Merge pull request #10079 from vr4manta/SPLAT-2172

SPLAT-2172: AWS dedicate host support

Author: openshift-merge-bot[bot]

data/data/install.openshift.io_installconfigs.yaml

@@ -211,6 +211,56 @@ spec:
                             - AMDEncryptedVirtualizationNestedPaging
                             type: string
                         type: object
+                      hostPlacement:
+                        description: |-
+                          hostPlacement configures placement on AWS Dedicated Hosts. This allows admins to assign instances to specific host
+                          for a variety of needs including for regulatory compliance, to leverage existing per-socket or per-core software licenses (BYOL),
+                          and to gain visibility and control over instance placement on a physical server.
+                          When omitted, the instance is not constrained to a dedicated host.
+                        properties:
+                          affinity:
+                            description: |-
+                              affinity specifies the affinity setting for the instance.
+                              Allowed values are AnyAvailable and DedicatedHost.
+                              When Affinity is set to DedicatedHost, an instance started onto a specific host always restarts on the same host if stopped. In this scenario, the `dedicatedHost` field must be set.
+                              When Affinity is set to AnyAvailable, and you stop and restart the instance, it can be restarted on any available host.
+                            enum:
+                            - DedicatedHost
+                            - AnyAvailable
+                            type: string
+                          dedicatedHost:
+                            description: |-
+                              dedicatedHost specifies the exact host that an instance should be restarted on if stopped.
+                              dedicatedHost is required when 'affinity' is set to DedicatedHost, and forbidden otherwise.
+                            items:
+                              description: DedicatedHost represents the configuration
+                                for the usage of dedicated host.
+                              properties:
+                                id:
+                                  description: |-
+                                    id identifies the AWS Dedicated Host on which the instance must run.
+                                    The value must start with "h-" followed by 17 lowercase hexadecimal characters (0-9 and a-f).
+                                    Must be exactly 19 characters in length.
+                                  maxLength: 19
+                                  minLength: 19
+                                  type: string
+                                  x-kubernetes-validations:
+                                  - message: hostID must start with 'h-' followed
+                                      by 17 lowercase hexadecimal characters (0-9
+                                      and a-f)
+                                    rule: self.matches('^h-[0-9a-f]{17}$')
+                              required:
+                              - id
+                              type: object
+                            type: array
+                        required:
+                        - affinity
+                        type: object
+                        x-kubernetes-validations:
+                        - message: dedicatedHost is required when affinity is DedicatedHost,
+                            and forbidden otherwise
+                          rule: 'has(self.affinity) && self.affinity == ''DedicatedHost''
+                            ?  has(self.dedicatedHost) : !has(self.dedicatedHost)'
                       iamProfile:
                         description: |-
                           IAMProfile is the name of the IAM instance profile to use for the machine.
@@ -1783,6 +1833,56 @@ spec:
                               - AMDEncryptedVirtualizationNestedPaging
                               type: string
                           type: object
+                        hostPlacement:
+                          description: |-
+                            hostPlacement configures placement on AWS Dedicated Hosts. This allows admins to assign instances to specific host
+                            for a variety of needs including for regulatory compliance, to leverage existing per-socket or per-core software licenses (BYOL),
+                            and to gain visibility and control over instance placement on a physical server.
+                            When omitted, the instance is not constrained to a dedicated host.
+                          properties:
+                            affinity:
+                              description: |-
+                                affinity specifies the affinity setting for the instance.
+                                Allowed values are AnyAvailable and DedicatedHost.
+                                When Affinity is set to DedicatedHost, an instance started onto a specific host always restarts on the same host if stopped. In this scenario, the `dedicatedHost` field must be set.
+                                When Affinity is set to AnyAvailable, and you stop and restart the instance, it can be restarted on any available host.
+                              enum:
+                              - DedicatedHost
+                              - AnyAvailable
+                              type: string
+                            dedicatedHost:
+                              description: |-
+                                dedicatedHost specifies the exact host that an instance should be restarted on if stopped.
+                                dedicatedHost is required when 'affinity' is set to DedicatedHost, and forbidden otherwise.
+                              items:
+                                description: DedicatedHost represents the configuration
+                                  for the usage of dedicated host.
+                                properties:
+                                  id:
+                                    description: |-
+                                      id identifies the AWS Dedicated Host on which the instance must run.
+                                      The value must start with "h-" followed by 17 lowercase hexadecimal characters (0-9 and a-f).
+                                      Must be exactly 19 characters in length.
+                                    maxLength: 19
+                                    minLength: 19
+                                    type: string
+                                    x-kubernetes-validations:
+                                    - message: hostID must start with 'h-' followed
+                                        by 17 lowercase hexadecimal characters (0-9
+                                        and a-f)
+                                      rule: self.matches('^h-[0-9a-f]{17}$')
+                                required:
+                                - id
+                                type: object
+                              type: array
+                          required:
+                          - affinity
+                          type: object
+                          x-kubernetes-validations:
+                          - message: dedicatedHost is required when affinity is DedicatedHost,
+                              and forbidden otherwise
+                            rule: 'has(self.affinity) && self.affinity == ''DedicatedHost''
+                              ?  has(self.dedicatedHost) : !has(self.dedicatedHost)'
                         iamProfile:
                           description: |-
                             IAMProfile is the name of the IAM instance profile to use for the machine.
@@ -3295,6 +3395,56 @@ spec:
                             - AMDEncryptedVirtualizationNestedPaging
                             type: string
                         type: object
+                      hostPlacement:
+                        description: |-
+                          hostPlacement configures placement on AWS Dedicated Hosts. This allows admins to assign instances to specific host
+                          for a variety of needs including for regulatory compliance, to leverage existing per-socket or per-core software licenses (BYOL),
+                          and to gain visibility and control over instance placement on a physical server.
+                          When omitted, the instance is not constrained to a dedicated host.
+                        properties:
+                          affinity:
+                            description: |-
+                              affinity specifies the affinity setting for the instance.
+                              Allowed values are AnyAvailable and DedicatedHost.
+                              When Affinity is set to DedicatedHost, an instance started onto a specific host always restarts on the same host if stopped. In this scenario, the `dedicatedHost` field must be set.
+                              When Affinity is set to AnyAvailable, and you stop and restart the instance, it can be restarted on any available host.
+                            enum:
+                            - DedicatedHost
+                            - AnyAvailable
+                            type: string
+                          dedicatedHost:
+                            description: |-
+                              dedicatedHost specifies the exact host that an instance should be restarted on if stopped.
+                              dedicatedHost is required when 'affinity' is set to DedicatedHost, and forbidden otherwise.
+                            items:
+                              description: DedicatedHost represents the configuration
+                                for the usage of dedicated host.
+                              properties:
+                                id:
+                                  description: |-
+                                    id identifies the AWS Dedicated Host on which the instance must run.
+                                    The value must start with "h-" followed by 17 lowercase hexadecimal characters (0-9 and a-f).
+                                    Must be exactly 19 characters in length.
+                                  maxLength: 19
+                                  minLength: 19
+                                  type: string
+                                  x-kubernetes-validations:
+                                  - message: hostID must start with 'h-' followed
+                                      by 17 lowercase hexadecimal characters (0-9
+                                      and a-f)
+                                    rule: self.matches('^h-[0-9a-f]{17}$')
+                              required:
+                              - id
+                              type: object
+                            type: array
+                        required:
+                        - affinity
+                        type: object
+                        x-kubernetes-validations:
+                        - message: dedicatedHost is required when affinity is DedicatedHost,
+                            and forbidden otherwise
+                          rule: 'has(self.affinity) && self.affinity == ''DedicatedHost''
+                            ?  has(self.dedicatedHost) : !has(self.dedicatedHost)'
                       iamProfile:
                         description: |-
                           IAMProfile is the name of the IAM instance profile to use for the machine.
@@ -4995,6 +5145,56 @@ spec:
                             - AMDEncryptedVirtualizationNestedPaging
                             type: string
                         type: object
+                      hostPlacement:
+                        description: |-
+                          hostPlacement configures placement on AWS Dedicated Hosts. This allows admins to assign instances to specific host
+                          for a variety of needs including for regulatory compliance, to leverage existing per-socket or per-core software licenses (BYOL),
+                          and to gain visibility and control over instance placement on a physical server.
+                          When omitted, the instance is not constrained to a dedicated host.
+                        properties:
+                          affinity:
+                            description: |-
+                              affinity specifies the affinity setting for the instance.
+                              Allowed values are AnyAvailable and DedicatedHost.
+                              When Affinity is set to DedicatedHost, an instance started onto a specific host always restarts on the same host if stopped. In this scenario, the `dedicatedHost` field must be set.
+                              When Affinity is set to AnyAvailable, and you stop and restart the instance, it can be restarted on any available host.
+                            enum:
+                            - DedicatedHost
+                            - AnyAvailable
+                            type: string
+                          dedicatedHost:
+                            description: |-
+                              dedicatedHost specifies the exact host that an instance should be restarted on if stopped.
+                              dedicatedHost is required when 'affinity' is set to DedicatedHost, and forbidden otherwise.
+                            items:
+                              description: DedicatedHost represents the configuration
+                                for the usage of dedicated host.
+                              properties:
+                                id:
+                                  description: |-
+                                    id identifies the AWS Dedicated Host on which the instance must run.
+                                    The value must start with "h-" followed by 17 lowercase hexadecimal characters (0-9 and a-f).
+                                    Must be exactly 19 characters in length.
+                                  maxLength: 19
+                                  minLength: 19
+                                  type: string
+                                  x-kubernetes-validations:
+                                  - message: hostID must start with 'h-' followed
+                                      by 17 lowercase hexadecimal characters (0-9
+                                      and a-f)
+                                    rule: self.matches('^h-[0-9a-f]{17}$')
+                              required:
+                              - id
+                              type: object
+                            type: array
+                        required:
+                        - affinity
+                        type: object
+                        x-kubernetes-validations:
+                        - message: dedicatedHost is required when affinity is DedicatedHost,
+                            and forbidden otherwise
+                          rule: 'has(self.affinity) && self.affinity == ''DedicatedHost''
+                            ?  has(self.dedicatedHost) : !has(self.dedicatedHost)'
                       iamProfile:
                         description: |-
                           IAMProfile is the name of the IAM instance profile to use for the machine.

pkg/asset/cluster/aws/aws.go

@@ -44,6 +44,10 @@ func PreTerraform(ctx context.Context, clusterID string, installConfig *installc
 		return err
 	}
 
+	if err := tagSharedDedicatedHosts(ctx, clusterID, installConfig); err != nil {
+		return err
+	}
+
 	if err := tagSharedIAMRoles(ctx, clusterID, installConfig); err != nil {
 		return err
 	}
@@ -244,6 +248,50 @@ func tagSharedIAMProfiles(ctx context.Context, clusterID string, installConfig *
 	return nil
 }
 
+// tagSharedDedicatedHosts tags users BYO dedicated hosts so they are not destroyed by the Installer.
+func tagSharedDedicatedHosts(ctx context.Context, clusterID string, installConfig *installconfig.InstallConfig) error {
+	var dhNames []string
+
+	// DH is only allowed to be created in "worker" pool at this time. No need to check default platform.
+	for _, compute := range installConfig.Config.Compute {
+		if compute.Name == "worker" {
+			mpool := awstypes.MachinePool{}
+			mpool.Set(installConfig.Config.AWS.DefaultMachinePlatform)
+			mpool.Set(compute.Platform.AWS)
+			if mpool.HostPlacement != nil && mpool.HostPlacement.DedicatedHost != nil {
+				for _, name := range mpool.HostPlacement.DedicatedHost {
+					dhNames = append(dhNames, name.ID)
+				}
+			}
+		}
+	}
+
+	if len(dhNames) == 0 {
+		return nil
+	}
+
+	logrus.Debugf("Tagging shared dedicated hosts: %v", dhNames)
+
+	tagKey, tagValue := sharedTag(clusterID)
+
+	ec2Client, err := awsconfig.NewEC2Client(ctx, awsconfig.EndpointOptions{
+		Region:    installConfig.Config.Platform.AWS.Region,
+		Endpoints: installConfig.Config.Platform.AWS.ServiceEndpoints,
+	})
+	if err != nil {
+		return fmt.Errorf("failed to create EC2 client: %w", err)
+	}
+
+	if _, err = ec2Client.CreateTags(ctx, &ec2.CreateTagsInput{
+		Resources: dhNames,
+		Tags:      []ec2types.Tag{{Key: &tagKey, Value: &tagValue}},
+	}); err != nil {
+		return errors.Wrap(err, "could not add tags to dedicated host")
+	}
+
+	return nil
+}
+
 func sharedTag(clusterID string) (string, string) {
 	return fmt.Sprintf("kubernetes.io/cluster/%s", clusterID), "shared"
 }

pkg/asset/installconfig/aws/dedicatedhosts.go

@@ -0,0 +1,55 @@
+package aws
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/service/ec2"
+	"github.com/sirupsen/logrus"
+)
+
+// Host holds metadata for a dedicated host.
+type Host struct {
+	// ID the ID of the host.
+	ID string
+	// Zone the zone the host belongs to.
+	Zone string
+	// Tags is the map of the Host's tags.
+	Tags Tags
+}
+
+// dedicatedHosts retrieves a list of dedicated hosts and returns them in a map keyed by the host ID.
+func dedicatedHosts(ctx context.Context, client *ec2.Client, hosts []string) (map[string]Host, error) {
+	hostsByID := map[string]Host{}
+
+	input := &ec2.DescribeHostsInput{}
+	if len(hosts) > 0 {
+		input.HostIds = hosts
+	}
+
+	paginator := ec2.NewDescribeHostsPaginator(client, input)
+	for paginator.HasMorePages() {
+		page, err := paginator.NextPage(ctx)
+		if err != nil {
+			return nil, fmt.Errorf("fetching dedicated hosts: %w", err)
+		}
+
+		for _, host := range page.Hosts {
+			id := aws.ToString(host.HostId)
+			if id == "" {
+				// Skip entries lacking an ID (should not happen)
+				continue
+			}
+
+			logrus.Debugf("Found dedicated host: %s", id)
+			hostsByID[id] = Host{
+				ID:   id,
+				Zone: aws.ToString(host.AvailabilityZone),
+				Tags: FromAWSTags(host.Tags),
+			}
+		}
+	}
+
+	return hostsByID, nil
+}

pkg/asset/installconfig/aws/metadata.go

@@ -25,6 +25,7 @@ type Metadata struct {
 	instanceTypes     map[string]InstanceType
 	images            map[string]ImageInfo
 
+	Hosts           map[string]Host
 	Region          string                     `json:"region,omitempty"`
 	ProvidedSubnets []typesaws.Subnet          `json:"subnets,omitempty"`
 	Services        []typesaws.ServiceEndpoint `json:"services,omitempty"`
@@ -406,3 +407,29 @@ func (m *Metadata) Images(ctx context.Context, amiID string) (ImageInfo, error)
 
 	return imageInfo, nil
 }
+
+// DedicatedHosts retrieves all hosts available for use to verify against this installation for configured region.
+func (m *Metadata) DedicatedHosts(ctx context.Context, hosts []typesaws.DedicatedHost) (map[string]Host, error) {
+	m.mutex.Lock()
+	defer m.mutex.Unlock()
+
+	// Create array of host IDs for client
+	hostIDs := make([]string, len(hosts))
+	for idx, host := range hosts {
+		hostIDs[idx] = host.ID
+	}
+
+	if len(m.Hosts) == 0 {
+		client, err := m.EC2Client(ctx)
+		if err != nil {
+			return nil, err
+		}
+
+		m.Hosts, err = dedicatedHosts(ctx, client, hostIDs)
+		if err != nil {
+			return nil, fmt.Errorf("error listing dedicated hosts: %w", err)
+		}
+	}
+
+	return m.Hosts, nil
+}