env/lib/common.sh

   1 #!/usr/bin/env bash
   2 set -eu -o pipefail
   3
   4 IRONIC_DATA_DIR=${IRONIC_DATA_DIR:-"/opt/ironic"}
   5 NODES_FILE=${NODES_FILE:-"${IRONIC_DATA_DIR}/nodes.json"}
   6 #IRONIC_PROVISIONING_INTERFACE is required to be provisioning, don't change it
   7 IRONIC_INTERFACE=${IRONIC_INTERFACE:-}
   8 IRONIC_PROVISIONING_INTERFACE=${IRONIC_PROVISIONING_INTERFACE:-"provisioning"}
   9 IRONIC_PROVISIONING_INTERFACE_IP=${IRONIC_PROVISIONING_INTERFACE_IP:-"172.22.0.1"}
  10 BM_IMAGE_URL=${BM_IMAGE_URL:-"https://cloud-images.ubuntu.com/focal/current/focal-server-cloudimg-amd64.img"}
  11 BM_IMAGE=${BM_IMAGE:-"focal-server-cloudimg-amd64.img"}
  12
  13 #Baremetal operator repository URL
  14 BMOREPO="${BMOREPO:-https://github.com/metal3-io/baremetal-operator.git}"
  15 #Path to clone the baremetal operator repo
  16 BMOPATH="/opt/src/github.com/metal3-io/baremetal-operator"
  17 #Bare Metal Operator version to use
  18 #  If changing this, the value in deploy/ironic/icn/kustomization.yaml
  19 #  must also be changed
  20 BMO_VERSION="capm3-v0.5.4"
  21
  22 #KuD repository URL
  23 KUDREPO="${KUDREPO:-https://github.com/onap/multicloud-k8s.git}"
  24 #Path to clone the KuD repo
  25 KUDPATH="/opt/src/github.com/onap/multicloud-k8s"
  26 #KuD version to use
  27 KUD_VERSION="8157bf63753839ce4e9006978816fad3f63ca2de"
  28
  29 #EMCO repository URL
  30 EMCOREPO="${EMCOREPO:-https://gitlab.com/project-emco/core/emco-base.git}"
  31 #Path to clone the EMCO repo
  32 EMCOPATH="/opt/src/emco-base"
  33 #EMCO version to use
  34 EMCO_VERSION="v21.12"
  35
  36 #Discard existing repo directory
  37 FORCE_REPO_UPDATE="${FORCE_REPO_UPDATE:-false}"
  38
  39 # The kustomize version to use
  40 KUSTOMIZE_VERSION="v4.5.2"
  41
  42 #Cluster API version to use
  43 CAPI_VERSION="v0.4.7"
  44
  45 #Cluster API version to use
  46 CAPM3_VERSION="v0.5.4"
  47
  48 #The flux version to use
  49 FLUX_VERSION="0.27.0"
  50
  51 #The sops version to use
  52 SOPS_VERSION="v3.7.1"
  53
  54 #Cert-Manager version to use
  55 CERT_MANAGER_VERSION="v1.7.1"
  56
  57 #CNI versions to use in cluster chart
  58 CALICO_VERSION="v3.22.0"
  59 FLANNEL_VERSION="v0.16.3"
  60
  61 #Kata version to use
  62 KATA_VERSION="2.3.2"
  63 KATA_WEBHOOK_VERSION="2.3.2"
  64
  65 #The kubectl version to install when KuD is not used to deploy the
  66 #jump server K8s cluster
  67 KUBECTL_VERSION="v1.20.7"
  68
  69 #refered from onap
  70 function call_api {
  71     #Runs curl with passed flags and provides
  72     #additional error handling and debug information
  73
  74     #Function outputs server response body
  75     #and performs validation of http_code
  76
  77     local status
  78     local curl_response_file="$(mktemp -p /tmp)"
  79     local curl_common_flags=(-s -w "%{http_code}" -o "${curl_response_file}")
  80     local command=(curl "${curl_common_flags[@]}" "$@")
  81
  82     echo "[INFO] Running '${command[@]}'" >&2
  83     if ! status="$("${command[@]}")"; then
  84         echo "[ERROR] Internal curl error! '$status'" >&2
  85         cat "${curl_response_file}"
  86         rm "${curl_response_file}"
  87         return 2
  88     else
  89         echo "[INFO] Server replied with status: ${status}" >&2
  90         cat "${curl_response_file}"
  91         rm "${curl_response_file}"
  92         if [[ "${status:0:1}" =~ [45] ]]; then
  93             return 1
  94         else
  95             return 0
  96         fi
  97     fi
  98 }
  99
 100 function list_nodes {
 101     if [ ! -f "$NODES_FILE" ]; then
 102         exit 1
 103     fi
 104
 105     # The boot MAC address must be specified when a port is included
 106     # in the IPMI driver address (i.e when using the VirtualBMC
 107     # controller).  Note that the below is a bit of a hack as it only
 108     # checks the first entry in NODES_FILE for the port.
 109     if cat "$NODES_FILE" |
 110             jq -r '.nodes[0].ipmi_driver_info.address' | grep -c ':[0-9]\+$' >/dev/null; then
 111         BOOT_LINK=$(cat "$NODES_FILE" |
 112                         jq -r '.nodes[0].net.links | map(.id=="provisioning_nic") | index(true)')
 113         cat "$NODES_FILE" |
 114             jq -r --argjson BOOT_LINK $BOOT_LINK '.nodes[] | [
 115                .name,
 116                .ipmi_driver_info.username,
 117                .ipmi_driver_info.password,
 118                .ipmi_driver_info.address,
 119                .net.links[$BOOT_LINK].ethernet_mac_address,
 120                .os.username,
 121                .os.password,
 122                .os.image_name
 123                ] | @csv' |
 124             sed 's/"//g'
 125     else
 126         cat "$NODES_FILE" |
 127             jq -r '.nodes[] | [
 128                .name,
 129                .ipmi_driver_info.username,
 130                .ipmi_driver_info.password,
 131                .ipmi_driver_info.address,
 132                "",
 133                .os.username,
 134                .os.password,
 135                .os.image_name
 136                ] | @csv' |
 137             sed 's/"//g'
 138     fi
 139 }
 140
 141 function node_userdata {
 142     name="$1"
 143     username="$2"
 144     password="$3"
 145     COMPUTE_NODE_FQDN="$name.akraino.icn.org"
 146
 147     # validate that the user isn't expecting the deprecated
 148     # COMPUTE_NODE_PASSWORD to be used
 149     if [ "$password" != "${COMPUTE_NODE_PASSWORD:-$password}" ]; then
 150         cat <<EOF
 151 COMPUTE_NODE_PASSWORD "$COMPUTE_NODE_PASSWORD" not equal to nodes.json $name password "$password".
 152 Unset COMPUTE_NODE_PASSWORD and retry.
 153 EOF
 154         exit 1
 155     fi
 156
 157     printf "userData:\n"
 158     if [ -n "$username" ]; then
 159         printf "  name: ${username}\n"
 160     fi
 161     if [ -n "$password" ]; then
 162         passwd=$(mkpasswd --method=SHA-512 --rounds 4096 "$password")
 163         printf "  hashedPassword: ${passwd}\n"
 164     fi
 165
 166     if [ -n "$COMPUTE_NODE_FQDN" ]; then
 167         printf "  fqdn: ${COMPUTE_NODE_FQDN}\n"
 168     fi
 169
 170     if [ ! -f $HOME/.ssh/id_rsa.pub ]; then
 171         yes y | ssh-keygen -t rsa -N "" -f $HOME/.ssh/id_rsa
 172     fi
 173
 174     printf "  sshAuthorizedKey: $(cat $HOME/.ssh/id_rsa.pub)\n"
 175 }
 176
 177 # Returns "null" when the field is not present
 178 function networkdata_networks_field {
 179     name=$1
 180     network=$2
 181     field=$3
 182     cat $NODES_FILE | jq -c -r --arg name "$name" --arg network "$network" --arg field "$field" '.nodes[] | select(.name==$name) | .net.networks[] | select(.id==$network).'${field}
 183 }
 184
 185 # Returns "null" when the field is not present
 186 function networkdata_links_field {
 187     name=$1
 188     link=$2
 189     field=$3
 190     cat $NODES_FILE | jq -c -r --arg name "$name" --arg link "$link" --arg field "$field" '.nodes[] | select(.name==$name) | .net.links[] | select(.id==$link).'${field}
 191 }
 192
 193 function node_networkdata {
 194     name=$1
 195
 196     if [ ! -f "$NODES_FILE" ]; then
 197         exit 1
 198     fi
 199
 200     printf "networks:\n"
 201     for network in $(cat $NODES_FILE | jq -r --arg name "$name" '.nodes[] | select(.name==$name) | .net.networks[].id'); do
 202         link=$(networkdata_networks_field $name $network "link")
 203         type=$(networkdata_networks_field $name $network "type")
 204         mac=$(networkdata_links_field $name $link "ethernet_mac_address")
 205
 206         # Optional values
 207         ip_address=$(networkdata_networks_field $name $network "ip_address")
 208         gateway=$(networkdata_networks_field $name $network "gateway")
 209         dns_nameservers=$(networkdata_networks_field $name $network "dns_nameservers")
 210
 211         printf "  ${network}:\n"
 212         printf "    macAddress: ${mac}\n"
 213         printf "    type: ${type}\n"
 214         if [[ $ip_address != "null" ]]; then
 215             printf "    ipAddress: ${ip_address}\n"
 216         fi
 217         if [[ $gateway != "null" ]]; then
 218             printf "    gateway: ${gateway}\n"
 219         fi
 220         if [[ $dns_nameservers != "null" ]]; then
 221             printf "    nameservers: ${dns_nameservers}\n"
 222         fi
 223     done
 224 }
 225
 226 function wait_for {
 227     local -r interval=${WAIT_FOR_INTERVAL:-30s}
 228     local -r max_tries=${WAIT_FOR_TRIES:-20}
 229     local try=0
 230     until "$@"; do
 231         echo "[${try}/${max_tries}] - Waiting ${interval} for $*"
 232         sleep ${interval}
 233         try=$((try+1))
 234         if [[ ${try} -ge ${max_tries} ]]; then
 235             return 1
 236         fi
 237     done
 238 }
 239
 240 # This is intended to be used together with list_nodes in the
 241 # following way:
 242 #   list_nodes | while IFS=',' read -r name ipmi_username ipmi_password ipmi_address boot_mac os_username os_password os_image_name; do ...
 243 function node_machine_values {
 244     printf "machineName: ${name}\n"
 245     printf "machineLabels:\n"
 246     printf "  machine: ${name}\n"
 247     printf "bmcUsername: ${ipmi_username}\n"
 248     printf "bmcPassword: ${ipmi_password}\n"
 249     printf "bmcAddress: ipmi://${ipmi_address}\n"
 250     if [[ ! -z ${boot_mac} ]]; then
 251         printf "bootMACAddress: ${boot_mac}\n"
 252     fi
 253     printf "imageName: ${BM_IMAGE}\n"
 254     node_userdata ${name} ${os_username} ${os_password}
 255     node_networkdata ${name}
 256 }
 257
 258 function clone_repository {
 259     local -r path=$1
 260     local -r repo=$2
 261     local -r version=$3
 262     mkdir -p $(dirname ${path})
 263     if [[ -d ${path} && "${FORCE_REPO_UPDATE}" == "true" ]]; then
 264        rm -rf "${path}"
 265     fi
 266     if [ ! -d "${path}" ] ; then
 267         pushd $(dirname ${path})
 268         git clone "${repo}"
 269         popd
 270     else
 271        pushd "${path}"
 272        git fetch
 273        popd
 274     fi
 275     pushd "${path}"
 276     git reset --hard "${version}"
 277     popd
 278 }
 279
 280 function clone_baremetal_operator_repository {
 281     clone_repository ${BMOPATH} ${BMOREPO} ${BMO_VERSION}
 282 }
 283
 284 function clone_kud_repository {
 285     clone_repository ${KUDPATH} ${KUDREPO} ${KUD_VERSION}
 286 }
 287
 288 function clone_emco_repository {
 289     clone_repository ${EMCOPATH} ${EMCOREPO} ${EMCO_VERSION}
 290 }
 291
 292 function fetch_image {
 293     if [[ "${BM_IMAGE_URL}" && "${BM_IMAGE}" ]]; then
 294        mkdir -p "${IRONIC_DATA_DIR}/html/images"
 295        pushd ${IRONIC_DATA_DIR}/html/images
 296        local_checksum="0"
 297        if [[ -f "${BM_IMAGE}" ]]; then
 298            local_checksum=$(md5sum ${BM_IMAGE} | awk '{print $1}')
 299        fi
 300        remote_checksum=$(curl -sL "$(dirname ${BM_IMAGE_URL})/MD5SUMS" | grep ${BM_IMAGE} | awk '{print $1}')
 301        if [[ ${local_checksum} != ${remote_checksum} ]]; then
 302             curl -o ${BM_IMAGE} --insecure --compressed -O -L ${BM_IMAGE_URL}
 303             md5sum ${BM_IMAGE} | awk '{print $1}' > ${BM_IMAGE}.md5sum
 304        fi
 305        popd
 306     fi
 307 }