baremetal: stop ironic on bootstrap after masters are booted

[stbenjam]

The bootstrap can now co-exist with machine-api being online. That
means there could be an instance of Ironic, dnsmasq, etc running in
both the cluster and the bootstrap. This causes problems, as it's not
deterministic which dnsmasq instance the worker provisioned by the
machine-api will use. If it uses the bootstrap, then the worker will not
come online.

This is causing a percentage of baremetal installs to fail, with the
worker being offline, ingress and other operators never come up.

[openshift-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
To complete the pull request process, please assign stbenjam
You can assign the PR to them by writing /assign @stbenjam in a comment when ready.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• data/data/bootstrap/baremetal/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[stbenjam]

/label platform/baremetal

[stbenjam]

We have to wait for the hosts to be active, and give enough time for the installer to see that as well via it's polling

[hardys]

If we go with this approach we'll need to template the number of nodes as I know some folks have tested with a single master

[hardys]

I wonder if we could instead make the MAO defer starting the ironic-api and dnsmasq containers until it sees the bootstrap-complete, but this seems like a viable workaround.

We also discussed restricting the bootstrap dnsmasq to only reply to the mac addresses in the install-config, which may work but I'm not certain if we'd still see racy behavior since there are still going to be two DHCP servers on the network with that solution?

[dhellmann]

I wonder if we could instead make the MAO defer starting the ironic-api and dnsmasq containers until it sees the bootstrap-complete, but this seems like a viable workaround.

I like that.

We also discussed restricting the bootstrap dnsmasq to only reply to the mac addresses in the install-config, which may work but I'm not certain if we'd still see racy behavior since there are still going to be two DHCP servers on the network with that solution?

I like this too, but after more thought I'm not sure it's enough. If we think we're ever going to have 2 servers running, even if one only responds to the control plane hosts, then we have to ensure that they do not give the same IP to different hosts at the same time.

[stbenjam]

/hold

pending outcome of discussion of other mechanisms

[metal3ci]

Build SUCCESS, see build http://10.8.144.11:8080/job/dev-tools/1498/

[openshift-ci-robot]

@stbenjam: The following tests failed, say /retest to rerun all failed tests:

Test name	Commit	Details	Rerun command
ci/prow/e2e-libvirt	4212443	link	/test e2e-libvirt
ci/prow/e2e-aws-fips	4212443	link	/test e2e-aws-fips
ci/prow/e2e-openstack	4212443	link	/test e2e-openstack
ci/prow/e2e-ovirt	4212443	link	/test e2e-ovirt
ci/prow/e2e-aws	4212443	link	/test e2e-aws
ci/prow/e2e-aws-scaleup-rhel7	4212443	link	/test e2e-aws-scaleup-rhel7

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[stbenjam]

/close

In favor of #3079 for now

[openshift-ci-robot]

@stbenjam: Closed this PR.

Details

In response to this:

/close

In favor of #3079 for now

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.