Move discovery_hosts to cloud_infra.yaml

- Introduce config/cloud_infra.yaml as a mandatory config file for
  discovery_hosts, separating it from global.yaml
- Add config/cloud_infra.example.yaml template
- Remove discovery_hosts from config/global.example.yaml
- Add named --global-vars --certs-vars params to bootstrap.sh and
  validations.sh, replacing positional arguments

Author: eurijon

README.md

@@ -15,8 +15,10 @@ Check [Topo.png](docs/Topo.png) for expected hardware setup and [ArchMap.png](do
 ```bash
 cp config/global.example.yaml config/global.yaml
 cp config/certificates.example.yaml config/certificates.yaml
+cp config/cloud_infra.example.yaml config/cloud_infra.yaml
 vim config/global.yaml        # Fill in your cluster, network, and hardware settings
 vim config/certificates.yaml  # Fill in your SSL certificates
+vim config/cloud_infra.yaml   # Fill in your discovery hosts (or leave discovery_hosts: [])
 ```
 
 2. Run the bootstrap script:
@@ -280,6 +282,7 @@ ssh cloud-user@<landing-zone-ip>
 ls -la /home/cloud-user/enclave
 cat /home/cloud-user/enclave/config/global.yaml
 cat /home/cloud-user/enclave/config/certificates.yaml
+cat /home/cloud-user/enclave/config/cloud_infra.yaml
 ```
 
 #### Test Only Cluster Deployment

bootstrap.sh

@@ -2,27 +2,73 @@
 set -o pipefail
 set -e
 
+usage() {
+    echo "Usage: $0 [OPTIONS]"
+    echo ""
+    echo "Options:"
+    echo "  --global-vars FILE    Path to global vars file (default: config/global.yaml)"
+    echo "  --certs-vars FILE     Path to certificates vars file (default: config/certificates.yaml)"
+    echo "  -h, --help            Show this help message"
+    exit 0
+}
+
+global_vars=config/global.yaml
+certs_vars=config/certificates.yaml
+cloud_infra_vars=config/cloud_infra.yaml
+
+while [[ $# -gt 0 ]]; do
+    case $1 in
+        --global-vars)
+            global_vars="$2"
+            shift 2
+            ;;
+        --certs-vars)
+            certs_vars="$2"
+            shift 2
+            ;;
+        -h|--help)
+            usage
+            ;;
+        *)
+            echo "Error: Unknown option '$1'"
+            usage
+            ;;
+    esac
+done
+
+echo " "
+echo " ██████╗░███████╗██████╗░  ██╗░░██╗░█████╗░████████╗"
+echo " ██╔══██╗██╔════╝██╔══██╗  ██║░░██║██╔══██╗╚══██╔══╝"
+echo " ██████╔╝█████╗░░██║░░██║  ███████║███████║░░░██║░░░"
+echo " ██╔══██╗██╔══╝░░██║░░██║  ██╔══██║██╔══██║░░░██║░░░"
+echo " ██║░░██║███████╗██████╔╝  ██║░░██║██║░░██║░░░██║░░░"
+echo " ╚═╝░░╚═╝╚══════╝╚═════╝░  ╚═╝░░╚═╝╚═╝░░╚═╝░░░╚═╝░░░"
+echo " "
+echo "This script is designed to be re-run on demand "
+echo "NOTE: Every run will destroy the entire cloud  "
+echo "      Some functions will reuse local caches   "
+echo ""
+
 getValue(){
     python -c 'import sys, yaml, json; print(json.dumps(yaml.safe_load(sys.stdin)))' < $global_vars \
         | jq -r $1
 }
 
-global_vars=${1:-config/global.yaml}
-certs_vars=${2:-config/certificates.yaml}
-
 if [ ! -f "$global_vars" ]; then
     echo "Error: $global_vars not found."
-    if [ -z "$1" ]; then
-        echo "Copy config/global.example.yaml to $global_vars and fill in your values."
-    fi
+    echo "Copy config/global.example.yaml to $global_vars and fill in your values."
     exit 1
 fi
 
 if [ ! -f "$certs_vars" ]; then
     echo "Error: $certs_vars not found."
-    if [ -z "$2" ]; then
-        echo "Copy config/certificates.example.yaml to $certs_vars and fill in your values."
-    fi
+    echo "Copy config/certificates.example.yaml to $certs_vars and fill in your values."
+    exit 1
+fi
+
+if [ ! -f "$cloud_infra_vars" ]; then
+    echo "Error: $cloud_infra_vars not found."
+    echo "Copy config/cloud_infra.example.yaml to $cloud_infra_vars and fill in your values."
     exit 1
 fi
 
@@ -36,19 +82,6 @@ _cleanup(){
     rm -fr "${lck}"
 }
 
-
-echo " "
-echo " ██████╗░███████╗██████╗░  ██╗░░██╗░█████╗░████████╗"
-echo " ██╔══██╗██╔════╝██╔══██╗  ██║░░██║██╔══██╗╚══██╔══╝"
-echo " ██████╔╝█████╗░░██║░░██║  ███████║███████║░░░██║░░░"
-echo " ██╔══██╗██╔══╝░░██║░░██║  ██╔══██║██╔══██║░░░██║░░░"
-echo " ██║░░██║███████╗██████╔╝  ██║░░██║██║░░██║░░░██║░░░"
-echo " ╚═╝░░╚═╝╚══════╝╚═════╝░  ╚═╝░░╚═╝╚═╝░░╚═╝░░░╚═╝░░░"
-echo " "
-echo "This script is designed to be re-run on demand "
-echo "NOTE: Every run will destroy the entire cloud  "
-echo "      Some functions will reuse local caches   "
-
 read -rp "Press Enter to start .. " -n1 -s
 
 if [ -e ${lck} ]; then
@@ -72,7 +105,7 @@ date > "$log"
 
 echo -p "Check Config .. " -n1 -s | tee -a ${log}
 FList="ansible.cfg  bootstrap.sh  playbooks/main.yaml  playbooks/  \
-        setup_ansible.sh  setup_env.sh $global_vars $certs_vars"
+        setup_ansible.sh  setup_env.sh $global_vars $certs_vars $cloud_infra_vars"
 for x in $FList; do
     if [ -e $x ]; then
         echo "file check passed ..." $x   | tee -a ${log}
@@ -90,7 +123,7 @@ echo -e "\e[38;5;10m Done...\033[0m"; date
 
 echo -p "Validating Config .. " -n1 -s  | tee -a ${log}
     ansible-playbook playbooks/validate-schema.yaml -e@$global_vars -e@$certs_vars --tags schema-validation 2>&1 | tee -a ${log}
-    bash ./validations.sh $global_vars $certs_vars 2>&1 | tee -a ${log}
+    bash ./validations.sh --global-vars $global_vars --certs-vars $certs_vars 2>&1 | tee -a ${log}
 echo -e "\e[38;5;10m Done...\033[0m"; date
 
 echo -p "Downloading Deps Content .. " -n1 -s

config/README.md

@@ -9,10 +9,12 @@ This directory contains the configuration files needed for your enclave deployme
    cd config/
    cp global.example.yaml global.yaml
    cp certificates.example.yaml certificates.yaml
+   cp cloud_infra.example.yaml cloud_infra.yaml
    ```
 
 2. **Fill in `global.yaml` with your environment details**
 3. **Fill in `certificates.yaml` with your SSL certificates**
+4. **Fill in `cloud_infra.yaml` with your discovery hosts (or leave `discovery_hosts: []` if not needed)**
 
 ## Configuration Files
 
@@ -22,8 +24,11 @@ Contains all cluster and infrastructure configuration.
 ### `certificates.yaml` (required)
 Contains SSL certificates for the cluster.
 
+### `cloud_infra.yaml` (required)
+Contains cloud infrastructure configuration, including the list of worker nodes to be discovered and added to the cluster. Set `discovery_hosts: []` if no discovery hosts are needed.
+
 ## Security
-- **Never commit `global.yaml` or `certificates.yaml` to version control**
+- **Never commit `global.yaml`, `certificates.yaml` or `cloud_infra.yaml` to version control**
 - These files contain sensitive credentials and private keys
 - The `.gitignore` is configured to exclude them
 

config/cloud_infra.example.yaml

@@ -0,0 +1,23 @@
+##############################################################################
+# CLOUD INFRASTRUCTURE CONFIGURATION TEMPLATE
+# Instructions: Copy this file to 'cloud_infra.yaml' and fill in your values
+##############################################################################
+
+# ============================================================================
+# Discovery Hosts Configuration
+# ============================================================================
+# Discovery hosts for cloud infrastructure (CaaS)
+# These are worker nodes that will be discovered and added to the cluster
+# Set to an empty list if no discovery hosts are needed:
+# discovery_hosts: []
+#
+# Or add hosts to discover:
+discovery_hosts:
+  - name: YOUR_NODE_NAME              # Example: node01
+    macAddress: YOUR_MAC_ADDRESS      # Example: 0c:c4:7a:62:fe:ec
+    ipAddress: YOUR_IP_ADDRESS        # Should be in machineNetwork
+    redfish: YOUR_REDFISH_IP          # IPMI/Redfish management IP
+    rootDisk: YOUR_ROOT_DISK_PATH     # Example: /dev/disk/by-path/pci-0000:00:11.4-ata-1.0
+    redfishUser: YOUR_REDFISH_USER
+    redfishPassword: YOUR_REDFISH_PASSWORD
+  # Add more hosts as needed

config/global.example.yaml

@@ -120,17 +120,3 @@ agent_hosts:
 # instead of the macAddress and ipAddress parameters
 # See docs/CONFIGURATION_REFERENCE.md for reference
 
-# ============================================================================
-# Discovery Hosts Configuration
-# ============================================================================
-# Discovery hosts for cloud infrastructure (CaaS)
-# These are worker nodes that will be discovered and added to the cluster
-discovery_hosts:
-  - name: YOUR_NODE_NAME              # Example: node01
-    macAddress: YOUR_MAC_ADDRESS      # Example: 0c:c4:7a:62:fe:ec
-    ipAddress: YOUR_IP_ADDRESS        # Shoul be in machineNetwork
-    redfish: YOUR_REDFISH_IP          # IPMI/Redfish management IP
-    rootDisk: YOUR_ROOT_DISK_PATH     # Example: /dev/disk/by-path/pci-0000:00:11.4-ata-1.0
-    redfishUser: YOUR_REDFISH_USER
-    redfishPassword: YOUR_REDFISH_PASSWORD
-  # Add more hosts as needed

docs/CONFIGURATION_REFERENCE.md

@@ -499,7 +499,7 @@ curl -k -u user:pass https://<redfish-ip>/redfish/v1/Systems/1/EthernetInterface
 
 ## Discovery Hosts Configuration
 
-The discovery hosts configuration is defined in `config/global.yaml` for discovering new nodes after the initial cluster deployment. This configuration uses the same network settings (defaultDNS, defaultGateway, defaultPrefix, lzBmcIP) as the main cluster deployment.
+The discovery hosts configuration is defined in `config/cloud_infra.yaml` for discovering new nodes after the initial cluster deployment. This configuration uses the same network settings (defaultDNS, defaultGateway, defaultPrefix, lzBmcIP) as the main cluster deployment.
 
 ### Discovery Hosts Settings
 

docs/DEPLOYMENT_GUIDE.md

@@ -741,7 +741,7 @@ After the initial cluster deployment, you can discover and add new bare metal no
 
 ### Configuration
 
-Add or edit the `discovery_hosts` section in `config/global.yaml` with the details of the nodes you want to discover:
+Add or edit the `discovery_hosts` section in `config/cloud_infra.yaml` with the details of the nodes you want to discover:
 
 ```yaml
 # Discovery hosts for cloud infrastructure (CaaS)
@@ -780,9 +780,9 @@ Each node in `discovery_hosts` requires:
 
 ### Running Discovery
 
-1. **Edit the configuration** in `config/global.yaml`:
+1. **Edit the configuration** in `config/cloud_infra.yaml`:
    ```bash
-   vim config/global.yaml
+   vim config/cloud_infra.yaml
    # Add or update the discovery_hosts section
    ```
 

must-gather/gather_lz.sh

@@ -175,3 +175,32 @@ PYTHON_SCRIPT
 
     log_info "  OK Collected configuration (sanitized)"
 fi
+
+CLOUD_INFRA_FILE="${ENCLAVE_DIR}/config/cloud_infra.yaml"
+if [ -f "${CLOUD_INFRA_FILE}" ]; then
+    python3 <<PYTHON_SCRIPT > "${COLLECTION_DIR}/config/cloud_infra.yaml" 2>/dev/null || true
+import sys
+import yaml
+
+with open('${CLOUD_INFRA_FILE}', 'r') as f:
+    data = yaml.safe_load(f)
+
+if 'discovery_hosts' in data and isinstance(data['discovery_hosts'], list):
+    for host in data['discovery_hosts']:
+        if isinstance(host, dict):
+            if 'redfishPassword' in host:
+                host['redfishPassword'] = 'REDACTED'
+            if 'password' in host:
+                host['password'] = 'REDACTED'
+
+yaml.dump(data, sys.stdout, default_flow_style=False, sort_keys=False)
+PYTHON_SCRIPT
+
+    if [ ! -s "${COLLECTION_DIR}/config/cloud_infra.yaml" ]; then
+        log_warning "Python sanitization failed for cloud_infra.yaml, using sed fallback"
+        sed -e 's/\(redfishPassword:\).*/\1 REDACTED/' \
+            "${CLOUD_INFRA_FILE}" > "${COLLECTION_DIR}/config/cloud_infra.yaml" 2>/dev/null || true
+    fi
+
+    log_info "  OK Collected cloud infra configuration (sanitized)"
+fi

playbooks/07-configure-discovery.yaml

@@ -6,11 +6,6 @@
     - name: Load common variables
       ansible.builtin.include_tasks: common/load-vars.yaml
 
-    - name: Set discovery_hosts default
-      ansible.builtin.set_fact:
-        discovery_hosts: []
-      when: discovery_hosts is not defined
-
     - name: Deploy Metal3 common resources
       ansible.builtin.include_tasks: "../playbooks/tasks/deploy_metal3_common.yaml"
 

playbooks/common/load-vars.yaml

@@ -9,6 +9,9 @@
 - name: Include certificate vars
   ansible.builtin.include_vars: ../../config/certificates.yaml
 
+- name: Include cloud infra vars
+  ansible.builtin.include_vars: ../../config/cloud_infra.yaml
+
 - name: Include common configuration
   ansible.builtin.include_vars: "../../defaults/{{ config_file }}"
   loop: