testsys: aws-k8s migration testing with cargo make test
#2273
Conversation
ecpullen
force-pushed
the
cargo-make-updown
branch
from
2e1754e
to
9dc1229
Compare
ecpullen
changed the title
aws-k8s migration testing with cargo make test
ecpullen
changed the title
aws-k8s migration testing with cargo make testaws-k8s migration testing with cargo make test
ecpullen
force-pushed
the
cargo-make-updown
branch
from
9dc1229
to
7c8803f
Compare
ecpullen
force-pushed
the
cargo-make-updown
branch
from
7c8803f
to
2cec493
Compare
|
^ addressed @jpculp comments |
| migrate_to_version: self | ||
| .migrate_to_version | ||
| .as_ref() | ||
| .context("You must provide a target version for upgrade downgrade testing.")? |
There was a problem hiding this comment.
A little late to comment on this, but I just realized that in all the Bottlerocket repo, we don't use anyhow and instead we use snafu. I think we should be consistent and move at least this part of testsys to snafu. I'm not blocking on this though but an issue should be good.
There was a problem hiding this comment.
I will add an issue for this.
tools/testsys/src/aws_resources.rs
Outdated
| /// An enum to differentiate between upgrade and downgrade tests. `MigrationVersion::Starting` will | ||
| /// create a migration to the starting version. |
There was a problem hiding this comment.
Nit: comments related to each enum should be on top of the enum.
tools/testsys/src/aws_resources.rs
Outdated
| MigrationVersion::Starting => migration.starting_version.to_string(), | ||
| MigrationVersion::Migrated => migration.migrate_to_version.to_string(), |
There was a problem hiding this comment.
starting_version and migrate_to_version are both String, why the need of to_string()?
ecpullen
force-pushed
the
cargo-make-updown
branch
from
2cec493
to
373ed74
Compare
|
^ addresses @arnaldo2792 comments |
TESTING.md
Outdated
| In order to accomplish this a few artifacts need to be created: | ||
| * `TUF` repos that are publicly accessible | ||
| * A previous release of bottlerocket signed with available keys | ||
| * The ami id from the previous release |
TESTING.md
Outdated
| Migration testing starts testsys at a starting version, or a provided initial image id and migrates instances to the target version. | ||
| In order to accomplish this a few artifacts need to be created: | ||
| * `TUF` repos that are publicly accessible | ||
| * A previous release of bottlerocket signed with available keys |
There was a problem hiding this comment.
Nit: sed 's/bottlerocket/Bottlerocket'
TESTING.md
Outdated
| * `TUF` repos that are publicly accessible | ||
| * A previous release of bottlerocket signed with available keys | ||
| * The ami id from the previous release | ||
| * Build images and repos for current changes |
There was a problem hiding this comment.
Nit: a link to the documentation that explains how to build and publish repos would be nice
TESTING.md
Outdated
|
|
||
| #### Prepare `Infra.toml` | ||
|
|
||
| A publicly available s3 bucket is needed to complete the next steps, once a bucket is created the steps may be continued. |
There was a problem hiding this comment.
This is not true, a contributor can use whatever they want to store their TUF repositories, so it will be best to say "the URL of a TUF repository" or something along those lines.
There was a problem hiding this comment.
The example steps I provide include syncing tuf repos with the pre-update metadata. I was trying to make the process of onboarding to testsys as easy as possible by providing a sample workflow from start to finish. I can add to the beginning that it is not required to have, but this example will use it.
There was a problem hiding this comment.
I think it will be best to point whomever reads this guide to this document so that they are aware that they are free to decide where to store their TUF repo. I would definitely remove the "publicly" available part since that isn't a good practice, and we shouldn't advocate for that. It will be best to say "use the URL of an accessible TUF repo"; and for your example, assume the contributor followed the link you will add, and that they have a URL that is on top of a properly configured S3 bucket (that's what ultimately happened in the document I linked).
TESTING.md
Outdated
| #### Prepare `Infra.toml` | ||
|
|
||
| A publicly available s3 bucket is needed to complete the next steps, once a bucket is created the steps may be continued. | ||
| `Infra.toml` is used by testsys to determine tuf repo locations, so `metadata_base_url` and `targets_base_url` need to be set based on the s3 bucket. The examples below assume `metadata_base_url` is the top level directory of the bucket and `targets_base_url` is a directory named `targets` in the top level directory. |
There was a problem hiding this comment.
Nit: a line per sentence
TESTING.md
Outdated
| #### Starting bottlerocket images | ||
|
|
||
| In this example we will use `v1.8.0` as our starting bottlerocket version, but any tag from bottlerocket will work. | ||
| The following bash will checkout the proper branch from git and create the build images and repos for testing. |
There was a problem hiding this comment.
| The following bash will checkout the proper branch from git and create the build images and repos for testing. | |
| The following bash script will checkout the proper branch from git and create the build images and TUF repos for testing. |
TESTING.md
Outdated
|
|
||
| ```shell | ||
| export TESTSYS_STARTING_VERSION="1.8.0" | ||
| git checkout v${TESTSYS_STARTING_VERSION} |
There was a problem hiding this comment.
| git checkout v${TESTSYS_STARTING_VERSION} | |
| git checkout "v${TESTSYS_STARTING_VERSION}" |
TESTING.md
Outdated
| cargo make repo | ||
| ``` | ||
|
|
||
| Next, the repos need to be added to the `TUF` repos (s3 bucket). Make sure to change `S3_BUCKET_NAME` to the `TUF` repo bucket name. |
There was a problem hiding this comment.
I think all mentions of a S3 bucket should be removed, folks in the community may have their own way to update their TUF repos.
There was a problem hiding this comment.
See above comment. Should we remove the step by step guide so that we can remove the s3 bucket bits?
TESTING.md
Outdated
|
|
||
| ```shell | ||
| WORKING_BRANCH="develop" | ||
| git checkout ${WORKING_BRANCH} |
There was a problem hiding this comment.
Nit:
| git checkout ${WORKING_BRANCH} | |
| git checkout "${WORKING_BRANCH}" |
TESTING.md
Outdated
| git checkout ${WORKING_BRANCH} | ||
| ``` | ||
|
|
||
| Now, [Release.toml](Release.toml) may need to be updated. |
There was a problem hiding this comment.
For this testing it must, right?
There was a problem hiding this comment.
For using develop yes. But if someone wanted to try building 1.6.0 and 1.6.1 to see how testsys migrations work they wouldn't need to.
ecpullen
force-pushed
the
cargo-make-updown
branch
from
373ed74
to
8f3033a
Compare
ecpullen
force-pushed
the
cargo-make-updown
branch
2 times, most recently
from
d512ebc
to
0463854
Compare
|
^^ Address @etungsten comments |
ecpullen
force-pushed
the
cargo-make-updown
branch
from
0463854
to
ef9d87f
Compare
|
^ spell check on markdown and automatically determine correct AMI ID using previous bottlerocket release tag. |
ecpullen
force-pushed
the
cargo-make-updown
branch
from
ef9d87f
to
8c91570
Compare
TESTING.md
Outdated
| The last step with the older Bottlerocket version is retrieving the AMI that was created. | ||
|
|
||
| ```shell | ||
| BUILDSYS_ARCH="x86_64" | ||
| BUILDSYS_VARIANT="aws-k8s-1.21" | ||
| REGION="us-west-2" | ||
|
|
||
| AMIS_JSON="build/images/${BUILDSYS_ARCH}-${BUILDSYS_VARIANT}/latest/bottlerocket-${BUILDSYS_VARIANT}-${BUILDSYS_ARCH}-amis.json" |
There was a problem hiding this comment.
Is this step still needed for something?
TESTING.md
Outdated
| cargo make repo | ||
| ``` | ||
|
|
||
| Next, the local repos need to be added to the TUF repos. |
There was a problem hiding this comment.
| Next, the local repos need to be added to the TUF repos. | |
| Remember to sync your TUF repos with the new metadata and targets. |
tools/testsys/src/aws_resources.rs
Outdated
| /// Creates 5 `Test` crds for migration testing. Consisting of a `quick` test, a migration to | ||
| /// the target version, a `quick` test to validate the migration, a migration to the starting | ||
| /// version, and a `quick` test to validate the second migration. |
There was a problem hiding this comment.
nit: this sort of comment seems like it could get outdated pretty quickly - it's specific in both the number and order of the tests.
It might be better to document each of the steps inline, since there's a natural separation after each depends_on.push() to talk about what & why each CRD is added.
| let initial = self.sonobuoy_crd("-1-initial", SonobuoyMode::Quick, None, testsys_images)?; | ||
| depends_on.push(initial.name().context("Crd missing name")?); | ||
| let start_migrate = self.migration_crd( | ||
| format!("{}-2-migrate", self.cluster_name()), |
There was a problem hiding this comment.
Not a big deal here but I wonder if we could do the numbering somewhere else, so it's automatically part of the name in the output based on the position in the vector.
| Some(depends_on.clone()), | ||
| testsys_images, | ||
| )?; | ||
| depends_on.push(start_migrate.name().context("Crd missing name")?); |
There was a problem hiding this comment.
Also not a big deal here but should "name" be a required field or have a default value?
I wonder if the cases where the name is optional are worth the added friction in what feels like the normal case here. You could potentially have a NamedCrd type and add a From impl to Crd for it.
There was a problem hiding this comment.
The crd itself (for tests and resources) has the name field as an Option so somewhere there needs to be an unwrap() or context() to read it unless we default with "", but that has the potential to cause issues if the field was missing for some reason.
| /// Return the name of the instance provider that the migration agents should use to get the | ||
| /// instance ids. | ||
| fn instance_provider(&self) -> String; |
There was a problem hiding this comment.
This seems like a place where stronger typing could be useful. It sort of sticks out as having not very much to do with migration testing.
There was a problem hiding this comment.
I was wondering if an instance provider trait would be helpful or not.
ecpullen
force-pushed
the
cargo-make-updown
branch
from
8c91570
to
97dcd67
Compare
ecpullen
force-pushed
the
cargo-make-updown
branch
from
452c8ce
to
8505fc0
Compare
ecpullen
force-pushed
the
cargo-make-updown
branch
from
8505fc0
to
e0b94ff
Compare
Issue number:
#2149
Description of changes:
Introduces migrations to
cargo make test. The added documentation inTESTING.mdwill help any user set up the necessary infrastructure to run migration testing with all aws-k8s variants.Testing done:
Used
cargo make -e TESTSYS_TEST=migration testto run a migration test on aws-k8s-1.21 and all tests passed successfully.Terms of contribution:
By submitting this pull request, I agree that this contribution is dual-licensed under the terms of both the Apache License, version 2.0, and the MIT license.