diff --git a/ci-operator/step-registry/ipi/conf/aws/blackholenetwork/ipi-conf-aws-blackholenetwork-commands.sh b/ci-operator/step-registry/ipi/conf/aws/blackholenetwork/ipi-conf-aws-blackholenetwork-commands.sh index 6deb335973fd5..9fd76756e0503 100755 --- a/ci-operator/step-registry/ipi/conf/aws/blackholenetwork/ipi-conf-aws-blackholenetwork-commands.sh +++ b/ci-operator/step-registry/ipi/conf/aws/blackholenetwork/ipi-conf-aws-blackholenetwork-commands.sh @@ -4,24 +4,332 @@ set -o nounset set -o errexit set -o pipefail +export AWS_SHARED_CREDENTIALS_FILE="${CLUSTER_PROFILE_DIR}/.awscred" + # TODO: move to image curl -L https://github.com/mikefarah/yq/releases/download/3.3.0/yq_linux_amd64 -o /tmp/yq && chmod +x /tmp/yq +EXPIRATION_DATE=$(date -d '4 hours' --iso=minutes --utc) +TAGS="Key=expirationDate,Value=${EXPIRATION_DATE}" + CONFIG="${SHARED_DIR}/install-config.yaml" PATCH="${SHARED_DIR}/install-config-blackholenetwork.yaml.patch" -aws_region=$(/tmp/yq r "${CONFIG}" 'platform.aws.region') +REGION="${LEASED_RESOURCE}" + +CLUSTER_NAME="$(/tmp/yq r "${CONFIG}" 'metadata.name')" + +cat << EOF > /tmp/blackhole_vpc.yaml +# This is the template file used to generate blackhole VPC and subnet entries. +AWSTemplateFormatVersion: 2010-09-09 +Description: Template for Best Practice VPC with 1-3 AZs + +Parameters: + VpcCidr: + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-4]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-24. + Default: 10.0.0.0/16 + Description: CIDR block for VPC. + Type: String + AvailabilityZoneCount: + ConstraintDescription: "The number of availability zones. (Min: 1, Max: 3)" + MinValue: 1 + MaxValue: 3 + Default: 1 + Description: "How many AZs to create VPC subnets for. (Min: 1, Max: 3)" + Type: Number + SubnetBits: + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/19-27. + MinValue: 5 + MaxValue: 13 + Default: 12 + Description: "Size of each subnet to create within the availability zones. (Min: 5 = /27, Max: 13 = /19)" + Type: Number + +Metadata: + AWS::CloudFormation::Interface: + ParameterGroups: + - Label: + default: "Network Configuration" + Parameters: + - VpcCidr + - SubnetBits + - Label: + default: "Availability Zones" + Parameters: + - AvailabilityZoneCount + ParameterLabels: + AvailabilityZoneCount: + default: "Availability Zone Count" + VpcCidr: + default: "VPC CIDR" + SubnetBits: + default: "Bits Per Subnet" + +Conditions: + DoAz3: !Equals [3, !Ref AvailabilityZoneCount] + DoAz2: !Or [!Equals [2, !Ref AvailabilityZoneCount], Condition: DoAz3] + +Resources: + VPC: + Type: "AWS::EC2::VPC" + Properties: + EnableDnsSupport: "true" + EnableDnsHostnames: "true" + CidrBlock: !Ref VpcCidr + PublicSubnet: + Type: "AWS::EC2::Subnet" + Properties: + VpcId: !Ref VPC + CidrBlock: !Select [0, !Cidr [!Ref VpcCidr, 6, !Ref SubnetBits]] + AvailabilityZone: !Select + - 0 + - Fn::GetAZs: !Ref "AWS::Region" + PublicSubnet2: + Type: "AWS::EC2::Subnet" + Condition: DoAz2 + Properties: + VpcId: !Ref VPC + CidrBlock: !Select [1, !Cidr [!Ref VpcCidr, 6, !Ref SubnetBits]] + AvailabilityZone: !Select + - 1 + - Fn::GetAZs: !Ref "AWS::Region" + PublicSubnet3: + Type: "AWS::EC2::Subnet" + Condition: DoAz3 + Properties: + VpcId: !Ref VPC + CidrBlock: !Select [2, !Cidr [!Ref VpcCidr, 6, !Ref SubnetBits]] + AvailabilityZone: !Select + - 2 + - Fn::GetAZs: !Ref "AWS::Region" + InternetGateway: + Type: "AWS::EC2::InternetGateway" + GatewayToInternet: + Type: "AWS::EC2::VPCGatewayAttachment" + Properties: + VpcId: !Ref VPC + InternetGatewayId: !Ref InternetGateway + PublicRouteTable: + Type: "AWS::EC2::RouteTable" + Properties: + VpcId: !Ref VPC + PublicRoute: + Type: "AWS::EC2::Route" + DependsOn: GatewayToInternet + Properties: + RouteTableId: !Ref PublicRouteTable + DestinationCidrBlock: 0.0.0.0/0 + GatewayId: !Ref InternetGateway + PublicSubnetRouteTableAssociation: + Type: "AWS::EC2::SubnetRouteTableAssociation" + Properties: + SubnetId: !Ref PublicSubnet + RouteTableId: !Ref PublicRouteTable + PublicSubnetRouteTableAssociation2: + Type: "AWS::EC2::SubnetRouteTableAssociation" + Condition: DoAz2 + Properties: + SubnetId: !Ref PublicSubnet2 + RouteTableId: !Ref PublicRouteTable + PublicSubnetRouteTableAssociation3: + Condition: DoAz3 + Type: "AWS::EC2::SubnetRouteTableAssociation" + Properties: + SubnetId: !Ref PublicSubnet3 + RouteTableId: !Ref PublicRouteTable + PrivateSubnet: + Type: "AWS::EC2::Subnet" + Properties: + VpcId: !Ref VPC + CidrBlock: !Select [3, !Cidr [!Ref VpcCidr, 6, !Ref SubnetBits]] + AvailabilityZone: !Select + - 0 + - Fn::GetAZs: !Ref "AWS::Region" + PrivateRouteTable: + Type: "AWS::EC2::RouteTable" + Properties: + VpcId: !Ref VPC + PrivateSubnetRouteTableAssociation: + Type: "AWS::EC2::SubnetRouteTableAssociation" + Properties: + SubnetId: !Ref PrivateSubnet + RouteTableId: !Ref PrivateRouteTable + PrivateSubnet2: + Type: "AWS::EC2::Subnet" + Condition: DoAz2 + Properties: + VpcId: !Ref VPC + CidrBlock: !Select [4, !Cidr [!Ref VpcCidr, 6, !Ref SubnetBits]] + AvailabilityZone: !Select + - 1 + - Fn::GetAZs: !Ref "AWS::Region" + PrivateRouteTable2: + Type: "AWS::EC2::RouteTable" + Condition: DoAz2 + Properties: + VpcId: !Ref VPC + PrivateSubnetRouteTableAssociation2: + Type: "AWS::EC2::SubnetRouteTableAssociation" + Condition: DoAz2 + Properties: + SubnetId: !Ref PrivateSubnet2 + RouteTableId: !Ref PrivateRouteTable2 + PrivateSubnet3: + Type: "AWS::EC2::Subnet" + Condition: DoAz3 + Properties: + VpcId: !Ref VPC + CidrBlock: !Select [5, !Cidr [!Ref VpcCidr, 6, !Ref SubnetBits]] + AvailabilityZone: !Select + - 2 + - Fn::GetAZs: !Ref "AWS::Region" + PrivateRouteTable3: + Type: "AWS::EC2::RouteTable" + Condition: DoAz3 + Properties: + VpcId: !Ref VPC + PrivateSubnetRouteTableAssociation3: + Type: "AWS::EC2::SubnetRouteTableAssociation" + Condition: DoAz3 + Properties: + SubnetId: !Ref PrivateSubnet3 + RouteTableId: !Ref PrivateRouteTable3 + HTTPSSecurityGroup: + Type: AWS::EC2::SecurityGroup + Properties: + GroupDescription: HTTPS Security Group + SecurityGroupIngress: + - IpProtocol: tcp + FromPort: 443 + ToPort: 443 + CidrIp: !Ref VpcCidr + VpcId: !Ref VPC + EC2Endpoint: + Type: AWS::EC2::VPCEndpoint + Properties: + PolicyDocument: + Version: 2012-10-17 + Statement: + - Effect: Allow + Principal: '*' + Action: + - '*' + Resource: + - '*' + PrivateDnsEnabled: "true" + SecurityGroupIds: + - !Ref HTTPSSecurityGroup + ServiceName: !Join + - '' + - - com.amazonaws. + - !Ref 'AWS::Region' + - .ec2 + SubnetIds: + - !Ref PublicSubnet + - !If [DoAz2, !Ref PublicSubnet2, !Ref "AWS::NoValue"] + - !If [DoAz3, !Ref PublicSubnet3, !Ref "AWS::NoValue"] + VpcEndpointType: Interface + VpcId: !Ref VPC + ELBEndpoint: + Type: AWS::EC2::VPCEndpoint + Properties: + PolicyDocument: + Version: 2012-10-17 + Statement: + - Effect: Allow + Principal: '*' + Action: + - '*' + Resource: + - '*' + PrivateDnsEnabled: "true" + SecurityGroupIds: + - !Ref HTTPSSecurityGroup + ServiceName: !Join + - '' + - - com.amazonaws. + - !Ref 'AWS::Region' + - .elasticloadbalancing + SubnetIds: + - !Ref PublicSubnet + - !If [DoAz2, !Ref PublicSubnet2, !Ref "AWS::NoValue"] + - !If [DoAz3, !Ref PublicSubnet3, !Ref "AWS::NoValue"] + VpcEndpointType: Interface + VpcId: !Ref VPC + S3Endpoint: + Type: AWS::EC2::VPCEndpoint + Properties: + PolicyDocument: + Version: 2012-10-17 + Statement: + - Effect: Allow + Principal: '*' + Action: + - '*' + Resource: + - '*' + RouteTableIds: + - !Ref PublicRouteTable + - !Ref PrivateRouteTable + - !If [DoAz2, !Ref PrivateRouteTable2, !Ref "AWS::NoValue"] + - !If [DoAz3, !Ref PrivateRouteTable3, !Ref "AWS::NoValue"] + ServiceName: !Join + - '' + - - com.amazonaws. + - !Ref 'AWS::Region' + - .s3 + VpcId: !Ref VPC -subnets="[]" -case "${aws_region}" in -us-east-1) subnets="['subnet-0a7491aa76f9b88d7','subnet-0f0b2dcccdcbc7c1d','subnet-0680badf68cbf198c','subnet-02b25dd65f806e41b','subnet-010235a3bff34cf6f','subnet-085c78d8c562b5a51']";; -us-east-2) subnets="['subnet-0ea117d9499ef624f','subnet-00adc83d4719d4176','subnet-0b9399990fa424d7f','subnet-060d997b25f5bb922','subnet-015f4e65b0ef1b0e1','subnet-02296b47817923bfb']";; -us-west-1) subnets="['subnet-0d003f08a541855a2','subnet-04007c47f50891b1d','subnet-02cdb70a3a4beb754','subnet-0d813eca318034290']";; -us-west-2) subnets="['subnet-05d8f8ae35e720611','subnet-0f3f254b13d40e352','subnet-0e23da17ea081d614','subnet-0f380906f83c55df7','subnet-0a2c5167d94c1a5f8','subnet-01375df3b11699b77']";; -*) echo >&2 "invalid subnets index"; exit 1;; -esac +Outputs: + VpcId: + Description: ID of the new VPC. + Value: !Ref VPC + PublicSubnetIds: + Description: Subnet IDs of the public subnets. + Value: + !Join [ + ",", + [!Ref PublicSubnet, !If [DoAz2, !Ref PublicSubnet2, !Ref "AWS::NoValue"], !If [DoAz3, !Ref PublicSubnet3, !Ref "AWS::NoValue"]] + ] + PrivateSubnetIds: + Description: Subnet IDs of the private subnets. + Value: + !Join [ + ",", + [!Ref PrivateSubnet, !If [DoAz2, !Ref PrivateSubnet2, !Ref "AWS::NoValue"], !If [DoAz3, !Ref PrivateSubnet3, !Ref "AWS::NoValue"]] + ] +EOF + +MAX_ZONES_COUNT="$(cat "${SHARED_DIR}/maxzonescount")" + +ZONE_COUNT=3 +if [[ "${MAX_ZONES_COUNT}" -lt 3 ]] + +then + ZONE_COUNT="${MAX_ZONES_COUNT}" +fi + +STACK_NAME="${CLUSTER_NAME}-shared-vpc-blackhole" +aws --region "${REGION}" cloudformation create-stack \ + --stack-name "${STACK_NAME}" \ + --template-body "$(cat /tmp/blackhole_vpc.yaml)" \ + --tags "${TAGS}" \ + --parameters "ParameterKey=AvailabilityZoneCount,ParameterValue=${ZONE_COUNT}" & + +wait "$!" +echo "Created stack" + +aws --region "${REGION}" cloudformation wait stack-create-complete --stack-name "${STACK_NAME}" & +wait "$!" +echo "Waited for stack" + +subnets="$(aws --region "${REGION}" cloudformation describe-stacks --stack-name "${STACK_NAME}" | jq -c '[.Stacks[].Outputs[] | select(.OutputKey | endswith("SubnetIds")).OutputValue | split(",")[]]' | sed "s/\"/'/g")" echo "Subnets : ${subnets}" +# save stack information to ${SHARED_DIR} for deprovision step +echo "${STACK_NAME}" >> "${SHARED_DIR}/blackholenetworkstackname" + cat >> "${PATCH}" << EOF platform: aws: diff --git a/ci-operator/step-registry/ipi/conf/aws/blackholenetwork/ipi-conf-aws-blackholenetwork-ref.yaml b/ci-operator/step-registry/ipi/conf/aws/blackholenetwork/ipi-conf-aws-blackholenetwork-ref.yaml index d4ce830b43470..ded858495bfb6 100644 --- a/ci-operator/step-registry/ipi/conf/aws/blackholenetwork/ipi-conf-aws-blackholenetwork-ref.yaml +++ b/ci-operator/step-registry/ipi/conf/aws/blackholenetwork/ipi-conf-aws-blackholenetwork-ref.yaml @@ -1,9 +1,9 @@ ref: as: ipi-conf-aws-blackholenetwork from_image: - namespace: origin - name: centos - tag: '8' + namespace: ocp + name: "4.5" + tag: upi-installer commands: ipi-conf-aws-blackholenetwork-commands.sh resources: requests: diff --git a/ci-operator/step-registry/ipi/conf/aws/ipi-conf-aws-commands.sh b/ci-operator/step-registry/ipi/conf/aws/ipi-conf-aws-commands.sh index 1292d3f042a1f..a63fd2a8b4b1b 100755 --- a/ci-operator/step-registry/ipi/conf/aws/ipi-conf-aws-commands.sh +++ b/ci-operator/step-registry/ipi/conf/aws/ipi-conf-aws-commands.sh @@ -4,6 +4,8 @@ set -o nounset set -o errexit set -o pipefail +export AWS_SHARED_CREDENTIALS_FILE="${CLUSTER_PROFILE_DIR}/.awscred" + CONFIG="${SHARED_DIR}/install-config.yaml" expiration_date=$(date -d '4 hours' --iso=minutes --utc) @@ -11,7 +13,18 @@ expiration_date=$(date -d '4 hours' --iso=minutes --utc) function join_by { local IFS="$1"; shift; echo "$*"; } REGION="${LEASED_RESOURCE}" -ZONES=("${REGION}a" "${REGION}b") + +# Generate working availability zones from the region +mapfile -t AVAILABILITY_ZONES < <(aws --region "${REGION}" ec2 describe-availability-zones | jq -r '.AvailabilityZones[] | select(.State == "available") | .ZoneName' | sort -u) +# Generate availability zones with the biggest instance type required +mapfile -t XLARGE_ZONES < <(aws --region "${REGION}" ec2 describe-instance-type-offerings --location-type availability-zone --filters Name=instance-type,Values=m5.8xlarge | jq -r '.InstanceTypeOfferings[].Location' | sort -u) +# Generate availability zones based on these 2 criterias +mapfile -t ZONES < <(echo "${AVAILABILITY_ZONES[@]}" "${XLARGE_ZONES[@]}" | sed 's/ /\n/g' | sort -R | uniq -d) +# Calculate the maximum number of availability zones from the region +MAX_ZONES_COUNT="${#ZONES[@]}" +# Save max zones count information to ${SHARED_DIR} for use in other scenarios +echo "${MAX_ZONES_COUNT}" >> "${SHARED_DIR}/maxzonescount" + ZONES_COUNT=${ZONES_COUNT:-2} ZONES=("${ZONES[@]:0:${ZONES_COUNT}}") diff --git a/ci-operator/step-registry/ipi/conf/aws/ipi-conf-aws-ref.yaml b/ci-operator/step-registry/ipi/conf/aws/ipi-conf-aws-ref.yaml index 3da4b5c3694da..f07650fe36013 100644 --- a/ci-operator/step-registry/ipi/conf/aws/ipi-conf-aws-ref.yaml +++ b/ci-operator/step-registry/ipi/conf/aws/ipi-conf-aws-ref.yaml @@ -1,9 +1,9 @@ ref: as: ipi-conf-aws from_image: - namespace: origin - name: centos - tag: "8" + namespace: ocp + name: "4.5" + tag: upi-installer commands: ipi-conf-aws-commands.sh resources: requests: diff --git a/ci-operator/step-registry/ipi/conf/aws/sharednetwork/ipi-conf-aws-sharednetwork-commands.sh b/ci-operator/step-registry/ipi/conf/aws/sharednetwork/ipi-conf-aws-sharednetwork-commands.sh index 7961bcd2cf47d..1132a7958aeac 100755 --- a/ci-operator/step-registry/ipi/conf/aws/sharednetwork/ipi-conf-aws-sharednetwork-commands.sh +++ b/ci-operator/step-registry/ipi/conf/aws/sharednetwork/ipi-conf-aws-sharednetwork-commands.sh @@ -4,36 +4,52 @@ set -o nounset set -o errexit set -o pipefail +export AWS_SHARED_CREDENTIALS_FILE="${CLUSTER_PROFILE_DIR}/.awscred" + # TODO: move to image curl -L https://github.com/mikefarah/yq/releases/download/3.3.0/yq_linux_amd64 -o /tmp/yq && chmod +x /tmp/yq +EXPIRATION_DATE=$(date -d '4 hours' --iso=minutes --utc) +TAGS="Key=expirationDate,Value=${EXPIRATION_DATE}" + CONFIG="${SHARED_DIR}/install-config.yaml" PATCH="${SHARED_DIR}/install-config-sharednetwork.yaml.patch" -aws_region=$(/tmp/yq r "${CONFIG}" 'platform.aws.region') - -subnets="[]" -case "${aws_region}_$((RANDOM % 4))" in -us-east-1_0) subnets="['subnet-030a88e6e97101ab2','subnet-0e07763243186cac5','subnet-02c5fea7482f804fb','subnet-0291499fd1718ee01','subnet-01c4667ad446c8337','subnet-025e9043c44114baa']";; -us-east-1_1) subnets="['subnet-0170ee5ccdd7e7823','subnet-0d50cac95bebb5a6e','subnet-0094864467fc2e737','subnet-0daa3919d85296eb6','subnet-0ab1e11d3ed63cc97','subnet-07681ad7ce2b6c281']";; -us-east-1_2) subnets="['subnet-00de9462cf29cd3d3','subnet-06595d2851257b4df','subnet-04bbfdd9ca1b67e74','subnet-096992ef7d807f6b4','subnet-0b3d7ba41fc6278b2','subnet-0b99293450e2edb13']";; -us-east-1_3) subnets="['subnet-047f6294332aa3c1c','subnet-0c3bce80bbc2c8f1c','subnet-038c38c7d96364d7f','subnet-027a025e9d9db95ce','subnet-04d9008469025b101','subnet-02f75024b00b20a75']";; -us-east-2_0) subnets="['subnet-0a568760cd74bf1d7','subnet-0320ee5b3bb78863e','subnet-015658a21d26e55b7','subnet-0c3ce64c4066f37c7','subnet-0d57b6b056e1ee8f6','subnet-0b118b86d1517483a']";; -us-east-2_1) subnets="['subnet-0f6c106c48187d0a9','subnet-0d543986b85c9f106','subnet-05ef94f36de5ac8c4','subnet-031cdc26c71c66e83','subnet-0f1e0d62680e8b883','subnet-00e92f507a7cbd8ac']";; -us-east-2_2) subnets="['subnet-0310771820ebb25c7','subnet-0396465c0cb089722','subnet-02e316495d39ce361','subnet-0c5bae9b575f1b9af','subnet-0b3de1f0336c54cfe','subnet-03f164174ccbc1c60']";; -us-east-2_3) subnets="['subnet-045c43b4de0092f74','subnet-0a78d4ddcc6434061','subnet-0ed28342940ef5902','subnet-02229d912f99fc84f','subnet-0c9b3aaa6a1ad2030','subnet-0c93fb4760f95dbe4']";; -us-west-1_0) subnets="['subnet-0919ede122e5d3e46','subnet-0cf9da97d102fff0d','subnet-000378d8042931770','subnet-0c8720acadbb099fc']";; -us-west-1_1) subnets="['subnet-0129b0f0405beca97','subnet-073caab166af2207e','subnet-0f07362330db0ac66','subnet-007d6444690f88b33']";; -us-west-1_2) subnets="['subnet-09affff50a1a3a9d0','subnet-0838fdfcbe4da6471','subnet-08b9c065aefd9b8de','subnet-027fcc48c429b9865']";; -us-west-1_3) subnets="['subnet-0cd3dde41e1d187fe','subnet-0e78f426f8938df2d','subnet-03edeaf52c46468fa','subnet-096fb5b3a7da814c2']";; -us-west-2_0) subnets="['subnet-04055d49cdf149e87','subnet-0b658a04c438ef43c','subnet-015f32caeff1bd736','subnet-0c96a7bb6ac78323c','subnet-0b7387e251953bdcf','subnet-0c19695d20ce05c60']";; -us-west-2_1) subnets="['subnet-0483607b3e3c2514f','subnet-01139c6c5e3c1e28e','subnet-0cc9500f56a1df779','subnet-001b2c8acd2bac389','subnet-093f66b9d6deffafc','subnet-095b373699fb51212']";; -us-west-2_2) subnets="['subnet-057c716b8953f834a','subnet-096f21593f10b44cb','subnet-0f281491881970222','subnet-0fec3730729e452d9','subnet-0381cfcc0183cb0ba','subnet-0f1189be41a2a2a2f']";; -us-west-2_3) subnets="['subnet-072d00dcf02ad90a6','subnet-0ad913e4bd6ff53fa','subnet-09f90e069238e4105','subnet-064ecb1b01098ff35','subnet-068d9cdd93c0c66e6','subnet-0b7d1a5a6ae1d9adf']";; -*) echo >&2 "invalid subnets index"; exit 1;; -esac +REGION="${LEASED_RESOURCE}" + +CLUSTER_NAME="$(/tmp/yq r "${CONFIG}" 'metadata.name')" + +curl -L https://raw.githubusercontent.com/openshift/installer/master/upi/aws/cloudformation/01_vpc.yaml -o /tmp/01_vpc.yaml + +MAX_ZONES_COUNT="$(cat "${SHARED_DIR}/maxzonescount")" + +ZONE_COUNT=3 +if [[ "${MAX_ZONES_COUNT}" -lt 3 ]] + +then + ZONE_COUNT="${MAX_ZONES_COUNT}" +fi + +STACK_NAME="${CLUSTER_NAME}-shared-vpc" +aws --region "${REGION}" cloudformation create-stack \ + --stack-name "${STACK_NAME}" \ + --template-body "$(cat /tmp/01_vpc.yaml)" \ + --tags "${TAGS}" \ + --parameters "ParameterKey=AvailabilityZoneCount,ParameterValue=${ZONE_COUNT}" & + +wait "$!" +echo "Created stack" + +aws --region "${REGION}" cloudformation wait stack-create-complete --stack-name "${STACK_NAME}" & +wait "$!" +echo "Waited for stack" + +subnets="$(aws --region "${REGION}" cloudformation describe-stacks --stack-name "${STACK_NAME}" | jq -c '[.Stacks[].Outputs[] | select(.OutputKey | endswith("SubnetIds")).OutputValue | split(",")[]]' | sed "s/\"/'/g")" echo "Subnets : ${subnets}" +# save stack information to ${SHARED_DIR} for deprovision step +echo "${STACK_NAME}" >> "${SHARED_DIR}/sharednetworkstackname" + cat >> "${PATCH}" << EOF platform: aws: diff --git a/ci-operator/step-registry/ipi/conf/aws/sharednetwork/ipi-conf-aws-sharednetwork-ref.yaml b/ci-operator/step-registry/ipi/conf/aws/sharednetwork/ipi-conf-aws-sharednetwork-ref.yaml index 22a56c42ab865..5e8f2e776e2e6 100644 --- a/ci-operator/step-registry/ipi/conf/aws/sharednetwork/ipi-conf-aws-sharednetwork-ref.yaml +++ b/ci-operator/step-registry/ipi/conf/aws/sharednetwork/ipi-conf-aws-sharednetwork-ref.yaml @@ -1,9 +1,9 @@ ref: as: ipi-conf-aws-sharednetwork from_image: - namespace: origin - name: centos - tag: '8' + namespace: ocp + name: "4.5" + tag: upi-installer commands: ipi-conf-aws-sharednetwork-commands.sh resources: requests: diff --git a/ci-operator/step-registry/ipi/deprovision/aws/OWNERS b/ci-operator/step-registry/ipi/deprovision/aws/OWNERS new file mode 100644 index 0000000000000..8aa379218b2a3 --- /dev/null +++ b/ci-operator/step-registry/ipi/deprovision/aws/OWNERS @@ -0,0 +1,8 @@ +approvers: +- e-tienne +- ewolinetz +- jhixson74 +- jstuever +- patrickdillon +- staebler +- wking \ No newline at end of file diff --git a/ci-operator/step-registry/ipi/deprovision/aws/blackholenetwork/OWNERS b/ci-operator/step-registry/ipi/deprovision/aws/blackholenetwork/OWNERS new file mode 100644 index 0000000000000..8aa379218b2a3 --- /dev/null +++ b/ci-operator/step-registry/ipi/deprovision/aws/blackholenetwork/OWNERS @@ -0,0 +1,8 @@ +approvers: +- e-tienne +- ewolinetz +- jhixson74 +- jstuever +- patrickdillon +- staebler +- wking \ No newline at end of file diff --git a/ci-operator/step-registry/ipi/deprovision/aws/blackholenetwork/ipi-deprovision-aws-blackholenetwork-commands.sh b/ci-operator/step-registry/ipi/deprovision/aws/blackholenetwork/ipi-deprovision-aws-blackholenetwork-commands.sh new file mode 100644 index 0000000000000..d8865f411570a --- /dev/null +++ b/ci-operator/step-registry/ipi/deprovision/aws/blackholenetwork/ipi-deprovision-aws-blackholenetwork-commands.sh @@ -0,0 +1,26 @@ +#!/bin/bash +set -o nounset +set -o errexit +set -o pipefail + +trap 'CHILDREN=$(jobs -p); if test -n "${CHILDREN}"; then kill ${CHILDREN} && wait; fi' TERM + +export AWS_SHARED_CREDENTIALS_FILE="${CLUSTER_PROFILE_DIR}/.awscred" + +if test ! -f "${SHARED_DIR}/blackholenetworkstackname" +then + echo "No blackholenetworkstackname, so unknown stack name, so unable to tear down." + exit 0 +fi + +REGION="${LEASED_RESOURCE}" +STACK_NAME="$(cat "${SHARED_DIR}/blackholenetworkstackname")" + +# cleaning up after ourselves +aws --region "${REGION}" cloudformation delete-stack --stack-name "${STACK_NAME}" & +wait "$!" + +aws --region "${REGION}" cloudformation wait stack-delete-complete --stack-name "${STACK_NAME}" & +wait "$!" + +echo "${STACK_NAME} stack delete complete" diff --git a/ci-operator/step-registry/ipi/deprovision/aws/blackholenetwork/ipi-deprovision-aws-blackholenetwork-ref.metadata.json b/ci-operator/step-registry/ipi/deprovision/aws/blackholenetwork/ipi-deprovision-aws-blackholenetwork-ref.metadata.json new file mode 100644 index 0000000000000..88f326842113f --- /dev/null +++ b/ci-operator/step-registry/ipi/deprovision/aws/blackholenetwork/ipi-deprovision-aws-blackholenetwork-ref.metadata.json @@ -0,0 +1,14 @@ +{ + "path": "ipi/deprovision/aws/blackholenetwork/ipi-deprovision-aws-blackholenetwork-ref.yaml", + "owners": { + "approvers": [ + "e-tienne", + "ewolinetz", + "jhixson74", + "jstuever", + "patrickdillon", + "staebler", + "wking" + ] + } +} \ No newline at end of file diff --git a/ci-operator/step-registry/ipi/deprovision/aws/blackholenetwork/ipi-deprovision-aws-blackholenetwork-ref.yaml b/ci-operator/step-registry/ipi/deprovision/aws/blackholenetwork/ipi-deprovision-aws-blackholenetwork-ref.yaml new file mode 100644 index 0000000000000..e38db159231b0 --- /dev/null +++ b/ci-operator/step-registry/ipi/deprovision/aws/blackholenetwork/ipi-deprovision-aws-blackholenetwork-ref.yaml @@ -0,0 +1,14 @@ +ref: + as: ipi-deprovision-aws-blackholenetwork + from_image: + namespace: ocp + name: "4.5" + tag: upi-installer + grace_period: 10m + commands: ipi-deprovision-aws-blackholenetwork-commands.sh + resources: + requests: + cpu: 300m + memory: 300Mi + documentation: |- + The deprovision step tears down the blackholenetwork by destroying its stack. diff --git a/ci-operator/step-registry/ipi/deprovision/aws/sharednetwork/OWNERS b/ci-operator/step-registry/ipi/deprovision/aws/sharednetwork/OWNERS new file mode 100644 index 0000000000000..8aa379218b2a3 --- /dev/null +++ b/ci-operator/step-registry/ipi/deprovision/aws/sharednetwork/OWNERS @@ -0,0 +1,8 @@ +approvers: +- e-tienne +- ewolinetz +- jhixson74 +- jstuever +- patrickdillon +- staebler +- wking \ No newline at end of file diff --git a/ci-operator/step-registry/ipi/deprovision/aws/sharednetwork/ipi-deprovision-aws-sharednetwork-commands.sh b/ci-operator/step-registry/ipi/deprovision/aws/sharednetwork/ipi-deprovision-aws-sharednetwork-commands.sh new file mode 100644 index 0000000000000..3af5b042968f4 --- /dev/null +++ b/ci-operator/step-registry/ipi/deprovision/aws/sharednetwork/ipi-deprovision-aws-sharednetwork-commands.sh @@ -0,0 +1,26 @@ +#!/bin/bash +set -o nounset +set -o errexit +set -o pipefail + +trap 'CHILDREN=$(jobs -p); if test -n "${CHILDREN}"; then kill ${CHILDREN} && wait; fi' TERM + +export AWS_SHARED_CREDENTIALS_FILE="${CLUSTER_PROFILE_DIR}/.awscred" + +if test ! -f "${SHARED_DIR}/sharednetworkstackname" +then + echo "No sharednetworkstackname, so unknown stack name, so unable to tear down." + exit 0 +fi + +REGION="${LEASED_RESOURCE}" +STACK_NAME="$(cat "${SHARED_DIR}/sharednetworkstackname")" + +# cleaning up after ourselves +aws --region "${REGION}" cloudformation delete-stack --stack-name "${STACK_NAME}" & +wait "$!" + +aws --region "${REGION}" cloudformation wait stack-delete-complete --stack-name "${STACK_NAME}" & +wait "$!" + +echo "${STACK_NAME} stack delete complete" \ No newline at end of file diff --git a/ci-operator/step-registry/ipi/deprovision/aws/sharednetwork/ipi-deprovision-aws-sharednetwork-ref.metadata.json b/ci-operator/step-registry/ipi/deprovision/aws/sharednetwork/ipi-deprovision-aws-sharednetwork-ref.metadata.json new file mode 100644 index 0000000000000..62532d2456ca4 --- /dev/null +++ b/ci-operator/step-registry/ipi/deprovision/aws/sharednetwork/ipi-deprovision-aws-sharednetwork-ref.metadata.json @@ -0,0 +1,14 @@ +{ + "path": "ipi/deprovision/aws/sharednetwork/ipi-deprovision-aws-sharednetwork-ref.yaml", + "owners": { + "approvers": [ + "e-tienne", + "ewolinetz", + "jhixson74", + "jstuever", + "patrickdillon", + "staebler", + "wking" + ] + } +} \ No newline at end of file diff --git a/ci-operator/step-registry/ipi/deprovision/aws/sharednetwork/ipi-deprovision-aws-sharednetwork-ref.yaml b/ci-operator/step-registry/ipi/deprovision/aws/sharednetwork/ipi-deprovision-aws-sharednetwork-ref.yaml new file mode 100644 index 0000000000000..7d541d395dd3a --- /dev/null +++ b/ci-operator/step-registry/ipi/deprovision/aws/sharednetwork/ipi-deprovision-aws-sharednetwork-ref.yaml @@ -0,0 +1,14 @@ +ref: + as: ipi-deprovision-aws-sharednetwork + from_image: + namespace: ocp + name: "4.5" + tag: upi-installer + grace_period: 10m + commands: ipi-deprovision-aws-sharednetwork-commands.sh + resources: + requests: + cpu: 300m + memory: 300Mi + documentation: |- + The deprovision step tears down the sharednetwork by destroying its stack. diff --git a/ci-operator/step-registry/openshift/e2e/aws/proxy/openshift-e2e-aws-proxy-workflow.yaml b/ci-operator/step-registry/openshift/e2e/aws/proxy/openshift-e2e-aws-proxy-workflow.yaml index 06b2e152fe367..4cc204aee3b88 100644 --- a/ci-operator/step-registry/openshift/e2e/aws/proxy/openshift-e2e-aws-proxy-workflow.yaml +++ b/ci-operator/step-registry/openshift/e2e/aws/proxy/openshift-e2e-aws-proxy-workflow.yaml @@ -11,6 +11,7 @@ workflow: - ref: gather-proxy - ref: ipi-deprovision-deprovision - ref: ipi-deprovision-proxy + - ref: ipi-deprovision-aws-blackholenetwork env: TEST_SKIPS: >- Image append should create images by appending them\| diff --git a/ci-operator/step-registry/openshift/e2e/aws/sharednetwork/openshift-e2e-aws-sharednetwork-workflow.yaml b/ci-operator/step-registry/openshift/e2e/aws/sharednetwork/openshift-e2e-aws-sharednetwork-workflow.yaml index adb2f2efa612c..085fcdeb4dd92 100644 --- a/ci-operator/step-registry/openshift/e2e/aws/sharednetwork/openshift-e2e-aws-sharednetwork-workflow.yaml +++ b/ci-operator/step-registry/openshift/e2e/aws/sharednetwork/openshift-e2e-aws-sharednetwork-workflow.yaml @@ -7,5 +7,6 @@ workflow: - ref: openshift-e2e-test post: - chain: ipi-aws-post + - ref: ipi-deprovision-aws-sharednetwork documentation: |- The Openshift E2E AWS workflow executes the common end-to-end test suite on AWS in a shared network cluster configuration.