* operator/register: merge network config retrieval with registration
use the same websocket connection to exchange all the data
* tests: fix tests
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* operator: introduce support to IPAM assigned IP address
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* Add nmstate support
Signed-off-by: Andrea Mazzotti <andrea.mazzotti@suse.com>
---------
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
Signed-off-by: Andrea Mazzotti <andrea.mazzotti@suse.com>
Co-authored-by: Francesco Giudici <francesco.giudici@suse.com>
Reworked the code to provide templating to MachineInventory labels and name.
The template source data is the "System Information" (BIOS) and "System Data" (which we usually called 'HW Labels') data sent by the machines via the register client.
This rework fixes some bugs and duplicated code and slightly changes the behavior in few cases.
The behavioral changes address the following corner cases:
* `.` is added to the allowed characters in label values (previously was substituted with `-`).
* when the first character of a label value is an accepted one but not alphanumeric (i.e., `-` , `_` or `.`) we drop it (previously we prepended `m` to the label).
* if the last character of a label value is not alphanumeric (i.e., `-` , `_` or `.`) we drop it (previously was not checked).
note that for the MachineInventory name (which will also be the machine hostname after k8s provisioning) the allowed set of characters has not changed: it's the same of the label case but without the `_` (i.e., `-` or `.`).
Regarding the MachineRegistration.spec.machineName:
* if it is empty, a default `m-${UUID}` value is assigned to the MachineInventory.name (as previously)
* if it contains a template value which doesn't exists (wrong template value or `nosmbios` option) the MachineInventory.name is assigned a default `m-${UUID}` name (new behavior).
* if it is not empty, but after resolving the template values and sanitizing the string it gets empty, the name assignment process will error out failing the registration process.
Commits:
* operator: move label templating functions to separate file
no code changes, just label templating functions moved to labeltmpl.go.
* operator: add pkg/templater
* operator: add few comments
* operator: rework label templating
Fixes#807
* tests: update api_registration_test.go
* operator: move regexp to label templating file
* operator: change template behavior in corner cases
1. '.' is added to the allowed characted in label values (previously was
sobsituted with '-').
2. when the first character of a label value is not alphanumeric ("-" or
"_" or ".") we drop it (previously we prepended 'm').
3. if the last characted of a label value is not alphanumeric ("-" or
"_" or ".") we drop it (previously was not checked).
* tests: improve coverage of label templating
* make linter happy
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* Update system-upgrade-controller API
Signed-off-by: Andrea Mazzotti <andrea.mazzotti@suse.com>
* Update Fleet API
Signed-off-by: Andrea Mazzotti <andrea.mazzotti@suse.com>
* Sanitize dependencies
Signed-off-by: Andrea Mazzotti <andrea.mazzotti@suse.com>
---------
Signed-off-by: Andrea Mazzotti <andrea.mazzotti@suse.com>
sanitizeString() is only called from replaceStringData().
Move all the sanitizing code there.
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
Add new ${System Data/Runtime/Hostname} key to the registration data
sent from the elemental-register command.
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
This commit stops using the ServiceAccount.Secrets list, as noted my
k8s this should not be used to find SA's associated secrets and this
is no longer being automatically managed by k8s since v1.24.
Signed-off-by: David Cassany <dcassany@suse.com>
* Add client registration config utility
* Use a config-map for the seed-image pod
* Allow ConfigMaps manipulation in SeedImage RBAC
* Drop configmap-uid annotation
* go mod tidy
* Adapt tests
* Add createConfigMapObject tests
Signed-off-by: David Cassany <dcassany@suse.com>
We used to return the registration yaml in that case: makes no sense.
Just return the error.
Keep instead returning the registration yaml when using websocket with
no auth, also if we expect a plain HTTP GET to retrieve the registration
yaml.
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
This commit adds a new exchange between the registering client and the
operator: the registering client will pass some data that will be put in
the MachineInventory annotations.
This is meant to be a way to track those dynamic data from the host that
could be handy to have in the MachineInventory.
The only data passed in the current commit is the host address used to
register.
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* operator: isolate hostinfo data
Since we already wrap the "ghw" library to collect system data in the
hostinfo package, let's move all the logic dealing with conversion from
raw data to labels there for better isolation.
* operator: add few more fields in System Data collection
In particular, NICs MAC address
---------
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
Remove default MachineInventory labels taken from system (memory, cpu,
gpu, network and block devices).
Make these values available as templates on MachineRegistration instead
under '${System Data/...}', for example '${System Data/Memory/Total Physical
Bytes}'
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
By default we collect block device system data as labels. The label name
for the number of block devices found was missing the
elemental.cattle.io prefix: fix it.
Moreover, make the label keys for the number of Network Interfaces and
Block Devices consistent:
elemental.cattle.io/NetIfacesNumber
elemental.cattle.io/NetBlockDevicesNumber
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
The CloudConfig structure was a serialized interface map: if an old
client is detected, convert back to that legacy type.
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* operator: add multiple APIs support in the API server callback
- parse incoming request to identify the requested API
- move the registration management in a separate function
- add placeholder for the new build-image API
* operator: move generic API functions from register.go to server.go
We are introducing new APIs: let's keep in the register.go package
only those functions specific to the register API only.
This commit just moves some functions from register.go to server.go.
No changes in the code.
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* operator: move getMachineRegistration() to server.go
Move getMachineRegistration() to server.go for usage from all
APIs. Moreover, let it take directly the token as parameter.
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* operator: enforce API syntax during registration
We expext to receive a path of the form:
/elemental/{api}
enforce it (or return HTTP 404 - Not found).
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* operator: introduce generic getValue() function
This is a generic function that could stay under server.go.
Move the specific function to retrieve the CACert under register.go
and leverage the newly introduced function.
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* operator: rename register.go to api_registration.go
just to make code easier to navigate
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* operator: add api_buildimage.go for build-image API functions
move there also the placeholder function for the build-image API
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* operator: add registration cache to the server
We need it to store ephemeral build image data, like the seed image
and the status of the actual build job.
We could extend it in the future to have a full cache of the
MachineRegistration that the registration server should deal with.
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* operator: build-image API scaffolding
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* operator: add tests for build-image api
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* operator: ensure user input from APIs is properly escaped
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* operator: log failure to set read deadline on the websocket
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* update Copyright year in modified files
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* operator: add a small delay before reporting the build job failure
The build job is empty, and right now just reports failure (actual
implementation will be added in the future).
Since the API tests check the state just after starting the build and
expect to find its state updated to "Started", we need the build job to
wait a while before updating the build state to "Failed", otherwise the
tests may miss the Started state.
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* operator: make code scanning tools happier
when user input is sanitized, use a different var to store the sanitized
value. This should made scanning tools job eisier and avoid false
positives.
On the bonus side, the code will be more readable, i.e., it will be
clear where we use the sanitized values.
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
Francesco Giudici