X-Git-Url: https://gerrit.akraino.org/r/gitweb?a=blobdiff_plain;f=deploy%2Fironic%2Fironic.sh;h=d4f4bdd2f25a41cefb9499e3f0ace8e0989ac7de;hb=54fa8d162f94d9b937dba3bbdd8d56e16e7ed2e4;hp=358dbb90d8a62548c1645f9da657699ca807aa97;hpb=3132fc5e4d956ad3181a9ec0c5f234581f8947b1;p=icn.git diff --git a/deploy/ironic/ironic.sh b/deploy/ironic/ironic.sh index 358dbb9..d4f4bdd 100755 --- a/deploy/ironic/ironic.sh +++ b/deploy/ironic/ironic.sh @@ -1,5 +1,5 @@ #!/usr/bin/env bash -set -eux -o pipefail +set -eEux -o pipefail SCRIPTDIR="$(readlink -f $(dirname ${BASH_SOURCE[0]}))" LIBDIR="$(dirname $(dirname ${SCRIPTDIR}))/env/lib" @@ -8,6 +8,71 @@ source $LIBDIR/logging.sh source $LIBDIR/common.sh NAMEPREFIX="capm3" +ENABLE_DHCP="${IRONIC_ENABLE_DHCP:-yes}" + +trap err_exit ERR +function err_exit { + kubectl get all -n ${NAMEPREFIX}-system +} + +function check_interface_ip { + local -r interface=$1 + local -r ipaddr=$2 + + ip addr show dev ${interface} + if [[ $? -ne 0 ]]; then + exit 1 + fi + + local -r ipv4address=$(ip addr show dev ${interface} | awk '$1 == "inet" { sub("/.*", "", $2); print $2 }') + if [[ "$ipv4address" != "$ipaddr" ]]; then + exit 1 + fi +} + +function configure_ironic_bridge { + if [[ ! $(ip link show dev provisioning) ]]; then + ip link add dev provisioning type bridge + fi + ip link set provisioning up + ip link set dev ${IRONIC_INTERFACE} master provisioning + if [[ ! $(ip addr show dev provisioning to 172.22.0.1) ]]; then + ip addr add dev provisioning 172.22.0.1/24 + fi +} + +function configure_ironic_interfaces { + # Add firewall rules to ensure the IPA ramdisk can reach httpd, + # Ironic and the Inspector API on the host + if [ "${IRONIC_PROVISIONING_INTERFACE}" ]; then + check_interface_ip ${IRONIC_PROVISIONING_INTERFACE} ${IRONIC_PROVISIONING_INTERFACE_IP} + else + exit 1 + fi + + for port in 80 5050 6385 ; do + if ! sudo iptables -C INPUT -i ${IRONIC_PROVISIONING_INTERFACE} -p tcp -m tcp --dport ${port} -j ACCEPT > /dev/null 2>&1; then + sudo iptables -I INPUT -i ${IRONIC_PROVISIONING_INTERFACE} -p tcp -m tcp --dport ${port} -j ACCEPT + fi + done + + # Allow access to dhcp and tftp server for pxeboot + for port in 67 69 ; do + if ! sudo iptables -C INPUT -i ${IRONIC_PROVISIONING_INTERFACE} -p udp --dport ${port} -j ACCEPT 2>/dev/null ; then + sudo iptables -I INPUT -i ${IRONIC_PROVISIONING_INTERFACE} -p udp --dport ${port} -j ACCEPT + fi + done +} + +function deploy_bridge { + configure_ironic_bridge + configure_ironic_interfaces +} + +function clean_bridge { + ip link set provisioning down || true + ip link del provisioning type bridge || true +} # This may be used to update the in-place Ironic YAML files from the # upstream project. We cannot use the upstream sources directly as @@ -21,29 +86,39 @@ function build_source { mkdir -p $(dirname ${dst}) envsubst <${src} >${dst} done + sed -i -e '/name: quay.io\/metal3-io\/ironic/{n;s/newTag:.*/newTag: '"${BMO_VERSION}"'/;}' ${SCRIPTDIR}/icn/kustomization.yaml } function deploy { fetch_image - kustomize build ${SCRIPTDIR}/icn | kubectl apply -f - + local layer="${SCRIPTDIR}/icn" + if [[ ${ENABLE_DHCP} != "yes" ]]; then + layer="${SCRIPTDIR}/icn-no-dhcp" + fi + kustomize build ${layer} | kubectl apply -f - kubectl wait --for=condition=Available --timeout=600s deployment/${NAMEPREFIX}-ironic -n ${NAMEPREFIX}-system } function clean { kustomize build ${SCRIPTDIR}/icn | kubectl delete -f - + rm -rf ${IRONIC_DATA_DIR} } case $1 in "build-source") build_source ;; "clean") clean ;; + "clean-bridge") clean_bridge ;; "deploy") deploy ;; + "deploy-bridge") deploy_bridge ;; *) cat <