-function set_compute_ssh_config {
- get_default_interface_ipaddress default_addr
- cat << EOF
-- path: /root/.ssh/config
- owner: root:root
- permissions: '0600'
- content: |
- Host bootstrapmachine $default_addr
- HostName $default_addr
- IdentityFile /opt/ssh_id_rsa
- User $USER
-- path: /etc/apt/sources.list
- owner: root:root
- permissions: '0665'
- content: |
- deb [trusted=yes] ssh://$USER@$default_addr:$LOCAL_APT_REPO ./
-EOF
-}
-
-# documentation for the values below may be found at
-# https://cloudinit.readthedocs.io/en/latest/topics/modules.html
-function create_userdata {
- name="$1"
- username="$2"
- password="$3"
- COMPUTE_NODE_FQDN="$name.akraino.icn.org"
-
- # validate that the user isn't expecting the deprecated
- # COMPUTE_NODE_PASSWORD to be used
- if [ "$password" != "${COMPUTE_NODE_PASSWORD:-$password}" ]; then
- cat <<EOF
-COMPUTE_NODE_PASSWORD "$COMPUTE_NODE_PASSWORD" not equal to nodes.json $name password "$password".
-Unset COMPUTE_NODE_PASSWORD and retry.
-EOF
- exit 1
- fi
-
- printf "#cloud-config\n" > $name-userdata.yaml
- if [ -n "$password" ]; then
- if [ -n "$username" ]; then
- passwd=$(mkpasswd --method=SHA-512 --rounds 4096 "$password")
- printf "users:" >> $name-userdata.yaml
- printf "\n - name: ""%s" "$username" >> $name-userdata.yaml
- printf "\n lock_passwd: False" >> $name-userdata.yaml # necessary to allow password login
- printf "\n passwd: ""%s" "$passwd" >> $name-userdata.yaml
- printf "\n sudo: \"ALL=(ALL) NOPASSWD:ALL\"" >> $name-userdata.yaml
- else
- printf "password: ""%s" "$password" >> $name-userdata.yaml
- fi
- printf "\nchpasswd: {expire: False}\n" >> $name-userdata.yaml
- printf "ssh_pwauth: True\n" >> $name-userdata.yaml
- fi
-
- if [ -n "$COMPUTE_NODE_FQDN" ]; then
- printf "fqdn: ""%s" "$COMPUTE_NODE_FQDN" >> $name-userdata.yaml
- printf "\n" >> $name-userdata.yaml
- fi
- printf "disable_root: false\n" >> $name-userdata.yaml
- printf "ssh_authorized_keys:\n - " >> $name-userdata.yaml
-
- if [ ! -f $HOME/.ssh/id_rsa.pub ]; then
- yes y | ssh-keygen -t rsa -N "" -f $HOME/.ssh/id_rsa
- fi
-
- cat $HOME/.ssh/id_rsa.pub >> $name-userdata.yaml
- cloud_init_scripts >> $name-userdata.yaml
- printf "\n" >> $name-userdata.yaml
-}
-
-create_networkdata() {
- name="$1"
- node_networkdata $name > $name-networkdata.json
-}
-
-function launch_baremetal_operator {
- docker pull $IRONIC_BAREMETAL_IMAGE
- kubectl apply -f bmo/namespace/namespace.yaml
- kubectl apply -f bmo/rbac/service_account.yaml -n metal3
- kubectl apply -f bmo/rbac/role.yaml -n metal3
- kubectl apply -f bmo/rbac/role_binding.yaml
- kubectl apply -f bmo/crds/metal3.io_baremetalhosts_crd.yaml
- kubectl apply -f bmo/operator/no_ironic/operator.yaml -n metal3
-}
-
-function remove_baremetal_operator {
- kubectl delete -f bmo/operator/no_ironic/operator.yaml -n metal3
- kubectl delete -f bmo/crds/metal3.io_baremetalhosts_crd.yaml
- kubectl delete -f bmo/rbac/role_binding.yaml
- kubectl delete -f bmo/rbac/role.yaml -n metal3
- kubectl delete -f bmo/rbac/service_account.yaml -n metal3
- kubectl delete -f bmo/namespace/namespace.yaml
-}
-
-function cloud_init_scripts {
- # The "intel_iommu=on iommu=pt" kernel command line is necessary
- # for QAT support.
- cat << 'EOF'
-write_files:
-- path: /var/lib/cloud/scripts/per-instance/set_kernel_cmdline.sh
- owner: root:root
- permissions: '0777'
- content: |
- #!/usr/bin/env bash
- set -eux -o pipefail
- grub_file=${1:-"/etc/default/grub"}
- kernel_parameters="intel_iommu=on iommu=pt"
- sed -i~ "/^GRUB_CMDLINE_LINUX=/{h;s/\(=\".*\)\"/\1 ${kernel_parameters}\"/};\${x;/^$/{s//GRUB_CMDLINE_LINUX=\"${kernel_parameters}\"/;H};x}" "$grub_file"
- update-grub
- reboot
-EOF
-}
-
-function apply_userdata_credential {
- name="$1"
- cat <<EOF > ./$name-user-data-credential.yaml
-apiVersion: v1
-data:
- userData: $(base64 -w 0 $name-userdata.yaml)
-kind: Secret
-metadata:
- name: $name-user-data
- namespace: metal3
-type: Opaque
-EOF
- kubectl apply -n metal3 -f $name-user-data-credential.yaml
-}
-
-apply_networkdata_credential() {
- name="$1"
- cat <<EOF > ./$name-network-data-credential.yaml
-apiVersion: v1
-data:
- networkData: $(base64 -w 0 $name-networkdata.json)
-kind: Secret
-metadata:
- name: $name-network-data
- namespace: metal3
-type: Opaque
-EOF
- kubectl apply -n metal3 -f $name-network-data-credential.yaml
-}
-