feat: add support for TNF agent based install (#1798)

added ENABLE_TWO_NODE_FENCING internal variable to help identify fencing
for templating.
added fencing block in jinja baremetal install config
added BMC driver validation for two node fencing to make sure only
redfish is used

Signed-off-by: ehila <ehila@redhat.com>

Author: eggfoobar

agent/roles/manifests/templates/install-config_baremetal_yaml.j2

@@ -1,4 +1,9 @@
 {% import 'net_macros.yaml' as net %}
+{% set hostnames = agent_nodes_hostnames.split(',') %}
+{% set bmc_addresses = agent_nodes_bmc_addresses.split(',') %}
+{% set bmc_passwords = agent_nodes_bmc_passwords.split(',') %}
+{% set bmc_usernames = agent_nodes_bmc_usernames.split(',') %}
+{% set bmc_verify_cas = agent_nodes_bmc_verify_cas.split(',') %}
 apiVersion: v1
 baseDomain: {{ base_domain }}
 compute:
@@ -21,6 +26,17 @@ controlPlane:
   hyperthreading: Enabled
   name: master
   replicas: {{ num_masters }} 
+{% if enable_two_node_fencing %}
+  fencing:
+    credentials:
+{% for hostname in hostnames %}
+    - hostname: {{hostname}}
+      address: {{ bmc_addresses[loop.index0] }}
+      username: {{ bmc_usernames[loop.index0] }}
+      password: {{ bmc_passwords[loop.index0] }}
+      certificateVerification: {{ 'Enabled' if bmc_verify_cas[loop.index0] else 'Disabled' }}
+{% endfor %}
+{% endif %}
 fips: {{ fips_mode }}
 metadata:
   name: {{ cluster_name }} 
@@ -60,7 +76,6 @@ networking:
   networkType: {{ network_type }} 
 platform:
 {% set macs = agent_nodes_macs.split(',') %}
-{% set hostnames = agent_nodes_hostnames.split(',') %}
 {% set ips = agent_nodes_ips.split(',') %}
 {% set ipsv6 = agent_nodes_ipsv6.split(',') %}
   baremetal:
@@ -75,10 +90,6 @@ platform:
       - {{ ingress_vip }}
 {% endfor %}
 {% if agent_install_config_bm_hosts == "true" %}
-{% set bmc_addresses = agent_nodes_bmc_addresses.split(',') %}
-{% set bmc_passwords = agent_nodes_bmc_passwords.split(',') %}
-{% set bmc_usernames = agent_nodes_bmc_usernames.split(',') %}
-{% set bmc_verify_cas = agent_nodes_bmc_verify_cas.split(',') %}
     provisioningHostIP: {{ cluster_provisioning_ip }}
     provisioningNetworkInterface: {{ cluster_provisioning_interface }}
     provisioningNetworkCIDR: {{ provisioning_network }}

agent/roles/manifests/vars/main.yml

@@ -30,6 +30,7 @@ cluster_provisioning_interface: "{{ lookup('env', 'CLUSTER_PRO_IF') }}"
 cluster_subnet_v4: "{{ lookup('env', 'CLUSTER_SUBNET_V4') }}"
 cluster_subnet_v6: "{{ lookup('env', 'CLUSTER_SUBNET_V6') }}"
 enable_local_registry: "{{ lookup('env', 'ENABLE_LOCAL_REGISTRY') != '' }}"
+enable_two_node_fencing: "{{ lookup('env', 'ENABLE_TWO_NODE_FENCING', default='') == 'true' }}"
 external_subnet_v4: "{{ lookup('env', 'EXTERNAL_SUBNET_V4') }}"
 external_subnet_v6: "{{ lookup('env', 'EXTERNAL_SUBNET_V6') }}"
 external_subnet_v4_prefixlen: "{{ lookup('env', 'EXTERNAL_SUBNET_V4') | ansible.utils.ipaddr('prefix') }}"

common.sh

@@ -397,6 +397,22 @@ fi
 
 export ENABLE_LOCAL_REGISTRY=${ENABLE_LOCAL_REGISTRY:-}
 
+# Helper variable for TNF, normally not meant to be configurable by user.
+# When two node fencing is detected we set this variable because the installer
+# validation will fail if fencing credentials are not present when two masters
+# and no arbiter are set.
+# Skip on agent scenarios to avoid accidental overrides.
+export ENABLE_TWO_NODE_FENCING=${ENABLE_TWO_NODE_FENCING:-false}
+if [[ -z ${AGENT_E2E_TEST_SCENARIO:-} ]] && [[ ${NUM_ARBITERS} -eq 0 ]] && [[ ${NUM_MASTERS} -eq 2 ]]; then
+  export ENABLE_TWO_NODE_FENCING="true"
+fi
+
+# Only redfish BMC driver is supported for two node fencing
+if [[ "${BMC_DRIVER}" != "redfish" ]] && [[ "${ENABLE_TWO_NODE_FENCING:-}" == "true" ]]; then
+  printf "Only redfish BMC driver is supported for Two Node Fencing deployments: BMC_DRIVER=${BMC_DRIVER}, ENABLE_TWO_NODE_FENCING=${ENABLE_TWO_NODE_FENCING}"
+  exit 1
+fi
+
 # Defaults the DISABLE_MULTICAST variable
 export DISABLE_MULTICAST=${DISABLE_MULTICAST:-false}
 
@@ -479,6 +495,14 @@ if [[ ! -z ${AGENT_E2E_TEST_SCENARIO} ]]; then
           export ARBITER_DISK=50
           export NUM_WORKERS=0
           ;;
+      "TNF" )
+          export NUM_MASTERS=2
+          export MASTER_VCPU=8
+          export MASTER_DISK=100
+          export MASTER_MEMORY=32768
+          export NUM_WORKERS=0
+          export ENABLE_TWO_NODE_FENCING="true"
+          ;;
       "HA" )
           export NUM_MASTERS=3
           export MASTER_VCPU=4

config_example.sh

@@ -812,6 +812,10 @@ set -x
 # - TNA_IPV6
 # - TNA_IPV4_DHCP
 # - TNA_IPV6_DHCP
+# - TNF_IPV4
+# - TNF_IPV6
+# - TNF_IPV4_DHCP
+# - TNA_IPV6_DHCP
 # - HA_IPV4
 # - HA_IPV6
 # - HA_IPV4_DHCP

utils.sh

@@ -312,7 +312,7 @@ function node_map_to_install_config_fencing_credentials() {
     return 0
   fi
 
-  if  [[ ${NUM_ARBITERS} -eq 0 ]] && [[ "${NUM_MASTERS}" -eq 2 ]]; then
+  if  [ "${ENABLE_TWO_NODE_FENCING:-}" == "true" ]; then
 	cat <<EOF
   fencing:
     credentials: