* operator: introduce support to IPAM assigned IP address
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* Add nmstate support
Signed-off-by: Andrea Mazzotti <andrea.mazzotti@suse.com>
---------
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
Signed-off-by: Andrea Mazzotti <andrea.mazzotti@suse.com>
Co-authored-by: Francesco Giudici <francesco.giudici@suse.com>
Reworked the code to provide templating to MachineInventory labels and name.
The template source data is the "System Information" (BIOS) and "System Data" (which we usually called 'HW Labels') data sent by the machines via the register client.
This rework fixes some bugs and duplicated code and slightly changes the behavior in few cases.
The behavioral changes address the following corner cases:
* `.` is added to the allowed characters in label values (previously was substituted with `-`).
* when the first character of a label value is an accepted one but not alphanumeric (i.e., `-` , `_` or `.`) we drop it (previously we prepended `m` to the label).
* if the last character of a label value is not alphanumeric (i.e., `-` , `_` or `.`) we drop it (previously was not checked).
note that for the MachineInventory name (which will also be the machine hostname after k8s provisioning) the allowed set of characters has not changed: it's the same of the label case but without the `_` (i.e., `-` or `.`).
Regarding the MachineRegistration.spec.machineName:
* if it is empty, a default `m-${UUID}` value is assigned to the MachineInventory.name (as previously)
* if it contains a template value which doesn't exists (wrong template value or `nosmbios` option) the MachineInventory.name is assigned a default `m-${UUID}` name (new behavior).
* if it is not empty, but after resolving the template values and sanitizing the string it gets empty, the name assignment process will error out failing the registration process.
Commits:
* operator: move label templating functions to separate file
no code changes, just label templating functions moved to labeltmpl.go.
* operator: add pkg/templater
* operator: add few comments
* operator: rework label templating
Fixes#807
* tests: update api_registration_test.go
* operator: move regexp to label templating file
* operator: change template behavior in corner cases
1. '.' is added to the allowed characted in label values (previously was
sobsituted with '-').
2. when the first character of a label value is not alphanumeric ("-" or
"_" or ".") we drop it (previously we prepended 'm').
3. if the last characted of a label value is not alphanumeric ("-" or
"_" or ".") we drop it (previously was not checked).
* tests: improve coverage of label templating
* make linter happy
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
We now have the SeedImage resource to start and track image building
tasks: drop the old build-image api.
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
Remove default MachineInventory labels taken from system (memory, cpu,
gpu, network and block devices).
Make these values available as templates on MachineRegistration instead
under '${System Data/...}', for example '${System Data/Memory/Total Physical
Bytes}'
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
The default machine name is m-{UUID}.
The UUID is generated via software if SMBIOS data is disabled, otherwise
the SMBIOS {System Information/UUID} is used.
Since some hardware vendors don't properly fill the UUID SMBIOS data,
let always provide a machine name based on a software generated UUID, to
ensure name uniqueness by default.
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* operator: add multiple APIs support in the API server callback
- parse incoming request to identify the requested API
- move the registration management in a separate function
- add placeholder for the new build-image API
* operator: move generic API functions from register.go to server.go
We are introducing new APIs: let's keep in the register.go package
only those functions specific to the register API only.
This commit just moves some functions from register.go to server.go.
No changes in the code.
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* operator: move getMachineRegistration() to server.go
Move getMachineRegistration() to server.go for usage from all
APIs. Moreover, let it take directly the token as parameter.
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* operator: enforce API syntax during registration
We expext to receive a path of the form:
/elemental/{api}
enforce it (or return HTTP 404 - Not found).
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* operator: introduce generic getValue() function
This is a generic function that could stay under server.go.
Move the specific function to retrieve the CACert under register.go
and leverage the newly introduced function.
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* operator: rename register.go to api_registration.go
just to make code easier to navigate
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* operator: add api_buildimage.go for build-image API functions
move there also the placeholder function for the build-image API
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* operator: add registration cache to the server
We need it to store ephemeral build image data, like the seed image
and the status of the actual build job.
We could extend it in the future to have a full cache of the
MachineRegistration that the registration server should deal with.
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* operator: build-image API scaffolding
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* operator: add tests for build-image api
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* operator: ensure user input from APIs is properly escaped
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* operator: log failure to set read deadline on the websocket
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* update Copyright year in modified files
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* operator: add a small delay before reporting the build job failure
The build job is empty, and right now just reports failure (actual
implementation will be added in the future).
Since the API tests check the state just after starting the build and
expect to find its state updated to "Started", we need the build job to
wait a while before updating the build state to "Failed", otherwise the
tests may miss the Started state.
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* operator: make code scanning tools happier
when user input is sanitized, use a different var to store the sanitized
value. This should made scanning tools job eisier and avoid false
positives.
On the bonus side, the code will be more readable, i.e., it will be
clear where we use the sanitized values.
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* Return registration errors to client
Introduces two new message-types (MsgError and MsgConfig).
MsgError is sent when an error is encountered during the registration
process.
MsgConfig is used to send the elemental configuration to the client,
before this was just a raw message with no type so we need to check in
the server if the client supports the message, otherwise fallback to the
raw message.
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
* Change registration error message
unknown -> unexpected
Co-authored-by: Francesco Giudici <francesco.giudici@gmail.com>
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@gmail.com>
* Remove InventoryServer receiver argument
From writeError method
Co-authored-by: Francesco Giudici <francesco.giudici@gmail.com>
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
* operator/registration: switch to Kubebuilder client
Fixes#239
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* operator/registration: adapt tests to Kubebuilder client
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* unit-tests: vendor controller-runtime fake client
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* operator: add yaml annotations for correct marshalling
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* operator/RBAC: add "get" verb to ServiceAccount resources
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* operator: generate rbac
make generate-manifests
make build-rbac
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* Add elementalcli package
Create a separate package to deal with elemental-cli installation.
This brings the elemental-cli functions declared in the config package
to a new package that just parses a map[string]interface argument.
This is a step to enable usage of the elemental-cli functions with the
new elementalv1.Config.Elemental.Install type.
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* register: switch to Kubebuilder api
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* register: add mapstructure annotations for correct marshalling
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* register: reduce complexity of the run function
Make linter happy:
"cyclomatic complexity 16 of func `run` is high (> 15) (gocyclo)"
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* register: drop io/ioutil in favor of os package
io/ioutil is deprecated
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
Till now the TPM package was in charge to upgrade the HTTP connection
and manage the websocket one.
Move the connection management to the server package to split connection
management from TPM authentication.
This will allow us later to pass the smbios data and the labels through
the channel instead of abusing HTTP headers.
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* Generate v3.Setting code
Signed-off-by: Itxaka <igarcia@suse.com>
* Use the rancher cacerts for the registration
Also drops the cacert passing via chart, adds proper permissions to the
settings resource, adds the cache index and checks that indeed we are
returning a cacert on the registration url
Signed-off-by: Itxaka <igarcia@suse.com>
* fix lint
Signed-off-by: Itxaka <igarcia@suse.com>
* Drop manual rancherl-url and get the rancher url automatically
Drop any manual setup of rancher-url and use the settings to get the set
rancher-url
Signed-off-by: Itxaka <igarcia@suse.com>
* Small fix for getRancherCACert
Signed-off-by: Itxaka <igarcia@suse.com>
* Fix test setting the wrong url
Signed-off-by: Itxaka <igarcia@suse.com>
Remove all the mentions to rancheros-operator in tests, imports and
dependencies.
Restore e2e scripts and test targets on makefile
Fix all lint issues
Signed-off-by: Itxaka <igarcia@suse.com>
- Drops everything not needed for ros-operator
- New simple Dockerfile
- New jobs based on ros-operator only
- Remove uneeded tests
- Remove dependency on os2 images for integration tests
- Use gorelease to release ros-operator binaries
- Use docker to push ci images to ros-operator-ci registry on PR
- Use docker to push master/tag images to ros-operator registry
- Build chart indepently
- Have a null test CI job for future integration tests
Signed-off-by: Itxaka <igarcia@suse.com>
Francesco Giudici