Skip to content

Commit

Permalink
OSASINFRA-3492: openstack: leverage ORC to handle RHCOS image
Browse files Browse the repository at this point in the history
Instead of forcing the users to provide an existing OpenStack Glance
image, we now let our CAPI provider to upload the image used in the
release payload and handle its lifecycle with ORC.
  • Loading branch information
EmilienM authored and MaysaMacedo committed Dec 23, 2024
1 parent 5f05b35 commit ec7505e
Show file tree
Hide file tree
Showing 16 changed files with 250 additions and 109 deletions.
6 changes: 3 additions & 3 deletions cmd/cluster/openstack/create.go
Original file line number Diff line number Diff line change
Expand Up @@ -217,15 +217,15 @@ func (o *CreateOptions) GenerateResources() ([]client.Object, error) {
Namespace: o.namespace,
Name: "capi-provider-role",
},
// The following rule is required for CAPO to watch for the Images resources created by ORC,
// The following rule is required for CAPO to reconcile for the Images resources created by ORC,
// which is a dependency since CAPO v0.11.0.
// This rule is also defined in the Hypershift HostedCluster controller and the Hypershift Operator when creating
// the cluster.
Rules: []rbacv1.PolicyRule{
{
APIGroups: []string{"openstack.k-orc.cloud"},
Resources: []string{"images"},
Verbs: []string{"list", "watch"},
Resources: []string{"images", "images/status"},
Verbs: []string{rbacv1.VerbAll},
},
},
})
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -40,9 +40,9 @@ rules:
- openstack.k-orc.cloud
resources:
- images
- images/status
verbs:
- list
- watch
- '*'
---
apiVersion: v1
data:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -40,9 +40,9 @@ rules:
- openstack.k-orc.cloud
resources:
- images
- images/status
verbs:
- list
- watch
- '*'
---
apiVersion: v1
data:
Expand Down
6 changes: 3 additions & 3 deletions cmd/install/assets/hypershift_operator.go
Original file line number Diff line number Diff line change
Expand Up @@ -1169,14 +1169,14 @@ func (o HyperShiftOperatorClusterRole) Build() *rbacv1.ClusterRole {
Resources: []string{"ipaddresses", "ipaddresses/status"},
Verbs: []string{"create", "delete", "get", "list", "update", "watch"},
},
// The following rule is required for CAPO to watch for the Images resources created by ORC,
// The following rule is required for CAPO to reconcile for the Images resources created by ORC,
// which is a dependency since CAPO v0.11.0.
// This rule is also defined in the Hypershift HostedCluster controller and the Hypershift CLI when creating
// the cluster.
{
APIGroups: []string{"openstack.k-orc.cloud"},
Resources: []string{"images"},
Verbs: []string{"list", "watch"},
Resources: []string{"images", "images/status"},
Verbs: []string{rbacv1.VerbAll},
},
{ // This allows the kubevirt csi driver to hotplug volumes to KubeVirt VMs.
APIGroups: []string{"subresources.kubevirt.io"},
Expand Down
11 changes: 1 addition & 10 deletions cmd/nodepool/openstack/create.go
Original file line number Diff line number Diff line change
Expand Up @@ -69,15 +69,6 @@ func (o *RawOpenStackPlatformCreateOptions) Validate() (*ValidatedOpenStackPlatf
return nil, fmt.Errorf("flavor is required")
}

// TODO(emilien): Remove that validation once we support using the image from the release payload.
// This will be possible when CAPO supports managing images in the OpenStack cluster:
// https://github.com/kubernetes-sigs/cluster-api-provider-openstack/pull/2130
// For 4.17 we might leave this as is and let the user provide the image name as
// we plan to deliver the OpenStack provider as a dev preview.
if o.ImageName == "" {
return nil, fmt.Errorf("image name is required")
}

additionalports, err := convertAdditionalPorts(o.AdditionalPorts)
if err != nil {
return nil, err
Expand All @@ -99,7 +90,7 @@ func BindOptions(opts *RawOpenStackPlatformCreateOptions, flags *pflag.FlagSet)

func bindCoreOptions(opts *RawOpenStackPlatformCreateOptions, flags *pflag.FlagSet) {
flags.StringVar(&opts.Flavor, "openstack-node-flavor", opts.Flavor, "The flavor to use for the nodepool (required)")
flags.StringVar(&opts.ImageName, "openstack-node-image-name", opts.ImageName, "The image name to use for the nodepool (required)")
flags.StringVar(&opts.ImageName, "openstack-node-image-name", opts.ImageName, "The image name to use for the nodepool (optional)")
flags.StringVar(&opts.AvailabityZone, "openstack-node-availability-zone", opts.AvailabityZone, "The availability zone to use for the nodepool (optional)")
flags.StringArrayVar(&opts.AdditionalPorts, "openstack-node-additional-port", opts.AdditionalPorts, fmt.Sprintf(`Specify additional port that should be attached to the nodes, the "network-id" field should point to an existing neutron network ID and the "vnic-type" is the type of the port to create, it can be specified multiple times to attach to multiple ports. Supported parameters: %s, example: "network-id:40a355cb-596d-495c-8766-419d98cadd57,vnic-type:direct"`, cmdutil.Supported(PortSpec{})))
}
Expand Down
13 changes: 1 addition & 12 deletions cmd/nodepool/openstack/create_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -15,21 +15,10 @@ func TestRawOpenStackPlatformCreateOptions_Validate(t *testing.T) {
{
name: "should fail if flavor is missing",
input: RawOpenStackPlatformCreateOptions{
OpenStackPlatformOptions: &OpenStackPlatformOptions{
ImageName: "rhcos",
},
OpenStackPlatformOptions: &OpenStackPlatformOptions{},
},
expectedError: "flavor is required",
},
{
name: "should fail if image name is missing",
input: RawOpenStackPlatformCreateOptions{
OpenStackPlatformOptions: &OpenStackPlatformOptions{
Flavor: "flavor",
},
},
expectedError: "image name is required",
},
{
name: "should pass when AZ is provided",
input: RawOpenStackPlatformCreateOptions{
Expand Down
21 changes: 1 addition & 20 deletions docs/content/how-to/openstack/create-openstack-cluster.md
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,6 @@ Upon scaling up a NodePool, a Machine will be created, and the CAPI provider wil
* OpenStack Octavia service must be running in the cloud hosting the guest cluster when ingress is configured with an Octavia load balancer.
In the future, we'll explore other Ingress options like MetalLB.
* The default external network (on which the kube-apiserver LoadBalancer type service is created) of the Management OCP cluster must be reachable from the guest cluster.
* The RHCOS image must be uploaded to OpenStack.

### Install the HyperShift and HCP CLI

Expand Down Expand Up @@ -84,23 +83,6 @@ operator-755d587f44-lrtrq 1/1 Running 0 114s
operator-755d587f44-qj6pz 1/1 Running 0 114s
```

### Upload RHCOS image in OpenStack

For now, we need to manually push an RHCOS image that will be used when deploying the node pools
on OpenStack. In the [future](https://issues.redhat.com/browse/OSASINFRA-3492), the CAPI provider (CAPO) will handle the RHCOS image
lifecycle by using the image available in the chosen release payload.

Here is an example of how to upload an RHCOS image to OpenStack:

```shell
openstack image create --disk-format qcow2 --file rhcos-openstack.x86_64.qcow2 rhcos
```

!!! note

The `rhcos-openstack.x86_64.qcow2` file is the RHCOS image that was downloaded from the OpenShift mirror.
You can download the latest RHCOS image from the [Red Hat OpenShift Container Platform mirror](https://mirror.openshift.com/pub/openshift-v4/dependencies/rhcos/).

## Create a floating IP for the Ingress (optional)

To get Ingress healthy in a HostedCluster without manual intervention, you need to create a floating IP that will be used by the Ingress service.
Expand Down Expand Up @@ -168,7 +150,6 @@ hcp create cluster openstack \
--openstack-credentials-file $CLOUDS_YAML \
--openstack-ca-cert-file $CA_CERT_PATH \
--openstack-external-network-id $EXTERNAL_NETWORK_ID \
--openstack-node-image-name $IMAGE_NAME \
--openstack-node-flavor $FLAVOR \
--openstack-ingress-floating-ip $INGRESS_FLOATING_IP
```
Expand Down Expand Up @@ -313,7 +294,7 @@ port for SR-IOV, with no port security and address pairs:
```shell
export NODEPOOL_NAME=$CLUSTER_NAME-extra-az
export WORKER_COUNT="2"
export IMAGE_NAME="rhcos"
export IMAGE_NAME="rhcos" # Pre-existing Glance image used for this NodePool
export FLAVOR="m1.xlarge"
export AZ="az1"
export SRIOV_NEUTRON_NETWORK_ID="f050901b-11bc-4a75-a553-878509255760"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -197,7 +197,9 @@ func (a OpenStack) CAPIProviderDeploymentSpec(hcluster *hyperv1.HostedCluster, _
"--namespace=$(MY_NAMESPACE)",
"--leader-elect",
"--metrics-bind-addr=127.0.0.1:8080",
"--v=2",
// We need to set the log level to 3 to get the logs from ORC.
// Once ORC follows logging guidelines, we should use V(2) again.
"--v=3",
},
Resources: corev1.ResourceRequirements{
Requests: corev1.ResourceList{
Expand Down Expand Up @@ -337,14 +339,14 @@ func (a OpenStack) CAPIProviderPolicyRules() []rbacv1.PolicyRule {
Resources: []string{"ipaddresses", "ipaddresses/status"},
Verbs: []string{"create", "delete", "get", "list", "update", "watch"},
},
// The following rule is required for CAPO to watch for the Images resources created by ORC,
// The following rule is required for CAPO to reconcile the Images resources created by ORC,
// which is a dependency since CAPO v0.11.0.
// This rule is also defined in the Hypershift Operator and the Hypershift CLI when creating
// the cluster.
{
APIGroups: []string{"openstack.k-orc.cloud"},
Resources: []string{"images"},
Verbs: []string{"list", "watch"},
Resources: []string{"images", "images/status"},
Verbs: []string{rbacv1.VerbAll},
},
}
}
Expand Down
11 changes: 11 additions & 0 deletions hypershift-operator/controllers/nodepool/capi.go
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,13 @@ func (c *CAPI) Reconcile(ctx context.Context) error {
return err
}

// Reconcile ORC resources
if nodePool.Spec.Platform.Type == hyperv1.OpenStackPlatform {
if err := c.reconcileORCResources(ctx); err != nil {
return err
}
}

// Reconcile (Platform)MachineTemplate.
template, mutateTemplate, _, err := c.machineTemplateBuilders()
if err != nil {
Expand Down Expand Up @@ -1316,3 +1323,7 @@ func (r *NodePoolReconciler) getMachinesForNodePool(ctx context.Context, nodePoo

return sortedByCreationTimestamp(machinesForNodePool), nil
}

func (c *CAPI) reconcileORCResources(ctx context.Context) error {
return openstack.ReconcileOpenStackImageCR(ctx, c.Client, c.CreateOrUpdate, c.hostedCluster, c.releaseImage)
}
23 changes: 1 addition & 22 deletions hypershift-operator/controllers/nodepool/kubevirt/kubevirt.go
Original file line number Diff line number Diff line change
Expand Up @@ -54,27 +54,6 @@ func defaultImage(releaseImage *releaseinfo.ReleaseImage) (string, string, error
return containerImage, split[1], nil
}

func unsupportedOpenstackDefaultImage(releaseImage *releaseinfo.ReleaseImage) (string, string, error) {
arch, foundArch := releaseImage.StreamMetadata.Architectures["x86_64"]
if !foundArch {
return "", "", fmt.Errorf("couldn't find OS metadata for architecture %q", "x64_64")
}
openStack, exists := arch.Artifacts["openstack"]
if !exists {
return "", "", fmt.Errorf("couldn't find OS metadata for openstack")
}
artifact, exists := openStack.Formats["qcow2.gz"]
if !exists {
return "", "", fmt.Errorf("couldn't find OS metadata for openstack qcow2.gz")
}
disk, exists := artifact["disk"]
if !exists {
return "", "", fmt.Errorf("couldn't find OS metadata for the openstack qcow2.gz disk")
}

return disk.Location, disk.SHA256, nil
}

func allowUnsupportedRHCOSVariants(nodePool *hyperv1.NodePool) bool {
val, exists := nodePool.Annotations[hyperv1.AllowUnsupportedKubeVirtRHCOSVariantsAnnotation]
if exists && strings.ToLower(val) == "true" {
Expand All @@ -101,7 +80,7 @@ func GetImage(nodePool *hyperv1.NodePool, releaseImage *releaseinfo.ReleaseImage

imageName, imageHash, err := defaultImage(releaseImage)
if err != nil && allowUnsupportedRHCOSVariants(nodePool) {
imageName, imageHash, err = unsupportedOpenstackDefaultImage(releaseImage)
imageName, imageHash, err = releaseinfo.UnsupportedOpenstackDefaultImage(releaseImage)
if err != nil {
return nil, err
}
Expand Down
75 changes: 69 additions & 6 deletions hypershift-operator/controllers/nodepool/openstack/openstack.go
Original file line number Diff line number Diff line change
@@ -1,11 +1,18 @@
package openstack

import (
"context"
"fmt"

hyperv1 "github.com/openshift/hypershift/api/hypershift/v1beta1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"

"sigs.k8s.io/controller-runtime/pkg/client"

orc "github.com/k-orc/openstack-resource-controller/api/v1alpha1"
"github.com/openshift/hypershift/support/openstackutil"
"github.com/openshift/hypershift/support/releaseinfo"
"github.com/openshift/hypershift/support/upsert"
"k8s.io/utils/ptr"
capiopenstackv1beta1 "sigs.k8s.io/cluster-api-provider-openstack/api/v1beta1"
)
Expand All @@ -20,12 +27,9 @@ func MachineTemplateSpec(hcluster *hyperv1.HostedCluster, nodePool *hyperv1.Node
Name: ptr.To(nodePool.Spec.Platform.OpenStack.ImageName),
}
} else {
// TODO(emilien): Add support for using the image from the release payload.
// This will be possible when CAPO supports managing images in the OpenStack cluster:
// https://github.com/kubernetes-sigs/cluster-api-provider-openstack/pull/2130
// For 4.17 we might leave this as is and let the user provide the image name as
// we plan to deliver the OpenStack provider as a dev preview.
return nil, fmt.Errorf("image name is required")
openStackMachineTemplate.Template.Spec.Image.ImageRef = &capiopenstackv1beta1.ResourceReference{
Name: "rhcos-" + hcluster.Name,
}
}

// TODO: add support for BYO network/subnet
Expand Down Expand Up @@ -72,3 +76,62 @@ func MachineTemplateSpec(hcluster *hyperv1.HostedCluster, nodePool *hyperv1.Node
}
return openStackMachineTemplate, nil
}

func ReconcileOpenStackImageCR(ctx context.Context, client client.Client, createOrUpdate upsert.CreateOrUpdateFN, hcluster *hyperv1.HostedCluster, release *releaseinfo.ReleaseImage) error {
openStackImage := orc.Image{
ObjectMeta: metav1.ObjectMeta{
Name: "rhcos-" + hcluster.Name,
Namespace: hcluster.Namespace,
// TODO: add proper cleanup in CAPI resources cleanup
OwnerReferences: []metav1.OwnerReference{
{
APIVersion: hcluster.APIVersion,
Kind: hcluster.Kind,
Name: hcluster.Name,
UID: hcluster.UID,
},
},
},
Spec: orc.ImageSpec{},
}

if _, err := createOrUpdate(ctx, client, &openStackImage, func() error {
err := reconcileOpenStackImageSpec(hcluster, &openStackImage.Spec, release)
if err != nil {
return err
}
return nil
}); err != nil {
return err
}
return nil
}

func reconcileOpenStackImageSpec(hcluster *hyperv1.HostedCluster, openStackImageSpec *orc.ImageSpec, release *releaseinfo.ReleaseImage) error {
imageURL, imageHash, err := releaseinfo.UnsupportedOpenstackDefaultImage(release)
if err != nil {
return fmt.Errorf("failed to lookup RHCOS image: %w", err)
}

openStackImageSpec.CloudCredentialsRef = orc.CloudCredentialsReference{
SecretName: hcluster.Spec.Platform.OpenStack.IdentityRef.Name,
CloudName: hcluster.Spec.Platform.OpenStack.IdentityRef.CloudName,
}

openStackImageSpec.Resource = &orc.ImageResourceSpec{
Name: "rhcos-" + hcluster.Name,
Content: &orc.ImageContent{
DiskFormat: "qcow2",
Download: &orc.ImageContentSourceDownload{
URL: imageURL,
Decompress: ptr.To(orc.ImageCompressionGZ),
Hash: &orc.ImageHash{
Algorithm: "sha256",
Value: imageHash,
},
},
},
}

return nil
}
Original file line number Diff line number Diff line change
Expand Up @@ -106,29 +106,6 @@ func TestOpenStackMachineTemplate(t *testing.T) {
},
},
},
{
name: "missing image name",
nodePool: hyperv1.NodePoolSpec{
ClusterName: "",
Replicas: nil,
Config: nil,
Management: hyperv1.NodePoolManagement{},
AutoScaling: nil,
Platform: hyperv1.NodePoolPlatform{
Type: hyperv1.OpenStackPlatform,
OpenStack: &hyperv1.OpenStackNodePoolPlatform{
Flavor: flavor,
},
},
Release: hyperv1.Release{},
},

checkError: func(t *testing.T, err error) {
if err == nil {
t.Errorf("image name is required")
}
},
},
}
for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
Expand Down
21 changes: 21 additions & 0 deletions support/releaseinfo/releaseinfo.go
Original file line number Diff line number Diff line change
Expand Up @@ -355,3 +355,24 @@ func (v ComponentVersions) DisplayNameLabel() string {
}
return buf.String()
}

func UnsupportedOpenstackDefaultImage(releaseImage *ReleaseImage) (string, string, error) {
arch, foundArch := releaseImage.StreamMetadata.Architectures["x86_64"]
if !foundArch {
return "", "", fmt.Errorf("couldn't find OS metadata for architecture %q", "x64_64")
}
openStack, exists := arch.Artifacts["openstack"]
if !exists {
return "", "", fmt.Errorf("couldn't find OS metadata for openstack")
}
artifact, exists := openStack.Formats["qcow2.gz"]
if !exists {
return "", "", fmt.Errorf("couldn't find OS metadata for openstack qcow2.gz")
}
disk, exists := artifact["disk"]
if !exists {
return "", "", fmt.Errorf("couldn't find OS metadata for the openstack qcow2.gz disk")
}

return disk.Location, disk.SHA256, nil
}
Loading

0 comments on commit ec7505e

Please sign in to comment.