suse-edge/Factory
SHA256
14
0
Fork 14
Code Issues Pull Requests 5 Actions Packages Projects Releases Wiki Activity

metal3: Add a hook to BMO start to ensure it restarts on ironic CA change #165

Merged
nbelouin merged 3 commits from nbelouin/Factory:try-bmo-fix into main 2025-05-27 13:31:42 +02:00
Conversation 1 Commits 3 Files Changed 10 +34 -16
10 changed files with 34 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
baremetal-operator-image/Dockerfile
View File

@@ -1,13 +1,13 @@
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%baremetal-operator:%%baremetal-operator_version%% #!BuildTag: %%IMG_PREFIX%%baremetal-operator:%%baremetal-operator_version%%.1
#!BuildTag: %%IMG_PREFIX%%baremetal-operator:%%baremetal-operator_version%%-%RELEASE% #!BuildTag: %%IMG_PREFIX%%baremetal-operator:%%baremetal-operator_version%%.1-%RELEASE%
#!BuildVersion: 15.6 #!BuildVersion: 15.6
ARG SLE_VERSION ARG SLE_VERSION
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
COPY --from=micro / /installroot/ COPY --from=micro / /installroot/
RUN zypper --installroot /installroot --non-interactive install --no-recommends baremetal-operator iproute2 bind-utils vim shadow; zypper -n clean; rm -rf /var/log/* RUN zypper --installroot /installroot --non-interactive install --no-recommends baremetal-operator inotify-tools procps iproute2 bind-utils vim shadow; zypper -n clean; rm -rf /var/log/*
FROM micro AS final FROM micro AS final
# Define labels according to https://en.opensuse.org/Building_derived_containers # Define labels according to https://en.opensuse.org/Building_derived_containers
@@ -19,7 +19,7 @@ LABEL org.opencontainers.image.version="%%baremetal-operator_version%%"
LABEL org.opencontainers.image.url="https://www.suse.com/products/server/" LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
LABEL org.opencontainers.image.created="%BUILDTIME%" LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC" LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%baremetal-operator:%%baremetal-operator_version%%-%RELEASE%" LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%baremetal-operator:%%baremetal-operator_version%%.1-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%" LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%" LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024" LABEL com.suse.eula="SUSE Combined EULA February 2024"
@@ -29,6 +29,8 @@ LABEL com.suse.release-stage="released"
# endlabelprefix # endlabelprefix
COPY --from=base /installroot / COPY --from=base /installroot /
COPY bmo-run /usr/bin/bmo-run
RUN chmod +x /usr/bin/bmo-run
RUN groupadd -r -g 11000 bmo RUN groupadd -r -g 11000 bmo
RUN useradd -u 11000 -g 11000 bmo RUN useradd -u 11000 -g 11000 bmo
ENTRYPOINT [ "/usr/bin/baremetal-operator" ] ENTRYPOINT [ "/usr/bin/bmo-run" ]

12
baremetal-operator-image/bmo-run Normal file
View File

@@ -0,0 +1,12 @@
#!/bin/bash
export RESTART_CONTAINER_CERTIFICATE_UPDATED=${RESTART_CONTAINER_CERTIFICATE_UPDATED:-"false"}
export IRONIC_CACERT_FILE=${IRONIC_CACERT_FILE:-"/opt/metal3/certs/ca/tls.crt"}
if [[ "${RESTART_CONTAINER_CERTIFICATE_UPDATED}" == "true" ]]; then
# shellcheck disable=SC2034
inotifywait -m -e delete_self "${IRONIC_CACERT_FILE}" | while read -r file event; do
kill $(pgrep baremetal-opera)
done &
fi
exec /usr/bin/baremetal-operator $@

12
metal3-chart/Chart.yaml
View File

@@ -1,16 +1,16 @@
#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.5_up0.11.3 #!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.6_up0.11.4
#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.5_up0.11.3-%RELEASE% #!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.6_up0.11.4-%RELEASE%
apiVersion: v2 apiVersion: v2
appVersion: 0.11.3 appVersion: 0.11.4
dependencies: dependencies:
- alias: metal3-baremetal-operator - alias: metal3-baremetal-operator
name: baremetal-operator name: baremetal-operator
repository: file://./charts/baremetal-operator repository: file://./charts/baremetal-operator
version: 0.9.1 version: 0.9.2
- alias: metal3-ironic - alias: metal3-ironic
name: ironic name: ironic
repository: file://./charts/ironic repository: file://./charts/ironic
version: 0.10.3 version: 0.10.4
- alias: metal3-mariadb - alias: metal3-mariadb
condition: global.enable_mariadb condition: global.enable_mariadb
name: mariadb name: mariadb
@@ -25,4 +25,4 @@ description: A Helm chart that installs all of the dependencies needed for Metal
icon: https://github.com/cncf/artwork/raw/master/projects/metal3/icon/color/metal3-icon-color.svg icon: https://github.com/cncf/artwork/raw/master/projects/metal3/icon/color/metal3-icon-color.svg
name: metal3 name: metal3
type: application type: application
version: "%%CHART_MAJOR%%.0.5+up0.11.3" version: "%%CHART_MAJOR%%.0.6+up0.11.4"

2
metal3-chart/charts/baremetal-operator/Chart.yaml
View File

@@ -3,4 +3,4 @@ appVersion: 0.9.1
description: A Helm chart for baremetal-operator, used by Metal3 description: A Helm chart for baremetal-operator, used by Metal3
name: baremetal-operator name: baremetal-operator
type: application type: application
version: 0.9.1 version: 0.9.2

3
metal3-chart/charts/baremetal-operator/templates/configmap-ironic.yaml
View File

@@ -10,14 +10,15 @@
apiVersion: v1 apiVersion: v1
data: data:
IRONIC_ENDPOINT: "{{ $protocol }}://{{ $ironicApiHost }}/v1/" IRONIC_ENDPOINT: "{{ $protocol }}://{{ $ironicApiHost }}/v1/"
RESTART_CONTAINER_CERTIFICATE_UPDATED: "false"
# Switch VMedia to HTTP if enable_vmedia_tls is false # Switch VMedia to HTTP if enable_vmedia_tls is false
{{- if and $enableTLS $enableVMediaTLS }} {{- if and $enableTLS $enableVMediaTLS }}
{{- $ironicBootHost = print $ironicIP ":" .Values.global.vmediaTLSPort }} {{- $ironicBootHost = print $ironicIP ":" .Values.global.vmediaTLSPort }}
{{- $ironicCacheHost = print $ironicIP ":" .Values.global.vmediaTLSPort }} {{- $ironicCacheHost = print $ironicIP ":" .Values.global.vmediaTLSPort }}
{{- $protocol = "https" }} {{- $protocol = "https" }}
RESTART_CONTAINER_CERTIFICATE_UPDATED: "true"
{{- else }} {{- else }}
{{- $protocol = "http" }} {{- $protocol = "http" }}
RESTART_CONTAINER_CERTIFICATE_UPDATED: "false"
{{- end }} {{- end }}
CACHEURL: "{{ $protocol }}://{{ $ironicCacheHost }}/images" CACHEURL: "{{ $protocol }}://{{ $ironicCacheHost }}/images"
DEPLOY_KERNEL_URL: "{{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent-{{ $deployArch }}.kernel" DEPLOY_KERNEL_URL: "{{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent-{{ $deployArch }}.kernel"

2
metal3-chart/charts/baremetal-operator/templates/deployment.yaml
View File

@@ -17,6 +17,8 @@ spec:
control-plane: controller-manager control-plane: controller-manager
template: template:
metadata: metadata:
annotations:
checksum/config-env: {{ include (print $.Template.BasePath "/configmap-ironic.yaml") . | sha256sum }}
labels: labels:
{{- include "baremetal-operator.selectorLabels" . | nindent 8 }} {{- include "baremetal-operator.selectorLabels" . | nindent 8 }}
control-plane: controller-manager control-plane: controller-manager

2
metal3-chart/charts/baremetal-operator/values.yaml
View File

@@ -28,7 +28,7 @@ images:
baremetalOperator: baremetalOperator:
repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/baremetal-operator repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/baremetal-operator
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
tag: "0.9.1" tag: "0.9.1.1"
imagePullSecrets: [] imagePullSecrets: []
nameOverride: "manger" nameOverride: "manger"

2
metal3-chart/charts/ironic/Chart.yaml
View File

@@ -3,4 +3,4 @@ appVersion: 26.1.2
description: A Helm chart for Ironic, used by Metal3 description: A Helm chart for Ironic, used by Metal3
name: ironic name: ironic
type: application type: application
version: 0.10.3 version: 0.10.4

1
metal3-chart/charts/ironic/templates/deployment.yaml
View File

@@ -16,6 +16,7 @@ spec:
metadata: metadata:
{{- with .Values.podAnnotations }} {{- with .Values.podAnnotations }}
annotations: annotations:
checksum/config-env: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}
labels: labels:

2
release-manifest-image/release_manifest.yaml
View File

@@ -171,7 +171,7 @@ spec:
- prettyName: Metal3 - prettyName: Metal3
releaseName: metal3 releaseName: metal3
chart: "%%CHART_REPO%%/%%CHART_PREFIX%%metal3" chart: "%%CHART_REPO%%/%%CHART_PREFIX%%metal3"
version: "%%CHART_MAJOR%%.0.5+up0.11.3" version: "%%CHART_MAJOR%%.0.6+up0.11.4"
- prettyName: RancherTurtles - prettyName: RancherTurtles
releaseName: rancher-turtles releaseName: rancher-turtles
chart: "%%CHART_REPO%%/%%CHART_PREFIX%%rancher-turtles" chart: "%%CHART_REPO%%/%%CHART_PREFIX%%rancher-turtles"