Skip to content

Commit b45fca7

Browse files
jpodivinjpodivin
committed
Rework defaulting of secrets
Log that we can't generate networData when preProvisionedNetworkData. Signed-off-by: Jiri Podivin <[email protected]>
1 parent 1b183c2 commit b45fca7

File tree

1 file changed

+108
-104
lines changed

1 file changed

+108
-104
lines changed

pkg/openstackbaremetalset/baremetalhost.go

Lines changed: 108 additions & 104 deletions
Original file line numberDiff line numberDiff line change
@@ -53,57 +53,7 @@ func BaremetalHostProvision(
5353
}
5454
bmhStatus.IPAddresses["ctlplane"] = ctlPlaneIP
5555
}
56-
57-
// Instance UserData/NetworkData overrides the default
58-
userDataSecret := instance.Spec.BaremetalHosts[hostName].UserData
59-
networkDataSecret := instance.Spec.BaremetalHosts[hostName].NetworkData
60-
61-
if userDataSecret == nil {
62-
userDataSecret = instance.Spec.UserData
63-
}
64-
65-
if networkDataSecret == nil {
66-
networkDataSecret = instance.Spec.NetworkData
67-
}
68-
6956
sts := []util.Template{}
70-
// User data cloud-init secret
71-
if userDataSecret == nil {
72-
templateParameters := make(map[string]interface{})
73-
templateParameters["AuthorizedKeys"] = strings.TrimSuffix(string(sshSecret.Data["authorized_keys"]), "\n")
74-
templateParameters["HostName"] = bmhStatus.Hostname
75-
//If Hostname is fqdn, use it
76-
if !hostNameIsFQDN(bmhStatus.Hostname) && instance.Spec.DomainName != "" {
77-
templateParameters["FQDN"] = strings.Join([]string{bmhStatus.Hostname, instance.Spec.DomainName}, ".")
78-
} else {
79-
templateParameters["FQDN"] = bmhStatus.Hostname
80-
}
81-
templateParameters["CloudUserName"] = instance.Spec.CloudUserName
82-
83-
// Prepare cloudinit (create secret)
84-
secretLabels := labels.GetLabels(instance, labels.GetGroupLabel(baremetalv1.ServiceName), map[string]string{})
85-
if passwordSecret != nil && len(passwordSecret.Data["NodeRootPassword"]) > 0 {
86-
templateParameters["NodeRootPassword"] = string(passwordSecret.Data["NodeRootPassword"])
87-
}
88-
89-
userDataSecretName := fmt.Sprintf(CloudInitUserDataSecretName, instance.Name, bmh)
90-
91-
userDataSt := util.Template{
92-
Name: userDataSecretName,
93-
Namespace: instance.Namespace,
94-
Type: util.TemplateTypeConfig,
95-
InstanceType: instance.Kind,
96-
AdditionalTemplate: map[string]string{"userData": "/openstackbaremetalset/cloudinit/userdata"},
97-
Labels: secretLabels,
98-
ConfigOptions: templateParameters,
99-
}
100-
sts = append(sts, userDataSt)
101-
userDataSecret = &corev1.SecretReference{
102-
Name: userDataSecretName,
103-
Namespace: instance.Namespace,
104-
}
105-
106-
}
10757

10858
//
10959
// Provision the BaremetalHost
@@ -119,72 +69,126 @@ func BaremetalHostProvision(
11969
preProvNetworkData = instance.Spec.BaremetalHosts[hostName].PreprovisioningNetworkDataName
12070
}
12171

122-
if networkDataSecret == nil && preProvNetworkData == "" {
72+
// Instance UserData/NetworkData overrides the default
73+
userDataSecret := instance.Spec.BaremetalHosts[hostName].UserData
74+
networkDataSecret := instance.Spec.BaremetalHosts[hostName].NetworkData
12375

124-
// Check IP version and set template variables accordingly
125-
ipAddr, ipNet, err := net.ParseCIDR(ctlPlaneIP)
126-
if err != nil {
127-
// TODO: Remove this conversion once all usage sets ctlPlaneIP in CIDR format.
128-
ipAddr = net.ParseIP(ctlPlaneIP)
129-
if ipAddr == nil {
130-
return err
131-
}
76+
// User data cloud-init secret from instance or template
77+
if userDataSecret == nil {
78+
userDataSecret = instance.Spec.UserData
13279

133-
var ipPrefix int
134-
if ipAddr.To4() != nil {
135-
ipPrefix, _ = net.IPMask(net.ParseIP(instance.Spec.CtlplaneNetmask).To4()).Size()
80+
if userDataSecret == nil {
81+
templateParameters := make(map[string]interface{})
82+
templateParameters["AuthorizedKeys"] = strings.TrimSuffix(string(sshSecret.Data["authorized_keys"]), "\n")
83+
templateParameters["HostName"] = bmhStatus.Hostname
84+
//If Hostname is fqdn, use it
85+
if !hostNameIsFQDN(bmhStatus.Hostname) && instance.Spec.DomainName != "" {
86+
templateParameters["FQDN"] = strings.Join([]string{bmhStatus.Hostname, instance.Spec.DomainName}, ".")
13687
} else {
137-
ipPrefix, _ = net.IPMask(net.ParseIP(instance.Spec.CtlplaneNetmask).To16()).Size()
88+
templateParameters["FQDN"] = bmhStatus.Hostname
13889
}
139-
_, ipNet, err = net.ParseCIDR(fmt.Sprintf("%s/%d", ipAddr, ipPrefix))
140-
if err != nil {
141-
return err
90+
templateParameters["CloudUserName"] = instance.Spec.CloudUserName
91+
92+
// Prepare cloudinit (create secret)
93+
secretLabels := labels.GetLabels(instance, labels.GetGroupLabel(baremetalv1.ServiceName), map[string]string{})
94+
if passwordSecret != nil && len(passwordSecret.Data["NodeRootPassword"]) > 0 {
95+
templateParameters["NodeRootPassword"] = string(passwordSecret.Data["NodeRootPassword"])
14296
}
143-
}
14497

145-
CtlplaneIPVersion := "ipv6"
146-
if ipAddr.To4() != nil {
147-
CtlplaneIPVersion = "ipv4"
148-
}
98+
userDataSecretName := fmt.Sprintf(CloudInitUserDataSecretName, instance.Name, bmh)
14999

150-
templateParameters := make(map[string]interface{})
151-
templateParameters["CtlplaneIpVersion"] = CtlplaneIPVersion
152-
templateParameters["CtlplaneIp"] = ipAddr
153-
templateParameters["CtlplaneInterface"] = instance.Spec.CtlplaneInterface
154-
templateParameters["CtlplaneGateway"] = instance.Spec.CtlplaneGateway
155-
templateParameters["CtlplaneNetmask"] = net.IP(ipNet.Mask)
156-
if len(instance.Spec.BootstrapDNS) > 0 {
157-
templateParameters["CtlplaneDns"] = instance.Spec.BootstrapDNS
158-
} else {
159-
templateParameters["CtlplaneDns"] = []string{}
160-
}
100+
userDataSt := util.Template{
101+
Name: userDataSecretName,
102+
Namespace: instance.Namespace,
103+
Type: util.TemplateTypeConfig,
104+
InstanceType: instance.Kind,
105+
AdditionalTemplate: map[string]string{"userData": "/openstackbaremetalset/cloudinit/userdata"},
106+
Labels: secretLabels,
107+
ConfigOptions: templateParameters,
108+
}
109+
sts = append(sts, userDataSt)
110+
userDataSecret = &corev1.SecretReference{
111+
Name: userDataSecretName,
112+
Namespace: instance.Namespace,
113+
}
161114

162-
if len(instance.Spec.DNSSearchDomains) > 0 {
163-
templateParameters["CtlplaneDnsSearch"] = instance.Spec.DNSSearchDomains
164-
} else {
165-
templateParameters["CtlplaneDnsSearch"] = []string{}
166115
}
116+
}
167117

168-
networkDataSecretName := fmt.Sprintf(CloudInitNetworkDataSecretName, instance.Name, bmh)
118+
// Network data secret from instance or template
119+
if networkDataSecret == nil {
169120

170-
// Flag the network data secret as safe to collect with must-gather
171-
secretLabelsWithMustGather := labels.GetLabels(instance, labels.GetGroupLabel(baremetalv1.ServiceName), map[string]string{
172-
MustGatherSecret: "yes",
173-
})
121+
if instance.Spec.NetworkData != nil {
122+
networkDataSecret = instance.Spec.NetworkData
123+
} else if preProvNetworkData == "" { // Protect against routing issues with preprovisioned network
174124

175-
networkDataSt := util.Template{
176-
Name: networkDataSecretName,
177-
Namespace: instance.Namespace,
178-
Type: util.TemplateTypeConfig,
179-
InstanceType: instance.Kind,
180-
AdditionalTemplate: map[string]string{"networkData": "/openstackbaremetalset/cloudinit/networkdata"},
181-
Labels: secretLabelsWithMustGather,
182-
ConfigOptions: templateParameters,
183-
}
184-
sts = append(sts, networkDataSt)
185-
networkDataSecret = &corev1.SecretReference{
186-
Name: networkDataSecretName,
187-
Namespace: instance.Namespace,
125+
// Check IP version and set template variables accordingly
126+
ipAddr, ipNet, err := net.ParseCIDR(ctlPlaneIP)
127+
if err != nil {
128+
// TODO: Remove this conversion once all usage sets ctlPlaneIP in CIDR format.
129+
ipAddr = net.ParseIP(ctlPlaneIP)
130+
if ipAddr == nil {
131+
return err
132+
}
133+
134+
var ipPrefix int
135+
if ipAddr.To4() != nil {
136+
ipPrefix, _ = net.IPMask(net.ParseIP(instance.Spec.CtlplaneNetmask).To4()).Size()
137+
} else {
138+
ipPrefix, _ = net.IPMask(net.ParseIP(instance.Spec.CtlplaneNetmask).To16()).Size()
139+
}
140+
_, ipNet, err = net.ParseCIDR(fmt.Sprintf("%s/%d", ipAddr, ipPrefix))
141+
if err != nil {
142+
return err
143+
}
144+
}
145+
146+
CtlplaneIPVersion := "ipv6"
147+
if ipAddr.To4() != nil {
148+
CtlplaneIPVersion = "ipv4"
149+
}
150+
151+
templateParameters := make(map[string]interface{})
152+
templateParameters["CtlplaneIpVersion"] = CtlplaneIPVersion
153+
templateParameters["CtlplaneIp"] = ipAddr
154+
templateParameters["CtlplaneInterface"] = instance.Spec.CtlplaneInterface
155+
templateParameters["CtlplaneGateway"] = instance.Spec.CtlplaneGateway
156+
templateParameters["CtlplaneNetmask"] = net.IP(ipNet.Mask)
157+
if len(instance.Spec.BootstrapDNS) > 0 {
158+
templateParameters["CtlplaneDns"] = instance.Spec.BootstrapDNS
159+
} else {
160+
templateParameters["CtlplaneDns"] = []string{}
161+
}
162+
163+
if len(instance.Spec.DNSSearchDomains) > 0 {
164+
templateParameters["CtlplaneDnsSearch"] = instance.Spec.DNSSearchDomains
165+
} else {
166+
templateParameters["CtlplaneDnsSearch"] = []string{}
167+
}
168+
169+
networkDataSecretName := fmt.Sprintf(CloudInitNetworkDataSecretName, instance.Name, bmh)
170+
171+
// Flag the network data secret as safe to collect with must-gather
172+
secretLabelsWithMustGather := labels.GetLabels(instance, labels.GetGroupLabel(baremetalv1.ServiceName), map[string]string{
173+
MustGatherSecret: "yes",
174+
})
175+
176+
networkDataSt := util.Template{
177+
Name: networkDataSecretName,
178+
Namespace: instance.Namespace,
179+
Type: util.TemplateTypeConfig,
180+
InstanceType: instance.Kind,
181+
AdditionalTemplate: map[string]string{"networkData": "/openstackbaremetalset/cloudinit/networkdata"},
182+
Labels: secretLabelsWithMustGather,
183+
ConfigOptions: templateParameters,
184+
}
185+
sts = append(sts, networkDataSt)
186+
networkDataSecret = &corev1.SecretReference{
187+
Name: networkDataSecretName,
188+
Namespace: instance.Namespace,
189+
}
190+
} else {
191+
l.Info("can not generate networkData secret when preProvNetworkData is already defined")
188192
}
189193
}
190194

0 commit comments

Comments
 (0)