ovirt: IPI Improvements

- Replace the need of provide Engine API URL - Remove the need of copy/past certificate - Auto-dectect if Engine CA cert is installed - Check if engine domain provided is responsive - User cannot fix wrong oVirt user once provided - Replace static strings in the code from oVirt to Engine - Do not allow users to select uninitialized DC - Credentials - set max login attempts - ovirt: DNS VIP removal - Update explain for installer Signed-off-by: Douglas Schilling Landgraf <dougsland@redhat.com>
openshift · Jun 9, 2020 · 235492f · 235492f
1 parent 9d36ed8
commit 235492f
Show file tree

Hide file tree

Showing 23 changed files with 285 additions and 149 deletions.
diff --git a/data/data/install.openshift.io_installconfigs.yaml b/data/data/install.openshift.io_installconfigs.yaml
@@ -938,10 +938,6 @@ spec:
                       used when installing on bare metal for machine pools which do
                       not define their own platform configuration.
                     type: object
-                  dnsVIP:
-                    description: DNSVIP is the VIP to use for internal DNS communication
-                    format: ip
-                    type: string
                   externalBridge:
                     description: External bridge is used for external communication.
                     type: string
@@ -1027,7 +1023,6 @@ spec:
                     type: string
                 required:
                 - apiVIP
-                - dnsVIP
                 - hosts
                 - ingressVIP
                 - provisioningNetworkInterface
@@ -1303,10 +1298,6 @@ spec:
                         - high_performance
                         type: string
                     type: object
-                  dns_vip:
-                    description: DNSVIP is the IP of the internal DNS which will be
-                      operated by the cluster
-                    type: string
                   ingress_vip:
                     description: IngressIP is an external IP which routes to the default
                       ingress controller. The IP is a suitable target of a wildcard
@@ -1334,7 +1325,6 @@ spec:
                     type: string
                 required:
                 - api_vip
-                - dns_vip
                 - ingress_vip
                 - ovirt_cluster_id
                 - ovirt_storage_domain_id

diff --git a/data/data/ovirt/bootstrap/variables.tf b/data/data/ovirt/bootstrap/variables.tf
@@ -4,12 +4,12 @@ variable "cluster_id" {
 
 variable "ovirt_cluster_id" {
   type        = string
-  description = "The ID of oVirt's cluster"
+  description = "The ID of Cluster"
 }
 
 variable "ovirt_template_id" {
   type        = string
-  description = "The ID of oVirt's VM template"
+  description = "The ID of VM template"
 }
 
 variable "ignition_bootstrap" {
@@ -26,4 +26,4 @@ variable "openstack_base_image_local_file_path" {
   type        = string
   default     = ""
   description = "Local file path of the base image file to use for the nodes."
-}
+}
diff --git a/data/data/ovirt/masters/variables.tf b/data/data/ovirt/masters/variables.tf
@@ -14,12 +14,12 @@ variable "master_count" {
 
 variable "ovirt_cluster_id" {
   type        = string
-  description = "The ID of oVirt's cluster"
+  description = "The ID of Cluster"
 }
 
 variable "ovirt_template_id" {
   type        = string
-  description = "The ID of oVirt's VM template"
+  description = "The ID of VM template"
 }
 
 variable "ignition_master" {

diff --git a/data/data/ovirt/template/variables.tf b/data/data/ovirt/template/variables.tf
@@ -4,12 +4,12 @@ variable "cluster_id" {
 
 variable "ovirt_cluster_id" {
   type        = string
-  description = "The ID of oVirt's cluster"
+  description = "The ID of Cluster"
 }
 
 variable "ovirt_storage_domain_id" {
   type        = string
-  description = "The ID of oVirt's storage domain"
+  description = "The ID of Storage Domain"
 }
 
 variable "ignition_bootstrap" {
@@ -30,10 +30,10 @@ variable "openstack_base_image_local_file_path" {
 
 variable "ovirt_network_name" {
   type        = string
-  description = "The name of ovirt's logical network for the selected ovirt cluster."
+  description = "The name of Logical Network for the selected Cluster."
 }
 
 variable "ovirt_vnic_profile_id" {
   type        = string
-  description = "The ID of the vnic profile of ovirt's logical network."
+  description = "The ID of the vNIC profile of Logical Network."
 }
diff --git a/data/data/ovirt/variables-ovirt.tf b/data/data/ovirt/variables-ovirt.tf
@@ -6,27 +6,27 @@ variable "bootstrap_dns" {
 
 variable "ovirt_url" {
   type        = string
-  description = "The oVirt engine URL"
+  description = "The Engine URL"
 }
 
 variable "ovirt_username" {
   type        = string
-  description = "The name of user to access oVirt engine API"
+  description = "The name of user to access Engine API"
 }
 
 variable "ovirt_password" {
   type        = string
-  description = "The plain password of user to access oVirt engine API"
+  description = "The plain password of user to access Engine API"
 }
 
 variable "ovirt_cluster_id" {
   type        = string
-  description = "The ID of oVirt's cluster"
+  description = "The ID of Cluster"
 }
 
 variable "ovirt_storage_domain_id" {
   type        = string
-  description = "The ID of oVirt's stoage domain for the template"
+  description = "The ID of Storage Domain for the template"
 }
 
 variable "openstack_base_image_name" {
@@ -43,12 +43,12 @@ variable "openstack_base_image_local_file_path" {
 variable "ovirt_network_name" {
   type        = string
   default     = "ovirtmgmt"
-  description = "The name of ovirt's logical network for the selected ovirt cluster."
+  description = "The name of Logical Network for the selected Engine cluster."
 }
 
 variable "ovirt_vnic_profile_id" {
   type        = string
-  description = "The ID of the vnic profile of ovirt's logical network."
+  description = "The ID of the vNIC profile of Logical Network."
 }
 
 variable "ovirt_master_memory" {

diff --git a/docs/user/ovirt/customization.md b/docs/user/ovirt/customization.md
@@ -4,13 +4,12 @@ Beyond the [platform-agnostic `install-config.yaml` properties](../customization
 
 ## Cluster-scoped properties
 
-* `ovirt_cluster_id` (required string): The oVirt cluster where the VMs will be created.
-* `ovirt_storage_domain_id` (required string): The storage domain ID where the VM disks will be created.
+* `ovirt_cluster_id` (required string): The Cluster where the VMs will be created.
+* `ovirt_storage_domain_id` (required string): The Storage Domain ID where the VM disks will be created.
 * `ovirt_network_name` (required string): The network name where the VM nics will be created.
 * `vnicProfileID` (required string): The ID of the [vNic profile][vnic-profile] used for the VM network interfaces.
     This can be inferred if the cluster network has a single profile.
 * `api_vip` (required string): An IP address on the machineNetwork that will be assigned to the API VIP.
-* `dns_vip` (required string): An IP address on the machineNetwork that will be assigned to the DNS VIP.
 * `ingress_vip` (required string): An IP address on the machineNetwork that will be assigned to the Ingress VIP.
 
 ## Machine pools
@@ -36,7 +35,7 @@ For examples of platform-agnostic configuration fragments, see [here](../customi
 
 ### Minimal
 
-An example minimal oVirt install config is:
+An example minimal install config is:
 
 ```yaml
 apiVersion: v1
@@ -46,7 +45,6 @@ metadata:
 platform:
   ovirt:
     api_vip: 10.46.8.230
-    dns_vip: 10.46.8.231
     ingress_vip: 10.46.8.232
     ovirt_cluster_id: 68833f9f-e89c-4891-b768-e2ba0815b76b
     ovirt_storage_domain_id: ed7b0f4e-0e96-492a-8fff-279213ee1468
@@ -58,7 +56,7 @@ sshKey: ssh-ed25519 AAAA...
 
 ### Custom machine pools
 
-An example oVirt install config with custom machine pools:
+An example install config with custom machine pools:
 
 ```yaml
 apiVersion: v1
@@ -92,7 +90,6 @@ metadata:
 platform:
   ovirt:
     api_vip: 10.46.8.230
-    dns_vip: 10.46.8.231
     ingress_vip: 10.46.8.232
     ovirt_cluster_id: 68833f9f-e89c-4891-b768-e2ba0815b76b
     ovirt_storage_domain_id: ed7b0f4e-0e96-492a-8fff-279213ee1468

diff --git a/docs/user/ovirt/install_ipi.md b/docs/user/ovirt/install_ipi.md
@@ -34,11 +34,6 @@ DNS and LB services but is a platform provider. See also [OpenShift-Metal³ kni-
 3. Name resolution of `api_vip` from your installing machine 
 The installer must resolve the `api_vip` during the installation, as it will 
 interact with the API to follow the cluster version progress. 
-To make it work prepend the `dns_vip` to your `/etc/resolv.conf` 
-    ```
-    search example.org
-    nameserver $dns_vip
-    ```
 
 
 ## Minimum resources
@@ -48,7 +43,7 @@ The default master/worker:
 - 16 RAM
 - 120 GB disk
 
-For 3 masters/3 workers, the target oVirt cluster must have at least:
+For 3 masters/3 workers, the target Cluster **must have at least**:
 - 96RAM
 - 24vCPUs
 - 720GiB storage
@@ -117,10 +112,10 @@ Continue the installation using the install-config in the new folder `install_di
 $ openshift-install create cluster --dir=install_dir
 ``` 
 
-When the all prompts are done the installer will create 3 VMs under the oVirt
-cluster supplied, and another VM as the bootstrap node. 
+When the all prompts are done the installer will create 3 VMs under the
+Cluster supplied, and another VM as the bootstrap node.
 The bootstrap will perform ignition fully and will advertise the IP in the
-pre-login msg. Go to oVirt webadmin UI, and open the console of the bootstrap
+pre-login msg. Go to Engine webadmin UI, and open the console of the bootstrap
 VM to get it. 
 In the end the installer finishes and the cluster should be up.
 

diff --git a/pkg/asset/cluster/tfvars.go b/pkg/asset/cluster/tfvars.go
@@ -433,10 +433,10 @@ func (t *TerraformVariables) Generate(parents asset.Parents) error {
 				installConfig.Config.Platform.Ovirt.ClusterID,
 				installConfig.Config.Platform.Ovirt.NetworkName)
 			if err != nil {
-				return errors.Wrapf(err, "failed to compute values for oVirt platform")
+				return errors.Wrapf(err, "failed to compute values for Engine platform")
 			}
 			if len(profiles) != 1 {
-				return errors.Wrapf(err, "failed to compute values for oVirt platform, there are multiple vNic profiles.")
+				return errors.Wrapf(err, "failed to compute values for Engine platform, there are multiple vNIC profiles.")
 			}
 			installConfig.Config.Platform.Ovirt.VNICProfileID = profiles[0].MustId()
 		}

diff --git a/pkg/asset/installconfig/ovirt/client.go b/pkg/asset/installconfig/ovirt/client.go
@@ -28,11 +28,11 @@ func getConnection(ovirtConfig Config) (*ovirtsdk.Connection, error) {
 func NewConnection() (*ovirtsdk.Connection, error) {
 	ovirtConfig, err := NewConfig()
 	if err != nil {
-		return nil, errors.Wrap(err, "getting ovirt configuration")
+		return nil, errors.Wrap(err, "getting Engine configuration")
 	}
 	con, err := getConnection(ovirtConfig)
 	if err != nil {
-		return nil, errors.Wrap(err, "establishing ovirt connection")
+		return nil, errors.Wrap(err, "establishing Engine connection")
 	}
 	return con, nil
 }

diff --git a/pkg/asset/installconfig/ovirt/cluster.go b/pkg/asset/installconfig/ovirt/cluster.go
@@ -5,6 +5,8 @@ import (
 	"sort"
 
 	ovirtsdk4 "github.com/ovirt/go-ovirt"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 	"gopkg.in/AlecAivazis/survey.v1"
 
 	"github.com/openshift/installer/pkg/types/ovirt"
@@ -15,22 +17,30 @@ func askCluster(c *ovirtsdk4.Connection, p *ovirt.Platform) (string, error) {
 	var clusterByNames = make(map[string]*ovirtsdk4.Cluster)
 	var clusterNames []string
 	systemService := c.SystemService()
-	response, err := systemService.ClustersService().List().Send()
+
+	dcResp, err := datacentersAvailable(c, "")
 	if err != nil {
 		return "", err
 	}
-	clusters, ok := response.Clusters()
-	if !ok {
-		return "", fmt.Errorf("there are no available clusters")
-	}
 
-	for _, cluster := range clusters.Slice() {
-		clusterByNames[cluster.MustName()] = cluster
-		clusterNames = append(clusterNames, cluster.MustName())
+	datacenters := dcResp.MustDataCenters()
+	for _, dc := range datacenters.Slice() {
+		dcService := systemService.DataCentersService().DataCenterService(dc.MustId())
+		logrus.Debug("Datacenter:", dc.MustName())
+		clusters, err := dcService.ClustersService().List().Send()
+		if err != nil {
+			return "", errors.Wrap(err, "failed to list clusters")
+		}
+		clusterSlice := clusters.MustClusters()
+		for _, cluster := range clusterSlice.Slice() {
+			logrus.Debug("\tcluster:", cluster.MustName())
+			clusterByNames[cluster.MustName()] = cluster
+			clusterNames = append(clusterNames, cluster.MustName())
+		}
 	}
 	err = survey.AskOne(&survey.Select{
-		Message: "oVirt cluster",
-		Help:    "The oVirt cluster where the VMs will be created.",
+		Message: "Cluster",
+		Help:    "The Cluster where the VMs will be created.",
 		Options: clusterNames,
 	},
 		&clusterName,

diff --git a/pkg/asset/installconfig/ovirt/config.go b/pkg/asset/installconfig/ovirt/config.go
@@ -1,6 +1,7 @@
 package ovirt
 
 import (
+	"crypto/x509"
 	"io/ioutil"
 	"os"
 	"path/filepath"
@@ -14,13 +15,23 @@ var defaultOvirtConfigPath = filepath.Join(os.Getenv("HOME"), ".ovirt", "ovirt-c
 // Config holds oVirt api access details
 type Config struct {
 	URL      string `yaml:"ovirt_url"`
+	FQDN     string `yaml:"ovirt_fqdn"`
+	PemURL   string `yaml:"ovirt_pem_url"`
 	Username string `yaml:"ovirt_username"`
 	Password string `yaml:"ovirt_password"`
 	CAFile   string `yaml:"ovirt_cafile,omitempty"`
 	Insecure bool   `yaml:"ovirt_insecure,omitempty"`
 	CABundle string `yaml:"ovirt_ca_bundle,omitempty"`
 }
 
+// clientHTTP struct - Hold info about http calls
+type clientHTTP struct {
+	saveFilePath string // Path for saving file (GET method)
+	urlAddr      string // URL or Address
+	skipVerify   bool   // skipt cert validatin in the http call
+	certPool     *x509.CertPool
+}
+
 // LoadOvirtConfig from the following location (first wins):
 // 1. OVIRT_CONFIG env variable
 // 2  $defaultOvirtConfigPath