Validate ansibleHost and default ctlplane fixedIP for pre-provisioned nodes

For pre-provisioned dataplane nodes, ansibleHost must be a valid IP
address. This is required because the controller defaults the ctlplane
network fixedIP from ansibleHost during IPAM reservation, ensuring the
reserved IP matches the already-configured node interface. Without a
valid IP, IPAM could reserve a different address and break connectivity
during deployment.

The validating webhook enforces that for pre-provisioned nodes:
- ansibleHost is not empty
- ansibleHost is a valid IP address

The controller (ipam.go) defaults the ctlplane fixedIP from ansibleHost
when not already set. The ctlplane network is identified using the
netServiceNetMap from NetConfig, so it works regardless of the network
name.

Signed-off-by: rabi <ramishra@redhat.com>

Author: rabi

api/dataplane/v1beta1/openstackdataplanenodeset_webhook.go

@@ -19,6 +19,7 @@ package v1beta1
 import (
 	"context"
 	"fmt"
+	"net"
 	"reflect"
 	"strings"
 
@@ -133,6 +134,10 @@ func (r *OpenStackDataPlaneNodeSet) validateNodes(ctx context.Context, c client.
 		errors = append(errors, r.Spec.duplicateNodeCheck(nodeSetList, r.ObjectMeta.Name)...)
 	}
 
+	if r.Spec.PreProvisioned {
+		errors = append(errors, r.Spec.validatePreProvisionedNodes()...)
+	}
+
 	return errors, nil
 
 }
@@ -227,3 +232,32 @@ func (spec *OpenStackDataPlaneNodeSetSpec) ValidateDelete() field.ErrorList {
 	return field.ErrorList{}
 
 }
+
+// validatePreProvisionedNodes validates that ansibleHost is a valid IP
+// for pre-provisioned nodes. An IP is required so that the controller
+// can default the ctlplane fixedIP from it, ensuring IPAM reserves the
+// correct address that matches the already-configured node interface.
+func (spec *OpenStackDataPlaneNodeSetSpec) validatePreProvisionedNodes() field.ErrorList {
+	var errors field.ErrorList
+
+	for nodeName, node := range spec.Nodes {
+		nodePath := field.NewPath("spec").Child("nodes").Key(nodeName)
+
+		if node.Ansible.AnsibleHost == "" {
+			errors = append(errors, field.Required(
+				nodePath.Child("ansible", "ansibleHost"),
+				"ansibleHost must be a valid IP address for "+
+					"pre-provisioned nodes"))
+			continue
+		}
+
+		if net.ParseIP(node.Ansible.AnsibleHost) == nil {
+			errors = append(errors, field.Invalid(
+				nodePath.Child("ansible", "ansibleHost"),
+				node.Ansible.AnsibleHost,
+				"ansibleHost must be a valid IP address for "+
+					"pre-provisioned nodes"))
+		}
+	}
+	return errors
+}

internal/dataplane/ipam.go

@@ -20,6 +20,7 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"net"
 	"sort"
 	"strings"
 
@@ -359,10 +360,17 @@ func reserveIPs(ctx context.Context, helper *helper.Helper,
 		}
 
 		if len(node.Networks) > 0 {
-			for _, net := range node.Networks {
-				if strings.EqualFold(string(net.Name), dataplanev1.CtlPlaneNetwork) ||
-					netServiceNetMap[strings.ToLower(string(net.Name))] == dataplanev1.CtlPlaneNetwork {
+			for i, nnet := range node.Networks {
+				if strings.EqualFold(string(nnet.Name), dataplanev1.CtlPlaneNetwork) ||
+					netServiceNetMap[strings.ToLower(string(nnet.Name))] == dataplanev1.CtlPlaneNetwork {
 					foundCtlPlane = true
+					// Default ctlplane fixedIP from ansibleHost for pre-provisioned nodes
+					if instance.Spec.PreProvisioned &&
+						node.Ansible.AnsibleHost != "" &&
+						(nnet.FixedIP == nil || *nnet.FixedIP == "") &&
+						net.ParseIP(node.Ansible.AnsibleHost) != nil {
+						node.Networks[i].FixedIP = &node.Ansible.AnsibleHost
+					}
 					break
 				}
 			}

test/functional/ctlplane/base_test.go

@@ -420,7 +420,11 @@ func DefaultDataPlaneNoNodeSetSpec(tlsEnabled bool) map[string]interface{} {
 	if tlsEnabled {
 		spec["tlsEnabled"] = true
 	}
-	spec["nodes"] = map[string]dataplanev1.NodeSection{"edpm-compute-node-1": {}}
+	spec["nodes"] = map[string]dataplanev1.NodeSection{"edpm-compute-node-1": {
+		Ansible: dataplanev1.AnsibleOpts{
+			AnsibleHost: "192.168.122.100",
+		},
+	}}
 	return spec
 }
 

test/functional/dataplane/base_test.go

@@ -141,7 +141,11 @@ func CustomServiceImageSpec() map[string]interface{} {
 				"ansibleVars": ansibleServiceVars,
 			},
 		},
-		"nodes": map[string]dataplanev1.NodeSection{"edpm-compute-node-1": {}},
+		"nodes": map[string]dataplanev1.NodeSection{"edpm-compute-node-1": {
+			Ansible: dataplanev1.AnsibleOpts{
+				AnsibleHost: "192.168.122.100",
+			},
+		}},
 	}
 }
 
@@ -235,6 +239,9 @@ func DefaultDataPlaneNodeSetSpec(nodeSetName string) map[string]interface{} {
 					{Name: "networkinternal", SubnetName: "subnet1"},
 					{Name: "ctlplane", SubnetName: "subnet1"},
 				},
+				"ansible": map[string]interface{}{
+					"ansibleHost": "192.168.122.100",
+				},
 			},
 		},
 		"baremetalSetTemplate": map[string]interface{}{
@@ -268,6 +275,9 @@ func DuplicateServiceNodeSetSpec(nodeSetName string) map[string]interface{} {
 					{Name: "networkinternal", SubnetName: "subnet1"},
 					{Name: "ctlplane", SubnetName: "subnet1"},
 				},
+				"ansible": map[string]interface{}{
+					"ansibleHost": "192.168.122.100",
+				},
 			},
 		},
 		"secretMaxSize":  1048576,
@@ -292,7 +302,11 @@ func DefaultDataPlaneNoNodeSetSpec(tlsEnabled bool) map[string]interface{} {
 	if tlsEnabled {
 		spec["tlsEnabled"] = true
 	}
-	spec["nodes"] = map[string]dataplanev1.NodeSection{"edpm-compute-node-1": {}}
+	spec["nodes"] = map[string]dataplanev1.NodeSection{"edpm-compute-node-1": {
+		Ansible: dataplanev1.AnsibleOpts{
+			AnsibleHost: "192.168.122.100",
+		},
+	}}
 	return spec
 }
 

test/functional/dataplane/openstackdataplanenodeset_controller_test.go

@@ -320,6 +320,9 @@ var _ = Describe("Dataplane NodeSet Test", func() {
 				nodes := map[string]dataplanev1.NodeSection{
 					dataplaneNodeName.Name: {
 						HostName: dataplaneNodeName.Name,
+						Ansible: dataplanev1.AnsibleOpts{
+							AnsibleHost: "192.168.122.100",
+						},
 					},
 				}
 				Expect(dataplaneNodeSetInstance.Spec.Nodes).Should(Equal(nodes))
@@ -422,6 +425,9 @@ var _ = Describe("Dataplane NodeSet Test", func() {
 				nodes := map[string]dataplanev1.NodeSection{
 					dataplaneNodeName.Name: {
 						HostName: dataplaneNodeName.Name,
+						Ansible: dataplanev1.AnsibleOpts{
+							AnsibleHost: "192.168.122.100",
+						},
 					},
 				}
 				Expect(dataplaneNodeSetInstance.Spec.Nodes).Should(Equal(nodes))
@@ -726,6 +732,7 @@ var _ = Describe("Dataplane NodeSet Test", func() {
 					},
 					"ansible": map[string]interface{}{
 						"ansibleUser": "test-user",
+						"ansibleHost": "192.168.122.100",
 					},
 				}
 
@@ -845,6 +852,9 @@ var _ = Describe("Dataplane NodeSet Test", func() {
 				nodes := map[string]dataplanev1.NodeSection{
 					dataplaneNodeName.Name: {
 						HostName: dataplaneNodeName.Name,
+						Ansible: dataplanev1.AnsibleOpts{
+							AnsibleHost: "192.168.122.100",
+						},
 					},
 				}
 				Expect(dataplaneNodeSetInstance.Spec.Nodes).Should(Equal(nodes))
@@ -1144,6 +1154,7 @@ var _ = Describe("Dataplane NodeSet Test", func() {
 					},
 					"ansible": map[string]interface{}{
 						"ansibleUser": "test-user",
+						"ansibleHost": "192.168.122.100",
 					},
 				}
 

test/functional/dataplane/openstackdataplanenodeset_webhook_test.go

@@ -130,7 +130,11 @@ var _ = Describe("DataplaneNodeSet Webhook", func() {
 			nodeSetSpec["preProvisioned"] = true
 			nodeSetSpec["nodes"] = map[string]interface{}{
 				"compute-0": map[string]interface{}{
-					"hostName": "compute-0"},
+					"hostName": "compute-0",
+					"ansible": map[string]interface{}{
+						"ansibleHost": "192.168.122.100",
+					},
+				},
 			}
 			DeferCleanup(th.DeleteInstance, CreateDataplaneNodeSet(dataplaneNodeSetName, nodeSetSpec))
 		})
@@ -141,7 +145,11 @@ var _ = Describe("DataplaneNodeSet Webhook", func() {
 				newNodeSetSpec["preProvisioned"] = true
 				newNodeSetSpec["nodes"] = map[string]interface{}{
 					"compute-0": map[string]interface{}{
-						"hostName": "compute-0"},
+						"hostName": "compute-0",
+						"ansible": map[string]interface{}{
+							"ansibleHost": "192.168.122.100",
+						},
+					},
 				}
 				newInstance := DefaultDataplaneNodeSetTemplate(types.NamespacedName{Name: "test-duplicate-node", Namespace: namespace}, newNodeSetSpec)
 				unstructuredObj := &unstructured.Unstructured{Object: newInstance}
@@ -159,16 +167,24 @@ var _ = Describe("DataplaneNodeSet Webhook", func() {
 					"compute-3": map[string]interface{}{
 						"hostName": "compute-3",
 						"ansible": map[string]interface{}{
-							"ansibleHost": "compute-3",
+							"ansibleHost": "192.168.122.103",
 						},
 					},
 					"compute-2": map[string]interface{}{
-						"hostName": "compute-2"},
+						"hostName": "compute-2",
+						"ansible": map[string]interface{}{
+							"ansibleHost": "192.168.122.102",
+						},
+					},
 					"compute-8": map[string]interface{}{
-						"hostName": "compute-8"},
+						"hostName": "compute-8",
+						"ansible": map[string]interface{}{
+							"ansibleHost": "192.168.122.108",
+						},
+					},
 					"compute-0": map[string]interface{}{
 						"ansible": map[string]interface{}{
-							"ansibleHost": "compute-0",
+							"ansibleHost": "192.168.122.100",
 						},
 					},
 				}
@@ -180,13 +196,43 @@ var _ = Describe("DataplaneNodeSet Webhook", func() {
 			}).Should(ContainSubstring("already exists in another cluster"))
 		})
 	})
+
+	When("A pre-provisioned NodeSet is created without a valid IP as ansibleHost", func() {
+		It("Should block creation", func() {
+			Eventually(func(_ Gomega) string {
+				spec := DefaultDataPlaneNoNodeSetSpec(false)
+				spec["nodes"] = map[string]interface{}{
+					"compute-0": map[string]interface{}{
+						"hostName": "compute-0",
+						"ansible": map[string]interface{}{
+							"ansibleHost": "compute-0.example.com",
+						},
+					},
+				}
+				name := types.NamespacedName{
+					Name: "test-hostname-ansiblehost", Namespace: namespace}
+				obj := DefaultDataplaneNodeSetTemplate(name, spec)
+				unstructuredObj := &unstructured.Unstructured{Object: obj}
+				_, err := controllerutil.CreateOrPatch(
+					th.Ctx, th.K8sClient, unstructuredObj,
+					func() error { return nil })
+				return fmt.Sprintf("%s", err)
+			}).Should(ContainSubstring(
+				"ansibleHost must be a valid IP address"))
+		})
+	})
+
 	When("A NodeSet is updated with a OpenStackDataPlaneDeployment", func() {
 		BeforeEach(func() {
 			nodeSetSpec := DefaultDataPlaneNoNodeSetSpec(false)
 			nodeSetSpec["preProvisioned"] = true
 			nodeSetSpec["nodes"] = map[string]interface{}{
 				"compute-0": map[string]interface{}{
-					"hostName": "compute-0"},
+					"hostName": "compute-0",
+					"ansible": map[string]interface{}{
+						"ansibleHost": "192.168.122.100",
+					},
+				},
 			}
 
 			DeferCleanup(th.DeleteInstance, CreateDataplaneNodeSet(dataplaneNodeSetName, nodeSetSpec))

test/kuttl/tests/dataplane-create-test/00-assert.yaml

@@ -17,11 +17,12 @@ spec:
   nodes:
     edpm-compute-0:
       hostName: edpm-compute-0
+      ansible:
+        ansibleHost: 192.168.122.100
       networks:
       - name: ctlplane
         subnetName: subnet1
         defaultRoute: true
-        fixedIP: 192.168.122.100
       - name: internalapi
         subnetName: subnet1
       - name: storage

test/kuttl/tests/dataplane-create-test/00-dataplane-create.yaml

@@ -61,11 +61,12 @@ spec:
   nodes:
     edpm-compute-0:
       hostName: edpm-compute-0
+      ansible:
+        ansibleHost: 192.168.122.100
       networks:
       - name: ctlplane
         subnetName: subnet1
         defaultRoute: true
-        fixedIP: 192.168.122.100
       - name: internalapi
         subnetName: subnet1
       - name: storage

test/kuttl/tests/dataplane-deploy-multiple-secrets/00-assert.yaml

@@ -51,11 +51,12 @@ spec:
   nodes:
     edpm-compute-0:
       hostName: edpm-compute-0
+      ansible:
+        ansibleHost: 192.168.122.100
       networks:
       - name: ctlplane
         subnetName: subnet1
         defaultRoute: true
-        fixedIP: 192.168.122.100
       - name: internalapi
         subnetName: subnet1
         fixedIP: 172.17.0.100
@@ -67,11 +68,12 @@ spec:
         fixedIP: 172.19.0.100
     edpm-compute-1:
       hostName: edpm-compute-1
+      ansible:
+        ansibleHost: 192.168.122.101
       networks:
       - name: ctlplane
         subnetName: subnet1
         defaultRoute: true
-        fixedIP: 192.168.122.101
       - name: internalapi
         subnetName: subnet1
         fixedIP: 172.17.0.101
@@ -83,11 +85,12 @@ spec:
         fixedIP: 172.19.0.101
     edpm-compute-2:
       hostName: edpm-compute-2
+      ansible:
+        ansibleHost: 192.168.122.102
       networks:
       - name: ctlplane
         subnetName: subnet1
         defaultRoute: true
-        fixedIP: 192.168.122.102
       - name: internalapi
         subnetName: subnet1
         fixedIP: 172.17.0.102

test/kuttl/tests/dataplane-deploy-multiple-secrets/00-dataplane-create.yaml

@@ -49,11 +49,12 @@ spec:
   nodes:
     edpm-compute-0:
       hostName: edpm-compute-0
+      ansible:
+        ansibleHost: 192.168.122.100
       networks:
       - name: ctlplane
         subnetName: subnet1
         defaultRoute: true
-        fixedIP: 192.168.122.100
       - name: internalapi
         subnetName: subnet1
         fixedIP: 172.17.0.100
@@ -65,11 +66,12 @@ spec:
         fixedIP: 172.19.0.100
     edpm-compute-1:
       hostName: edpm-compute-1
+      ansible:
+        ansibleHost: 192.168.122.101
       networks:
       - name: ctlplane
         subnetName: subnet1
         defaultRoute: true
-        fixedIP: 192.168.122.101
       - name: internalapi
         subnetName: subnet1
         fixedIP: 172.17.0.101
@@ -81,11 +83,12 @@ spec:
         fixedIP: 172.19.0.101
     edpm-compute-2:
       hostName: edpm-compute-2
+      ansible:
+        ansibleHost: 192.168.122.102
       networks:
       - name: ctlplane
         subnetName: subnet1
         defaultRoute: true
-        fixedIP: 192.168.122.102
       - name: internalapi
         subnetName: subnet1
         fixedIP: 172.17.0.102