From 733f2b028611523684a1c75310efa8e60d222072 Mon Sep 17 00:00:00 2001 From: Leah Leshchinsky Date: Wed, 12 Jun 2024 12:17:22 -0400 Subject: [PATCH 1/3] Bump buildah storage size --- .tekton/hive-pull-request.yaml | 4 ++-- .tekton/hive-push.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.tekton/hive-pull-request.yaml b/.tekton/hive-pull-request.yaml index aa4ed7f7491..582a044ca8d 100644 --- a/.tekton/hive-pull-request.yaml +++ b/.tekton/hive-pull-request.yaml @@ -223,9 +223,9 @@ spec: taskRef: params: - name: name - value: buildah-10gb + value: buildah-20gb - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-buildah-10gb:0.1 + value: quay.io/redhat-appstudio-tekton-catalog/task-buildah-20gb:0.1 - name: kind value: task resolver: bundles diff --git a/.tekton/hive-push.yaml b/.tekton/hive-push.yaml index 80b30530089..e6bd083b149 100644 --- a/.tekton/hive-push.yaml +++ b/.tekton/hive-push.yaml @@ -220,9 +220,9 @@ spec: taskRef: params: - name: name - value: buildah-10gb + value: buildah-20gb - name: bundle - value: quay.io/redhat-appstudio-tekton-catalog/task-buildah-10gb:0.1 + value: quay.io/redhat-appstudio-tekton-catalog/task-buildah-20gb:0.1 - name: kind value: task resolver: bundles From 0154945d6009665a825f22652a0996443efa7d81 Mon Sep 17 00:00:00 2001 From: Leah Leshchinsky Date: Wed, 12 Jun 2024 12:18:19 -0400 Subject: [PATCH 2/3] Run installmanager binary in install container for fips compatibility As a result of the openshift installer transitioning from rhel8 to rhel9 (openshift/installer#8196), running openshift-install in the rhel8 backed hive container in order to install a cluster in fips mode results in a fips incompatibility. Create a seperate installmanager binary that runs the install-manager command previously invoked by hiveutil. Build a rhel8 and rhel9 version of hive, and copy both versions of installmanager to the installer container. The directory struture of the provisioning pod is also adjusted to support this change. Lastly, the installmanager binary corresponding to the rhel version of the installer container. Signed-off-by: Leah Leshchinsky --- Dockerfile | 36 +++++++++-------- Dockerfile.ubi | 34 ++++++++-------- contrib/pkg/utils/generic.go | 8 +--- hack/e2e-common.sh | 8 ++-- .../clusterdeployment_controller_test.go | 2 +- pkg/imageset/updateinstaller.go | 10 ++--- pkg/imageset/updateinstaller_test.go | 37 ++++++------------ pkg/install/generate.go | 39 ++++++++++++------- 8 files changed, 83 insertions(+), 91 deletions(-) diff --git a/Dockerfile b/Dockerfile index 3c86a09a605..4ab50de625b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,10 +1,18 @@ -FROM registry.ci.openshift.org/openshift/release:rhel-8-release-golang-1.21-openshift-4.16 as builder +FROM registry.ci.openshift.org/openshift/release:rhel-8-release-golang-1.21-openshift-4.16 as builder_rhel8 RUN mkdir -p /go/src/github.com/openshift/hive WORKDIR /go/src/github.com/openshift/hive COPY . . +RUN dnf -y install git python3-pip RUN make build -FROM quay.io/centos/centos:stream9 +FROM registry.ci.openshift.org/openshift/release:rhel-9-release-golang-1.21-openshift-4.16 as builder_rhel9 +RUN mkdir -p /go/src/github.com/openshift/hive +WORKDIR /go/src/github.com/openshift/hive +COPY . . +RUN dnf -y install git python3-pip +RUN make build + +FROM registry.redhat.io/rhel9-4-els/rhel:9.4 ARG DNF=dnf @@ -16,10 +24,12 @@ RUN if ! rpm -q openssh-clients; then $DNF install -y openssh-clients && $DNF cl # libvirt libraries required for running bare metal installer. RUN if ! rpm -q libvirt-libs; then $DNF install -y libvirt-libs && $DNF clean all && rm -rf /var/cache/dnf/*; fi -COPY --from=builder /go/src/github.com/openshift/hive/bin/manager /opt/services/ -COPY --from=builder /go/src/github.com/openshift/hive/bin/hiveadmission /opt/services/ -COPY --from=builder /go/src/github.com/openshift/hive/bin/hiveutil /usr/bin -COPY --from=builder /go/src/github.com/openshift/hive/bin/operator /opt/services/hive-operator +COPY --from=builder_rhel9 /go/src/github.com/openshift/hive/bin/manager /opt/services/ +COPY --from=builder_rhel9 /go/src/github.com/openshift/hive/bin/hiveadmission /opt/services/ +COPY --from=builder_rhel9 /go/src/github.com/openshift/hive/bin/operator /opt/services/hive-operator + +COPY --from=builder_rhel8 /go/src/github.com/openshift/hive/bin/hiveutil /usr/bin/hiveutil.rhel8 +COPY --from=builder_rhel9 /go/src/github.com/openshift/hive/bin/hiveutil /usr/bin/hiveutil # Hacks to allow writing known_hosts, homedir is / by default in OpenShift. # Bare metal installs need to write to $HOME/.cache, and $HOME/.ssh for as long as @@ -30,17 +40,9 @@ RUN mkdir -p /home/hive && \ chgrp -R 0 /home/hive && \ chmod -R g=u /home/hive -# This is so that we can write source certificate anchors during container start up. -RUN mkdir -p /etc/pki/ca-trust/source/anchors && \ - chgrp -R 0 /etc/pki/ca-trust/source/anchors && \ - chmod -R g=u /etc/pki/ca-trust/source/anchors - -# This is so that we can run update-ca-trust during container start up. -RUN mkdir -p /etc/pki/ca-trust/extracted/openssl && \ - mkdir -p /etc/pki/ca-trust/extracted/pem && \ - mkdir -p /etc/pki/ca-trust/extracted/java && \ - chgrp -R 0 /etc/pki/ca-trust/extracted && \ - chmod -R g=u /etc/pki/ca-trust/extracted +RUN mkdir -p /output/hive-trusted-cabundle && \ + chgrp -R 0 /output/hive-trusted-cabundle && \ + chmod -R g=u /output/hive-trusted-cabundle # TODO: should this be the operator? ENTRYPOINT ["/opt/services/manager"] diff --git a/Dockerfile.ubi b/Dockerfile.ubi index 1d0d3af242b..ba9bd2e3a28 100644 --- a/Dockerfile.ubi +++ b/Dockerfile.ubi @@ -1,10 +1,16 @@ -FROM registry.ci.openshift.org/openshift/release:rhel-8-release-golang-1.21-openshift-4.16 as builder +FROM registry.ci.openshift.org/openshift/release:rhel-8-release-golang-1.21-openshift-4.16 as builder_rhel8 RUN mkdir -p /go/src/github.com/openshift/hive WORKDIR /go/src/github.com/openshift/hive COPY . . RUN make build -FROM registry.access.redhat.com/ubi8/ubi-minimal +FROM registry.ci.openshift.org/openshift/release:rhel-9-release-golang-1.21-openshift-4.16 as builder_rhel9 +RUN mkdir -p /go/src/github.com/openshift/hive +WORKDIR /go/src/github.com/openshift/hive +COPY . . +RUN make build + +FROM registry.redhat.io/rhel9-4-els/rhel:9.4 ARG DNF=microdnf @@ -19,10 +25,12 @@ RUN if ! rpm -q libvirt-libs; then $DNF install -y libvirt-libs && $DNF clean al # tar is needed to package must-gathers on install failure RUN if ! which tar; then $DNF install -y tar && $DNF clean all && rm -rf /var/cache/dnf/*; fi -COPY --from=builder /go/src/github.com/openshift/hive/bin/manager /opt/services/ -COPY --from=builder /go/src/github.com/openshift/hive/bin/hiveadmission /opt/services/ -COPY --from=builder /go/src/github.com/openshift/hive/bin/hiveutil /usr/bin -COPY --from=builder /go/src/github.com/openshift/hive/bin/operator /opt/services/hive-operator +COPY --from=builder_rhel9 /go/src/github.com/openshift/hive/bin/manager /opt/services/ +COPY --from=builder_rhel9 /go/src/github.com/openshift/hive/bin/hiveadmission /opt/services/ +COPY --from=builder_rhel9 /go/src/github.com/openshift/hive/bin/operator /opt/services/hive-operator + +COPY --from=builder_rhel8 /go/src/github.com/openshift/hive/bin/hiveutil /usr/bin/hiveutil.rhel8 +COPY --from=builder_rhel9 /go/src/github.com/openshift/hive/bin/hiveutil /usr/bin/hiveutil # Hacks to allow writing known_hosts, homedir is / by default in OpenShift. # Bare metal installs need to write to $HOME/.cache, and $HOME/.ssh for as long as @@ -33,17 +41,9 @@ RUN mkdir -p /home/hive && \ chgrp -R 0 /home/hive && \ chmod -R g=u /home/hive -# This is so that we can write source certificate anchors during container start up. -RUN mkdir -p /etc/pki/ca-trust/source/anchors && \ - chgrp -R 0 /etc/pki/ca-trust/source/anchors && \ - chmod -R g=u /etc/pki/ca-trust/source/anchors - -# This is so that we can run update-ca-trust during container start up. -RUN mkdir -p /etc/pki/ca-trust/extracted/openssl && \ - mkdir -p /etc/pki/ca-trust/extracted/pem && \ - mkdir -p /etc/pki/ca-trust/extracted/java && \ - chgrp -R 0 /etc/pki/ca-trust/extracted && \ - chmod -R g=u /etc/pki/ca-trust/extracted +RUN mkdir -p /output/hive-trusted-cabundle && \ + chgrp -R 0 /output/hive-trusted-cabundle && \ + chmod -R g=u /output/hive-trusted-cabundle # TODO: should this be the operator? ENTRYPOINT ["/opt/services/manager"] diff --git a/contrib/pkg/utils/generic.go b/contrib/pkg/utils/generic.go index 31240ad2241..0a78efc6961 100644 --- a/contrib/pkg/utils/generic.go +++ b/contrib/pkg/utils/generic.go @@ -25,7 +25,7 @@ import ( ) const ( - caTrustDir = "/etc/pki/ca-trust/source/anchors/" + caTrustDir = "/output/hive-trusted-cabundle/" ) type releasePayload struct { @@ -205,10 +205,4 @@ func InstallCerts(sourceDir string) { logger.WithError(err).WithField("output", string(b)).Fatal("failed to copy certs") } logger.WithField("output", string(b)).Info("copied certs") - - b, err = exec.Command("update-ca-trust").CombinedOutput() - if err != nil { - logger.WithError(err).WithField("output", string(b)).Fatal("failed to update CA trust") - } - logger.WithField("output", string(b)).Info("updated CA trust") } diff --git a/hack/e2e-common.sh b/hack/e2e-common.sh index e018b4428b9..8f1461266c6 100755 --- a/hack/e2e-common.sh +++ b/hack/e2e-common.sh @@ -139,7 +139,9 @@ function save_hive_logs() { done # Let's try to save any prov/deprov pod logs oc get po -A -l hive.openshift.io/install=true -o custom-columns=:.metadata.namespace,:.metadata.name --no-headers | while read ns po; do - oc logs -n $ns $po -c hive > ${ARTIFACT_DIR}/${ns}-${po}.log + oc logs -n $ns $po -c hive > ${ARTIFACT_DIR}/${ns}-${po}-hive.log + oc logs -n $ns $po -c installer > ${ARTIFACT_DIR}/${ns}-${po}-installer.log + done oc get po -A -l hive.openshift.io/uninstall=true -o custom-columns=:.metadata.namespace,:.metadata.name --no-headers | while read ns po; do oc logs -n $ns $po > ${ARTIFACT_DIR}/${ns}-${po}.log @@ -269,12 +271,12 @@ function capture_cluster_logs() { # Capture install logs if IMAGESET_JOB_NAME=$(oc get job -l "hive.openshift.io/cluster-deployment-name=${CLUSTER_NAME},hive.openshift.io/imageset=true" -o name -n ${CLUSTER_NAMESPACE}) && [ "${IMAGESET_JOB_NAME}" ] then - oc logs -c hive -n ${CLUSTER_NAMESPACE} ${IMAGESET_JOB_NAME} &> "${ARTIFACT_DIR}/hive_imageset_job.log" || true + oc logs -c installer -n ${CLUSTER_NAMESPACE} ${IMAGESET_JOB_NAME} &> "${ARTIFACT_DIR}/hive_imageset_job.log" || true oc get ${IMAGESET_JOB_NAME} -n ${CLUSTER_NAMESPACE} -o yaml &> "${ARTIFACT_DIR}/hive_imageset_job.yaml" || true fi if INSTALL_JOB_NAME=$(oc get job -l "hive.openshift.io/cluster-deployment-name=${CLUSTER_NAME},hive.openshift.io/install=true" -o name -n ${CLUSTER_NAMESPACE}) && [ "${INSTALL_JOB_NAME}" ] then - oc logs -c hive -n ${CLUSTER_NAMESPACE} ${INSTALL_JOB_NAME} &> "${ARTIFACT_DIR}/hive_install_job.log" || true + oc logs -c installer -n ${CLUSTER_NAMESPACE} ${INSTALL_JOB_NAME} &> "${ARTIFACT_DIR}/hive_install_job.log" || true oc get ${INSTALL_JOB_NAME} -n ${CLUSTER_NAMESPACE} -o yaml &> "${ARTIFACT_DIR}/hive_install_job.yaml" || true fi echo "************* INSTALL JOB LOG *************" diff --git a/pkg/controller/clusterdeployment/clusterdeployment_controller_test.go b/pkg/controller/clusterdeployment/clusterdeployment_controller_test.go index 01e07e06ec0..ff3aaf17622 100644 --- a/pkg/controller/clusterdeployment/clusterdeployment_controller_test.go +++ b/pkg/controller/clusterdeployment/clusterdeployment_controller_test.go @@ -688,7 +688,7 @@ func TestClusterDeploymentReconcile(t *testing.T) { if assert.Len(t, provisions, 1, "expected exactly one ClusterProvision") { podSpec := provisions[0].Spec.PodSpec if assert.Len(t, podSpec.InitContainers, 1, "expected exactly one initContainer") { - assert.Equal(t, "installer", podSpec.InitContainers[0].Name, "expected the initContainer to be 'installer'") + assert.Equal(t, "hive", podSpec.InitContainers[0].Name, "expected the initContainer to be 'hive'") } } }, diff --git a/pkg/imageset/updateinstaller.go b/pkg/imageset/updateinstaller.go index dc411d88ac9..17499681b37 100644 --- a/pkg/imageset/updateinstaller.go +++ b/pkg/imageset/updateinstaller.go @@ -167,13 +167,9 @@ func (o *UpdateInstallerImageOptions) Run() (returnErr error) { o.log.WithField("installerImage", installerImage).Info("installer image overridden") } else { // Glean the installer image from the release metadata - installerTagName := "installer" - // If this is a bare metal install, we need to get the openshift-install binary from a different image with - // bare metal functionality compiled in. The binary is named the same and in the same location, so after swapping - // out what image to get it from, we can proceed with the code as we normally would. - if cd.Spec.Platform.BareMetal != nil { - installerTagName = "baremetal-installer" - } + // "baremetal-installer" is the legacy name for the fips compliant installer image + installerTagName := "baremetal-installer" + // Override annotation is allowed to override baremetal-installer too if cd.Annotations != nil { if override := cd.Annotations[constants.OverrideInstallerImageNameAnnotation]; override != "" { diff --git a/pkg/imageset/updateinstaller_test.go b/pkg/imageset/updateinstaller_test.go index b7dd1b0dfa5..fbec531160f 100644 --- a/pkg/imageset/updateinstaller_test.go +++ b/pkg/imageset/updateinstaller_test.go @@ -47,8 +47,8 @@ func TestUpdateInstallerImageCommand(t *testing.T) { name: "successful execution", existingClusterDeployment: testClusterDeployment(), images: map[string]string{ - "installer": testInstallerImage, - "cli": testCLIImage, + "baremetal-installer": testInstallerImage, + "cli": testCLIImage, }, validateClusterDeployment: validateSuccessfulExecution(testInstallerImage, testCLIImage, ""), }, @@ -56,7 +56,7 @@ func TestUpdateInstallerImageCommand(t *testing.T) { name: "failure execution missing cli", existingClusterDeployment: testClusterDeployment(), images: map[string]string{ - "installer": testInstallerImage, + "baremetal-installer": testInstallerImage, }, validateClusterDeployment: validateFailureExecution("could not get cli image"), expectError: true, @@ -64,24 +64,11 @@ func TestUpdateInstallerImageCommand(t *testing.T) { { name: "successful execution after failure", existingClusterDeployment: testClusterDeploymentWithErrorCondition(), - images: map[string]string{ - "installer": testInstallerImage, - "cli": testCLIImage, - }, - validateClusterDeployment: validateSuccessfulExecution(testInstallerImage, testCLIImage, installerImageResolvedReason), - }, - { - name: "successful execution baremetal platform", - existingClusterDeployment: func() *hivev1.ClusterDeployment { - cd := testClusterDeployment() - cd.Spec.Platform.BareMetal = &baremetal.Platform{} - return cd - }(), images: map[string]string{ "baremetal-installer": testInstallerImage, "cli": testCLIImage, }, - validateClusterDeployment: validateSuccessfulExecution(testInstallerImage, testCLIImage, ""), + validateClusterDeployment: validateSuccessfulExecution(testInstallerImage, testCLIImage, installerImageResolvedReason), }, { name: "installer image name override", @@ -118,8 +105,8 @@ func TestUpdateInstallerImageCommand(t *testing.T) { name: "successful execution with version in release metadata", existingClusterDeployment: testClusterDeployment(), images: map[string]string{ - "installer": testInstallerImage, - "cli": testCLIImage, + "baremetal-installer": testInstallerImage, + "cli": testCLIImage, }, version: testReleaseVersion, validateClusterDeployment: validateSuccessfulExecution(testInstallerImage, testCLIImage, ""), @@ -137,8 +124,8 @@ func TestUpdateInstallerImageCommand(t *testing.T) { name: "CLI image domain copied from installer image", existingClusterDeployment: testClusterDeploymentWithCLIDomainCopy(), images: map[string]string{ - "installer": testInstallerImage, - "cli": cliImageWithDifferentDomain, + "baremetal-installer": testInstallerImage, + "cli": cliImageWithDifferentDomain, }, validateClusterDeployment: validateSuccessfulExecution(testInstallerImage, "registry.io/foo/cli:blah", ""), }, @@ -146,8 +133,8 @@ func TestUpdateInstallerImageCommand(t *testing.T) { name: "copy requested, invalid installer image", existingClusterDeployment: testClusterDeploymentWithCLIDomainCopy(), images: map[string]string{ - "installer": "invalid image", - "cli": cliImageWithDifferentDomain, + "baremetal-installer": "invalid image", + "cli": cliImageWithDifferentDomain, }, validateClusterDeployment: validateFailureExecution("invalid installer image"), expectError: true, @@ -156,8 +143,8 @@ func TestUpdateInstallerImageCommand(t *testing.T) { name: "copy requested, invalid cli image", existingClusterDeployment: testClusterDeploymentWithCLIDomainCopy(), images: map[string]string{ - "installer": testInstallerImage, - "cli": "invalid image", + "baremetal-installer": testInstallerImage, + "cli": "invalid image", }, validateClusterDeployment: validateFailureExecution("invalid cli image"), expectError: true, diff --git a/pkg/install/generate.go b/pkg/install/generate.go index d2a73798f17..59365d3c983 100644 --- a/pkg/install/generate.go +++ b/pkg/install/generate.go @@ -154,6 +154,14 @@ func InstallerPodSpec( Name: "PULLSECRET_SECRET_NAME", Value: constants.GetMergedPullSecretName(cd), }, + { + Name: "SSL_CERT_DIR", + Value: "/etc/ssl/certs/:/output/hive-trusted-cabundle/", + }, + { + Name: "HOME", + Value: "/home/hive", + }, } env = append(env, extraEnvVars...) @@ -164,6 +172,7 @@ func InstallerPodSpec( "logs": "/logs", "installconfig": "/installconfig", "pullsecret": "/pullsecret", + "hive": "/home/hive", } var credentialRef, certificateRef string @@ -308,14 +317,14 @@ func InstallerPodSpec( // where our container will run them. This is effectively downloading the all-in-one installer. initContainers := []corev1.Container{ { - Name: "installer", - Image: installerImage, - ImagePullPolicy: corev1.PullIfNotPresent, + Name: "hive", + Image: images.GetHiveImage(), + ImagePullPolicy: corev1.PullAlways, Env: env, Command: []string{"/bin/sh", "-c"}, // Large file copy here has shown to cause problems in clusters under load, safer to copy then rename to the file the install manager is waiting for // so it doesn't try to run a partially copied binary. - Args: []string{"cp -v /bin/openshift-install /output/openshift-install.tmp && mv -v /output/openshift-install.tmp /output/openshift-install && ls -la /output"}, + Args: []string{"cp -v /usr/bin/hiveutil.rhel8 /output/hiveutil8.tmp && mv -v /output/hiveutil8.tmp /output/hiveutil.rhel8 && cp -v /usr/bin/hiveutil /output/hiveutil9.tmp && mv -v /output/hiveutil9.tmp /output/hiveutil.rhel9"}, VolumeMounts: volumeMounts, }, } @@ -333,19 +342,17 @@ func InstallerPodSpec( VolumeMounts: volumeMounts, }) } + containers := []corev1.Container{ { - Name: "hive", - Image: images.GetHiveImage(), - ImagePullPolicy: images.GetHiveClusterProvisionImagePullPolicy(), + Name: "installer", + Image: installerImage, + ImagePullPolicy: corev1.PullIfNotPresent, Env: append(env, cd.Spec.Provisioning.InstallerEnv...), - Command: []string{"/usr/bin/hiveutil"}, - Args: []string{ - "install-manager", - "--work-dir", "/output", - "--log-level", "debug", - cd.Namespace, provisionName, - }, + Command: []string{"/bin/sh", "-c"}, + // Large file copy here has shown to cause problems in clusters under load, safer to copy then rename to the file the install manager is waiting for + // so it doesn't try to run a partially copied binary. + Args: []string{fmt.Sprintf("cp -v /bin/openshift-install /output/openshift-install && major_version=$(sed -n 's/.*release \\([0-9]*\\).*/\\1/p' /etc/redhat-release) && /output/hiveutil.rhel${major_version} install-manager --work-dir /output --log-level debug %s %s", cd.Namespace, provisionName)}, VolumeMounts: volumeMounts, Resources: corev1.ResourceRequirements{ Requests: corev1.ResourceList{ @@ -543,6 +550,10 @@ func envAndVolumes(ns, credsVolName, credsDir, credsName, certsVolName, certsDir Name: "CLUSTERDEPLOYMENT_NAMESPACE", Value: ns, }, + { + Name: "SSL_CERT_DIR", + Value: "/etc/ssl/certs/:/output/hive-trusted-cabundle/", + }, } if credsName != "" { env = append(env, corev1.EnvVar{ From d1629e33e00ebea4e0a140b3f818b813d2dcdc2c Mon Sep 17 00:00:00 2001 From: Leah Leshchinsky Date: Tue, 18 Jun 2024 08:44:47 -0400 Subject: [PATCH 3/3] Consolidate Dockerfiles Signed-off-by: Leah Leshchinsky --- Dockerfile | 11 ++++---- Dockerfile.ubi | 49 ------------------------------------ build/build-image/Dockerfile | 12 --------- hack/app_sre_build_deploy.sh | 2 +- 4 files changed, 7 insertions(+), 67 deletions(-) delete mode 100644 Dockerfile.ubi delete mode 100644 build/build-image/Dockerfile diff --git a/Dockerfile b/Dockerfile index 4ab50de625b..aa269fec514 100644 --- a/Dockerfile +++ b/Dockerfile @@ -14,15 +14,16 @@ RUN make build FROM registry.redhat.io/rhel9-4-els/rhel:9.4 -ARG DNF=dnf - -RUN $DNF -y update && $DNF clean all +RUN dnf -y update && dnf clean all # ssh-agent required for gathering logs in some situations: -RUN if ! rpm -q openssh-clients; then $DNF install -y openssh-clients && $DNF clean all && rm -rf /var/cache/dnf/*; fi +RUN if ! rpm -q openssh-clients; then dnf install -y openssh-clients && dnf clean all && rm -rf /var/cache/dnf/*; fi # libvirt libraries required for running bare metal installer. -RUN if ! rpm -q libvirt-libs; then $DNF install -y libvirt-libs && $DNF clean all && rm -rf /var/cache/dnf/*; fi +RUN if ! rpm -q libvirt-libs; then dnf install -y libvirt-libs && dnf clean all && rm -rf /var/cache/dnf/*; fi + +# tar is needed to package must-gathers on install failure +RUN if ! which tar; then dnf install -y tar && dnf clean all && rm -rf /var/cache/dnf/*; fi COPY --from=builder_rhel9 /go/src/github.com/openshift/hive/bin/manager /opt/services/ COPY --from=builder_rhel9 /go/src/github.com/openshift/hive/bin/hiveadmission /opt/services/ diff --git a/Dockerfile.ubi b/Dockerfile.ubi deleted file mode 100644 index ba9bd2e3a28..00000000000 --- a/Dockerfile.ubi +++ /dev/null @@ -1,49 +0,0 @@ -FROM registry.ci.openshift.org/openshift/release:rhel-8-release-golang-1.21-openshift-4.16 as builder_rhel8 -RUN mkdir -p /go/src/github.com/openshift/hive -WORKDIR /go/src/github.com/openshift/hive -COPY . . -RUN make build - -FROM registry.ci.openshift.org/openshift/release:rhel-9-release-golang-1.21-openshift-4.16 as builder_rhel9 -RUN mkdir -p /go/src/github.com/openshift/hive -WORKDIR /go/src/github.com/openshift/hive -COPY . . -RUN make build - -FROM registry.redhat.io/rhel9-4-els/rhel:9.4 - -ARG DNF=microdnf - -RUN $DNF -y update && $DNF clean all - -# ssh-agent required for gathering logs in some situations: -RUN if ! rpm -q openssh-clients; then $DNF install -y openssh-clients && $DNF clean all && rm -rf /var/cache/dnf/*; fi - -# libvirt libraries required for running bare metal installer. -RUN if ! rpm -q libvirt-libs; then $DNF install -y libvirt-libs && $DNF clean all && rm -rf /var/cache/dnf/*; fi - -# tar is needed to package must-gathers on install failure -RUN if ! which tar; then $DNF install -y tar && $DNF clean all && rm -rf /var/cache/dnf/*; fi - -COPY --from=builder_rhel9 /go/src/github.com/openshift/hive/bin/manager /opt/services/ -COPY --from=builder_rhel9 /go/src/github.com/openshift/hive/bin/hiveadmission /opt/services/ -COPY --from=builder_rhel9 /go/src/github.com/openshift/hive/bin/operator /opt/services/hive-operator - -COPY --from=builder_rhel8 /go/src/github.com/openshift/hive/bin/hiveutil /usr/bin/hiveutil.rhel8 -COPY --from=builder_rhel9 /go/src/github.com/openshift/hive/bin/hiveutil /usr/bin/hiveutil - -# Hacks to allow writing known_hosts, homedir is / by default in OpenShift. -# Bare metal installs need to write to $HOME/.cache, and $HOME/.ssh for as long as -# we're hitting libvirt over ssh. OpenShift will not let you write these directories -# by default so we must setup some permissions here. -ENV HOME /home/hive -RUN mkdir -p /home/hive && \ - chgrp -R 0 /home/hive && \ - chmod -R g=u /home/hive - -RUN mkdir -p /output/hive-trusted-cabundle && \ - chgrp -R 0 /output/hive-trusted-cabundle && \ - chmod -R g=u /output/hive-trusted-cabundle - -# TODO: should this be the operator? -ENTRYPOINT ["/opt/services/manager"] diff --git a/build/build-image/Dockerfile b/build/build-image/Dockerfile deleted file mode 100644 index 9de191fe056..00000000000 --- a/build/build-image/Dockerfile +++ /dev/null @@ -1,12 +0,0 @@ -FROM registry.ci.openshift.org/openshift/release:rhel-8-release-golang-1.21-openshift-4.16 - -# setting Git username and email for workaround of -# https://github.com/jenkinsci/docker/issues/519 -ENV GIT_COMMITTER_NAME hive-team -ENV GIT_COMMITTER_EMAIL hive-team@redhat.com - -# Basic Debug Tools -RUN yum -y install strace tcping && yum clean all - -# Get rid of "go: disabling cache ..." errors. -RUN mkdir -p /go && chgrp -R root /go && chmod -R g+rwX /go diff --git a/hack/app_sre_build_deploy.sh b/hack/app_sre_build_deploy.sh index 8bf5595ac44..f1fb22945d6 100755 --- a/hack/app_sre_build_deploy.sh +++ b/hack/app_sre_build_deploy.sh @@ -99,7 +99,7 @@ else fi # build the image -CONTAINER_BUILD_FLAGS="--file ./Dockerfile.ubi" make IMG="$IMG" GO_REQUIRED_MIN_VERSION:= docker-build +CONTAINER_BUILD_FLAGS="--file ./Dockerfile" make IMG="$IMG" GO_REQUIRED_MIN_VERSION:= docker-build # push the image make IMG="$IMG" docker-push