Revert "baremetal: send full ignition to masters"

Steven Hardy · Steven Hardy · commit 35c5089b781c · 2021-03-08T14:48:50.000Z
This doesn't work for IPI baremetal deployments driven via hive, because there are firewall rules that prevent access to the bootstrap MCS from the pod running the installer. This was implemented in: openshift#4427 But we ran into problems making the same approach work for worker machines ref: openshift#4456 We're now looking at other approaches to resolve the network-config requirements driving that work, so switching back to the pointer config for masters seems reasonable, particularly given this issue discovered for hive deployments. Conflicts: pkg/tfvars/baremetal/baremetal.go This reverts commit 98dc381.
diff --git a/data/data/baremetal/main.tf b/data/data/baremetal/main.tf
@@ -26,13 +26,11 @@ module "bootstrap" {
 module "masters" {
   source = "./masters"
 
-  master_count                = var.master_count
-  hosts                       = var.hosts
-  properties                  = var.properties
-  root_devices                = var.root_devices
-  driver_infos                = var.driver_infos
-  instance_infos              = var.instance_infos
-  master_ignition_url         = var.master_ignition_url
-  master_ignition_url_ca_cert = var.master_ignition_url_ca_cert
-  master_ignition_url_headers = var.master_ignition_url_headers
+  master_count   = var.master_count
+  ignition       = var.ignition_master
+  hosts          = var.hosts
+  properties     = var.properties
+  root_devices   = var.root_devices
+  driver_infos   = var.driver_infos
+  instance_infos = var.instance_infos
 }
diff --git a/data/data/baremetal/masters/main.tf b/data/data/baremetal/masters/main.tf
@@ -42,10 +42,8 @@ resource "ironic_deployment" "openshift-master-deployment" {
     count.index,
   )
 
-  instance_info         = var.instance_infos[count.index]
-  user_data_url         = var.master_ignition_url
-  user_data_url_ca_cert = var.master_ignition_url_ca_cert
-  user_data_url_headers = var.master_ignition_url_headers
+  instance_info = var.instance_infos[count.index]
+  user_data     = var.ignition
 }
 
 data "ironic_introspection" "openshift-master-introspection" {
diff --git a/data/data/baremetal/masters/variables.tf b/data/data/baremetal/masters/variables.tf
@@ -4,6 +4,11 @@ variable "master_count" {
   default     = 3
 }
 
+variable "ignition" {
+  type        = string
+  description = "The content of the master ignition file"
+}
+
 variable "hosts" {
   type        = list(map(string))
   description = "Hardware details for hosts"
@@ -28,18 +33,3 @@ variable "instance_infos" {
   type        = list(map(string))
   description = "Instance information for hosts"
 }
-
-variable "master_ignition_url" {
-  type        = string
-  description = "The URL of the full ignition"
-}
-
-variable "master_ignition_url_ca_cert" {
-  type        = string
-  description = "Root CA cert of the full ignition URL"
-}
-
-variable "master_ignition_url_headers" {
-  type        = map(string)
-  description = "Headers to use when retrieving master_ignition_url"
-}
diff --git a/data/data/baremetal/variables-baremetal.tf b/data/data/baremetal/variables-baremetal.tf
@@ -57,18 +57,3 @@ variable "instance_infos" {
   type        = list(map(string))
   description = "Instance information for hosts"
 }
-
-variable "master_ignition_url" {
-  type        = string
-  description = "The URL of the full ignition"
-}
-
-variable "master_ignition_url_ca_cert" {
-  type        = string
-  description = "Root CA cert of the full ignition URL"
-}
-
-variable "master_ignition_url_headers" {
-  type        = map(string)
-  description = "Headers to pass when retrieving master_ignition_url"
-}
diff --git a/pkg/tfvars/baremetal/baremetal.go b/pkg/tfvars/baremetal/baremetal.go
@@ -9,8 +9,6 @@ import (
 	"path"
 	"strings"
 
-	igntypes "github.com/coreos/ignition/v2/config/v3_2/types"
-
 	"github.com/metal3-io/baremetal-operator/pkg/bmc"
 	"github.com/metal3-io/baremetal-operator/pkg/hardware"
 	"github.com/openshift/installer/pkg/tfvars/internal/cache"
@@ -28,10 +26,6 @@ type config struct {
 	IronicUsername string `json:"ironic_username"`
 	IronicPassword string `json:"ironic_password"`
 
-	MasterIgnitionURL        string            `json:"master_ignition_url,omitempty"`
-	MasterIgnitionURLCACert  string            `json:"master_ignition_url_ca_cert,omitempty"`
-	MasterIgnitionURLHeaders map[string]string `json:"master_ignition_url_headers,omitempty"`
-
 	// Data required for control plane deployment - several maps per host, because of terraform's limitations
 	Hosts         []map[string]interface{} `json:"hosts"`
 	RootDevices   []map[string]interface{} `json:"root_devices"`
@@ -174,44 +168,19 @@ func TFVars(libvirtURI, apiVIP, imageCacheIP, bootstrapOSImage, externalBridge,
 			})
 	}
 
-	var masterIgn igntypes.Config
-	if err := json.Unmarshal([]byte(ignition), &masterIgn); err != nil {
-		return nil, err
-	}
-	if len(masterIgn.Ignition.Config.Merge) == 0 {
-		return nil, errors.Wrap(err, "Empty Merge section in master pointer ignition")
-	}
-	ignitionURL := *masterIgn.Ignition.Config.Merge[0].Source
-	if len(masterIgn.Ignition.Security.TLS.CertificateAuthorities) == 0 {
-		return nil, errors.Wrap(err, "Empty CertificateAuthorities section in master pointer ignition")
-	}
-	ignitionURLCACert := strings.TrimPrefix(
-		*masterIgn.Ignition.Security.TLS.CertificateAuthorities[0].Source,
-		"data:text/plain;charset=utf-8;base64,")
-	// To return the same version as the stub config, the MCS requires a
-	// header, otherwise we get 2.2.0, e.g:
-	// "Accept: application/vnd.coreos.ignition+json; version=3.1.0"
-	ignitionURLHeaders := map[string]string{
-		"Accept": fmt.Sprintf("application/vnd.coreos.ignition+json;version=%s",
-			masterIgn.Ignition.Version),
-	}
-
 	cfg := &config{
-		LibvirtURI:               libvirtURI,
-		IronicURI:                fmt.Sprintf("http://%s/v1", net.JoinHostPort(apiVIP, "6385")),
-		InspectorURI:             fmt.Sprintf("http://%s/v1", net.JoinHostPort(apiVIP, "5050")),
-		BootstrapOSImage:         bootstrapOSImage,
-		IronicUsername:           ironicUsername,
-		IronicPassword:           ironicPassword,
-		Hosts:                    hosts,
-		Bridges:                  bridges,
-		Properties:               properties,
-		DriverInfos:              driverInfos,
-		RootDevices:              rootDevices,
-		InstanceInfos:            instanceInfos,
-		MasterIgnitionURL:        ignitionURL,
-		MasterIgnitionURLCACert:  ignitionURLCACert,
-		MasterIgnitionURLHeaders: ignitionURLHeaders,
+		LibvirtURI:       libvirtURI,
+		IronicURI:        fmt.Sprintf("http://%s/v1", net.JoinHostPort(apiVIP, "6385")),
+		InspectorURI:     fmt.Sprintf("http://%s/v1", net.JoinHostPort(apiVIP, "5050")),
+		BootstrapOSImage: bootstrapOSImage,
+		IronicUsername:   ironicUsername,
+		IronicPassword:   ironicPassword,
+		Hosts:            hosts,
+		Bridges:          bridges,
+		Properties:       properties,
+		DriverInfos:      driverInfos,
+		RootDevices:      rootDevices,
+		InstanceInfos:    instanceInfos,
 	}
 
 	return json.MarshalIndent(cfg, "", "  ")

Original file line number	Diff line number	Diff line change
`@@ -42,10 +42,8 @@ resource "ironic_deployment" "openshift-master-deployment" {`
`42`	`42`	`count.index,`
`43`	`43`	`)`
`44`	`44`
`45`		`- instance_info = var.instance_infos[count.index]`
`46`		`- user_data_url = var.master_ignition_url`
`47`		`- user_data_url_ca_cert = var.master_ignition_url_ca_cert`
`48`		`- user_data_url_headers = var.master_ignition_url_headers`
	`45`	`+ instance_info = var.instance_infos[count.index]`
	`46`	`+ user_data = var.ignition`
`49`	`47`	`}`
`50`	`48`
`51`	`49`	`data "ironic_introspection" "openshift-master-introspection" {`