diff --git a/Cargo.lock b/Cargo.lock index 5b0243e..38e123d 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2298,6 +2298,7 @@ dependencies = [ "futures-util", "harmony_inventory_agent", "harmony_macros", + "harmony_secret", "harmony_secret_derive", "harmony_types", "helm-wrapper-rs", diff --git a/examples/okd_pxe/src/topology.rs b/examples/okd_pxe/src/topology.rs index 27eb8c0..f6c4702 100644 --- a/examples/okd_pxe/src/topology.rs +++ b/examples/okd_pxe/src/topology.rs @@ -1,28 +1,22 @@ use cidr::Ipv4Cidr; use harmony::{ - hardware::{FirewallGroup, HostCategory, Location, PhysicalHost, SwitchGroup}, + config::secret::OPNSenseFirewallCredentials, + hardware::{Location, SwitchGroup}, infra::opnsense::OPNSenseManagementInterface, inventory::Inventory, topology::{HAClusterTopology, LogicalHost, UnmanagedRouter}, }; use harmony_macros::{ip, ipv4}; -use harmony_secret::{Secret, SecretManager}; -use serde::{Deserialize, Serialize}; +use harmony_secret::SecretManager; use std::{net::IpAddr, sync::Arc}; -#[derive(Secret, Serialize, Deserialize, Debug, PartialEq)] -struct OPNSenseFirewallConfig { - username: String, - password: String, -} - pub async fn get_topology() -> HAClusterTopology { let firewall = harmony::topology::LogicalHost { ip: ip!("192.168.1.1"), name: String::from("opnsense-1"), }; - let config = SecretManager::get::().await; + let config = SecretManager::get::().await; let config = config.unwrap(); let opnsense = Arc::new( diff --git a/harmony/Cargo.toml b/harmony/Cargo.toml index ce789a6..1a97be4 100644 --- a/harmony/Cargo.toml +++ b/harmony/Cargo.toml @@ -67,7 +67,8 @@ base64.workspace = true thiserror.workspace = true once_cell = "1.21.3" harmony_inventory_agent = { path = "../harmony_inventory_agent" } -harmony_secret_derive = { version = "0.1.0", path = "../harmony_secret_derive" } +harmony_secret_derive = { path = "../harmony_secret_derive" } +harmony_secret = { path = "../harmony_secret" } askama.workspace = true sqlx.workspace = true inquire.workspace = true diff --git a/harmony/src/domain/config.rs b/harmony/src/domain/config/mod.rs similarity index 98% rename from harmony/src/domain/config.rs rename to harmony/src/domain/config/mod.rs index 1a91684..fbffbf3 100644 --- a/harmony/src/domain/config.rs +++ b/harmony/src/domain/config/mod.rs @@ -1,3 +1,5 @@ +pub mod secret; + use lazy_static::lazy_static; use std::path::PathBuf; diff --git a/harmony/src/domain/config/secret.rs b/harmony/src/domain/config/secret.rs new file mode 100644 index 0000000..f334b75 --- /dev/null +++ b/harmony/src/domain/config/secret.rs @@ -0,0 +1,16 @@ +use harmony_secret_derive::Secret; +use serde::{Deserialize, Serialize}; + +#[derive(Secret, Serialize, Deserialize, Debug, PartialEq)] +pub struct OPNSenseFirewallCredentials { + pub username: String, + pub password: String, +} + +// TODO we need a better way to handle multiple "instances" of the same secret structure. +#[derive(Secret, Serialize, Deserialize, Debug, PartialEq)] +pub struct SshKeyPair { + pub private: String, + pub public: String, +} + diff --git a/harmony/src/modules/dhcp.rs b/harmony/src/modules/dhcp.rs index 24d697a..d71cb5b 100644 --- a/harmony/src/modules/dhcp.rs +++ b/harmony/src/modules/dhcp.rs @@ -23,6 +23,7 @@ pub struct DhcpScore { pub filename64: Option, pub filenameipxe: Option, pub dhcp_range: (IpAddress, IpAddress), + pub domain: Option, } impl Score for DhcpScore { @@ -114,6 +115,7 @@ impl Interpret for DhcpInterpret { DhcpHostBindingScore { host_binding: self.score.host_binding.clone(), + domain: self.score.domain.clone(), } .interpret(inventory, topology) .await?; diff --git a/harmony/src/modules/okd/dhcp.rs b/harmony/src/modules/okd/dhcp.rs index e6f0f04..94e7e55 100644 --- a/harmony/src/modules/okd/dhcp.rs +++ b/harmony/src/modules/okd/dhcp.rs @@ -71,6 +71,7 @@ impl OKDDhcpScore { topology.router.get_gateway() )), dhcp_range: (IpAddress::from(start), IpAddress::from(end)), + domain: Some(topology.domain_name.clone()), }, } } diff --git a/harmony/src/modules/okd/installation.rs b/harmony/src/modules/okd/installation.rs index 9ed1898..9cdf294 100644 --- a/harmony/src/modules/okd/installation.rs +++ b/harmony/src/modules/okd/installation.rs @@ -428,7 +428,7 @@ impl OKDSetup02BootstrapInterpret { DhcpHostBindingScore { host_binding: vec![binding], - domain: Some(topology.domain_name), + domain: Some(topology.domain_name.clone()), } .interpret(inventory, topology) .await?; @@ -457,7 +457,9 @@ impl OKDSetup02BootstrapInterpret { inventory: &Inventory, topology: &HAClusterTopology, ) -> Result<(), InterpretError> { - todo!("OKD loadbalancer score already exists, just call it here probably? 6443 22623, 80 and 443 \n\nhttps://docs.okd.io/latest/installing/installing_bare_metal/upi/installing-bare-metal.html#installation-load-balancing-user-infra_installing-bare-metal"); + todo!( + "OKD loadbalancer score already exists, just call it here probably? 6443 22623, 80 and 443 \n\nhttps://docs.okd.io/latest/installing/installing_bare_metal/upi/installing-bare-metal.html#installation-load-balancing-user-infra_installing-bare-metal" + ); } async fn reboot_target(&self) -> Result<(), InterpretError> { @@ -499,7 +501,8 @@ impl Interpret for OKDSetup02BootstrapInterpret { self.configure_host_binding(inventory, topology).await?; self.prepare_ignition_files(inventory, topology).await?; self.render_per_mac_pxe(inventory, topology).await?; - self.setup_bootstrap_load_balancer(inventory, topology).await?; + self.setup_bootstrap_load_balancer(inventory, topology) + .await?; // TODO https://docs.okd.io/latest/installing/installing_bare_metal/upi/installing-bare-metal.html#installation-user-provisioned-validating-dns_installing-bare-metal // self.validate_dns_config(inventory, topology).await?; diff --git a/harmony/src/modules/okd/ipxe.rs b/harmony/src/modules/okd/ipxe.rs index d5b5bdb..7964093 100644 --- a/harmony/src/modules/okd/ipxe.rs +++ b/harmony/src/modules/okd/ipxe.rs @@ -59,6 +59,7 @@ impl Interpret f let scores: Vec>> = vec![ Box::new(DhcpScore { host_binding: vec![], + domain: None, next_server: Some(topology.get_gateway()), boot_filename: None, filename: Some("undionly.kpxe".to_string()),