From 75a6fa96095b1ce2bfd38cd56bad6aef6515943f Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Mon, 6 Jun 2022 11:38:01 -0400 Subject: [PATCH] openshift/os: Sync 4.11 CI with 4.12, fix image tags for 4.12 Copy all the bits from current master to the 4.11 branch to keep things in sync. However, we also fix the tags for the master job to target 4.12. --- .../openshift/os/openshift-os-master.yaml | 4 +- .../os/openshift-os-release-4.11.yaml | 265 +++++++++++++----- 2 files changed, 200 insertions(+), 69 deletions(-) diff --git a/ci-operator/config/openshift/os/openshift-os-master.yaml b/ci-operator/config/openshift/os/openshift-os-master.yaml index c14682f6a06d8..f16515be6d04f 100644 --- a/ci-operator/config/openshift/os/openshift-os-master.yaml +++ b/ci-operator/config/openshift/os/openshift-os-master.yaml @@ -125,12 +125,12 @@ promotion: releases: initial: integration: - name: "4.11" + name: "4.12" namespace: ocp latest: integration: include_built_images: true - name: "4.11" + name: "4.12" namespace: ocp resources: '*': diff --git a/ci-operator/config/openshift/os/openshift-os-release-4.11.yaml b/ci-operator/config/openshift/os/openshift-os-release-4.11.yaml index d77372dff1dde..9365662409102 100644 --- a/ci-operator/config/openshift/os/openshift-os-release-4.11.yaml +++ b/ci-operator/config/openshift/os/openshift-os-release-4.11.yaml @@ -26,6 +26,96 @@ images: as: - registry.ci.openshift.org/ocp/builder:rhel-8-golang-1.17-openshift-4.10 to: build-test-qemu-img +- dockerfile_literal: | + # This stage actually builds the RHCOS OCI image. However, due to + # limitations within OpenShift CI, we need to do the following: + # 1. Disable KVM by using the COSA_NO_KVM env var. This is due to OpenShift + # CI using the default OpenShift Docker Build strategy, which precludes us + # from mounting /dev/kvm into the build context. + # 2. Due to a limitation in the version of Buildah that OpenShift Builds + # uses (at the time of this writing, it uses a v1.23.z version of Buildah), + # we cannot mount the build context into the container build (e.g., `RUN + # --mount=type=bind,rw=true,src=.,dst=/buildcontext,bind-propagation=shared + # `), which would allow it to mutate the build context. This is due to + # https://github.com/containers/buildah/pull/3548 not being present. + # For now, this necessitates passing this image into the cosa-build image + # build below to extract the OCI archive and inject it into the + # ImageStream. However, once the OpenShift CI system is upgraded to use + # OpenShift 4.11, we can create the RHCOS image in a single shot via this + # stage. + FROM build-test-qemu-img:latest + ENV COSA_DIR=/tmp/cosa + ENV COSA_SKIP_OVERLAY=1 + RUN mkdir -p "${COSA_DIR}" && \ + COSA_NO_KVM=1 /src/ci/prow-build.sh && \ + rm -rf "${COSA_DIR}/cache" + # We need to make sure that root can read / write to the COSA_DIR so that + # when this container is actually run, we have permissions to read and + # write to the COSA_DIR to allow the Kola tests to run. + # Note: In Docker BuildKit, this would double the image size because this + # would create an additional layer. However, since OpenShift Image Builds + # use Buildah, this is eliminated because it squashes these layers + # together. + USER root + RUN chgrp -Rf root "${COSA_DIR}" && \ + chmod -Rf g+w "${COSA_DIR}" + USER builder + WORKDIR /tmp/cosa + inputs: + build-test-qemu-img: + as: + - build-test-qemu-img:latest + to: cosa-build +- dockerfile_literal: | + # We need the OCI archive to be somewhere with a predictable place with a constant + # path. However, the Kola tests expect the OCI archive to have the build + # number included in the filename. With that in mind, this image build will + # extract the RHCOS OCI archive from the cosa-build archive and place it in + # a constant path for extraction by the machine-os-oci-content image build. + FROM cosa-build:latest AS base + RUN /src/ci/simplify-ociarchive-path.sh + + FROM scratch + COPY --from=base /tmp/cosa/builds/latest/x86_64/rhcos.x86_64.ociarchive /tmp/cosa/builds/latest/x86_64/rhcos.x86_64.ociarchive + inputs: + cosa-build: + as: + - cosa-build:latest + to: cosa-oci-archive +- dockerfile_literal: | + # This extracts the OCI archive from the cosa-build image build, injects it + # into the build context, and then uses that OCI archive as this image. + # This makes use of the following: + # - OpenShift Image Builds allows one to pass in a path from another container + # image. It places this under /tmp/build/inputs/. See: + # https://github.com/openshift/builder/blob/37525a77fa07e26c420962dee47193d672ef0b35/pkg/build/builder/common.go#L72 + # - Buildah allows one to use oci-archive as a transport. See: + # https://www.redhat.com/sysadmin/7-transports-features + # - Utilizing the above features in concert with one another and using an + # absolute path to refer to the OCI archive in the build context allows us + # to "import" the OCI archive into the CI ImageStream. + FROM oci-archive:/tmp/build/inputs/magic/cosa/builds/latest/x86_64/rhcos.x86_64.ociarchive + inputs: + cosa-oci-archive: + paths: + - destination_dir: magic + source_path: /tmp/cosa + to: machine-os-oci-content +- dockerfile_literal: | + # Create a slimmer Fedora-based image for the layering test binary. This is + # intended to make the startup of the OS layering test faster since we + # won't have to pull the larger build-test-qemu-img. + FROM build-test-qemu-img:latest AS base + FROM registry.ci.openshift.org/coreos/fedora:35 AS final + COPY --from=base /usr/local/bin/layering_test /usr/local/bin/layering_test + inputs: + build-test-qemu-img: + as: + - build-test-qemu-img:latest + fedora: + as: + - registry.ci.openshift.org/coreos/fedora:35 + to: layering-test-img promotion: disabled: true excluded_images: @@ -47,99 +137,140 @@ resources: requests: cpu: 1000m memory: 1Gi - build-test-qemu: - limits: - devices.kubevirt.io/kvm: "1" - requests: - cpu: 1000m - devices.kubevirt.io/kvm: "1" - memory: 3Gi - periodic-os-build: - limits: - devices.kubevirt.io/kvm: "1" - requests: - cpu: 1000m - devices.kubevirt.io/kvm: "1" - memory: 3Gi tests: - as: validate - commands: ./ci/validate.sh + commands: | + #!/bin/bash + set -xeuo + ./ci/validate.sh container: - from: src + from: coreos_coreos-assembler_latest skip_if_only_changed: ^docs/|\.md$|^(?:.*/)?(?:\.gitignore|OWNERS|PROJECT|LICENSE)$ -- as: build-test-qemu - commands: /src/ci/build-test-qemu.sh +- as: validate-built-image + commands: cat /etc/os-release container: - from: build-test-qemu-img + from: machine-os-oci-content skip_if_only_changed: ^docs/|\.md$|^(?:.*/)?(?:\.gitignore|OWNERS|PROJECT|LICENSE)$ -- as: periodic-os-build +- as: test-qemu-nvme cluster: build02 - cron: '@daily' + skip_if_only_changed: ^docs/|\.md$|^(?:.*/)?(?:\.gitignore|OWNERS|PROJECT|LICENSE)$ steps: test: - - as: oc-login + - as: test cli: latest commands: | #!/bin/bash - set -euo pipefail - # To inject the oc CLI, ci-operator builds a new container from the - # provided container dependency (from:) and pushes it to the namespace - # Imagestream before creating a new pod to run the commands in. Because - # of the size of the coreos-assembler image, this adds quite some time - # to the process. So lets use a much smaller Fedora base image. - oc login https://api.ci.l2s4.p1.openshiftapps.com:6443 --token="$(cat /service-account-token/image-pusher-service-account-token)" - oc registry login --registry=registry.ci.openshift.org --to="$SHARED_DIR/dockercfg.json" - credentials: - - mount_path: /service-account-token - name: rhcos-devel-image-pusher-service-account-token - namespace: test-credentials - from: fedora + set -xeuo + /src/ci/set-openshift-user.sh + cosa kola run --qemu-nvme=true basic + from: cosa-build resources: limits: devices.kubevirt.io/kvm: "1" requests: - cpu: 1000m + cpu: 2000m devices.kubevirt.io/kvm: "1" memory: 3Gi - - as: build-test-and-push-img +- as: test-qemu-firmware-uefi + cluster: build02 + skip_if_only_changed: ^docs/|\.md$|^(?:.*/)?(?:\.gitignore|OWNERS|PROJECT|LICENSE)$ + steps: + test: + - as: test + cli: latest commands: | #!/bin/bash - set -xeuo pipefail - - # We can't use PULL_BASE_REF or OPENSHIFT_BUILD_REFERENCE to get the - # branch since this is a periodic job which originates from - # openshift/release, not the openshift/os repository. We then strip - # release- from the branch name so we're left with the number (e.g., - # release-4.11 -> 4.11). - BRANCH="$(echo "$JOB_SPEC" | jq -r '.extra_refs[0].base_ref | sub("release-"; "")')" - - # Ensure we have a known directory for cosa to build in - export COSA_DIR="/tmp/cosa" - mkdir -p "$COSA_DIR" - - # Run the cosa build / test - /src/ci/build-test-qemu.sh - - export REGISTRY_AUTH_FILE="$SHARED_DIR/dockercfg.json" - # Ensure we're in the designated cosa directory so the push-container commands work - cd "$COSA_DIR" - # Tags with the cosa build ID / arch - cosa push-container registry.ci.openshift.org/rhcos-devel/rhel-coreos - cosa push-container "registry.ci.openshift.org/rhcos-devel/rhel-coreos:${BRANCH}" - - # Only push latest tag on master branch - if [[ "$BRANCH" == "master" ]]; then - cosa push-container registry.ci.openshift.org/rhcos-devel/rhel-coreos:latest - fi - from: build-test-qemu-img + set -xeuo + /src/ci/set-openshift-user.sh + cosa kola run --qemu-firmware=uefi basic + from: cosa-build resources: limits: devices.kubevirt.io/kvm: "1" requests: - cpu: 1000m + cpu: 2000m + devices.kubevirt.io/kvm: "1" + memory: 3Gi +- as: test-qemu-kola-upgrade + cluster: build02 + skip_if_only_changed: ^docs/|\.md$|^(?:.*/)?(?:\.gitignore|OWNERS|PROJECT|LICENSE)$ + steps: + test: + - as: test + cli: latest + commands: | + #!/bin/bash + set -xeuo + /src/ci/set-openshift-user.sh + kola run-upgrade -b rhcos -v --find-parent-image --qemu-image-dir tmp/ --output-dir tmp/kola-upgrade + from: cosa-build + resources: + limits: + devices.kubevirt.io/kvm: "1" + requests: + cpu: 2000m + devices.kubevirt.io/kvm: "1" + memory: 3Gi +- as: test-qemu-kola + cluster: build02 + skip_if_only_changed: ^docs/|\.md$|^(?:.*/)?(?:\.gitignore|OWNERS|PROJECT|LICENSE)$ + steps: + test: + - as: test + cli: latest + commands: | + #!/bin/bash + set -xeuo + /src/ci/set-openshift-user.sh + cosa kola run --parallel 2 + from: cosa-build + resources: + limits: + devices.kubevirt.io/kvm: "1" + requests: + cpu: 2000m + devices.kubevirt.io/kvm: "1" + memory: 3Gi +- as: test-qemu-metal + cluster: build02 + skip_if_only_changed: ^docs/|\.md$|^(?:.*/)?(?:\.gitignore|OWNERS|PROJECT|LICENSE)$ + steps: + test: + - as: test + cli: latest + commands: | + #!/bin/bash + set -xeuo + /src/ci/set-openshift-user.sh + cosa buildextend-metal && cosa buildextend-metal4k && cosa buildextend-live + cosa compress --artifact=metal --artifact=metal4k + kola testiso -S --scenarios pxe-install,pxe-offline-install --output-dir tmp/kola-metal + from: cosa-build + resources: + limits: + devices.kubevirt.io/kvm: "1" + requests: + cpu: 2000m devices.kubevirt.io/kvm: "1" memory: 3Gi - timeout: 3h0m0s +- as: test-in-cluster + skip_if_only_changed: ^docs/|\.md$|^(?:.*/)?(?:\.gitignore|OWNERS|PROJECT|LICENSE)$ + steps: + cluster_profile: gcp + test: + - as: boot-from-derived-image + cli: latest + commands: /usr/local/bin/layering_test -test.v -test.failfast -test.timeout + 45m -build-log="${ARTIFACT_DIR}/derived-image-build.log" + dependencies: + - env: BASE_IMAGE_PULLSPEC + name: pipeline:machine-os-oci-content + from: layering-test-img + resources: + requests: + cpu: 1000m + workflow: ipi-gcp + timeout: 4h30m0s zz_generated_metadata: branch: release-4.11 org: openshift