MCO-871 MCO add OCL dedicated job

ci-operator/config/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.18__amd64-nightly.yaml

@@ -322,6 +322,22 @@ tests:
     test:
     - ref: openshift-extended-test-longduration
     workflow: cucushift-installer-rehearse-aws-ipi
+- as: aws-ipi-longduration-mco-ocl-f9
+  cron: 16 8 4,16,25 * *
+  steps:
+    allow_skip_on_success: true
+    cluster_profile: aws-qe
+    env:
+      BASE_DOMAIN: qe.devcluster.openshift.com
+      COMPUTE_NODE_REPLICAS: "2"
+      FEATURE_SET: TechPreviewNoUpgrade
+      MCO_CONF_DAY2_ENABLE_OCL_POOLS: worker
+      TEST_FILTERS: ~ChkUpgrade&;~DisconnectedOnly&;~MicroShiftOnly&;~ocb&;~Layering&
+      TEST_SCENARIOS: "42361"
+      TEST_TIMEOUT: "120"
+    test:
+    - chain: openshift-e2e-test-mco-qe-longduration
+    workflow: cucushift-installer-rehearse-aws-ipi
 - as: aws-ipi-longduration-mco-g1-f9
   cron: 16 8 4,16,25 * *
   steps:

ci-operator/jobs/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.18-periodics.yaml

@@ -17723,6 +17723,94 @@ periodics:
     - name: result-aggregator
       secret:
         secretName: result-aggregator
+- agent: kubernetes
+  cluster: build03
+  cron: 16 8 4,16,25 * *
+  decorate: true
+  decoration_config:
+    skip_cloning: true
+  extra_refs:
+  - base_ref: release-4.18
+    org: openshift
+    repo: openshift-tests-private
+  labels:
+    ci-operator.openshift.io/cloud: aws
+    ci-operator.openshift.io/cloud-cluster-profile: aws-qe
+    ci-operator.openshift.io/variant: amd64-nightly
+    ci.openshift.io/generator: prowgen
+    job-release: "4.18"
+    pj-rehearse.openshift.io/can-be-rehearsed: "true"
+  name: periodic-ci-openshift-openshift-tests-private-release-4.18-amd64-nightly-aws-ipi-longduration-mco-ocl-f9
+  spec:
+    containers:
+    - args:
+      - --gcs-upload-secret=/secrets/gcs/service-account.json
+      - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson
+      - --lease-server-credentials-file=/etc/boskos/credentials
+      - --oauth-token-path=/usr/local/github-credentials/oauth
+      - --report-credentials-file=/etc/report/credentials
+      - --secret-dir=/secrets/ci-pull-credentials
+      - --secret-dir=/usr/local/aws-ipi-longduration-mco-ocl-f9-cluster-profile
+      - --target=aws-ipi-longduration-mco-ocl-f9
+      - --variant=amd64-nightly
+      command:
+      - ci-operator
+      image: ci-operator:latest
+      imagePullPolicy: Always
+      name: ""
+      resources:
+        requests:
+          cpu: 10m
+      volumeMounts:
+      - mountPath: /etc/boskos
+        name: boskos
+        readOnly: true
+      - mountPath: /secrets/ci-pull-credentials
+        name: ci-pull-credentials
+        readOnly: true
+      - mountPath: /usr/local/aws-ipi-longduration-mco-ocl-f9-cluster-profile
+        name: cluster-profile
+      - mountPath: /secrets/gcs
+        name: gcs-credentials
+        readOnly: true
+      - mountPath: /usr/local/github-credentials
+        name: github-credentials-openshift-ci-robot-private-git-cloner
+        readOnly: true
+      - mountPath: /secrets/manifest-tool
+        name: manifest-tool-local-pusher
+        readOnly: true
+      - mountPath: /etc/pull-secret
+        name: pull-secret
+        readOnly: true
+      - mountPath: /etc/report
+        name: result-aggregator
+        readOnly: true
+    serviceAccountName: ci-operator
+    volumes:
+    - name: boskos
+      secret:
+        items:
+        - key: credentials
+          path: credentials
+        secretName: boskos-credentials
+    - name: ci-pull-credentials
+      secret:
+        secretName: ci-pull-credentials
+    - name: cluster-profile
+      secret:
+        secretName: cluster-secrets-aws-qe
+    - name: github-credentials-openshift-ci-robot-private-git-cloner
+      secret:
+        secretName: github-credentials-openshift-ci-robot-private-git-cloner
+    - name: manifest-tool-local-pusher
+      secret:
+        secretName: manifest-tool-local-pusher
+    - name: pull-secret
+      secret:
+        secretName: registry-pull-credentials
+    - name: result-aggregator
+      secret:
+        secretName: result-aggregator
 - agent: kubernetes
   cluster: build03
   cron: 0 17 1,3,5,7,9,11,13,15,17,19,21,23,25,27,29 * *

ci-operator/step-registry/mco/conf/day2/enable-ocl/OWNERS

@@ -0,0 +1,14 @@
+approvers:
+  - Xia-Zhao-rh
+  - kuiwang02
+  - bandrade
+  - jianzhangbjz
+  - sergiordlr
+  - ptalgulk01
+reviewers:
+  - Xia-Zhao-rh
+  - kuiwang02
+  - bandrade
+  - jianzhangbjz
+  - sergiordlr
+  - ptalgulk01

ci-operator/step-registry/mco/conf/day2/enable-ocl/README.md

@@ -0,0 +1,48 @@
+# enable-ocl-ref<!-- omit from toc -->
+
+## Table of Contents<!-- omit from toc -->
+- [Purpose](#purpose)
+- [Process](#process)
+- [Requirements](#requirements)
+  - [Infrastructure](#infrastructure)
+  - [Environment Variables](#environment-variables)
+
+## Purpose
+
+To enable the OCL functionality in the cluster. In order to enable the OCL functionality we need to create a MachineOsConfig resource defining the repository where the OCL images will be stored and 3 secrets to push and pull those images.
+
+The repository where the iamges will be stored is: quay.io/mcoqe/layering
+The credentials to access this repository are added the the cluster's pull-secret by the mco-conf-day2-add-mcoqe-robot-to-pull-secret step. Hence, we will use a copy of the cluster's pull-secret to configure our MOSCs.
+
+Example of a chain using this step
+
+```
+chain:
+  as: openshift-e2e-test-mco-qe-longduration
+  steps:
+  - chain: cucushift-installer-check-cluster-health
+  - ref: idp-htpasswd
+  - ref: mco-conf-day2-add-mcoqe-robot-to-pull-secret
+  - ref: mco-conf-day2-enable-ocl
+  - ref: openshift-extended-test-longduration
+  - ref: openshift-e2e-test-qe-report
+  documentation: |-
+    Execute openshift extended MCO e2e tests from QE. It does not execute cucushift test cases.
+```
+
+## Process
+
+This scripts creates a MOSC resource for every MCP declared in MCO_CONF_DAY2_ENABLE_OCL_POOLS. These MOSCs will use a copy of the pull-secret to access the registry quay.io/mcoqe/layering
+
+## Prerequisite(s)
+
+-  The cluster's pull-secret should contain the credentials to pull and push from quay.io/mcoqe/layering. These credentials are added by the mco-conf-day2-add-mcoqe-robot-to-pull-secret step.
+
+### Infrastructure
+
+- A provisioned test cluster to target.
+
+### Environment Variables
+
+- MCO_CONF_DAY2_IMAGE_EXPIRATION_TIME: space separated list of the MCPs where we want to enable OCL
+- MCO_CONF_DAY2_IMAGE_EXPIRATION_TIME: expiration time for the created OCL images

ci-operator/step-registry/mco/conf/day2/enable-ocl/mco-conf-day2-enable-ocl-commands.sh

@@ -0,0 +1,129 @@
+#!/bin/bash
+
+set -e
+set -u
+set -o pipefail
+
+function set_proxy () {
+    if [ -s "${SHARED_DIR}/proxy-conf.sh" ]; then
+        echo "Setting the proxy ${SHARED_DIR}/proxy-conf.sh"
+        # shellcheck source=/dev/null
+        source "${SHARED_DIR}/proxy-conf.sh"
+    else
+        echo "No proxy settings"
+    fi
+}
+
+function run_command() {
+    local CMD="$1"
+    echo "Running command: ${CMD}"
+    eval "${CMD}"
+}
+
+function debug_and_exit() {
+    echo 'An error happened. Debuging before exiting...'
+    echo ''
+    echo '####################################################'
+    echo '####################################################'
+    echo ''
+    echo 'All pods:'
+    run_command "oc get pods"
+    echo ''
+    echo '####################################################'
+    echo '####################################################'
+    echo ''
+    echo 'All MOSCs'
+    run_command "oc get machineosconfig -oyaml"
+    echo ''
+    echo '####################################################'
+    echo '####################################################'
+    echo ''
+    echo 'All MOSBs'
+    run_command "oc get machineosbuild -oyaml"
+    echo ''
+    echo '####################################################'
+    echo '####################################################'
+    echo ''
+    echo 'Builder pods logs'
+    run_command "oc logs pods -l machineconfiguration.openshift.io/on-cluster-layering"
+    exit 255
+}
+
+if  [[ -z "$MCO_CONF_DAY2_ENABLE_OCL_POOLS" ]]; then
+    echo "OCL is not configured in any MachineConfigPool, skip it."
+    exit 0
+fi
+
+set_proxy
+
+IFS=" " read -r -a mcp_arr <<<"$MCO_CONF_DAY2_ENABLE_OCL_POOLS"
+for custom_mcp_name in "${mcp_arr[@]}"; do
+
+    echo "Enable OCL in pool $custom_mcp_name"
+
+   oc create -f - << EOF
+apiVersion: machineconfiguration.openshift.io/v1alpha1
+kind: MachineOSConfig
+metadata:
+  name: mosc-$custom_mcp_name
+spec:
+  machineConfigPool:
+    name: $custom_mcp_name
+  buildOutputs:
+    currentImagePullSecret:
+      name: $(oc get secret -n openshift-config pull-secret -o json | jq "del(.metadata.namespace, .metadata.creationTimestamp, .metadata.resourceVersion, .metadata.uid, .metadata.name)" | jq '.metadata.name="pull-copy"' | oc -n openshift-machine-config-operator create -f - &> /dev/null; echo -n "pull-copy")
+  buildInputs:
+    imageBuilder:
+      imageBuilderType: PodImageBuilder
+    baseImagePullSecret:
+      name: $(oc get secret -n openshift-config pull-secret -o json | jq "del(.metadata.namespace, .metadata.creationTimestamp, .metadata.resourceVersion, .metadata.uid, .metadata.name)" | jq '.metadata.name="pull-copy"' | oc -n openshift-machine-config-operator create -f - &> /dev/null; echo -n "pull-copy")
+    renderedImagePushSecret:
+      name: $(oc get secret -n openshift-config pull-secret -o json | jq "del(.metadata.namespace, .metadata.creationTimestamp, .metadata.resourceVersion, .metadata.uid, .metadata.name)" | jq '.metadata.name="pull-copy"' | oc -n openshift-machine-config-operator create -f - &> /dev/null; echo -n "pull-copy")
+    renderedImagePushspec: "quay.io/mcoqe/layering:ocl-$custom_mcp_name"
+    containerFile:
+        - content: |-
+            LABEL maintainer="mco-qe-team" quay.expires-after=$MCO_CONF_DAY2_IMAGE_EXPIRATION_TIME
+EOF
+
+    oc get machineosconfig -oyaml "mosc-$custom_mcp_name"
+
+done
+
+for custom_mcp_name in "${mcp_arr[@]}"; do
+    echo "Waiting for $custom_mcp_name MachineConfigPool to start updating..."
+    run_command "oc wait mcp $custom_mcp_name --for='condition=UPDATING=True' --timeout=300s &>/dev/null"
+    if [ "$?" != "0" ]
+    then
+        debug_and_exit
+    fi
+done
+
+
+for custom_mcp_name in "${mcp_arr[@]}"; do
+    echo "Wait for the $custom_mcp_name MCP to start building the OCL build"
+    machine_os_build_name="$custom_mcp_name-$(oc get machineconfigpool worker  -ojsonpath='{.spec.configuration.name}')-builder"
+    run_command "oc wait --for=condition=Building  machineosbuild $machine_os_build_name --timeout=300s &>/dev/null"
+    if [ "$?" != "0" ]
+    then
+        debug_and_exit
+    fi
+done
+
+for custom_mcp_name in "${mcp_arr[@]}"; do
+    echo "Wait for the $custom_mcp_name MCP OCL build to succeed"
+    machine_os_build_name="$custom_mcp_name-$(oc get machineconfigpool worker  -ojsonpath='{.spec.configuration.name}')-builder"
+    run_command "oc wait --for=condition=Succeeded  machineosbuild $machine_os_build_name --timeout=300s &>/dev/null"
+    if [ "$?" != "0" ]
+    then
+        debug_and_exit
+    fi
+done
+
+for custom_mcp_name in "${mcp_arr[@]}"; do
+    echo "Waiting for $custom_mcp_name MachineConfigPool to finish updating..."
+    run_command "oc wait mcp \$custom_mcp_name --for='condition=UPDATED=True' --timeout=300s 2>/dev/null"
+    if [ "$?" != "0" ]
+    then
+        debug_and_exit
+    fi
+done

ci-operator/step-registry/mco/conf/day2/enable-ocl/mco-conf-day2-enable-ocl-ref.metadata.json

@@ -0,0 +1,21 @@
+{
+	"path": "mco/conf/day2/enable-ocl/mco-conf-day2-enable-ocl-ref.yaml",
+	"owners": {
+		"approvers": [
+			"Xia-Zhao-rh",
+			"kuiwang02",
+			"bandrade",
+			"jianzhangbjz",
+			"sergiordlr",
+			"ptalgulk01"
+		],
+		"reviewers": [
+			"Xia-Zhao-rh",
+			"kuiwang02",
+			"bandrade",
+			"jianzhangbjz",
+			"sergiordlr",
+			"ptalgulk01"
+		]
+	}
+}

ci-operator/step-registry/mco/conf/day2/enable-ocl/mco-conf-day2-enable-ocl-ref.yaml

@@ -0,0 +1,25 @@
+ref:
+  as: mco-conf-day2-enable-ocl
+  from_image:
+    namespace: ocp
+    name: cli-jq
+    tag: latest
+  commands: mco-conf-day2-enable-ocl-commands.sh
+  resources:
+    requests:
+      cpu: 10m
+      memory: 100Mi
+  env:
+    - name: MCO_CONF_DAY2_ENABLE_OCL_POOLS
+      default: ""
+      documentation: |
+        A space splitted array with the pools that will be configured with OCL
+    - name: MCO_CONF_DAY2_IMAGE_EXPIRATION_TIME
+      default: "2h"
+      documentation: |
+        The time after which the images will be automatically deleted from the quay repository
+  documentation: |-
+    Configures OCL in the MachineConfigPools provided in the MCO_CONF_DAY2_ENABLE_OCL_POOLS list.
+    The secret used to pull and pull the images will be the cluster's pull-secret.
+    The repository used to store the images will be quay.io/mcoqe/layering
+    All images will be labeled with 

ci-operator/step-registry/openshift/e2e/test/mco-qe/longduration/openshift-e2e-test-mco-qe-longduration-chain.yaml

@@ -4,6 +4,7 @@ chain:
   - chain: cucushift-installer-check-cluster-health
   - ref: idp-htpasswd
   - ref: mco-conf-day2-add-mcoqe-robot-to-pull-secret
+  - ref: mco-conf-day2-enable-ocl
   - ref: openshift-extended-test-longduration
   - ref: openshift-e2e-test-qe-report
   documentation: |-