F #-: Update OneKE, use new VR and service scripts (#43)

* Starting RKE2 "manually" (after the DNS server is set)
* fixes DNS-related issues in Cilium.
* VR: Apply "packer fmt"
* Bring back OneKE from "legacy" (rename)
* Update OneKE, use new VR and service scripts
* OneKE: Drop vnf-restore / rely on one-context (fix)

Author: sk4zuzu

…liances/legacy/OneKE/appliance/calico.rb appliances/OneKE/calico.rbappliances/legacy/OneKE/appliance/calico.rb renamed to appliances/OneKE/calico.rb appliances/legacy/OneKE/appliance/calico.rb renamed to appliances/OneKE/calico.rb

@@ -7,7 +7,7 @@
 require_relative 'config.rb'
 require_relative 'helpers.rb'
 
-def configure_cilium(manifest_dir = K8S_MANIFEST_DIR, endpoint = K8S_CONTROL_PLANE_EP)
+def configure_cilium(manifest_dir = K8S_MANIFEST_DIR, endpoint = ONEAPP_K8S_CONTROL_PLANE_EP)
     msg :info, 'Configure Cilium'
 
     ep = URI.parse "https://#{endpoint}"
@@ -64,7 +64,7 @@ def extract_cilium_ranges(ranges = ONEAPP_K8S_CILIUM_RANGES)
     ranges.compact
           .map(&:strip)
           .reject(&:empty?)
-          .map { |item| item.split('/').map(&:strip) }
+          .map { |item| item.split(%[/]).map(&:strip) }
           .reject { |item| item.length > 2 }
           .reject { |item| item.map(&:empty?).any? }
           .reject { |item| !(ipv4?(item.first) && integer?(item.last)) }

…pliances/legacy/OneKE/appliance/canal.rb appliances/OneKE/canal.rbappliances/legacy/OneKE/appliance/canal.rb renamed to appliances/OneKE/canal.rb appliances/legacy/OneKE/appliance/canal.rb renamed to appliances/OneKE/canal.rb

@@ -5,6 +5,7 @@
 require 'tmpdir'
 require 'yaml'
 
+require_relative 'helpers.rb'
 require_relative 'cilium.rb'
 
 RSpec.describe 'extract_cilium_ranges' do
@@ -35,7 +36,7 @@
 
 RSpec.describe 'configure_cilium' do
     it 'should apply user-defined ranges (empty)' do
-        stub_const 'K8S_CONTROL_PLANE_EP', '192.168.150.86:6443'
+        stub_const 'ONEAPP_K8S_CONTROL_PLANE_EP', '192.168.150.86:6443'
         stub_const 'ONEAPP_K8S_CNI_PLUGIN', 'cilium'
         stub_const 'ONEAPP_K8S_CNI_CONFIG', nil
         stub_const 'ONEAPP_K8S_CILIUM_RANGES', []
@@ -73,7 +74,7 @@
     end
 
     it 'should apply user-defined ranges' do
-        stub_const 'K8S_CONTROL_PLANE_EP', '192.168.150.86:6443'
+        stub_const 'ONEAPP_K8S_CONTROL_PLANE_EP', '192.168.150.86:6443'
         stub_const 'ONEAPP_K8S_CNI_PLUGIN', 'cilium'
         stub_const 'ONEAPP_K8S_CILIUM_RANGES', ['192.168.150.128/25', '10.11.12.0/24']
         output = YAML.load_stream <<~MANIFEST

…liances/legacy/OneKE/appliance/cilium.rb appliances/OneKE/cilium.rbappliances/legacy/OneKE/appliance/cilium.rb renamed to appliances/OneKE/cilium.rb appliances/legacy/OneKE/appliance/cilium.rb renamed to appliances/OneKE/cilium.rb

@@ -41,7 +41,7 @@ def fetch_cleaner(addon_dir = ONE_ADDON_DIR, cron = '*/2 * * * *', ttl = 180)
                 imagePullPolicy: IfNotPresent
                 command:
                 - /usr/local/bin/ruby
-                - /etc/one-appliance/service.d/appliance/cleaner.rb
+                - /etc/one-appliance/service.d/OneKE/cleaner.rb
                 volumeMounts:
                 - name: kubectl
                   mountPath: /var/lib/rancher/rke2/bin/kubectl
@@ -53,8 +53,10 @@ def fetch_cleaner(addon_dir = ONE_ADDON_DIR, cron = '*/2 * * * *', ttl = 180)
                   mountPath: /usr/bin/onegate
                 - name: onegaterb
                   mountPath: /usr/bin/onegate.rb
+                - name: lib
+                  mountPath: /etc/one-appliance/lib/
                 - name: appliance
-                  mountPath: /etc/one-appliance/service.d/appliance/
+                  mountPath: /etc/one-appliance/service.d/OneKE/
               volumes:
               - name: kubectl
                 hostPath:
@@ -76,9 +78,13 @@ def fetch_cleaner(addon_dir = ONE_ADDON_DIR, cron = '*/2 * * * *', ttl = 180)
                 hostPath:
                   path: /usr/bin/onegate.rb
                   type: File
+              - name: lib
+                hostPath:
+                  path: /etc/one-appliance/lib/
+                  type: Directory
               - name: appliance
                 hostPath:
-                  path: /etc/one-appliance/service.d/appliance/
+                  path: /etc/one-appliance/service.d/OneKE/
                   type: Directory
               restartPolicy: Never
     MANIFEST

…es/legacy/OneKE/appliance/cilium_spec.rb appliances/OneKE/cilium_spec.rbappliances/legacy/OneKE/appliance/cilium_spec.rb renamed to appliances/OneKE/cilium_spec.rb appliances/legacy/OneKE/appliance/cilium_spec.rb renamed to appliances/OneKE/cilium_spec.rb

@@ -3,6 +3,7 @@
 require 'json'
 require 'rspec'
 
+require_relative 'helpers.rb'
 require_relative 'cleaner.rb'
 
 RSpec.describe 'detect_invalid_nodes' do

…iances/legacy/OneKE/appliance/cleaner.rb appliances/OneKE/cleaner.rbappliances/legacy/OneKE/appliance/cleaner.rb renamed to appliances/OneKE/cleaner.rb appliances/legacy/OneKE/appliance/cleaner.rb renamed to appliances/OneKE/cleaner.rb

@@ -1,10 +1,9 @@
 # frozen_string_literal: true
 
-def env(name, default)
-    value = ENV.fetch name.to_s, ''
-    value = value.empty? ? default : value
-    value = %w[YES 1].include?(value.upcase) if default.instance_of?(String) && %w[YES NO].include?(default.upcase)
-    value
+begin
+    require '/etc/one-appliance/lib/helpers.rb'
+rescue LoadError
+    require_relative '../lib/helpers.rb'
 end
 
 ONE_SERVICE_VERSION   = env :ONE_SERVICE_VERSION, '1.27'
@@ -20,39 +19,47 @@ def env(name, default)
 
 ONEAPP_K8S_CNI_PLUGIN    = env :ONEAPP_K8S_CNI_PLUGIN, 'cilium'
 ONEAPP_K8S_CNI_CONFIG    = env :ONEAPP_K8S_CNI_CONFIG, nil
-ONEAPP_K8S_CILIUM_RANGES = ENV.select { |key, _| key.start_with? 'ONEAPP_K8S_CILIUM_RANGE' }.values.freeze
+ONEAPP_K8S_CILIUM_RANGES = ENV.select { |key, _| key.start_with? 'ONEAPP_K8S_CILIUM_RANGE' } .values
 
 ONEAPP_K8S_LONGHORN_CHART_VERSION = env :ONEAPP_K8S_LONGHORN_CHART_VERSION, '1.4.1'
 ONEAPP_K8S_LONGHORN_ENABLED       = env :ONEAPP_K8S_LONGHORN_ENABLED, 'NO'
 
+ONEAPP_STORAGE_DEVICE     = env :ONEAPP_STORAGE_DEVICE, nil # for example '/dev/vdb'
+ONEAPP_STORAGE_FILESYSTEM = env :ONEAPP_STORAGE_FILESYSTEM, 'xfs'
+ONEAPP_STORAGE_MOUNTPOINT = env :ONEAPP_STORAGE_MOUNTPOINT, '/var/lib/longhorn'
+
 ONEAPP_K8S_METALLB_CHART_VERSION = env :ONEAPP_K8S_METALLB_CHART_VERSION, '0.13.9'
 ONEAPP_K8S_METALLB_ENABLED       = env :ONEAPP_K8S_METALLB_ENABLED, 'NO'
 ONEAPP_K8S_METALLB_CONFIG        = env :ONEAPP_K8S_METALLB_CONFIG, nil
-ONEAPP_K8S_METALLB_RANGES        = ENV.select { |key, _| key.start_with? 'ONEAPP_K8S_METALLB_RANGE' }.values.freeze
+ONEAPP_K8S_METALLB_RANGES        = ENV.select { |key, _| key.start_with? 'ONEAPP_K8S_METALLB_RANGE' } .values
 
 ONEAPP_K8S_TRAEFIK_CHART_VERSION = env :ONEAPP_K8S_TRAEFIK_CHART_VERSION, '23.0.0'
 ONEAPP_K8S_TRAEFIK_ENABLED       = env :ONEAPP_K8S_TRAEFIK_ENABLED, 'NO'
 
-ONEAPP_VROUTER_ETH0_VIP0    = env :ONEAPP_VROUTER_ETH0_VIP0, nil
-ONEAPP_VROUTER_ETH1_VIP0    = env :ONEAPP_VROUTER_ETH1_VIP0, nil
+ONEAPP_VROUTER_ETH0_VIP0 = env :ONEAPP_VROUTER_ETH0_VIP0, nil
+ONEAPP_VROUTER_ETH1_VIP0 = env :ONEAPP_VROUTER_ETH1_VIP0, nil
+
+ONEAPP_VNF_HAPROXY_LB0_IP   = env :ONEAPP_VNF_HAPROXY_LB0_IP, ONEAPP_VROUTER_ETH0_VIP0
+ONEAPP_VNF_HAPROXY_LB0_PORT = env :ONEAPP_VNF_HAPROXY_LB0_PORT, '9345'
+ONEAPP_VNF_HAPROXY_LB1_IP   = env :ONEAPP_VNF_HAPROXY_LB1_IP, ONEAPP_VROUTER_ETH0_VIP0
+ONEAPP_VNF_HAPROXY_LB1_PORT = env :ONEAPP_VNF_HAPROXY_LB1_PORT, '6443'
+ONEAPP_VNF_HAPROXY_LB2_IP   = env :ONEAPP_VNF_HAPROXY_LB2_IP, ONEAPP_VROUTER_ETH0_VIP0
 ONEAPP_VNF_HAPROXY_LB2_PORT = env :ONEAPP_VNF_HAPROXY_LB2_PORT, '443'
+ONEAPP_VNF_HAPROXY_LB3_IP   = env :ONEAPP_VNF_HAPROXY_LB3_IP, ONEAPP_VROUTER_ETH0_VIP0
 ONEAPP_VNF_HAPROXY_LB3_PORT = env :ONEAPP_VNF_HAPROXY_LB3_PORT, '80'
 
-ONEAPP_K8S_EXTRA_SANS = env :ONEAPP_K8S_EXTRA_SANS, 'localhost,127.0.0.1'
+ONEAPP_VNF_DNS_ENABLED = env :ONEAPP_VNF_DNS_ENABLED, 'YES'
 
-ONEAPP_STORAGE_DEVICE     = env :ONEAPP_STORAGE_DEVICE, nil # for example '/dev/vdb'
-ONEAPP_STORAGE_FILESYSTEM = env :ONEAPP_STORAGE_FILESYSTEM, 'xfs'
-ONEAPP_STORAGE_MOUNTPOINT = env :ONEAPP_STORAGE_MOUNTPOINT, '/var/lib/longhorn'
+ONEAPP_RKE2_SUPERVISOR_EP   = env :ONEAPP_RKE2_SUPERVISOR_EP, "#{ONEAPP_VROUTER_ETH0_VIP0}:#{ONEAPP_VNF_HAPROXY_LB0_PORT}"
+ONEAPP_K8S_CONTROL_PLANE_EP = env :ONEAPP_K8S_CONTROL_PLANE_EP, "#{ONEAPP_VROUTER_ETH0_VIP0}:#{ONEAPP_VNF_HAPROXY_LB1_PORT}"
+ONEAPP_K8S_EXTRA_SANS       = env :ONEAPP_K8S_EXTRA_SANS, 'localhost,127.0.0.1'
 
 ONE_ADDON_DIR  = env :ONE_ADDON_DIR, "#{ONE_SERVICE_SETUP_DIR}/addons"
 ONE_AIRGAP_DIR = env :ONE_AIRGAP_DIR, "#{ONE_SERVICE_SETUP_DIR}/airgap"
 
 K8S_MANIFEST_DIR = env :K8S_MANIFEST_DIR, '/var/lib/rancher/rke2/server/manifests'
 K8S_IMAGE_DIR    = env :K8S_IMAGE_DIR, '/var/lib/rancher/rke2/agent/images'
 
-K8S_SUPERVISOR_EP    = "#{ONEAPP_VROUTER_ETH0_VIP0}:9345"
-K8S_CONTROL_PLANE_EP = "#{ONEAPP_VROUTER_ETH0_VIP0}:6443"
-
 RETRIES = 86
 SECONDS = 5
 

…s/legacy/OneKE/appliance/cleaner_spec.rb appliances/OneKE/cleaner_spec.rbappliances/legacy/OneKE/appliance/cleaner_spec.rb renamed to appliances/OneKE/cleaner_spec.rb appliances/legacy/OneKE/appliance/cleaner_spec.rb renamed to appliances/OneKE/cleaner_spec.rb

@@ -1,67 +1,17 @@
 # frozen_string_literal: true
 
 require 'base64'
-require 'date'
 require 'fileutils'
 require 'json'
-require 'ipaddr'
-require 'logger'
 require 'net/http'
-require 'open3'
-require 'socket'
 require 'tempfile'
 require 'uri'
 require 'yaml'
 
-LOGGER_STDOUT = Logger.new(STDOUT)
-LOGGER_STDERR = Logger.new(STDERR)
-
-LOGGERS = {
-    info:  LOGGER_STDOUT.method(:info),
-    debug: LOGGER_STDERR.method(:debug),
-    warn:  LOGGER_STDERR.method(:warn),
-    error: LOGGER_STDERR.method(:error)
-}.freeze
-
-def msg(level, string)
-    LOGGERS[level].call string
-end
-
-def slurp(path)
-    Base64.encode64(File.read(path)).lines.map(&:strip).join
-end
-
-def file(path, content, mode: 'u=rw,go=r', overwrite: false)
-    return if !overwrite && File.exist?(path)
-
-    FileUtils.mkdir_p File.dirname path
-
-    File.write path, content
-
-    FileUtils.chmod mode, path
-end
-
-def bash(script, chomp: false, terminate: true)
-    command = 'exec /bin/bash --login -s'
-
-    stdin_data = <<~SCRIPT
-    export DEBIAN_FRONTEND=noninteractive
-    set -o errexit -o nounset -o pipefail
-    set -x
-    #{script}
-    SCRIPT
-
-    stdout, stderr, status = Open3.capture3 command, stdin_data: stdin_data
-    unless status.exitstatus.zero?
-        error_message = "#{status.exitstatus}: #{stderr}"
-        msg :error, error_message
-
-        raise error_message unless terminate
-
-        exit status.exitstatus
-    end
-
-    chomp ? stdout.chomp : stdout
+begin
+    require '/etc/one-appliance/lib/helpers.rb'
+rescue LoadError
+    require_relative '../lib/helpers.rb'
 end
 
 def kubectl(arguments, namespace: nil, kubeconfig: KUBECONFIG)
@@ -135,10 +85,10 @@ def extract_images(manifest)
         end
 
         containers = []
-        containers += document.dig('spec', 'template', 'spec', 'containers') || []
-        containers += document.dig('spec', 'template', 'spec', 'initContainers') || []
-        containers += document.dig('spec', 'jobTemplate', 'spec', 'template', 'spec', 'containers') || []
-        containers += document.dig('spec', 'jobTemplate', 'spec', 'template', 'spec', 'initContainers') || []
+        containers += document.dig('spec', 'template', 'spec', 'containers').to_a
+        containers += document.dig('spec', 'template', 'spec', 'initContainers').to_a
+        containers += document.dig('spec', 'jobTemplate', 'spec', 'template', 'spec', 'containers').to_a
+        containers += document.dig('spec', 'jobTemplate', 'spec', 'template', 'spec', 'initContainers').to_a
 
         images += containers.map { |container| container.dig 'image' }
     end
@@ -193,30 +143,6 @@ def install_packages(packages, hold: false)
     SCRIPT
 end
 
-def ipv4?(string)
-    string.is_a?(String) && IPAddr.new(string) ? true : false
-rescue IPAddr::InvalidAddressError
-    false
-end
-
-def integer?(string)
-    Integer(string) ? true : false
-rescue ArgumentError
-    false
-end
-
-alias port? integer?
-
-def tcp_port_open?(ipv4, port, seconds = 5)
-    # > If a block is given, the block is called with the socket.
-    # > The value of the block is returned.
-    # > The socket is closed when this method returns.
-    Socket.tcp(ipv4, port, connect_timeout: seconds) {}
-    true
-rescue Errno::ECONNREFUSED, Errno::ECONNRESET, Errno::EHOSTUNREACH, Errno::ETIMEDOUT
-    false
-end
-
 def http_status_200?(url,
                      cacert = '/var/lib/rancher/rke2/server/tls/server-ca.crt',
                      cert = '/var/lib/rancher/rke2/server/tls/client-admin.crt',