From ac8e786ff2a2673a83dbc0c5627668ab449f8ef9 Mon Sep 17 00:00:00 2001 From: Zack Zlotnik Date: Tue, 12 Apr 2022 16:54:18 -0400 Subject: [PATCH 1/2] build and test RHCOS as a container base image --- .../openshift/os/openshift-os-master.yaml | 263 +++++++++--- .../os/openshift-os-master-periodics.yaml | 63 --- .../os/openshift-os-master-presubmits.yaml | 394 +++++++++++++++++- .../openshift/mapping_origin_4_11 | 1 - 4 files changed, 578 insertions(+), 143 deletions(-) delete mode 100644 ci-operator/jobs/openshift/os/openshift-os-master-periodics.yaml diff --git a/ci-operator/config/openshift/os/openshift-os-master.yaml b/ci-operator/config/openshift/os/openshift-os-master.yaml index be3aa4bb93d97..b86723b3447ad 100644 --- a/ci-operator/config/openshift/os/openshift-os-master.yaml +++ b/ci-operator/config/openshift/os/openshift-os-master.yaml @@ -26,7 +26,100 @@ images: as: - registry.ci.openshift.org/ocp/builder:rhel-8-golang-1.17-openshift-4.10 to: build-test-qemu-img +- dockerfile_literal: | + # This stage actually builds the RHCOS OCI image. However, due to + # limitations within OpenShift CI, we need to do the following: + # 1. Disable KVM by using the COSA_NO_KVM env var. This is due to OpenShift + # CI using the default OpenShift Docker Build strategy, which precludes us + # from mounting /dev/kvm into the build context. + # 2. Due to a limitation in the version of Buildah that OpenShift Builds + # uses (at the time of this writing, it uses a v1.23.z version of Buildah), + # we cannot mount the build context into the container build (e.g., `RUN + # --mount=type=bind,rw=true,src=.,dst=/buildcontext,bind-propagation=shared + # `), which would allow it to mutate the build context. This is due to + # https://github.com/containers/buildah/pull/3548 not being present. + # For now, this necessitates passing this image into the cosa-build image + # build below to extract the OCI archive and inject it into the + # ImageStream. However, once the OpenShift CI system is upgraded to use + # OpenShift 4.11, we can create the RHCOS image in a single shot via this + # stage. + FROM build-test-qemu-img:latest + ENV COSA_DIR=/tmp/cosa + ENV COSA_SKIP_OVERLAY=1 + RUN mkdir -p "${COSA_DIR}" && \ + COSA_NO_KVM=1 /src/ci/prow-build.sh && \ + rm -rf "${COSA_DIR}/cache" + # We need to make sure that root can read / write to the COSA_DIR so that + # when this container is actually run, we have permissions to read and + # write to the COSA_DIR to allow the Kola tests to run. + # Note: In Docker BuildKit, this would double the image size because this + # would create an additional layer. However, since OpenShift Image Builds + # use Buildah, this is eliminated because it squashes these layers + # together. + USER root + RUN chgrp -Rf root "${COSA_DIR}" && \ + chmod -Rf g+w "${COSA_DIR}" + USER builder + WORKDIR /tmp/cosa + inputs: + build-test-qemu-img: + as: + - build-test-qemu-img:latest + to: cosa-build +- dockerfile_literal: | + # We need the OCI archive to be somewhere with a predictable place with a constant + # path. However, the Kola tests expect the OCI archive to have the build + # number included in the filename. With that in mind, this image build will + # extract the RHCOS OCI archive from the cosa-build archive and place it in + # a constant path for extraction by the machine-os-oci-content image build. + FROM cosa-build:latest AS base + RUN /src/ci/simplify-ociarchive-path.sh + + FROM scratch + COPY --from=base /tmp/cosa/builds/latest/x86_64/rhcos.x86_64.ociarchive /tmp/cosa/builds/latest/x86_64/rhcos.x86_64.ociarchive + inputs: + cosa-build: + as: + - cosa-build:latest + to: cosa-oci-archive +- dockerfile_literal: | + # This extracts the OCI archive from the cosa-build image build, injects it + # into the build context, and then uses that OCI archive as this image. + # This makes use of the following: + # - OpenShift Image Builds allows one to pass in a path from another container + # image. It places this under /tmp/build/inputs/. See: + # https://github.com/openshift/builder/blob/37525a77fa07e26c420962dee47193d672ef0b35/pkg/build/builder/common.go#L72 + # - Buildah allows one to use oci-archive as a transport. See: + # https://www.redhat.com/sysadmin/7-transports-features + # - Utilizing the above features in concert with one another and using an + # absolute path to refer to the OCI archive in the build context allows us + # to "import" the OCI archive into the CI ImageStream. + FROM oci-archive:/tmp/build/inputs/magic/cosa/builds/latest/x86_64/rhcos.x86_64.ociarchive + inputs: + cosa-oci-archive: + as: + - cosa-oci-archive + paths: + - destination_dir: magic + source_path: /tmp/cosa + to: machine-os-oci-content +- dockerfile_literal: | + # Create a slimmer Fedora-based image for the layering test binary. This is + # intended to make the startup of the OS layering test faster since we + # won't have to pull the larger build-test-qemu-img. + FROM build-test-qemu-img:latest AS base + FROM registry.ci.openshift.org/coreos/fedora:35 AS final + COPY --from=base /usr/local/bin/layering_test /usr/local/bin/layering_test + inputs: + build-test-qemu-img: + as: + - build-test-qemu-img:latest + fedora: + as: + - registry.ci.openshift.org/coreos/fedora:35 + to: layering-test-img promotion: + disabled: true excluded_images: - '*' name: "4.11" @@ -44,21 +137,7 @@ releases: resources: '*': requests: - cpu: 1000m - memory: 1Gi - build-test-qemu: - limits: - devices.kubevirt.io/kvm: "1" - requests: - cpu: 1000m - devices.kubevirt.io/kvm: "1" - memory: 3Gi - periodic-os-build: - limits: - devices.kubevirt.io/kvm: "1" - requests: - cpu: 1000m - devices.kubevirt.io/kvm: "1" + cpu: 2000m memory: 3Gi tests: - as: validate @@ -66,79 +145,131 @@ tests: container: from: src skip_if_only_changed: ^docs/|\.md$|^(?:.*/)?(?:\.gitignore|OWNERS|PROJECT|LICENSE)$ -- as: build-test-qemu - commands: /src/ci/build-test-qemu.sh +- as: validate-built-image + commands: cat /etc/os-release container: - from: build-test-qemu-img + from: machine-os-oci-content skip_if_only_changed: ^docs/|\.md$|^(?:.*/)?(?:\.gitignore|OWNERS|PROJECT|LICENSE)$ -- as: periodic-os-build +- as: test-qemu-nvme cluster: build02 - cron: '@daily' + skip_if_only_changed: ^docs/|\.md$|^(?:.*/)?(?:\.gitignore|OWNERS|PROJECT|LICENSE)$ steps: test: - - as: oc-login + - as: test cli: latest commands: | #!/bin/bash - set -euo pipefail - # To inject the oc CLI, ci-operator builds a new container from the - # provided container dependency (from:) and pushes it to the namespace - # Imagestream before creating a new pod to run the commands in. Because - # of the size of the coreos-assembler image, this adds quite some time - # to the process. So lets use a much smaller Fedora base image. - oc login https://api.ci.l2s4.p1.openshiftapps.com:6443 --token="$(cat /service-account-token/image-pusher-service-account-token)" - oc registry login --registry=registry.ci.openshift.org --to="$SHARED_DIR/dockercfg.json" - credentials: - - mount_path: /service-account-token - name: rhcos-devel-image-pusher-service-account-token - namespace: test-credentials - from: fedora + set -xeuo + /src/ci/set-openshift-user.sh + cosa kola run --qemu-nvme=true basic + from: cosa-build resources: limits: devices.kubevirt.io/kvm: "1" requests: - cpu: 1000m + cpu: 2000m devices.kubevirt.io/kvm: "1" memory: 3Gi - - as: build-test-and-push-img +- as: test-qemu-firmware-uefi + cluster: build02 + skip_if_only_changed: ^docs/|\.md$|^(?:.*/)?(?:\.gitignore|OWNERS|PROJECT|LICENSE)$ + steps: + test: + - as: test + cli: latest commands: | #!/bin/bash - set -xeuo pipefail - - # We can't use PULL_BASE_REF or OPENSHIFT_BUILD_REFERENCE to get the - # branch since this is a periodic job which originates from - # openshift/release, not the openshift/os repository. We then strip - # release- from the branch name so we're left with the number (e.g., - # release-4.11 -> 4.11). - BRANCH="$(echo "$JOB_SPEC" | jq -r '.extra_refs[0].base_ref | sub("release-"; "")')" - - # Ensure we have a known directory for cosa to build in - export COSA_DIR="/tmp/cosa" - mkdir -p "$COSA_DIR" - - # Run the cosa build / test - /src/ci/build-test-qemu.sh - - export REGISTRY_AUTH_FILE="$SHARED_DIR/dockercfg.json" - # Ensure we're in the designated cosa directory so the push-container commands work - cd "$COSA_DIR" - # Tags with the cosa build ID / arch - cosa push-container registry.ci.openshift.org/rhcos-devel/rhel-coreos - cosa push-container "registry.ci.openshift.org/rhcos-devel/rhel-coreos:${BRANCH}" - - # Only push latest tag on master branch - if [[ "$BRANCH" == "master" ]]; then - cosa push-container registry.ci.openshift.org/rhcos-devel/rhel-coreos:latest - fi - from: build-test-qemu-img + set -xeuo + /src/ci/set-openshift-user.sh + cosa kola run --qemu-firmware=uefi basic + from: cosa-build resources: limits: devices.kubevirt.io/kvm: "1" requests: - cpu: 1000m + cpu: 2000m + devices.kubevirt.io/kvm: "1" + memory: 3Gi +- as: test-qemu-kola-upgrade + cluster: build02 + skip_if_only_changed: ^docs/|\.md$|^(?:.*/)?(?:\.gitignore|OWNERS|PROJECT|LICENSE)$ + steps: + test: + - as: test + cli: latest + commands: | + #!/bin/bash + set -xeuo + /src/ci/set-openshift-user.sh + kola run-upgrade -b rhcos -v --find-parent-image --qemu-image-dir tmp/ --output-dir tmp/kola-upgrade + from: cosa-build + resources: + limits: + devices.kubevirt.io/kvm: "1" + requests: + cpu: 2000m + devices.kubevirt.io/kvm: "1" + memory: 3Gi +- as: test-qemu-kola + cluster: build02 + skip_if_only_changed: ^docs/|\.md$|^(?:.*/)?(?:\.gitignore|OWNERS|PROJECT|LICENSE)$ + steps: + test: + - as: test + cli: latest + commands: | + #!/bin/bash + set -xeuo + /src/ci/set-openshift-user.sh + cosa kola run --parallel 2 + from: cosa-build + resources: + limits: + devices.kubevirt.io/kvm: "1" + requests: + cpu: 2000m + devices.kubevirt.io/kvm: "1" + memory: 3Gi +- as: test-qemu-metal + cluster: build02 + skip_if_only_changed: ^docs/|\.md$|^(?:.*/)?(?:\.gitignore|OWNERS|PROJECT|LICENSE)$ + steps: + test: + - as: test + cli: latest + commands: | + #!/bin/bash + set -xeuo + /src/ci/set-openshift-user.sh + cosa buildextend-metal && cosa buildextend-metal4k && cosa buildextend-live + cosa compress --artifact=metal --artifact=metal4k + kola testiso -S --scenarios pxe-install,pxe-offline-install --output-dir tmp/kola-metal + from: cosa-build + resources: + limits: + devices.kubevirt.io/kvm: "1" + requests: + cpu: 2000m devices.kubevirt.io/kvm: "1" memory: 3Gi - timeout: 3h0m0s +- as: test-in-cluster + skip_if_only_changed: ^docs/|\.md$|^(?:.*/)?(?:\.gitignore|OWNERS|PROJECT|LICENSE)$ + steps: + cluster_profile: gcp + test: + - as: boot-from-derived-image + cli: latest + commands: /usr/local/bin/layering_test -test.v -test.failfast -test.timeout + 45m -build-log="${ARTIFACT_DIR}/derived-image-build.log" + dependencies: + - env: BASE_IMAGE_PULLSPEC + name: pipeline:machine-os-oci-content + from: layering-test-img + resources: + requests: + cpu: 1000m + workflow: ipi-gcp + timeout: 4h30m0s zz_generated_metadata: branch: master org: openshift diff --git a/ci-operator/jobs/openshift/os/openshift-os-master-periodics.yaml b/ci-operator/jobs/openshift/os/openshift-os-master-periodics.yaml deleted file mode 100644 index 28171007bbb6b..0000000000000 --- a/ci-operator/jobs/openshift/os/openshift-os-master-periodics.yaml +++ /dev/null @@ -1,63 +0,0 @@ -periodics: -- agent: kubernetes - cluster: build02 - cron: 4 2 * * * - decorate: true - decoration_config: - skip_cloning: true - extra_refs: - - base_ref: master - org: openshift - repo: os - labels: - ci-operator.openshift.io/cluster: build02 - ci.openshift.io/generator: prowgen - pj-rehearse.openshift.io/can-be-rehearsed: "true" - name: periodic-ci-openshift-os-master-periodic-os-build - reporter_config: - slack: - channel: '#jenkins-coreos' - job_states_to_report: - - failure - report_template: ':warning: Job *{{.Spec.Job}}* ended with *{{.Status.State}}*. - <{{.Status.URL}}|View logs> :warning:' - spec: - containers: - - args: - - --gcs-upload-secret=/secrets/gcs/service-account.json - - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson - - --report-credentials-file=/etc/report/credentials - - --secret-dir=/secrets/ci-pull-credentials - - --target=periodic-os-build - command: - - ci-operator - image: ci-operator:latest - imagePullPolicy: Always - name: "" - resources: - requests: - cpu: 10m - volumeMounts: - - mountPath: /secrets/ci-pull-credentials - name: ci-pull-credentials - readOnly: true - - mountPath: /secrets/gcs - name: gcs-credentials - readOnly: true - - mountPath: /etc/pull-secret - name: pull-secret - readOnly: true - - mountPath: /etc/report - name: result-aggregator - readOnly: true - serviceAccountName: ci-operator - volumes: - - name: ci-pull-credentials - secret: - secretName: ci-pull-credentials - - name: pull-secret - secret: - secretName: registry-pull-credentials - - name: result-aggregator - secret: - secretName: result-aggregator diff --git a/ci-operator/jobs/openshift/os/openshift-os-master-presubmits.yaml b/ci-operator/jobs/openshift/os/openshift-os-master-presubmits.yaml index 87c6b4d8fda75..2150de684e1d9 100644 --- a/ci-operator/jobs/openshift/os/openshift-os-master-presubmits.yaml +++ b/ci-operator/jobs/openshift/os/openshift-os-master-presubmits.yaml @@ -6,16 +6,15 @@ presubmits: - ^master$ - ^master- cluster: build02 - context: ci/prow/build-test-qemu + context: ci/prow/images decorate: true decoration_config: skip_cloning: true labels: ci.openshift.io/generator: prowgen - devices.kubevirt.io/kvm: "1" pj-rehearse.openshift.io/can-be-rehearsed: "true" - name: pull-ci-openshift-os-master-build-test-qemu - rerun_command: /test build-test-qemu + name: pull-ci-openshift-os-master-images + rerun_command: /test images skip_if_only_changed: ^docs/|\.md$|^(?:.*/)?(?:\.gitignore|OWNERS|PROJECT|LICENSE)$ spec: containers: @@ -23,7 +22,7 @@ presubmits: - --gcs-upload-secret=/secrets/gcs/service-account.json - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson - --report-credentials-file=/etc/report/credentials - - --target=build-test-qemu + - --target=[images] command: - ci-operator image: ci-operator:latest @@ -50,31 +49,36 @@ presubmits: - name: result-aggregator secret: secretName: result-aggregator - trigger: (?m)^/test( | .* )build-test-qemu,?($|\s.*) + trigger: (?m)^/test( | .* )images,?($|\s.*) - agent: kubernetes always_run: false branches: - ^master$ - ^master- - cluster: build01 - context: ci/prow/images + cluster: build02 + context: ci/prow/test-in-cluster decorate: true decoration_config: skip_cloning: true + timeout: 4h30m0s labels: + ci-operator.openshift.io/cloud: gcp + ci-operator.openshift.io/cloud-cluster-profile: gcp ci.openshift.io/generator: prowgen pj-rehearse.openshift.io/can-be-rehearsed: "true" - name: pull-ci-openshift-os-master-images - rerun_command: /test images + name: pull-ci-openshift-os-master-test-in-cluster + rerun_command: /test test-in-cluster skip_if_only_changed: ^docs/|\.md$|^(?:.*/)?(?:\.gitignore|OWNERS|PROJECT|LICENSE)$ spec: containers: - args: - --gcs-upload-secret=/secrets/gcs/service-account.json - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials - --report-credentials-file=/etc/report/credentials - - --target=[images] - - --target=[release:latest] + - --secret-dir=/secrets/ci-pull-credentials + - --secret-dir=/usr/local/test-in-cluster-cluster-profile + - --target=test-in-cluster command: - ci-operator image: ci-operator:latest @@ -84,6 +88,14 @@ presubmits: requests: cpu: 10m volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /usr/local/test-in-cluster-cluster-profile + name: cluster-profile - mountPath: /secrets/gcs name: gcs-credentials readOnly: true @@ -95,13 +107,319 @@ presubmits: readOnly: true serviceAccountName: ci-operator volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: cluster-profile + projected: + sources: + - secret: + name: cluster-secrets-gcp + - configMap: + name: cluster-profile-gcp - name: pull-secret secret: secretName: registry-pull-credentials - name: result-aggregator secret: secretName: result-aggregator - trigger: (?m)^/test( | .* )images,?($|\s.*) + trigger: (?m)^/test( | .* )test-in-cluster,?($|\s.*) + - agent: kubernetes + always_run: false + branches: + - ^master$ + - ^master- + cluster: build02 + context: ci/prow/test-qemu-firmware-uefi + decorate: true + decoration_config: + skip_cloning: true + labels: + ci-operator.openshift.io/cluster: build02 + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-os-master-test-qemu-firmware-uefi + rerun_command: /test test-qemu-firmware-uefi + skip_if_only_changed: ^docs/|\.md$|^(?:.*/)?(?:\.gitignore|OWNERS|PROJECT|LICENSE)$ + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=test-qemu-firmware-uefi + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )test-qemu-firmware-uefi,?($|\s.*) + - agent: kubernetes + always_run: false + branches: + - ^master$ + - ^master- + cluster: build02 + context: ci/prow/test-qemu-kola + decorate: true + decoration_config: + skip_cloning: true + labels: + ci-operator.openshift.io/cluster: build02 + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-os-master-test-qemu-kola + rerun_command: /test test-qemu-kola + skip_if_only_changed: ^docs/|\.md$|^(?:.*/)?(?:\.gitignore|OWNERS|PROJECT|LICENSE)$ + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=test-qemu-kola + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )test-qemu-kola,?($|\s.*) + - agent: kubernetes + always_run: false + branches: + - ^master$ + - ^master- + cluster: build02 + context: ci/prow/test-qemu-kola-upgrade + decorate: true + decoration_config: + skip_cloning: true + labels: + ci-operator.openshift.io/cluster: build02 + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-os-master-test-qemu-kola-upgrade + rerun_command: /test test-qemu-kola-upgrade + skip_if_only_changed: ^docs/|\.md$|^(?:.*/)?(?:\.gitignore|OWNERS|PROJECT|LICENSE)$ + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=test-qemu-kola-upgrade + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )test-qemu-kola-upgrade,?($|\s.*) + - agent: kubernetes + always_run: false + branches: + - ^master$ + - ^master- + cluster: build02 + context: ci/prow/test-qemu-metal + decorate: true + decoration_config: + skip_cloning: true + labels: + ci-operator.openshift.io/cluster: build02 + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-os-master-test-qemu-metal + rerun_command: /test test-qemu-metal + skip_if_only_changed: ^docs/|\.md$|^(?:.*/)?(?:\.gitignore|OWNERS|PROJECT|LICENSE)$ + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=test-qemu-metal + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )test-qemu-metal,?($|\s.*) + - agent: kubernetes + always_run: false + branches: + - ^master$ + - ^master- + cluster: build02 + context: ci/prow/test-qemu-nvme + decorate: true + decoration_config: + skip_cloning: true + labels: + ci-operator.openshift.io/cluster: build02 + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-os-master-test-qemu-nvme + rerun_command: /test test-qemu-nvme + skip_if_only_changed: ^docs/|\.md$|^(?:.*/)?(?:\.gitignore|OWNERS|PROJECT|LICENSE)$ + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=test-qemu-nvme + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )test-qemu-nvme,?($|\s.*) - agent: kubernetes always_run: false branches: @@ -152,3 +470,53 @@ presubmits: secret: secretName: result-aggregator trigger: (?m)^/test( | .* )validate,?($|\s.*) + - agent: kubernetes + always_run: false + branches: + - ^master$ + - ^master- + cluster: build02 + context: ci/prow/validate-built-image + decorate: true + decoration_config: + skip_cloning: true + labels: + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-os-master-validate-built-image + rerun_command: /test validate-built-image + skip_if_only_changed: ^docs/|\.md$|^(?:.*/)?(?:\.gitignore|OWNERS|PROJECT|LICENSE)$ + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --target=validate-built-image + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )validate-built-image,?($|\s.*) diff --git a/core-services/image-mirroring/openshift/mapping_origin_4_11 b/core-services/image-mirroring/openshift/mapping_origin_4_11 index 37026d241cd12..b4ad86af179ba 100644 --- a/core-services/image-mirroring/openshift/mapping_origin_4_11 +++ b/core-services/image-mirroring/openshift/mapping_origin_4_11 @@ -42,7 +42,6 @@ registry.ci.openshift.org/origin/4.11:baremetal-machine-controllers quay.io/open registry.ci.openshift.org/origin/4.11:baremetal-operator quay.io/openshift/origin-baremetal-operator:4.11 quay.io/openshift/origin-baremetal-operator:4.11.0 quay.io/openshift/origin-baremetal-operator:latest registry.ci.openshift.org/origin/4.11:baremetal-runtimecfg quay.io/openshift/origin-baremetal-runtimecfg:4.11 quay.io/openshift/origin-baremetal-runtimecfg:4.11.0 quay.io/openshift/origin-baremetal-runtimecfg:latest registry.ci.openshift.org/origin/4.11:base quay.io/openshift/origin-base:4.11 quay.io/openshift/origin-base:4.11.0 quay.io/openshift/origin-base:latest -registry.ci.openshift.org/origin/4.11:build-test-qemu-img quay.io/openshift/origin-build-test-qemu-img:4.11 quay.io/openshift/origin-build-test-qemu-img:4.11.0 quay.io/openshift/origin-build-test-qemu-img:latest registry.ci.openshift.org/origin/4.11:cert-manager-operator quay.io/openshift/origin-cert-manager-operator:4.11 quay.io/openshift/origin-cert-manager-operator:4.11.0 quay.io/openshift/origin-cert-manager-operator:latest registry.ci.openshift.org/origin/4.11:cincinnati-graph-data-container quay.io/openshift/origin-cincinnati-graph-data-container:4.11 quay.io/openshift/origin-cincinnati-graph-data-container:4.11.0 quay.io/openshift/origin-cincinnati-graph-data-container:latest registry.ci.openshift.org/origin/4.11:cli quay.io/openshift/origin-cli:4.11 quay.io/openshift/origin-cli:4.11.0 quay.io/openshift/origin-cli:latest From 83f07d2984e0e9daf450fd667f38fc588df41bdb Mon Sep 17 00:00:00 2001 From: Zack Zlotnik Date: Mon, 2 May 2022 11:59:49 -0400 Subject: [PATCH 2/2] adds periodic rhcos build for master --- .../os/openshift-os-master__periodic.yaml | 278 ++++++++++ .../os/openshift-os-master-periodics.yaml | 519 ++++++++++++++++++ .../os/openshift-os-master-postsubmits.yaml | 57 ++ .../os/openshift-os-master-presubmits.yaml | 58 +- 4 files changed, 909 insertions(+), 3 deletions(-) create mode 100644 ci-operator/config/openshift/os/openshift-os-master__periodic.yaml create mode 100644 ci-operator/jobs/openshift/os/openshift-os-master-periodics.yaml diff --git a/ci-operator/config/openshift/os/openshift-os-master__periodic.yaml b/ci-operator/config/openshift/os/openshift-os-master__periodic.yaml new file mode 100644 index 0000000000000..56399b3feb9f7 --- /dev/null +++ b/ci-operator/config/openshift/os/openshift-os-master__periodic.yaml @@ -0,0 +1,278 @@ +base_images: + coreos_coreos-assembler_latest: + name: coreos-assembler + namespace: coreos + tag: latest + fedora: + name: fedora + namespace: coreos + tag: "35" + ocp_builder_rhel-8-golang-1.17-openshift-4.10: + name: builder + namespace: ocp + tag: rhel-8-golang-1.17-openshift-4.10 +build_root: + image_stream_tag: + name: fcos-buildroot + namespace: coreos + tag: testing-devel +images: +- dockerfile_path: ci/Dockerfile + inputs: + coreos_coreos-assembler_latest: + as: + - registry.svc.ci.openshift.org/coreos/coreos-assembler:latest + ocp_builder_rhel-8-golang-1.17-openshift-4.10: + as: + - registry.ci.openshift.org/ocp/builder:rhel-8-golang-1.17-openshift-4.10 + to: build-test-qemu-img +- dockerfile_literal: | + # This stage actually builds the RHCOS OCI image. However, due to + # limitations within OpenShift CI, we need to do the following: + # 1. Disable KVM by using the COSA_NO_KVM env var. This is due to OpenShift + # CI using the default OpenShift Docker Build strategy, which precludes us + # from mounting /dev/kvm into the build context. + # 2. Due to a limitation in the version of Buildah that OpenShift Builds + # uses (at the time of this writing, it uses a v1.23.z version of Buildah), + # we cannot mount the build context into the container build (e.g., `RUN + # --mount=type=bind,rw=true,src=.,dst=/buildcontext,bind-propagation=shared + # `), which would allow it to mutate the build context. This is due to + # https://github.com/containers/buildah/pull/3548 not being present. + # For now, this necessitates passing this image into the cosa-build image + # build below to extract the OCI archive and inject it into the + # ImageStream. However, once the OpenShift CI system is upgraded to use + # OpenShift 4.11, we can create the RHCOS image in a single shot via this + # stage. + FROM build-test-qemu-img:latest + ENV COSA_DIR=/tmp/cosa + ENV COSA_SKIP_OVERLAY=1 + RUN mkdir -p "${COSA_DIR}" && \ + COSA_NO_KVM=1 /src/ci/prow-build.sh && \ + rm -rf "${COSA_DIR}/cache" + # We need to make sure that root can read / write to the COSA_DIR so that + # when this container is actually run, we have permissions to read and + # write to the COSA_DIR to allow the Kola tests to run. + # Note: In Docker BuildKit, this would double the image size because this + # would create an additional layer. However, since OpenShift Image Builds + # use Buildah, this is eliminated because it squashes these layers + # together. + USER root + RUN chgrp -Rf root "${COSA_DIR}" && \ + chmod -Rf g+w "${COSA_DIR}" + USER builder + WORKDIR /tmp/cosa + inputs: + build-test-qemu-img: + as: + - build-test-qemu-img:latest + to: cosa-build +- dockerfile_literal: | + # We need the OCI archive to be somewhere with a predictable place with a constant + # path. However, the Kola tests expect the OCI archive to have the build + # number included in the filename. With that in mind, this image build will + # extract the RHCOS OCI archive from the cosa-build archive and place it in + # a constant path for extraction by the machine-os-oci-content image build. + FROM cosa-build:latest AS base + RUN /src/ci/simplify-ociarchive-path.sh + + FROM scratch + COPY --from=base /tmp/cosa/builds/latest/x86_64/rhcos.x86_64.ociarchive /tmp/cosa/builds/latest/x86_64/rhcos.x86_64.ociarchive + inputs: + cosa-build: + as: + - cosa-build:latest + to: cosa-oci-archive +- dockerfile_literal: | + # This extracts the OCI archive from the cosa-build image build, injects it + # into the build context, and then uses that OCI archive as this image. + # This makes use of the following: + # - OpenShift Image Builds allows one to pass in a path from another container + # image. It places this under /tmp/build/inputs/. See: + # https://github.com/openshift/builder/blob/37525a77fa07e26c420962dee47193d672ef0b35/pkg/build/builder/common.go#L72 + # - Buildah allows one to use oci-archive as a transport. See: + # https://www.redhat.com/sysadmin/7-transports-features + # - Utilizing the above features in concert with one another and using an + # absolute path to refer to the OCI archive in the build context allows us + # to "import" the OCI archive into the CI ImageStream. + FROM oci-archive:/tmp/build/inputs/magic/cosa/builds/latest/x86_64/rhcos.x86_64.ociarchive + inputs: + cosa-oci-archive: + as: + - cosa-oci-archive + paths: + - destination_dir: magic + source_path: /tmp/cosa + to: machine-os-oci-content +- dockerfile_literal: | + # Create a slimmer Fedora-based image for the layering test binary. This is + # intended to make the startup of the OS layering test faster since we + # won't have to pull the larger build-test-qemu-img. + FROM build-test-qemu-img:latest AS base + FROM registry.ci.openshift.org/coreos/fedora:35 AS final + COPY --from=base /usr/local/bin/layering_test /usr/local/bin/layering_test + inputs: + build-test-qemu-img: + as: + - build-test-qemu-img:latest + fedora: + as: + - registry.ci.openshift.org/coreos/fedora:35 + to: layering-test-img +promotion: + additional_images: + rhel-coreos: machine-os-oci-content + excluded_images: + - '*' + namespace: rhcos-devel + tag: latest +releases: + initial: + integration: + name: "4.11" + namespace: ocp + latest: + integration: + include_built_images: true + name: "4.11" + namespace: ocp +resources: + '*': + requests: + cpu: 2000m + memory: 3Gi +tests: +- as: validate + commands: ./ci/validate.sh + container: + from: src + cron: '@daily' +- as: validate-built-image + commands: cat /etc/os-release + container: + from: machine-os-oci-content + cron: '@daily' +- as: test-qemu-nvme + cluster: build02 + cron: '@daily' + steps: + test: + - as: test + cli: latest + commands: | + #!/bin/bash + set -xeuo + /src/ci/set-openshift-user.sh + cosa kola run --qemu-nvme=true basic + from: cosa-build + resources: + limits: + devices.kubevirt.io/kvm: "1" + requests: + cpu: 2000m + devices.kubevirt.io/kvm: "1" + memory: 3Gi +- as: test-qemu-firmware-uefi + cluster: build02 + cron: '@daily' + steps: + test: + - as: test + cli: latest + commands: | + #!/bin/bash + set -xeuo + /src/ci/set-openshift-user.sh + cosa kola run --qemu-firmware=uefi basic + from: cosa-build + resources: + limits: + devices.kubevirt.io/kvm: "1" + requests: + cpu: 2000m + devices.kubevirt.io/kvm: "1" + memory: 3Gi +- as: test-qemu-kola-upgrade + cluster: build02 + cron: '@daily' + steps: + test: + - as: test + cli: latest + commands: | + #!/bin/bash + set -xeuo + /src/ci/set-openshift-user.sh + kola run-upgrade -b rhcos -v --find-parent-image --qemu-image-dir tmp/ --output-dir tmp/kola-upgrade + from: cosa-build + resources: + limits: + devices.kubevirt.io/kvm: "1" + requests: + cpu: 2000m + devices.kubevirt.io/kvm: "1" + memory: 3Gi +- as: test-qemu-kola + cluster: build02 + cron: '@daily' + steps: + test: + - as: test + cli: latest + commands: | + #!/bin/bash + set -xeuo + /src/ci/set-openshift-user.sh + cosa kola run --parallel 2 + from: cosa-build + resources: + limits: + devices.kubevirt.io/kvm: "1" + requests: + cpu: 2000m + devices.kubevirt.io/kvm: "1" + memory: 3Gi +- as: test-qemu-metal + cluster: build02 + cron: '@daily' + steps: + test: + - as: test + cli: latest + commands: | + #!/bin/bash + set -xeuo + /src/ci/set-openshift-user.sh + cosa buildextend-metal && cosa buildextend-metal4k && cosa buildextend-live + cosa compress --artifact=metal --artifact=metal4k + kola testiso -S --scenarios pxe-install,pxe-offline-install --output-dir tmp/kola-metal + from: cosa-build + resources: + limits: + devices.kubevirt.io/kvm: "1" + requests: + cpu: 2000m + devices.kubevirt.io/kvm: "1" + memory: 3Gi +- as: test-in-cluster + cron: '@daily' + steps: + cluster_profile: gcp + test: + - as: boot-from-derived-image + cli: latest + commands: /usr/local/bin/layering_test -test.v -test.failfast -test.timeout + 45m -build-log="${ARTIFACT_DIR}/derived-image-build.log" + dependencies: + - env: BASE_IMAGE_PULLSPEC + name: pipeline:machine-os-oci-content + from: layering-test-img + resources: + requests: + cpu: 1000m + workflow: ipi-gcp + timeout: 4h30m0s +zz_generated_metadata: + branch: master + org: openshift + repo: os + variant: periodic diff --git a/ci-operator/jobs/openshift/os/openshift-os-master-periodics.yaml b/ci-operator/jobs/openshift/os/openshift-os-master-periodics.yaml new file mode 100644 index 0000000000000..4f4889087dce2 --- /dev/null +++ b/ci-operator/jobs/openshift/os/openshift-os-master-periodics.yaml @@ -0,0 +1,519 @@ +periodics: +- agent: kubernetes + cluster: build01 + cron: 30 22 * * * + decorate: true + decoration_config: + skip_cloning: true + timeout: 4h30m0s + extra_refs: + - base_ref: master + org: openshift + repo: os + labels: + ci-operator.openshift.io/cloud: gcp + ci-operator.openshift.io/cloud-cluster-profile: gcp + ci-operator.openshift.io/variant: periodic + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: periodic-ci-openshift-os-master-periodic-test-in-cluster + reporter_config: + slack: + channel: '#jenkins-coreos' + job_states_to_report: + - failure + report_template: ':warning: Job *{{.Spec.Job}}* ended with *{{.Status.State}}*. + <{{.Status.URL}}|View logs> :warning:' + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --secret-dir=/usr/local/test-in-cluster-cluster-profile + - --target=test-in-cluster + - --variant=periodic + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /usr/local/test-in-cluster-cluster-profile + name: cluster-profile + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: cluster-profile + projected: + sources: + - secret: + name: cluster-secrets-gcp + - configMap: + name: cluster-profile-gcp + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator +- agent: kubernetes + cluster: build02 + cron: 40 2 * * * + decorate: true + decoration_config: + skip_cloning: true + extra_refs: + - base_ref: master + org: openshift + repo: os + labels: + ci-operator.openshift.io/cluster: build02 + ci-operator.openshift.io/variant: periodic + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: periodic-ci-openshift-os-master-periodic-test-qemu-firmware-uefi + reporter_config: + slack: + channel: '#jenkins-coreos' + job_states_to_report: + - failure + report_template: ':warning: Job *{{.Spec.Job}}* ended with *{{.Status.State}}*. + <{{.Status.URL}}|View logs> :warning:' + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=test-qemu-firmware-uefi + - --variant=periodic + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator +- agent: kubernetes + cluster: build02 + cron: 40 2 * * * + decorate: true + decoration_config: + skip_cloning: true + extra_refs: + - base_ref: master + org: openshift + repo: os + labels: + ci-operator.openshift.io/cluster: build02 + ci-operator.openshift.io/variant: periodic + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: periodic-ci-openshift-os-master-periodic-test-qemu-kola + reporter_config: + slack: + channel: '#jenkins-coreos' + job_states_to_report: + - failure + report_template: ':warning: Job *{{.Spec.Job}}* ended with *{{.Status.State}}*. + <{{.Status.URL}}|View logs> :warning:' + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=test-qemu-kola + - --variant=periodic + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator +- agent: kubernetes + cluster: build02 + cron: 43 23 * * * + decorate: true + decoration_config: + skip_cloning: true + extra_refs: + - base_ref: master + org: openshift + repo: os + labels: + ci-operator.openshift.io/cluster: build02 + ci-operator.openshift.io/variant: periodic + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: periodic-ci-openshift-os-master-periodic-test-qemu-kola-upgrade + reporter_config: + slack: + channel: '#jenkins-coreos' + job_states_to_report: + - failure + report_template: ':warning: Job *{{.Spec.Job}}* ended with *{{.Status.State}}*. + <{{.Status.URL}}|View logs> :warning:' + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=test-qemu-kola-upgrade + - --variant=periodic + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator +- agent: kubernetes + cluster: build02 + cron: 8 0 * * * + decorate: true + decoration_config: + skip_cloning: true + extra_refs: + - base_ref: master + org: openshift + repo: os + labels: + ci-operator.openshift.io/cluster: build02 + ci-operator.openshift.io/variant: periodic + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: periodic-ci-openshift-os-master-periodic-test-qemu-metal + reporter_config: + slack: + channel: '#jenkins-coreos' + job_states_to_report: + - failure + report_template: ':warning: Job *{{.Spec.Job}}* ended with *{{.Status.State}}*. + <{{.Status.URL}}|View logs> :warning:' + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=test-qemu-metal + - --variant=periodic + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator +- agent: kubernetes + cluster: build02 + cron: 25 23 * * * + decorate: true + decoration_config: + skip_cloning: true + extra_refs: + - base_ref: master + org: openshift + repo: os + labels: + ci-operator.openshift.io/cluster: build02 + ci-operator.openshift.io/variant: periodic + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: periodic-ci-openshift-os-master-periodic-test-qemu-nvme + reporter_config: + slack: + channel: '#jenkins-coreos' + job_states_to_report: + - failure + report_template: ':warning: Job *{{.Spec.Job}}* ended with *{{.Status.State}}*. + <{{.Status.URL}}|View logs> :warning:' + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=test-qemu-nvme + - --variant=periodic + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator +- agent: kubernetes + cluster: build01 + cron: 19 23 * * * + decorate: true + decoration_config: + skip_cloning: true + extra_refs: + - base_ref: master + org: openshift + repo: os + labels: + ci-operator.openshift.io/variant: periodic + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: periodic-ci-openshift-os-master-periodic-validate + reporter_config: + slack: + channel: '#jenkins-coreos' + job_states_to_report: + - failure + report_template: ':warning: Job *{{.Spec.Job}}* ended with *{{.Status.State}}*. + <{{.Status.URL}}|View logs> :warning:' + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --target=validate + - --variant=periodic + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator +- agent: kubernetes + cluster: build01 + cron: 8 0 * * * + decorate: true + decoration_config: + skip_cloning: true + extra_refs: + - base_ref: master + org: openshift + repo: os + labels: + ci-operator.openshift.io/variant: periodic + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: periodic-ci-openshift-os-master-periodic-validate-built-image + reporter_config: + slack: + channel: '#jenkins-coreos' + job_states_to_report: + - failure + report_template: ':warning: Job *{{.Spec.Job}}* ended with *{{.Status.State}}*. + <{{.Status.URL}}|View logs> :warning:' + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --target=validate-built-image + - --variant=periodic + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator diff --git a/ci-operator/jobs/openshift/os/openshift-os-master-postsubmits.yaml b/ci-operator/jobs/openshift/os/openshift-os-master-postsubmits.yaml index 05e873e91978b..3b37a6199a2fc 100644 --- a/ci-operator/jobs/openshift/os/openshift-os-master-postsubmits.yaml +++ b/ci-operator/jobs/openshift/os/openshift-os-master-postsubmits.yaml @@ -54,3 +54,60 @@ postsubmits: - name: result-aggregator secret: secretName: result-aggregator + - agent: kubernetes + always_run: true + branches: + - ^master$ + cluster: build01 + decorate: true + decoration_config: + skip_cloning: true + labels: + ci-operator.openshift.io/is-promotion: "true" + ci-operator.openshift.io/variant: periodic + ci.openshift.io/generator: prowgen + max_concurrency: 1 + name: branch-ci-openshift-os-master-periodic-images + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --image-mirror-push-secret=/etc/push-secret/.dockerconfigjson + - --promote + - --report-credentials-file=/etc/report/credentials + - --target=[images] + - --target=machine-os-oci-content + - --variant=periodic + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/push-secret + name: push-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: push-secret + secret: + secretName: registry-push-credentials-ci-central + - name: result-aggregator + secret: + secretName: result-aggregator diff --git a/ci-operator/jobs/openshift/os/openshift-os-master-presubmits.yaml b/ci-operator/jobs/openshift/os/openshift-os-master-presubmits.yaml index 2150de684e1d9..a16297b72bee2 100644 --- a/ci-operator/jobs/openshift/os/openshift-os-master-presubmits.yaml +++ b/ci-operator/jobs/openshift/os/openshift-os-master-presubmits.yaml @@ -5,7 +5,7 @@ presubmits: branches: - ^master$ - ^master- - cluster: build02 + cluster: build01 context: ci/prow/images decorate: true decoration_config: @@ -50,12 +50,64 @@ presubmits: secret: secretName: result-aggregator trigger: (?m)^/test( | .* )images,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^master$ + - ^master- + cluster: build01 + context: ci/prow/periodic-images + decorate: true + decoration_config: + skip_cloning: true + labels: + ci-operator.openshift.io/variant: periodic + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-os-master-periodic-images + rerun_command: /test periodic-images + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --target=[images] + - --target=machine-os-oci-content + - --variant=periodic + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )periodic-images,?($|\s.*) - agent: kubernetes always_run: false branches: - ^master$ - ^master- - cluster: build02 + cluster: build01 context: ci/prow/test-in-cluster decorate: true decoration_config: @@ -475,7 +527,7 @@ presubmits: branches: - ^master$ - ^master- - cluster: build02 + cluster: build01 context: ci/prow/validate-built-image decorate: true decoration_config: