Skip to content

Ocpedge 2217 add fencing hostconfig #10071

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 13 commits into
base: main
Choose a base branch
from
Draft

Ocpedge 2217 add fencing hostconfig #10071

wants to merge 13 commits into from
+523 −3

Conversation

@fonta-rh
Copy link

@fonta-rh fonta-rh commented Nov 11, 2025

No description provided.

fonta-rh added 11 commits November 7, 2025 17:26
@fonta-rh
Update installer verification and tests to only allow URLs with redfi…
f956b26 
…sh on them for Two Nodes with Fencing topology
@fonta-rh
Update validation check for redfish
1e295dc
@fonta-rh
Update fencing address validation to include port
a96d179
@fonta-rh
Update variable name
630f00c
@fonta-rh
Remove controlPlane.fencing test changes - not needed for ABI hostcon…
5a6c7e1 
…fig work
@fonta-rh
Extract shared validateRedfishURL() function for reuse
5879eda 
This function can now be used for both:
- controlPlane.fencing.credentials validation (install-config)
- platform.baremetal.hosts[].bmc validation (agent hostconfig generation)
@fonta-rh
Add fencing-credentials.yaml generation for agent hosts
ada56bf 
- Add generateFencingCredentialsYAML() helper to convert BMC to YAML
- Extend HostConfigFiles() to generate fencing-credentials.yaml per host
- Convert BMC.DisableCertificateVerification (bool) to certificateVerification (string)
- Only generate file if BMC address is configured
@fonta-rh
Add comprehensive unit tests for fencing credentials generation
0ab89fc 
Tests cover:
- generateFencingCredentialsYAML() with various BMC configurations
- Certificate verification enabled/disabled conversion
- HostConfigFiles() with BMC configured hosts
- HostConfigFiles() without BMC (worker nodes)
- Multiple hosts with mixed BMC configurations
@fonta-rh
Update test credential helpers to use RedFish addresses
e302fa0 
The validation now correctly rejects IPMI addresses and only accepts
RedFish-compatible BMC addresses. Updated c1(), c2(), c3() test
helpers to use redfish+https:// scheme instead of ipmi://
@fonta-rh
Add BMC address validation for TNF clusters
0ba2ec1 
Validates that baremetal host BMC addresses are RedFish-compatible
for Two-Node Fencing (TNF) clusters. This ensures both sources of
fencing credentials are validated:

1. controlPlane.fencing.credentials[] - for cluster-etcd-operator
2. platform.baremetal.hosts[].bmc - for host provisioning and ABI

The validation only applies to TNF clusters (2 control plane replicas
with fencing enabled) and only validates master/control plane nodes.

Added comprehensive tests covering:
- Valid RedFish BMC addresses
- Invalid IPMI addresses (should fail)
- Non-TNF clusters (should not validate)
- Worker nodes (can use IPMI)
@fonta-rh
Remove controlPlane.fencing.credentials validation - focus only on ba…
08f6975 
…remetal.hosts[].bmc

This PR focuses exclusively on validating baremetal.hosts[].bmc addresses
for TNF (Two-Node Fencing) clusters. Validation of controlPlane.fencing.credentials
will be handled in a separate PR.

Changes:
- Remove validateRedfishURL() and validateFencingCredentialAddress() from installconfig.go
- Remove call to validateFencingCredentialAddress() in validateFencingCredentials()
- Keep all baremetal BMC validation in pkg/types/baremetal/validation/platform.go

The baremetal validation package has its own validateBMCAddressForFencing()
implementation to avoid import cycles.
@openshift-ci openshift-ci bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Nov 11, 2025
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Nov 11, 2025

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@fonta-rh
Add shared ValidateRedfishBMCAddress function for BMC validation
75844bb 
Move RedFish BMC address validation to pkg/types/common to be shared between:
- controlPlane.fencing.credentials validation (future use)
- platform.baremetal.hosts[].bmc validation (for TNF clusters)

This avoids import cycles and provides a single source of truth for RedFish
BMC address validation, including:
- URL format validation
- RedFish protocol requirement (IPMI not supported)
- Port validation (explicit or inferred from https/http scheme)

Updated baremetal validation to use the shared function instead of a local
implementation, ensuring consistent validation across the codebase.
@fonta-rh
Merge branch 'openshift:main' into OCPEDGE-2217-add-fencing-hostconfig
24a06e1
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Nov 26, 2025

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign rvanderp3 for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@fonta-rh