Skip to content

ipi-install-aws: use integration cincinnati in CI clusters, where possible #42290

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
petr-muller wants to merge 1 commit into from
Closed

ipi-install-aws: use integration cincinnati in CI clusters, where possible #42290

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
90 changes: 83 additions & 7 deletions ci-operator/step-registry/ipi/install/install/aws/ipi-install-install-aws-commands.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,82 @@ BASE_DOMAIN="$(yq-go r "${SHARED_DIR}/install-config.yaml" 'baseDomain')"
which openshift-install
openshift-install version

function set-cluster-version-spec-update-service() {
local payload_version
payload_version="$(oc adm release info "${OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE}" -o "jsonpath={.metadata.version}")"
echo "Release payload version: ${payload_version}"

if [[ ! -f ${dir}/manifests/cvo-overrides.yaml ]]; then
echo "No CVO overrides file found, will not configure OpenShift Update Service"
return
fi

# Using OSUS in upgrade jobs would be tricky (we would need to know the channel with both versions)
# and the use case has little benefits (not many jobs that update between two released versions)
# so we do not need to support it. We still need to channel clear to avoid tripping the
# CannotRetrieveUpdates alert on one of the versions.
# Not all steps that use this script expose OPENSHIFT_UPGRADE_RELEASE_IMAGE_OVERRIDE so we need to default it
# If we are in a step that exposes it and it differs from OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE, we are likely
# running an upgrade job.
if [[ -n "${OPENSHIFT_UPGRADE_RELEASE_IMAGE_OVERRIDE:-}" ]] &&
[[ "$OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE" != "${OPENSHIFT_UPGRADE_RELEASE_IMAGE_OVERRIDE:-}" ]]; then
echo "This is likely an upgrade job (OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE differs from nonempty OPENSHIFT_UPGRADE_RELEASE_IMAGE_OVERRIDE)"
echo "Cluster cannot query OpenShift Update Service (OSUS/Cincinnati), cleaning the channel"
sed -i '/^ channel:/d' "${dir}/manifests/cvo-overrides.yaml"
return
fi

# Determine architecture that Cincinnati would use: check metadata for release.openshift.io/architecture key
# and fall back to manifest-declared architecture
local payload_arch
payload_arch="$(oc adm release info "${OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE}" -o "jsonpath={.metadata.metadata.release\.openshift\.io/architecture}")"
if [[ -z "${payload_arch}" ]]; then
echo 'Payload architecture not found in .metadata.metadata["release.openshift.io/architecture"], using .config.architecture'
payload_arch="$(oc adm release info "${OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE}" -o "jsonpath={.config.architecture}")"
fi
local payload_arch_param
if [[ -n "${payload_arch}" ]]; then
echo "Release payload architecture: ${payload_arch}"
payload_arch_param="&arch=${payload_arch}"
else
echo "Unable to determine payload architecture"
payload_arch_param=""
fi


local channel
if ! channel="$(grep -E --only-matching '(stable|eus|fast|candidate)-4.[0-9]+' "${dir}/manifests/cvo-overrides.yaml")"; then
echo "No known OCP channel found in CVO manifest, clearing the channel"
sed -i '/^ channel:/d' "${dir}/manifests/cvo-overrides.yaml"
return
fi

# The candidate channel is most likely to contain the versions we are interested in, so transfer the current channel
# into a candidate one.
echo "Original channel from CVO manifest: ${channel}"
local candidate_channel
candidate_channel="$(echo "${channel}" | sed -E 's/(stable|eus|fast)/candidate/')"
echo "Matching candidate channel: ${candidate_channel}"

# If the version is known to OSUS, it is safe for the CI cluster to query it, so we will query the integration OSUS
# instance maintained by OTA team. Otherwise, the cluster would trip the CannotRetrieveUpdates alert, so we need
# to clear the channel to make the cluster *not* query any OSUS instance.
local query
query="https://api.integration.openshift.com/api/upgrades_info/graph?channel=${candidate_channel}${payload_arch_param}"
echo "Querying $query for version ${payload_version}"
if curl --silent "$query" | grep --quiet '"version":"'"$payload_version"'"'; then
echo "Version ${payload_version} is available in ${candidate_channel}, cluster can query OpenShift Update Service (OSUS/Cincinnati)"
echo "Setting channel to $candidate_channel and upstream to https://api.integration.openshift.com/api/upgrades_info/graph "
sed -i "s|^ channel: .*| channel: $candidate_channel|" "${dir}/manifests/cvo-overrides.yaml"
echo ' upstream: https://api.integration.openshift.com/api/upgrades_info/graph' >> "${dir}/manifests/cvo-overrides.yaml"
else
echo "Version ${payload_version} is not available in ${candidate_channel}"
echo "Cluster cannot query OpenShift Update Service (OSUS/Cincinnati)"
echo "Clearing the channel"
sed -i '/^ channel:/d' "${dir}/manifests/cvo-overrides.yaml"
fi
}

function populate_artifact_dir() {
set +e
echo "Copying log bundle..."
Expand Down Expand Up @@ -42,7 +118,7 @@ function prepare_next_steps() {
"${dir}/auth/kubeconfig" \
"${dir}/auth/kubeadmin-password" \
"${dir}/metadata.json"

# For private cluster, the bootstrap address is private, installer cann't gather log-bundle directly even if proxy is set
# the workaround is gather log-bundle from bastion host
# copying install folder to bastion host for gathering logs
Expand Down Expand Up @@ -130,7 +206,7 @@ aws-c2s|aws-sc2s) export AWS_SHARED_CREDENTIALS_FILE=${SHARED_DIR}/aws_temp_cred
esac


# set CA_BUNDLE for C2S and SC2S
# set CA_BUNDLE for C2S and SC2S
if [[ "${CLUSTER_TYPE}" =~ ^aws-s?c2s$ ]]; then
export AWS_CA_BUNDLE=${SHARED_DIR}/additional_trust_bundle
fi
Expand Down Expand Up @@ -164,7 +240,7 @@ fi
if [ "${ENABLE_AWS_LOCALZONE}" == "yes" ]; then
if [[ -f "${SHARED_DIR}/manifest_localzone_machineset.yaml" ]]; then
# Phase 0, inject manifests

# replace PLACEHOLDER_INFRA_ID PLACEHOLDER_AMI_ID
echo "Local Zone is enabled, updating Infran ID and AMI ID ... "
localzone_machineset="${SHARED_DIR}/manifest_localzone_machineset.yaml"
Expand All @@ -184,10 +260,10 @@ if [ "${ENABLE_AWS_LOCALZONE}" == "yes" ]; then
done
fi
fi

fi

sed -i '/^ channel:/d' "${dir}/manifests/cvo-overrides.yaml"
set-cluster-version-spec-update-service

echo "Will include manifests:"
find "${SHARED_DIR}" \( -name "manifest_*.yml" -o -name "manifest_*.yaml" \)
Expand Down Expand Up @@ -354,8 +430,8 @@ EOF
--capabilities CAPABILITY_NAMED_IAM &
wait "$!"
ret=$?
fi
fi

echo "Created stack $APPS_DNS_STACK_NAME"

aws --region "${REGION}" cloudformation wait stack-create-complete --stack-name "${APPS_DNS_STACK_NAME}" &
Expand Down