Add Proxy CI for OpenStack platform by MaysaMacedo · Pull Request #20800 · openshift/release

MaysaMacedo · 2021-08-02T14:07:59Z

This commit includes a new Job for a proxy
installation with a restricted Network. The
bastion VM is configured with two Networks,
one with access to the external world and
another without. The installer will use the
restricted Network and rely on the Proxy
for external access.

The job will run on demand from the installer PRs and also
every 72h in periodic.

...ator/step-registry/openshift/e2e/openstack/proxy/openshift-e2e-openstack-proxy-workflow.yaml

...erator/step-registry/openstack/conf/generateconfig/openstack-conf-generateconfig-commands.sh

...registry/openstack/deprovision/machinesubnet/openstack-deprovision-machinesubnet-commands.sh

.../step-registry/openstack/provision/bastionproxy/openstack-provision-bastionproxy-commands.sh

ci-operator/config/openshift/release/openshift-release-master__nightly-4.9.yaml

MaysaMacedo · 2021-08-25T10:46:54Z

/retest

EmilienM · 2021-08-31T19:12:17Z

/lgtm

MaysaMacedo · 2021-09-01T07:20:29Z

/retest

andfasano · 2021-09-01T07:14:28Z

...ator/step-registry/openshift/e2e/openstack/proxy/openshift-e2e-openstack-proxy-workflow.yaml

Note: @stbenjam has an approach in PR 26389 to directly exclude the proxy related tests from within the e2e test suites

mandre

A few nits, mostly about logging.

mandre · 2021-09-01T05:59:18Z

ci-operator/step-registry/openstack/conf/createfips/openstack-conf-createfips-commands.sh

Just a small change to make it less confusing while debugging:

Suggested change

echo "Skipping step due to CONFIG_TYPE being byon."

echo "Skipping step due to CONFIG_TYPE being \"${CONFIG_TYPE}\"."

thanks, I'll add it

mandre · 2021-09-01T06:33:45Z

...registry/openstack/deprovision/machinesubnet/openstack-deprovision-machinesubnet-commands.sh

Perhaps a comment would help understanding in which cases we need to remove the machines subnet from the router.

mandre · 2021-09-01T06:39:21Z

.../step-registry/openstack/provision/bastionproxy/openstack-provision-bastionproxy-commands.sh

Suggested change

>&2 echo "Created security group for ${CLUSTER_NAME}: ${sg_id}"

>&2 echo "Created bastion security group for ${CLUSTER_NAME}: ${sg_id}"

mandre · 2021-09-01T06:39:57Z

.../step-registry/openstack/provision/bastionproxy/openstack-provision-bastionproxy-commands.sh

You've added DNS to the list, the log message is no longer current:

Suggested change

>&2 echo "Security group rules created in ${sg_id} to allow SSH and squid access"

>&2 echo "Created necessary security group rules in ${sg_id}"

mandre · 2021-09-01T07:12:35Z

.../step-registry/openstack/provision/bastionproxy/openstack-provision-bastionproxy-commands.sh

This assumes there will only ever be one interface for the server on the machines network. If we don't make it more robust, we should at least add a comment explaining our assumption.

I don't see why the bastion would have > 1 port connected on the machines network as of now, but you're right, this can evolve in the future; so we should document it here.

mandre · 2021-09-01T07:25:21Z

...tep-registry/openstack/provision/machinesubnet/openstack-provision-machinesubnet-commands.sh

Should we check that ${OPENSTACK_EXTERNAL_NETWORK} != ""?

I don't think we need, the previous command would have failed. OPENSTACK_EXTERNAL_NETWORK has a value for each platform, I think this is safe to keep it that way.

mandre · 2021-09-01T07:39:59Z

...tep-registry/openstack/provision/machinesubnet/openstack-provision-machinesubnet-commands.sh

Suggested change

echo "ZONES_COUNT was set to '${ZONES_COUNT}', although CONFIG_TYPE was not set to 'byon'."

echo "ZONES_COUNT was set to '${ZONES_COUNT}', although CONFIG_TYPE was not set to 'byon' or 'proxy'."

EmilienM · 2021-09-01T14:31:17Z

/lgtm

EmilienM · 2021-09-01T15:47:42Z

/lgtm

patrickdillon · 2021-09-01T18:31:54Z

/approve

EmilienM · 2021-09-01T20:40:34Z

/retest

MaysaMacedo · 2021-09-02T14:20:39Z

/retest

MaysaMacedo · 2021-09-02T15:55:55Z

/retest

MaysaMacedo · 2021-09-02T17:53:12Z

/retest

MaysaMacedo · 2021-09-03T13:12:47Z

/retest

MaysaMacedo · 2021-09-05T20:46:07Z

/retest

EmilienM · 2021-09-06T10:15:27Z

/lgtm

MaysaMacedo · 2021-09-06T11:17:25Z

/retest

MaysaMacedo · 2021-09-06T11:19:58Z

/assign @petr-muller

ci-operator/config/openshift/release/openshift-release-master__nightly-4.9.yaml

MaysaMacedo · 2021-09-06T20:02:17Z

/retest

This commit includes a new Job for a proxy installation with a restricted Network. The bastion VM is configured with two networks, one with access to the external world (Bastion network) and another without (Machines Network). The installer will use the restricted Machines network and rely on the Proxy for external access. The job will run on demand from the installer PRs and also every 72h in periodic. Co-Authored-By: Maysa Macedo <maysa.macedo95@gmail.com> Co-Authored-By: Emilien Macchi <emilien@redhat.com>

EmilienM · 2021-09-06T21:40:38Z

/lgtm

MaysaMacedo · 2021-09-07T09:36:03Z

/assign stbenjam

MaysaMacedo · 2021-09-07T10:15:07Z

/retest

openshift-ci · 2021-09-07T10:17:05Z

@MaysaMacedo: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Rerun command
ci/rehearse/periodic-ci-openshift-release-master-ci-4.9-e2e-openstack-parallel	98164da3a3d9dcfa1ff712e4f0146eec56abce9c	link	`/test pj-rehearse`
ci/rehearse/periodic-ci-openshift-release-master-nightly-4.10-e2e-openstack-proxy	`a2e245b`	link	`/test pj-rehearse`
ci/rehearse/openshift/cluster-cloud-controller-manager-operator/release-4.9/e2e-openstack-ccm	`a2e245b`	link	`/test pj-rehearse`
ci/rehearse/openshift/kubernetes/release-4.9/e2e-openstack-csi-manila	`a2e245b`	link	`/test pj-rehearse`
ci/rehearse/periodic-ci-openshift-release-master-ci-4.9-e2e-openstack-techpreview-parallel	`a2e245b`	link	`/test pj-rehearse`
ci/rehearse/openshift/openstack-cinder-csi-driver-operator/release-4.9/e2e-openstack-csi	`a2e245b`	link	`/test pj-rehearse`
ci/rehearse/periodic-ci-openshift-release-master-nightly-4.9-e2e-openstack-az	`a2e245b`	link	`/test pj-rehearse`
ci/rehearse/periodic-ci-openshift-release-master-nightly-4.9-e2e-openstack-proxy	`a2e245b`	link	`/test pj-rehearse`
ci/rehearse/openshift/installer/master/e2e-openstack-proxy	`a2e245b`	link	`/test pj-rehearse`
ci/rehearse/periodic-ci-openshift-release-master-ci-4.9-upgrade-from-stable-4.8-e2e-openstack-upgrade	`a2e245b`	link	`/test pj-rehearse`
ci/prow/pj-rehearse	`a2e245b`	link	`/test pj-rehearse`
ci/rehearse/periodic-ci-openshift-release-master-nightly-4.10-e2e-openstack-fips	`a2e245b`	link	`/test pj-rehearse`

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

stbenjam · 2021-09-07T10:34:55Z

/approve

openshift-ci · 2021-09-07T10:35:26Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: EmilienM, MaysaMacedo, patrickdillon, stbenjam

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

~~ci-operator/config/openshift/installer/OWNERS~~ [patrickdillon]
~~ci-operator/config/openshift/release/OWNERS~~ [stbenjam]
~~ci-operator/jobs/openshift/installer/OWNERS~~ [patrickdillon]
~~ci-operator/jobs/openshift/release/OWNERS~~ [stbenjam]
~~ci-operator/step-registry/openshift/e2e/openstack/OWNERS~~ [EmilienM]
~~ci-operator/step-registry/openstack/OWNERS~~ [EmilienM]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

openshift-ci · 2021-09-07T10:43:54Z

@MaysaMacedo: Updated the following 3 configmaps:

ci-operator-master-configs configmap in namespace ci at cluster app.ci using the following files:
- key openshift-installer-master.yaml using file ci-operator/config/openshift/installer/openshift-installer-master.yaml
- key openshift-release-master__nightly-4.10.yaml using file ci-operator/config/openshift/release/openshift-release-master__nightly-4.10.yaml
- key openshift-release-master__nightly-4.9.yaml using file ci-operator/config/openshift/release/openshift-release-master__nightly-4.9.yaml
job-config-master configmap in namespace ci at cluster app.ci using the following files:
- key openshift-installer-master-presubmits.yaml using file ci-operator/jobs/openshift/installer/openshift-installer-master-presubmits.yaml
- key openshift-release-master-periodics.yaml using file ci-operator/jobs/openshift/release/openshift-release-master-periodics.yaml
step-registry configmap in namespace ci at cluster app.ci using the following files:
- key OWNERS using file ci-operator/step-registry/openshift/e2e/openstack/proxy/OWNERS
- key openshift-e2e-openstack-proxy-workflow.metadata.json using file ci-operator/step-registry/openshift/e2e/openstack/proxy/openshift-e2e-openstack-proxy-workflow.metadata.json
- key openshift-e2e-openstack-proxy-workflow.yaml using file ci-operator/step-registry/openshift/e2e/openstack/proxy/openshift-e2e-openstack-proxy-workflow.yaml
- key openstack-conf-creatednsrecords-ref.yaml using file ci-operator/step-registry/openstack/conf/creatednsrecords/openstack-conf-creatednsrecords-ref.yaml
- key openstack-conf-createfips-commands.sh using file ci-operator/step-registry/openstack/conf/createfips/openstack-conf-createfips-commands.sh
- key openstack-conf-createfips-ref.yaml using file ci-operator/step-registry/openstack/conf/createfips/openstack-conf-createfips-ref.yaml
- key openstack-conf-generateconfig-commands.sh using file ci-operator/step-registry/openstack/conf/generateconfig/openstack-conf-generateconfig-commands.sh
- key openstack-conf-generateconfig-ref.yaml using file ci-operator/step-registry/openstack/conf/generateconfig/openstack-conf-generateconfig-ref.yaml
- key openstack-deprovision-bastionproxy-commands.sh using file ci-operator/step-registry/openstack/deprovision/bastionproxy/openstack-deprovision-bastionproxy-commands.sh
- key openstack-deprovision-bastionproxy-ref.yaml using file ci-operator/step-registry/openstack/deprovision/bastionproxy/openstack-deprovision-bastionproxy-ref.yaml
- key openstack-deprovision-machinesubnet-commands.sh using file ci-operator/step-registry/openstack/deprovision/machinesubnet/openstack-deprovision-machinesubnet-commands.sh
- key openstack-deprovision-machinesubnet-ref.yaml using file ci-operator/step-registry/openstack/deprovision/machinesubnet/openstack-deprovision-machinesubnet-ref.yaml
- key openstack-provision-bastionproxy-commands.sh using file ci-operator/step-registry/openstack/provision/bastionproxy/openstack-provision-bastionproxy-commands.sh
- key openstack-provision-bastionproxy-ref.yaml using file ci-operator/step-registry/openstack/provision/bastionproxy/openstack-provision-bastionproxy-ref.yaml
- key openstack-provision-machinesubnet-commands.sh using file ci-operator/step-registry/openstack/provision/machinesubnet/openstack-provision-machinesubnet-commands.sh
- key openstack-provision-machinesubnet-ref.yaml using file ci-operator/step-registry/openstack/provision/machinesubnet/openstack-provision-machinesubnet-ref.yaml

Details

In response to this:

This commit includes a new Job for a proxy
installation with a restricted Network. The
bastion VM is configured with two Networks,
one with access to the external world and
another without. The installer will use the
restricted Network and rely on the Proxy
for external access.

The job will run on demand from the installer PRs and also
every 72h in periodic.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

MaysaMacedo changed the title ~~Add Proxy CI for OpenStack platform~~ wip: Add Proxy CI for OpenStack platform Aug 2, 2021

openshift-ci bot requested review from adduarte and mdbooth August 2, 2021 14:10

openshift-ci bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Aug 2, 2021

MaysaMacedo force-pushed the proxy-with-disconnected branch 2 times, most recently from 438ca5f to 44cbe1c Compare August 2, 2021 14:49

MaysaMacedo marked this pull request as draft August 2, 2021 14:58

openshift-ci bot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Aug 5, 2021

MaysaMacedo force-pushed the proxy-with-disconnected branch from 4e7b673 to d2ffe14 Compare August 10, 2021 13:45

openshift-ci bot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Aug 10, 2021

MaysaMacedo force-pushed the proxy-with-disconnected branch 2 times, most recently from 117c17a to 6653e6d Compare August 10, 2021 20:03

MaysaMacedo marked this pull request as ready for review August 10, 2021 20:07

MaysaMacedo force-pushed the proxy-with-disconnected branch 4 times, most recently from 5fd029b to 0805c03 Compare August 10, 2021 21:36