dont use sslip when dns is set

bin/sync_image.sh

@@ -3,6 +3,9 @@
 {% set registry_name = disconnected_url|replace(":" + registry_port, '') %}
 REGISTRY_NAME={{ registry_name }}
 REGISTRY_PORT={{ registry_port }}
+{% elif dns %}
+REGISTRY_NAME=registry.{{ cluster }}.{{ domain }}
+REGISTRY_PORT={{ 8443 if disconnected_quay else 5000 }}
 {% else %}
 PRIMARY_NIC=$(ls -1 /sys/class/net | grep 'eth\|en' | head -1)
 export IP=$(ip -o addr show $PRIMARY_NIC | head -1 | awk '{print $4}' | cut -d'/' -f1)

dnsmasq.conf

@@ -2,7 +2,7 @@ strict-order
 # bind-dynamic
 #bogus-priv
 
-resolv-file=/etc/resolv.conf
+resolv-file=/etc/resolv.conf.ori
 #dhcp-ignore=tag:!known
 #dhcp-fqdn
 #log-queries
@@ -16,6 +16,11 @@ domain={{ cluster }}.{{ domain }},{{ baremetal_cidr }}
 host-record=api-int.{{ cluster }}.{{ domain }},{{ api_ip }}
 host-record=api.{{ cluster }}.{{ domain }},{{ api_ip }}
 address=/apps.{{ cluster }}.{{ domain }}/{{ ingress_ip }}
+
+{% if disconnected %}
+host-record=registry.{{ cluster }}.{{ domain }},{{ installer_ip }}
+{% endif %}
+
 {% set total_number = namespace(value=0) %}
 {% for spoke in ztp_spokes %}
 {% set spoke_name = spoke.name %}

paramfiles/lab_ipv6.yml

@@ -2,12 +2,17 @@ lab: true
 pool: default
 disconnected: true
 virtual_ctlplanes: true
+virtual_ctlplanes_static_network: true
 version: stable
 tag: "4.16"
+dns: true
+installer_ip: 2620:52:0:1302::4
 cluster: lab
 domain: karmalabs.corp
 baremetal_cidr: 2620:52:0:1302::/64
 baremetal_net: lab-baremetal
+# static_baremetal_dns: 2620:52:0:1302::1
+# static_baremetal_gateway: 2620:52:0:1302::1
 api_ip: 2620:52:0:1302::2
 ingress_ip: 2620:52:0:1302::3
 baremetal_ips:
@@ -20,6 +25,8 @@ baremetal_macs:
 - aa:aa:aa:aa:bb:02
 - aa:aa:aa:aa:bb:03
 - aa:aa:aa:aa:bb:04
+
+ztp_virtual_nodes_static_network: true
 ztp_spokes:
 - name: mgmt-spoke1
   ctlplanes_number: 1
@@ -33,7 +40,7 @@ installer_mac: aa:bb:aa:aa:bb:01
 ztp_policies_dir: extras/sample-site-policies
 vmrules:
 - lab-mgmt-spoke1-node-0:
-   boot_order: true
+#   boot_order: true
    disks:
    - size: 120
      interface: scsi
@@ -42,11 +49,5 @@ vmrules:
    nets:
    - name: lab-baremetal
      mac: aa:aa:aa:aa:bb:04
-     ip: 2620:52:0:1302::24
-     reserveip: true
-     reservedns: true
-     alias:
-     - api.mgmt-spoke1.karmalabs.corp
-     - api-int.mgmt-spoke1.karmalabs.corp
    - name: sriov-network
      sriov: true

plans/kcli_plan_infra.yml

@@ -16,34 +16,6 @@
 {% endif %}
 {% endif %}
 
-{% if lab and ((api_ip != None and ingress_ip != None) or (baremetal_ips and baremetal_ips|length > 0)) %}
-{% set api_ip = api_ip or baremetal_ips[0] %}
-{% set ingress_ip = ingress_ip or baremetal_ips[0] %}
-api:
- type: dns
- net: {{ baremetal_net }}
- ip: {{ api_ip }}
- alias:
- - api.{{ cluster }}.{{ domain }}
- - api-int.{{ cluster }}.{{ domain }}
-
-apps:
- type: dns
- net: {{ baremetal_net }}
- ip: {{ ingress_ip }}
- alias:
- - console-openshift-console.apps.{{ cluster }}.{{ domain }}
- - oauth-openshift.apps.{{ cluster }}.{{ domain }}
- - prometheus-k8s-openshift-monitoring.apps.{{ cluster }}.{{ domain }}
- - canary-openshift-ingress-canary.apps.{{ cluster }}.{{ domain }}
- - assisted-service-multicluster-engine.apps.{{ cluster }}.{{ domain }}
- - assisted-service-assisted-installer.apps.{{ cluster }}.{{ domain }}
- - assisted-image-service-multicluster-engine.apps.{{ cluster }}.{{ domain }}
-{% for entry in lab_extra_dns %}
- - {{ entry }}.apps.{{ cluster }}.{{ domain }}
-{% endfor %}
-{% endif %}
-
 {% if virtual_ctlplanes %}
 {% for num in range(0, virtual_ctlplanes_number) %}
 {{ cluster }}-ctlplane-{{ num }}:

scripts/00_virtual.sh

@@ -2,7 +2,6 @@
 
 set -euo pipefail
 
-PRIMARY_NIC=$(ls -1 /sys/class/net | grep -v podman | head -1)
 {% if not 'rhel' in image %}
 dnf clean all
 sleep 30
@@ -19,10 +18,3 @@ kcli install provider {{ config_type }}
 
 SUSHYFLAGS={{ "--ipv6" if ':' in baremetal_cidr else "" }}
 kcli create sushy-service $SUSHYFLAGS
-
-ssh-keyscan -H {{ config_host if config_host not in ['127.0.0.1', 'localhost'] else baremetal_net|local_ip }} >> /root/.ssh/known_hosts
-echo -e "Host=*\nStrictHostKeyChecking=no\n" > /root/.ssh/config
-IP=$(ip -o addr show $PRIMARY_NIC | head -1 | awk '{print $4}' | cut -d "/" -f 1 | head -1)
-echo $IP | grep -q ':' && IP=[$IP]
-
-echo {{ api_ip }} api.{{ cluster }}.{{ domain }} >> /etc/hosts

scripts/03_dns.sh

@@ -0,0 +1,8 @@
+set -euo pipefail
+
+dnf -y install dnsmasq
+cp /root/dnsmasq.conf /etc/dnsmasq.d/custom.conf
+systemctl enable --now dnsmasq
+
+cp /etc/resolv.conf /etc/resolv.conf.ori
+echo nameserver {{ installer_ip }} > /etc/resolv.conf

scripts/03_disconnected_mirror.sh → scripts/04_disconnected_mirror.sh

@@ -21,9 +21,11 @@ mkdir -p /opt/registry/certs
 openssl s_client -showcerts -connect $REGISTRY_NAME:$REGISTRY_PORT </dev/null 2>/dev/null|openssl x509 -outform PEM > /opt/registry/certs/domain.crt
 cp /opt/registry/certs/domain.crt /etc/pki/ca-trust/source/anchors
 update-ca-trust extract
+{% elif dns %}
+REGISTRY_NAME=registry.{{ cluster }}.{{ domain }}
+REGISTRY_PORT={{ 8443 if disconnected_quay else 5000 }}
 {% else %}
 REGISTRY_NAME=$(echo $IP | sed 's/\./-/g' | sed 's/:/-/g').sslip.io
-REGISTRY_PORT={{ 8443 if disconnected_quay else 5000 }}
 {% endif %}
 
 export OPENSHIFT_RELEASE_IMAGE=$(openshift-install version | grep 'release image' | awk -F ' ' '{print $3}')

scripts/03_disconnected_olm.sh → scripts/04_disconnected_olm.sh

@@ -12,6 +12,9 @@ export OCP_PULLSECRET_AUTHFILE='/root/openshift_pull.json'
 {% set registry_name = disconnected_url|replace(":" + registry_port, '') %}
 REGISTRY_NAME={{ registry_name }}
 REGISTRY_PORT={{ registry_port }}
+{% elif dns %}
+REGISTRY_NAME=registry.{{ cluster }}.{{ domain }}
+REGISTRY_PORT={{ 8443 if disconnected_quay else 5000 }}
 {% else %}
 PRIMARY_NIC=$(ls -1 /sys/class/net | grep 'eth\|en' | head -1)
 IP=$(ip -o addr show $PRIMARY_NIC | head -1 | awk '{print $4}' | cut -d'/' -f1)

scripts/03_disconnected_quay.sh → scripts/04_disconnected_quay.sh

@@ -8,8 +8,12 @@ PRIMARY_NIC=$(ls -1 /sys/class/net | grep -v podman | head -1)
 export PATH=/root/bin:$PATH
 export PULL_SECRET="/root/openshift_pull.json"
 dnf -y install podman httpd jq libseccomp-devel
+{% if dns %}
+REGISTRY_NAME=registry.{{ cluster }}.{{ domain }}
+{% else %}
 export IP=$(ip -o addr show $PRIMARY_NIC | head -1 | awk '{print $4}' | cut -d'/' -f1)
 REGISTRY_NAME=$(echo $IP | sed 's/\./-/g' | sed 's/:/-/g').sslip.io
+{% endif %}
 REGISTRY_USER=init
 REGISTRY_PASSWORD={{ "super" + disconnected_password if disconnected_password|length < 8 else disconnected_password }}
 KEY=$(echo -n $REGISTRY_USER:$REGISTRY_PASSWORD | base64)

scripts/03_disconnected_registry.sh → scripts/04_disconnected_registry.sh

@@ -6,8 +6,12 @@ PRIMARY_NIC=$(ls -1 /sys/class/net | grep -v podman | head -1)
 export PATH=/root/bin:$PATH
 export PULL_SECRET="/root/openshift_pull.json"
 dnf -y install podman httpd httpd-tools jq skopeo libseccomp-devel
+{% if dns %}
+REGISTRY_NAME=registry.{{ cluster }}.{{ domain }}
+{% else %}
 export IP=$(ip -o addr show $PRIMARY_NIC | head -1 | awk '{print $4}' | cut -d'/' -f1)
 REGISTRY_NAME=$(echo $IP | sed 's/\./-/g' | sed 's/:/-/g').sslip.io
+{% endif %}
 REGISTRY_USER={{ disconnected_user }}
 REGISTRY_PASSWORD={{ disconnected_password }}
 KEY=$(echo -n $REGISTRY_USER:$REGISTRY_PASSWORD | base64)

scripts/04_nbde.sh → scripts/05_nbde.sh

@@ -2,8 +2,7 @@
 
 set -euo pipefail
 
-PRIMARY_NIC=$(ls -1 /sys/class/net | grep -v podman | head -1)
-yum -y install clevis tang
+dnf -y install clevis tang
 semanage port -a -t tangd_port_t -p tcp 7500
 # firewall-cmd --add-port=7500/tcp
 systemctl enable tangd.socket
@@ -16,6 +15,7 @@ jose jwk gen -i '{"alg":"ES512"}' -o /var/db/tang/newsig.jwk
 jose jwk gen -i '{"alg":"ECMR"}' -o /var/db/tang/newexc.jwk
 systemctl start tangd.socket
 
+PRIMARY_NIC=$(ls -1 /sys/class/net | grep -v podman | head -1)
 export IP=$(ip -o addr show $PRIMARY_NIC | head -1 | awk '{print $4}' | cut -d'/' -f1)
 export TANG_URL=http://"$IP:7500"
 export THP="$(tang-show-keys 7500)"

scripts/07_deploy_openshift.sh

@@ -42,7 +42,10 @@ cp /root/machineconfigs/99-localhost-fix*.yaml /root/manifests
 cp /root/machineconfigs/99-monitoring.yaml /root/manifests
 {% endif %}
 find manifests -type f -empty -print -delete
-grep -q "{{ api_ip }} api.{{ cluster }}.{{ domain }}" /etc/hosts || echo {{ api_ip }} api.{{ cluster }}.{{ domain }} >> /etc/hosts
+
+{% if api_ip != None %}
+echo {{ api_ip }} api.{{ cluster }}.{{ domain }} >> /etc/hosts
+{% endif %}
 
 kcli delete iso --yes {{ cluster }}.iso || true
 

scripts/08_nfs.sh

@@ -26,7 +26,11 @@ oc create -f $BASEDIR/deploy/rbac.yaml
 oc adm policy add-scc-to-user hostmount-anyuid system:serviceaccount:$NAMESPACE:nfs-client-provisioner
 if [ "$(podman ps | grep registry)" != "" ] ; then
  /root/bin/sync_image.sh registry.k8s.io/sig-storage/nfs-subdir-external-provisioner:v4.0.2
+{% if dns %}
+ REGISTRY_NAME=registry.{{ cluster }}.{{ domain }}
+{% else %}
  REGISTRY_NAME=$(echo $PRIMARY_IP | sed 's/\./-/g' | sed 's/:/-/g').sslip.io
+{% endif %}
  sed -i "[email protected]@$REGISTRY_NAME:5000@" $BASEDIR/deploy/deployment.yaml
 fi
 sed -i -e "[email protected]/[email protected]/nfs@" -e "[email protected]@$PRIMARY_IP@" -e "s@/ifs/kubernetes@/var/nfsshare@" $BASEDIR/deploy/deployment.yaml

scripts/launch_steps.sh

@@ -29,36 +29,37 @@ echo -e "${blue}************ RUNNING ZTP steps ************${clear}"
 exit 0
 fi
 
+{% if dns %}
+echo -e "${blue}************ RUNNING 03_dns.sh ************${clear}"
+/root/scripts/03_dns.sh
+{% endif %}
+
+
 {% if disconnected %}
 {% if disconnected_url == None %}
-echo -e "${blue}************ RUNNING 03_disconnected_{{ 'quay.sh' if disconnected_quay else 'registry.sh' }} ************${clear}"
-/root/scripts/03_disconnected_{{ 'quay.sh' if disconnected_quay else 'registry.sh' }} || exit 1
+echo -e "${blue}************ RUNNING 04_disconnected_{{ 'quay.sh' if disconnected_quay else 'registry.sh' }} ************${clear}"
+/root/scripts/04_disconnected_{{ 'quay.sh' if disconnected_quay else 'registry.sh' }} || exit 1
 {% endif %}
-echo -e "${blue}************ RUNNING 03_disconnected_mirror.sh ************${clear}"
-/root/scripts/03_disconnected_mirror.sh || exit 1
+echo -e "${blue}************ RUNNING 04_disconnected_mirror.sh ************${clear}"
+/root/scripts/04_disconnected_mirror.sh || exit 1
 {% if (disconnected_operators or disconnected_certified_operators or disconnected_community_operators or disconnected_marketplace_operators or disconnected_extra_catalogs) and not disconnected_operators_deploy_after_openshift %}
-echo -e "${blue}************ RUNNING 03_disconnected_olm.sh ************${clear}"
-/root/scripts/03_disconnected_olm.sh
+echo -e "${blue}************ RUNNING 04_disconnected_olm.sh ************${clear}"
+/root/scripts/04_disconnected_olm.sh
 {% if disconnected_url == None and disconnected_quay %}
 rm -rf /root/manifests-redhat-operator-index-*
-/root/scripts/03_disconnected_olm.sh
+/root/scripts/04_disconnected_olm.sh
 {% endif %}
 {% endif %}
 {% endif %}
 
 {% if nbde %}
-echo -e "${blue}************ RUNNING 04_nbde.sh ************${clear}"
-/root/scripts/04_nbde.sh
+echo -e "${blue}************ RUNNING 05_nbde.sh ************${clear}"
+/root/scripts/05_nbde.sh
 {% endif %}
 
 {% if ntp %}
-echo -e "${blue}************ RUNNING 05_ntp.sh ************${clear}"
-/root/scripts/05_ntp.sh
-{% endif %}
-
-{% if dns %}
-echo -e "${blue}************ RUNNING 06_dns.sh ************${clear}"
-/root/scripts/06_dns.sh
+echo -e "${blue}************ RUNNING 06_ntp.sh ************${clear}"
+/root/scripts/06_ntp.sh
 {% endif %}
 
 {% if deploy_openshift %}
@@ -77,8 +78,8 @@ oc patch configs.imageregistry.operator.openshift.io cluster --type merge -p '{"
 {% endif %}
 
 {% if disconnected and (disconnected_operators or disconnected_certified_operators or disconnected_community_operators or disconnected_marketplace_operators or disconnected_extra_catalogs) and disconnected_operators_deploy_after_openshift %}
-echo -e "${blue}************ RUNNING 03_disconnected_olm.sh ************${clear}"
-/root/scripts/03_disconnected_olm.sh
+echo -e "${blue}************ RUNNING 04_disconnected_olm.sh ************${clear}"
+/root/scripts/04_disconnected_olm.sh
 {% endif %}
 
 echo -e "${blue}************ RUNNING 09_post_install.sh ************${clear}"

ztp/scripts/01_assisted-service.sh

@@ -17,7 +17,11 @@ SOURCE_ARGS=""
 DISCONNECTED_ARGS="-P disconnected_url={{ disconnected_url }}"
 {% elif disconnected %}
 BAREMETAL_IP=$(ip -o addr show eth0 | head -1 | awk '{print $4}' | cut -d'/' -f1)
+{% if dns %}
+REGISTRY_NAME=registry.{{ cluster }}.{{ domain }}
+{% else %}
 REGISTRY_NAME=$(echo $BAREMETAL_IP | sed 's/\./-/g' | sed 's/:/-/g').sslip.io
+{% endif %}
 LOCAL_PORT={{ 8443 if disconnected_quay else 5000 }}
 DISCONNECTED_ARGS="-P disconnected_url=${REGISTRY_NAME}:$LOCAL_PORT"
 {% else %}

ztp/scripts/02_git.sh

@@ -1,6 +1,13 @@
+#!/usr/bin/env bash
+
+{% if dns and disconnected %}
+GIT_SERVER=registry.{{ cluster }}.{{ domain }}
+{% else %}
 PRIMARY_NIC=$(ls -1 /sys/class/net | grep -v podman | head -1)
-export IP=$(ip -o addr show $PRIMARY_NIC | head -1 | awk '{print $4}' | cut -d'/' -f1)
-export GIT_SERVER=$(echo $IP | sed 's/\./-/g' | sed 's/:/-/g').sslip.io
+IP=$(ip -o addr show $PRIMARY_NIC | head -1 | awk '{print $4}' | cut -d'/' -f1)
+GIT_SERVER=$(echo $IP | sed 's/\./-/g' | sed 's/:/-/g').sslip.io
+{% endif %}
+export GIT_SERVER
 GIT_USER={{ ztp_gitops_user }}
 GIT_PASSWORD={{ ztp_gitops_password }}
 

ztp/scripts/generate_gitops.sh

@@ -6,16 +6,20 @@ OCP_RELEASE=$(openshift-install version | head -1 | cut -d' ' -f2)-x86_64
 export MINOR=$(echo $OCP_RELEASE | cut -d. -f1,2)
 PRIMARY_NIC=$(ls -1 /sys/class/net | grep -v podman | head -1)
 export IP=$(ip -o addr show $PRIMARY_NIC | head -1 | awk '{print $4}' | cut -d'/' -f1)
-export GIT_SERVER=$(echo $IP | sed 's/\./-/g' | sed 's/:/-/g').sslip.io
+echo $IP | grep -q ':' && IP=[$IP]
 GIT_USER={{ ztp_gitops_user }}
-export REPO_URL={{ ztp_gitops_repo_url or 'http://$GIT_SERVER:3000/karmalabs/ztp' }}
+export REPO_URL={{ ztp_gitops_repo_url or 'http://$IP:3000/karmalabs/ztp' }}
 export REPO_BRANCH={{ ztp_gitops_repo_branch }}
 export CLUSTERS_APP_PATH={{ ztp_gitops_clusters_app_path }}
 export POLICIES_APP_PATH={{ ztp_gitops_policies_app_path }}
 export HUB={{ cluster }}
 
 {% if disconnected %}
-export REGISTRY=$GIT_SERVER:5000
+{% if dns %}
+export REGISTRY=registry.{{ cluster }}.{{ domain }}:5000
+{% else %}
+export REGISTRY=$(echo $IP | sed 's/\./-/g' | sed 's/:/-/g').sslip.io:5000
+{% endif %}
 /root/bin/sync_image.sh registry.redhat.io/openshift4/ztp-site-generate-rhel8:v$MINOR
 {% else %}
 export REGISTRY=registry.redhat.io
@@ -26,15 +30,15 @@ rm openshift-gitops-patch.json.template
 oc patch argocd openshift-gitops -n openshift-gitops --type=merge --patch-file openshift-gitops-patch.json
 envsubst < clusters-app.yaml.template > clusters-app.yaml
 rm clusters-app.yaml.template
-if [[ ! "$REPO_URL" =~ "$GIT_SERVER:3000" ]] || [ -d /root/ztp/scripts/site-policies ] ; then
+if [[ ! "$REPO_URL" =~ "$IP:3000" ]] || [ -d /root/ztp/scripts/site-policies ] ; then
   envsubst < policies-app.yaml.template > policies-app.yaml
   rm policies-app.yaml.template
 else
   sed -i /policies-app-project.yaml/d kustomization.yaml
   sed -i /policies-app.yaml/d kustomization.yaml
 fi
 
-if [[ "$REPO_URL" =~ "$GIT_SERVER:3000" ]] ; then
+if [[ "$REPO_URL" =~ "$IP:3000" ]] ; then
   cd /root/git
   mkdir -p site-configs/$HUB
   touch site-configs/$HUB/.gitkeep