Cray-HPE · ravikanth-nalla-hpe · Jul 10, 2024 · Jul 10, 2024 · Jul 10, 2024 · Jul 30, 2024
@@ -7,6 +7,26 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [1.24.0] - 2024-08-03
+
+### Fixed
+
+- CASMPET-7175: iSCSI SBPS: radosgw-admin cmd fails with "auth: unable to find a keyring..."
+  part of s3fs mount for boot images (boot-images bucket)
+      - fixed CFS play to create s3 access/ secret key on master node followed by mounting
+        s3 boot images with this s3 key on worker nodes.
+
+## [1.23.0] - 2024-07-11
+
+### Fixed
+
+- CASMPET-7117: iSCSI SBPS: LIO provision and DNS records config fails when HSN is not configured
+  - fixed iSCSI LIO provisioning to exclude HSN portal config when HSN n/w is not configured
+  - fixed to avoid DNS "SRV" and "A" records creation for HSN when HSN is not configured
+
+- CASMPET-7126: iSCSI SBPS: k8s labelling fails when it is already applied
+  - fixed to avoid applying k8s label when it is already exist
+
 ## [1.22.0] - 2024-06-25
 
 ### Added
@@ -462,7 +482,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 - Ansible playbook for applying csm packages to Compute and Application nodes
 
-[Unreleased]: https://github.com/Cray-HPE/csm-config/compare/1.22.0...HEAD
+[Unreleased]: https://github.com/Cray-HPE/csm-config/compare/1.24.0...HEAD
+
+[1.24.0]: https://github.com/Cray-HPE/csm-config/compare/1.23.0...1.24.0
+
+[1.23.0]: https://github.com/Cray-HPE/csm-config/compare/1.22.0...1.23.0
 
 [1.22.0]: https://github.com/Cray-HPE/csm-config/compare/1.21.0...1.22.0
 

@@ -26,4 +26,7 @@
 LABEL="iscsi=sbps"
 HOST_NAME="$(awk '{print $1}' /etc/hostname)"
 
-kubectl label nodes $HOST_NAME $LABEL
+if [[ ! $(kubectl get nodes -l $LABEL | grep "$HOST_NAME") ]]
+then
+  kubectl label nodes "$HOST_NAME" $LABEL
+fi
@@ -33,49 +33,55 @@ nmn_srv_records=""
 hsn_a_records=""
 nmn_a_records=""
 
-system_name="$(cat /etc/environment | grep SYSTEM_NAME | awk -F= '{print $2;}')"
+eval "$(grep -e SITE_DOMAIN -e SYSTEM_NAME /etc/environment)"
 
-# - read each line from the file "/tmp/hsn_nmn_info.txt" passed on to this script
+# - read each line from the file /tmp/hsn_nmn_info.txt passed on to this script
 #   to fetch Host Name, HSN and NMN IP's for each worker node.
 #   line format is: <Host Name>:<HSN IP>:<NMN IP>
-# - then create DNS "SRV" and "A" records based on the above data
+# - then create DNS SRV and A records based on the above data
 while read -r line; do
-  ncn_worker_node=`echo "$line" | awk -F ":" '{print $1}'`
-  iscsi_server_id="id-$(echo $ncn_worker_node | awk -F "-" '{print $2}' | awk '{print substr($1,2);}')"
-  hsn_ip=`echo "$line" | awk -F ":" '{print $2}'`
-  nmn_ip=`echo "$line" | awk -F ":" '{print $3}'`
+  ncn_worker_node=$(echo "$line" | awk -F ":" '{print $1}')
+  iscsi_server_id="id-$(echo "$ncn_worker_node" | awk -F "-" '{print $2}' | awk '{print substr($1,2);}')"
 
-  hsn_srv_records="$hsn_srv_records{\"content\": \"1 0 3260 iscsi-server-"${iscsi_server_id}.hsn.${system_name}".hpc.amslabs.hpecorp.net.\",\"disabled\": false},"
-  nmn_srv_records="$nmn_srv_records{\"content\": \"1 0 3260 iscsi-server-"${iscsi_server_id}.nmn.${system_name}".hpc.amslabs.hpecorp.net.\",\"disabled\": false},"
-  hsn_a_records="$hsn_a_records{\"comments\": [], \"name\": \"iscsi-server-"${iscsi_server_id}.hsn.${system_name}".hpc.amslabs.hpecorp.net.\",\"changetype\":\"REPLACE\",\"records\":[{\"content\": \"${hsn_ip}\",\"disabled\": false}],\"ttl\": 3600,\"type\": \"A\"},"
-  nmn_a_records="$nmn_a_records{\"comments\": [], \"name\": \"iscsi-server-"${iscsi_server_id}.nmn.${system_name}".hpc.amslabs.hpecorp.net.\",\"changetype\":\"REPLACE\",\"records\":[{\"content\": \"${nmn_ip}\",\"disabled\": false}],\"ttl\": 3600,\"type\": \"A\"},"
-done
+  hsn_ip=$(echo "$line" | awk -F ":" '{print $2}') || true
+  nmn_ip=$(echo "$line" | awk -F ":" '{print $3}')
+
+  if [[ -n $hsn_ip ]]
+  then
+    hsn_srv_records="$hsn_srv_records{\"content\": \"1 0 3260 iscsi-server-"${iscsi_server_id}.hsn.${SYSTEM_NAME}.${SITE_DOMAIN}."\",\"disabled\": false},"
+
+    hsn_a_records="$hsn_a_records{\"comments\": [], \"name\": \"iscsi-server-"${iscsi_server_id}.hsn.${SYSTEM_NAME}.${SITE_DOMAIN}."\",\"changetype\":\"REPLACE\",\"records\":[{\"content\": \"${hsn_ip}\",\"disabled\": false}],\"ttl\": 3600,\"type\": \"A\"},"
+  fi
 
-hsn_srv_records=`echo "${hsn_srv_records%?}"`
-nmn_srv_records=`echo "${nmn_srv_records%?}"`
-hsn_a_records=`echo "${hsn_a_records%?}"`
-nmn_a_records=`echo "${nmn_a_records%?}"`
+  nmn_srv_records="$nmn_srv_records{\"content\": \"1 0 3260 iscsi-server-"${iscsi_server_id}.nmn.${SYSTEM_NAME}.${SITE_DOMAIN}."\",\"disabled\": false},"
+
+  nmn_a_records="$nmn_a_records{\"comments\": [], \"name\": \"iscsi-server-"${iscsi_server_id}.nmn.${SYSTEM_NAME}.${SITE_DOMAIN}."\",\"changetype\":\"REPLACE\",\"records\":[{\"content\": \"${nmn_ip}\",\"disabled\": false}],\"ttl\": 3600,\"type\": \"A\"},"
+done
 
+hsn_srv_records="${hsn_srv_records%?}"
+nmn_srv_records="${nmn_srv_records%?}"
+hsn_a_records="${hsn_a_records%?}"
+nmn_a_records="${nmn_a_records%?}"
 
 # PATCH (update) DNS "SRV" records for HSN and NMN for all the worker nodes
-curl -s -X PATCH -H "X-API-Key: ${PDNS_API_KEY}" "http://${PDNS_API}:8081/api/v1/servers/localhost/zones/${system_name}.hpc.amslabs.hpecorp.net" -d'
+curl -s -X PATCH -H "X-API-Key: ${PDNS_API_KEY}" "http://${PDNS_API}:8081/api/v1/servers/localhost/zones/${SYSTEM_NAME}.${SITE_DOMAIN}" -d'
 {
   "rrsets": [
     {
       "comments": [],
-      "name": "_sbps-hsn._tcp.'"${system_name}"'.hpc.amslabs.hpecorp.net.",
-      "changetype": "REPLACE",
-      "records": [
+      "name": "_sbps-hsn._tcp.'"${SYSTEM_NAME}"'.'"${SITE_DOMAIN}."',
+      "changetype":"REPLACE",
+      "records":[
         '"${hsn_srv_records}"'
       ],
       "ttl": 3600,
       "type": "SRV"
     },
     {
       "comments": [],
-      "name": "_sbps-nmn._tcp.'"${system_name}"'.hpc.amslabs.hpecorp.net.",
-      "changetype": "REPLACE",
-      "records": [
+      "name": "_sbps-nmn._tcp.'"${SYSTEM_NAME}"'.'"${SITE_DOMAIN}."',
+      "changetype":"REPLACE",
+      "records":[
         '"${nmn_srv_records}"'
       ],
       "ttl": 3600,
@@ -84,16 +90,19 @@ curl -s -X PATCH -H "X-API-Key: ${PDNS_API_KEY}" "http://${PDNS_API}:8081/api/v1
   ]
 }'
 
-# PATCH (update) DNS  "A" records for HSN for all the worker nodes
-curl -s -X PATCH -H "X-API-Key: ${PDNS_API_KEY}" "http://${PDNS_API}:8081/api/v1/servers/localhost/zones/hsn.${system_name}.hpc.amslabs.hpecorp.net" -d'
-{
-  "rrsets": [
-    '"${hsn_a_records}"'
-  ]
-}'
+if [[ -n $hsn_a_records ]]
+then
+  # PATCH (update) DNS  "A" records for HSN for all the worker nodes
+  curl -s -X PATCH -H "X-API-Key: ${PDNS_API_KEY}" "http://${PDNS_API}:8081/api/v1/servers/localhost/zones/hsn.${SYSTEM_NAME}.${SITE_DOMAIN}" -d'
+  {
+    "rrsets": [
+      '"${hsn_a_records}"'
+    ]
+  }'
+fi
 
 # PATCH (update) DNS  "A" records for NMN for all the worker nodes
-curl -s -X PATCH -H "X-API-Key: ${PDNS_API_KEY}" "http://${PDNS_API}:8081/api/v1/servers/localhost/zones/nmn.${system_name}.hpc.amslabs.hpecorp.net" -d'
+curl -s -X PATCH -H "X-API-Key: ${PDNS_API_KEY}" "http://${PDNS_API}:8081/api/v1/servers/localhost/zones/nmn.${SYSTEM_NAME}.${SITE_DOMAIN}" -d'
 {
   "rrsets": [
     '"${nmn_a_records}"'

@@ -27,8 +27,15 @@ set -euo pipefail
 
 # Get Host Name, HSN IP and NMN IP of worker node
 host_name="$(awk '{print $1}' /etc/hostname)"
-hsn_ip="$(ip addr | grep "hsn0$" | awk '{print $2;}' | awk -F\/ '{print $1;}')"
-nmn_ip="$(ip addr | grep "nmn0$" | awk '{print $2;}' | awk -F\/ '{print $1;}')"
+
+hsn_ip="$(ip addr | grep "hsn0$" | awk '{print $2;}')" || true
+
+if [[ -n $hsn_ip ]]
+then
+  hsn_ip="$(echo "$hsn_ip" | awk -F/ '{print $1;}')"
+fi
+
+nmn_ip="$(ip addr | grep "nmn0$" | awk '{print $2;}' | awk -F/ '{print $1;}')"
 
 # echo the details to stdout to be picked by next task in the playbook
 echo "$host_name:$hsn_ip:$nmn_ip"
@@ -39,18 +39,20 @@ function save_server_config()
 
 function add_server_target()
 {
-        TARGET_SERVER_IQN="${IQN_PREFIX}$1"
-        NMN_IP="$2"
-        HSN_IP="$3"
-        CMN_IP="$4"
+        TARGET_SERVER_IQN="${IQN_PREFIX}${HOST}"
         targetcli "/iscsi create $TARGET_SERVER_IQN" &> /dev/null
         targetcli "/iscsi/${TARGET_SERVER_IQN}/tpg1/portals delete ip_address=0.0.0.0 ip_port=3260" &> /dev/null
         targetcli "/iscsi/${TARGET_SERVER_IQN}/tpg1/portals create ${NMN_IP}" &> /dev/null
-        targetcli "/iscsi/${TARGET_SERVER_IQN}/tpg1/portals create ${HSN_IP}" &> /dev/null
+
+        if [[ -n $HSN_IP ]]
+        then
+          targetcli "/iscsi/${TARGET_SERVER_IQN}/tpg1/portals create ${HSN_IP}" &> /dev/null
+        fi
+
         targetcli "/iscsi/${TARGET_SERVER_IQN}/tpg1/portals create ${CMN_IP}" &> /dev/null
         targetcli "/iscsi/${TARGET_SERVER_IQN}/tpg1 set attribute demo_mode_write_protect=1" &> /dev/null
         targetcli "/iscsi/${TARGET_SERVER_IQN}/tpg1 set attribute prod_mode_write_protect=1" &> /dev/null
-        echo $TARGET_SERVER_IQN
+        echo "$TARGET_SERVER_IQN"
 }
 
 function auto_generate_node_acls()
@@ -63,18 +65,24 @@ function auto_generate_node_acls()
 # Base Target Configuration
 #--------------------------------------------------------------------
 
-NMN_IP="$(host -4 ${HOST}.nmn | awk '{print $NF;}')"
-HSN_IP="$(ip addr | grep "hsn0$" | awk '{print $2;}' | awk -F\/ '{print $1;}')"
-CMN_IP="$(host -4 ${HOST}.cmn | awk '{print $NF;}')"
+HSN_IP="$(ip addr | grep "hsn0$")" || true
+
+if [[ -n $HSN_IP ]]
+then
+  HSN_IP="$(echo "$HSN_IP" | awk '{print $2;}' | awk -F/ '{print $1;}')"
+fi
+
+NMN_IP="$(host -4 "${HOST}.nmn" | awk '{print $NF;}')"
+CMN_IP="$(host -4 "${HOST}.cmn" | awk '{print $NF;}')"
 
 service target stop
 service target start
 clear_server_config
-SERVER_IQN="$(add_server_target $HOST $NMN_IP $HSN_IP $CMN_IP)"
+SERVER_IQN="$(add_server_target)"
 
 #--------------------------------------------------------------------
 # Configure automatic intiator mappings when they attempt to connect
 #--------------------------------------------------------------------
 
-auto_generate_node_acls $SERVER_IQN
+auto_generate_node_acls "$SERVER_IQN"
 save_server_config
@@ -0,0 +1,34 @@
+#!/bin/bash
+#
+# MIT License
+#
+# (C) Copyright 2024 Hewlett Packard Enterprise Development LP
+#
+# Permission is hereby granted, free of charge, to any person obtaining a
+# copy of this software and associated documentation files (the "Software"),
+# to deal in the Software without restriction, including without limitation
+# the rights to use, copy, modify, merge, publish, distribute, sublicense,
+# and/or sell copies of the Software, and to permit persons to whom the
+# Software is furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included
+# in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+# THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR
+# OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
+# ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+# OTHER DEALINGS IN THE SOFTWARE.
+#
+
+set -euo pipefail
+
+# Generate s3 key with s3 access key id and secret key
+s3_user=ISCSI-SBPS
+s3_key=$(radosgw-admin user info --uid "${s3_user}" |jq -r '.keys[]|.access_key +":"+ .secret_key')
+
+# echo s3 key to stdout to be picked by next task in the playbook
+echo "$s3_key"
+
@@ -25,14 +25,14 @@
 
 set -euo pipefail
 
-s3_user=ISCSI-SBPS
+# Mount s3 boot images (boot-images bucket) with
+# new s3 user (ISCSI-SBPS) read only policy.
 s3_bucket=boot-images
 s3fs_mount_dir=/var/lib/cps-local/boot-images
 filename=.iscsi-sbps.s3fs
 passwd_file="${HOME}/${filename}"
 
-radosgw-admin user info --uid "${s3_user}" |jq -r '.keys[]|.access_key +":"+ .secret_key' > "${passwd_file}"
 chmod 600 "${passwd_file}"
-
 mkdir -pv "${s3fs_mount_dir}"
-s3fs "${s3_bucket}" "${s3fs_mount_dir}" -o "passwd_file=${passwd_file},url=http://rgw-vip.nmn,use_path_request_style"
+
+s3fs "${s3_bucket}" "${s3fs_mount_dir}" -o "passwd_file=${passwd_file},url=http://rgw-vip.nmn,use_path_request_style" -o nonempty
@@ -23,9 +23,27 @@
 #
 ---
 
-#  Clear LIO configuration and save 
-#  Set LIO IQN (and default TGT1)
-#  Delete LIO default portal
+#  mount s3 boot images (boot-images bucket)
+#  with new s3 user read only policy using new
+#  s3 access/ secret key.
+
+# Create s3 access/ secret key file for s3 user (ISCSI-SBPS) on master node
+- name: create_s3_acess_secret_key
+  script: "create_s3_acess_secret_key.sh"
+  register: create_s3_acess_secret_key
+  changed_when: create_s3_acess_secret_key.rc == 0
+  delegate_to: localhost
+
+# Create/ update s3 key file (with s3 access key id + s3 secret key) on each worker node
+- name: Update s3 key file on each worker node
+  lineinfile:
+    path: "/root/.iscsi-sbps.s3fs"
+    line: "{{ create_s3_acess_secret_key.stdout | trim }}"
+    state: present
+    create: yes
+
+# mount s3 boot images (boot-images bucket) with
+# new s3 user read only policy on worker nodes
 - name: mount_s3_boot_images
   script: "mount_s3_boot_images.sh"
   register: mount_s3_boot_images