Change BMC CA logic to use assets

Signed-off-by: Dmitry Tantsur <[email protected]>

Author: dtantsur

data/data/bootstrap/bootstrap-in-place/files/opt/openshift/bootstrap-in-place/bootstrap-in-place-post-reboot.sh

@@ -24,21 +24,6 @@ function signal_bootstrap_complete {
   done
 }
 
-function create_bmc_verify_ca_cm {
-  local ca_storage_dir="/tmp/cert/ca/bmc"
-  local name="bmc-verify-ca"
-  local ns="openshift-machine-api"
-
-  [[ -d "$ca_storage_dir" ]] || return
-
-  until [ "$(oc get cm "${name}" -n "${ns}")" -eq 0 ];
-  do
-    echo "Creating bmc verify ca configmap ..."
-    oc create cm "${name}" -n "${ns}" --from-file="${ca_storage_dir}" || true
-    sleep 5
-  done
-}
-
 function release_lease {
   local ns="$1"
   local lease="$2"
@@ -145,7 +130,6 @@ function clean {
 
 wait_for_api
 signal_bootstrap_complete
-create_bmc_verify_ca_cm
 release_cvo_lease
 release_cpc_lease
 restore_cvo_overrides

pkg/asset/manifests/operators.go

@@ -85,6 +85,7 @@ func (m *Manifests) Dependencies() []asset.Asset {
 		&bootkube.MachineConfigServerCAConfigMap{},
 		&bootkube.MachineConfigServerTLSSecret{},
 		&bootkube.OpenshiftConfigSecretPullSecret{},
+		&tls.BMCVerifyCAConfigMap{},
 	}
 }
 
@@ -101,8 +102,9 @@ func (m *Manifests) Generate(_ context.Context, dependencies asset.Parents) erro
 	clusterCSIDriverConfig := &ClusterCSIDriverConfig{}
 	imageDigestMirrorSet := &ImageDigestMirrorSet{}
 	mcoCfgTemplate := &manifests.MCO{}
+	bmcVerifyCAConfigMap := &tls.BMCVerifyCAConfigMap{}
 
-	dependencies.Get(installConfig, ingress, dns, network, infra, proxy, scheduler, imageContentSourcePolicy, imageDigestMirrorSet, clusterCSIDriverConfig, mcoCfgTemplate)
+	dependencies.Get(installConfig, ingress, dns, network, infra, proxy, scheduler, imageContentSourcePolicy, imageDigestMirrorSet, clusterCSIDriverConfig, mcoCfgTemplate, bmcVerifyCAConfigMap)
 
 	redactedConfig, err := redactedInstallConfig(*installConfig.Config)
 	if err != nil {
@@ -140,6 +142,7 @@ func (m *Manifests) Generate(_ context.Context, dependencies asset.Parents) erro
 	m.FileList = append(m.FileList, imageContentSourcePolicy.Files()...)
 	m.FileList = append(m.FileList, clusterCSIDriverConfig.Files()...)
 	m.FileList = append(m.FileList, imageDigestMirrorSet.Files()...)
+	m.FileList = append(m.FileList, bmcVerifyCAConfigMap.Files()...)
 
 	asset.SortFiles(m.FileList)
 

pkg/asset/tls/bmcverifycaconfigmap.go

@@ -0,0 +1,99 @@
+package tls
+
+import (
+	"context"
+	"path"
+
+	"github.com/pkg/errors"
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"sigs.k8s.io/yaml"
+
+	"github.com/openshift/installer/pkg/asset"
+	"github.com/openshift/installer/pkg/asset/installconfig"
+	"github.com/openshift/installer/pkg/types/baremetal"
+)
+
+var (
+	bmcVerifyCAConfigMapFileName = path.Join("manifests", "bmc-verify-ca-configmap.yaml")
+)
+
+const (
+	bmcVerifyCAConfigMapName      = "bmc-verify-ca"
+	bmcVerifyCAConfigMapNamespace = "openshift-machine-api"
+	bmcVerifyCAConfigMapDataKey   = "verify_ca.crt"
+)
+
+// BMCVerifyCAConfigMap generates the bmc-verify-ca ConfigMap.
+type BMCVerifyCAConfigMap struct {
+	ConfigMap *corev1.ConfigMap
+	File      *asset.File
+}
+
+var _ asset.WritableAsset = (*BMCVerifyCAConfigMap)(nil)
+
+// Name returns a human friendly name for the asset.
+func (*BMCVerifyCAConfigMap) Name() string {
+	return "BMC Verify CA ConfigMap"
+}
+
+// Dependencies returns all of the dependencies directly needed to generate
+// the asset.
+func (*BMCVerifyCAConfigMap) Dependencies() []asset.Asset {
+	return []asset.Asset{
+		&installconfig.InstallConfig{},
+	}
+}
+
+// Generate generates the BMC Verify CA ConfigMap.
+func (bvc *BMCVerifyCAConfigMap) Generate(_ context.Context, dependencies asset.Parents) error {
+	installConfig := &installconfig.InstallConfig{}
+	dependencies.Get(installConfig)
+
+	// Only generate the ConfigMap for baremetal platform with BMCVerifyCA configured
+	if installConfig.Config.Platform.Name() != baremetal.Name {
+		return nil
+	}
+
+	if installConfig.Config.Platform.BareMetal == nil || installConfig.Config.Platform.BareMetal.BMCVerifyCA == "" {
+		return nil
+	}
+
+	cm := &corev1.ConfigMap{
+		TypeMeta: metav1.TypeMeta{
+			APIVersion: corev1.SchemeGroupVersion.String(),
+			Kind:       "ConfigMap",
+		},
+		ObjectMeta: metav1.ObjectMeta{
+			Namespace: bmcVerifyCAConfigMapNamespace,
+			Name:      bmcVerifyCAConfigMapName,
+		},
+		Data: map[string]string{
+			bmcVerifyCAConfigMapDataKey: installConfig.Config.Platform.BareMetal.BMCVerifyCA,
+		},
+	}
+
+	cmData, err := yaml.Marshal(cm)
+	if err != nil {
+		return errors.Wrapf(err, "failed to create %s manifest", bvc.Name())
+	}
+	bvc.ConfigMap = cm
+	bvc.File = &asset.File{
+		Filename: bmcVerifyCAConfigMapFileName,
+		Data:     cmData,
+	}
+	return nil
+}
+
+// Files returns the files generated by the asset.
+func (bvc *BMCVerifyCAConfigMap) Files() []*asset.File {
+	if bvc.File != nil {
+		return []*asset.File{bvc.File}
+	}
+	return []*asset.File{}
+}
+
+// Load loads the already-rendered files back from disk.
+func (bvc *BMCVerifyCAConfigMap) Load(f asset.FileFetcher) (bool, error) {
+	return false, nil
+}