From 59c874d89a69ce9ab1533047ac983b2081d81fbb Mon Sep 17 00:00:00 2001 From: Praveen Kumar Date: Thu, 6 Feb 2025 17:35:43 +0530 Subject: [PATCH] Add support for creating arm machine on GCP --- .../crc-org/snc/crc-org-snc-master.yaml | 5 ++ .../snc/crc-org-snc-master-presubmits.yaml | 75 +++++++++++++++++ .../code-ready/snc/microshift-arm/OWNERS | 8 ++ ...-snc-microshift-arm-workflow.metadata.json | 15 ++++ ...ode-ready-snc-microshift-arm-workflow.yaml | 13 +++ .../code-ready/snc/microshift-arm/test/OWNERS | 8 ++ ...-ready-snc-microshift-arm-test-commands.sh | 80 +++++++++++++++++++ ...-snc-microshift-arm-test-ref.metadata.json | 15 ++++ ...ode-ready-snc-microshift-arm-test-ref.yaml | 23 ++++++ ci-operator/step-registry/upi/gcp/arm/OWNERS | 8 ++ .../step-registry/upi/gcp/arm/post/OWNERS | 1 + .../post/upi-gcp-arm-post-chain.metadata.json | 15 ++++ .../gcp/arm/post/upi-gcp-arm-post-chain.yaml | 6 ++ .../gcp/arm/post/upi-gcp-arm-post-commands.sh | 34 ++++++++ .../post/upi-gcp-arm-post-ref.metadata.json | 15 ++++ .../gcp/arm/post/upi-gcp-arm-post-ref.yaml | 22 +++++ .../step-registry/upi/gcp/arm/pre/OWNERS | 1 + .../pre/upi-gcp-arm-pre-chain.metadata.json | 15 ++++ .../gcp/arm/pre/upi-gcp-arm-pre-chain.yaml | 7 ++ .../gcp/arm/pre/upi-gcp-arm-pre-commands.sh | 48 +++++++++++ .../arm/pre/upi-gcp-arm-pre-ref.metadata.json | 15 ++++ .../upi/gcp/arm/pre/upi-gcp-arm-pre-ref.yaml | 22 +++++ .../arm/upi-gcp-arm-workflow.metadata.json | 15 ++++ .../upi/gcp/arm/upi-gcp-arm-workflow.yaml | 15 ++++ 24 files changed, 481 insertions(+) create mode 100644 ci-operator/step-registry/code-ready/snc/microshift-arm/OWNERS create mode 100644 ci-operator/step-registry/code-ready/snc/microshift-arm/code-ready-snc-microshift-arm-workflow.metadata.json create mode 100644 ci-operator/step-registry/code-ready/snc/microshift-arm/code-ready-snc-microshift-arm-workflow.yaml create mode 100644 ci-operator/step-registry/code-ready/snc/microshift-arm/test/OWNERS create mode 100644 ci-operator/step-registry/code-ready/snc/microshift-arm/test/code-ready-snc-microshift-arm-test-commands.sh create mode 100644 ci-operator/step-registry/code-ready/snc/microshift-arm/test/code-ready-snc-microshift-arm-test-ref.metadata.json create mode 100644 ci-operator/step-registry/code-ready/snc/microshift-arm/test/code-ready-snc-microshift-arm-test-ref.yaml create mode 100644 ci-operator/step-registry/upi/gcp/arm/OWNERS create mode 120000 ci-operator/step-registry/upi/gcp/arm/post/OWNERS create mode 100644 ci-operator/step-registry/upi/gcp/arm/post/upi-gcp-arm-post-chain.metadata.json create mode 100644 ci-operator/step-registry/upi/gcp/arm/post/upi-gcp-arm-post-chain.yaml create mode 100644 ci-operator/step-registry/upi/gcp/arm/post/upi-gcp-arm-post-commands.sh create mode 100644 ci-operator/step-registry/upi/gcp/arm/post/upi-gcp-arm-post-ref.metadata.json create mode 100644 ci-operator/step-registry/upi/gcp/arm/post/upi-gcp-arm-post-ref.yaml create mode 120000 ci-operator/step-registry/upi/gcp/arm/pre/OWNERS create mode 100644 ci-operator/step-registry/upi/gcp/arm/pre/upi-gcp-arm-pre-chain.metadata.json create mode 100644 ci-operator/step-registry/upi/gcp/arm/pre/upi-gcp-arm-pre-chain.yaml create mode 100644 ci-operator/step-registry/upi/gcp/arm/pre/upi-gcp-arm-pre-commands.sh create mode 100644 ci-operator/step-registry/upi/gcp/arm/pre/upi-gcp-arm-pre-ref.metadata.json create mode 100644 ci-operator/step-registry/upi/gcp/arm/pre/upi-gcp-arm-pre-ref.yaml create mode 100644 ci-operator/step-registry/upi/gcp/arm/upi-gcp-arm-workflow.metadata.json create mode 100644 ci-operator/step-registry/upi/gcp/arm/upi-gcp-arm-workflow.yaml diff --git a/ci-operator/config/crc-org/snc/crc-org-snc-master.yaml b/ci-operator/config/crc-org/snc/crc-org-snc-master.yaml index 785cbb67422c..b2fda60f44d2 100644 --- a/ci-operator/config/crc-org/snc/crc-org-snc-master.yaml +++ b/ci-operator/config/crc-org/snc/crc-org-snc-master.yaml @@ -41,6 +41,11 @@ tests: steps: cluster_profile: gcp workflow: code-ready-snc-microshift +- as: e2e-microshift-arm + cluster: build01 + steps: + cluster_profile: gcp + workflow: code-ready-snc-microshift-arm zz_generated_metadata: branch: master org: crc-org diff --git a/ci-operator/jobs/crc-org/snc/crc-org-snc-master-presubmits.yaml b/ci-operator/jobs/crc-org/snc/crc-org-snc-master-presubmits.yaml index 3a943004acc6..440ae0c30805 100644 --- a/ci-operator/jobs/crc-org/snc/crc-org-snc-master-presubmits.yaml +++ b/ci-operator/jobs/crc-org/snc/crc-org-snc-master-presubmits.yaml @@ -75,6 +75,81 @@ presubmits: secret: secretName: result-aggregator trigger: (?m)^/test( | .* )e2e-microshift,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^master$ + - ^master- + cluster: build01 + context: ci/prow/e2e-microshift-arm + decorate: true + decoration_config: + skip_cloning: true + labels: + ci-operator.openshift.io/cloud: gcp + ci-operator.openshift.io/cloud-cluster-profile: gcp + ci-operator.openshift.io/cluster: build01 + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-crc-org-snc-master-e2e-microshift-arm + rerun_command: /test e2e-microshift-arm + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=e2e-microshift-arm + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )e2e-microshift-arm,?($|\s.*) - agent: kubernetes always_run: true branches: diff --git a/ci-operator/step-registry/code-ready/snc/microshift-arm/OWNERS b/ci-operator/step-registry/code-ready/snc/microshift-arm/OWNERS new file mode 100644 index 000000000000..5a24eb4264ae --- /dev/null +++ b/ci-operator/step-registry/code-ready/snc/microshift-arm/OWNERS @@ -0,0 +1,8 @@ +approvers: + - praveenkumar + - cfergeau + - gbraad +reviewers: + - praveenkumar + - cfergeau + - gbraad diff --git a/ci-operator/step-registry/code-ready/snc/microshift-arm/code-ready-snc-microshift-arm-workflow.metadata.json b/ci-operator/step-registry/code-ready/snc/microshift-arm/code-ready-snc-microshift-arm-workflow.metadata.json new file mode 100644 index 000000000000..b500971deeb7 --- /dev/null +++ b/ci-operator/step-registry/code-ready/snc/microshift-arm/code-ready-snc-microshift-arm-workflow.metadata.json @@ -0,0 +1,15 @@ +{ + "path": "code-ready/snc/microshift-arm/code-ready-snc-microshift-arm-workflow.yaml", + "owners": { + "approvers": [ + "praveenkumar", + "cfergeau", + "gbraad" + ], + "reviewers": [ + "praveenkumar", + "cfergeau", + "gbraad" + ] + } +} \ No newline at end of file diff --git a/ci-operator/step-registry/code-ready/snc/microshift-arm/code-ready-snc-microshift-arm-workflow.yaml b/ci-operator/step-registry/code-ready/snc/microshift-arm/code-ready-snc-microshift-arm-workflow.yaml new file mode 100644 index 000000000000..7e3aaeec8ec8 --- /dev/null +++ b/ci-operator/step-registry/code-ready/snc/microshift-arm/code-ready-snc-microshift-arm-workflow.yaml @@ -0,0 +1,13 @@ +workflow: + as: code-ready-snc-microshift-arm + steps: + pre: + - chain: upi-gcp-arm-pre + - ref: code-ready-snc-subscription + test: + - ref: code-ready-snc-microshift-arm-test + post: + - ref: gather-snc + - chain: upi-gcp-arm-post + documentation: |- + The snc E2E workflow executes the common end-to-end test suite for snc with a GCP arm cluster configuration. diff --git a/ci-operator/step-registry/code-ready/snc/microshift-arm/test/OWNERS b/ci-operator/step-registry/code-ready/snc/microshift-arm/test/OWNERS new file mode 100644 index 000000000000..5a24eb4264ae --- /dev/null +++ b/ci-operator/step-registry/code-ready/snc/microshift-arm/test/OWNERS @@ -0,0 +1,8 @@ +approvers: + - praveenkumar + - cfergeau + - gbraad +reviewers: + - praveenkumar + - cfergeau + - gbraad diff --git a/ci-operator/step-registry/code-ready/snc/microshift-arm/test/code-ready-snc-microshift-arm-test-commands.sh b/ci-operator/step-registry/code-ready/snc/microshift-arm/test/code-ready-snc-microshift-arm-test-commands.sh new file mode 100644 index 000000000000..c6f5ff865fe1 --- /dev/null +++ b/ci-operator/step-registry/code-ready/snc/microshift-arm/test/code-ready-snc-microshift-arm-test-commands.sh @@ -0,0 +1,80 @@ +#!/bin/bash +set -euo pipefail + +trap 'CHILDREN=$(jobs -p); if test -n "${CHILDREN}"; then kill ${CHILDREN} && wait; fi' TERM + +GOOGLE_PROJECT_ID="$(< ${CLUSTER_PROFILE_DIR}/openshift_gcp_project)" +GOOGLE_COMPUTE_REGION="${LEASED_RESOURCE}" +GOOGLE_COMPUTE_ZONE="$(< ${SHARED_DIR}/openshift_gcp_compute_zone)" +if [[ -z "${GOOGLE_COMPUTE_ZONE}" ]]; then + echo "Expected \${SHARED_DIR}/openshift_gcp_compute_zone to contain the GCP zone" + exit 1 +fi + +INSTANCE_PREFIX="${NAMESPACE}"-"${JOB_NAME_HASH}" + +mkdir -p "${HOME}"/.ssh +mock-nss.sh + +# gcloud compute will use this key rather than create a new one +cp "${CLUSTER_PROFILE_DIR}"/ssh-privatekey "${HOME}"/.ssh/google_compute_engine +chmod 0600 "${HOME}"/.ssh/google_compute_engine +cp "${CLUSTER_PROFILE_DIR}"/ssh-publickey "${HOME}"/.ssh/google_compute_engine.pub +echo 'ServerAliveInterval 30' | tee -a "${HOME}"/.ssh/config +echo 'ServerAliveCountMax 1200' | tee -a "${HOME}"/.ssh/config +chmod 0600 "${HOME}"/.ssh/config + +# Copy pull secret to user home +cp "${CLUSTER_PROFILE_DIR}"/pull-secret "${HOME}"/pull-secret + +gcloud auth activate-service-account --quiet --key-file "${CLUSTER_PROFILE_DIR}"/gce.json +gcloud --quiet config set project "${GOOGLE_PROJECT_ID}" +gcloud --quiet config set compute/zone "${GOOGLE_COMPUTE_ZONE}" +gcloud --quiet config set compute/region "${GOOGLE_COMPUTE_REGION}" + +cat > "${HOME}"/run-tests.sh << 'EOF' +#!/bin/bash + +set -euo pipefail +export PATH=/home/packer:$PATH + +function run-tests() { + pushd snc + set -e + export OPENSHIFT_PULL_SECRET_PATH="${HOME}"/pull-secret + ./ci_microshift.sh + popd +} + +run-tests +EOF + +chmod +x "${HOME}"/run-tests.sh + +LD_PRELOAD=/usr/lib64/libnss_wrapper.so gcloud compute scp \ + --quiet \ + --project "${GOOGLE_PROJECT_ID}" \ + --zone "${GOOGLE_COMPUTE_ZONE}" \ + --recurse "${HOME}"/run-tests.sh packer@"${INSTANCE_PREFIX}":~/run-tests.sh + +LD_PRELOAD=/usr/lib64/libnss_wrapper.so gcloud compute scp \ + --quiet \ + --project "${GOOGLE_PROJECT_ID}" \ + --zone "${GOOGLE_COMPUTE_ZONE}" \ + --recurse "${HOME}"/pull-secret packer@"${INSTANCE_PREFIX}":~/pull-secret + +LD_PRELOAD=/usr/lib64/libnss_wrapper.so gcloud compute scp \ + --quiet \ + --project "${GOOGLE_PROJECT_ID}" \ + --zone "${GOOGLE_COMPUTE_ZONE}" \ + --recurse /opt/snc packer@"${INSTANCE_PREFIX}":~/snc + +LD_PRELOAD=/usr/lib64/libnss_wrapper.so gcloud compute --project "${GOOGLE_PROJECT_ID}" ssh \ + --zone "${GOOGLE_COMPUTE_ZONE}" \ + packer@"${INSTANCE_PREFIX}" \ + --command 'sudo yum install -y unzip' + +LD_PRELOAD=/usr/lib64/libnss_wrapper.so gcloud compute --project "${GOOGLE_PROJECT_ID}" ssh \ + --zone "${GOOGLE_COMPUTE_ZONE}" \ + packer@"${INSTANCE_PREFIX}" \ + --command "export PULL_NUMBER=${PULL_NUMBER} && timeout 360m bash -ce \"/home/packer/run-tests.sh\"" diff --git a/ci-operator/step-registry/code-ready/snc/microshift-arm/test/code-ready-snc-microshift-arm-test-ref.metadata.json b/ci-operator/step-registry/code-ready/snc/microshift-arm/test/code-ready-snc-microshift-arm-test-ref.metadata.json new file mode 100644 index 000000000000..510f771f28ff --- /dev/null +++ b/ci-operator/step-registry/code-ready/snc/microshift-arm/test/code-ready-snc-microshift-arm-test-ref.metadata.json @@ -0,0 +1,15 @@ +{ + "path": "code-ready/snc/microshift-arm/test/code-ready-snc-microshift-arm-test-ref.yaml", + "owners": { + "approvers": [ + "praveenkumar", + "cfergeau", + "gbraad" + ], + "reviewers": [ + "praveenkumar", + "cfergeau", + "gbraad" + ] + } +} \ No newline at end of file diff --git a/ci-operator/step-registry/code-ready/snc/microshift-arm/test/code-ready-snc-microshift-arm-test-ref.yaml b/ci-operator/step-registry/code-ready/snc/microshift-arm/test/code-ready-snc-microshift-arm-test-ref.yaml new file mode 100644 index 000000000000..c1eedf256fdc --- /dev/null +++ b/ci-operator/step-registry/code-ready/snc/microshift-arm/test/code-ready-snc-microshift-arm-test-ref.yaml @@ -0,0 +1,23 @@ +ref: + as: code-ready-snc-microshift-arm-test + from: snc + grace_period: 10m + commands: code-ready-snc-microshift-arm-test-commands.sh + resources: + requests: + cpu: 10m + memory: 100Mi + timeout: 4h0m0s + env: + - name: HOME + default: /tmp/secret + - name: NSS_WRAPPER_PASSWD + default: /tmp/secret/passwd + - name: NSS_WRAPPER_GROUP + default: /tmp/secret/group + - name: NSS_USERNAME + default: packer + - name: NSS_GROUPNAME + default: packer + documentation: >- + This step provision the snc deployments created by upi-install-gcp-arm. diff --git a/ci-operator/step-registry/upi/gcp/arm/OWNERS b/ci-operator/step-registry/upi/gcp/arm/OWNERS new file mode 100644 index 000000000000..5a24eb4264ae --- /dev/null +++ b/ci-operator/step-registry/upi/gcp/arm/OWNERS @@ -0,0 +1,8 @@ +approvers: + - praveenkumar + - cfergeau + - gbraad +reviewers: + - praveenkumar + - cfergeau + - gbraad diff --git a/ci-operator/step-registry/upi/gcp/arm/post/OWNERS b/ci-operator/step-registry/upi/gcp/arm/post/OWNERS new file mode 120000 index 000000000000..ec405d65a79d --- /dev/null +++ b/ci-operator/step-registry/upi/gcp/arm/post/OWNERS @@ -0,0 +1 @@ +../OWNERS \ No newline at end of file diff --git a/ci-operator/step-registry/upi/gcp/arm/post/upi-gcp-arm-post-chain.metadata.json b/ci-operator/step-registry/upi/gcp/arm/post/upi-gcp-arm-post-chain.metadata.json new file mode 100644 index 000000000000..3bd557971c8e --- /dev/null +++ b/ci-operator/step-registry/upi/gcp/arm/post/upi-gcp-arm-post-chain.metadata.json @@ -0,0 +1,15 @@ +{ + "path": "upi/gcp/arm/post/upi-gcp-arm-post-chain.yaml", + "owners": { + "approvers": [ + "praveenkumar", + "cfergeau", + "gbraad" + ], + "reviewers": [ + "praveenkumar", + "cfergeau", + "gbraad" + ] + } +} \ No newline at end of file diff --git a/ci-operator/step-registry/upi/gcp/arm/post/upi-gcp-arm-post-chain.yaml b/ci-operator/step-registry/upi/gcp/arm/post/upi-gcp-arm-post-chain.yaml new file mode 100644 index 000000000000..c80de001daa7 --- /dev/null +++ b/ci-operator/step-registry/upi/gcp/arm/post/upi-gcp-arm-post-chain.yaml @@ -0,0 +1,6 @@ +chain: + as: upi-gcp-arm-post + steps: + - ref: upi-gcp-arm-post + documentation: >- + This chain deprovisions all the components created by the upi-gcp-pre chain. diff --git a/ci-operator/step-registry/upi/gcp/arm/post/upi-gcp-arm-post-commands.sh b/ci-operator/step-registry/upi/gcp/arm/post/upi-gcp-arm-post-commands.sh new file mode 100644 index 000000000000..64442aa2ae73 --- /dev/null +++ b/ci-operator/step-registry/upi/gcp/arm/post/upi-gcp-arm-post-commands.sh @@ -0,0 +1,34 @@ +#!/bin/bash + +set -eo pipefail + +INSTANCE_PREFIX="${NAMESPACE}-${UNIQUE_HASH}" +GOOGLE_PROJECT_ID="$(< ${CLUSTER_PROFILE_DIR}/openshift_gcp_project)" +GOOGLE_COMPUTE_REGION="${LEASED_RESOURCE}" +GOOGLE_COMPUTE_ZONE="$(< ${SHARED_DIR}/openshift_gcp_compute_zone)" +if [[ -z "${GOOGLE_COMPUTE_ZONE}" ]]; then + echo "Expected \${SHARED_DIR}/openshift_gcp_compute_zone to contain the GCP zone" + exit 1 +fi + +function teardown() { + # This is for running the gcloud commands + mock-nss.sh + gcloud auth activate-service-account \ + --quiet --key-file "${CLUSTER_PROFILE_DIR}/gce.json" + gcloud --quiet config set project "${GOOGLE_PROJECT_ID}" + gcloud --quiet config set compute/zone "${GOOGLE_COMPUTE_ZONE}" + gcloud --quiet config set compute/region "${GOOGLE_COMPUTE_REGION}" + + set -x + set +e + + echo "Deprovisioning cluster ..." + gcloud compute instances delete "${INSTANCE_PREFIX}" --quiet + gcloud compute firewall-rules delete "${INSTANCE_PREFIX}" --quiet + gcloud compute networks subnets delete "${INSTANCE_PREFIX}" --quiet + gcloud compute networks delete "${INSTANCE_PREFIX}" --quiet +} + +trap 'teardown' EXIT +trap 'CHILDREN=$(jobs -p); if test -n "${CHILDREN}"; then kill ${CHILDREN} && wait; fi' TERM diff --git a/ci-operator/step-registry/upi/gcp/arm/post/upi-gcp-arm-post-ref.metadata.json b/ci-operator/step-registry/upi/gcp/arm/post/upi-gcp-arm-post-ref.metadata.json new file mode 100644 index 000000000000..d51b16621131 --- /dev/null +++ b/ci-operator/step-registry/upi/gcp/arm/post/upi-gcp-arm-post-ref.metadata.json @@ -0,0 +1,15 @@ +{ + "path": "upi/gcp/arm/post/upi-gcp-arm-post-ref.yaml", + "owners": { + "approvers": [ + "praveenkumar", + "cfergeau", + "gbraad" + ], + "reviewers": [ + "praveenkumar", + "cfergeau", + "gbraad" + ] + } +} \ No newline at end of file diff --git a/ci-operator/step-registry/upi/gcp/arm/post/upi-gcp-arm-post-ref.yaml b/ci-operator/step-registry/upi/gcp/arm/post/upi-gcp-arm-post-ref.yaml new file mode 100644 index 000000000000..cabf96ea2b66 --- /dev/null +++ b/ci-operator/step-registry/upi/gcp/arm/post/upi-gcp-arm-post-ref.yaml @@ -0,0 +1,22 @@ +ref: + as: upi-gcp-arm-post + from: libvirt-installer + grace_period: 10m + commands: upi-gcp-arm-post-commands.sh + resources: + requests: + cpu: 10m + memory: 100Mi + env: + - name: HOME + default: /tmp/secret + - name: NSS_WRAPPER_PASSWD + default: /tmp/secret/passwd + - name: NSS_WRAPPER_GROUP + default: /tmp/secret/group + - name: NSS_USERNAME + default: packer + - name: NSS_GROUPNAME + default: packer + documentation: >- + This step deprovisions the gcloud deployments created by upi-install-gcp-arm. diff --git a/ci-operator/step-registry/upi/gcp/arm/pre/OWNERS b/ci-operator/step-registry/upi/gcp/arm/pre/OWNERS new file mode 120000 index 000000000000..ec405d65a79d --- /dev/null +++ b/ci-operator/step-registry/upi/gcp/arm/pre/OWNERS @@ -0,0 +1 @@ +../OWNERS \ No newline at end of file diff --git a/ci-operator/step-registry/upi/gcp/arm/pre/upi-gcp-arm-pre-chain.metadata.json b/ci-operator/step-registry/upi/gcp/arm/pre/upi-gcp-arm-pre-chain.metadata.json new file mode 100644 index 000000000000..6d65c64206f3 --- /dev/null +++ b/ci-operator/step-registry/upi/gcp/arm/pre/upi-gcp-arm-pre-chain.metadata.json @@ -0,0 +1,15 @@ +{ + "path": "upi/gcp/arm/pre/upi-gcp-arm-pre-chain.yaml", + "owners": { + "approvers": [ + "praveenkumar", + "cfergeau", + "gbraad" + ], + "reviewers": [ + "praveenkumar", + "cfergeau", + "gbraad" + ] + } +} \ No newline at end of file diff --git a/ci-operator/step-registry/upi/gcp/arm/pre/upi-gcp-arm-pre-chain.yaml b/ci-operator/step-registry/upi/gcp/arm/pre/upi-gcp-arm-pre-chain.yaml new file mode 100644 index 000000000000..0ae23723c217 --- /dev/null +++ b/ci-operator/step-registry/upi/gcp/arm/pre/upi-gcp-arm-pre-chain.yaml @@ -0,0 +1,7 @@ +chain: + as: upi-gcp-arm-pre + steps: + - ref: ipi-install-rbac + - ref: upi-gcp-arm-pre + documentation: >- + This chain provision a arm virt enabled VM in GCP. diff --git a/ci-operator/step-registry/upi/gcp/arm/pre/upi-gcp-arm-pre-commands.sh b/ci-operator/step-registry/upi/gcp/arm/pre/upi-gcp-arm-pre-commands.sh new file mode 100644 index 000000000000..7b34c78edf48 --- /dev/null +++ b/ci-operator/step-registry/upi/gcp/arm/pre/upi-gcp-arm-pre-commands.sh @@ -0,0 +1,48 @@ +#!/bin/bash +set -euo pipefail + +trap 'CHILDREN=$(jobs -p); if test -n "${CHILDREN}"; then kill ${CHILDREN} && wait; fi' TERM + +GOOGLE_PROJECT_ID="$(< ${CLUSTER_PROFILE_DIR}/openshift_gcp_project)" +GOOGLE_COMPUTE_REGION="${LEASED_RESOURCE}" +INSTANCE_PREFIX="${NAMESPACE}-${UNIQUE_HASH}" + +echo "$(date -u --rfc-3339=seconds) - Configuring VM on GCP..." +mkdir -p "${HOME}"/.ssh +mock-nss.sh + +# gcloud compute will use this key rather than create a new one +cp "${CLUSTER_PROFILE_DIR}/ssh-privatekey" "${HOME}/.ssh/google_compute_engine" +chmod 0600 "${HOME}/.ssh/google_compute_engine" +cp "${CLUSTER_PROFILE_DIR}/ssh-publickey" "${HOME}/.ssh/google_compute_engine.pub" + +gcloud auth activate-service-account --quiet --key-file "${CLUSTER_PROFILE_DIR}/gce.json" +gcloud --quiet config set project "${GOOGLE_PROJECT_ID}" +gcloud --quiet config set compute/region "${GOOGLE_COMPUTE_REGION}" + +GOOGLE_COMPUTE_ZONE="$(gcloud compute zones list --filter="region=$GOOGLE_COMPUTE_REGION" --format='csv[no-heading](name)' | head -n 1)" +echo "$GOOGLE_COMPUTE_ZONE" > "$SHARED_DIR/openshift_gcp_compute_zone" +gcloud --quiet config set compute/zone "${GOOGLE_COMPUTE_ZONE}" + +set -x + +# Create the network and firewall rules to attach it to VM +gcloud compute networks create "${INSTANCE_PREFIX}" \ + --subnet-mode=custom \ + --bgp-routing-mode=regional +gcloud compute networks subnets create "${INSTANCE_PREFIX}" \ + --network "${INSTANCE_PREFIX}" \ + --range=10.0.0.0/9 +gcloud compute firewall-rules create "${INSTANCE_PREFIX}" \ + --network "${INSTANCE_PREFIX}" \ + --allow tcp:22,icmp + +# image-family openshift4-libvirt-rhel9 must exist in ${GOOGLE_PROJECT_ID} for this template +# for more info see here: https://github.com/ironcladlou/openshift4-libvirt-gcp/blob/rhel8/IMAGES.md +gcloud compute instances create "${INSTANCE_PREFIX}" \ + --image-family openshift4-libvirt-rhel9-arm64 \ + --zone "${GOOGLE_COMPUTE_ZONE}" \ + --machine-type c4a-standard-8 \ + --boot-disk-size 256GB \ + --subnet "${INSTANCE_PREFIX}" \ + --network "${INSTANCE_PREFIX}" diff --git a/ci-operator/step-registry/upi/gcp/arm/pre/upi-gcp-arm-pre-ref.metadata.json b/ci-operator/step-registry/upi/gcp/arm/pre/upi-gcp-arm-pre-ref.metadata.json new file mode 100644 index 000000000000..22d9d747286f --- /dev/null +++ b/ci-operator/step-registry/upi/gcp/arm/pre/upi-gcp-arm-pre-ref.metadata.json @@ -0,0 +1,15 @@ +{ + "path": "upi/gcp/arm/pre/upi-gcp-arm-pre-ref.yaml", + "owners": { + "approvers": [ + "praveenkumar", + "cfergeau", + "gbraad" + ], + "reviewers": [ + "praveenkumar", + "cfergeau", + "gbraad" + ] + } +} \ No newline at end of file diff --git a/ci-operator/step-registry/upi/gcp/arm/pre/upi-gcp-arm-pre-ref.yaml b/ci-operator/step-registry/upi/gcp/arm/pre/upi-gcp-arm-pre-ref.yaml new file mode 100644 index 000000000000..688b79a803ec --- /dev/null +++ b/ci-operator/step-registry/upi/gcp/arm/pre/upi-gcp-arm-pre-ref.yaml @@ -0,0 +1,22 @@ +ref: + as: upi-gcp-arm-pre + from: libvirt-installer + grace_period: 10m + commands: upi-gcp-arm-pre-commands.sh + resources: + requests: + cpu: 10m + memory: 100Mi + env: + - name: HOME + default: /tmp/secret + - name: NSS_WRAPPER_PASSWD + default: /tmp/secret/passwd + - name: NSS_WRAPPER_GROUP + default: /tmp/secret/group + - name: NSS_USERNAME + default: packer + - name: NSS_GROUPNAME + default: packer + documentation: >- + This step provision the gcloud deployments created by upi-install-gcp-arm. diff --git a/ci-operator/step-registry/upi/gcp/arm/upi-gcp-arm-workflow.metadata.json b/ci-operator/step-registry/upi/gcp/arm/upi-gcp-arm-workflow.metadata.json new file mode 100644 index 000000000000..717381d75bfe --- /dev/null +++ b/ci-operator/step-registry/upi/gcp/arm/upi-gcp-arm-workflow.metadata.json @@ -0,0 +1,15 @@ +{ + "path": "upi/gcp/arm/upi-gcp-arm-workflow.yaml", + "owners": { + "approvers": [ + "praveenkumar", + "cfergeau", + "gbraad" + ], + "reviewers": [ + "praveenkumar", + "cfergeau", + "gbraad" + ] + } +} \ No newline at end of file diff --git a/ci-operator/step-registry/upi/gcp/arm/upi-gcp-arm-workflow.yaml b/ci-operator/step-registry/upi/gcp/arm/upi-gcp-arm-workflow.yaml new file mode 100644 index 000000000000..5c36a129a800 --- /dev/null +++ b/ci-operator/step-registry/upi/gcp/arm/upi-gcp-arm-workflow.yaml @@ -0,0 +1,15 @@ +workflow: + as: upi-gcp-arm + steps: + pre: + - chain: upi-gcp-arm-pre + post: + - chain: upi-gcp-arm-post + documentation: |- + The UPI workflow provides pre- and post- steps that provision and + deprovision of a arm64 VM on GCP, allowing job authors to inject + their own end-to-end test logic. + + All modifications to this workflow should be done by modifying the + `upi-gcp-arm-{pre,post}` chains to allow other workflows to mimic and extend + this base workflow without a need to backport changes. \ No newline at end of file