Added cleanup for bootstrap VM FIP in the insatller as part of the
PostDestroyer to streamline FIP creation and deletion to be done by the
installer avoiding orphan FIPs.
Fixes the issue of bootstrap machine logs cannot be collected when installation fails because
the bootstrap VM uses the master security group, which doesn't allow SSH
access from the installation source address. This prevents gathering
diagnostic information needed to troubleshoot failed installations.
- Created dedicated bootstrap security group with SSH access from anywhere
- Tagged with `openshiftRole=bootstrap` for lifecycle management
- Enables SSH access to bootstrap VM for log collection on failure
- Implement PostDestroyer for openstack bootstrap vm
When using single stack IPv6 there is no need to create IPv4 rules.
This commit restricts the creation of IPv4 rules for when the IPv4
Machine Networks exists in the cluster.
This commit enables the single stack IPv6 installation
on OpenStack, by skipping the generation of Floating IP as
it's not supported over IPv6 and skip validation of VIPs
addresses allocation as they are provided by the user when
using dual-stack or just IPv6.
1. clusterapi: ignition interface returns secrets
Updates the clusterapi ignition interface so that it returns
all ignition secrets. Prior to this commit, the ignition interface
returned the bootstrap ignition data, and the provision method
turned this data into secrets. Updating the interface to return
all secrets, gives greater flexibility to the platform to completely
control the ignition secrets that are created for that platform.
The motivation is that some platforms such as Nutanix may need
to create per master ignition.
2. nutanix clusterapi: fix the regression bug OCPBUGS-38118
Updates the BootstrapHasPublicIP function in the provider interface
from returning a simple bool to an enum value in order to account
for the different endpoints the installer connects to during
bootstrap log gathering in public clusters. The function is renamed
to PublicGatherEndpoint.
Presently, BootstrapHasPublicIP is only used to determine if the
installer should wait for an External IP address to be present in
the machine status (in case it is needed for gather) before declaring
a machine ready. That code is updated to account for the enum, but
the logic is unchanged.
Before this patch, we used the Neutron call to add tags to the newly
created security groups. However, that API doesn't accept tags
containing special characters such as slash (`/`), even when
url-encoded.
With this change, the security groups are tagged with an alternative API
call (replace-all-tags) which accepts the tags in a JSON object.
Apparently, Neutron accepts special characters (including slash) when
they come in a JSON object.
For some platforms, we will need to be able to get different RHCOS
images based on the architecture of the nodes. Currently it's assumed
that the same image is used for all nodes.
Before this patch, the bootstrap FIP was attached to the first available
port attached to the bootstrap server. As a consequence, the Installer
sometimes tried to attach the FIP to a port that was created on an
additional network.
With this patch, the bootstrap FIP is only attached to the bootstrap
port that exists on the cluster network.
Adds a method to the cluster-api-provider interface to indicate
whether a platform expects its bootstrap node to have a public
IP address in a public cluster. We can use this value to determine
whether the external IP should be waited for during the machine
ready checks. This ensures that the external IP will be populated
if it is needed for gather bootstrap.
This commit fixes the decoding of the cluster scheduler file
by using the apropriate yaml library. Also, it enforces both
IPv4 and IPv6 remote CIDRs on the router sg rule created when the
master is schedulable.
When using external LB the API and Ingress are managed externally,
so we shouldn't create Neutron Ports with the VIPs for API and
Ingress nor should we set those addresses in the Machines allowed
address pairs.
When no external network is set on CAPO Cluster status
it's not possible to create a Floating IP for the bootstrap.
This commit fixes the issue by skipping the creation.
When using dualstack the user is required to
pre-create the VIPs Ports, so let's retrieve them
in order to attach the Floating IPs instead of trying to
create Ports with the same address.
This is the result of the following steps:
1. Fork cluster-api-provider-openstack and revert its go.mod to Go v1.21
2. Replace the fork in the Installer's go.mod
3. Replace imports from v1alphaX to v1beta1
4. Update manifests to use the v1beta1 spec
This is created in the postprovision step, since we'll attach it once
the bootstrap machine has been created.
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
