WIP: ci-operator/step-registry/openshift/e2e/fips: Add FIPS steps #10478
Conversation
openshift-ci-robot
added
the
do-not-merge/work-in-progress
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: wking The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci-robot
added
the
approved
And use them for master installer CI.
The implementation for the openshift-e2e-fips step is something of a
union of the old-style
ci-operator/templates/openshift/installer/cluster-launch-installer-e2e.yaml
and the gather-aws-console step, which also iterates over nodes. I'm
using 'read' instead of the {1..5} to iterate, because there may not
be exactly five nodes.
The openshift-e2e-aws-fips-default worklow demonstrates that the
default install does not enable FIPS. I'm just using that for the
installer as well; it seemed a bit heavy to add to openshift-e2e-aws.
The ci-operator/jobs changes were generated with:
$ make update
| @@ -0,0 +1,45 @@ | |||
| #!/bin/bash | |||
There was a problem hiding this comment.
why this not a test in openshift-test binary?
There was a problem hiding this comment.
I'm fine with that too. There should be some way to figure out what the configured value should be for a node? But I guess that wouldn't cover "installer ignores fips setting in the install-config". Do we care about covering that portion? We could probably cover it in create manifests integration testing in the installer.
| - name: TMPDIR | ||
| default: /tmp | ||
| documentation: A pathname of a directory made available for programs that need a place to create temporary files. | ||
| - name: FIPS_EXPECTED |
There was a problem hiding this comment.
hmm.. this env is not used ..
There was a problem hiding this comment.
Oops, I need to set it in the workflow that enables FIPS...
|
/hold #10488 is dropping |
openshift-ci-robot
added
the
do-not-merge/hold
|
@wking: The following tests failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
@wking: The following tests failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
@wking: The following test failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
Issues go stale after 90d of inactivity. Mark the issue as fresh by commenting If this issue is safe to close now please do so with /lifecycle stale |
openshift-ci-robot
added
the
lifecycle/stale
|
@wking: PR needs rebase. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
openshift-ci
bot
added
the
needs-rebase
|
Stale issues rot after 30d of inactivity. Mark the issue as fresh by commenting If this issue is safe to close now please do so with /lifecycle rotten |
openshift-ci
bot
added
lifecycle/rotten
|
Rotten issues close after 30d of inactivity. Reopen the issue by commenting /close |
|
@openshift-bot: Closed this PR. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
5 participants
And use them for master installer CI.
The implementation for the openshift-e2e-fips step is something of a union of the old-style
ci-operator/templates/openshift/installer/cluster-launch-installer-e2e.yamland thegather-aws-consolestep, which also iterates over nodes. I'm usingreadinstead of the{1..5}to iterate, because there may not be exactly five nodes.The
openshift-e2e-aws-fips-defaultworklow demonstrates that the default install does not enable FIPS. I'm just using that for the installer as well; it seemed a bit heavy to add toopenshift-e2e-aws.WIP because we probably want to port more of the FIPS CI to steps. I wanted to float for early feedback before putting in that effort. CC @abhinavdahiya and @sallyom, who I've tapped as owners. Feel free to suggest alternatives and/or additional owners.