OCTOPUS-625:Added role for approve and issue csr cert and get vm file

Signed-off-by: Punith Kenchappa <[email protected]>

openstack/intel-worker/playbooks/intel-worker-playbook.yml

@@ -14,6 +14,18 @@
   roles:
     - virtual_machine_create
 
+- name: Wait for 3 minutes
+  hosts: localhost
+  tasks:
+    - name: Pause for 3 minutes
+      pause:
+        seconds: 180
+
+- name: Approve and issue
+  hosts: localhost
+  roles:
+    - approve_and_issue
+
 - name: Intel worker vitrual_machine create
   hosts: localhost
   roles:

openstack/intel-worker/playbooks/roles/approve_and_issue/defaults/main.yml

@@ -0,0 +1,5 @@
+---
+# Approve and issue vars
+approve_and_issue_intel_count: 1
+approve_and_issue_intel_prefix: "rdr-mac"
+approve_and_issue_intel_zone: "openstack"

openstack/intel-worker/playbooks/roles/approve_and_issue/files/approve_and_issue.sh

@@ -0,0 +1,101 @@
+#!/usr/bin/env bash
+
+################################################################
+# Copyright 2024 - IBM Corporation. All rights reserved
+# SPDX-License-Identifier: Apache-2.0
+################################################################
+
+# Approve and Issue CSRs for our generated amd64 workers only
+# The hostname is of the style - ${name_prefix}-worker-${ZONE}-${index}
+
+# Var: ${self.triggers.counts}
+INTEL_COUNT="${1}"
+
+# Var: ${self.triggers.approve}
+INTEL_PREFIX="${2}"
+
+INTEL_ZONE="${3}"
+
+# Machine Prefix
+MACHINE_PREFIX="${INTEL_PREFIX}-worker-${INTEL_ZONE}"
+
+if [ "0" -eq "${INTEL_COUNT}" ]
+then
+  echo "There are no workers in the ${INTEL_ZONE}"
+  exit 0
+fi
+
+IDX=0
+READY_COUNT=$(oc get nodes -l kubernetes.io/arch=amd64 | grep "${MACHINE_PREFIX}" | grep -v NotReady | grep -c Ready)
+while [ "${READY_COUNT}" -ne "${INTEL_COUNT}" ]
+do
+
+  echo "List of Intel Workers in ${INTEL_ZONE}: "
+  oc get nodes -l 'kubernetes.io/arch=amd64' -o json | jq -r '.items[] | .metadata.name'
+  echo ""
+
+  echo "Approve and Issue - #${IDX}"
+  echo "List of Intel Workers to be added with prefix '${MACHINE_PREFIX}': "
+  oc get nodes -l 'kubernetes.io/arch=amd64' --no-headers=true | grep "${MACHINE_PREFIX}"
+  echo ""
+
+  # Approve
+  JSON_BODY=$(oc get csr -o json | jq -r '.items[] | select (.spec.username == "system:serviceaccount:openshift-machine-config-operator:node-bootstrapper")' | jq -r '. | select(.status == {})')
+  for CSR_REQUEST in $(echo ${JSON_BODY} | jq -r '. | "\(.metadata.name),\(.spec.request)"')
+  do 
+    CSR_NAME=$(echo ${CSR_REQUEST} | sed 's|,| |'| awk '{print $1}')
+    CSR_REQU=$(echo ${CSR_REQUEST} | sed 's|,| |'| awk '{print $2}')
+    echo "CSR_NAME: ${CSR_NAME}"
+    NODE_NAME=$(echo ${CSR_REQU} | base64 -d | openssl req -text | grep 'Subject:' | awk '{print $NF}')
+    echo "Pending CSR found for NODE_NAME: ${NODE_NAME}"
+
+    if grep -q "system:node:${MACHINE_PREFIX}" <<< "$NODE_NAME"
+    then
+      oc adm certificate approve "${CSR_NAME}"
+    fi
+  done
+
+  LOCAL_WORKER_SCAN=0
+  while [ "$LOCAL_WORKER_SCAN" -lt "$INTEL_COUNT" ]
+  do
+    # username: system:node:mac-674e-worker-0
+    for CSR_NAME in $(oc get csr -o json | jq -r '.items[] | select (.spec.username == "'system:node:${MACHINE_PREFIX}-${LOCAL_WORKER_SCAN}'")' | jq -r '.metadata.name')
+    do
+      # Dev note: will approve more than one matching csr
+      echo "Approving: ${CSR_NAME} system:node:${MACHINE_PREFIX}-${LOCAL_WORKER_SCAN}"
+      oc adm certificate approve "${CSR_NAME}"
+    done
+    sleep 10
+    LOCAL_WORKER_SCAN=$(($LOCAL_WORKER_SCAN + 1))
+  done
+
+  # Wait for 30 seconds before we hammer the system
+  echo "Sleeping before re-running - 30 seconds"
+  sleep 30
+
+  # Re-read the 'Ready' count
+  READY_COUNT=$(oc get nodes -l kubernetes.io/arch=amd64 | grep "${MACHINE_PREFIX}" | grep -v NotReady | grep -c Ready)
+
+  # Increment counter
+  IDX=$(($IDX + 1))
+
+  # End Early... we've checked enough.
+  if [ "${IDX}" -eq "60" ]
+  then
+    echo "Exceeded the wait time for CSRs to be generated - > 30 minutes"
+    echo "Printing all Nodes"
+    oc get nodes -owide
+    echo ""
+    echo "Get All CSRs"
+    oc get csr
+    echo "Exiting with Error. Ready count - ${READY_COUNT} is not matching with expected Intel Worker count - ${INTEL_COUNT}"
+    echo "Supplied Worker/s with prefix: '${MACHINE_PREFIX}' are not yet Ready."
+    exit -1
+  fi
+done
+# Final Check
+if [ "${READY_COUNT}" -eq "${INTEL_COUNT}" ]
+then
+  echo "Supplied Worker/s with prefix: '${MACHINE_PREFIX}' are Ready."
+  oc get nodes -l 'kubernetes.io/arch=amd64' --no-headers=true | grep "${MACHINE_PREFIX}"
+fi

openstack/intel-worker/playbooks/roles/approve_and_issue/tasks/main.yml

@@ -0,0 +1,12 @@
+---
+# file to add the approve and issue csr certificate
+- name: Copy the approve and issue file to tmp folder
+  ansible.builtin.copy:
+    src: "{{ role_path }}/files/approve_and_issue.sh"
+    dest: /tmp/approve_and_issue.sh
+    mode: "0755"
+
+- name: Run the script to approve and issue csr certificate
+  ansible.builtin.script:
+    cmd: /tmp/approve_and_issue.sh "{{ approve_and_issue_intel_count }}" "{{ approve_and_issue_intel_prefix }}" "{{ approve_and_issue_intel_zone }}"
+    register: configdrive_partition_output

openstack/intel-worker/playbooks/roles/virtual_machine_create/defaults/main.yml

@@ -1,6 +1,6 @@
 ---
 # Virtual_machine details
-virtual_machine_create_name: rdr-mac-worker
+virtual_machine_create_name: rdr-mac-worker-openstack
 virtual_machine_create_region_name: RegionOne
 virtual_machine_create_availability_zone: Test
 virtual_machine_create_image_name: 4df699b6-6877-4b77-9ddb-0d6dc9cefb68
@@ -9,28 +9,16 @@ virtual_machine_create_volume_size: 80
 virtual_machine_create_keypair_name: pun_keypair
 virtual_machine_create_network_name: provider
 virtual_machine_create_userdata: "{{ lookup('template', 'worker-amd64.ign.j2') }}"
-# virtual_machine_create_userdata: "{{ lookup('file', '/var/www/html/ignition/worker-amd64.ign') | string }}"
-# virtual_machine_create_userdata: "#!/bin/sh\nyum -y install python3"
-# virtual_machine_userdata: "|\n#cloud-config\nchpasswd:\nlist: |\nubuntu:passw0rd\nexpire: False\npackages:\n- ansible\npackage_upgrade: true"
-# Examples:
-#       userdata: |
-#         #cloud-config
-#         chpasswd:
-#           list: |
-#             ubuntu:{{ default_password }}
-#           expire: False
-#         packages:
-#           - ansible
-#         package_upgrade: true
 virtual_machine_create_timeout: 300
+virtual_machine_create_count: 3
 
 # Used in ignition task
-virtual_machine_create_worker_hostname: "rdr-mac"
+virtual_machine_create_worker_hostname: "rdr-mac-worker-openstack"
 virtual_machine_create_worker_hostname_encoded: ""
 virtual_machine_create_etc_resolve_encoded: ""
 virtual_machine_create_dns_none_encoded: ""
 virtual_machine_create_bastion_ip: "10.20.181.69"
-virtual_machine_create_domain_name: "rdr-mac"
+virtual_machine_create_domain_name: "rdr-mac1"
 virtual_machine_create_http_port: "8080"
 virtual_machine_create_https_port: "443"
 

openstack/intel-worker/playbooks/roles/virtual_machine_create/tasks/get_vm.yml

@@ -0,0 +1,22 @@
+---
+- name: Get virtual machine info
+  openstack.cloud.server_info:
+    cloud: openstack
+    name: "{{ virtual_machine_create_name }}"
+  register: vm_info
+
+- name: Print virtual machine vm_info
+  ansible.builtin.debug:
+    var: vm_info
+
+- name: Wait for instance to become active
+  ansible.builtin.wait_for:
+    timeout: 300
+    delay: 5
+    host: "{{ vm_info.servers[0].name }}"
+    port: "{{ vm_info.servers[0].addresses['private'].ipv4 }}"
+    state: started
+    search_regex: active
+  until: vm_info.servers[0].status == 'ACTIVE'
+  retries: 60
+  delay: 10

openstack/intel-worker/playbooks/roles/virtual_machine_create/tasks/main.yml

@@ -1,6 +1,6 @@
 ---
 # file: intel-worker-playbook.yml
-- name: Add identity resources
+- name: Create ignition file
   ansible.builtin.include_tasks:
     file: ignition.yml
 
@@ -18,3 +18,7 @@
     network: "{{ virtual_machine_create_network_name }}"
     userdata: "{{ virtual_machine_create_userdata }}"
     timeout: "{{ virtual_machine_create_timeout }}"
+
+- name: Get and wait for VM in active state
+  ansible.builtin.include_tasks:
+    file: get_vm.yml