Added cleanup for bootstrap VM FIP in the insatller as part of the
PostDestroyer to streamline FIP creation and deletion to be done by the
installer avoiding orphan FIPs.
Fixes the issue of bootstrap machine logs cannot be collected when installation fails because
the bootstrap VM uses the master security group, which doesn't allow SSH
access from the installation source address. This prevents gathering
diagnostic information needed to troubleshoot failed installations.
- Created dedicated bootstrap security group with SSH access from anywhere
- Tagged with `openshiftRole=bootstrap` for lifecycle management
- Enables SSH access to bootstrap VM for log collection on failure
- Implement PostDestroyer for openstack bootstrap vm
1. clusterapi: ignition interface returns secrets
Updates the clusterapi ignition interface so that it returns
all ignition secrets. Prior to this commit, the ignition interface
returned the bootstrap ignition data, and the provision method
turned this data into secrets. Updating the interface to return
all secrets, gives greater flexibility to the platform to completely
control the ignition secrets that are created for that platform.
The motivation is that some platforms such as Nutanix may need
to create per master ignition.
2. nutanix clusterapi: fix the regression bug OCPBUGS-38118
Updates the BootstrapHasPublicIP function in the provider interface
from returning a simple bool to an enum value in order to account
for the different endpoints the installer connects to during
bootstrap log gathering in public clusters. The function is renamed
to PublicGatherEndpoint.
Presently, BootstrapHasPublicIP is only used to determine if the
installer should wait for an External IP address to be present in
the machine status (in case it is needed for gather) before declaring
a machine ready. That code is updated to account for the enum, but
the logic is unchanged.
For some platforms, we will need to be able to get different RHCOS
images based on the architecture of the nodes. Currently it's assumed
that the same image is used for all nodes.
Adds a method to the cluster-api-provider interface to indicate
whether a platform expects its bootstrap node to have a public
IP address in a public cluster. We can use this value to determine
whether the external IP should be waited for during the machine
ready checks. This ensures that the external IP will be populated
if it is needed for gather bootstrap.
This commit fixes the decoding of the cluster scheduler file
by using the apropriate yaml library. Also, it enforces both
IPv4 and IPv6 remote CIDRs on the router sg rule created when the
master is schedulable.
This is the result of the following steps:
1. Fork cluster-api-provider-openstack and revert its go.mod to Go v1.21
2. Replace the fork in the Installer's go.mod
3. Replace imports from v1alphaX to v1beta1
4. Update manifests to use the v1beta1 spec
This is created in the postprovision step, since we'll attach it once
the bootstrap machine has been created.
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
