Add BMH credentials support

With this change there will be only one supported credential per VINO CR. Since the CR is mounted inside the sushy tools container, sushy startup script can access these credentials and set up authentication. This approach allows to get basic functionality working, in the future, we would probably want to hide these credentials in a secret so they can't be seen in plain text from VINO CR. Change-Id: I4aa2fb1ee1f5633b889acfa901283f5fa51ad2c1
2021-02-26 20:32:41 +00:00 · 2021-02-26 20:32:41 +00:00 · eda3300093
commit eda3300093
parent fc0e10f285
7 changed files with 135 additions and 2 deletions
--- a/config/crd/bases/airship.airshipit.org_vinoes.yaml
+++ b/config/crd/bases/airship.airshipit.org_vinoes.yaml
@ -36,6 +36,19 @@ spec:
        spec:
          description: VinoSpec defines the desired state of Vino
          properties:
+            bmcCredentials:
+              description: BMCCredentials contain credentials that will be used to
+                create BMH nodes sushy tools will use these credentials as well, to
+                set up authentication
+              properties:
+                password:
+                  type: string
+                username:
+                  type: string
+              required:
+              - password
+              - username
+              type: object
            configuration:
              description: Define CPU configuration
              properties:
@ -182,6 +195,7 @@ spec:
                a bridge for VMs
              type: string
          required:
+          - bmcCredentials
          - vmBridge
          type: object
        status:
--- a/config/samples/vino_cr.yaml
+++ b/config/samples/vino_cr.yaml
@ -34,4 +34,7 @@ spec:
      networkDataTemplate:
        name: "test-template"
        namespace: "default"
+  bmcCredentials:
+    username: "admin"
+    password: "passw0rd"

--- a/docs/api/vino.md
+++ b/docs/api/vino.md
@ -9,6 +9,48 @@
 <p>Package v1 contains API Schema definitions for the airship v1 API group</p>
 Resource Types:
 <ul class="simple"></ul>
+<h3 id="airship.airshipit.org/v1.BMCCredentials">BMCCredentials
+</h3>
+<p>
+(<em>Appears on:</em>
+<a href="#airship.airshipit.org/v1.VinoSpec">VinoSpec</a>)
+</p>
+<p>BMCCredentials contain credentials that will be used to create BMH nodes
+sushy tools will use these credentials as well, to set up authentication</p>
+<div class="md-typeset__scrollwrap">
+<div class="md-typeset__table">
+<table>
+<thead>
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>username</code><br>
+<em>
+string
+</em>
+</td>
+<td>
+</td>
+</tr>
+<tr>
+<td>
+<code>password</code><br>
+<em>
+string
+</em>
+</td>
+<td>
+</td>
+</tr>
+</tbody>
+</table>
+</div>
+</div>
 <h3 id="airship.airshipit.org/v1.CPUConfiguration">CPUConfiguration
 </h3>
 <p>
@ -934,6 +976,20 @@ string
 <p>VMBridge defines the single interface name to be used as a bridge for VMs</p>
 </td>
 </tr>
+<tr>
+<td>
+<code>bmcCredentials</code><br>
+<em>
+<a href="#airship.airshipit.org/v1.BMCCredentials">
+BMCCredentials
+</a>
+</em>
+</td>
+<td>
+<p>BMCCredentials contain credentials that will be used to create BMH nodes
+sushy tools will use these credentials as well, to set up authentication</p>
+</td>
+</tr>
 </table>
 </td>
 </tr>
@ -1046,6 +1102,20 @@ string
 <p>VMBridge defines the single interface name to be used as a bridge for VMs</p>
 </td>
 </tr>
+<tr>
+<td>
+<code>bmcCredentials</code><br>
+<em>
+<a href="#airship.airshipit.org/v1.BMCCredentials">
+BMCCredentials
+</a>
+</em>
+</td>
+<td>
+<p>BMCCredentials contain credentials that will be used to create BMH nodes
+sushy tools will use these credentials as well, to set up authentication</p>
+</td>
+</tr>
 </tbody>
 </table>
 </div>
--- a/pkg/api/v1/vino_types.go
+++ b/pkg/api/v1/vino_types.go
@ -49,6 +49,16 @@ type VinoSpec struct {
 	DaemonSetOptions DaemonSetOptions `json:"daemonSetOptions,omitempty"`
 	// VMBridge defines the single interface name to be used as a bridge for VMs
 	VMBridge string `json:"vmBridge"`
+	// BMCCredentials contain credentials that will be used to create BMH nodes
+	// sushy tools will use these credentials as well, to set up authentication
+	BMCCredentials BMCCredentials `json:"bmcCredentials"`
+}
+
+// BMCCredentials contain credentials that will be used to create BMH nodes
+// sushy tools will use these credentials as well, to set up authentication
+type BMCCredentials struct {
+	Username string `json:"username"`
+	Password string `json:"password"`
 }

 // NodeSelector identifies nodes to create VMs on
--- a/pkg/api/v1/zz_generated.deepcopy.go
+++ b/pkg/api/v1/zz_generated.deepcopy.go
@ -25,6 +25,21 @@ import (
 	runtime "k8s.io/apimachinery/pkg/runtime"
 )

+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *BMCCredentials) DeepCopyInto(out *BMCCredentials) {
+	*out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BMCCredentials.
+func (in *BMCCredentials) DeepCopy() *BMCCredentials {
+	if in == nil {
+		return nil
+	}
+	out := new(BMCCredentials)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *CPUConfiguration) DeepCopyInto(out *CPUConfiguration) {
 	*out = *in
@ -445,6 +460,7 @@ func (in *VinoSpec) DeepCopyInto(out *VinoSpec) {
 		}
 	}
 	out.DaemonSetOptions = in.DaemonSetOptions
+	out.BMCCredentials = in.BMCCredentials
 }

 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VinoSpec.
--- a/pkg/controllers/bmh.go
+++ b/pkg/controllers/bmh.go
@ -182,8 +182,27 @@ func (r *VinoReconciler) getBMCAddress(

 // reconcileBMHCredentials returns secret name with credentials and error
 func (r *VinoReconciler) reconcileBMHCredentials(ctx context.Context, vino *vinov1.Vino) (string, error) {
-	// TODO implement this
-	return "credentials", nil
+	ns := getRuntimeNamespace()
+	// coresponds to DS name, since we have only one DS per vino CR
+	credentialSecretName := fmt.Sprintf("%s-%s", r.getDaemonSetName(vino), "credentials")
+	netSecret := &corev1.Secret{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      credentialSecretName,
+			Namespace: ns,
+		},
+		StringData: map[string]string{
+			"username": vino.Spec.BMCCredentials.Username,
+			"password": vino.Spec.BMCCredentials.Password,
+		},
+		Type: corev1.SecretTypeOpaque,
+	}
+
+	objKey := client.ObjectKeyFromObject(netSecret)
+
+	if err := applyRuntimeObject(ctx, objKey, netSecret, r.Client); err != nil {
+		return "", err
+	}
+	return credentialSecretName, nil
 }

 func (r *VinoReconciler) reconcileBMHNetworkData(
--- a/tools/deployment/test-cr.sh
+++ b/tools/deployment/test-cr.sh
@ -51,3 +51,4 @@ bmhCount=$(kubectl get baremetalhosts -n vino-system -o name | wc -l)
 [[ "$bmhCount" -eq "3" ]]

 kubectl get secret -o yaml -n vino-system default-vino-test-cr-worker
+kubectl get secret -o yaml -n vino-system default-vino-test-cr-credentials