Step: openstack-conf-clouds

The ipi-conf-openstack-clouds ref configures the required cloud credentials and installs the required security certificates.

Container image used for this step: openstack-installer

openstack-installer resolves to an image built or imported by the ci-operator configuration (documentation).

Environment

In addition to the default environment, the step exposes the following:

Variable Name Type Variable Content
APPLICATION_CREDENTIALS Parameter[?] If this variable is not empty, the provided clouds.yaml will contain ephemeral application credentials.
APPLICATION_CREDENTIALS_EXPIRATION Parameter[?] When to set the expiration of the application credentials. Use a format that `date -d` would understand. This variable has no effect if APPLICATION_CREDENTIALS is empty. (default: 5 hours)
OS_CLOUD Parameter[?] Name of cloud to use from the clouds.yaml file (default: openstack)
CLUSTER_TYPE_OVERRIDE Parameter[?] This will override CLUSTER_TYPE in the `commands` file if set.

Source Code

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
#!/bin/bash

set -o nounset
set -o errexit
set -o pipefail

CLUSTER_TYPE="${CLUSTER_TYPE_OVERRIDE:-$CLUSTER_TYPE}"
export OS_CLIENT_CONFIG_FILE="${SHARED_DIR}/clouds.yaml"

cp "/var/run/cluster-secrets/${CLUSTER_TYPE}/clouds.yaml" "$OS_CLIENT_CONFIG_FILE"

if [[ ! -z $APPLICATION_CREDENTIALS ]]; then
	declare appcred_json clouds_yaml

	appcred_json="$(
		openstack application credential create \
			--expiration "$(date -d "$APPLICATION_CREDENTIALS_EXPIRATION" +%Y-%m-%dT%H:%M:%S)" \
			--description 'Generated by Prow.' \
			--format json --column id --column secret \
			"prow-$(date +'%s%N')"
	)"

	clouds_yaml="$(
		yq --yml-output ".
			| del(.clouds.\"${OS_CLOUD}\".auth.username)
			| del(.clouds.\"${OS_CLOUD}\".auth.password)
			| del(.clouds.\"${OS_CLOUD}\".auth.user_domain_name)
			| del(.clouds.\"${OS_CLOUD}\".auth.project_id)
			| del(.clouds.\"${OS_CLOUD}\".auth.project_name)
			| del(.clouds.\"${OS_CLOUD}\".auth.project_domain_name)
			| .clouds.\"${OS_CLOUD}\".auth_type=\"v3applicationcredential\"
			| .clouds.\"${OS_CLOUD}\".auth.application_credential_id=\"$(jq -r '.id' <<< $appcred_json)\"
			| .clouds.\"${OS_CLOUD}\".auth.application_credential_secret=\"$(jq -r '.secret' <<< $appcred_json)\"
			" "$OS_CLIENT_CONFIG_FILE"
	)"

	cat > "$OS_CLIENT_CONFIG_FILE" <<< $clouds_yaml
fi


if [ -f "/var/run/cluster-secrets/${CLUSTER_TYPE}/osp-ca.crt" ]; then
	cp "/var/run/cluster-secrets/${CLUSTER_TYPE}/osp-ca.crt" "${SHARED_DIR}/osp-ca.crt"
	sed -i "s+cacert: .*+cacert: ${SHARED_DIR}/osp-ca.crt+" "${SHARED_DIR}/clouds.yaml"
fi

if [ -f "/var/run/cluster-secrets/${CLUSTER_TYPE}/squid-credentials.txt" ]; then
	cp "/var/run/cluster-secrets/${CLUSTER_TYPE}/squid-credentials.txt" "${SHARED_DIR}/squid-credentials.txt"
fi

Properties

Property Value Description
Resource requests (cpu) 10m Used in .resources.requests of the pod running this step.
Resource requests (memory) 100Mi Used in .resources.requests of the pod running this step.

GitHub Link:

https://github.com/openshift/release/blob/master/ci-operator/step-registry/openstack/conf/clouds/openstack-conf-clouds-ref.yaml

Owners:

Approvers:

Reviewers:

Source code for this page located on GitHub