diff --git a/api/go.mod b/api/go.mod index b940d5d66..8b23a11e1 100644 --- a/api/go.mod +++ b/api/go.mod @@ -6,7 +6,7 @@ require ( github.com/openstack-k8s-operators/infra-operator/apis v0.3.1-0.20231122104142-3b449040167e github.com/openstack-k8s-operators/lib-common/modules/common v0.3.1-0.20231122111552-6bd6025ade37 github.com/openstack-k8s-operators/lib-common/modules/storage v0.3.1-0.20231122111552-6bd6025ade37 - github.com/openstack-k8s-operators/openstack-baremetal-operator/api v0.3.1-0.20231123111448-29e394985a34 + github.com/openstack-k8s-operators/openstack-baremetal-operator/api v0.3.1-0.20231127065111-347f7cf3b2f5 k8s.io/api v0.26.11 k8s.io/apimachinery v0.26.11 sigs.k8s.io/controller-runtime v0.14.7 @@ -47,7 +47,7 @@ require ( github.com/prometheus/common v0.37.0 // indirect github.com/prometheus/procfs v0.8.0 // indirect github.com/spf13/pflag v1.0.5 // indirect - github.com/stretchr/testify v1.8.2 // indirect + github.com/stretchr/testify v1.8.3 // indirect golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa // indirect golang.org/x/net v0.18.0 // indirect golang.org/x/oauth2 v0.8.0 // indirect diff --git a/api/go.sum b/api/go.sum index 1c8f4055c..0b642058d 100644 --- a/api/go.sum +++ b/api/go.sum @@ -231,8 +231,8 @@ github.com/openstack-k8s-operators/lib-common/modules/common v0.3.1-0.2023112211 github.com/openstack-k8s-operators/lib-common/modules/common v0.3.1-0.20231122111552-6bd6025ade37/go.mod h1:/6//JWNEY68jOMoaoaSI0koL2jzpEKim3m60+jFCbqY= github.com/openstack-k8s-operators/lib-common/modules/storage v0.3.1-0.20231122111552-6bd6025ade37 h1:F/sQ5+TzB1dVf4VyeyLDtcyNQDHnIkqZPK9V+cr/f6s= github.com/openstack-k8s-operators/lib-common/modules/storage v0.3.1-0.20231122111552-6bd6025ade37/go.mod h1:PAcGzUsidkqZLBv7aVf7tJsq9pzxGUwFDvA5Zeaq0a4= -github.com/openstack-k8s-operators/openstack-baremetal-operator/api v0.3.1-0.20231123111448-29e394985a34 h1:7ZSX60sdoF5/CBpQu1PBPfo8RFRuT1lzIpnqrYbjMuo= -github.com/openstack-k8s-operators/openstack-baremetal-operator/api v0.3.1-0.20231123111448-29e394985a34/go.mod h1:JLCVgdpOAk/zcJPJ+od/d0qOb41vkKsi9kzfjSQ6BAU= +github.com/openstack-k8s-operators/openstack-baremetal-operator/api v0.3.1-0.20231127065111-347f7cf3b2f5 h1:eZvqDZn1+TnRwrwT0A0rsuFIhPX6iWLCJNtGA2vGcrM= +github.com/openstack-k8s-operators/openstack-baremetal-operator/api v0.3.1-0.20231127065111-347f7cf3b2f5/go.mod h1:JLCVgdpOAk/zcJPJ+od/d0qOb41vkKsi9kzfjSQ6BAU= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= @@ -286,8 +286,8 @@ github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= -github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8= -github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +github.com/stretchr/testify v1.8.3 h1:RP3t2pwF7cMEbC1dqtB6poj3niw/9gnV4Cjg5oW5gtY= +github.com/stretchr/testify v1.8.3/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ= github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y= diff --git a/api/v1beta1/openstackdataplanenodeset_webhook.go b/api/v1beta1/openstackdataplanenodeset_webhook.go index 9f35fb456..97a553ea2 100644 --- a/api/v1beta1/openstackdataplanenodeset_webhook.go +++ b/api/v1beta1/openstackdataplanenodeset_webhook.go @@ -22,7 +22,6 @@ import ( baremetalv1 "github.com/openstack-k8s-operators/openstack-baremetal-operator/api/v1beta1" apierrors "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/util/validation/field" @@ -97,7 +96,7 @@ func (r *OpenStackDataPlaneNodeSet) ValidateUpdate(old runtime.Object) error { oldNodeSet, ok := old.(*OpenStackDataPlaneNodeSet) if !ok { return apierrors.NewInternalError( - fmt.Errorf("Expected a OpenStackDataPlaneNodeSet object, but got %T", oldNodeSet)) + fmt.Errorf("expected a OpenStackDataPlaneNodeSet object, but got %T", oldNodeSet)) } var errors field.ErrorList @@ -107,26 +106,9 @@ func (r *OpenStackDataPlaneNodeSet) ValidateUpdate(old runtime.Object) error { // If the BaremetalSetTemplate is changed, we will offload the parsing of these details // to the openstack-baremetal-operator webhook to avoid duplicating logic. if !reflect.DeepEqual(r.Spec.BaremetalSetTemplate, oldNodeSet.Spec.BaremetalSetTemplate) { - // Initialize OpenStackBaremetalSet with old spec details - oldBaremetalSetObject := &baremetalv1.OpenStackBaremetalSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: r.Name, - Namespace: r.Namespace, - }, - } - oldNodeSet.Spec.BaremetalSetTemplate.DeepCopyInto(&oldBaremetalSetObject.Spec) - - // Initialize OpenStackBaremetalSet with new spec details - baremetalSetObject := &baremetalv1.OpenStackBaremetalSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: r.Name, - Namespace: r.Namespace, - }, - } - r.Spec.BaremetalSetTemplate.DeepCopyInto(&baremetalSetObject.Spec) - // Call openstack-baremetal-operator ValidateUpdate() webhook to parse changes - err := baremetalSetObject.ValidateUpdate(oldBaremetalSetObject) + // Call openstack-baremetal-operator webhook Validate() to parse changes + err := r.Spec.BaremetalSetTemplate.Validate(oldNodeSet.Spec.BaremetalSetTemplate) if err != nil { errors = append(errors, field.Forbidden( field.NewPath("spec.baremetalSetTemplate"), diff --git a/config/samples/dataplane_v1beta1_openstackdataplanenodeset_bgp_ovn_cluster.yaml b/config/samples/dataplane_v1beta1_openstackdataplanenodeset_bgp_ovn_cluster.yaml new file mode 100644 index 000000000..752b9d484 --- /dev/null +++ b/config/samples/dataplane_v1beta1_openstackdataplanenodeset_bgp_ovn_cluster.yaml @@ -0,0 +1,166 @@ +apiVersion: dataplane.openstack.org/v1beta1 +kind: OpenStackDataPlaneNodeSet +metadata: + name: openstack-edpm +spec: + services: + - download-cache + - bootstrap + - configure-network + - validate-network + - frr + - install-os + - configure-os + - run-os + - ovn + - neutron-metadata + - ovn-bgp-agent + - libvirt + - nova + - telemetry + preProvisioned: true + nodes: + edpm-compute-0: + hostName: edpm-compute-0 + ansible: + ansibleHost: 192.168.122.100 + ansibleVars: + ctlplane_ip: 192.168.122.100 + internal_api_ip: 172.17.0.100 + storage_ip: 172.18.0.100 + tenant_ip: 172.19.0.100 + fqdn_internal_api: edpm-compute-0.example.com + networkAttachments: + - ctlplane + nodeTemplate: + ansibleSSHPrivateKeySecret: dataplane-ansible-ssh-private-key-secret + managementNetwork: ctlplane + ansible: + ansibleUser: cloud-admin + ansiblePort: 22 + ansibleVars: + timesync_ntp_servers: + - hostname: pool.ntp.org + # edpm_network_config + # Default nic config template for a EDPM compute node + # These vars are edpm_network_config role vars + edpm_network_config_hide_sensitive_logs: false + edpm_network_config_template: | + --- + {% set mtu_list = [ctlplane_mtu] %} + {% for network in role_networks %} + {{ mtu_list.append(lookup('vars', networks_lower[network] ~ '_mtu')) }} + {%- endfor %} + {% set min_viable_mtu = mtu_list | max %} + network_config: + - type: interface + name: nic1 + mtu: {{ ctlplane_mtu }} + dns_servers: {{ ctlplane_dns_nameservers }} + domain: {{ dns_search_domains }} + use_dhcp: false + addresses: + - ip_netmask: {{ ctlplane_ip }}/{{ ctlplane_subnet_cidr }} + {% for network in role_networks %} + {% if lookup('vars', networks_lower[network] ~ '_vlan_id', default='') %} + - type: vlan + device: nic1 + mtu: {{ lookup('vars', networks_lower[network] ~ '_mtu') }} + vlan_id: {{ lookup('vars', networks_lower[network] ~ '_vlan_id') }} + addresses: + - ip_netmask: + {{ lookup('vars', networks_lower[network] ~ '_ip') }}/{{ lookup('vars', networks_lower[network] ~ '_cidr') }} + routes: {{ lookup('vars', networks_lower[network] ~ '_host_routes') }} + {% endif %} + {%- endfor %} + - type: ovs_bridge + name: br-provider + use_dhcp: false + - type: ovs_bridge + name: {{ neutron_physical_bridge_name }} + mtu: {{ min_viable_mtu }} + use_dhcp: false + addresses: + - ip_netmask: {{ lookup('vars', 'bgp_net1_ip') }}/30 + members: + - type: interface + name: nic2 + mtu: {{ min_viable_mtu }} + # force the MAC address of the bridge to this interface + primary: true + - type: ovs_bridge + name: {{ neutron_physical_bridge_name }}-2 + mtu: {{ min_viable_mtu }} + use_dhcp: false + addresses: + - ip_netmask: {{ lookup('vars', 'bgp_net2_ip') }}/30 + members: + - type: interface + name: nic3 + mtu: {{ min_viable_mtu }} + # force the MAC address of the bridge to this interface + primary: true + - type: interface + name: lo + addresses: + - ip_netmask: {{ lookup('vars', 'bgp_main_net_ip') }}/32 + - ip_netmask: {{ lookup('vars', 'bgp_main_net6_ip') }}/128 + + # These vars are for the network config templates themselves and are + # considered EDPM network defaults. + neutron_physical_bridge_name: br-ex + neutron_public_interface_name: eth0 + ctlplane_mtu: 1500 + ctlplane_subnet_cidr: 24 + ctlplane_gateway_ip: 192.168.122.1 + ctlplane_host_routes: + - ip_netmask: 0.0.0.0/0 + next_hop: 192.168.122.1 + external_mtu: 1500 + external_vlan_id: 44 + external_cidr: '24' + external_host_routes: [] + internal_api_mtu: 1500 + internal_api_vlan_id: 20 + internal_api_cidr: '24' + internal_api_host_routes: [] + storage_mtu: 1500 + storage_vlan_id: 21 + storage_cidr: '24' + storage_host_routes: [] + tenant_mtu: 1500 + tenant_vlan_id: 22 + tenant_cidr: '24' + tenant_host_routes: [] + role_networks: + - InternalApi + - Storage + - Tenant + networks_lower: + External: external + InternalApi: internal_api + Storage: storage + Tenant: tenant + # edpm_nodes_validation + edpm_nodes_validation_validate_controllers_icmp: false + edpm_nodes_validation_validate_gateway_icmp: false + ctlplane_dns_nameservers: + - 192.168.122.1 + dns_search_domains: [] + gather_facts: false + enable_debug: false + # edpm firewall, change the allowed CIDR if needed + edpm_sshd_configure_firewall: true + edpm_sshd_allowed_ranges: ['192.168.122.0/24'] + edpm_frr_bgp_uplinks: ['nic2', 'nic3'] + edpm_frr_bgp_neighbor_password: f00barZ + edpm_frr_bgp_ipv4_src_network: bgp_main_net + edpm_frr_bgp_ipv6_src_network: bgp_main_net6 + edpm_frr_bgp_peers: ['100.64.1.5', '100.65.1.5'] + edpm_ovn_bgp_agent_expose_tenant_networks: true + edpm_ovn_bgp_agent_local_ovn_routing: true + edpm_ovn_bridge_mappings: ['bgp:br-provider'] + edpm_ovn_bgp_agent_local_ovn_external_nics: ['eth1', 'eth2'] + edpm_ovn_bgp_agent_local_ovn_peer_ips: ['100.64.1.5', '100.65.1.5'] + edpm_ovn_bgp_agent_exposing_method: ovn + edpm_ovn_bgp_agent_provider_networks_pool_prefixes: '172.16.0.0/16' diff --git a/docs/deploying.md b/docs/deploying.md index e728d0186..bfde8055d 100644 --- a/docs/deploying.md +++ b/docs/deploying.md @@ -374,7 +374,7 @@ configuration before the deployment can be started. * The service needs an SSH key-pair provided. Generate an ssh key-pair and store it in a Secret named `nova-migration-ssh-key`. ```console $ cd "$(mktemp -d)" - $ ssh-keygen -f ./id -t ed25519 -N '' + $ ssh-keygen -f ./id -t ecdsa-sha2-nistp521 -N '' $ oc create secret generic nova-migration-ssh-key \ -n openstack \ --from-file=ssh-privatekey=id \ diff --git a/go.mod b/go.mod index bf9e68464..e35bf5d91 100644 --- a/go.mod +++ b/go.mod @@ -22,7 +22,7 @@ require ( github.com/openstack-k8s-operators/lib-common/modules/storage v0.3.1-0.20231122111552-6bd6025ade37 github.com/openstack-k8s-operators/lib-common/modules/test v0.3.1-0.20231122111552-6bd6025ade37 github.com/openstack-k8s-operators/openstack-ansibleee-operator/api v0.3.0 - github.com/openstack-k8s-operators/openstack-baremetal-operator/api v0.3.1-0.20231123111448-29e394985a34 + github.com/openstack-k8s-operators/openstack-baremetal-operator/api v0.3.1-0.20231127065111-347f7cf3b2f5 golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa gopkg.in/yaml.v3 v3.0.1 k8s.io/api v0.26.11 diff --git a/go.sum b/go.sum index c8a967763..e3b4dd26e 100644 --- a/go.sum +++ b/go.sum @@ -251,8 +251,8 @@ github.com/openstack-k8s-operators/lib-common/modules/test v0.3.1-0.202311221115 github.com/openstack-k8s-operators/lib-common/modules/test v0.3.1-0.20231122111552-6bd6025ade37/go.mod h1:xKsHwzBHiAeEGs0mwxnxs1PRZOYU48bTQ1WFNxICIOI= github.com/openstack-k8s-operators/openstack-ansibleee-operator/api v0.3.0 h1:QSAPaJ5pR1LUscHC7V/TSdyKwUKwd+1zjkzeyHkfHF0= github.com/openstack-k8s-operators/openstack-ansibleee-operator/api v0.3.0/go.mod h1:UxWKFScj0gVurdBfTwenf2QyRANjFkMWkFz3KPcsWv0= -github.com/openstack-k8s-operators/openstack-baremetal-operator/api v0.3.1-0.20231123111448-29e394985a34 h1:7ZSX60sdoF5/CBpQu1PBPfo8RFRuT1lzIpnqrYbjMuo= -github.com/openstack-k8s-operators/openstack-baremetal-operator/api v0.3.1-0.20231123111448-29e394985a34/go.mod h1:JLCVgdpOAk/zcJPJ+od/d0qOb41vkKsi9kzfjSQ6BAU= +github.com/openstack-k8s-operators/openstack-baremetal-operator/api v0.3.1-0.20231127065111-347f7cf3b2f5 h1:eZvqDZn1+TnRwrwT0A0rsuFIhPX6iWLCJNtGA2vGcrM= +github.com/openstack-k8s-operators/openstack-baremetal-operator/api v0.3.1-0.20231127065111-347f7cf3b2f5/go.mod h1:JLCVgdpOAk/zcJPJ+od/d0qOb41vkKsi9kzfjSQ6BAU= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= @@ -308,7 +308,7 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= -github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8= +github.com/stretchr/testify v1.8.3 h1:RP3t2pwF7cMEbC1dqtB6poj3niw/9gnV4Cjg5oW5gtY= github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ= github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y=