diff --git a/data/data/baremetal/main.tf b/data/data/baremetal/main.tf index b06a1af9370..2baa6e85b0a 100644 --- a/data/data/baremetal/main.tf +++ b/data/data/baremetal/main.tf @@ -21,11 +21,13 @@ module "bootstrap" { module "masters" { source = "./masters" - master_count = var.master_count - ignition = var.ignition_master - hosts = var.hosts - properties = var.properties - root_devices = var.root_devices - driver_infos = var.driver_infos - instance_infos = var.instance_infos + master_count = var.master_count + ignition = var.ignition_master + hosts = var.hosts + properties = var.properties + root_devices = var.root_devices + driver_infos = var.driver_infos + instance_infos = var.instance_infos + ignition_url = var.ignition_url + ignition_url_ca_cert = var.ignition_url_ca_cert } diff --git a/data/data/baremetal/masters/main.tf b/data/data/baremetal/masters/main.tf index 45282841c99..fc05829b5db 100644 --- a/data/data/baremetal/masters/main.tf +++ b/data/data/baremetal/masters/main.tf @@ -41,7 +41,8 @@ resource "ironic_deployment" "openshift-master-deployment" { count.index, ) - instance_info = var.instance_infos[count.index] - user_data = var.ignition + instance_info = var.instance_infos[count.index] + user_data_url = var.ignition_url + user_data_url_ca_cert = var.ignition_url_ca_cert } diff --git a/data/data/baremetal/masters/variables.tf b/data/data/baremetal/masters/variables.tf index b6f39fec3d5..a4ed49c7d85 100644 --- a/data/data/baremetal/masters/variables.tf +++ b/data/data/baremetal/masters/variables.tf @@ -33,3 +33,13 @@ variable "instance_infos" { type = list(map(string)) description = "Instance information for hosts" } + +variable "ignition_url" { + type = string + description = "The URL of the full ignition" +} + +variable "ignition_url_ca_cert" { + type = string + description = "Root CA cert of the full ignition URL" +} diff --git a/data/data/baremetal/variables-baremetal.tf b/data/data/baremetal/variables-baremetal.tf index d1632edc0dc..810ed59dae8 100644 --- a/data/data/baremetal/variables-baremetal.tf +++ b/data/data/baremetal/variables-baremetal.tf @@ -47,3 +47,13 @@ variable "instance_infos" { type = list(map(string)) description = "Instance information for hosts" } + +variable "ignition_url" { + type = string + description = "The URL of the full ignition" +} + +variable "ignition_url_ca_cert" { + type = string + description = "Root CA cert of the full ignition URL" +} diff --git a/pkg/asset/cluster/tfvars.go b/pkg/asset/cluster/tfvars.go index 91537eacb3c..42622fcaccc 100644 --- a/pkg/asset/cluster/tfvars.go +++ b/pkg/asset/cluster/tfvars.go @@ -2,9 +2,12 @@ package cluster import ( "context" + "encoding/base64" "encoding/json" "fmt" "io/ioutil" + "net" + "net/url" "os" igntypes "github.com/coreos/ignition/config/v2_2/types" @@ -29,6 +32,7 @@ import ( "github.com/openshift/installer/pkg/asset/machines" "github.com/openshift/installer/pkg/asset/openshiftinstall" "github.com/openshift/installer/pkg/asset/rhcos" + "github.com/openshift/installer/pkg/asset/tls" "github.com/openshift/installer/pkg/tfvars" awstfvars "github.com/openshift/installer/pkg/tfvars/aws" azuretfvars "github.com/openshift/installer/pkg/tfvars/azure" @@ -88,6 +92,7 @@ func (t *TerraformVariables) Dependencies() []asset.Asset { &machine.Master{}, &machines.Master{}, &machines.Worker{}, + &tls.RootCA{}, } } @@ -102,7 +107,8 @@ func (t *TerraformVariables) Generate(parents asset.Parents) error { workersAsset := &machines.Worker{} rhcosImage := new(rhcos.Image) rhcosBootstrapImage := new(rhcos.BootstrapImage) - parents.Get(clusterID, installConfig, bootstrapIgnAsset, masterIgnAsset, mastersAsset, workersAsset, rhcosImage, rhcosBootstrapImage) + rootCA := &tls.RootCA{} + parents.Get(clusterID, installConfig, bootstrapIgnAsset, masterIgnAsset, mastersAsset, workersAsset, rhcosImage, rhcosBootstrapImage, rootCA) platform := installConfig.Config.Platform.Name() switch platform { @@ -388,6 +394,11 @@ func (t *TerraformVariables) Generate(parents asset.Parents) error { Data: data, }) case baremetal.Name: + ignitionURL := &url.URL{ + Scheme: "https", + Host: net.JoinHostPort(installConfig.Config.Platform.BareMetal.APIVIP, "22623"), + Path: "config/master", + } data, err = baremetaltfvars.TFVars( installConfig.Config.Platform.BareMetal.LibvirtURI, installConfig.Config.Platform.BareMetal.BootstrapProvisioningIP, @@ -396,6 +407,8 @@ func (t *TerraformVariables) Generate(parents asset.Parents) error { installConfig.Config.Platform.BareMetal.ProvisioningBridge, installConfig.Config.Platform.BareMetal.Hosts, string(*rhcosImage), + ignitionURL.String(), + base64.StdEncoding.EncodeToString(rootCA.Cert()), ) if err != nil { return errors.Wrapf(err, "failed to get %s Terraform variables", platform) diff --git a/pkg/tfvars/baremetal/baremetal.go b/pkg/tfvars/baremetal/baremetal.go index 5e76ecb1134..da2b9ede117 100644 --- a/pkg/tfvars/baremetal/baremetal.go +++ b/pkg/tfvars/baremetal/baremetal.go @@ -22,6 +22,8 @@ type config struct { BootstrapOSImage string `json:"bootstrap_os_image,omitempty"` ExternalBridge string `json:"external_bridge,omitempty"` ProvisioningBridge string `json:"provisioning_bridge,omitempty"` + IgnitionURL string `json:"ignition_url,omitempty"` + IgnitionURLCACert string `json:"ignition_url_ca_cert,omitempty"` // Data required for control plane deployment - several maps per host, because of terraform's limitations Hosts []map[string]interface{} `json:"hosts"` @@ -32,7 +34,7 @@ type config struct { } // TFVars generates bare metal specific Terraform variables. -func TFVars(libvirtURI, bootstrapProvisioningIP, bootstrapOSImage, externalBridge, provisioningBridge string, platformHosts []*baremetal.Host, image string) ([]byte, error) { +func TFVars(libvirtURI, bootstrapProvisioningIP, bootstrapOSImage, externalBridge, provisioningBridge string, platformHosts []*baremetal.Host, image string, ignitionURL string, ignitionURLCACert string) ([]byte, error) { bootstrapOSImage, err := cache.DownloadImageFile(bootstrapOSImage) if err != nil { return nil, errors.Wrap(err, "failed to use cached bootstrap libvirt image") @@ -132,6 +134,8 @@ func TFVars(libvirtURI, bootstrapProvisioningIP, bootstrapOSImage, externalBridg DriverInfos: driverInfos, RootDevices: rootDevices, InstanceInfos: instanceInfos, + IgnitionURL: ignitionURL, + IgnitionURLCACert: ignitionURLCACert, } return json.MarshalIndent(cfg, "", " ")