github.com/openshift/installer@v1.4.17/docs/user/agent/add-node/node-joiner.sh (about) 1 #!/bin/bash 2 3 set -eu 4 5 # Config file 6 nodesConfigFile=${1:-"nodes-config.yaml"} 7 if [ ! -f "$nodesConfigFile" ]; then 8 echo "Cannot find the config file $nodesConfigFile" 9 exit 1 10 fi 11 12 # Setup a cleanup function to ensure to remove the temporary 13 # file when the script will be completed. 14 cleanup() { 15 if [ -f "$pullSecretFile" ]; then 16 echo "Removing temporary file $pullSecretFile" 17 rm "$pullSecretFile" 18 fi 19 } 20 trap cleanup EXIT TERM 21 22 # Retrieve the pullsecret and store it in a temporary file. 23 pullSecretFile=$(mktemp -p "/tmp" -t "nodejoiner-XXXXXXXXXX") 24 oc get secret -n openshift-config pull-secret -o jsonpath='{.data.\.dockerconfigjson}' | base64 -d > "$pullSecretFile" 25 26 # Extract the baremetal-installer image pullspec from the current cluster. 27 nodeJoinerPullspec=$(oc adm release info --image-for=baremetal-installer --registry-config="$pullSecretFile") 28 29 # Use the same random temp file suffix for the namespace. 30 namespace=$(echo "openshift-node-joiner-${pullSecretFile#/tmp/nodejoiner-}" | tr '[:upper:]' '[:lower:]') 31 32 # Create the namespace to run the node-joiner, along with the required roles and bindings. 33 staticResources=$(cat <<EOF 34 apiVersion: v1 35 kind: Namespace 36 metadata: 37 name: ${namespace} 38 --- 39 apiVersion: v1 40 kind: ServiceAccount 41 metadata: 42 name: node-joiner 43 namespace: ${namespace} 44 --- 45 apiVersion: rbac.authorization.k8s.io/v1 46 kind: ClusterRole 47 metadata: 48 name: node-joiner 49 rules: 50 - apiGroups: 51 - config.openshift.io 52 resources: 53 - clusterversions 54 - proxies 55 verbs: 56 - get 57 - apiGroups: 58 - "" 59 resources: 60 - secrets 61 - configmaps 62 - nodes 63 verbs: 64 - get 65 - list 66 --- 67 apiVersion: rbac.authorization.k8s.io/v1 68 kind: ClusterRoleBinding 69 metadata: 70 name: node-joiner 71 subjects: 72 - kind: ServiceAccount 73 name: node-joiner 74 namespace: ${namespace} 75 roleRef: 76 kind: ClusterRole 77 name: node-joiner 78 apiGroup: rbac.authorization.k8s.io 79 EOF 80 ) 81 echo "$staticResources" | oc apply -f - 82 83 # Generate a configMap to store the user configuration 84 oc create configmap nodes-config --from-file=nodes-config.yaml="${nodesConfigFile}" -n "${namespace}" -o yaml --dry-run=client | oc apply -f - 85 86 # Run the node-joiner pod to generate the ISO 87 nodeJoinerPod=$(cat <<EOF 88 apiVersion: v1 89 kind: Pod 90 metadata: 91 name: node-joiner 92 namespace: ${namespace} 93 annotations: 94 openshift.io/scc: anyuid 95 labels: 96 app: node-joiner 97 spec: 98 restartPolicy: Never 99 serviceAccountName: node-joiner 100 securityContext: 101 seccompProfile: 102 type: RuntimeDefault 103 containers: 104 - name: node-joiner 105 imagePullPolicy: IfNotPresent 106 image: $nodeJoinerPullspec 107 volumeMounts: 108 - name: nodes-config 109 mountPath: /config 110 - name: assets 111 mountPath: /assets 112 command: ["/bin/sh", "-c", "cp /config/nodes-config.yaml /assets; HOME=/assets node-joiner add-nodes --dir=/assets --log-level=debug; sleep 600"] 113 volumes: 114 - name: nodes-config 115 configMap: 116 name: nodes-config 117 namespace: ${namespace} 118 - name: assets 119 emptyDir: 120 sizeLimit: "4Gi" 121 EOF 122 ) 123 echo "$nodeJoinerPod" | oc apply -f - 124 125 while true; do 126 if oc exec node-joiner -n "${namespace}" -- test -e /assets/exit_code >/dev/null 2>&1; then 127 break 128 else 129 echo "Waiting for node-joiner pod to complete..." 130 sleep 10s 131 fi 132 done 133 134 res=$(oc exec node-joiner -n "${namespace}" -- cat /assets/exit_code) 135 if [ "$res" = 0 ]; then 136 echo "node-joiner successfully completed, extracting ISO image..." 137 oc cp -n "${namespace}" node-joiner:/assets/node.x86_64.iso node.x86_64.iso 138 else 139 oc logs node-joiner -n "${namespace}" 140 echo "node-joiner failed" 141 fi 142 143 echo "Cleaning up" 144 oc delete namespace "${namespace}" --grace-period=0 >/dev/null 2>&1 &