IP
|
||||
fi
|
||||
elif [[ -n "$IRONIC_URL_HOSTNAME" ]]; then
|
||||
local IPV6_IFACE=""
|
||||
local IPV4_IFACE=""
|
||||
|
||||
# we should get at least one IP address
|
||||
until [[ -n "$IPV6_IFACE" ]] || [[ -n "$IPV4_IFACE" ]]; do
|
||||
local IPV6_RECORD=""
|
||||
local IPV4_RECORD=""
|
||||
|
||||
IPV6_RECORD="$(get_ip_of_hostname "${IRONIC_URL_HOSTNAME}" 6)"
|
||||
IPV4_RECORD="$(get_ip_of_hostname "${IRONIC_URL_HOSTNAME}" 4)"
|
||||
|
||||
# We couldn't get any IP
|
||||
if [[ -z "$IPV4_RECORD" ]] && [[ -z "$IPV6_RECORD" ]]; then
|
||||
echo "${FUNCNAME}: no valid IP found for hostname ${IRONIC_URL_HOSTNAME}" >&2
|
||||
return 1
|
||||
fi
|
||||
|
||||
echo "Waiting for ${IPV6_RECORD} to be configured on an interface"
|
||||
IPV6_IFACE="$(get_interface_of_ip "${IPV6_RECORD}" 6)"
|
||||
sleep 1
|
||||
|
||||
echo "Waiting for ${IPV4_RECORD} to be configured on an interface"
|
||||
IPV4_IFACE="$(get_interface_of_ip "${IPV4_RECORD}" 4)"
|
||||
sleep 1
|
||||
done
|
||||
|
||||
# Add some debugging output
|
||||
if [[ -n "$IPV6_IFACE" ]]; then
|
||||
echo "Found $IPV6_RECORD on interface \"${IPV6_IFACE}\"!"
|
||||
export IRONIC_IPV6="$IPV6_RECORD"
|
||||
fi
|
||||
if [[ -n "$IPV4_IFACE" ]]; then
|
||||
echo "Found $IPV4_RECORD on interface \"${IPV4_IFACE}\"!"
|
||||
export IRONIC_IP="$IPV4_RECORD"
|
||||
fi
|
||||
|
||||
# Make sure both IPs are asigned to the same interface
|
||||
if [[ -n "$IPV6_IFACE" ]] && [[ -n "$IPV4_IFACE" ]] && [[ "$IPV6_IFACE" != "$IPV4_IFACE" ]]; then
|
||||
echo "Warning, the IPv4 and IPv6 addresses from \"${HOSTNAME}\" are assigned to different " \
|
||||
"interfaces (\"${IPV6_IFACE}\" and \"${IPV4_IFACE}\")" >&2
|
||||
fi
|
||||
|
||||
else
|
||||
until [[ -n "$IRONIC_IP" ]]; do
|
||||
echo "Waiting for ${PROVISIONING_INTERFACE} interface to be configured"
|
||||
IRONIC_IP="$(ip -br add show scope global up dev "${PROVISIONING_INTERFACE}" | awk '{print $3}' | sed -e 's%/.*%%' | head -n 1)"
|
||||
export IRONIC_IP
|
||||
sleep 1
|
||||
done
|
||||
echo "Cannot determine an interface or an IP for binding and creating URLs"
|
||||
return 1
|
||||
fi
|
||||
|
||||
# If the IP contains a colon, then it's an IPv6 address, and the HTTP
|
||||
# host needs surrounding with brackets
|
||||
if [[ "$IRONIC_IP" =~ .*:.* ]]; then
|
||||
export IPV=6
|
||||
export IRONIC_URL_HOST="[$IRONIC_IP]"
|
||||
else
|
||||
export IPV=4
|
||||
# Define the URLs based on the what we have found,
|
||||
# prioritize IPv6 for IRONIC_URL_HOST
|
||||
if [[ -n "$IRONIC_IP" ]]; then
|
||||
export ENABLE_IPV4=yes
|
||||
export IRONIC_URL_HOST="$IRONIC_IP"
|
||||
fi
|
||||
if [[ -n "$IRONIC_IPV6" ]]; then
|
||||
export ENABLE_IPV6=yes
|
||||
export IRONIC_URL_HOST="[${IRONIC_IPV6}]" # The HTTP host needs surrounding with brackets
|
||||
fi
|
||||
|
||||
# Once determined if we have IPv4 and/or IPv6, override the hostname if provided
|
||||
if [[ -n "$IRONIC_URL_HOSTNAME" ]]; then
|
||||
IRONIC_URL_HOST=$IRONIC_URL_HOSTNAME
|
||||
fi
|
||||
|
||||
# Avoid having to construct full URL multiple times while allowing
|
||||
# the override of IRONIC_HTTP_URL for environments in which IRONIC_IP
|
||||
|
@@ -61,3 +61,19 @@ Create the name of the service account to use
|
||||
{{- default "default" .Values.serviceAccount.name }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create the URL to use for connecting to the Ironic servers (e.g. API, cache)
|
||||
*/}}
|
||||
{{- define "baremetal-operator.ironicHttpHost" -}}
|
||||
{{- $ironicIP := include "metal3.provisioningIP" . -}}
|
||||
{{- with .Values.global }}
|
||||
{{- if .provisioningHostname }}
|
||||
{{- .provisioningHostname }}
|
||||
{{- else if regexMatch ".*:.*" $ironicIP}}
|
||||
{{- print "[" $ironicIP "]" }}
|
||||
{{- else }}
|
||||
{{- $ironicIP }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
@@ -1,10 +1,10 @@
|
||||
{{- $enableTLS := .Values.global.enable_tls }}
|
||||
{{- $enableVMediaTLS := .Values.global.enable_vmedia_tls }}
|
||||
{{- $protocol := ternary "https" "http" $enableTLS }}
|
||||
{{- $ironicIP := .Values.global.ironicIP | default "" }}
|
||||
{{- $ironicApiHost := print $ironicIP ":6385" }}
|
||||
{{- $ironicBootHost := print $ironicIP ":6180" }}
|
||||
{{- $ironicCacheHost := print $ironicIP ":6180" }}
|
||||
{{- $ironicHost := include "baremetal-operator.ironicHttpHost" . | required "Missing host information for BMO to connect to Ironic" }}
|
||||
{{- $ironicApiHost := print $ironicHost ":6385" }}
|
||||
{{- $ironicBootHost := print $ironicHost ":6180" }}
|
||||
{{- $ironicCacheHost := print $ironicHost ":6180" }}
|
||||
{{- $deployArch := .Values.global.deployArchitecture }}
|
||||
|
||||
apiVersion: v1
|
||||
@@ -12,8 +12,8 @@ data:
|
||||
IRONIC_ENDPOINT: "{{ $protocol }}://{{ $ironicApiHost }}/v1/"
|
||||
# Switch VMedia to HTTP if enable_vmedia_tls is false
|
||||
{{- if and $enableTLS $enableVMediaTLS }}
|
||||
{{- $ironicBootHost = print $ironicIP ":" .Values.global.vmediaTLSPort }}
|
||||
{{- $ironicCacheHost = print $ironicIP ":" .Values.global.vmediaTLSPort }}
|
||||
{{- $ironicBootHost = print $ironicHost ":" .Values.global.vmediaTLSPort }}
|
||||
{{- $ironicCacheHost = print $ironicHost ":" .Values.global.vmediaTLSPort }}
|
||||
{{- $protocol = "https" }}
|
||||
RESTART_CONTAINER_CERTIFICATE_UPDATED: "true"
|
||||
{{- else }}
|
||||
|
@@ -6,6 +6,7 @@ metadata:
|
||||
control-plane: controller-manager
|
||||
name: {{ include "baremetal-operator.fullname" . }}-controller-manager-metrics-service
|
||||
spec:
|
||||
ipFamilyPolicy: PreferDualStack
|
||||
ports:
|
||||
- name: https
|
||||
port: 8443
|
||||
|
@@ -5,6 +5,7 @@ metadata:
|
||||
{{- include "baremetal-operator.labels" . | nindent 4 }}
|
||||
name: {{ include "baremetal-operator.fullname" . }}-webhook-service
|
||||
spec:
|
||||
ipFamilyPolicy: PreferDualStack
|
||||
ports:
|
||||
- port: 443
|
||||
targetPort: 9443
|
||||
|
@@ -83,3 +83,46 @@ Get ironic CA volumeMounts
|
||||
readOnly: true
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Get the formatted "External" hostname or IP address
|
||||
*/}}
|
||||
{{- define "ironic.externalHttpHost" }}
|
||||
{{- with .Values.global }}
|
||||
{{- if regexMatch ".*:.*" .externalHttpHost }}
|
||||
{{- print "[" .externalHttpHost "]" }}
|
||||
{{- else }}
|
||||
{{- .externalHttpHost }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Get the command to use for Liveness and Readiness probes
|
||||
*/}}
|
||||
{{- define "ironic.probeCommand" }}
|
||||
{{- $host := "127.0.0.1" }}
|
||||
{{- if eq .Values.listenOnAll false }}
|
||||
{{- $host = coalesce .Values.global.ironicIP .Values.global.provisioningIP .Values.global.provisioningHostname }}
|
||||
{{- if regexMatch ".*:.*" $host }}
|
||||
{{- $host = print "[" $host "]" }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- print "curl -sSfk https://" $host ":6385" }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create the subjectAltNames section to be set on the Certificate
|
||||
*/}}
|
||||
{{- define "ironic.subjectAltNames" -}}
|
||||
{{- with .Values.global }}
|
||||
{{- if .provisioningHostname }}
|
||||
dnsNames:
|
||||
- {{ .provisioningHostname }}
|
||||
{{- end -}}
|
||||
{{- if or .ironicIP .provisioningIP }}
|
||||
ipAddresses:
|
||||
- {{ coalesce .ironicIP .provisioningIP }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
@@ -6,8 +6,7 @@ metadata:
|
||||
spec:
|
||||
commonName: ironic-ca
|
||||
isCA: true
|
||||
ipAddresses:
|
||||
- {{ .Values.global.ironicIP }}
|
||||
{{- include "ironic.subjectAltNames" . | indent 2 }}
|
||||
issuerRef:
|
||||
kind: Issuer
|
||||
name: selfsigned-issuer
|
||||
@@ -19,8 +18,7 @@ metadata:
|
||||
name: ironic-cert
|
||||
spec:
|
||||
commonName: ironic-cert
|
||||
ipAddresses:
|
||||
- {{ .Values.global.ironicIP }}
|
||||
{{- include "ironic.subjectAltNames" . | indent 2 }}
|
||||
issuerRef:
|
||||
kind: Issuer
|
||||
name: ca-issuer
|
||||
@@ -33,8 +31,7 @@ metadata:
|
||||
name: ironic-vmedia-cert
|
||||
spec:
|
||||
commonName: ironic-vmedia-cert
|
||||
ipAddresses:
|
||||
- {{ .Values.global.ironicIP }}
|
||||
{{- include "ironic.subjectAltNames" . | indent 2 }}
|
||||
issuerRef:
|
||||
kind: Issuer
|
||||
name: ca-issuer
|
||||
|
@@ -8,13 +8,9 @@ data:
|
||||
{{- $enableTLS := .Values.global.enable_tls }}
|
||||
{{- $enableVMediaTLS := .Values.global.enable_vmedia_tls }}
|
||||
{{- $protocol := ternary "https" "http" $enableTLS }}
|
||||
{{- $ironicIP := .Values.global.ironicIP | default "" }}
|
||||
{{- $ironicBootHost := print $ironicIP ":6180" }}
|
||||
{{- $ironicCacheHost := print $ironicIP ":6180" }}
|
||||
{{- $deployArch := .Values.global.deployArchitecture }}
|
||||
|
||||
{{- if ( .Values.global.enable_dnsmasq ) }}
|
||||
DNSMASQ_BOOT_SERVER_ADDRESS: {{ $ironicBootHost }}
|
||||
DNSMASQ_DNS_SERVER_ADDRESS: {{ .Values.global.dnsmasqDNSServer }}
|
||||
DNSMASQ_DEFAULT_ROUTER: {{ .Values.global.dnsmasqDefaultRouter }}
|
||||
DHCP_RANGE: {{ .Values.global.dhcpRange }}
|
||||
@@ -26,27 +22,25 @@ data:
|
||||
PREDICTABLE_NIC_NAMES: "{{ .Values.global.predictableNicNames }}"
|
||||
# Switch VMedia to HTTP if enable_vmedia_tls is false
|
||||
{{- if and $enableTLS $enableVMediaTLS }}
|
||||
{{- $ironicBootHost = print $ironicIP ":" .Values.global.vmediaTLSPort }}
|
||||
{{- $ironicCacheHost = print $ironicIP ":" .Values.global.vmediaTLSPort }}
|
||||
{{- $protocol = "https" }}
|
||||
{{- else }}
|
||||
{{- $protocol = "http" }}
|
||||
{{- end }}
|
||||
IRONIC_EXTERNAL_HTTP_URL: {{ $protocol }}://{{ $ironicCacheHost }}
|
||||
{{- if .Values.global.externalHttpHost }}
|
||||
IRONIC_EXTERNAL_HTTP_URL: {{ $protocol }}://{{ include "ironic.externalHttpHost" . }}:6385
|
||||
{{- end }}
|
||||
DEPLOY_ARCHITECTURE: {{ $deployArch }}
|
||||
IRONIC_BOOT_BASE_URL: {{ $protocol }}://{{ $ironicBootHost }}
|
||||
ENABLE_PXE_BOOT: "{{ .Values.global.enable_pxe_boot }}"
|
||||
{{- if .Values.global.provisioningInterface }}
|
||||
PROVISIONING_INTERFACE: {{ .Values.global.provisioningInterface }}
|
||||
{{- end }}
|
||||
{{- if .Values.global.provisioningIP }}
|
||||
PROVISIONING_IP: {{ .Values.global.provisioningIP }}
|
||||
{{- if or .Values.global.ironicIP .Values.global.provisioningIP }}
|
||||
PROVISIONING_IP: {{ include "metal3.provisioningIP" . }}
|
||||
{{- else if .Values.global.provisioningHostname }}
|
||||
IRONIC_URL_HOSTNAME: {{ .Values.global.provisioningHostname }}
|
||||
{{- end }}
|
||||
IRONIC_FAST_TRACK: "true"
|
||||
LISTEN_ALL_INTERFACES: "true"
|
||||
{{- if .Values.global.ironicIP }}
|
||||
IRONIC_IP: {{ .Values.global.ironicIP }}
|
||||
{{- end }}
|
||||
LISTEN_ALL_INTERFACES: "{{ .Values.listenOnAll }}"
|
||||
{{- if ( .Values.global.enable_tls ) }}
|
||||
RESTART_CONTAINER_CERTIFICATE_UPDATED: "true"
|
||||
IRONIC_KERNEL_PARAMS: {{ .Values.global.ironicKernelParams }} tls.enabled=true
|
||||
|
@@ -42,7 +42,7 @@ spec:
|
||||
name: ironic
|
||||
livenessProbe:
|
||||
exec:
|
||||
command: ["sh", "-c", "curl -sSfk https://127.0.0.1:6385"]
|
||||
command: ["sh", "-c", "{{ include "ironic.probeCommand" . }}"]
|
||||
failureThreshold: 10
|
||||
initialDelaySeconds: 30
|
||||
periodSeconds: 30
|
||||
@@ -60,7 +60,7 @@ spec:
|
||||
{{- end }}
|
||||
readinessProbe:
|
||||
exec:
|
||||
command: ["sh", "-c", "curl -sSfk https://127.0.0.1:6385"]
|
||||
command: ["sh", "-c", "{{ include "ironic.probeCommand" . }}"]
|
||||
failureThreshold: 10
|
||||
initialDelaySeconds: 30
|
||||
periodSeconds: 30
|
||||
|
@@ -10,6 +10,7 @@ metadata:
|
||||
{{- end }}
|
||||
spec:
|
||||
type: {{ .Values.service.type }}
|
||||
ipFamilyPolicy: PreferDualStack
|
||||
ports:
|
||||
{{- $enableTLS := .Values.global.enable_tls }}
|
||||
{{- $enableVMediaTLS := .Values.global.enable_vmedia_tls }}
|
||||
|
@@ -32,6 +32,12 @@ global:
|
||||
# IP Address assigned to network interface on provisioning network
|
||||
provisioningIP: ""
|
||||
|
||||
# Fully Qualified Domain Name used by Ironic for both binding (to the
|
||||
# associated IPv4 and/or IPv6 addresses) and exposing the API, dnsmask and
|
||||
# media, also used by BMO. Note, this is the only way to enable a fully
|
||||
# working dual-stack configuration.
|
||||
provisioningHostname: ""
|
||||
|
||||
# Whether the NIC names should be predictable or not
|
||||
predictableNicNames: "true"
|
||||
|
||||
@@ -52,6 +58,8 @@ global:
|
||||
|
||||
replicaCount: 1
|
||||
|
||||
listenOnAll: true
|
||||
|
||||
images:
|
||||
ironic:
|
||||
repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic
|
||||
|
@@ -5,10 +5,11 @@ metadata:
|
||||
labels:
|
||||
{{- include "mariadb.labels" . | nindent 4 }}
|
||||
spec:
|
||||
ipFamilyPolicy: PreferDualStack
|
||||
type: {{ .Values.service.type }}
|
||||
selector:
|
||||
{{- include "mariadb.selectorLabels" . | nindent 4 }}
|
||||
ports:
|
||||
{{- with .Values.service.ports }}
|
||||
{{- toYaml . | nindent 2 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
@@ -5,6 +5,7 @@ metadata:
|
||||
labels:
|
||||
{{- include "media.labels" . | nindent 4 }}
|
||||
spec:
|
||||
ipFamilyPolicy: PreferDualStack
|
||||
type: {{ .Values.service.type }}
|
||||
ports:
|
||||
- port: {{ .Values.service.port }}
|
||||
|
@@ -60,3 +60,18 @@ Create the name of the service account to use
|
||||
{{- default "default" .Values.serviceAccount.name }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Produce the correct IP or hostname for Ironic provisioning
|
||||
*/}}
|
||||
{{- define "metal3.provisioningIP" -}}
|
||||
{{- with .Values.global }}
|
||||
{{- if and .provisioningHostname (or .provisioningIP .ironicIP) }}
|
||||
{{ fail "Please provide either provisioningHostname or provisioningIP (note: ironic IP is deprecated)" }}
|
||||
{{- end }}
|
||||
{{- if and .provisioningIP .ironicIP }}
|
||||
{{ fail "Please provide either ironicIP or provisioningIP (note: ironicIP is deprecated)" }}
|
||||
{{- end }}
|
||||
{{- coalesce .ironicIP .provisioningIP }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
@@ -60,6 +60,15 @@ global:
|
||||
# IP Address assigned to network interface on provisioning network
|
||||
provisioningIP: ""
|
||||
|
||||
# Fully Qualified Domain Name used by Ironic for both binding (to the
|
||||
# associated IPv4 and/or IPv6 addresses) and exposing the API, dnsmask and
|
||||
# media, also used by BMO. Note, this is the only way to enable a fully
|
||||
# working dual-stack configuration.
|
||||
provisioningHostname: ""
|
||||
|
||||
# Hostname or IP for accessing the Ironic API server from a non-provisioning network
|
||||
externalHttpHost: ""
|
||||
|
||||
# Name for the MariaDB service
|
||||
databaseServiceName: metal3-mariadb
|
||||
|
||||
|
Reference in New Issue
Block a user