doc: fix example code to use ignore instead of no_run

- fails because cannot be used at module level - Use to skip doc compilation while keeping example visible
okd: include workers in load balancer backend pool + add tests and docs
2026-03-07 17:30:24 -05:00 · 2026-03-07 17:15:24 -05:00 · 2026-03-07 16:46:47 -05:00 · 2026-03-07 16:35:14 -05:00 · 2026-03-07 20:59:28 +00:00 · 2026-03-07 10:03:03 -05:00
2 changed files with 249 additions and 6 deletions
--- a/harmony/src/modules/okd/load_balancer.rs
+++ b/harmony/src/modules/okd/load_balancer.rs
@@ -8,7 +8,7 @@ use crate::{
    score::Score,
    topology::{
        BackendServer, HAClusterTopology, HealthCheck, HttpMethod, HttpStatusCode, LoadBalancer,
-        LoadBalancerService, SSL, Topology,
+        LoadBalancerService, LogicalHost, Router, SSL, Topology,
    },
 };
@@ -23,17 +23,45 @@ pub struct OKDLoadBalancerScore {
    load_balancer_score: LoadBalancerScore,
 }
 /// OKD Load Balancer Score configuration
 ///
 /// This module configures the load balancer for OKD (OpenShift Kubernetes Distribution)
 /// bare metal installations.
 ///
 /// # Backend Server Configuration
 ///
 /// For ports 80 and 443 (ingress traffic), the load balancer includes both control plane
 /// and worker nodes in the backend pool. This is consistent with OKD's requirement that
 /// ingress traffic should be load balanced across all nodes that may run ingress router pods.
 ///
 /// For ports 22623 (Ignition API) and 6443 (Kubernetes API), only control plane nodes
 /// are included as backends, as these services are control plane specific.
 ///
 /// # References
 ///
 /// - [OKD Bare Metal Installation - External Load Balancer Configuration]
 ///   (<https://docs.okd.io/latest/installing/installing_bare_metal/ipi/ipi-install-installation-workflow.html#nw-osp-configuring-external-load-balancer_ipi-install-installation-workflow>)
 ///
 /// # Example
 ///
 /// ```ignore
 /// use harmony::topology::HAClusterTopology;
 /// use harmony::modules::okd::OKDLoadBalancerScore;
 ///
 /// let topology: HAClusterTopology = /* get topology from your infrastructure */;
 /// let score = OKDLoadBalancerScore::new(&topology);
 /// ```
 impl OKDLoadBalancerScore {
    pub fn new(topology: &HAClusterTopology) -> Self {
        let public_ip = topology.router.get_gateway();
        let public_services = vec![
            LoadBalancerService {
-                backend_servers: Self::control_plane_to_backend_server(topology, 80),
+                backend_servers: Self::nodes_to_backend_server(topology, 80),
                listening_port: SocketAddr::new(public_ip, 80),
                health_check: Some(HealthCheck::TCP(None)),
            },
            LoadBalancerService {
-                backend_servers: Self::control_plane_to_backend_server(topology, 443),
+                backend_servers: Self::nodes_to_backend_server(topology, 443),
                listening_port: SocketAddr::new(public_ip, 443),
                health_check: Some(HealthCheck::TCP(None)),
            },
@@ -41,12 +69,12 @@ impl OKDLoadBalancerScore {
        let private_services = vec![
            LoadBalancerService {
-                backend_servers: Self::control_plane_to_backend_server(topology, 80),
+                backend_servers: Self::nodes_to_backend_server(topology, 80),
                listening_port: SocketAddr::new(public_ip, 80),
                health_check: Some(HealthCheck::TCP(None)),
            },
            LoadBalancerService {
-                backend_servers: Self::control_plane_to_backend_server(topology, 443),
+                backend_servers: Self::nodes_to_backend_server(topology, 443),
                listening_port: SocketAddr::new(public_ip, 443),
                health_check: Some(HealthCheck::TCP(None)),
            },
@@ -74,6 +102,11 @@ impl OKDLoadBalancerScore {
        }
    }
    /// Creates backend servers list for control plane nodes only
    ///
    /// Use this for control plane-specific services like:
    /// - Port 22623: Ignition API (machine configuration during bootstrap)
    /// - Port 6443: Kubernetes API server
    fn control_plane_to_backend_server(
        topology: &HAClusterTopology,
        port: u16,
@@ -87,6 +120,216 @@ impl OKDLoadBalancerScore {
            })
            .collect()
    }
    /// Creates backend servers list for all nodes (control plane + workers)
    ///
    /// Use this for ingress traffic that should be distributed across all nodes:
    /// - Port 80: HTTP ingress traffic
    /// - Port 443: HTTPS ingress traffic
    ///
    /// In OKD, ingress router pods can run on any node, so both control plane
    /// and worker nodes should be included in the load balancer backend pool.
    fn nodes_to_backend_server(topology: &HAClusterTopology, port: u16) -> Vec<BackendServer> {
        let mut nodes = Vec::new();
        for cp in &topology.control_plane {
            nodes.push(BackendServer {
                address: cp.ip.to_string(),
                port,
            });
        }
        for worker in &topology.workers {
            nodes.push(BackendServer {
                address: worker.ip.to_string(),
                port,
            });
        }
        nodes
    }
 }
 #[cfg(test)]
 mod tests {
    use std::sync::{Arc, OnceLock};
    use super::*;
    use crate::topology::DummyInfra;
    use harmony_macros::ip;
    use harmony_types::net::IpAddress;
    fn create_test_topology() -> HAClusterTopology {
        let router = Arc::new(DummyRouter {
            gateway: ip!("192.168.1.1"),
        });
        HAClusterTopology {
            domain_name: "test.example.com".to_string(),
            router,
            load_balancer: Arc::new(DummyInfra),
            firewall: Arc::new(DummyInfra),
            dhcp_server: Arc::new(DummyInfra),
            tftp_server: Arc::new(DummyInfra),
            http_server: Arc::new(DummyInfra),
            dns_server: Arc::new(DummyInfra),
            node_exporter: Arc::new(DummyInfra),
            switch_client: Arc::new(DummyInfra),
            bootstrap_host: LogicalHost {
                ip: ip!("192.168.1.100"),
                name: "bootstrap".to_string(),
            },
            control_plane: vec![
                LogicalHost {
                    ip: ip!("192.168.1.10"),
                    name: "control-plane-0".to_string(),
                },
                LogicalHost {
                    ip: ip!("192.168.1.11"),
                    name: "control-plane-1".to_string(),
                },
                LogicalHost {
                    ip: ip!("192.168.1.12"),
                    name: "control-plane-2".to_string(),
                },
            ],
            workers: vec![
                LogicalHost {
                    ip: ip!("192.168.1.20"),
                    name: "worker-0".to_string(),
                },
                LogicalHost {
                    ip: ip!("192.168.1.21"),
                    name: "worker-1".to_string(),
                },
            ],
            kubeconfig: None,
            network_manager: OnceLock::new(),
        }
    }
    struct DummyRouter {
        gateway: IpAddress,
    }
    impl Router for DummyRouter {
        fn get_gateway(&self) -> IpAddress {
            self.gateway
        }
        fn get_cidr(&self) -> cidr::Ipv4Cidr {
            let ipv4 = match self.gateway {
                IpAddress::V4(ip) => ip,
                IpAddress::V6(_) => panic!("IPv6 not supported"),
            };
            cidr::Ipv4Cidr::new(ipv4, 24).unwrap()
        }
        fn get_host(&self) -> LogicalHost {
            LogicalHost {
                ip: self.gateway,
                name: "router".to_string(),
            }
        }
    }
    #[test]
    fn test_nodes_to_backend_server_includes_control_plane_and_workers() {
        let topology = create_test_topology();
        let backend_servers = OKDLoadBalancerScore::nodes_to_backend_server(&topology, 80);
        assert_eq!(backend_servers.len(), 5);
        let addresses: Vec<&str> = backend_servers.iter().map(|s| s.address.as_str()).collect();
        assert!(addresses.contains(&"192.168.1.10"));
        assert!(addresses.contains(&"192.168.1.11"));
        assert!(addresses.contains(&"192.168.1.12"));
        assert!(addresses.contains(&"192.168.1.20"));
        assert!(addresses.contains(&"192.168.1.21"));
    }
    #[test]
    fn test_control_plane_to_backend_server_only_includes_control_plane() {
        let topology = create_test_topology();
        let backend_servers = OKDLoadBalancerScore::control_plane_to_backend_server(&topology, 80);
        assert_eq!(backend_servers.len(), 3);
        let addresses: Vec<&str> = backend_servers.iter().map(|s| s.address.as_str()).collect();
        assert!(addresses.contains(&"192.168.1.10"));
        assert!(addresses.contains(&"192.168.1.11"));
        assert!(addresses.contains(&"192.168.1.12"));
        assert!(!addresses.contains(&"192.168.1.20"));
        assert!(!addresses.contains(&"192.168.1.21"));
    }
    #[test]
    fn test_public_services_include_all_nodes_on_port_80_and_443() {
        let topology = create_test_topology();
        let score = OKDLoadBalancerScore::new(&topology);
        let public_service_80 = score
            .load_balancer_score
            .public_services
            .iter()
            .find(|s| s.listening_port.port() == 80)
            .expect("Public service on port 80 not found");
        let public_service_443 = score
            .load_balancer_score
            .public_services
            .iter()
            .find(|s| s.listening_port.port() == 443)
            .expect("Public service on port 443 not found");
        assert_eq!(public_service_80.backend_servers.len(), 5);
        assert_eq!(public_service_443.backend_servers.len(), 5);
    }
    #[test]
    fn test_private_service_port_22623_only_control_plane() {
        let topology = create_test_topology();
        let score = OKDLoadBalancerScore::new(&topology);
        let private_service_22623 = score
            .load_balancer_score
            .private_services
            .iter()
            .find(|s| s.listening_port.port() == 22623)
            .expect("Private service on port 22623 not found");
        assert_eq!(private_service_22623.backend_servers.len(), 3);
    }
    #[test]
    fn test_private_service_port_6443_only_control_plane() {
        let topology = create_test_topology();
        let score = OKDLoadBalancerScore::new(&topology);
        let private_service_6443 = score
            .load_balancer_score
            .private_services
            .iter()
            .find(|s| s.listening_port.port() == 6443)
            .expect("Private service on port 6443 not found");
        assert_eq!(private_service_6443.backend_servers.len(), 3);
        assert!(
            matches!(
                private_service_6443.health_check,
                Some(HealthCheck::HTTP(_, _, _, _))
            ),
            "Expected HTTP health check for port 6443"
        );
    }
    #[test]
    fn test_all_backend_servers_have_correct_port() {
        let topology = create_test_topology();
        let backend_servers = OKDLoadBalancerScore::nodes_to_backend_server(&topology, 443);
        for server in backend_servers {
            assert_eq!(server.port, 443);
        }
    }
 }
 impl<T: Topology + LoadBalancer> Score<T> for OKDLoadBalancerScore {
--- a/opnsense-config-xml/src/data/opnsense.rs
+++ b/opnsense-config-xml/src/data/opnsense.rs
@@ -1540,7 +1540,7 @@ pub struct Dyndns {
 pub struct Vlans {
    #[yaserde(attribute = true)]
    pub version: String,
-    pub vlan: MaybeString,
+    pub vlan: RawXml,
 }
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
Author	SHA1	Message	Date
Jean-Gabriel Gill-Couture	d0a1a73710	doc: fix example code to use ignore instead of no_run All checks were successful Run Check Script / check (pull_request) Successful in 1m43s Details - fails because cannot be used at module level - Use to skip doc compilation while keeping example visible	2026-03-07 17:30:24 -05:00
Jean-Gabriel Gill-Couture	bc2b328296	okd: include workers in load balancer backend pool + add tests and docs Some checks failed Run Check Script / check (pull_request) Failing after 24s Details - Add nodes_to_backend_server() function to include both control plane and worker nodes - Update public services (ports 80, 443) to use worker-inclusive backend pool - Add comprehensive tests covering all backend configurations - Add documentation with OKD reference link and usage examples	2026-03-07 17:15:24 -05:00
Jean-Gabriel Gill-Couture	a93896707f	okd: add worker nodes to load balancer backend pool All checks were successful Run Check Script / check (pull_request) Successful in 1m29s Details Include both control plane and worker nodes in ports 80 and 443 backend pools	2026-03-07 16:46:47 -05:00
Jean-Gabriel Gill-Couture	0e9b23a320	Merge branch 'feat/change-node-readiness-strategy' Some checks failed Run Check Script / check (push) Successful in 1m26s Details Compile and package harmony_composer / package_harmony_composer (push) Failing after 2m11s Details	2026-03-07 16:35:14 -05:00
johnride	5412c34957	Merge pull request 'fix: change vlan definition from MaybeString to RawXml' (#245 ) from feat/opnsense-config-xml-support-vlan into master Some checks failed Run Check Script / check (push) Successful in 1m47s Details Compile and package harmony_composer / package_harmony_composer (push) Failing after 2m7s Details Reviewed-on: #245	2026-03-07 20:59:28 +00:00
Sylvain Tremblay	55de206523	fix: change vlan definition from MaybeString to RawXml All checks were successful Run Check Script / check (pull_request) Successful in 1m29s Details	2026-03-07 10:03:03 -05:00