Skip to content

OCPBUGS-52363: ci/get-ocp-repo.sh: Fixes for scos to accomodate building images in CI #1757

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
openshift-merge-bot merged 2 commits into from
Mar 5, 2025
Merged

OCPBUGS-52363: ci/get-ocp-repo.sh: Fixes for scos to accomodate building images in CI #1757

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
251c1e9
ci/get-ocp-repo.sh: Fixes for scos to accomodate building images in CI
Prashanth684 Feb 27, 2025
8e39002
packages-openshift: fix the disabling of repo files that are mountpoints
Prashanth684 Mar 5, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions Containerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,5 +35,6 @@ RUN --mount=type=bind,target=/run/src --mount=type=secret,id=yumrepos,target=/et
find /usr -name '*.pyc' -exec mv {} {}.bak \; && \
if [ "${OPENSHIFT_CI}" != 0 ]; then /run/src/ci/get-ocp-repo.sh --ocp-layer /run/src/packages-openshift.yaml --output-dir /etc/yum.repos.d; fi && \
/run/src/scripts/apply-manifest /run/src/packages-openshift.yaml && \
if [ "${OPENSHIFT_CI}" != 0 ]; then /run/src/ci/get-ocp-repo.sh --output-dir /etc/yum.repos.d --cleanup; fi && \
find /usr -name '*.pyc.bak' -exec sh -c 'mv $1 ${1%.bak}' _ {} \; && \
ostree container commit
69 changes: 66 additions & 3 deletions ci/get-ocp-repo.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,11 +29,50 @@ info() {
echo "INFO:" "$@" >&2
}

cleanup_repos() {
# if we had installed the packages and created symlinks, remove it
if rpm -q centos-release-cloud; then
dnf remove -y centos-release-{cloud,nfv,virt}-common
find "/usr/share/distribution-gpg-keys/centos" -type l -exec rm -f {} \;
echo "Removed all symbolic links and packages installed for scos"
fi
# remove ocp.repo file
if [ -n "$ocp_manifest" ]; then
if [ -z "$output_dir" ]; then
output_dir=$(dirname "$ocp_manifest")
fi
else
if [ -z "$output_dir" ]; then
output_dir="$cosa_workdir/src/config"
fi
fi
rm "$output_dir/ocp.repo"
echo "Removed repo file $output_dir/ocp.repo"
}

create_gpg_keys() {
# Check if centos-stream-release is installed and centos-release-cloud is not
if rpm -q centos-stream-release && ! rpm -q centos-release-cloud; then
dnf install -y centos-release-{cloud,nfv,virt}-common
fi

# Create directory for CentOS distribution GPG keys
mkdir -p /usr/share/distribution-gpg-keys/centos
# Create symbolic links for GPG keys
if [ ! -e "/usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-Official" ]; then
ln -s /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial /usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-Official
ln -s {/etc/pki/rpm-gpg,/usr/share/distribution-gpg-keys/centos}/RPM-GPG-KEY-CentOS-SIG-Cloud
ln -s {/etc/pki/rpm-gpg,/usr/share/distribution-gpg-keys/centos}/RPM-GPG-KEY-CentOS-SIG-Extras-SHA512
ln -s {/etc/pki/rpm-gpg,/usr/share/distribution-gpg-keys/centos}/RPM-GPG-KEY-CentOS-SIG-NFV
ln -s {/etc/pki/rpm-gpg,/usr/share/distribution-gpg-keys/centos}/RPM-GPG-KEY-CentOS-SIG-Virtualization
fi
}

cosa_workdir=
ocp_manifest=
output_dir=
rc=0
options=$(getopt --options h --longoptions help,cosa-workdir:,ocp-layer:,output-dir: -- "$@") || rc=$?
options=$(getopt --options h --longoptions help,cosa-workdir:,ocp-layer:,output-dir:,cleanup,create-gpg-keys -- "$@") || rc=$?
[ $rc -eq 0 ] || print_usage_and_exit
eval set -- "$options"
while [ $# -ne 0 ]; do
Expand All @@ -42,6 +81,8 @@ while [ $# -ne 0 ]; do
--cosa-workdir) cosa_workdir=$2; shift;;
--ocp-layer) ocp_manifest=$2; shift;;
--output-dir) output_dir=$2; shift;;
--cleanup) cleanup_repos; exit 0;;
--create-gpg-keys) create_gpg_keys; exit 0;;
--) break;;
*) echo "$0: invalid argument: $1" >&2; exit 1;;
esac
Expand All @@ -50,8 +91,6 @@ done

if [ -n "$ocp_manifest" ]; then
# --ocp-layer path
rhel_version=$(source /usr/lib/os-release; echo ${VERSION_ID//./})
info "Got RHEL version $rhel_version from /usr/lib/os-release"
ocp_version=$(rpm-ostree compose tree --print-only "$ocp_manifest" | jq -r '.metadata.ocp_version')
ocp_version=${ocp_version//./-}
info "Got OpenShift version $ocp_version from $ocp_manifest"
Expand All @@ -61,6 +100,21 @@ if [ -n "$ocp_manifest" ]; then
if [ -z "$output_dir" ]; then
output_dir=$(dirname "$ocp_manifest")
fi

# get rhel version corresponding to the release so we can get the
# correct OpenShift rpms from those for scos. These packages are not
# available in CentOS Stream
if [ "$osname" = scos ]; then
workdir=$(dirname "$ocp_manifest")
manifest="$workdir/manifest.yaml"
json=$(rpm-ostree compose tree --print-only "$manifest")
version=$(jq -r '.["automatic-version-prefix"]' <<< "$json")
rhel_version=$(cut -f2 -d. <<< "$version")
info "Got RHEL version $rhel_version from rhel manifest for scos"
else
rhel_version=$(source /usr/lib/os-release; echo ${VERSION_ID//./})
info "Got RHEL version $rhel_version from /usr/lib/os-release"
fi
else
[ -n "$cosa_workdir" ]
# --cosa-workdir path
Expand Down Expand Up @@ -132,7 +186,16 @@ fi
if [ "$osname" = scos ]; then
info "Neutering RHEL repos for SCOS"
awk '/server-ose/,/^$/' "$repo_path" > "$repo_path.tmp"
# only pull in certain Openshift packages as the rest come from the c9s repo
sed -i '/^baseurl = /a includepkgs=openshift-* ose-aws-ecr-* ose-azure-acr-* ose-gcp-gcr-*' "$repo_path.tmp"
Copy link
Copy Markdown
Member

@jlebon jlebon Mar 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need this? What else comes from the plashet without it?
Just want to avoid having to maintain a list here.

Copy link
Copy Markdown
Contributor Author

@Prashanth684 Prashanth684 Mar 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes - we want cri-o, cri-tools, conmon, openvswitch to come from the sig-cloud and the Centos Stream openvswitch repos and not from the plashet.

Copy link
Copy Markdown
Contributor Author

@Prashanth684 Prashanth684 Mar 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

in the longterm we want to target even building the kubelet, openshift-clients and the platform related packages through sig-cloud so we can eliminate the need for the plashet completely.

Copy link
Copy Markdown
Member

@jlebon jlebon Mar 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

in the longterm we want to target even building the kubelet, openshift-clients and the platform related packages through sig-cloud so we can eliminate the need for the plashet completely.

Yes, agree.

But I mean more, are those other packages frequently higher versioned in the plashet than in the SIG repos?

Copy link
Copy Markdown
Contributor Author

@Prashanth684 Prashanth684 Mar 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the versions differ, but not by much, except for openvswitch and ovn - we cannot use the one from plashets (they come from FDP repos)

Copy link
Copy Markdown
Member

@jlebon jlebon Mar 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think ideally this list would live elsewhere. E.g. as another repo definition in openshift/release that's really just the same as the plashet, but has the includepkgs= inlined. We do something similar also for the kernel: openshift/release#61361

The advantage of that is that anything that wants to reuse these repo definitions doesn't have to redefine this stuff.

Copy link
Copy Markdown
Contributor Author

@Prashanth684 Prashanth684 Mar 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

oh yeah that's an idea..we could put the repo there and have a service to access similar to the rhel ones. especially once we start building the images through prow. Although every release we would need to bump the sig-cloud repos, which is fine as we have to do that in this repo too anyway

# add the contents of the CentOS Stream repo
workdir="$cosa_workdir/src/config"
if [ -n "$ocp_manifest" ]; then
workdir=$(dirname "$ocp_manifest")
fi
cat "$workdir/c9s.repo" >> "$repo_path.tmp"
Copy link
Copy Markdown
Member

@jlebon jlebon Mar 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is OK, though I think at least baseos and appstream will be duplicates with the builtin ones.

Actually, is there a package we could install that has the SIG repo definitions?

You can imagine once this repo is split in two and the base image is defined elsewhere, we wouldn't necessarily have the c9s.repo file here.

Copy link
Copy Markdown
Contributor Author

@Prashanth684 Prashanth684 Mar 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i'd have to look into that - you are correct that the base and appstream are present, but nothing else. installing these repos: centos-release-{cloud,nfv,virt}-common, do add some of the nfv and rt repos, but I didn't find an equivalent for sig-cloud or openvswitch.

mv "$repo_path.tmp" "$repo_path"
create_gpg_keys
fi

cat "$repo_path"
10 changes: 1 addition & 9 deletions extensions/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,15 +8,7 @@ WORKDIR /os
ADD . .
ARG COSA
ARG VARIANT
RUN if [[ -z "$COSA" ]] ; then ci/get-ocp-repo.sh --ocp-layer packages-openshift.yaml; fi
# on SCOS, we need to add the GPG keys of the various SIGs we need
RUN if rpm -q centos-stream-release && ! rpm -q centos-release-cloud; then dnf install -y centos-release-{cloud,nfv,virt}-common; fi
RUN mkdir -p /usr/share/distribution-gpg-keys/centos
RUN ln -s /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial /usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-Official
RUN ln -s {/etc/pki/rpm-gpg,/usr/share/distribution-gpg-keys/centos}/RPM-GPG-KEY-CentOS-SIG-Cloud
RUN ln -s {/etc/pki/rpm-gpg,/usr/share/distribution-gpg-keys/centos}/RPM-GPG-KEY-CentOS-SIG-Extras-SHA512
RUN ln -s {/etc/pki/rpm-gpg,/usr/share/distribution-gpg-keys/centos}/RPM-GPG-KEY-CentOS-SIG-NFV
RUN ln -s {/etc/pki/rpm-gpg,/usr/share/distribution-gpg-keys/centos}/RPM-GPG-KEY-CentOS-SIG-Virtualization
RUN if [[ -z "$COSA" ]] ; then ci/get-ocp-repo.sh --ocp-layer packages-openshift.yaml; else ci/get-ocp-repo.sh --create-gpg-keys; fi
RUN if [[ -n "${VARIANT}" ]]; then MANIFEST="manifest-${VARIANT}.yaml"; EXTENSIONS="extensions-${VARIANT}.yaml"; else MANIFEST="manifest.yaml"; EXTENSIONS="extensions.yaml"; fi && rpm-ostree compose extensions --rootfs=/ --output-dir=/usr/share/rpm-ostree/extensions/ ./"${MANIFEST}" ./"${EXTENSIONS}"

## Creates the repo metadata for the extensions.
Expand Down
2 changes: 1 addition & 1 deletion packages-openshift.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ postprocess:
for x in $(find /etc/yum.repos.d/ -name '*.repo'); do
# ignore repo files that are mountpoints since they're likely secrets
if ! mountpoint "$x"; then
sed -i -e s,enabled=1,enabled=0, $x
sed -i -e 's/enabled\s*=\s*1/enabled=0/g' $x
fi
done

Expand Down