OCTOPUS-547: add chrony modifications to the pvs_prepare and remove_c…

…hrony changes on destroy Signed-off-by: Paul Bastide <[email protected]>
IBM · Nov 7, 2023 · 82fd6c5 · 82fd6c5
1 parent fe20284
commit 82fd6c5
Show file tree

Hide file tree

Showing 3 changed files with 151 additions and 2 deletions.
diff --git a/modules/4_pvs_support/files/add_chrony.sh b/modules/4_pvs_support/files/add_chrony.sh
@@ -0,0 +1,53 @@
+#!/usr/bin/env bash
+
+################################################################
+# Copyright 2023 - IBM Corporation. All rights reserved
+# SPDX-License-Identifier: Apache-2.0
+################################################################
+
+# The script adds chrony.
+
+echo "Generate the configuration:"
+cat << EOF > vars.yaml
+---
+subnets:
+EOF
+for SUBNET in $(ip r | grep via | grep -v default | awk '{print $1}')
+do 
+cat << EOF >> vars.yaml
+  - { subnet: '${SUBNET}'}
+EOF
+done
+
+# Backup the chronyd configuration
+echo "Backing up prior configs"
+mv /etc/chrony.conf.backup /etc/chrony.conf.backup-$(date +%s) || true
+cp -f /etc/chrony.conf /etc/chrony.conf.backup
+
+echo "Make the inventory file"
+cat << EOF > inventory
+[vmhost]
+localhost ansible_connection=local ansible_user=root
+EOF
+
+echo "Creating the chrony chrony.yaml"
+cat << EOF > chrony.yaml
+---
+- name: chrony
+  hosts: all
+  tasks:
+  - name: update chrony config
+    ansible.builtin.replace:
+      path: /etc/chrony.conf
+      regexp: "# Allow NTP client access from local network.\n"
+      replace: "# Allow NTP client access from local network.\nallow {{item.subnet}}\n"
+    loop: "{{ subnets }}"
+EOF
+
+echo "Running the chronyd changes"
+ansible-playbook chrony.yaml [email protected] -i inventory
+
+echo "Restart chronyd"
+sleep 10
+systemctl restart chronyd
+echo "Done with the chronyd"
diff --git a/modules/4_pvs_support/files/remove_chrony.sh b/modules/4_pvs_support/files/remove_chrony.sh
@@ -0,0 +1,19 @@
+#!/usr/bin/env bash
+
+################################################################
+# Copyright 2023 - IBM Corporation. All rights reserved
+# SPDX-License-Identifier: Apache-2.0
+################################################################
+
+# The script removes chrony.
+
+if [ -f /etc/chrony.conf.backup ]
+then
+    echo "restoring chronyd"
+    mv -f /etc/chrony.conf.backup /etc/chrony.conf || true
+fi
+
+echo "Restart chronyd"
+sleep 10
+systemctl restart chronyd
+echo "Done with the chronyd"
diff --git a/modules/4_pvs_support/pvs_support.tf b/modules/4_pvs_support/pvs_support.tf
@@ -68,7 +68,7 @@ resource "null_resource" "setup" {
     destination = "ocp4-upi-compute-powervs-ibmcloud/intel/support/route-env.sh"
   }
 
-  # Copies the custom routes  for dhcp
+  # Copies the custom routes for dhcp
   provisioner "file" {
     source      = "${path.module}/files/static-route.sh"
     destination = "/root/ocp4-upi-compute-powervs-ibmcloud/intel/support/static-route.sh"
@@ -346,4 +346,81 @@ EOF
 # EOF
 #     ]
 #   }
-# }
+# }
+
+# Dev Note: only on destroy - restore chrony
+resource "null_resource" "remove_chrony_changes" {
+  depends_on = [null_resource.set_routing_via_host]
+
+  triggers = {
+    user        = var.rhel_username
+    timeout     = "${var.connection_timeout}m"
+    private_key = file(var.private_key_file)
+    host        = var.bastion_public_ip
+    agent       = var.ssh_agent
+  }
+
+  connection {
+    type        = "ssh"
+    user        = self.triggers.user
+    private_key = self.triggers.private_key
+    host        = self.triggers.host
+    agent       = self.triggers.agent
+    timeout     = self.triggers.timeout
+  }
+
+  provisioner "remote-exec" {
+    inline = [<<EOF
+mkdir -p /root/ocp4-upi-compute-powervs-ibmcloud/intel/chrony/
+EOF
+    ]
+  }
+
+  provisioner "file" {
+    source      = "${path.module}/files/remove_chrony.sh"
+    destination = "/root/ocp4-upi-compute-powervs-ibmcloud/intel/chrony/remove_chrony.sh"
+  }
+
+  provisioner "remote-exec" {
+    when       = destroy
+    on_failure = continue
+    inline = [<<EOF
+cd /root/ocp4-upi-compute-powervs-ibmcloud/intel/chrony/
+bash remove_chrony.sh
+EOF
+    ]
+  }
+}
+
+# Dev Note: do this as the last step so we get a good worker ignition file downloaded.
+resource "null_resource" "update_chrony" {
+  depends_on = [null_resource.set_routing_via_host, null_resource.remove_chrony_changes]
+  connection {
+    type        = "ssh"
+    user        = var.rhel_username
+    host        = var.bastion_public_ip
+    private_key = file(var.private_key_file)
+    agent       = var.ssh_agent
+    timeout     = "${var.connection_timeout}m"
+  }
+
+  provisioner "remote-exec" {
+    inline = [<<EOF
+mkdir -p /root/ocp4-upi-compute-powervs-ibmcloud/intel/chrony/
+EOF
+    ]
+  }
+
+  provisioner "file" {
+    source      = "${path.module}/files/add_chrony.sh"
+    destination = "/root/ocp4-upi-compute-powervs-ibmcloud/intel/chrony/add_chrony.sh"
+  }
+
+  provisioner "remote-exec" {
+    inline = [<<EOF
+cd /root/ocp4-upi-compute-powervs-ibmcloud/intel/chrony/
+bash add_chrony.sh
+EOF
+    ]
+  }
+}