From 73397ed96d423b53c2b4ac57c6488cdd25a121a3 Mon Sep 17 00:00:00 2001 From: Sergio Regidor Date: Mon, 7 Oct 2024 12:49:56 +0000 Subject: [PATCH] MCO-871 MCO add OCL dedicated job --- ...s-private-release-4.18__amd64-nightly.yaml | 16 +++ ...-tests-private-release-4.18-periodics.yaml | 88 ++++++++++++ .../mco/conf/day2/enable-ocl/OWNERS | 14 ++ .../mco/conf/day2/enable-ocl/README.md | 48 +++++++ .../mco-conf-day2-enable-ocl-commands.sh | 129 ++++++++++++++++++ ...mco-conf-day2-enable-ocl-ref.metadata.json | 21 +++ .../mco-conf-day2-enable-ocl-ref.yaml | 25 ++++ ...ft-e2e-test-mco-qe-longduration-chain.yaml | 1 + 8 files changed, 342 insertions(+) create mode 100644 ci-operator/step-registry/mco/conf/day2/enable-ocl/OWNERS create mode 100644 ci-operator/step-registry/mco/conf/day2/enable-ocl/README.md create mode 100644 ci-operator/step-registry/mco/conf/day2/enable-ocl/mco-conf-day2-enable-ocl-commands.sh create mode 100644 ci-operator/step-registry/mco/conf/day2/enable-ocl/mco-conf-day2-enable-ocl-ref.metadata.json create mode 100644 ci-operator/step-registry/mco/conf/day2/enable-ocl/mco-conf-day2-enable-ocl-ref.yaml diff --git a/ci-operator/config/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.18__amd64-nightly.yaml b/ci-operator/config/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.18__amd64-nightly.yaml index 6a879b5d5494..556640caaef9 100644 --- a/ci-operator/config/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.18__amd64-nightly.yaml +++ b/ci-operator/config/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.18__amd64-nightly.yaml @@ -322,6 +322,22 @@ tests: test: - ref: openshift-extended-test-longduration workflow: cucushift-installer-rehearse-aws-ipi +- as: aws-ipi-longduration-mco-ocl-f9 + cron: 16 8 4,16,25 * * + steps: + allow_skip_on_success: true + cluster_profile: aws-qe + env: + BASE_DOMAIN: qe.devcluster.openshift.com + COMPUTE_NODE_REPLICAS: "2" + FEATURE_SET: TechPreviewNoUpgrade + MCO_CONF_DAY2_ENABLE_OCL_POOLS: worker + TEST_FILTERS: ~ChkUpgrade&;~DisconnectedOnly&;~MicroShiftOnly&;~ocb&;~Layering& + TEST_SCENARIOS: "42361" + TEST_TIMEOUT: "120" + test: + - chain: openshift-e2e-test-mco-qe-longduration + workflow: cucushift-installer-rehearse-aws-ipi - as: aws-ipi-longduration-mco-g1-f9 cron: 16 8 4,16,25 * * steps: diff --git a/ci-operator/jobs/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.18-periodics.yaml b/ci-operator/jobs/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.18-periodics.yaml index 499d5a62e37d..7651b234e7a7 100644 --- a/ci-operator/jobs/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.18-periodics.yaml +++ b/ci-operator/jobs/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.18-periodics.yaml @@ -17723,6 +17723,94 @@ periodics: - name: result-aggregator secret: secretName: result-aggregator +- agent: kubernetes + cluster: build03 + cron: 16 8 4,16,25 * * + decorate: true + decoration_config: + skip_cloning: true + extra_refs: + - base_ref: release-4.18 + org: openshift + repo: openshift-tests-private + labels: + ci-operator.openshift.io/cloud: aws + ci-operator.openshift.io/cloud-cluster-profile: aws-qe + ci-operator.openshift.io/variant: amd64-nightly + ci.openshift.io/generator: prowgen + job-release: "4.18" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: periodic-ci-openshift-openshift-tests-private-release-4.18-amd64-nightly-aws-ipi-longduration-mco-ocl-f9 + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --oauth-token-path=/usr/local/github-credentials/oauth + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --secret-dir=/usr/local/aws-ipi-longduration-mco-ocl-f9-cluster-profile + - --target=aws-ipi-longduration-mco-ocl-f9 + - --variant=amd64-nightly + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /usr/local/aws-ipi-longduration-mco-ocl-f9-cluster-profile + name: cluster-profile + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /usr/local/github-credentials + name: github-credentials-openshift-ci-robot-private-git-cloner + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: cluster-profile + secret: + secretName: cluster-secrets-aws-qe + - name: github-credentials-openshift-ci-robot-private-git-cloner + secret: + secretName: github-credentials-openshift-ci-robot-private-git-cloner + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator - agent: kubernetes cluster: build03 cron: 0 17 1,3,5,7,9,11,13,15,17,19,21,23,25,27,29 * * diff --git a/ci-operator/step-registry/mco/conf/day2/enable-ocl/OWNERS b/ci-operator/step-registry/mco/conf/day2/enable-ocl/OWNERS new file mode 100644 index 000000000000..3c66c39a3070 --- /dev/null +++ b/ci-operator/step-registry/mco/conf/day2/enable-ocl/OWNERS @@ -0,0 +1,14 @@ +approvers: + - Xia-Zhao-rh + - kuiwang02 + - bandrade + - jianzhangbjz + - sergiordlr + - ptalgulk01 +reviewers: + - Xia-Zhao-rh + - kuiwang02 + - bandrade + - jianzhangbjz + - sergiordlr + - ptalgulk01 diff --git a/ci-operator/step-registry/mco/conf/day2/enable-ocl/README.md b/ci-operator/step-registry/mco/conf/day2/enable-ocl/README.md new file mode 100644 index 000000000000..6c6150f2d974 --- /dev/null +++ b/ci-operator/step-registry/mco/conf/day2/enable-ocl/README.md @@ -0,0 +1,48 @@ +# enable-ocl-ref + +## Table of Contents +- [Purpose](#purpose) +- [Process](#process) +- [Requirements](#requirements) + - [Infrastructure](#infrastructure) + - [Environment Variables](#environment-variables) + +## Purpose + +To enable the OCL functionality in the cluster. In order to enable the OCL functionality we need to create a MachineOsConfig resource defining the repository where the OCL images will be stored and 3 secrets to push and pull those images. + +The repository where the iamges will be stored is: quay.io/mcoqe/layering +The credentials to access this repository are added the the cluster's pull-secret by the mco-conf-day2-add-mcoqe-robot-to-pull-secret step. Hence, we will use a copy of the cluster's pull-secret to configure our MOSCs. + +Example of a chain using this step + +``` +chain: + as: openshift-e2e-test-mco-qe-longduration + steps: + - chain: cucushift-installer-check-cluster-health + - ref: idp-htpasswd + - ref: mco-conf-day2-add-mcoqe-robot-to-pull-secret + - ref: mco-conf-day2-enable-ocl + - ref: openshift-extended-test-longduration + - ref: openshift-e2e-test-qe-report + documentation: |- + Execute openshift extended MCO e2e tests from QE. It does not execute cucushift test cases. +``` + +## Process + +This scripts creates a MOSC resource for every MCP declared in MCO_CONF_DAY2_ENABLE_OCL_POOLS. These MOSCs will use a copy of the pull-secret to access the registry quay.io/mcoqe/layering + +## Prerequisite(s) + +- The cluster's pull-secret should contain the credentials to pull and push from quay.io/mcoqe/layering. These credentials are added by the mco-conf-day2-add-mcoqe-robot-to-pull-secret step. + +### Infrastructure + +- A provisioned test cluster to target. + +### Environment Variables + +- MCO_CONF_DAY2_IMAGE_EXPIRATION_TIME: space separated list of the MCPs where we want to enable OCL +- MCO_CONF_DAY2_IMAGE_EXPIRATION_TIME: expiration time for the created OCL images diff --git a/ci-operator/step-registry/mco/conf/day2/enable-ocl/mco-conf-day2-enable-ocl-commands.sh b/ci-operator/step-registry/mco/conf/day2/enable-ocl/mco-conf-day2-enable-ocl-commands.sh new file mode 100644 index 000000000000..65ca3078ebdc --- /dev/null +++ b/ci-operator/step-registry/mco/conf/day2/enable-ocl/mco-conf-day2-enable-ocl-commands.sh @@ -0,0 +1,129 @@ +#!/bin/bash + +set -e +set -u +set -o pipefail + +function set_proxy () { + if [ -s "${SHARED_DIR}/proxy-conf.sh" ]; then + echo "Setting the proxy ${SHARED_DIR}/proxy-conf.sh" + # shellcheck source=/dev/null + source "${SHARED_DIR}/proxy-conf.sh" + else + echo "No proxy settings" + fi +} + +function run_command() { + local CMD="$1" + echo "Running command: ${CMD}" + eval "${CMD}" +} + +function debug_and_exit() { + echo 'An error happened. Debuging before exiting...' + echo '' + echo '####################################################' + echo '####################################################' + echo '' + echo 'All pods:' + run_command "oc get pods" + echo '' + echo '####################################################' + echo '####################################################' + echo '' + echo 'All MOSCs' + run_command "oc get machineosconfig -oyaml" + echo '' + echo '####################################################' + echo '####################################################' + echo '' + echo 'All MOSBs' + run_command "oc get machineosbuild -oyaml" + echo '' + echo '####################################################' + echo '####################################################' + echo '' + echo 'Builder pods logs' + run_command "oc logs pods -l machineconfiguration.openshift.io/on-cluster-layering" + exit 255 +} + +if [[ -z "$MCO_CONF_DAY2_ENABLE_OCL_POOLS" ]]; then + echo "OCL is not configured in any MachineConfigPool, skip it." + exit 0 +fi + +set_proxy + +IFS=" " read -r -a mcp_arr <<<"$MCO_CONF_DAY2_ENABLE_OCL_POOLS" +for custom_mcp_name in "${mcp_arr[@]}"; do + + echo "Enable OCL in pool $custom_mcp_name" + + oc create -f - << EOF +apiVersion: machineconfiguration.openshift.io/v1alpha1 +kind: MachineOSConfig +metadata: + name: mosc-$custom_mcp_name +spec: + machineConfigPool: + name: $custom_mcp_name + buildOutputs: + currentImagePullSecret: + name: $(oc get secret -n openshift-config pull-secret -o json | jq "del(.metadata.namespace, .metadata.creationTimestamp, .metadata.resourceVersion, .metadata.uid, .metadata.name)" | jq '.metadata.name="pull-copy"' | oc -n openshift-machine-config-operator create -f - &> /dev/null; echo -n "pull-copy") + buildInputs: + imageBuilder: + imageBuilderType: PodImageBuilder + baseImagePullSecret: + name: $(oc get secret -n openshift-config pull-secret -o json | jq "del(.metadata.namespace, .metadata.creationTimestamp, .metadata.resourceVersion, .metadata.uid, .metadata.name)" | jq '.metadata.name="pull-copy"' | oc -n openshift-machine-config-operator create -f - &> /dev/null; echo -n "pull-copy") + renderedImagePushSecret: + name: $(oc get secret -n openshift-config pull-secret -o json | jq "del(.metadata.namespace, .metadata.creationTimestamp, .metadata.resourceVersion, .metadata.uid, .metadata.name)" | jq '.metadata.name="pull-copy"' | oc -n openshift-machine-config-operator create -f - &> /dev/null; echo -n "pull-copy") + renderedImagePushspec: "quay.io/mcoqe/layering:ocl-$custom_mcp_name" + containerFile: + - content: |- + LABEL maintainer="mco-qe-team" quay.expires-after=$MCO_CONF_DAY2_IMAGE_EXPIRATION_TIME +EOF + + oc get machineosconfig -oyaml "mosc-$custom_mcp_name" + +done + +for custom_mcp_name in "${mcp_arr[@]}"; do + echo "Waiting for $custom_mcp_name MachineConfigPool to start updating..." + run_command "oc wait mcp $custom_mcp_name --for='condition=UPDATING=True' --timeout=300s &>/dev/null" + if [ "$?" != "0" ] + then + debug_and_exit + fi +done + + +for custom_mcp_name in "${mcp_arr[@]}"; do + echo "Wait for the $custom_mcp_name MCP to start building the OCL build" + machine_os_build_name="$custom_mcp_name-$(oc get machineconfigpool worker -ojsonpath='{.spec.configuration.name}')-builder" + run_command "oc wait --for=condition=Building machineosbuild $machine_os_build_name --timeout=300s &>/dev/null" + if [ "$?" != "0" ] + then + debug_and_exit + fi +done + +for custom_mcp_name in "${mcp_arr[@]}"; do + echo "Wait for the $custom_mcp_name MCP OCL build to succeed" + machine_os_build_name="$custom_mcp_name-$(oc get machineconfigpool worker -ojsonpath='{.spec.configuration.name}')-builder" + run_command "oc wait --for=condition=Succeeded machineosbuild $machine_os_build_name --timeout=300s &>/dev/null" + if [ "$?" != "0" ] + then + debug_and_exit + fi +done + +for custom_mcp_name in "${mcp_arr[@]}"; do + echo "Waiting for $custom_mcp_name MachineConfigPool to finish updating..." + run_command "oc wait mcp \$custom_mcp_name --for='condition=UPDATED=True' --timeout=300s 2>/dev/null" + if [ "$?" != "0" ] + then + debug_and_exit + fi +done diff --git a/ci-operator/step-registry/mco/conf/day2/enable-ocl/mco-conf-day2-enable-ocl-ref.metadata.json b/ci-operator/step-registry/mco/conf/day2/enable-ocl/mco-conf-day2-enable-ocl-ref.metadata.json new file mode 100644 index 000000000000..d776a1e15b7b --- /dev/null +++ b/ci-operator/step-registry/mco/conf/day2/enable-ocl/mco-conf-day2-enable-ocl-ref.metadata.json @@ -0,0 +1,21 @@ +{ + "path": "mco/conf/day2/enable-ocl/mco-conf-day2-enable-ocl-ref.yaml", + "owners": { + "approvers": [ + "Xia-Zhao-rh", + "kuiwang02", + "bandrade", + "jianzhangbjz", + "sergiordlr", + "ptalgulk01" + ], + "reviewers": [ + "Xia-Zhao-rh", + "kuiwang02", + "bandrade", + "jianzhangbjz", + "sergiordlr", + "ptalgulk01" + ] + } +} \ No newline at end of file diff --git a/ci-operator/step-registry/mco/conf/day2/enable-ocl/mco-conf-day2-enable-ocl-ref.yaml b/ci-operator/step-registry/mco/conf/day2/enable-ocl/mco-conf-day2-enable-ocl-ref.yaml new file mode 100644 index 000000000000..4b7aad778cbc --- /dev/null +++ b/ci-operator/step-registry/mco/conf/day2/enable-ocl/mco-conf-day2-enable-ocl-ref.yaml @@ -0,0 +1,25 @@ +ref: + as: mco-conf-day2-enable-ocl + from_image: + namespace: ocp + name: cli-jq + tag: latest + commands: mco-conf-day2-enable-ocl-commands.sh + resources: + requests: + cpu: 10m + memory: 100Mi + env: + - name: MCO_CONF_DAY2_ENABLE_OCL_POOLS + default: "" + documentation: | + A space splitted array with the pools that will be configured with OCL + - name: MCO_CONF_DAY2_IMAGE_EXPIRATION_TIME + default: "2h" + documentation: | + The time after which the images will be automatically deleted from the quay repository + documentation: |- + Configures OCL in the MachineConfigPools provided in the MCO_CONF_DAY2_ENABLE_OCL_POOLS list. + The secret used to pull and pull the images will be the cluster's pull-secret. + The repository used to store the images will be quay.io/mcoqe/layering + All images will be labeled with diff --git a/ci-operator/step-registry/openshift/e2e/test/mco-qe/longduration/openshift-e2e-test-mco-qe-longduration-chain.yaml b/ci-operator/step-registry/openshift/e2e/test/mco-qe/longduration/openshift-e2e-test-mco-qe-longduration-chain.yaml index c8c8f7629c08..54c9b4858fc6 100644 --- a/ci-operator/step-registry/openshift/e2e/test/mco-qe/longduration/openshift-e2e-test-mco-qe-longduration-chain.yaml +++ b/ci-operator/step-registry/openshift/e2e/test/mco-qe/longduration/openshift-e2e-test-mco-qe-longduration-chain.yaml @@ -4,6 +4,7 @@ chain: - chain: cucushift-installer-check-cluster-health - ref: idp-htpasswd - ref: mco-conf-day2-add-mcoqe-robot-to-pull-secret + - ref: mco-conf-day2-enable-ocl - ref: openshift-extended-test-longduration - ref: openshift-e2e-test-qe-report documentation: |-