The `FailureDomains` was updated to become a pointer, consequently
the field may be absent in the `OpenShiftMachineV1Beta1MachineTemplate`.
This commits updates the manifests test to take that into account.
On clusters configured with dual-stack network the
IPv4 and IPv6 addresses can be added to the main interface
at different time, which results in the openshift node addresses
not containing the IPv6 address. This commit fixes the issue
by including `ip=dhcp,dhcp6` to the kernel args of masters and works,
which sets `required-timeout` to an value that the IP configuration
will be tried before succeeds. This configuration is valid for day1
dual-stack clusters only.
We introduced a TechPreview of OpenStack network failure domains in 4.13
that is now incompatible with the new control-plane-machine-set.
With this change, we remove the experimental implementation of network
failure domains to prepare for the control-plane-machine-set
implementation.
Co-Authored-By: Emilien Macchi <emilien@redhat.com>
Co-Authored-By: Pierre Prinetti <pierreprinetti@redhat.com>
This API has not moved and there is no plan to make any change that
would be backward incompatible in the future.
The feature was well tested (and automated) by our QE on this platform,
as well documented on OCP 4.13.
We think this API is ready to be GA'ed.
Distribute Control plane machines across user-defined failure domains.
This feature is being release under a TechPreviewNoUpgrade FeatureSet.
Failure domains can be defined in the `controlPlane` machine-pool of
`install-config.yaml` as follows:
```yaml
controlPlane:
name: master
platform:
openstack:
type: ${CONTROL_PLANE_FLAVOR}
failureDomains:
- computeAvailabilityZone: 'nova-1'
storageAvailabilityZone: 'cinder-1'
portTargets:
- id: storage
network:
id: 8db6a48e-375b-4caa-b20b-5b9a7218bfe6
- computeAvailabilityZone: 'nova-2'
storageAvailabilityZone: 'cinder-2'
portTargets:
- id: storage
network:
id: 39a7b82a-a8a4-45a4-ba5a-288569a6edd1
- computeAvailabilityZone: 'nova-3'
storageAvailabilityZone: 'cinder-3'
portTargets:
- id: storage
network:
id: 8e4b4e0d-3865-4a9b-a769-559270271242
```
Each `failureDomains` entry can take an optional
`computeAvailabilityZone` string, an optional `storageAvailabilityZone`
string, and an optional `portTargets` array.
Each `portTargets` entry requires an arbirtary `id`, which must be unique per
`failureDomain`. If `id` is exactly `control-plane`, then that
`portTarget` is used instead of the default primary subnet (or instead
of `machinesSubnet` if defined) as the first machine network.
Each `portTargets` entry takes an optional `network` object and an
optional `fixedIPs` array (not represented in the example).
The `network` object taks an optional `name` string and an optional `id`
string. `name` is ignored if `id` is passed.
Each `fixedIPs` entry takes a `subnet` object which syntax is [defined
in the `machinev1alpha1` spec as
`SubnetFilter`](d170fcdc0f/machine/v1alpha1/types_openstack.go (L230-L281)).
Note that unless an external load balancer is used, `portTargets` with
id `control-plane` must all have one single subnet and must all refer to
the same OpenStack subnet. As a consequence, the result will be similar
as setting a `machinesSubnet`, except that Compute nodes will not
follow.
In 4.12, the default CNI will be OVNKubernetes.
This change will deploy ovnk by default as well
as adjust tests, docs and comments to reflect
the same.
Signed-off-by: Jamo Luhrsen <jluhrsen@gmail.com>
The openstack manifests tests use an install config with the
clusterID field that is no longer supported by the installer.
Changes to the installer to enforce strict unmarshalling of the
install config is in place but is being hindered by the openstack
manifests tests in this PR.
https://github.com/openshift/installer/pull/5307
With this change, Compute nodes within each MachineSet are automatically
created in a Server group, with a default policy of
"soft-anti-affinity".
With this change, a "serverGroupPolicy" can be set in install-config, on
the worker MachinePool and/or in the platform default.
Implements OSASINFRA-2570
Co-Authored-By: Matthew Booth <mbooth@redhat.com>
This will clean up all volumes under all non-default pools. The
openshift CI creates a pool for each cluster.
Signed-off-by: Christy Norman <christy@linux.vnet.ibm.com>
Address [1]:
.../virsh-cleanup.sh:4:1: note: read without -r will mangle backslashes. [SC2162]
.../virsh-cleanup.sh:26:63: note: read without -r will mangle backslashes. [SC2162]
.../virsh-cleanup.sh:26:75: warning: DETAILS appears unused. Verify use (or export if used externally). [SC2034]
I don't expect any backslashes in these values, but it doesn't hurt to
protect against them anyway. And using _ instead of DETAILS for the
dummy variable that keeps VOLUME limited to the first field seems to
be enough to avoid SC2034 triggering.
[1]: https://travis-ci.org/openshift/installer/jobs/411041440#L388
We use the extension to find files for shellcheck since we grew
shellcheck testing in d488d7c1 (add shellcheck to travis CI pipeline,
2018-06-18, coreos/tectonic-installer#3297). This rename gets
shellcheck coverage for the virsh-cleanup script.
Make it a bit easier for virsh newcomers to cleanup from a failed
install in situations where 'tectonic destroy' is unavailable or
broken.
The default QEMU URI matches the default in
examples/tectonic.libvirt.yaml
It's unforuntate that vol-list doesn't support --name or similar, but
at least my virsh v3.9.0 had no such option. To work around that I'm
using tail to strip the table header and read to store the first word
from each line in VOLUME.
tag-aws.sh is using grafiti, whose tagPatterns takes jq expressions
[1]. We've been using strftime since the script landed in 82bdd9fe
(installer/scripts: AWS tag and delete scripts, 2017-06-28,
coreos/tectonic-installer#1239). jq's strftime doesn't respect your
configured $TZ, but the coming jq 1.6 will add strflocaltime which
does [2,3]. jq uses seconds since the epoch for date-time values [4].
You can test the new construct with:
$ jq --null-input --raw-output 'now + 24*60*60 | strftime("%Y-%m-%d")'
2018-07-27
-d is not part of the POSIX date specification [5], but it (and the
'tomorrow' value) are supported by GNU Coreutils [6,7]. We've been
using -d in clean-aws.sh for a while now, so this is now a new
dependency.
I've also dropped date_override, since we can just set date_string
directly. And I've shuffled around some of the conditionals to avoid
calling the 'date' and 'jq' commands needlessly when --date-override
is set.
I've also replaced the multiple date calls in clean-aws.sh with a
single call to jq. jq was already a required dependency for this
script, and only needing a single child process is much faster:
$ time for i in $(seq 100); do A="$(jq --null-input '[["%Y-%m-%d", "%Y-%-m-%-d", "%m-%d-%Y", "%m-%-d-%-Y", "%-m-%-d-%-Y", "%d-%m-%Y", "%d-%-m-%-Y"][] | . as $format | [now, now - 24*60*60][] | strftime($format)]')"; done
real 0m0.256s
user 0m0.186s
sys 0m0.077s
$ time for i in $(seq 100); do A="$(date "+%Y-%m-%d" -d "-1 day")\",\"$(date "+%Y-%-m-%-d" -d "-1 day")\",\"$(date "+%m-%-d-%-Y" -d "-1 day")\",\"$(date "+%-m-%-d-%-Y" -d "-1 day")\",\"$(date "+%d-%m-%-Y" -d "-1 day")\",\"$(date "+%d-%-m-%-Y" -d "-1 day")\",\"$(date +%m-%d-%Y)\",\"$(date +%d-%m-%Y)\",\"$(date +%d-%-m-%Y)\",\"$(date +%Y-%m-%d)\",\"$(date +%Y-%-m-%-d)"; done
real 0m1.358s
user 0m0.604s
sys 0m0.832s
And that's despite the fact that the old approach skipped some formats
for today (e.g. %m-%-d-%-Y had been only used to format yesterday).
The plethora of date formats are mostly from 39952635 (ci: add more
date format when grafiti apply the cleanning, 2017-09-12,
coreos/tectonic-installer#1890), although we've had some since
82bdd9fe. The motivation seems to be matching human-generated tags
[8], which are less reliably formatted.
[1]: 89a8bc92ad/README.md (configure-grafiti)
[2]: https://github.com/stedolan/jq/wiki/FAQ
[3]: 06f20603f6
[4]: https://stedolan.github.io/jq/manual/v1.5/#Dates
[5]: http://pubs.opengroup.org/onlinepubs/9699919799/utilities/date.html
[6]: https://www.gnu.org/software/coreutils/manual/html_node/Options-for-date.html
[7]: https://www.gnu.org/software/coreutils/manual/html_node/Relative-items-in-date-strings.html
[8]: https://github.com/coreos/tectonic-installer/pull/1890#issuecomment-328904664
d541760f (scripts/maintenance/*-aws: Drop --workspace-dir,
2018-07-08, #34) cleaned up some related handling, but missed this.
Before this commit, an unset --tag-file would have resulted in a
useless $tag_file creation which was never written to, and the
"Deleting resources with the following tags:" line wouldn't actually
print the actual tag.json content.
So folks don't need to bother setting --aws-region or $AWS_REGION to
use their usual default. Docs for the config file settings are in
[1].
I've also adjusted the logic so that the precedence is:
1. --aws-region, falling back to
2. $AWS_REGION, falling back to
3. ~/.aws
Previously, $AWS_REGION took precedence, and has since the scripts
landed in 82bdd9fe (installer/scripts: AWS tag and delete scripts,
2017-06-28, coreos/tectonic-installer#1239). But having environment
variables override explicitly-set command line options is not
idiomatic.
[1]: https://docs.aws.amazon.com/cli/latest/userguide/cli-config-files.html
We haven't set $WORKSPACE since 1dea5c84 (tests: Remove unused
smoke.sh + tfvars file, 2017-10-04, coreos/tectonic-installer#2036),
so there's no longer a need for the --workspace-dir options. Users
who care where the scratch files live can set $TMPDIR:
$ man 7 environ | grep TMPDIR | sed 's/ */ /g' | cut -b -67
* TMPDIR influences the path prefix of names created by tempnam(3)
I'm still calling readlink on the mktemp output in case $TMPDIR (or
/tmp, if $TMPDIR is unset) is a symlink.
I'm also fixing --config-file, --exclude-file, and --tag-file.
Previously we were using:
CONFIG_FILE="/tmp/config/$(basename "$config_file")"
and similar. But inside the container, /tmp/config is coming from the
$tmp_dir volume mount. And when --config-file was set, we weren't
writing the referenced content into $tmp_dir. Now we always write the
content into $tmp_dir, regardless of whether the content is
user-supplied or the script's default.
Also avoid some parallel-call races by avoiding a shared /tmp/config
(or ${workspace}/config). With the old approach, the trap rm call for
one invocation could blow away a /tmp/config used by another
invocation. With this commit, we use mktemp to give a secure, unique
$tmp_dir. And once we have that, we can hard-code the paths to the
config, tag, and exclude files inside $tmp_dir.
The 'echo -e' calls landed with the script in 82bdd9fe
(installer/scripts: AWS tag and delete scripts, 2017-06-28,
coreos/tectonic-installer#1239). But $tags doesn't actually need any
backslash expansion:
$ date_string='2000-01-01'
$ tags="[{\"Key\":\"expirationDate\",\"Value\":\"$date_string\"}]"
$ echo "${tags}"
[{"Key":"expirationDate","Value":"2000-01-01"}]
Perhaps the original concern was over the \" in the tags definition,
but those are expanded by the shell during that initialization. By
the time we get around to invoking echo, there are no backslashes left
(unless the user has injected some via --date-override, and we don't
want to support that ;).
The interactive prompt means these scripts will probably be run from
interactive terminals. But still, it's nice to send errors to stderr
where they belong.
Signed-off-by: W. Trevor King <wking@tremily.us>
Following the pattern set by tag-route53-hosted-zones.sh. I'm also
following tag-route53-hosted-zones.sh in not testing for any POSIX
commands we use, although it would be easy to add tests for them as
well if we wanted.
At least on Bash 4.4, the -V form writes a missing-command message to
stderr:
$ echo $BASH_VERSION
4.4.23(1)-release
$ command -v does-not-exist >/dev/null
$ command -V does-not-exist >/dev/null
-bash: command: does-not-exist: not found
Because we're not redirecting command's stderr in the script, it will
fall through to the caller's stderr and make it easier for them to
figure out what went wrong.
Also write a "Missing required dependencies" string to stderr. We'd
had a "Dependencies not installed." string literal from 82bdd9fe
(installer/scripts: AWS tag and delete scripts, 2017-06-28,
coreos/tectonic-installer#1239), but it hadn't been written anywhere
so it was effectively an internal comment.
The typos are from 82bdd9fe (installer/scripts: AWS tag and delete
scripts, 2017-06-28, coreos/tectonic-installer#1239).
While I'm touching these lines, also send their output to stderr
instead of stdout (because we're reporting an error).
Also exit nonzero in these unrecognized-option cases.
