Fixes: #265
* registration: negotiate registration protocol
* operator: always update the MachineInventory for authenticated clients
* register: rename sendData to sendSMBIOSdata
* register: rework the Register() function
* operator: rework the registration protocol loop
* operator: no need to return the msgType from the registration loop
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* operator/registration: switch to Kubebuilder client
Fixes#239
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* operator/registration: adapt tests to Kubebuilder client
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* unit-tests: vendor controller-runtime fake client
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* operator: add yaml annotations for correct marshalling
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* operator/RBAC: add "get" verb to ServiceAccount resources
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* operator: generate rbac
make generate-manifests
make build-rbac
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* Add elementalcli package
Create a separate package to deal with elemental-cli installation.
This brings the elemental-cli functions declared in the config package
to a new package that just parses a map[string]interface argument.
This is a step to enable usage of the elemental-cli functions with the
new elementalv1.Config.Elemental.Install type.
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* register: switch to Kubebuilder api
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* register: add mapstructure annotations for correct marshalling
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* register: reduce complexity of the run function
Make linter happy:
"cyclomatic complexity 16 of func `run` is high (> 15) (gocyclo)"
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* register: drop io/ioutil in favor of os package
io/ioutil is deprecated
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* operator: manage empty config in MachineRegistrations
We don't deal with empty Spec:Config in MachineRegistrations: in that
case we would end up with a nil Config structure, which we don't check
causing the operator to panic.
Just check and deal with empty (nil) MachineRegistration config.
Fixes#202
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* operator:trivial: rename var machineRegistration to registration
In order to manage a MachineRegistration resource we instantiate a var named
'registration' in all the functions of the server package, but in the
'unauthenticatedResponse' function.
Let's stay coherent: rename the variable.
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* operator: tests: expand the data structure TestInitNewInventory
This has no functional change: just extend the configuration parameter
that can be set in the data structure used for the tests.
Make use of it in the following commit.
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* operator: tests: check empty config in MachineRegistrations
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
We need to lend the secret to the rancher-system-agent: without that
let's not even start the elemental deployment.
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
The right way to set labels for the MachineInventory objs is to set
them in the MachineRegistration:spec:machineInventoryLabels, which
will be processed by the operator.
Drop MachineRegistration spec:config:elemental:registration:labels.
Fixes#161
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
right now when the MachineRegistration is missing a 'spec.MachineName'
value we set the following hostname:
m-${System Information/Manufacturer}-${System Information/Product Name}-${System Information/UUID}
This causes an invalid hostname if config.registration.no-smbios is set
to true, failing the registration.
When no-smbios is set to false instead, we may still fail the registration
as the hostname derived by no-smbios data is truncated to 58 chars, which
may end up truncating the UUID, which is the only parameter ensuring uniqueness.
This PR changes the default MachineInventory name to a UUID prepended by "m-":
the UUID is taken from "${System Information/UUID}" when SMBIOS data is available,
otherwise the UUID is randomly generated.
Fixes: https://github.com/rancher/elemental-operator/issues/144
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
This commit changes the communication protocol between the operator and
the elemental-register client in order to take full advantage of the websocket
connection: SMBIOS data and labels are now passed via the websocket channel.
The protocol is now extensible and could be easily extended to pass arbitrary
data or request different kind of services to the operator.
This commit breaks backwards compatibility with older operators and
elemental-register clients.
Fixes#5
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
We already had a deadline on the operator side: add to the
registering client to.
Share websocket configuration options as we will soon need it
for establishing a common protocol.
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
Error: cyclomatic complexity 16 of func `(*InventoryServer).ServeHTTP` is high (> 15) (gocyclo)
Move code to update labels from headers to subfunction
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
Till now the TPM package was in charge to upgrade the HTTP connection
and manage the websocket one.
Move the connection management to the server package to split connection
management from TPM authentication.
This will allow us later to pass the smbios data and the labels through
the channel instead of abusing HTTP headers.
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
This generates several X-Cattle-Smbios-NUMER headers when sending the
data to the operator in order to limit the max size of each individual
header to 7Kb. By default nginx is configured with a max of 8Kb header
and will return a 400 error if the headers excess that size.
As we currently use a GET+Websocket to go trougth the challenge/response
of TPM, this is the easiest implementation to workaround the issue.
Signed-off-by: Itxaka <igarcia@suse.com>
Signed-off-by: Itxaka <igarcia@suse.com>
The current default machine name is made up from SMSBIOS:
- Manufacturer
- Product Name
- Serial Number
for VMs from QEMU anyway the Serial Number is not set, loosing uniqueness for
the machine names (e.g., m-qemu-standard-pc-q35-ich9-2009-not-specified).
Switch the Serial Number to UUID, so that we will have by default unique machine
names also for QEMU VMs.
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* Generate v3.Setting code
Signed-off-by: Itxaka <igarcia@suse.com>
* Use the rancher cacerts for the registration
Also drops the cacert passing via chart, adds proper permissions to the
settings resource, adds the cache index and checks that indeed we are
returning a cacert on the registration url
Signed-off-by: Itxaka <igarcia@suse.com>
* fix lint
Signed-off-by: Itxaka <igarcia@suse.com>
* Drop manual rancherl-url and get the rancher url automatically
Drop any manual setup of rancher-url and use the settings to get the set
rancher-url
Signed-off-by: Itxaka <igarcia@suse.com>
* Small fix for getRancherCACert
Signed-off-by: Itxaka <igarcia@suse.com>
* Fix test setting the wrong url
Signed-off-by: Itxaka <igarcia@suse.com>
This commit makes sure elemental-operator and elemental-installer are
using the same structures to describe and define the elemental-cli
installation.
Signed-off-by: David Cassany <dcassany@suse.com>
Remove all the mentions to rancheros-operator in tests, imports and
dependencies.
Restore e2e scripts and test targets on makefile
Fix all lint issues
Signed-off-by: Itxaka <igarcia@suse.com>
- Drops everything not needed for ros-operator
- New simple Dockerfile
- New jobs based on ros-operator only
- Remove uneeded tests
- Remove dependency on os2 images for integration tests
- Use gorelease to release ros-operator binaries
- Use docker to push ci images to ros-operator-ci registry on PR
- Use docker to push master/tag images to ros-operator registry
- Build chart indepently
- Have a null test CI job for future integration tests
Signed-off-by: Itxaka <igarcia@suse.com>
Francesco Giudici