diff --git a/openstack/intel-worker/playbooks/intel-worker-playbook.yml b/openstack/intel-worker/playbooks/intel-worker-playbook.yml index c62ec96..26f99a4 100644 --- a/openstack/intel-worker/playbooks/intel-worker-playbook.yml +++ b/openstack/intel-worker/playbooks/intel-worker-playbook.yml @@ -14,6 +14,18 @@ roles: - virtual_machine_create +- name: Wait for 3 minutes + hosts: localhost + tasks: + - name: Pause for 3 minutes + pause: + seconds: 180 + +- name: Approve and issue + hosts: localhost + roles: + - approve_and_issue + - name: Intel worker vitrual_machine create hosts: localhost roles: diff --git a/openstack/intel-worker/playbooks/roles/approve_and_issue/defaults/main.yml b/openstack/intel-worker/playbooks/roles/approve_and_issue/defaults/main.yml new file mode 100644 index 0000000..ec4a7c4 --- /dev/null +++ b/openstack/intel-worker/playbooks/roles/approve_and_issue/defaults/main.yml @@ -0,0 +1,5 @@ +--- +# Approve and issue vars +approve_and_issue_intel_count: 1 +approve_and_issue_intel_prefix: "rdr-mac" +approve_and_issue_intel_zone: "openstack" diff --git a/openstack/intel-worker/playbooks/roles/approve_and_issue/files/approve_and_issue.sh b/openstack/intel-worker/playbooks/roles/approve_and_issue/files/approve_and_issue.sh new file mode 100644 index 0000000..531e8bc --- /dev/null +++ b/openstack/intel-worker/playbooks/roles/approve_and_issue/files/approve_and_issue.sh @@ -0,0 +1,101 @@ +#!/usr/bin/env bash + +################################################################ +# Copyright 2024 - IBM Corporation. All rights reserved +# SPDX-License-Identifier: Apache-2.0 +################################################################ + +# Approve and Issue CSRs for our generated amd64 workers only +# The hostname is of the style - ${name_prefix}-worker-${ZONE}-${index} + +# Var: ${self.triggers.counts} +INTEL_COUNT="${1}" + +# Var: ${self.triggers.approve} +INTEL_PREFIX="${2}" + +INTEL_ZONE="${3}" + +# Machine Prefix +MACHINE_PREFIX="${INTEL_PREFIX}-worker-${INTEL_ZONE}" + +if [ "0" -eq "${INTEL_COUNT}" ] +then + echo "There are no workers in the ${INTEL_ZONE}" + exit 0 +fi + +IDX=0 +READY_COUNT=$(oc get nodes -l kubernetes.io/arch=amd64 | grep "${MACHINE_PREFIX}" | grep -v NotReady | grep -c Ready) +while [ "${READY_COUNT}" -ne "${INTEL_COUNT}" ] +do + + echo "List of Intel Workers in ${INTEL_ZONE}: " + oc get nodes -l 'kubernetes.io/arch=amd64' -o json | jq -r '.items[] | .metadata.name' + echo "" + + echo "Approve and Issue - #${IDX}" + echo "List of Intel Workers to be added with prefix '${MACHINE_PREFIX}': " + oc get nodes -l 'kubernetes.io/arch=amd64' --no-headers=true | grep "${MACHINE_PREFIX}" + echo "" + + # Approve + JSON_BODY=$(oc get csr -o json | jq -r '.items[] | select (.spec.username == "system:serviceaccount:openshift-machine-config-operator:node-bootstrapper")' | jq -r '. | select(.status == {})') + for CSR_REQUEST in $(echo ${JSON_BODY} | jq -r '. | "\(.metadata.name),\(.spec.request)"') + do + CSR_NAME=$(echo ${CSR_REQUEST} | sed 's|,| |'| awk '{print $1}') + CSR_REQU=$(echo ${CSR_REQUEST} | sed 's|,| |'| awk '{print $2}') + echo "CSR_NAME: ${CSR_NAME}" + NODE_NAME=$(echo ${CSR_REQU} | base64 -d | openssl req -text | grep 'Subject:' | awk '{print $NF}') + echo "Pending CSR found for NODE_NAME: ${NODE_NAME}" + + if grep -q "system:node:${MACHINE_PREFIX}" <<< "$NODE_NAME" + then + oc adm certificate approve "${CSR_NAME}" + fi + done + + LOCAL_WORKER_SCAN=0 + while [ "$LOCAL_WORKER_SCAN" -lt "$INTEL_COUNT" ] + do + # username: system:node:mac-674e-worker-0 + for CSR_NAME in $(oc get csr -o json | jq -r '.items[] | select (.spec.username == "'system:node:${MACHINE_PREFIX}-${LOCAL_WORKER_SCAN}'")' | jq -r '.metadata.name') + do + # Dev note: will approve more than one matching csr + echo "Approving: ${CSR_NAME} system:node:${MACHINE_PREFIX}-${LOCAL_WORKER_SCAN}" + oc adm certificate approve "${CSR_NAME}" + done + sleep 10 + LOCAL_WORKER_SCAN=$(($LOCAL_WORKER_SCAN + 1)) + done + + # Wait for 30 seconds before we hammer the system + echo "Sleeping before re-running - 30 seconds" + sleep 30 + + # Re-read the 'Ready' count + READY_COUNT=$(oc get nodes -l kubernetes.io/arch=amd64 | grep "${MACHINE_PREFIX}" | grep -v NotReady | grep -c Ready) + + # Increment counter + IDX=$(($IDX + 1)) + + # End Early... we've checked enough. + if [ "${IDX}" -eq "60" ] + then + echo "Exceeded the wait time for CSRs to be generated - > 30 minutes" + echo "Printing all Nodes" + oc get nodes -owide + echo "" + echo "Get All CSRs" + oc get csr + echo "Exiting with Error. Ready count - ${READY_COUNT} is not matching with expected Intel Worker count - ${INTEL_COUNT}" + echo "Supplied Worker/s with prefix: '${MACHINE_PREFIX}' are not yet Ready." + exit -1 + fi +done +# Final Check +if [ "${READY_COUNT}" -eq "${INTEL_COUNT}" ] +then + echo "Supplied Worker/s with prefix: '${MACHINE_PREFIX}' are Ready." + oc get nodes -l 'kubernetes.io/arch=amd64' --no-headers=true | grep "${MACHINE_PREFIX}" +fi \ No newline at end of file diff --git a/openstack/intel-worker/playbooks/roles/approve_and_issue/tasks/main.yml b/openstack/intel-worker/playbooks/roles/approve_and_issue/tasks/main.yml new file mode 100644 index 0000000..65077b1 --- /dev/null +++ b/openstack/intel-worker/playbooks/roles/approve_and_issue/tasks/main.yml @@ -0,0 +1,12 @@ +--- +# file to add the approve and issue csr certificate +- name: Copy the approve and issue file to tmp folder + ansible.builtin.copy: + src: "{{ role_path }}/files/approve_and_issue.sh" + dest: /tmp/approve_and_issue.sh + mode: "0755" + +- name: Run the script to approve and issue csr certificate + ansible.builtin.script: + cmd: /tmp/approve_and_issue.sh "{{ approve_and_issue_intel_count }}" "{{ approve_and_issue_intel_prefix }}" "{{ approve_and_issue_intel_zone }}" + register: configdrive_partition_output diff --git a/openstack/intel-worker/playbooks/roles/virtual_machine_create/defaults/main.yml b/openstack/intel-worker/playbooks/roles/virtual_machine_create/defaults/main.yml index 34be0e3..6bc635d 100644 --- a/openstack/intel-worker/playbooks/roles/virtual_machine_create/defaults/main.yml +++ b/openstack/intel-worker/playbooks/roles/virtual_machine_create/defaults/main.yml @@ -1,6 +1,6 @@ --- # Virtual_machine details -virtual_machine_create_name: rdr-mac-worker +virtual_machine_create_name: rdr-mac-worker-openstack virtual_machine_create_region_name: RegionOne virtual_machine_create_availability_zone: Test virtual_machine_create_image_name: 4df699b6-6877-4b77-9ddb-0d6dc9cefb68 @@ -9,28 +9,16 @@ virtual_machine_create_volume_size: 80 virtual_machine_create_keypair_name: pun_keypair virtual_machine_create_network_name: provider virtual_machine_create_userdata: "{{ lookup('template', 'worker-amd64.ign.j2') }}" -# virtual_machine_create_userdata: "{{ lookup('file', '/var/www/html/ignition/worker-amd64.ign') | string }}" -# virtual_machine_create_userdata: "#!/bin/sh\nyum -y install python3" -# virtual_machine_userdata: "|\n#cloud-config\nchpasswd:\nlist: |\nubuntu:passw0rd\nexpire: False\npackages:\n- ansible\npackage_upgrade: true" -# Examples: -# userdata: | -# #cloud-config -# chpasswd: -# list: | -# ubuntu:{{ default_password }} -# expire: False -# packages: -# - ansible -# package_upgrade: true virtual_machine_create_timeout: 300 +virtual_machine_create_count: 3 # Used in ignition task -virtual_machine_create_worker_hostname: "rdr-mac" +virtual_machine_create_worker_hostname: "rdr-mac-worker-openstack" virtual_machine_create_worker_hostname_encoded: "" virtual_machine_create_etc_resolve_encoded: "" virtual_machine_create_dns_none_encoded: "" virtual_machine_create_bastion_ip: "10.20.181.69" -virtual_machine_create_domain_name: "rdr-mac" +virtual_machine_create_domain_name: "rdr-mac1" virtual_machine_create_http_port: "8080" virtual_machine_create_https_port: "443" diff --git a/openstack/intel-worker/playbooks/roles/virtual_machine_create/tasks/get_vm.yml b/openstack/intel-worker/playbooks/roles/virtual_machine_create/tasks/get_vm.yml new file mode 100644 index 0000000..700eda3 --- /dev/null +++ b/openstack/intel-worker/playbooks/roles/virtual_machine_create/tasks/get_vm.yml @@ -0,0 +1,22 @@ +--- +- name: Get virtual machine info + openstack.cloud.server_info: + cloud: openstack + name: "{{ virtual_machine_create_name }}" + register: vm_info + +- name: Print virtual machine vm_info + ansible.builtin.debug: + var: vm_info + +- name: Wait for instance to become active + ansible.builtin.wait_for: + timeout: 300 + delay: 5 + host: "{{ vm_info.servers[0].name }}" + port: "{{ vm_info.servers[0].addresses['private'].ipv4 }}" + state: started + search_regex: active + until: vm_info.servers[0].status == 'ACTIVE' + retries: 60 + delay: 10 diff --git a/openstack/intel-worker/playbooks/roles/virtual_machine_create/tasks/main.yml b/openstack/intel-worker/playbooks/roles/virtual_machine_create/tasks/main.yml index 58895fc..da48471 100644 --- a/openstack/intel-worker/playbooks/roles/virtual_machine_create/tasks/main.yml +++ b/openstack/intel-worker/playbooks/roles/virtual_machine_create/tasks/main.yml @@ -1,6 +1,6 @@ --- # file: intel-worker-playbook.yml -- name: Add identity resources +- name: Create ignition file ansible.builtin.include_tasks: file: ignition.yml @@ -18,3 +18,7 @@ network: "{{ virtual_machine_create_network_name }}" userdata: "{{ virtual_machine_create_userdata }}" timeout: "{{ virtual_machine_create_timeout }}" + +- name: Get and wait for VM in active state + ansible.builtin.include_tasks: + file: get_vm.yml