Skip to content

Commit

Permalink
ksushy: KSUSHY_PLAN variable
Browse files Browse the repository at this point in the history
  • Loading branch information
@karmab
karmab committed Feb 22, 2025
1 parent 434b847 commit 04fcca1
Show file tree
Hide file tree
Showing 5 changed files with 70 additions and 57 deletions.
7 changes: 4 additions & 3 deletions docs/index.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2272,7 +2272,8 @@ ksushy can be launched manually for testing purposes but the following command c
- KSUSHY_DEBUG: enable debug
- KSUSHY_USER: username for authentication
- KSUSHY_PASSWORD: password for authentication
- KSUSHY_BOOTONCE: enable bootonce hack
- KSUSHY_BOOTONCE: enable bootonce
- KSUSHY_PLAN: specific plan to restrict actions when using bootonce

```
kcli create sushy-service
Expand Down Expand Up @@ -2300,9 +2301,9 @@ For plugging an iso, only virtualization providers can be used.

When deploying the service, an username and password can be specified for securing access through basic authentication

### Bootonce hack
### Bootonce

Since virtualization providers don't provide a way to restart in a given iso only one time (and because in kcli design, we don't mess with boot orders), the `bootonce` overcomes this by running a side process which monitors vms getting rebooted, and restart them instead after removing their iso so that they boot from OS.
Since virtualization providers don't provide a way to restart in a given iso only one time (and because in kcli design, we don't want to mess with boot orders), the `bootonce` overcomes this by running a side process which monitors vms getting rebooted, and restart them instead after removing their iso to make sure they boot from OS.

# Ansible support

Expand Down
107 changes: 57 additions & 50 deletions docs/index.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1382,7 +1382,7 @@ Workflow allows you to launch scripts locally after they are rendered
This would execute the two scripts after rendering them into a temporary directory, along with the files if provided. Note that you can omit the scripts section and instead indicate the script to run as name of the workflow. This requires it to be a sh/bash script and as such being suffixed by .sh

By default ``files`` items are rendered directly in the ``/root`` directory with the same directory structure as the original files, and ``scripts`` items are rendered in a temporary directory. For example:
By default ``files`` items are rendered directly in the ``/root`` directory with the same directory structure as the original files, and ``scripts`` items are rendered in a temporary directory. For example:

.. code:: yaml
Expand All @@ -1396,7 +1396,7 @@ By default ``files`` items are rendered directly in the ``/root`` directory with
Will create files similar to this:

.. code::
::

/tmp/tmpfiox_arx/frout.sh
/root/arch/frout.txt
Expand All @@ -1417,7 +1417,7 @@ There is an optional field called ``destdir`` that we can use to force the desti
Will create the following file structure:

.. code::
::

./outdir/frout.sh
./outdir/arch/frout.txt
Expand All @@ -1440,7 +1440,7 @@ Additionally elements from ``files`` can use a mapping instead of a string to sp
Will create the following file structure:

.. code::
::

./outdir/frout.sh
./outdir/frout.txt
Expand Down Expand Up @@ -1736,10 +1736,10 @@ Specific parameters for a client
=============== ============= ====================================================
Parameter Default Value Comments
=============== ============= ====================================================
*host* 127.0.0.1
*host* 127.0.0.1
*port* Defaults to 22 if ssh protocol is used
*user* root
*protocol* ssh
*user* root
*protocol* ssh
*url* can be used to specify an exotic qemu url
*tunnel* False make kcli use tunnels for console and for ssh access
*keep_networks* False make kcli keeps networks when deleting plan
Expand All @@ -1753,37 +1753,37 @@ Parameter Default Value Comments
================== ==================================== =====================================================================================================================================================================================================================================================================================================================
*client* None Allows to target a different client/host for the corresponding entry
*virttype* None Only used for Libvirt where it evaluates to kvm if acceleration shows in capabilities, or qemu emulation otherwise. If a value is provided, it must be either kvm, qemu, xen or lxc
*cpumodel* host-model
*cpumodel* host-model
*cpuflags* [] You can specify a list of strings with features to enable or use dict entries with *name* of the feature and *policy* either set to require,disable, optional or force. The value for vmx is ignored, as it’s handled by the nested flag
*numcpus* 2
*cpuhotplug* False
*numcpus* 2
*cpuhotplug* False
*numamode* None numamode to apply to the workers only.
*cpupinning* [] cpupinning conf to apply
*memory* 512M
*memoryhotplug* False
*memory* 512M
*memoryhotplug* False
*flavor* Specific to gcp, aws, openstack and packet
*guestid* guestrhel764
*pool* default
*guestid* guestrhel764
*pool* default
*image* None Should point to your base cloud image(optional). You can either specify short name or complete path. If you omit the full path and your image lives in several pools, the one from last (alphabetical) pool will be used\\
*diskinterface* virtio You can set it to ide, ssd or nvme instead
*diskthin* True
*diskthin* True
*disks* [] Array of disks to define. For each of them, you can specify pool, size, thin (as boolean), interface (either ide or virtio) and a wwn.If you omit parameters, default values will be used from config or profile file (You can actually let the entire entry blank or just indicate a size number directly)
*iso* None
*iso* None
*nets* [] Array of networks to define. For each of them, you can specify just a string for the name, or a dict containing name, public and alias and ip, mask and gateway, and bridge. Any visible network is valid, in particular bridges or specific interfaces can be used on Libvirt, beyond regular nat networks
*gateway* None
*gateway* None
*dns* None Dns server
*domain* None Dns search domain
*start* true
*start* true
*vnc* false if set to true, vnc is used for console instead of spice
*cloudinit* true
*cloudinit* true
*reserveip* false if set to true and an ip was provided, create a dhcp reservation in libvirt network
*reservedns* false
*reservehost* false
*reservedns* false
*reservehost* false
*keys* [] Array of ssh public keys to inject to the vm. Whether the actual content or the public key path
*cmds* [] Array of commands to run
*profile* None name of one of your profile
*scripts* [] array of paths of custom script to inject with cloudinit. It will be merged with cmds parameter. You can either specify full paths or relative to where you’re running kcli. Only checked in profile or plan file
*nested* True
*nested* True
*sharedkey* False Share a private/public key between all the nodes of your plan. Additionally, root access will be allowed
*privatekey* False Inject your private key to the nodes of your plan
*files* [] Array of files to inject to the vm. For each of them, you can specify path, owner ( root by default) , permissions (600 by default ) and either origin or content to gather content data directly or from specified origin. When specifying a directory as origin, all the files it contains will be parsed and added
Expand Down Expand Up @@ -1947,42 +1947,42 @@ Here’s the list of typical variables that can be used (you can list them with
===================== =================== ===============================================================================================================================
Parameter Default Value Comments
===================== =================== ===============================================================================================================================
cluster testk
domain karmalabs.corp
cluster testk
domain karmalabs.corp
*version* stable You can choose between stable, dev-preview, nightly, ci or stable. both ci and nightly require specific data in the pull secret
tag 4.12
tag 4.12
async false Exit once vms are created and let job in cluster delete bootstrap
notify false Whether to send notifications once cluster is deployed. Mean to be used in async mode
pull_secret openshift_pull.json
pull_secret openshift_pull.json
network default Any existing network can be used
api_ip None
ingress_ip None
api_ip None
ingress_ip None
ctlplanes 1 number of ctlplane
workers 0 number of workers
network_type OVNKubernetes
pool default
flavor None
flavor_bootstrap None
flavor_ctlplane None
flavor_worker None
numcpus 4
bootstrap_numcpus None
ctlplane_numcpus None
worker_numcpus None
memory 8192
bootstrap_memory None
ctlplane_memory None
worker_memory None
network_type OVNKubernetes
pool default
flavor None
flavor_bootstrap None
flavor_ctlplane None
flavor_worker None
numcpus 4
bootstrap_numcpus None
ctlplane_numcpus None
worker_numcpus None
memory 8192
bootstrap_memory None
ctlplane_memory None
worker_memory None
disk_size 30 disk size in Gb for final nodes
extra_disks []
disconnected_url None
disconnected_user None
disconnected_password None
imagecontentsources []
extra_disks []
disconnected_url None
disconnected_user None
disconnected_password None
imagecontentsources []
baremetal False Whether to also deploy the metal3 operator, for provisioning physical workers
cloud_tag None
cloud_scale False
cloud_api_internal False
cloud_tag None
cloud_scale False
cloud_api_internal False
apps [] Extra applications to deploy on the cluster
===================== =================== ===============================================================================================================================

Expand Down Expand Up @@ -2443,6 +2443,8 @@ ksushy can be launched manually for testing purposes but the following command c
- KSUSHY_DEBUG: enable debug
- KSUSHY_USER: username for authentication
- KSUSHY_PASSWORD: password for authentication
- KSUSHY_BOOTONCE: enable bootonce
- KSUSHY_PLAN: specific plan to restrict actions when using bootonce

::

Expand Down Expand Up @@ -2472,6 +2474,11 @@ Restricting access

When deploying the service, an username and password can be specified for securing access through basic authentication

Bootonce
~~~~~~~~

Since virtualization providers don’t provide a way to restart in a given iso only one time (and because in kcli design, we don’t want to mess with boot orders), the ``bootonce`` overcomes this by running a side process which monitors vms getting rebooted, and restart them instead after removing their iso to make sure they boot from OS.

Ansible support
===============

Expand Down
6 changes: 4 additions & 2 deletions kvirt/baseconfig.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1499,7 +1499,8 @@ def import_in_kube(self, network='default', dest=None, secure=False):
call(cmcmd, shell=True)
return {'result': 'success'}

def deploy_ksushy_service(self, port=9000, ssl=False, ipv6=False, user=None, password=None, bootonce=False):
def deploy_ksushy_service(self, port=9000, ssl=False, ipv6=False, user=None, password=None, bootonce=False,
plan=None):
if ssl:
warning("ssl support requires installing manually pyopenssl and cherrypy")
root = os.getuid() == 0
Expand Down Expand Up @@ -1528,7 +1529,8 @@ def deploy_ksushy_service(self, port=9000, ssl=False, ipv6=False, user=None, pas
call(cmd, shell=True)
if iso_remover:
executable = which('ksushy-isoremover')
isoremoverdata = kdefaults.ISOSERVICE.format(home=home, executable=executable)
plan = f"Environment=KSUSHY_PLAN={plan}\n" if plan is not None else ''
isoremoverdata = kdefaults.ISOSERVICE.format(home=home, executable=executable, plan=plan)
if root:
service_file = "/etc/systemd/system/ksushy-isoremover.service"
else:
Expand Down
3 changes: 2 additions & 1 deletion kvirt/cli.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3303,7 +3303,7 @@ def update_securitygroup(args):
def create_ksushy_service(args):
baseconfig = Kbaseconfig(client=args.client, debug=args.debug, offline=True)
baseconfig.deploy_ksushy_service(port=args.port, ipv6=args.ipv6, ssl=args.ssl, user=args.user,
password=args.password, bootonce=args.bootonce)
password=args.password, bootonce=args.bootonce, plan=args.plan)


def create_web_service(args):
Expand Down Expand Up @@ -3984,6 +3984,7 @@ def cli():
sushycreate_parser.add_argument('-s', '--ssl', action='store_true', help='Enable ssl')
sushycreate_parser.add_argument('-u', '--user', help='User for authentication')
sushycreate_parser.add_argument('-p', '--password', help='Password for authentication')
sushycreate_parser.add_argument('--plan', help='Plan for filtering vms when using bootonce')
sushycreate_parser.set_defaults(func=create_ksushy_service)

vmcreate_desc = 'Create Vm'
Expand Down
4 changes: 3 additions & 1 deletion kvirt/ksushy/isoremover.py
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
from libvirt import virEventRegisterDefaultImpl, virEventRunDefaultImpl, VIR_DOMAIN_EVENT_ID_AGENT_LIFECYCLE
from kvirt.config import Kconfig
import os
from threading import Thread
from time import sleep

Expand All @@ -11,7 +12,8 @@ def callback(conn, dom, event, state, opaque):
global config
k = config.k
name = dom.name()
if event == 2 and state == 2 and 'iso' in k.info(name):
plan = os.environ.get('plan')
if event == 2 and state == 2 and 'iso' in k.info(name) and (plan is None or k.info(name) == plan):
print(f"Removing iso from {name}")
k.stop(name)
k.update_iso(name, None)
Expand Down

0 comments on commit 04fcca1

Please sign in to comment.