suse-edge/Factory
SHA256
14
0
Fork 15
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: suse-edge:main
Branches Tags
suse-edge:main suse-edge:3.3 suse-edge:3.2 suse-edge:devel
...
compare: suse-edge:419e8a0814f1f1e90cf50d22c61842744b165616b77de772c6f3344a21dba420
Branches Tags
suse-edge:main suse-edge:3.3 suse-edge:3.2 suse-edge:devel

7 Commits
main ... 419e8a0814

Author SHA256 Message Date
Marco Chiappero
419e8a0814 Update the URL for the BMO to connect to Ironic
All checks were successful
Check Release Manifest Local Charts Versions / Check Release Manifest Local Charts Versions (pull_request) Successful in 14s
Details
Build PR in OBS / Build PR in OBS (pull_request_target) Successful in 25m17s
Details 
The BMO should now connect via the provisioningHostname if set or an IP
address. Add a helper that returns the ironic hostname or correctly
formatted IP to define the ironicApiHost variable in the BMO configmap.

Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>
 2025-08-05 16:31:47 +00:00
Marco Chiappero
4a70b1ac21 Include the hostname for SAN in Certificates 
Recently provisioningHostname has been introduced as an alternative way
to configure the IPs to bind and respond to. This however requires that
the Certificates for HTTPS also include a dnsNames section whenver such
value is present.

Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>
 2025-08-05 16:31:47 +00:00
Marco Chiappero
73e69b34f8 Introduce metal3.provisioningIP template and deprecate ironicIP 
So far ironicIP has been part of values.yaml under the global section,
however this is very misleading: this variable is internal to the Ironic
startup scripts and should not be set, moreover it conflicts with
provisioningIP, which is instead a public configuration variable for the
purpose.

This commits thus introduces the following changes:
- removes the creation of IRONIC_IP in the Ironic configmap
- does not yet remove ironicIP from values.yaml to avoid breaking
  forward compatibility
- introduces a utility function to perform input validation while still
  prioritizing ironicIP if present

Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>
 2025-08-05 16:31:47 +00:00
Marco Chiappero
3cc7dbe1e7 Allow to change the LISTEN_ALL_INTERFACE variable for Ironic 
It should be possible to enable or disable the environment variable
LISTEN_ALL_INTERFACE in the Ironic configmap, as it allows to the way
Ironic binds to socket, especially in combination with the changes
introduced in v29.

Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>
 2025-08-05 16:31:47 +00:00
Marco Chiappero
83503bddb3 Introduce the provisioningHostname env variable in Ironic 
Create a new provisioningHostname value in values.yaml in order to set
the new IRONIC_URL_HOSTNAME, that allows to set the address(es) Ironic
will bind to.

Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>
 2025-08-05 16:31:47 +00:00
Marco Chiappero
c2adfe1589 Remove unused env and helm variables 
Since currently we can only define the provisioning network and the
external HTTP host, remove some clutter generating unused variables.

Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>
 2025-08-05 16:31:47 +00:00
Marco Chiappero
0571a17c87 Allow control over IRONIC_EXTERNAL_HTTP_URL via values.yaml 
The purpose of this commit is to:
- avoid providing IRONIC_EXTERNAL_HTTP_URL by default, as the Ironic
  startup scripts will be able to derive the value from other variables
- define a new global value under the top values.yaml to generate
  IRONIC_EXTERNAL_HTTP_URL when actually needed
- make sure that the input, which can either be a hostname or an IP
  address, is correctly formatted in case of an IPv6.

This change also allows subsequent cleanups of the whole Configmap
template for Ironic.

Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>
 2025-08-05 16:31:36 +00:00
8 changed files with 94 additions and 26 deletions
Expand all files Collapse all files

16
metal3-chart/charts/baremetal-operator/templates/_helpers.tpl
View File

@@ -61,3 +61,19 @@ Create the name of the service account to use
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
{{/*
Create the URL to use for connecting to the Ironic servers (e.g. API, cache)
*/}}
{{- define "baremetal-operator.ironicHttpHost" -}}
{{- $ironicIP := include "metal3.provisioningIP" . -}}
{{- with .Values.global }}
{{- if .provisioningHostname }}
{{- .provisioningHostname }}
{{- else if regexMatch ".*:.*" $ironicIP}}
{{- print "[" $ironicIP "]" }}
{{- else }}
{{- $ironicIP }}
{{- end }}
{{- end }}
{{- end }}

12
metal3-chart/charts/baremetal-operator/templates/configmap-ironic.yaml
View File

@@ -1,10 +1,10 @@
{{- $enableTLS := .Values.global.enable_tls }}
{{- $enableVMediaTLS := .Values.global.enable_vmedia_tls }}
{{- $protocol := ternary "https" "http" $enableTLS }}
{{- $ironicIP := .Values.global.ironicIP | default "" }}
{{- $ironicApiHost := print $ironicIP ":6385" }}
{{- $ironicBootHost := print $ironicIP ":6180" }}
{{- $ironicCacheHost := print $ironicIP ":6180" }}
{{- $ironicHost := include "baremetal-operator.ironicHttpHost" . | required "Missing host information for BMO to connect to Ironic" }}
{{- $ironicApiHost := print $ironicHost ":6385" }}
{{- $ironicBootHost := print $ironicHost ":6180" }}
{{- $ironicCacheHost := print $ironicHost ":6180" }}
{{- $deployArch := .Values.global.deployArchitecture }}
apiVersion: v1
@@ -12,8 +12,8 @@ data:
IRONIC_ENDPOINT: "{{ $protocol }}://{{ $ironicApiHost }}/v1/"
# Switch VMedia to HTTP if enable_vmedia_tls is false
{{- if and $enableTLS $enableVMediaTLS }}
{{- $ironicBootHost = print $ironicIP ":" .Values.global.vmediaTLSPort }}
{{- $ironicCacheHost = print $ironicIP ":" .Values.global.vmediaTLSPort }}
{{- $ironicBootHost = print $ironicHost ":" .Values.global.vmediaTLSPort }}
{{- $ironicCacheHost = print $ironicHost ":" .Values.global.vmediaTLSPort }}
{{- $protocol = "https" }}
RESTART_CONTAINER_CERTIFICATE_UPDATED: "true"
{{- else }}

29
metal3-chart/charts/ironic/templates/_helpers.tpl
View File

@@ -83,3 +83,32 @@ Get ironic CA volumeMounts
readOnly: true
{{- end }}
{{- end }}
{{/*
Get the formatted "External" hostname or IP address
*/}}
{{- define "ironic.externalHttpHost" }}
{{- with .Values.global }}
{{- if regexMatch ".*:.*" .externalHttpHost }}
{{- print "[" .externalHttpHost "]" }}
{{- else }}
{{- .externalHttpHost }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create the subjectAltNames section to be set on the Certificate
*/}}
{{- define "ironic.subjectAltNames" -}}
{{- with .Values.global }}
{{- if .provisioningHostname }}
dnsNames:
- {{ .provisioningHostname }}
{{- end -}}
{{- if or .ironicIP .provisioningIP }}
ipAddresses:
- {{ coalesce .ironicIP .provisioningIP }}
{{- end }}
{{- end }}
{{- end }}

9
metal3-chart/charts/ironic/templates/certificates.yaml
View File

@@ -6,8 +6,7 @@ metadata:
spec:
commonName: ironic-ca
isCA: true
ipAddresses:
- {{ .Values.global.ironicIP }}
{{- include "ironic.subjectAltNames" . | indent 2 }}
issuerRef:
kind: Issuer
name: selfsigned-issuer
@@ -19,8 +18,7 @@ metadata:
name: ironic-cert
spec:
commonName: ironic-cert
ipAddresses:
- {{ .Values.global.ironicIP }}
{{- include "ironic.subjectAltNames" . | indent 2 }}
issuerRef:
kind: Issuer
name: ca-issuer
@@ -33,8 +31,7 @@ metadata:
name: ironic-vmedia-cert
spec:
commonName: ironic-vmedia-cert
ipAddresses:
- {{ .Values.global.ironicIP }}
{{- include "ironic.subjectAltNames" . | indent 2 }}
issuerRef:
kind: Issuer
name: ca-issuer

22
metal3-chart/charts/ironic/templates/configmap.yaml
View File

@@ -8,13 +8,9 @@ data:
{{- $enableTLS := .Values.global.enable_tls }}
{{- $enableVMediaTLS := .Values.global.enable_vmedia_tls }}
{{- $protocol := ternary "https" "http" $enableTLS }}
{{- $ironicIP := .Values.global.ironicIP | default "" }}
{{- $ironicBootHost := print $ironicIP ":6180" }}
{{- $ironicCacheHost := print $ironicIP ":6180" }}
{{- $deployArch := .Values.global.deployArchitecture }}
{{- if ( .Values.global.enable_dnsmasq ) }}
DNSMASQ_BOOT_SERVER_ADDRESS: {{ $ironicBootHost }}
DNSMASQ_DNS_SERVER_ADDRESS: {{ .Values.global.dnsmasqDNSServer }}
DNSMASQ_DEFAULT_ROUTER: {{ .Values.global.dnsmasqDefaultRouter }}
DHCP_RANGE: {{ .Values.global.dhcpRange }}
@@ -26,27 +22,25 @@ data:
PREDICTABLE_NIC_NAMES: "{{ .Values.global.predictableNicNames }}"
# Switch VMedia to HTTP if enable_vmedia_tls is false
{{- if and $enableTLS $enableVMediaTLS }}
{{- $ironicBootHost = print $ironicIP ":" .Values.global.vmediaTLSPort }}
{{- $ironicCacheHost = print $ironicIP ":" .Values.global.vmediaTLSPort }}
{{- $protocol = "https" }}
{{- else }}
{{- $protocol = "http" }}
{{- end }}
IRONIC_EXTERNAL_HTTP_URL: {{ $protocol }}://{{ $ironicCacheHost }}
{{- if .Values.global.externalHttpHost }}
IRONIC_EXTERNAL_HTTP_URL: {{ $protocol }}://{{ (include "ironic.externalHttpHost" .) }}:6385
{{- end }}
DEPLOY_ARCHITECTURE: {{ $deployArch }}
IRONIC_BOOT_BASE_URL: {{ $protocol }}://{{ $ironicBootHost }}
ENABLE_PXE_BOOT: "{{ .Values.global.enable_pxe_boot }}"
{{- if .Values.global.provisioningInterface }}
PROVISIONING_INTERFACE: {{ .Values.global.provisioningInterface }}
{{- end }}
{{- if .Values.global.provisioningIP }}
PROVISIONING_IP: {{ .Values.global.provisioningIP }}
{{- if or .Values.global.ironicIP .Values.global.provisioningIP }}
PROVISIONING_IP: {{ include "metal3.provisioningIP" . }}
{{- else if .Values.global.provisioningHostname }}
IRONIC_URL_HOSTNAME: {{ .Values.global.provisioningHostname }}
{{- end }}
IRONIC_FAST_TRACK: "true"
LISTEN_ALL_INTERFACES: "true"
{{- if .Values.global.ironicIP }}
IRONIC_IP: {{ .Values.global.ironicIP }}
{{- end }}
LISTEN_ALL_INTERFACES: {{ .Values.listenOnAll }}
{{- if ( .Values.global.enable_tls ) }}
RESTART_CONTAINER_CERTIFICATE_UPDATED: "true"
IRONIC_KERNEL_PARAMS: {{ .Values.global.ironicKernelParams }} tls.enabled=true

8
metal3-chart/charts/ironic/values.yaml
View File

@@ -32,6 +32,12 @@ global:
# IP Address assigned to network interface on provisioning network
provisioningIP: ""
# Fully Qualified Domain Name used by Ironic for both binding (to the
# associated IPv4 and/or IPv6 addresses) and exposing the API, dnsmask and
# media, also used by BMO. Note, this is the only way to enable a fully
# working dual-stack configuration.
provisioningHostname: ""
# Whether the NIC names should be predictable or not
predictableNicNames: "true"
@@ -52,6 +58,8 @@ global:
replicaCount: 1
listenOnAll: "true"
images:
ironic:
repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic

15
metal3-chart/templates/_helpers.tpl
View File

@@ -60,3 +60,18 @@ Create the name of the service account to use
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
{{/*
Produce the correct IP or hostname for Ironic provisioning
*/}}
{{- define "metal3.provisioningIP" -}}
{{- with .Values.global }}
{{- if and .provisioningHostname (or .provisioningIP .ironicIP) }}
{{ fail "Please provide either provisioningHostname or provisioningIP (note: ironic IP is deprecated)" }}
{{- end }}
{{- if and .provisioningIP .ironicIP }}
{{ fail "Please provide either ironicIP or provisioningIP (note: ironicIP is deprecated)" }}
{{- end }}
{{- coalesce .ironicIP .provisioningIP }}
{{- end }}
{{- end }}

9
metal3-chart/values.yaml
View File

@@ -60,6 +60,15 @@ global:
# IP Address assigned to network interface on provisioning network
provisioningIP: ""
# Fully Qualified Domain Name used by Ironic for both binding (to the
# associated IPv4 and/or IPv6 addresses) and exposing the API, dnsmask and
# media, also used by BMO. Note, this is the only way to enable a fully
# working dual-stack configuration.
provisioningHostname: ""
# Hostname or IP for accessing the Ironic API server from a non-provisioning network
externalHttpHost: ""
# Name for the MariaDB service
databaseServiceName: metal3-mariadb