Enable option to run FakeIPA

Signed-off-by: Mohammed Boukhalfa <[email protected]>
metal3-io · Aug 30, 2024 · 5047112 · 5047112
1 parent 2353228
commit 5047112
Show file tree

Hide file tree

Showing 6 changed files with 120 additions and 1 deletion.
diff --git a/02_configure_host.sh b/02_configure_host.sh
@@ -111,6 +111,7 @@ ANSIBLE_FORCE_COLOR=true "${ANSIBLE}-playbook" \
     -e "extradisks=${VM_EXTRADISKS}" \
     -e "virthost=${HOSTNAME}" \
     -e "platform=${NODES_PLATFORM}" \
+    -e "vm_platform=${VM_PLATFORM}" \
     -e "libvirt_firmware=${LIBVIRT_FIRMWARE}" \
     -e "libvirt_secure_boot=${LIBVIRT_SECURE_BOOT}" \
     -e "libvirt_domain_type=${LIBVIRT_DOMAIN_TYPE}" \
@@ -320,6 +321,10 @@ clone_repo "${IPAMREPO}" "${IPAMBRANCH}" "${IPAMPATH}" "${IPAMCOMMIT}"
 detect_mismatch "${CAPI_LOCAL_IMAGE:-}" "${CAPIPATH}"
 clone_repo "${CAPIREPO}" "${CAPIBRANCH}" "${CAPIPATH}" "${CAPICOMMIT}"
 
+clone_repo "https://github.com/Nordix/metal3-utility-images.git" "Add-fake-ipa/mohammed" "${HOME}/metal3-utility-images"
+sudo podman build -t "${FAKE_IPA_I}"  "${HOME}/metal3-utility-images/fake-ipa"
+sudo podman push --tls-verify=false "${FAKE_IPA_I}" 
+
 # MariaDB and Ironic source is not needed unless the images are built locally
 # If the repo path does not match with the IMAGE location that means the image
 # is built from a repo that is not under dev-env's control thus there is no
@@ -407,6 +412,7 @@ if [[ "${BUILD_IRONIC_IMAGE_LOCALLY:-}" == "true" ]] || [[ -n "${IRONIC_LOCAL_IM
 fi
 VBMC_IMAGE=${VBMC_LOCAL_IMAGE:-${VBMC_IMAGE}}
 SUSHY_TOOLS_IMAGE=${SUSHY_TOOLS_LOCAL_IMAGE:-${SUSHY_TOOLS_IMAGE}}
+FAKE_IPA_I=${FAKE_IPA_LOCAL_IMAGE:-${FAKE_IPA_I}}
 
 # Pushing images to local registry
 for IMAGE_VAR in $(env | grep -v "_LOCAL_IMAGE=" | grep "_IMAGE=" | grep -o "^[^=]*") ; do

diff --git a/03_launch_mgmt_cluster.sh b/03_launch_mgmt_cluster.sh
@@ -543,7 +543,69 @@ if [ "${EPHEMERAL_CLUSTER}" != "tilt" ]; then
     # Thus we are deleting validatingwebhookconfiguration resource if exists to let BMO is working properly on local runs.
     kubectl delete validatingwebhookconfiguration/"${BMO_NAME_PREFIX}"-validating-webhook-configuration --ignore-not-found=true
   fi
+    # if fake platform (no VMs) run FakeIPA
+  if [[ "${VM_PLATFORM}" == "fake" ]]; then
+    # wait for ironic to be running
+    kubectl -n baremetal-operator-system wait --for=condition=available deployment/baremetal-operator-ironic --timeout=300s
+    mkdir -p /opt/metal3-dev-env/fake-ipa
+    kubectl -n legacy get secret -n baremetal-operator-system   ironic-cert -o json -o=jsonpath="{.data.ca\.crt}" | base64 -d > /opt/metal3-dev-env/fake-ipa/ironic-ca.crt
+    # shellcheck disable=SC2086
+    sudo "${CONTAINER_RUNTIME}" run -d --net host --name fake-ipa ${POD_NAME_INFRA} \
+      -v "/opt/metal3-dev-env/fake-ipa":/root/cert -v "/root/.ssh":/root/ssh \
+      "${FAKE_IPA_I}"
+
+    cat << EOF >> "${WORKING_DIR}/bmhosts_crs.yaml"
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: default-node-1-bmc-secret
+  labels:
+      environment.metal3.io: baremetal
+type: Opaque
+data:
+  username: YWRtaW4=
+  password: cGFzc3dvcmQ=
+---
+apiVersion: metal3.io/v1alpha1
+kind: BareMetalHost
+metadata:
+  name: default-node-1 
+spec:
+  online: true
+  bmc:
+    address: redfish+http://192.168.111.1:8000/redfish/v1/Systems/27946b59-9e44-4fa7-8e91-f3527a1ef094
+    credentialsName: default-node-1-bmc-secret
+  bootMACAddress: 00:5c:52:31:3a:9c
+  bootMode: legacy
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: default-node-2-bmc-secret
+  labels:
+      environment.metal3.io: baremetal
+type: Opaque
+data:
+  username: YWRtaW4=
+  password: cGFzc3dvcmQ=
+---
+apiVersion: metal3.io/v1alpha1
+kind: BareMetalHost
+metadata:
+  name: default-node-2 
+spec:
+  online: true
+  bmc:
+    address: redfish+http://192.168.111.1:8000/redfish/v1/Systems/27946b59-9e44-4fa7-8e91-f3527a1ef095
+    credentialsName: default-node-2-bmc-secret
+  bootMACAddress: 00:5c:52:31:3a:9d
+  bootMode: legacy
+EOF
+  kubectl apply -f "${WORKING_DIR}/bmhosts_crs.yaml" -n "$NAMESPACE"
+  else
   apply_bm_hosts "$NAMESPACE"
+  fi
 elif [ "${EPHEMERAL_CLUSTER}" == "tilt" ]; then
 
 source tilt-setup/deploy_tilt_env.sh

diff --git a/config_example.sh b/config_example.sh
@@ -206,3 +206,7 @@
 
 # Uncomment the line below to build ironic-image from source
 # export IRONIC_FROM_SOURCE="true"
+
+# To enable FakeIPA and run dev-env on a fake platform
+# export VM_PLATFORM="fake"
+# export FAKE_IPA_I=192.168.111.1:5000/localimages/fake-ipa
diff --git a/lib/common.sh b/lib/common.sh
@@ -263,6 +263,7 @@ export CONTAINER_REGISTRY="${CONTAINER_REGISTRY:-quay.io}"
 # BMC emulator images
 export VBMC_IMAGE="${VBMC_IMAGE:-${CONTAINER_REGISTRY}/metal3-io/vbmc}"
 export SUSHY_TOOLS_IMAGE="${SUSHY_TOOLS_IMAGE:-${CONTAINER_REGISTRY}/metal3-io/sushy-tools}"
+export FAKE_IPA_I="${FAKE_IPA_I:-${CONTAINER_REGISTRY}/metal3-io/fake-ipa}"
 
 # CAPM3 and IPAM controller images
 if [[ "${CAPM3RELEASEBRANCH}" = "release-1.5" ]]; then

diff --git a/vm-setup/roles/virtbmc/tasks/setup_tasks.yml b/vm-setup/roles/virtbmc/tasks/setup_tasks.yml
@@ -107,3 +107,49 @@
       SUSHY_EMULATOR_VMEDIA_VERIFY_SSL = {{ sushy_vmedia_verify_ssl }}
       SUSHY_EMULATOR_AUTH_FILE = "/root/sushy/htpasswd"
   become: true
+  when: vm_platform|default("libvirt") != "fake"
+# if FakeIPA enabled then set required sushy-tools config
+- name: Create the Redfish Virtual BMCs for FakeIPA
+  copy:
+    mode: 0750
+    dest: "{{ working_dir }}/virtualbmc/sushy-tools/conf.py"
+    content: |
+      SUSHY_EMULATOR_LIBVIRT_URI = "{{ vbmc_libvirt_uri }}"
+      SUSHY_EMULATOR_IGNORE_BOOT_DEVICE = {{ sushy_ignore_boot_device }}
+      SUSHY_EMULATOR_VMEDIA_VERIFY_SSL = {{ sushy_vmedia_verify_ssl }}
+      SUSHY_EMULATOR_AUTH_FILE = "/root/sushy/htpasswd"
+      SUSHY_EMULATOR_FAKE_DRIVER = True
+      SUSHY_EMULATOR_FAKE_IPA = True
+      FAKE_IPA_API_URL = "https://172.22.0.2:6385"
+      FAKE_IPA_INSPECTION_CALLBACK_URL = "https://172.22.0.2:6385/v1/continue_inspection"
+      FAKE_IPA_ADVERTISE_ADDRESS_IP = "192.168.111.1"
+      FAKE_IPA_INSECURE = False
+      FAKE_IPA_CAFILE = "/root/cert/ironic-ca.crt"
+      SUSHY_EMULATOR_FAKE_SYSTEMS = [
+                  {
+                      'uuid': '27946b59-9e44-4fa7-8e91-f3527a1ef094',
+                      'name': 'fake1',
+                      'power_state': 'Off',
+                      'external_notifier': True,
+                      'nics': [
+                          {
+                              'mac': '00:5c:52:31:3a:9c',
+                              'ip': '172.22.0.100'
+                          }
+                      ]
+                  },
+                  {
+                      'uuid': '27946b59-9e44-4fa7-8e91-f3527a1ef095',
+                      'name': 'fake2',
+                      'power_state': 'Off',
+                      'external_notifier': True,
+                      'nics': [
+                          {
+                              'mac': '00:5c:52:31:3a:9d',
+                              'ip': '172.22.0.101'
+                          }
+                      ]
+                  }
+              ]
+  become: true
+  when: vm_platform|default("libvirt") == "fake"
diff --git a/vm-setup/setup-playbook.yml b/vm-setup/setup-playbook.yml
@@ -10,4 +10,4 @@
         name: libvirt
     - import_role:
         name: virtbmc
-      when: vm_platform|default("libvirt") == "libvirt"
+      when: vm_platform|default("libvirt") in ["libvirt", "fake"]