Adds unit tests in platform_test.py to verify OpenStack platform defaults.
Covers cases such as:
- Assigning a default OpenShift-managed load balancer when none is specified
- Handling user-managed load balancers with and without VIPs
- Ensuring correct API and Ingress VIP assignments
-If no load balancer is provided, a default OpenShift load balancer is
now assigned automatically. This ensures proper handling and avoids
misconfigurations.
- Previously, when API and Ingress VIPs were not specified, default values were automatically
generated for user-managed load balancers.This was unintended behavior.
Now, if the user does not explicitly provide API and Ingress VIPs, a fatal error is thrown instead.
Reject a controlPlanePort where the subnet filter is not set.
The rest of the code (both in pre-flight validation and in machine
generation) assumes that a subnet filter is set on the controlPlanePort.
As Kuryr is removed the creation of trunks for the machines
is not a requirement anymore. To reduce the amount of
resources we manage by default, let's avoid creating it as is
not a requirement. This commit will disable trunk creation by default
and let the user enable trunk by modifying the generated Machine manifests.
Also, the terraform support for creation of Machines with Trunk is being
removed.
Avoid the duplication of configuring the client in multiple locations.
It also gives us a single point to start configuring a user agent for
the installer.
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
When a machine is created with a compute availability zone (defined via `mpool.zones`) and a storage root volume (defined as `mpool.rootVolume`) and that `rootVolume` has no specified `zones`, CAPO will use the compute AZ for the volume AZ.
This can be problematic if the AZ doesn't exist in Cinder.
Source:
9d183bd479/pkg/cloud/services/compute/instance.go (L439-L442)
```golang
func (s *Service) getOrCreateRootVolume(eventObject runtime.Object, instanceSpec *InstanceSpec, imageID string) (*volumes.Volume, error) {
(...)
availabilityZone := instanceSpec.FailureDomain
if rootVolume.AvailabilityZone != "" {
availabilityZone = rootVolume.AvailabilityZone
}
(...)
```
If a compute AZ is provided alongside with a root volume, we now require
the root volume to have an AZ, so we force the user to make a choice on
which AZ the root volume is deployed on.
We are also enforcing it via CEL validation in OpenShift API.
* Do nothing - at the risk of hitting this situation: a failure domain with a Compute AZ and a root volume with no AZ, CAPO using the compute AZ to create the volume but that AZ doesn't exist in Cinder, leading into Machine creation errors.
* Only do a validation in the CPMS - which will require CPMS manual
edits from the user.
* Change logic in CAPO wrt how root volume AZ is picked - unlikely to happen
This commit adds dual stack support with bring your own network
for OpenStack platform. The new ControlPlanePort field accepts IPv4/IPv6
subnets and the network in the install config, while the machinesSubnet
only supports IPv4 Subnets and is deprecated.
We introduced a TechPreview of OpenStack network failure domains in 4.13
that is now incompatible with the new control-plane-machine-set.
With this change, we remove the experimental implementation of network
failure domains to prepare for the control-plane-machine-set
implementation.
Co-Authored-By: Emilien Macchi <emilien@redhat.com>
Co-Authored-By: Pierre Prinetti <pierreprinetti@redhat.com>
When using dual-stack installations the user needs to pre-create
the api and ingress port given OpenStack does not allow direct
assignment of addresses when using slaac/stateless, consequently
the installer can't create those. This commit adds support to tag
those Ports, assign security groups to them, attach the Floating IP
when needed and allow clean up of resources.
This API has not moved and there is no plan to make any change that
would be backward incompatible in the future.
The feature was well tested (and automated) by our QE on this platform,
as well documented on OCP 4.13.
We think this API is ready to be GA'ed.
Distribute Control plane machines across user-defined failure domains.
This feature is being release under a TechPreviewNoUpgrade FeatureSet.
Failure domains can be defined in the `controlPlane` machine-pool of
`install-config.yaml` as follows:
```yaml
controlPlane:
name: master
platform:
openstack:
type: ${CONTROL_PLANE_FLAVOR}
failureDomains:
- computeAvailabilityZone: 'nova-1'
storageAvailabilityZone: 'cinder-1'
portTargets:
- id: storage
network:
id: 8db6a48e-375b-4caa-b20b-5b9a7218bfe6
- computeAvailabilityZone: 'nova-2'
storageAvailabilityZone: 'cinder-2'
portTargets:
- id: storage
network:
id: 39a7b82a-a8a4-45a4-ba5a-288569a6edd1
- computeAvailabilityZone: 'nova-3'
storageAvailabilityZone: 'cinder-3'
portTargets:
- id: storage
network:
id: 8e4b4e0d-3865-4a9b-a769-559270271242
```
Each `failureDomains` entry can take an optional
`computeAvailabilityZone` string, an optional `storageAvailabilityZone`
string, and an optional `portTargets` array.
Each `portTargets` entry requires an arbirtary `id`, which must be unique per
`failureDomain`. If `id` is exactly `control-plane`, then that
`portTarget` is used instead of the default primary subnet (or instead
of `machinesSubnet` if defined) as the first machine network.
Each `portTargets` entry takes an optional `network` object and an
optional `fixedIPs` array (not represented in the example).
The `network` object taks an optional `name` string and an optional `id`
string. `name` is ignored if `id` is passed.
Each `fixedIPs` entry takes a `subnet` object which syntax is [defined
in the `machinev1alpha1` spec as
`SubnetFilter`](d170fcdc0f/machine/v1alpha1/types_openstack.go (L230-L281)).
Note that unless an external load balancer is used, `portTargets` with
id `control-plane` must all have one single subnet and must all refer to
the same OpenStack subnet. As a consequence, the result will be similar
as setting a `machinesSubnet`, except that Compute nodes will not
follow.
The validation is no longer necessary now that we stopped using mDNS.
Instead, rely on cluster name validation common to all platforms for
length check and the on-prem cluster name validation for names
containing dots.
This aligns with other on-prem platforms.
In 4.12, the default CNI will be OVNKubernetes.
This change will deploy ovnk by default as well
as adjust tests, docs and comments to reflect
the same.
Signed-off-by: Jamo Luhrsen <jluhrsen@gmail.com>
Networking resources tagging is a hard requirement for OpenShift on
OpenStack and we should refuse from running the installer when the
underlying OpenStack platform does not support it.
Also, the destroy script may delete unmanaged resources when network
tagging is not available. With this patch, the destroy script will
refuse to work when network tagging is not available.
Fixes Bug 2013877
Co-authored-by: Martin André <m.andre@redhat.com>
Co-authored-by: Pierre Prinetti <pierreprinetti@redhat.com>
With this change, Compute nodes within each MachineSet are automatically
created in a Server group, with a default policy of
"soft-anti-affinity".
With this change, a "serverGroupPolicy" can be set in install-config, on
the worker MachinePool and/or in the platform default.
Implements OSASINFRA-2570
Co-Authored-By: Matthew Booth <mbooth@redhat.com>
Prior to this change, the Control plane nodes are created in a server
group with the hardcoded policy "soft-anti-affinity".
This change adds a new configuration knob in the OpenStack-specific
MachinePool configuration of `install-config.yaml`.
The new property `controlPlane.platform.openstack.serverGroupPolicy`
defines the policy that will be applied to the Control Plane server
group.
Acceptable values are:
* `affinity`
* `anti-affinity`
* `soft-affinity`
* `soft-anti-affinity`
Defaults to `soft-anti-affinity`, to match the previous hardcoded
behaviour.
Validation will fail if the property is set on the Compute MachinePool.
This commit adds a new optional list of strings parameter called
Zones to OpenStack's Root Volume. When it's set, OpenShift will create
instance root volumes in the specified availability zones.
This commit explicitly disables reading auth data from env variables
by setting an invalid EnvPrefix. By doing this, we make sure that the
data from clouds.yaml is enough to authenticate.
After this change we don't have to unset OS_CLOUD env variable explicitly
anymore.
Ref https://issues.redhat.com/browse/OSASINFRA-2152
ClusterOSImageProperties is a list properties to be added
to the installer-uploaded ClusterOSImage in Glance.
The default is to not set any properties.
Co-Authored-By: Martin André <m.andre@redhat.com>
Despite the fact `externalNetwork` is considered as an
optional parameter, installations fails if it's not specified.
This commit makes this and related parameters truly optional.
Following suit with AWS, OpenStack is adding support for custom AZs
for installer machine pools. Users can pass a list of zones to use
and the nodes in that machine pool will be spread across them.
- Removes floating ip binding from bootstrap server
if external network is not used
- Added documentation for optional externalNetwork
- Modifies gather to handle when floating ips are not used
To make the user experience more cohesive, we are adding this feature to
allow users to pass a floating IP to be attached to the ingress port. This
mirrors the way users add the floating ip for the API port.
This commit removes unnecessary ValidValuesFetcher interface and
all related implementations. Now we collect all required data before
the validation and pass cloud info values to the validation functions
after that. It simplifies the architecture and makes these functions
static.
Additionally, all validations that require calls to the OpenStack cloud
were moved from pkg/types/openstack to pkg/asset/installconfig/openstack.
