⚠️ Enable removal of ExternallyProvisioned attribute from BareMetalHosts

[ethan-gallant]

What this PR does / why we need it:
It enables removing the ExternallyProvisioned attribute, this can be useful if you want to transition hosts from an externally provisioned source into being directly managed.

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #2465

Signed-off-by: Ethan J. Gallant [email protected]

[metal3-io-bot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign elfosardo for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[metal3-io-bot]

Hi @ethan-gallant. Thanks for your PR.

I'm waiting for a metal3-io member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[Rozzii]

I think this topic would need some community consensus at least a lazy one. I don't remember at the moment why was it decided to block an externally provisioned node to transition to the regular provisioned state.

In principle I don't see why we shouldn't allow this transition but I am not using this feature on a daily basis so I am interested in the opinions of those who do might have more experience with the use-case, they might know what would be the side effects of allowing the proposed state transition.

[Rozzii]

Wouldn't this implementation move all externally provisioned BMH to "regular provisioned" state even if the user would add an unrelated annotation or the reconciliation would be triggered for whatever other reason?

It might be just a theoretical scenario but I would like to have an an additionl condition that checks that the "ExtarnallyProvisioned" filed is really set to false.

[ethan-gallant]

Since this lands in an else block after the check for externally provisioned I don't believe that would be possible here.

Happy to reformat it as well into a switch statement or similar as the conditional branches here are getting a bit wild already before the change.

[zaneb]

I don't believe this does anything at all, because in handleRegistering() the hsm.Host.Status.Provisioning.State is, by definition, StateRegistering.

[Rozzii]

Since this lands in an else block after the check for externally provisioned I don't believe that would be possible here.

Happy to reformat it as well into a switch statement or similar as the conditional branches here are getting a bit wild already before the change.

That is true , silly me :D .

But then there is the other thing zaneb pointed out.

[dtantsur]

The original bug is about the incorrect state in Ironic: once we get to Inspecting, BMO does not expect to find the Node in the active state in Ironic, but that's what actually happens. BMO needs to deprovision the host first. Then make sure that inspection still happen.

[Rozzii]

I am not sure these two conditions mean that the BMH is still in registering as they would never be true in case of an externally provisioned BMH at least that would be my expectation.

I assume you have run this test locally but I wonder how long does the BMH stay in "Registering" state that your implementation relies on.

How do you ensure that the BMH stays in registering state to allow the test code to do the bmh.Spec.ExternallyProvisioned field update? I am not a user of the externally provisioned feature so I might be missing something but I would have suspected the BMH to very quickly transition out of "Registering" and If that is true this test would be very prone to timing issues.

[ethan-gallant]

I did a manual test however I had some issues getting the e2e tests running locally with make test-e2e as the e2e image from quay.io could not be loaded.

I'll try again today as it seems that the tests did not align with what I saw manually testing. If you have any guidance that I might have missed getting the E2E working locally (on Linux / MacOS) that would be greatly appreciated.

[Rozzii]

/ok-to-test
/cc @dtantsur @zaneb

[Rozzii]

I have changed this from bug to breaking change, and IMO this is a feature not a bug as blocking the transition between externally and regularly provisioned state was intentional and documented.
/kind feature

[zaneb]

this can be useful if you want to transition hosts from an externally provisioned source into being directly managed.

I was going to say that the question is why you need to do that.
An externally provisioned host is still fully managed in terms of power state.
The other thing you can do with a provisioned host is deprovision it... but that's what happens when you remove the externallyProvisioned flag anyway.

However, I see that somebody has prevented you from removing the flag in the webhook. That is a real bug in my opinion. Otherwise (e.g. with the webhook disabled) it already works correctly and as-documented as far as I know.

[zaneb]

I don't believe this does anything at all, because in handleRegistering() the hsm.Host.Status.Provisioning.State is, by definition, StateRegistering.

[zaneb]

This is a valid bug fix.
According to the state diagram, it is valid to remove the externallyProvisioned flag: https://github.com/metal3-io/baremetal-operator/blob/main/docs/baremetalhost-states.md
I have no idea why the webhook is preventing it.

[ethan-gallant]

The linked issue gives a bit more background, the webhook seems to be a bandaid fix to prevent the host from getting stuck in the provisioning state.

[dtantsur]

To echo what I said in the bug: if removing externallyProvisioned unconditionally deprovisions the host, we need to make sure that image and customDeploy are not set.

Or we need to permit them to be set and keep the host Provisioned.

[ethan-gallant]

Looks like I may have misunderstood the issue and this will need a bit of additional work.

Just to confirm (since I was not at the working group meetings) the desired behavior is:

• If the Image & customDeploy are set
  • Move the host to the Provisioned state since the host complies with the standard setup, it was just (as expected) externallyProvisioned
• If the host does not have the image & customDeploy fields set
  • Deprovision the host since the host can not be managed in the standard fashion

Overall I'm wondering if the approach originally for the externallyProvisioned would have been to follow the cert-manager pattern and had a ProvisionRequest CR where some external system could fulfill the provision instead of hacking around the BareMetalHost CR.

[Rozzii]

Overall I'm wondering if the approach originally for the externallyProvisioned would have been to follow the cert-manager pattern and had a ProvisionRequest CR where some external system could fulfill the provision instead of hacking around the BareMetalHost CR.

Just to reflect on this point, this would be a nice approach but in practice the system that has done the provisioning might not be cloud native or not even automated at all so a ProvisionRequest CR would provide some optional extra functionality, but it would still not cover all the use cases.

[dtantsur]

Overall I'm wondering if the approach originally for the externallyProvisioned would have been to follow the cert-manager pattern and had a ProvisionRequest CR where some external system could fulfill the provision instead of hacking around the BareMetalHost CR.

Well, we should have had a separate CRD for provisioning for sure. The HostClaim work metal3-io/metal3-docs#408 is a step in that direction but it does not address externally provisioned.

Just to confirm (since I was not at the working group meetings) the desired behavior is

I think your summary is correct, except that: "If the Image or customDeploy are set" (one is enough).

[zaneb]

On further inspection, I see that the webhook change was added recently to prevent people encountering bug #2465.

[dtantsur]

See Zane's comment: this is a wrong place. You need to fix handleExternallyProvisioned instead.

[dtantsur]

Better use WaitForBmhInProvisioningState

[dtantsur]

The way the test is written, the expected state is not Provisioned. Or even: it make become Provisioned briefly, then BMO detects that there is no image and no customDeploy and deprovisions.

[metal3-io-bot]

PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.