making day1 solutin configurable via systemd services (#1069)

1) adding environment variables to systemd services and making executable using those variables. This ways the scripts themselves do not change. in addition, it allows manual update of the MC in the cluster, since no parts that are based64-ed are needed to be changed 2) removing a separate pulling service for OCP on-prem. pull service will now wait for network-online and NetworkManager-dispatcher to be completed in every type of OCP cluster
rh-ecosystem-edge · Apr 3, 2024 · 73fe579 · 73fe579
1 parent 31afdc4
commit 73fe579
Show file tree

Hide file tree

Showing 13 changed files with 121 additions and 243 deletions.
diff --git a/pkg/mcproducer/mcproducer.go b/pkg/mcproducer/mcproducer.go
@@ -11,32 +11,27 @@ import (
 )
 
 const (
-	defaultWorkerImage = "quay.io/edge-infrastructure/kernel-module-management-worker:latest"
+	defaultWorkerImage        = "quay.io/edge-infrastructure/kernel-module-management-worker:latest"
+	kernelModuleImageFilepath = "/var/lib/image_file_day1.tar"
+	workerConfigFilepath      = "/var/lib/kmm_day1_config.yaml"
 )
 
 var (
+	//go:embed scripts/pull-image.sh
+	scriptPullImage string
+
+	//go:embed scripts/replace-kernel-module.sh
+	scriptReplaceKmod string
+
+	//go:embed scripts/wait-for-dispatcher.sh
+	scriptWaitForNetworkDispatcher string
+
 	//go:embed templates
 	templateFS embed.FS
 
 	machineConfigTemplate = template.Must(
 		template.ParseFS(templateFS, "templates/machine-config.gotmpl"),
 	)
-
-	scriptPullImage = template.Must(
-		template.ParseFS(templateFS, "templates/pull-image.gotmpl"),
-	)
-
-	scriptReplaceKmod = template.Must(
-		template.ParseFS(templateFS, "templates/replace-kernel-module.gotmpl"),
-	)
-
-	scriptWaitForNetworkDispatcher = template.Must(
-		template.ParseFS(templateFS, "templates/wait-for-dispatcher.gotmpl"),
-	)
-
-	workerConfigMap = template.Must(
-		template.ParseFS(templateFS, "templates/worker-configmap.gotmpl"),
-	)
 )
 
 func ProduceMachineConfig(machineConfigName,
@@ -45,9 +40,10 @@ func ProduceMachineConfig(machineConfigName,
 	kernelModuleName,
 	inTreeModuleToRemove,
 	workerImage string) (string, error) {
-	localFilePath, err := getLocalFileName(kernelModuleImage)
+
+	err := verifyKernelModuleImage(kernelModuleImage)
 	if err != nil {
-		return "", fmt.Errorf("failed to get local file name for image %s: %v", kernelModuleImage, err)
+		return "", fmt.Errorf("failed to verify kernel module image name %s: %v", kernelModuleImage, err)
 	}
 
 	workerImageToUse := defaultWorkerImage
@@ -56,34 +52,19 @@ func ProduceMachineConfig(machineConfigName,
 	}
 
 	templateParams := map[string]any{
-		"Image":                kernelModuleImage,
-		"KernelModule":         kernelModuleName,
-		"MachineConfigPoolRef": machineConfigPoolRef,
-		"MachineConfigName":    machineConfigName,
-		"LocalFilePath":        localFilePath,
-		"InTreeModuleToRemove": inTreeModuleToRemove,
-		"WorkerImage":          workerImageToUse,
-	}
-
-	templateParams["ReplaceInTreeDriverContents"], err = executeIntoBase64(scriptReplaceKmod, templateParams)
-	if err != nil {
-		return "", err
-	}
-
-	templateParams["PullKernelModuleContents"], err = executeIntoBase64(scriptPullImage, templateParams)
-	if err != nil {
-		return "", err
-	}
-
-	templateParams["WaitForNetworkDispatcherContents"], err = executeIntoBase64(scriptWaitForNetworkDispatcher, templateParams)
-	if err != nil {
-		return "", err
+		"KernelModuleImage":         kernelModuleImage,
+		"KernelModule":              kernelModuleName,
+		"MachineConfigPoolRef":      machineConfigPoolRef,
+		"MachineConfigName":         machineConfigName,
+		"KernelModuleImageFilepath": kernelModuleImageFilepath,
+		"InTreeModuleToRemove":      inTreeModuleToRemove,
+		"WorkerImage":               workerImageToUse,
+		"WorkerConfigFilepath":      workerConfigFilepath,
 	}
 
-	templateParams["WorkerPodConfigContents"], err = executeIntoBase64(workerConfigMap, templateParams)
-	if err != nil {
-		return "", err
-	}
+	templateParams["ReplaceInTreeDriverContents"] = base64.StdEncoding.EncodeToString([]byte(scriptReplaceKmod))
+	templateParams["PullKernelModuleContents"] = base64.StdEncoding.EncodeToString([]byte(scriptPullImage))
+	templateParams["WaitForNetworkDispatcherContents"] = base64.StdEncoding.EncodeToString([]byte(scriptWaitForNetworkDispatcher))
 
 	var machineConfig bytes.Buffer
 
@@ -94,27 +75,10 @@ func ProduceMachineConfig(machineConfigName,
 	return machineConfig.String(), nil
 }
 
-func executeIntoBase64(tmpl *template.Template, params map[string]any) (string, error) {
-	var buf bytes.Buffer
-
-	enc := base64.NewEncoder(base64.StdEncoding, &buf)
-
-	if err := tmpl.Execute(enc, params); err != nil {
-		return "", fmt.Errorf("could not render %s: %v", tmpl.Name(), err)
-	}
-
-	if err := enc.Close(); err != nil {
-		return "", err
-	}
-
-	return buf.String(), nil
-}
-
-func getLocalFileName(containerImage string) (string, error) {
-	_, err := name.ParseReference(containerImage)
+func verifyKernelModuleImage(image string) error {
+	_, err := name.ParseReference(image)
 	if err != nil {
-		return "", fmt.Errorf("failed to parse container image %s name: %v", containerImage, err)
+		return fmt.Errorf("image %s is in incorrect format: %v", image, err)
 	}
-
-	return "/var/lib/image_file_day1.tar", nil
+	return nil
 }
diff --git a/pkg/mcproducer/scripts/pull-image.sh b/pkg/mcproducer/scripts/pull-image.sh
@@ -0,0 +1,36 @@
+#!/bin/bash
+
+
+kernel_module_image_filepath="$KERNEL_MODULE_IMAGE_FILEPATH"
+worker_image="$WORKER_IMAGE"
+kernel_module_image="$KERNEL_MODULE_IMAGE"
+
+if [ -e $kernel_module_image_filepath ]; then
+    echo "File $kernel_module_image_filepath found.Nothing to do, the file was handled, removing it"
+    rm -f $kernel_module_image_filepath
+else
+    podman pull --authfile /var/lib/kubelet/config.json $worker_image
+    if [ $? -eq 0 ]; then
+        echo "Image $worker_image has been successfully pulled"
+    else
+        echo "Failed to pull image $worker_image"
+        exit 1
+    fi
+
+    echo "File $kernel_module_image_filepath is not on the filesystem, pulling image "
+    podman pull --authfile /var/lib/kubelet/config.json $kernel_module_image
+    if [ $? -eq 0 ]; then
+        echo "Image $kernel_module_image has been successfully pulled"
+    else
+        echo "Failed to pull image $kernel_module_image"
+        exit 1
+    fi
+    echo "Saving image $kernel_module_image into a file $kernel_module_image_filepath"
+    podman save -o $kernel_module_image_filepath $kernel_module_image
+    if [ $? -eq 0 ]; then
+        echo "Image $kernel_module_image has been successfully save on file $kernel_module_image_filepath, rebooting..."
+        reboot
+    else
+        echo "Failed to save image $kernel_module_image to file $kernel_module_image_filepath"
+    fi
+fi
diff --git a/pkg/mcproducer/scripts/replace-kernel-module.sh b/pkg/mcproducer/scripts/replace-kernel-module.sh
@@ -0,0 +1,35 @@
+#!/bin/bash
+
+kmm_config_file_filepath="$WORKER_CONFIG_FILEPATH"
+kernel_module_image_filepath="$KERNEL_MODULE_IMAGE_FILEPATH"
+in_tree_module_to_remove="$IN_TREE_MODULE_TO_REMOVE"
+kernel_module="$KERNEL_MODULE"
+worker_image="$WORKER_IMAGE"
+
+create_kmm_config() {
+    # Write YAML content to the file
+    cat <<EOF > "$kmm_config_file_filepath"
+containerImage: $kernel_module_image_filepath
+inTreeModuleToRemove: $in_tree_module_to_remove
+modprobe:
+  dirName: /opt
+  moduleName: $kernel_module
+EOF
+    echo "logging contents of the worker config file:"
+    cat "$kmm_config_file_filepath"
+}
+
+echo "before checking image tar file presence"
+if [ -e $kernel_module_image_filepath ]; then
+    echo "Image file $kernel_module_image_filepath found on the local file system, creating kmm config file"
+    create_kmm_config
+    echo "running kernel-management worker image"
+    podman run --user=root --privileged -v /lib/modules:/lib/modules -v $kmm_config_file_filepath:/etc/kmm-worker/config.yaml -v $kernel_module_image_filepath:$kernel_module_image_filepath $worker_image kmod load --tarball /etc/kmm-worker/config.yaml
+    if [ $? -eq 0 ]; then
+        echo "OOT kernel module $kernel_module is inserted"
+    else
+        echo "failed to insert OOT kernel module $kernel_module"
+    fi
+else
+    echo "Image file $kernel_module_image_filepath is not present in local registry, will try after reboot"
+fi
diff --git a/...ucer/templates/wait-for-dispatcher.gotmpl → ...mcproducer/scripts/wait-for-dispatcher.sh b/...ucer/templates/wait-for-dispatcher.gotmpl → ...mcproducer/scripts/wait-for-dispatcher.sh
diff --git a/pkg/mcproducer/templates/machine-config.gotmpl b/pkg/mcproducer/templates/machine-config.gotmpl
@@ -20,6 +20,11 @@ spec:
             User=root
             Type=oneshot
             TimeoutSec=10
+            Environment="IN_TREE_MODULE_TO_REMOVE={{.InTreeModuleToRemove}}"
+            Environment="KERNEL_MODULE={{.KernelModule}}"
+            Environment="KERNEL_MODULE_IMAGE_FILEPATH={{.KernelModuleImageFilepath}}"
+            Environment="WORKER_CONFIG_FILEPATH={{.WorkerConfigFilepath}}"
+            Environment="WORKER_IMAGE={{.WorkerImage}}"
             ExecStartPre=ls /usr/local/bin
             ExecStart=/usr/local/bin/replace-kernel-module.sh
             PrivateTmp=yes
@@ -32,31 +37,15 @@ spec:
         - contents: |
             [Unit]
             Description=Pull oot kernel module image
-            ConditionPathExists=!/etc/systemd/system/on-prem-resolv-prepender.service
-            After=network-online.target
-            Requires=network-online.target
-            DefaultDependencies=no
-            [Service]
-            User=root
-            Type=oneshot
-            ExecStart=/usr/local/bin/pull-kernel-module-image.sh
-            PrivateTmp=yes
-            RemainAfterExit=no
-            TimeoutSec=900
-            [Install]
-            WantedBy=multi-user.target
-          enabled: true
-          name: "pull-kernel-module-image.service"
-        - contents: |
-            [Unit]
-            Description=Pull oot kernel module image in on-prem OCP cluster
-            ConditionPathExists=/etc/systemd/system/on-prem-resolv-prepender.service
             After=network-online.target
             After=NetworkManager-dispatcher.service
             DefaultDependencies=no
             [Service]
             User=root
             Type=oneshot
+            Environment="KERNEL_MODULE_IMAGE={{.KernelModuleImage}}"
+            Environment="KERNEL_MODULE_IMAGE_FILEPATH={{.KernelModuleImageFilepath}}"
+            Environment="WORKER_IMAGE={{.WorkerImage}}"
             ExecStartPre=/usr/local/bin/wait-for-dispatcher.sh
             ExecStart=/usr/local/bin/pull-kernel-module-image.sh
             PrivateTmp=yes
@@ -65,7 +54,7 @@ spec:
             [Install]
             WantedBy=multi-user.target
           enabled: true
-          name: "pull-kernel-module-image-on-prem.service"
+          name: "pull-kernel-module-image.service"
         - enabled: false
           mask: true
           name: crio-wipe.service
@@ -92,10 +81,3 @@ spec:
             name: "root"
           contents:
             source: "data:text/plain;base64,{{.WaitForNetworkDispatcherContents}}"
-        - path: "/etc/kmm-worker-day1/config.yaml"
-          mode: 420
-          overwrite: true
-          user:
-            name: "root"
-          contents:
-            source: "data:text/plain;base64,{{.WorkerPodConfigContents}}"
diff --git a/pkg/mcproducer/templates/pull-image.gotmpl b/pkg/mcproducer/templates/pull-image.gotmpl
diff --git a/pkg/mcproducer/templates/replace-kernel-module.gotmpl b/pkg/mcproducer/templates/replace-kernel-module.gotmpl
diff --git a/pkg/mcproducer/templates/worker-configmap.gotmpl b/pkg/mcproducer/templates/worker-configmap.gotmpl