WIP

Signed-off-by: Lennart Jern <[email protected]>

Author: lentzi90

docs/user-guide/examples/bmo/kustomization.yaml

@@ -0,0 +1,9 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: baremetal-operator-system
+# This is the kustomization that we build on. You can download it and change
+# the URL to a relative path if you do not want to access it over the network.
+# Note that the ref=main specifies the version to use.
+# We use main here simply because the integration with IrSO is not included in a release yet.
+resources:
+- https://github.com/metal3-io/baremetal-operator/config/use-irso?ref=main

docs/user-guide/examples/image-server.sh

@@ -0,0 +1,17 @@
+#!/usr/bin/env bash
+
+mkdir disk-images
+
+pushd disk-images
+wget https://cloud-images.ubuntu.com/jammy/current/jammy-server-cloudimg-amd64.img
+wget https://cloud-images.ubuntu.com/jammy/current/SHA256SUMS
+sha256sum --ignore-missing -c SHA256SUMS
+wget https://cloud.centos.org/centos/9-stream/x86_64/images/CentOS-Stream-GenericCloud-9-latest.x86_64.qcow2
+wget https://cloud.centos.org/centos/9-stream/x86_64/images/CentOS-Stream-GenericCloud-9-latest.x86_64.qcow2.SHA256SUM
+sha256sum -c CentOS-Stream-GenericCloud-9-latest.x86_64.qcow2.SHA256SUM
+wget https://artifactory.nordix.org/artifactory/metal3/images/k8s_v1.33.0/CENTOS_9_NODE_IMAGE_K8S_v1.33.0.qcow2
+sha256sum CENTOS_9_NODE_IMAGE_K8S_v1.33.0.qcow2
+popd
+
+docker run --name image-server --rm -d -p 80:8080 \
+  -v "$(pwd)/disk-images:/usr/share/nginx/html" nginxinc/nginx-unprivileged

docs/user-guide/examples/ironic.yaml

@@ -0,0 +1,14 @@
+apiVersion: ironic.metal3.io/v1alpha1
+kind: Ironic
+metadata:
+  name: ironic
+  namespace: baremetal-operator-system
+spec:
+  networking:
+    dhcp:
+      rangeBegin: "192.168.222.100"
+      rangeEnd: "192.168.222.200"
+      networkCIDR: "192.168.222.0/24"
+    interface: "eth0"
+    ipAddress: "192.168.222.2"
+    ipAddressManager: "keepalived"

docs/user-guide/examples/kind.yaml

@@ -0,0 +1,16 @@
+apiVersion: kind.x-k8s.io/v1alpha4
+kind: Cluster
+nodes:
+- role: control-plane
+  # Open ports for Ironic
+  extraPortMappings:
+  # Ironic httpd
+  - containerPort: 6180
+    hostPort: 6180
+    listenAddress: "0.0.0.0"
+    protocol: TCP
+  # Ironic API
+  - containerPort: 6385
+    hostPort: 6385
+    listenAddress: "0.0.0.0"
+    protocol: TCP

docs/user-guide/examples/net.xml

@@ -0,0 +1,15 @@
+<network>
+  <name>baremetal-e2e</name>
+  <forward mode='nat'>
+    <nat>
+      <port start='1024' end='65535'/>
+    </nat>
+  </forward>
+  <bridge name='metal3'/>
+  <ip address='192.168.222.1' netmask='255.255.255.0'>
+    <dhcp>
+      <range start='192.168.222.3' end='192.168.222.99'/>
+      <bootp file='http://192.168.222.2:6180/boot.ipxe'/>
+    </dhcp>
+  </ip>
+</network>

docs/user-guide/examples/setup-bootstrap.sh

@@ -0,0 +1,102 @@
+#!/usr/bin/env bash
+
+kind create cluster --config kind.yaml
+
+kubectl apply -f https://github.com/cert-manager/cert-manager/releases/latest/download/cert-manager.yaml
+
+# Ensure that cert-manager is up and running
+echo "Waiting for cert-manager to be ready..."
+
+# Wait for cert-manager pods to be ready
+kubectl -n cert-manager wait --for=condition=Available deployment/cert-manager-webhook --timeout=300s
+
+# Create a test namespace for cert-manager readiness check
+kubectl create namespace cert-manager-test
+
+# Function to check cert-manager readiness with retries
+check_cert_manager_ready() {
+  local max_attempts=30
+  local attempt=1
+  local sleep_time=10
+
+  while [ $attempt -le $max_attempts ]; do
+    echo "Attempt $attempt/$max_attempts: Creating test Issuer and Certificate..."
+
+    # Create a self-signed Issuer
+    if kubectl apply -f - <<EOF
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: test-selfsigned
+  namespace: cert-manager-test
+spec:
+  selfSigned: {}
+EOF
+    then
+      echo "Issuer created successfully"
+
+      # Create a Certificate using the Issuer
+      if kubectl apply -f - <<EOF
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: test-certificate
+  namespace: cert-manager-test
+spec:
+  secretName: test-certificate-secret
+  isCA: false
+  dnsNames:
+  - test.example.com
+  issuerRef:
+    name: test-selfsigned
+    kind: Issuer
+EOF
+      then
+        echo "Certificate created successfully"
+
+        # Wait for the Certificate to become ready
+        if kubectl wait --for=condition=ready certificate/test-certificate -n cert-manager-test --timeout=60s 2>/dev/null; then
+          echo "cert-manager is ready!"
+          return 0
+        else
+          echo "Certificate not ready yet, will retry..."
+        fi
+      else
+        echo "Failed to create Certificate, webhook may not be ready yet..."
+      fi
+    else
+      echo "Failed to create Issuer, webhook may not be ready yet..."
+    fi
+
+    # Clean up before retry
+    kubectl delete certificate test-certificate -n cert-manager-test --ignore-not-found=true 2>/dev/null
+    kubectl delete issuer test-selfsigned -n cert-manager-test --ignore-not-found=true 2>/dev/null
+
+    attempt=$((attempt + 1))
+    if [ $attempt -le $max_attempts ]; then
+      echo "Waiting ${sleep_time}s before retry..."
+      sleep $sleep_time
+    fi
+  done
+
+  echo "ERROR: cert-manager did not become ready after $max_attempts attempts"
+  return 1
+}
+
+# Run the readiness check
+if check_cert_manager_ready; then
+  # Clean up test resources
+  kubectl delete namespace cert-manager-test
+else
+  # Clean up and exit with error
+  kubectl delete namespace cert-manager-test
+  exit 1
+fi
+
+
+kubectl apply -f https://github.com/metal3-io/ironic-standalone-operator/releases/latest/download/install.yaml
+
+kubectl create ns baremetal-operator-system
+
+kubectl apply -f ironic.yaml
+kubectl apply -k bmo

docs/user-guide/examples/setup-virtual-lab.sh

@@ -0,0 +1,29 @@
+#!/usr/bin/env bash
+
+# Define and start the baremetal-e2e network
+virsh -c qemu:///system net-define net.xml
+virsh -c qemu:///system net-start baremetal-e2e
+
+# Start the sushy-emulator container that acts as BMC
+docker run --name sushy-tools --rm --network host -d \
+  -v /var/run/libvirt:/var/run/libvirt \
+  -v "$(pwd)/sushy-tools.conf:/etc/sushy/sushy-emulator.conf" \
+  -e SUSHY_EMULATOR_CONFIG=/etc/sushy/sushy-emulator.conf \
+  quay.io/metal3-io/sushy-tools:latest sushy-emulator
+
+# Generate a VM definition xml file and then define the VM
+# use --ram=8192 for Scenario 2
+virt-install \
+  --connect qemu:///system \
+  --name bmh-vm-01 \
+  --description "Virtualized BareMetalHost" \
+  --osinfo=ubuntu-lts-latest \
+  --ram=4096 \
+  --vcpus=2 \
+  --disk size=25 \
+  --boot hd,network \
+  --import \
+  --network network=baremetal-e2e,mac="00:60:2f:31:81:01" \
+  --noautoconsole \
+  --print-xml > bmh-vm-01.xml
+virsh define bmh-vm-01.xml

docs/user-guide/examples/sushy-emulator.conf

@@ -0,0 +1,36 @@
+# Listen on the local IP address 192.168.222.1
+SUSHY_EMULATOR_LISTEN_IP = u'192.168.222.1'
+
+# Bind to TCP port 8000
+SUSHY_EMULATOR_LISTEN_PORT = 8000
+
+# Serve this SSL certificate to the clients
+SUSHY_EMULATOR_SSL_CERT = None
+
+# If SSL certificate is being served, this is its RSA private key
+SUSHY_EMULATOR_SSL_KEY = None
+
+# The OpenStack cloud ID to use. This option enables OpenStack driver.
+SUSHY_EMULATOR_OS_CLOUD = None
+# The libvirt URI to use. This option enables libvirt driver.
+SUSHY_EMULATOR_LIBVIRT_URI = u'qemu:///system'
+
+# Instruct the libvirt driver to ignore any instructions to
+# set the boot device. Allowing the UEFI firmware to instead
+# rely on the EFI Boot Manager
+# Note: This sets the legacy boot element to dev="fd"
+# and relies on the floppy not existing, it likely wont work
+# your VM has a floppy drive.
+SUSHY_EMULATOR_IGNORE_BOOT_DEVICE = False
+
+# The map of firmware loaders dependant on the boot mode and
+# system architecture. Ideally the x86_64 loader will be capable
+# of secure boot or not based on the chosen nvram.
+SUSHY_EMULATOR_BOOT_LOADER_MAP = {
+    u'UEFI': {
+        u'x86_64': u'/usr/share/OVMF/OVMF_CODE.secboot.fd'
+    },
+    u'Legacy': {
+        u'x86_64': None
+    }
+}