Skip to content

WIP: feat: updates for 1.76.3, update PER DCs and update deprecated apis #546

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 20 commits into
base: main
Choose a base branch
from
Open

WIP: feat: updates for 1.76.3, update PER DCs and update deprecated apis #546

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
20 commits
Select commit Hold shift + click to select a range
0cb854d
feat: updates for 1.76.3, update PER DCs and update deprecated apis
prb112 Mar 20, 2025
3d5d2d2
build(deps): ibm/ocp4-upi-compute-powervs-ibmcloud is updated to IBM-…
prb112 Mar 26, 2025
acf8229
fix: network was improperly the private network and switched to the p…
prb112 Mar 28, 2025
1c7cd76
fix: add us-east to avoid branching for cloud_connections
prb112 Apr 8, 2025
ab66c43
fix: changed the default 9.9.9.9 to use 161.26.0.10; 161.26.0.11 as t…
prb112 May 14, 2025
2fbd79a
OpenShiftP-284: change to to account for the proper DNS setting
prb112 Jul 1, 2025
b845b47
OpenShiftP-284: change docs for ext_dns
prb112 Jul 1, 2025
0108f48
fix: account for codeload issues
prb112 Jul 8, 2025
ccd1386
fix: conflict between python-unversioned-command
prb112 Jul 9, 2025
0339343
fix: account for multiple dns_forwarders
prb112 Jul 10, 2025
60fa66b
fix: update to latest terraform v1.80.3
prb112 Jul 14, 2025
6e8b0fa
fix: update to latest terraform v1.80.4
prb112 Jul 15, 2025
52113bf
fix: account for different delimiters for different networks
prb112 Jul 19, 2025
93db56b
fix: dns format, need to fix ocp4-helpernode
prb112 Jul 21, 2025
92a00c8
fix: dns format, need to fix ocp4-helpernode
prb112 Jul 21, 2025
f7d46f6
fix: add delay when load balancers aren't yet ready
prb112 Aug 22, 2025
09f6a66
fix: adjust the api sync point
prb112 Sep 4, 2025
ba2de08
refactor: adjusted the escape of the shell
prb112 Sep 9, 2025
7961ea7
fix: override the default timezone to utc
prb112 Oct 10, 2025
043463a
fix: missed conditional for force utc
prb112 Oct 14, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,3 +12,4 @@ crash.*.log

# terraform lock files
.terraform.lock.hcl
.DS_Store
6 changes: 3 additions & 3 deletions modules/1_prepare/outputs.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,17 +42,17 @@ output "public_cidr" {

output "bastion_vip" {
depends_on = [null_resource.bastion_init]
value = local.bastion_count > 1 ? ibm_pi_network_port.bastion_vip[0].pi_network_port_ipaddress : ""
value = local.bastion_count > 1 ? ibm_pi_network_interface.bastion_vip[0].ip_address : ""
}

output "bastion_internal_vip" {
depends_on = [null_resource.bastion_init]
value = local.bastion_count > 1 ? ibm_pi_network_port.bastion_internal_vip[0].pi_network_port_ipaddress : ""
value = local.bastion_count > 1 ? ibm_pi_network_interface.bastion_internal_vip[0].ip_address : ""
}

output "bastion_external_vip" {
depends_on = [null_resource.bastion_init]
value = local.bastion_count > 1 ? ibm_pi_network_port.bastion_internal_vip[0].public_ip : ""
value = local.bastion_count > 1 ? ibm_pi_network_interface.bastion_internal_vip[0].ip_address : ""
Copy link
Contributor

@yussufsh yussufsh Mar 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This will be a problem in ssh command output, DNS host entries, wildcard DNS. Somehow can we get the public IP from network?

Copy link
Contributor Author

@prb112 prb112 Mar 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @yussufsh

I looked at the terraform-provider-ibm, it's unclear if this is the public IP address. Further looking into the api, it's not clear the API network, instance et cetra is suitable for returning the public ip (I anticipate they built it for VPC entry into the PowerVS workspace).

I'll have to experiment it a bit. I'll do that on Monday.

Thanks,

Paul

}

output "cloud_connection_name" {
Expand Down
33 changes: 26 additions & 7 deletions modules/1_prepare/prepare.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,10 +52,8 @@ locals {
bastion_storage_pool = local.project_bastion_image_pool == "" ? null : local.project_bastion_image_pool
}

# Copy image from catalog if not in the project and present in catalog
resource "ibm_pi_image" "bastion" {
count = length(local.project_bastion_image) == 0 && length(local.catalog_bastion_image) == 1 ? 1 : 0
pi_image_name = var.rhel_image_name
pi_image_id = local.catalog_bastion_image[0].image_id
pi_cloud_instance_id = var.service_instance_id
}
Expand Down Expand Up @@ -366,7 +364,7 @@ resource "null_resource" "bastion_packages" {

provisioner "remote-exec" {
inline = [
"#sudo yum update -y --skip-broken",
"sudo yum update -y --skip-broken",
"sudo yum install -y wget jq git net-tools vim python3 tar"
]
}
Expand Down Expand Up @@ -447,20 +445,41 @@ resource "null_resource" "rhel83_fix" {
}
}

resource "ibm_pi_network_port" "bastion_vip" {
resource "null_resource" "force_use_utc" {
count = var.force_utc ? local.bastion_count : 0
depends_on = [null_resource.rhel83_fix]

connection {
type = "ssh"
user = var.rhel_username
host = data.ibm_pi_instance_ip.bastion_public_ip[count.index].external_ip
private_key = var.private_key
agent = var.ssh_agent
timeout = "${var.connection_timeout}m"
}
provisioner "remote-exec" {
inline = [
"sudo timedatectl set-timezone UTC",
]
}
}

resource "ibm_pi_network_interface" "bastion_vip" {
Copy link
Contributor Author

@prb112 prb112 Mar 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ibm_pi_network_port was replaced with ibm_pi_network_interface

count = local.bastion_count > 1 ? 1 : 0
depends_on = [ibm_pi_instance.bastion]

pi_network_name = data.ibm_pi_network.network.pi_network_name
pi_cloud_instance_id = var.service_instance_id
pi_network_id = data.ibm_pi_network.network.id
pi_name = "bastion_vip"
}

resource "ibm_pi_network_port" "bastion_internal_vip" {
resource "ibm_pi_network_interface" "bastion_internal_vip" {
count = local.bastion_count > 1 ? 1 : 0
depends_on = [ibm_pi_instance.bastion]

pi_network_name = ibm_pi_network.public_network.pi_network_name
pi_cloud_instance_id = var.service_instance_id
pi_network_id = ibm_pi_network.public_network.id
pi_name = "bastion_internal_vip"
}

resource "ibm_pi_cloud_connection" "cloud_connection" {
Expand Down
1 change: 1 addition & 0 deletions modules/1_prepare/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -82,3 +82,4 @@ variable "proxy" {}
variable "fips_compliant" {}

variable "create_cloud_connection" {}
variable "force_utc" {}
2 changes: 1 addition & 1 deletion modules/1_prepare/versions.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ terraform {
required_providers {
ibm = {
source = "IBM-Cloud/ibm"
version = "1.60.0"
version = "1.80.4"
}
null = {
source = "hashicorp/null"
Expand Down
2 changes: 1 addition & 1 deletion modules/4_nodes/versions.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ terraform {
required_providers {
ibm = {
source = "IBM-Cloud/ibm"
version = "1.60.0"
version = "1.80.4"
}
ignition = {
source = "community-terraform-providers/ignition"
Expand Down
64 changes: 58 additions & 6 deletions modules/5_install/install.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,8 @@ locals {
isHA = var.bastion_vip != ""
bastion_master_ip = var.bastion_ip[0]
bastion_backup_ip = length(var.bastion_ip) > 1 ? slice(var.bastion_ip, 1, length(var.bastion_ip)) : []
forwarders = var.dns_forwarders
forwarder1 = split(";", var.dns_forwarders)[0]
forwarder2 = split(";", var.dns_forwarders)[1]
gateway_ip = var.setup_snat ? (var.bastion_vip != "" ? var.bastion_vip : var.bastion_ip[0]) : var.gateway_ip
netmask = cidrnetmask(var.cidr)
broadcast = cidrhost(var.cidr, -1)
Expand Down Expand Up @@ -88,8 +89,8 @@ locals {
# This variable is needed to be set if using ibmcloud services.
# Otherwise helpernode will fail to run on subsequent runs
# trying to start named and haproxy
# TODO: This is hardcoded to 9.9.9.9 to use external nameserver. Need to read from dns_forwarders.
ext_dns = var.use_ibm_cloud_services ? "9.9.9.9" : ""
# This is hardcoded to the IBM Cloud DNS.
ext_dns = var.use_ibm_cloud_services ? "161.26.0.10" : ""
fips = var.fips_compliant
}

Expand Down Expand Up @@ -221,7 +222,7 @@ resource "null_resource" "config" {
"mkdir -p .openshift",
"rm -rf ocp4-helpernode",
"echo 'Cloning into ocp4-helpernode...'",
"git clone ${var.helpernode_repo} --quiet",
"git clone ${var.helpernode_repo} --quiet || sleep 5s && git clone ${var.helpernode_repo} --quiet",
"cd ocp4-helpernode && git checkout ${var.helpernode_tag}"
]
}
Expand Down Expand Up @@ -379,7 +380,7 @@ resource "null_resource" "install_config" {
inline = [
"rm -rf ocp4-playbooks",
"echo 'Cloning into ocp4-playbooks...'",
"git clone ${var.install_playbook_repo} --quiet",
"git clone ${var.install_playbook_repo} --quiet || sleep 5s && git clone ${var.install_playbook_repo} --quiet",
"cd ocp4-playbooks && git checkout ${var.install_playbook_tag}"
]
}
Expand All @@ -399,9 +400,60 @@ resource "null_resource" "install_config" {
}
}

resource "null_resource" "pause_bootstrap_when_loadbalanced" {
count = var.use_ibm_cloud_services ? 1 : 0
depends_on = [null_resource.pre_install, null_resource.install_config]

connection {
type = "ssh"
user = var.rhel_username
host = var.bastion_public_ip[0]
private_key = var.private_key
agent = var.ssh_agent
timeout = "${var.connection_timeout}m"
}

provisioner "remote-exec" {
inline = [<<EOF
random_record=0
while true
do
sleep 30
dig +short "x$${random_record}.apps.${var.cluster_id}.${var.cluster_domain}"
if [ $? = 0 ]
then
break
fi
random_record=$((random_record + 1))
if [ $$random_record -gt 100 ]
then
echo "Failure to query the right hosts"
exit -1
fi
done
record=0
while true
do
sleep 30
dig +short "api.${var.cluster_id}.${var.cluster_domain}"
if [ $? = 0 ]
then
break
fi
record=$((record + 1))
if [ $$record -gt 100 ]
then
echo "Failure to query the right hosts"
exit -1
fi
done
EOF
]
}
}

resource "ibm_pi_instance_action" "bootstrap_start" {
depends_on = [null_resource.pre_install, null_resource.install_config]
depends_on = [null_resource.pre_install, null_resource.install_config, null_resource.pause_bootstrap_when_loadbalanced]
count = var.bootstrap_count == 0 ? 0 : 1

pi_cloud_instance_id = var.service_instance_id
Expand Down
5 changes: 4 additions & 1 deletion modules/5_install/templates/helpernode_vars.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,10 @@ high_availability:
dns:
domain: "${cluster_domain}"
clusterid: "${cluster_id}"
forwarder1: "${forwarders}"
forwarder1: "${forwarder1}"
%{ if forwarder2 != "" }
forwarder2: "${forwarder2}"
%{ endif }
dhcp:
router: "${gateway_ip}"
bcast: "${broadcast}"
Expand Down
2 changes: 1 addition & 1 deletion modules/5_install/versions.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ terraform {
}
ibm = {
source = "IBM-Cloud/ibm"
version = "1.60.0"
version = "1.80.4"
}

}
Expand Down
2 changes: 1 addition & 1 deletion modules/7_ibmcloud/versions.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ terraform {
required_providers {
ibm = {
source = "ibm-cloud/ibm"
version = "1.60.0"
version = "1.80.4"
}
}
required_version = ">= 1.2.0"
Expand Down
2 changes: 1 addition & 1 deletion modules/8_custom/versions.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ terraform {
required_providers {
ibm = {
source = "ibm-cloud/ibm"
version = "1.60.0"
version = "1.80.4"
}
}
required_version = ">= 1.2.0"
Expand Down
7 changes: 4 additions & 3 deletions ocp.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -71,17 +71,18 @@ module "prepare" {
proxy = var.proxy
fips_compliant = var.fips_compliant
create_cloud_connection = local.create_cloud_connection
force_utc = var.force_utc
}

data "ibm_pi_workspace" "workspace" {
pi_cloud_instance_id = var.service_instance_id
}

locals {
# PER doc reference: https://cloud.ibm.com/docs/power-iaas?topic=power-iaas-per
is_per = contains(["dal10", "dal12", "fra04", "fra05", "wdc06", "wdc07", "mad02", "mad04", "sao01", "sao04"], var.ibmcloud_zone)
# PER doc reference: https://cloud.ibm.com/docs/power-iaas?topic=power-iaas-per#dcs-per
is_per = contains(["dal10", "dal12", "dal13", "dal14", "fra04", "fra05", "lon04", "lon06", "mad02", "mad04", "osa21", "sao01", "sao04", "syd04", "syd05", "tok04", "tor01", "wdc04", "wdc06", "wdc07", "us-east"], var.ibmcloud_zone)
create_cloud_connection = var.use_ibm_cloud_services && var.ibm_cloud_connection_name == "" && !local.is_per
tgw_network = module.prepare.cloud_connection_name == "" ? data.ibm_pi_workspace.workspace.pi_workspace_details.crn : module.prepare.cloud_connection_name
tgw_network = module.prepare.cloud_connection_name == "" ? data.ibm_pi_workspace.workspace.pi_workspace_details[0].crn : module.prepare.cloud_connection_name
Copy link
Contributor Author

@prb112 prb112 Mar 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

pi_workspace_details is returned as a list, so we pick the first one.

}

module "nodes" {
Expand Down
12 changes: 10 additions & 2 deletions variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -720,12 +720,10 @@ variable "luks_name" {
default = "root"
}


################################################################
# KDUMP variables
################################################################


variable "kdump_enable" {
type = bool
description = "Set to true to enable the kdump on Cluster Nodes"
Expand Down Expand Up @@ -761,3 +759,13 @@ variable "kdump_crash_kernel_memory" {
description = "The crashkernel memory reservation for kdump occurs during the system boot"
default = "2G-4G:384M,4G-16G:512M,16G-64G:1G,64G-128G:2G,128G-:4G"
}

################################################################
# Overrides the default timezone in an image to use UTC
################################################################

variable "force_utc" {
type = bool
description = "Forces the bastion to use UTC"
default = false
}
2 changes: 1 addition & 1 deletion versions.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ terraform {
required_providers {
ibm = {
source = "ibm-cloud/ibm"
version = "1.60.0"
version = "1.80.4"
}
random = {
source = "hashicorp/random"
Expand Down