diff --git a/ci-operator/config/openshift-priv/openshift-tests-private/openshift-priv-openshift-tests-private-release-4.20.yaml b/ci-operator/config/openshift-priv/openshift-tests-private/openshift-priv-openshift-tests-private-release-4.20.yaml index 0595d6b182435..c2e1a91163952 100644 --- a/ci-operator/config/openshift-priv/openshift-tests-private/openshift-priv-openshift-tests-private-release-4.20.yaml +++ b/ci-operator/config/openshift-priv/openshift-tests-private/openshift-priv-openshift-tests-private-release-4.20.yaml @@ -238,8 +238,8 @@ tests: cluster_profile: vsphere-connected-2 env: FORCE_SUCCESS_EXIT: "no" - TEST_FILTERS: ~ChkUpgrade&;~ConnectedOnly&;Smokerun& - TEST_SCENARIOS: Windows_Containers + TEST_FILTERS: ~ChkUpgrade&;~ConnectedOnly& + TEST_SCENARIOS: "33612" TEST_TIMEOUT: "50" test: - ref: openshift-extended-test diff --git a/ci-operator/config/openshift-priv/openshift-tests-private/openshift-priv-openshift-tests-private-release-4.21.yaml b/ci-operator/config/openshift-priv/openshift-tests-private/openshift-priv-openshift-tests-private-release-4.21.yaml index 5fd444426ba5f..497ab44e8d2f9 100644 --- a/ci-operator/config/openshift-priv/openshift-tests-private/openshift-priv-openshift-tests-private-release-4.21.yaml +++ b/ci-operator/config/openshift-priv/openshift-tests-private/openshift-priv-openshift-tests-private-release-4.21.yaml @@ -238,8 +238,8 @@ tests: cluster_profile: vsphere-connected-2 env: FORCE_SUCCESS_EXIT: "no" - TEST_FILTERS: ~ChkUpgrade&;~ConnectedOnly&;Smokerun& - TEST_SCENARIOS: Windows_Containers + TEST_FILTERS: ~ChkUpgrade&;~ConnectedOnly& + TEST_SCENARIOS: "33612" TEST_TIMEOUT: "50" test: - ref: openshift-extended-test diff --git a/ci-operator/config/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.16.yaml b/ci-operator/config/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.16.yaml index 2b5f71de0ebee..0d85bb62f2240 100644 --- a/ci-operator/config/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.16.yaml +++ b/ci-operator/config/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.16.yaml @@ -332,6 +332,23 @@ tests: test: - ref: openshift-extended-test workflow: cucushift-installer-rehearse-vsphere-ipi-ovn-winc +- as: debug-winc-vsphere-ipi-disconnected + optional: true + run_if_changed: test/extended/winc/ + steps: + cluster_profile: vsphere-dis-2 + env: + ENABLE_IDMS: "yes" + FORCE_SUCCESS_EXIT: "no" + TEST_FILTERS: ~ChkUpgrade&;~ConnectedOnly&;Smokerun& + TEST_SCENARIOS: Windows_Containers + TEST_TIMEOUT: "50" + leases: + - env: VSPHERE_BASTION_LEASED_RESOURCE + resource_type: vsphere-connected-2-quota-slice + test: + - ref: openshift-extended-test + workflow: cucushift-installer-rehearse-vsphere-ipi-disconnected-ovn-winc - as: debug-winc-nutanix-ipi optional: true run_if_changed: test/extended/winc/ diff --git a/ci-operator/config/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.18.yaml b/ci-operator/config/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.18.yaml index 8c75defe0af35..d9ad296b7b780 100644 --- a/ci-operator/config/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.18.yaml +++ b/ci-operator/config/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.18.yaml @@ -334,13 +334,30 @@ tests: steps: cluster_profile: vsphere-connected-2 env: + FORCE_SUCCESS_EXIT: "no" + TEST_FILTERS: ~ChkUpgrade&;~ConnectedOnly& + TEST_SCENARIOS: "33612" + TEST_TIMEOUT: "50" + test: + - ref: openshift-extended-test + workflow: cucushift-installer-rehearse-vsphere-ipi-ovn-winc +- as: debug-winc-vsphere-ipi-disconnected + optional: true + run_if_changed: test/extended/winc/ + steps: + cluster_profile: vsphere-dis-2 + env: + ENABLE_IDMS: "yes" FORCE_SUCCESS_EXIT: "no" TEST_FILTERS: ~ChkUpgrade&;~ConnectedOnly&;Smokerun& TEST_SCENARIOS: Windows_Containers TEST_TIMEOUT: "50" + leases: + - env: VSPHERE_BASTION_LEASED_RESOURCE + resource_type: vsphere-connected-2-quota-slice test: - ref: openshift-extended-test - workflow: cucushift-installer-rehearse-vsphere-ipi-ovn-winc + workflow: cucushift-installer-rehearse-vsphere-ipi-disconnected-ovn-winc zz_generated_metadata: branch: release-4.18 org: openshift diff --git a/ci-operator/config/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.19.yaml b/ci-operator/config/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.19.yaml index 51d6dab73cbcc..e0b498790eb6d 100644 --- a/ci-operator/config/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.19.yaml +++ b/ci-operator/config/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.19.yaml @@ -336,13 +336,30 @@ tests: steps: cluster_profile: vsphere-connected-2 env: + FORCE_SUCCESS_EXIT: "no" + TEST_FILTERS: ~ChkUpgrade&;~ConnectedOnly& + TEST_SCENARIOS: "33612" + TEST_TIMEOUT: "50" + test: + - ref: openshift-extended-test + workflow: cucushift-installer-rehearse-vsphere-ipi-ovn-winc +- as: debug-winc-vsphere-ipi-disconnected + optional: true + run_if_changed: test/extended/winc/ + steps: + cluster_profile: vsphere-dis-2 + env: + ENABLE_IDMS: "yes" FORCE_SUCCESS_EXIT: "no" TEST_FILTERS: ~ChkUpgrade&;~ConnectedOnly&;Smokerun& TEST_SCENARIOS: Windows_Containers TEST_TIMEOUT: "50" + leases: + - env: VSPHERE_BASTION_LEASED_RESOURCE + resource_type: vsphere-connected-2-quota-slice test: - ref: openshift-extended-test - workflow: cucushift-installer-rehearse-vsphere-ipi-ovn-winc + workflow: cucushift-installer-rehearse-vsphere-ipi-disconnected-ovn-winc zz_generated_metadata: branch: release-4.19 org: openshift diff --git a/ci-operator/config/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.20.yaml b/ci-operator/config/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.20.yaml index 4832681530be2..dd0743d1b94be 100644 --- a/ci-operator/config/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.20.yaml +++ b/ci-operator/config/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.20.yaml @@ -236,13 +236,30 @@ tests: steps: cluster_profile: vsphere-connected-2 env: + FORCE_SUCCESS_EXIT: "no" + TEST_FILTERS: ~ChkUpgrade&;~ConnectedOnly& + TEST_SCENARIOS: "33612" + TEST_TIMEOUT: "50" + test: + - ref: openshift-extended-test + workflow: cucushift-installer-rehearse-vsphere-ipi-ovn-winc +- as: debug-winc-vsphere-ipi-disconnected + optional: true + run_if_changed: test/extended/winc/ + steps: + cluster_profile: vsphere-dis-2 + env: + ENABLE_IDMS: "yes" FORCE_SUCCESS_EXIT: "no" TEST_FILTERS: ~ChkUpgrade&;~ConnectedOnly&;Smokerun& TEST_SCENARIOS: Windows_Containers TEST_TIMEOUT: "50" + leases: + - env: VSPHERE_BASTION_LEASED_RESOURCE + resource_type: vsphere-connected-2-quota-slice test: - ref: openshift-extended-test - workflow: cucushift-installer-rehearse-vsphere-ipi-ovn-winc + workflow: cucushift-installer-rehearse-vsphere-ipi-disconnected-ovn-winc zz_generated_metadata: branch: release-4.20 org: openshift diff --git a/ci-operator/config/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.21.yaml b/ci-operator/config/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.21.yaml index 97ea6da162773..b26808d492a1d 100644 --- a/ci-operator/config/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.21.yaml +++ b/ci-operator/config/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.21.yaml @@ -236,13 +236,30 @@ tests: steps: cluster_profile: vsphere-connected-2 env: + FORCE_SUCCESS_EXIT: "no" + TEST_FILTERS: ~ChkUpgrade&;~ConnectedOnly& + TEST_SCENARIOS: "33612" + TEST_TIMEOUT: "50" + test: + - ref: openshift-extended-test + workflow: cucushift-installer-rehearse-vsphere-ipi-ovn-winc +- as: debug-winc-vsphere-ipi-disconnected + optional: true + run_if_changed: test/extended/winc/ + steps: + cluster_profile: vsphere-dis-2 + env: + ENABLE_IDMS: "yes" FORCE_SUCCESS_EXIT: "no" TEST_FILTERS: ~ChkUpgrade&;~ConnectedOnly&;Smokerun& TEST_SCENARIOS: Windows_Containers TEST_TIMEOUT: "50" + leases: + - env: VSPHERE_BASTION_LEASED_RESOURCE + resource_type: vsphere-connected-2-quota-slice test: - ref: openshift-extended-test - workflow: cucushift-installer-rehearse-vsphere-ipi-ovn-winc + workflow: cucushift-installer-rehearse-vsphere-ipi-disconnected-ovn-winc - as: debug-winc-nutanix-ipi optional: true run_if_changed: test/extended/winc/ diff --git a/ci-operator/config/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.22.yaml b/ci-operator/config/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.22.yaml index 756add0461230..e0884b37a33b5 100644 --- a/ci-operator/config/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.22.yaml +++ b/ci-operator/config/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.22.yaml @@ -243,6 +243,23 @@ tests: test: - ref: openshift-extended-test workflow: cucushift-installer-rehearse-vsphere-ipi-ovn-winc +- as: debug-winc-vsphere-ipi-disconnected + optional: true + run_if_changed: test/extended/winc/ + steps: + cluster_profile: vsphere-dis-2 + env: + ENABLE_IDMS: "yes" + FORCE_SUCCESS_EXIT: "no" + TEST_FILTERS: ~ChkUpgrade&;~ConnectedOnly&;Smokerun& + TEST_SCENARIOS: Windows_Containers + TEST_TIMEOUT: "50" + leases: + - env: VSPHERE_BASTION_LEASED_RESOURCE + resource_type: vsphere-connected-2-quota-slice + test: + - ref: openshift-extended-test + workflow: cucushift-installer-rehearse-vsphere-ipi-disconnected-ovn-winc zz_generated_metadata: branch: release-4.22 org: openshift diff --git a/ci-operator/config/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.23.yaml b/ci-operator/config/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.23.yaml index 55144dd1f32ed..758ed06dcb5bf 100644 --- a/ci-operator/config/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.23.yaml +++ b/ci-operator/config/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.23.yaml @@ -242,6 +242,23 @@ tests: test: - ref: openshift-extended-test workflow: cucushift-installer-rehearse-vsphere-ipi-ovn-winc +- as: debug-winc-vsphere-ipi-disconnected + optional: true + run_if_changed: test/extended/winc/ + steps: + cluster_profile: vsphere-dis-2 + env: + ENABLE_IDMS: "yes" + FORCE_SUCCESS_EXIT: "no" + TEST_FILTERS: ~ChkUpgrade&;~ConnectedOnly&;Smokerun& + TEST_SCENARIOS: Windows_Containers + TEST_TIMEOUT: "50" + leases: + - env: VSPHERE_BASTION_LEASED_RESOURCE + resource_type: vsphere-connected-2-quota-slice + test: + - ref: openshift-extended-test + workflow: cucushift-installer-rehearse-vsphere-ipi-disconnected-ovn-winc zz_generated_metadata: branch: release-4.23 org: openshift diff --git a/ci-operator/jobs/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.16-presubmits.yaml b/ci-operator/jobs/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.16-presubmits.yaml index 8bb80dac6166a..a06db9bc6e5f9 100644 --- a/ci-operator/jobs/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.16-presubmits.yaml +++ b/ci-operator/jobs/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.16-presubmits.yaml @@ -149,7 +149,7 @@ presubmits: branches: - ^release-4\.16$ - ^release-4\.16- - cluster: build11 + cluster: build07 context: ci/prow/debug-disasterrecovery-aws-ipi decorate: true decoration_config: @@ -334,7 +334,7 @@ presubmits: branches: - ^release-4\.16$ - ^release-4\.16- - cluster: build11 + cluster: build07 context: ci/prow/debug-winc-aws-ipi decorate: true decoration_config: @@ -794,7 +794,99 @@ presubmits: branches: - ^release-4\.16$ - ^release-4\.16- - cluster: build11 + cluster: vsphere02 + context: ci/prow/debug-winc-vsphere-ipi-disconnected + decorate: true + decoration_config: + skip_cloning: true + labels: + ci-operator.openshift.io/cloud: vsphere + ci-operator.openshift.io/cloud-cluster-profile: vsphere-dis-2 + ci.openshift.io/generator: prowgen + job-release: "4.16" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-openshift-tests-private-release-4.16-debug-winc-vsphere-ipi-disconnected + optional: true + rerun_command: /test debug-winc-vsphere-ipi-disconnected + run_if_changed: test/extended/winc/ + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --oauth-token-path=/usr/local/github-credentials/oauth + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=debug-winc-vsphere-ipi-disconnected + command: + - ci-operator + env: + - name: HTTP_SERVER_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /usr/local/github-credentials + name: github-credentials-openshift-ci-robot-private-git-cloner + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: github-credentials-openshift-ci-robot-private-git-cloner + secret: + secretName: github-credentials-openshift-ci-robot-private-git-cloner + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )debug-winc-vsphere-ipi-disconnected,?($|\s.*) + - agent: kubernetes + always_run: false + branches: + - ^release-4\.16$ + - ^release-4\.16- + cluster: build07 context: ci/prow/e2e-aws decorate: true decoration_config: diff --git a/ci-operator/jobs/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.18-presubmits.yaml b/ci-operator/jobs/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.18-presubmits.yaml index cdf769a806212..c3f83e7e45240 100644 --- a/ci-operator/jobs/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.18-presubmits.yaml +++ b/ci-operator/jobs/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.18-presubmits.yaml @@ -149,7 +149,7 @@ presubmits: branches: - ^release-4\.18$ - ^release-4\.18- - cluster: build11 + cluster: build07 context: ci/prow/debug-disasterrecovery-aws-ipi decorate: true decoration_config: @@ -334,7 +334,7 @@ presubmits: branches: - ^release-4\.18$ - ^release-4\.18- - cluster: build11 + cluster: build07 context: ci/prow/debug-winc-aws-ipi decorate: true decoration_config: @@ -702,7 +702,99 @@ presubmits: branches: - ^release-4\.18$ - ^release-4\.18- - cluster: build11 + cluster: vsphere02 + context: ci/prow/debug-winc-vsphere-ipi-disconnected + decorate: true + decoration_config: + skip_cloning: true + labels: + ci-operator.openshift.io/cloud: vsphere + ci-operator.openshift.io/cloud-cluster-profile: vsphere-dis-2 + ci.openshift.io/generator: prowgen + job-release: "4.18" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-openshift-tests-private-release-4.18-debug-winc-vsphere-ipi-disconnected + optional: true + rerun_command: /test debug-winc-vsphere-ipi-disconnected + run_if_changed: test/extended/winc/ + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --oauth-token-path=/usr/local/github-credentials/oauth + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=debug-winc-vsphere-ipi-disconnected + command: + - ci-operator + env: + - name: HTTP_SERVER_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /usr/local/github-credentials + name: github-credentials-openshift-ci-robot-private-git-cloner + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: github-credentials-openshift-ci-robot-private-git-cloner + secret: + secretName: github-credentials-openshift-ci-robot-private-git-cloner + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )debug-winc-vsphere-ipi-disconnected,?($|\s.*) + - agent: kubernetes + always_run: false + branches: + - ^release-4\.18$ + - ^release-4\.18- + cluster: build07 context: ci/prow/e2e-aws decorate: true decoration_config: diff --git a/ci-operator/jobs/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.19-presubmits.yaml b/ci-operator/jobs/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.19-presubmits.yaml index 9e6ce09c03b4d..213f6c1e97650 100644 --- a/ci-operator/jobs/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.19-presubmits.yaml +++ b/ci-operator/jobs/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.19-presubmits.yaml @@ -149,7 +149,7 @@ presubmits: branches: - ^release-4\.19$ - ^release-4\.19- - cluster: build11 + cluster: build07 context: ci/prow/debug-disasterrecovery-aws-ipi decorate: true decoration_config: @@ -334,7 +334,7 @@ presubmits: branches: - ^release-4\.19$ - ^release-4\.19- - cluster: build11 + cluster: build07 context: ci/prow/debug-winc-aws-ipi decorate: true decoration_config: @@ -702,7 +702,99 @@ presubmits: branches: - ^release-4\.19$ - ^release-4\.19- - cluster: build11 + cluster: vsphere02 + context: ci/prow/debug-winc-vsphere-ipi-disconnected + decorate: true + decoration_config: + skip_cloning: true + labels: + ci-operator.openshift.io/cloud: vsphere + ci-operator.openshift.io/cloud-cluster-profile: vsphere-dis-2 + ci.openshift.io/generator: prowgen + job-release: "4.19" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-openshift-tests-private-release-4.19-debug-winc-vsphere-ipi-disconnected + optional: true + rerun_command: /test debug-winc-vsphere-ipi-disconnected + run_if_changed: test/extended/winc/ + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --oauth-token-path=/usr/local/github-credentials/oauth + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=debug-winc-vsphere-ipi-disconnected + command: + - ci-operator + env: + - name: HTTP_SERVER_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /usr/local/github-credentials + name: github-credentials-openshift-ci-robot-private-git-cloner + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: github-credentials-openshift-ci-robot-private-git-cloner + secret: + secretName: github-credentials-openshift-ci-robot-private-git-cloner + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )debug-winc-vsphere-ipi-disconnected,?($|\s.*) + - agent: kubernetes + always_run: false + branches: + - ^release-4\.19$ + - ^release-4\.19- + cluster: build07 context: ci/prow/e2e-aws decorate: true decoration_config: diff --git a/ci-operator/jobs/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.20-presubmits.yaml b/ci-operator/jobs/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.20-presubmits.yaml index d364f7fcd3eec..d49015e33a936 100644 --- a/ci-operator/jobs/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.20-presubmits.yaml +++ b/ci-operator/jobs/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.20-presubmits.yaml @@ -149,7 +149,7 @@ presubmits: branches: - ^release-4\.20$ - ^release-4\.20- - cluster: build11 + cluster: build07 context: ci/prow/debug-disasterrecovery-aws-ipi decorate: true decoration_config: @@ -334,7 +334,7 @@ presubmits: branches: - ^release-4\.20$ - ^release-4\.20- - cluster: build11 + cluster: build07 context: ci/prow/debug-winc-aws-ipi decorate: true decoration_config: @@ -702,7 +702,99 @@ presubmits: branches: - ^release-4\.20$ - ^release-4\.20- - cluster: build11 + cluster: vsphere02 + context: ci/prow/debug-winc-vsphere-ipi-disconnected + decorate: true + decoration_config: + skip_cloning: true + labels: + ci-operator.openshift.io/cloud: vsphere + ci-operator.openshift.io/cloud-cluster-profile: vsphere-dis-2 + ci.openshift.io/generator: prowgen + job-release: "4.20" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-openshift-tests-private-release-4.20-debug-winc-vsphere-ipi-disconnected + optional: true + rerun_command: /test debug-winc-vsphere-ipi-disconnected + run_if_changed: test/extended/winc/ + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --oauth-token-path=/usr/local/github-credentials/oauth + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=debug-winc-vsphere-ipi-disconnected + command: + - ci-operator + env: + - name: HTTP_SERVER_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /usr/local/github-credentials + name: github-credentials-openshift-ci-robot-private-git-cloner + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: github-credentials-openshift-ci-robot-private-git-cloner + secret: + secretName: github-credentials-openshift-ci-robot-private-git-cloner + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )debug-winc-vsphere-ipi-disconnected,?($|\s.*) + - agent: kubernetes + always_run: false + branches: + - ^release-4\.20$ + - ^release-4\.20- + cluster: build07 context: ci/prow/e2e-aws decorate: true decoration_config: diff --git a/ci-operator/jobs/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.21-presubmits.yaml b/ci-operator/jobs/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.21-presubmits.yaml index 00c587ca9b1de..b7c98e03b03bd 100644 --- a/ci-operator/jobs/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.21-presubmits.yaml +++ b/ci-operator/jobs/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.21-presubmits.yaml @@ -149,7 +149,7 @@ presubmits: branches: - ^release-4\.21$ - ^release-4\.21- - cluster: build11 + cluster: build07 context: ci/prow/debug-disasterrecovery-aws-ipi decorate: true decoration_config: @@ -334,7 +334,7 @@ presubmits: branches: - ^release-4\.21$ - ^release-4\.21- - cluster: build11 + cluster: build07 context: ci/prow/debug-winc-aws-ipi decorate: true decoration_config: @@ -794,7 +794,99 @@ presubmits: branches: - ^release-4\.21$ - ^release-4\.21- - cluster: build11 + cluster: vsphere02 + context: ci/prow/debug-winc-vsphere-ipi-disconnected + decorate: true + decoration_config: + skip_cloning: true + labels: + ci-operator.openshift.io/cloud: vsphere + ci-operator.openshift.io/cloud-cluster-profile: vsphere-dis-2 + ci.openshift.io/generator: prowgen + job-release: "4.21" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-openshift-tests-private-release-4.21-debug-winc-vsphere-ipi-disconnected + optional: true + rerun_command: /test debug-winc-vsphere-ipi-disconnected + run_if_changed: test/extended/winc/ + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --oauth-token-path=/usr/local/github-credentials/oauth + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=debug-winc-vsphere-ipi-disconnected + command: + - ci-operator + env: + - name: HTTP_SERVER_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /usr/local/github-credentials + name: github-credentials-openshift-ci-robot-private-git-cloner + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: github-credentials-openshift-ci-robot-private-git-cloner + secret: + secretName: github-credentials-openshift-ci-robot-private-git-cloner + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )debug-winc-vsphere-ipi-disconnected,?($|\s.*) + - agent: kubernetes + always_run: false + branches: + - ^release-4\.21$ + - ^release-4\.21- + cluster: build07 context: ci/prow/e2e-aws decorate: true decoration_config: diff --git a/ci-operator/jobs/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.22-presubmits.yaml b/ci-operator/jobs/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.22-presubmits.yaml index f2347b72f93c3..f1dccac32328b 100644 --- a/ci-operator/jobs/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.22-presubmits.yaml +++ b/ci-operator/jobs/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.22-presubmits.yaml @@ -149,7 +149,7 @@ presubmits: branches: - ^release-4\.22$ - ^release-4\.22- - cluster: build11 + cluster: build07 context: ci/prow/debug-disasterrecovery-aws-ipi decorate: true decoration_config: @@ -334,7 +334,7 @@ presubmits: branches: - ^release-4\.22$ - ^release-4\.22- - cluster: build11 + cluster: build07 context: ci/prow/debug-winc-aws-ipi decorate: true decoration_config: @@ -702,7 +702,99 @@ presubmits: branches: - ^release-4\.22$ - ^release-4\.22- - cluster: build11 + cluster: vsphere02 + context: ci/prow/debug-winc-vsphere-ipi-disconnected + decorate: true + decoration_config: + skip_cloning: true + labels: + ci-operator.openshift.io/cloud: vsphere + ci-operator.openshift.io/cloud-cluster-profile: vsphere-dis-2 + ci.openshift.io/generator: prowgen + job-release: "4.22" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-openshift-tests-private-release-4.22-debug-winc-vsphere-ipi-disconnected + optional: true + rerun_command: /test debug-winc-vsphere-ipi-disconnected + run_if_changed: test/extended/winc/ + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --oauth-token-path=/usr/local/github-credentials/oauth + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=debug-winc-vsphere-ipi-disconnected + command: + - ci-operator + env: + - name: HTTP_SERVER_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /usr/local/github-credentials + name: github-credentials-openshift-ci-robot-private-git-cloner + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: github-credentials-openshift-ci-robot-private-git-cloner + secret: + secretName: github-credentials-openshift-ci-robot-private-git-cloner + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )debug-winc-vsphere-ipi-disconnected,?($|\s.*) + - agent: kubernetes + always_run: false + branches: + - ^release-4\.22$ + - ^release-4\.22- + cluster: build07 context: ci/prow/e2e-aws decorate: true decoration_config: diff --git a/ci-operator/jobs/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.23-presubmits.yaml b/ci-operator/jobs/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.23-presubmits.yaml index 270db0dfdff82..b3d28082bbc75 100644 --- a/ci-operator/jobs/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.23-presubmits.yaml +++ b/ci-operator/jobs/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.23-presubmits.yaml @@ -149,7 +149,7 @@ presubmits: branches: - ^release-4\.23$ - ^release-4\.23- - cluster: build11 + cluster: build07 context: ci/prow/debug-disasterrecovery-aws-ipi decorate: true decoration_config: @@ -334,7 +334,7 @@ presubmits: branches: - ^release-4\.23$ - ^release-4\.23- - cluster: build11 + cluster: build07 context: ci/prow/debug-winc-aws-ipi decorate: true decoration_config: @@ -702,7 +702,99 @@ presubmits: branches: - ^release-4\.23$ - ^release-4\.23- - cluster: build11 + cluster: vsphere02 + context: ci/prow/debug-winc-vsphere-ipi-disconnected + decorate: true + decoration_config: + skip_cloning: true + labels: + ci-operator.openshift.io/cloud: vsphere + ci-operator.openshift.io/cloud-cluster-profile: vsphere-dis-2 + ci.openshift.io/generator: prowgen + job-release: "4.23" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-openshift-tests-private-release-4.23-debug-winc-vsphere-ipi-disconnected + optional: true + rerun_command: /test debug-winc-vsphere-ipi-disconnected + run_if_changed: test/extended/winc/ + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --oauth-token-path=/usr/local/github-credentials/oauth + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=debug-winc-vsphere-ipi-disconnected + command: + - ci-operator + env: + - name: HTTP_SERVER_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /usr/local/github-credentials + name: github-credentials-openshift-ci-robot-private-git-cloner + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: github-credentials-openshift-ci-robot-private-git-cloner + secret: + secretName: github-credentials-openshift-ci-robot-private-git-cloner + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )debug-winc-vsphere-ipi-disconnected,?($|\s.*) + - agent: kubernetes + always_run: false + branches: + - ^release-4\.23$ + - ^release-4\.23- + cluster: build07 context: ci/prow/e2e-aws decorate: true decoration_config: diff --git a/ci-operator/step-registry/cucushift/installer/rehearse/vsphere/ipi/disconnected/ovn/OWNERS b/ci-operator/step-registry/cucushift/installer/rehearse/vsphere/ipi/disconnected/ovn/OWNERS new file mode 100644 index 0000000000000..8424fe52c4faa --- /dev/null +++ b/ci-operator/step-registry/cucushift/installer/rehearse/vsphere/ipi/disconnected/ovn/OWNERS @@ -0,0 +1,5 @@ +reviewers: +- rrasouli +- weinliu +approvers: +- rrasouli diff --git a/ci-operator/step-registry/cucushift/installer/rehearse/vsphere/ipi/disconnected/ovn/winc/OWNERS b/ci-operator/step-registry/cucushift/installer/rehearse/vsphere/ipi/disconnected/ovn/winc/OWNERS new file mode 100644 index 0000000000000..8424fe52c4faa --- /dev/null +++ b/ci-operator/step-registry/cucushift/installer/rehearse/vsphere/ipi/disconnected/ovn/winc/OWNERS @@ -0,0 +1,5 @@ +reviewers: +- rrasouli +- weinliu +approvers: +- rrasouli diff --git a/ci-operator/step-registry/cucushift/installer/rehearse/vsphere/ipi/disconnected/ovn/winc/cucushift-installer-rehearse-vsphere-ipi-disconnected-ovn-winc-workflow.metadata.json b/ci-operator/step-registry/cucushift/installer/rehearse/vsphere/ipi/disconnected/ovn/winc/cucushift-installer-rehearse-vsphere-ipi-disconnected-ovn-winc-workflow.metadata.json new file mode 100644 index 0000000000000..9448685d7af58 --- /dev/null +++ b/ci-operator/step-registry/cucushift/installer/rehearse/vsphere/ipi/disconnected/ovn/winc/cucushift-installer-rehearse-vsphere-ipi-disconnected-ovn-winc-workflow.metadata.json @@ -0,0 +1,12 @@ +{ + "path": "cucushift/installer/rehearse/vsphere/ipi/disconnected/ovn/winc/cucushift-installer-rehearse-vsphere-ipi-disconnected-ovn-winc-workflow.yaml", + "owners": { + "approvers": [ + "rrasouli" + ], + "reviewers": [ + "rrasouli", + "weinliu" + ] + } +} \ No newline at end of file diff --git a/ci-operator/step-registry/cucushift/installer/rehearse/vsphere/ipi/disconnected/ovn/winc/cucushift-installer-rehearse-vsphere-ipi-disconnected-ovn-winc-workflow.yaml b/ci-operator/step-registry/cucushift/installer/rehearse/vsphere/ipi/disconnected/ovn/winc/cucushift-installer-rehearse-vsphere-ipi-disconnected-ovn-winc-workflow.yaml new file mode 100644 index 0000000000000..ee9ddbdaa8c73 --- /dev/null +++ b/ci-operator/step-registry/cucushift/installer/rehearse/vsphere/ipi/disconnected/ovn/winc/cucushift-installer-rehearse-vsphere-ipi-disconnected-ovn-winc-workflow.yaml @@ -0,0 +1,12 @@ +workflow: + as: cucushift-installer-rehearse-vsphere-ipi-disconnected-ovn-winc + steps: + cluster_profile: vsphere-dis-2 + pre: + - chain: cucushift-installer-rehearse-vsphere-ipi-disconnected-ovn-winc-provision + - ref: cucushift-installer-reportportal-marker + post: + - chain: cucushift-installer-rehearse-vsphere-ipi-disconnected-ovn-winc-deprovision + - ref: send-results-to-reportportal + documentation: |- + This is the workflow to trigger Prow's rehearsal test when submitting installer steps/chain/workflow which require disconnected network, OVN hybrid overlay and Windows workers as part of the cluster for vSphere IPI. diff --git a/ci-operator/step-registry/cucushift/installer/rehearse/vsphere/ipi/disconnected/ovn/winc/deprovision/OWNERS b/ci-operator/step-registry/cucushift/installer/rehearse/vsphere/ipi/disconnected/ovn/winc/deprovision/OWNERS new file mode 100644 index 0000000000000..8424fe52c4faa --- /dev/null +++ b/ci-operator/step-registry/cucushift/installer/rehearse/vsphere/ipi/disconnected/ovn/winc/deprovision/OWNERS @@ -0,0 +1,5 @@ +reviewers: +- rrasouli +- weinliu +approvers: +- rrasouli diff --git a/ci-operator/step-registry/cucushift/installer/rehearse/vsphere/ipi/disconnected/ovn/winc/deprovision/cucushift-installer-rehearse-vsphere-ipi-disconnected-ovn-winc-deprovision-chain.metadata.json b/ci-operator/step-registry/cucushift/installer/rehearse/vsphere/ipi/disconnected/ovn/winc/deprovision/cucushift-installer-rehearse-vsphere-ipi-disconnected-ovn-winc-deprovision-chain.metadata.json new file mode 100644 index 0000000000000..1032de470ad71 --- /dev/null +++ b/ci-operator/step-registry/cucushift/installer/rehearse/vsphere/ipi/disconnected/ovn/winc/deprovision/cucushift-installer-rehearse-vsphere-ipi-disconnected-ovn-winc-deprovision-chain.metadata.json @@ -0,0 +1,12 @@ +{ + "path": "cucushift/installer/rehearse/vsphere/ipi/disconnected/ovn/winc/deprovision/cucushift-installer-rehearse-vsphere-ipi-disconnected-ovn-winc-deprovision-chain.yaml", + "owners": { + "approvers": [ + "rrasouli" + ], + "reviewers": [ + "rrasouli", + "weinliu" + ] + } +} \ No newline at end of file diff --git a/ci-operator/step-registry/cucushift/installer/rehearse/vsphere/ipi/disconnected/ovn/winc/deprovision/cucushift-installer-rehearse-vsphere-ipi-disconnected-ovn-winc-deprovision-chain.yaml b/ci-operator/step-registry/cucushift/installer/rehearse/vsphere/ipi/disconnected/ovn/winc/deprovision/cucushift-installer-rehearse-vsphere-ipi-disconnected-ovn-winc-deprovision-chain.yaml new file mode 100644 index 0000000000000..05df0e07ac219 --- /dev/null +++ b/ci-operator/step-registry/cucushift/installer/rehearse/vsphere/ipi/disconnected/ovn/winc/deprovision/cucushift-installer-rehearse-vsphere-ipi-disconnected-ovn-winc-deprovision-chain.yaml @@ -0,0 +1,8 @@ +chain: + as: cucushift-installer-rehearse-vsphere-ipi-disconnected-ovn-winc-deprovision + steps: + - ref: gather-mirror-registry + - chain: cucushift-installer-rehearse-vsphere-ipi-deprovision + - ref: vsphere-deprovision-bastionhost + documentation: |- + Destroy an IPI cluster in disconnected network on vSphere with Windows workers. diff --git a/ci-operator/step-registry/cucushift/installer/rehearse/vsphere/ipi/disconnected/ovn/winc/provision/OWNERS b/ci-operator/step-registry/cucushift/installer/rehearse/vsphere/ipi/disconnected/ovn/winc/provision/OWNERS new file mode 100644 index 0000000000000..8424fe52c4faa --- /dev/null +++ b/ci-operator/step-registry/cucushift/installer/rehearse/vsphere/ipi/disconnected/ovn/winc/provision/OWNERS @@ -0,0 +1,5 @@ +reviewers: +- rrasouli +- weinliu +approvers: +- rrasouli diff --git a/ci-operator/step-registry/cucushift/installer/rehearse/vsphere/ipi/disconnected/ovn/winc/provision/cucushift-installer-rehearse-vsphere-ipi-disconnected-ovn-winc-provision-chain.metadata.json b/ci-operator/step-registry/cucushift/installer/rehearse/vsphere/ipi/disconnected/ovn/winc/provision/cucushift-installer-rehearse-vsphere-ipi-disconnected-ovn-winc-provision-chain.metadata.json new file mode 100644 index 0000000000000..5ee069a20b0fe --- /dev/null +++ b/ci-operator/step-registry/cucushift/installer/rehearse/vsphere/ipi/disconnected/ovn/winc/provision/cucushift-installer-rehearse-vsphere-ipi-disconnected-ovn-winc-provision-chain.metadata.json @@ -0,0 +1,12 @@ +{ + "path": "cucushift/installer/rehearse/vsphere/ipi/disconnected/ovn/winc/provision/cucushift-installer-rehearse-vsphere-ipi-disconnected-ovn-winc-provision-chain.yaml", + "owners": { + "approvers": [ + "rrasouli" + ], + "reviewers": [ + "rrasouli", + "weinliu" + ] + } +} \ No newline at end of file diff --git a/ci-operator/step-registry/cucushift/installer/rehearse/vsphere/ipi/disconnected/ovn/winc/provision/cucushift-installer-rehearse-vsphere-ipi-disconnected-ovn-winc-provision-chain.yaml b/ci-operator/step-registry/cucushift/installer/rehearse/vsphere/ipi/disconnected/ovn/winc/provision/cucushift-installer-rehearse-vsphere-ipi-disconnected-ovn-winc-provision-chain.yaml new file mode 100644 index 0000000000000..493466b3774b7 --- /dev/null +++ b/ci-operator/step-registry/cucushift/installer/rehearse/vsphere/ipi/disconnected/ovn/winc/provision/cucushift-installer-rehearse-vsphere-ipi-disconnected-ovn-winc-provision-chain.yaml @@ -0,0 +1,27 @@ +chain: + as: cucushift-installer-rehearse-vsphere-ipi-disconnected-ovn-winc-provision + steps: + - chain: ipi-conf-vsphere + - chain: vsphere-provision-bastionhost + - ref: mirror-images-by-oc-image-in-bastion + - ref: ipi-conf-mirror + - ref: ovn-conf + - ref: ovn-conf-hybrid-manifest + - ref: ipi-install-install + - ref: ipi-install-vsphere-registry + - ref: enable-qe-catalogsource-disconnected + - ref: windows-e2e-operator-test-mirror-images + - ref: set-sample-operator-disconnected + - ref: ssh-bastion + - ref: windows-conf-operator + - ref: ipi-conf-vsphere-windows-machineset + - ref: cucushift-winc-prepare + env: + - name: REGISTER_MIRROR_REGISTRY_DNS + default: "yes" + - name: PULL_THROUGH_CACHE + default: "enabled" + documentation: |- + Register DNS for mirror registry. + documentation: |- + Create an IPI cluster in disconnected (air-gapped) network on vSphere with OVN hybrid overlay and Windows workers for QE e2e tests. diff --git a/ci-operator/step-registry/cucushift/installer/rehearse/vsphere/ipi/ovn/winc/provision/cucushift-installer-rehearse-vsphere-ipi-ovn-winc-provision-chain.yaml b/ci-operator/step-registry/cucushift/installer/rehearse/vsphere/ipi/ovn/winc/provision/cucushift-installer-rehearse-vsphere-ipi-ovn-winc-provision-chain.yaml index 16316c7120495..ac9b3d0a02aad 100644 --- a/ci-operator/step-registry/cucushift/installer/rehearse/vsphere/ipi/ovn/winc/provision/cucushift-installer-rehearse-vsphere-ipi-ovn-winc-provision-chain.yaml +++ b/ci-operator/step-registry/cucushift/installer/rehearse/vsphere/ipi/ovn/winc/provision/cucushift-installer-rehearse-vsphere-ipi-ovn-winc-provision-chain.yaml @@ -5,6 +5,7 @@ chain: - ref: ovn-conf - ref: ovn-conf-hybrid-manifest - chain: ipi-install + - ref: ipi-install-vsphere-registry - ref: enable-qe-catalogsource - ref: ssh-bastion - ref: openshift-windows-setup-wmco-konflux diff --git a/ci-operator/step-registry/mirror-images/by-oc-adm-via-tunnel/OWNERS b/ci-operator/step-registry/mirror-images/by-oc-adm-via-tunnel/OWNERS new file mode 100644 index 0000000000000..ddf9fb55ee9ec --- /dev/null +++ b/ci-operator/step-registry/mirror-images/by-oc-adm-via-tunnel/OWNERS @@ -0,0 +1,5 @@ +approvers: +- patrickdillon +- yunjiang29 +- jianlinliu +- jinyunma diff --git a/ci-operator/step-registry/mirror-images/by-oc-adm-via-tunnel/mirror-images-by-oc-adm-via-tunnel-commands.sh b/ci-operator/step-registry/mirror-images/by-oc-adm-via-tunnel/mirror-images-by-oc-adm-via-tunnel-commands.sh new file mode 100755 index 0000000000000..3d73e966133fb --- /dev/null +++ b/ci-operator/step-registry/mirror-images/by-oc-adm-via-tunnel/mirror-images-by-oc-adm-via-tunnel-commands.sh @@ -0,0 +1,199 @@ +#!/bin/bash + +set -o nounset +set -o errexit +set -o pipefail + +trap 'CHILDREN=$(jobs -p); if test -n "${CHILDREN}"; then kill ${CHILDREN} && wait; fi' TERM +# save the exit code for junit xml file generated in step gather-must-gather +# pre configuration steps before running installation, exit code 100 if failed, +# save to install-pre-config-status.txt +# post check steps after cluster installation, exit code 101 if failed, +# save to install-post-check-status.txt +EXIT_CODE=100 +trap 'if [[ "$?" == 0 ]]; then EXIT_CODE=0; fi; echo "${EXIT_CODE}" > "${SHARED_DIR}/install-pre-config-status.txt"' EXIT TERM + +if [[ "${MIRROR_BIN}" != "oc-adm" ]]; then + echo "users specifically do not use oc-adm to run mirror" + exit 0 +fi + +if [[ "${MIRROR_IN_BASTION}" == "yes" ]]; then + echo "users are going to mirror images from bastion, skip this step." + exit 0 +fi + +export HOME="${HOME:-/tmp/home}" +export XDG_RUNTIME_DIR="${HOME}/run" +export REGISTRY_AUTH_PREFERENCE=podman # TODO: remove later, used for migrating oc from docker to podman +mkdir -p "${XDG_RUNTIME_DIR}" + +function run_command() { + local CMD="$1" + echo "Running command: ${CMD}" + eval "${CMD}" +} + +mirror_output="${SHARED_DIR}/mirror_output" +new_pull_secret="${SHARED_DIR}/new_pull_secret" +install_config_mirror_patch="${SHARED_DIR}/install-config-mirror.yaml.patch" +cluster_mirror_conf_file="${SHARED_DIR}/local_registry_mirror_file.yaml" + +# private mirror registry host +# : +MIRROR_REGISTRY_HOST=$(head -n 1 "${SHARED_DIR}/mirror_registry_url") +if [ ! -f "${SHARED_DIR}/mirror_registry_url" ]; then + echo "File ${SHARED_DIR}/mirror_registry_url does not exist." + exit 1 +fi +echo "MIRROR_REGISTRY_HOST: $MIRROR_REGISTRY_HOST" +# Establish SSH tunnel to bastion registry (port 5000) +# This is needed when CI pod cannot directly reach bastion:5000 +if [[ -f "${SHARED_DIR}/bastion_private_address" ]]; then + BASTION_IP=$(< "${SHARED_DIR}/bastion_private_address") + BASTION_SSH_USER=$(< "${SHARED_DIR}/bastion_ssh_user") + SSH_PRIV_KEY_PATH=${CLUSTER_PROFILE_DIR}/ssh-privatekey + TUNNEL_LOCAL_PORT=5000 + + # Ensure our UID is in /etc/passwd (required for SSH) + if ! whoami &> /dev/null; then + if [[ -w /etc/passwd ]]; then + echo "${USER_NAME:-default}:x:$(id -u):0:${USER_NAME:-default} user:${HOME}:/sbin/nologin" >> /etc/passwd + fi + fi + + echo "$(date -u --rfc-3339=seconds) - Establishing SSH tunnel to bastion registry..." + ssh -f -N \ + -L 127.0.0.1:${TUNNEL_LOCAL_PORT}:127.0.0.1:5000 \ + -o StrictHostKeyChecking=no \ + -o UserKnownHostsFile=/dev/null \ + -o ServerAliveInterval=10 \ + -o ServerAliveCountMax=60 \ + -o ControlMaster=no \ + -i "${SSH_PRIV_KEY_PATH}" \ + "${BASTION_SSH_USER}@${BASTION_IP}" + + # Wait for tunnel and registry to be fully ready (check HTTP status code) + echo "$(date -u --rfc-3339=seconds) - Waiting for registry to be ready..." + for i in {1..20}; do + http_code=$(curl -s -o /dev/null -w "%{http_code}" --connect-timeout 5 "http://127.0.0.1:${TUNNEL_LOCAL_PORT}/v2/" 2>/dev/null || echo "000") + if [[ "${http_code}" == "200" || "${http_code}" == "401" ]]; then + echo "$(date -u --rfc-3339=seconds) - Registry is ready (HTTP ${http_code}). Waiting 10s more to ensure stability..." + sleep 10 + break + fi + echo "$(date -u --rfc-3339=seconds) - Registry not ready (HTTP ${http_code}), attempt ${i}/20" + sleep 5 + done + + # Override registry host to use local tunnel endpoint + MIRROR_REGISTRY_HOST="127.0.0.1:${TUNNEL_LOCAL_PORT}" + echo "$(date -u --rfc-3339=seconds) - Using SSH tunnel, MIRROR_REGISTRY_HOST overridden to: ${MIRROR_REGISTRY_HOST}" +fi + + +if [[ -n "${CUSTOM_OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE:-}" ]]; then + echo "Overwrite OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE to ${CUSTOM_OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE} for cluster installation" + export OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE=${CUSTOM_OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE} +fi + +echo "OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE: ${OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE}" + +# since ci-operator gives steps KUBECONFIG pointing to cluster under test under some circumstances, +# unset KUBECONFIG to ensure this step always interact with the build farm. +unset KUBECONFIG +oc registry login + +readable_version=$(oc adm release info "${OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE}" -o jsonpath='{.metadata.version}') +echo "readable_version: $readable_version" + +# target release +target_release_image="${MIRROR_REGISTRY_HOST}/${OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE#*/}" +target_release_image_repo="${target_release_image%:*}" +target_release_image_repo="${target_release_image_repo%@sha256*}" +# ensure mirror release image by tag name, refer to https://github.com/openshift/oc/pull/1331 +target_release_image="${target_release_image_repo}:${readable_version}" + +echo "target_release_image: $target_release_image" +echo "target_release_image_repo: $target_release_image_repo" + +# combine custom registry credential and default pull secret +registry_cred=$(head -n 1 "/var/run/vault/mirror-registry/registry_creds" | base64 -w 0) +jq --argjson a "{\"${MIRROR_REGISTRY_HOST}\": {\"auth\": \"$registry_cred\"}}" '.auths |= . + $a' "${CLUSTER_PROFILE_DIR}/pull-secret" > "${new_pull_secret}" +oc registry login --to "${new_pull_secret}" + +mirror_crd_type='icsp' +regex_keyword_1="imageContentSources" +if [[ "${ENABLE_IDMS}" == "yes" ]]; then + mirror_crd_type='idms' + regex_keyword_1="imageDigestSources" +fi + +# set the release mirror args +# Limit parallelism to avoid overwhelming SSH tunnel (MaxSessions default=10) +args=( + --from="${OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE}" + --to-release-image="${target_release_image}" + --to="${target_release_image_repo}" + --insecure=true + --max-per-registry=5 +) + +run_command "which oc" +run_command "oc version --client" + +# check whether the oc command supports extra options and add them to the args array. +if oc adm release mirror -h | grep -q -- --keep-manifest-list; then + echo "Adding --keep-manifest-list to the mirror command." + args+=(--keep-manifest-list=true) +else + echo "This version of oc does not support --keep-manifest-list, skip it." +fi + +if oc adm release mirror -h | grep -q -- --print-mirror-instructions; then + echo "Adding --print-mirror-instructions to the mirror command." + args+=(--print-mirror-instructions="${mirror_crd_type}") +else + echo "This version of oc does not support --print-mirror-instructions=, skip it." +fi + +# For disconnected or otherwise unreachable mirrors, we want to +# have steps use an HTTP(S) proxy to reach the mirror. This proxy +# configuration file should export HTTP_PROXY, HTTPS_PROXY, and NO_PROXY +# environment variables, as well as their lowercase equivalents (note +# that libcurl doesn't recognize the uppercase variables). +if test -f "${SHARED_DIR}/mirror-proxy-conf.sh" +then + # shellcheck disable=SC1090 + source "${SHARED_DIR}/mirror-proxy-conf.sh" +fi + +cmd="oc adm release -a '${new_pull_secret}' mirror ${args[*]} | tee '${mirror_output}'" + +MAX_ATTEMPTS=5 +ATTEMPTS=0 +SUCCESS=false +while [ "${SUCCESS}" = false ] && (( ATTEMPTS++ < MAX_ATTEMPTS )); do + echo "Mirroring images attempt ${ATTEMPTS}/${MAX_ATTEMPTS}" + if run_command "$cmd"; then + echo "Mirroring images was successful in attempt $ATTEMPTS" + SUCCESS=true + else + echo "Mirroring images attempt $ATTEMPTS failed. Trying again..." + sleep 120 + fi +done + +if [ $SUCCESS = false ]; then + echo "Mirroring test images failed after $ATTEMPTS attempts, exiting ..." + exit 1 +fi + +line_num=$(grep -n "To use the new mirrored repository for upgrades" "${mirror_output}" | awk -F: '{print $1}') +install_end_line_num=$(expr ${line_num} - 3) && +upgrade_start_line_num=$(expr ${line_num} + 2) && +sed -n "/^${regex_keyword_1}/,${install_end_line_num}p" "${mirror_output}" > "${install_config_mirror_patch}" +sed -n "${upgrade_start_line_num},\$p" "${mirror_output}" > "${cluster_mirror_conf_file}" + +run_command "cat '${install_config_mirror_patch}'" +rm -f "${new_pull_secret}" diff --git a/ci-operator/step-registry/mirror-images/by-oc-adm-via-tunnel/mirror-images-by-oc-adm-via-tunnel-ref.metadata.json b/ci-operator/step-registry/mirror-images/by-oc-adm-via-tunnel/mirror-images-by-oc-adm-via-tunnel-ref.metadata.json new file mode 100644 index 0000000000000..966d90a4db35a --- /dev/null +++ b/ci-operator/step-registry/mirror-images/by-oc-adm-via-tunnel/mirror-images-by-oc-adm-via-tunnel-ref.metadata.json @@ -0,0 +1,11 @@ +{ + "path": "mirror-images/by-oc-adm-via-tunnel/mirror-images-by-oc-adm-via-tunnel-ref.yaml", + "owners": { + "approvers": [ + "patrickdillon", + "yunjiang29", + "jianlinliu", + "jinyunma" + ] + } +} \ No newline at end of file diff --git a/ci-operator/step-registry/mirror-images/by-oc-adm-via-tunnel/mirror-images-by-oc-adm-via-tunnel-ref.yaml b/ci-operator/step-registry/mirror-images/by-oc-adm-via-tunnel/mirror-images-by-oc-adm-via-tunnel-ref.yaml new file mode 100644 index 0000000000000..b9ba4c97f56ce --- /dev/null +++ b/ci-operator/step-registry/mirror-images/by-oc-adm-via-tunnel/mirror-images-by-oc-adm-via-tunnel-ref.yaml @@ -0,0 +1,33 @@ +ref: + as: mirror-images-by-oc-adm-via-tunnel + from: upi-installer + timeout: 4h0m0s + grace_period: 10m + commands: mirror-images-by-oc-adm-via-tunnel-commands.sh + resources: + requests: + cpu: 10m + memory: 100Mi + env: + - name: CUSTOM_OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE + default: "" + documentation: "Used to overwrite the OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE to a customized payload" + - name: MIRROR_BIN + default: "oc-adm" + - name: ENABLE_IDMS + default: "no" + documentation: Whether to print out IDMS, by default, it is ICSP + - name: MIRROR_IN_BASTION + default: "no" + credentials: + - namespace: test-credentials + name: openshift-custom-mirror-registry + mount_path: /var/run/vault/mirror-registry + dependencies: + - name: "release:latest" + env: OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE + documentation: |- + Mirror release image to local image registry via SSH tunnel. + When bastion_private_address exists in SHARED_DIR, establishes an SSH tunnel + (local port 5000 -> bastion port 5000) before mirroring. + This is needed when the CI pod cannot directly reach the bastion registry. diff --git a/ci-operator/step-registry/mirror-images/by-oc-image-in-bastion/OWNERS b/ci-operator/step-registry/mirror-images/by-oc-image-in-bastion/OWNERS new file mode 100644 index 0000000000000..ddf9fb55ee9ec --- /dev/null +++ b/ci-operator/step-registry/mirror-images/by-oc-image-in-bastion/OWNERS @@ -0,0 +1,5 @@ +approvers: +- patrickdillon +- yunjiang29 +- jianlinliu +- jinyunma diff --git a/ci-operator/step-registry/mirror-images/by-oc-image-in-bastion/mirror-images-by-oc-image-in-bastion-commands.sh b/ci-operator/step-registry/mirror-images/by-oc-image-in-bastion/mirror-images-by-oc-image-in-bastion-commands.sh new file mode 100755 index 0000000000000..dae6d3facd37c --- /dev/null +++ b/ci-operator/step-registry/mirror-images/by-oc-image-in-bastion/mirror-images-by-oc-image-in-bastion-commands.sh @@ -0,0 +1,139 @@ +#!/bin/bash + +set -o nounset +set -o errexit +set -o pipefail + +EXIT_CODE=100 +trap 'if [[ "$?" == 0 ]]; then EXIT_CODE=0; fi; echo "${EXIT_CODE}" > "${SHARED_DIR}/install-pre-config-status.txt"' EXIT TERM + +if [[ ! -f "${SHARED_DIR}/bastion_private_address" ]]; then + echo "bastion_private_address not found, skipping..." + exit 0 +fi + +# Ensure our UID is in /etc/passwd (required for SSH) +if ! whoami &> /dev/null; then + if [[ -w /etc/passwd ]]; then + echo "${USER_NAME:-default}:x:$(id -u):0:${USER_NAME:-default} user:${HOME}:/sbin/nologin" >> /etc/passwd + fi +fi + +BASTION_IP=$(< "${SHARED_DIR}/bastion_private_address") +if [[ -s "${SHARED_DIR}/bastion_public_address" ]]; then + BASTION_IP=$(< "${SHARED_DIR}/bastion_public_address") +fi +BASTION_SSH_USER=$(< "${SHARED_DIR}/bastion_ssh_user") +SSH_PRIV_KEY_PATH=${CLUSTER_PROFILE_DIR}/ssh-privatekey +SSH_OPTS="-o UserKnownHostsFile=/dev/null -o IdentityFile=${SSH_PRIV_KEY_PATH} -o StrictHostKeyChecking=no" + +MIRROR_REGISTRY_HOST=$(head -n 1 "${SHARED_DIR}/mirror_registry_url") +echo "MIRROR_REGISTRY_HOST: ${MIRROR_REGISTRY_HOST}" + +mirror_output="${SHARED_DIR}/mirror_output" +install_config_mirror_patch="${SHARED_DIR}/install-config-mirror.yaml.patch" +cluster_mirror_conf_file="${SHARED_DIR}/local_registry_mirror_file.yaml" + +# Set up env for oc commands +export HOME="${HOME:-/tmp/home}" +export XDG_RUNTIME_DIR="${HOME}/run" +export REGISTRY_AUTH_PREFERENCE=podman +mkdir -p "${XDG_RUNTIME_DIR}" +unset KUBECONFIG + +# Build pull secret with bastion registry credentials +new_pull_secret="/tmp/new_pull_secret" +registry_cred=$(head -n 1 "/var/run/vault/mirror-registry/registry_creds" | base64 -w 0) +jq --argjson a "{\"${MIRROR_REGISTRY_HOST}\": {\"auth\": \"$registry_cred\"}}" '.auths |= . + $a' "${CLUSTER_PROFILE_DIR}/pull-secret" > "${new_pull_secret}" + +# Login to CI registry (build02) and add its credentials to pull secret +# This is needed so bastion can pull the release image from the CI registry +oc registry login +oc registry login --to "${new_pull_secret}" + +# Copy pull secret with all credentials to bastion +scp ${SSH_OPTS} "${new_pull_secret}" ${BASTION_SSH_USER}@${BASTION_IP}:/tmp/pull_secret + +# Get readable version from CI pod +readable_version=$(oc adm release info "${OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE}" -o jsonpath='{.metadata.version}') +echo "readable_version: ${readable_version}" + +target_release_image="${MIRROR_REGISTRY_HOST}/${OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE#*/}" +target_release_image_repo="${target_release_image%:*}" +target_release_image_repo="${target_release_image_repo%@sha256*}" +target_release_image="${target_release_image_repo}:${readable_version}" +echo "target_release_image: ${target_release_image}" + +# Use bastion's squid proxy (127.0.0.1:3128) to access quay.io +# proxy_private_url format: http://user:pass@bastion_ip:3128 +# Replace bastion_ip with 127.0.0.1 since oc runs ON the bastion +PROXY_URL="" +if [[ -f "${SHARED_DIR}/proxy_private_url" ]]; then + PROXY_URL=$(cat "${SHARED_DIR}/proxy_private_url" | sed "s|@${BASTION_IP}:|@127.0.0.1:|") + # Verify squid is actually listening before using it + if ssh ${SSH_OPTS} ${BASTION_SSH_USER}@${BASTION_IP} "nc -z 127.0.0.1 3128 2>/dev/null"; then + echo "Using bastion squid proxy (credentials redacted)" + else + echo "Squid proxy not available, proceeding without proxy" + PROXY_URL="" + fi +fi + +# Mirror release images from bastion using oc adm release mirror + squid proxy +# Bastion can access CI registry (build02) directly (same VMC network) +# Bastion uses its own squid proxy (127.0.0.1:3128) to access quay.io +# NO_PROXY excludes CI registry so it's accessed directly without proxy +echo "Mirroring release payload from bastion..." +MAX_ATTEMPTS=3 +for attempt in $(seq 1 ${MAX_ATTEMPTS}); do + echo "Attempt ${attempt}/${MAX_ATTEMPTS}" + if ssh ${SSH_OPTS} ${BASTION_SSH_USER}@${BASTION_IP} \ + "HTTP_PROXY='${PROXY_URL}' HTTPS_PROXY='${PROXY_URL}' NO_PROXY='localhost,127.0.0.1,.vmc-ci.devcluster.openshift.com,registry.apps.build02.vmc.ci.openshift.org,.cloud-object-storage.appdomain.cloud,.s3.us-south.cloud-object-storage.appdomain.cloud' \ + oc adm release -a /tmp/pull_secret mirror \ + --from='${OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE}' \ + --to-release-image='${target_release_image}' \ + --to='${target_release_image_repo}' \ + --insecure=true --keep-manifest-list=true" | tee /tmp/mirror_output_raw 2>&1; then + echo "Mirror succeeded." + break + fi + if [[ ${attempt} -eq ${MAX_ATTEMPTS} ]]; then + echo "Mirror failed after ${MAX_ATTEMPTS} attempts." + exit 1 + fi + sleep 30 +done + +# Extract imageDigestSources section for install-config patch +grep -A 1000 "^imageDigestSources:" /tmp/mirror_output_raw | \ + grep -B 1000 "^$\|^To use" | grep -v "^$\|^To use" > "${install_config_mirror_patch}" || true + +if [[ ! -s "${install_config_mirror_patch}" ]]; then + # Fallback: generate minimal IDMS manually + cat > "${install_config_mirror_patch}" << EOF +imageDigestSources: +- mirrors: + - ${target_release_image_repo} + source: quay.io/openshift-release-dev/ocp-release +- mirrors: + - ${target_release_image_repo} + source: quay.io/openshift-release-dev/ocp-v4.0-art-dev +EOF +fi + +echo "Generated install-config-mirror.yaml.patch:" +cat "${install_config_mirror_patch}" + +# Generate cluster mirror conf for upgrades +cat > "${cluster_mirror_conf_file}" << EOF +imageContentSources: +- mirrors: + - ${target_release_image_repo} + source: quay.io/openshift-release-dev/ocp-release +- mirrors: + - ${target_release_image_repo} + source: quay.io/openshift-release-dev/ocp-v4.0-art-dev +EOF + +cp /tmp/mirror_output_raw "${mirror_output}" || true +rm -f "${new_pull_secret}" diff --git a/ci-operator/step-registry/mirror-images/by-oc-image-in-bastion/mirror-images-by-oc-image-in-bastion-ref.metadata.json b/ci-operator/step-registry/mirror-images/by-oc-image-in-bastion/mirror-images-by-oc-image-in-bastion-ref.metadata.json new file mode 100644 index 0000000000000..a2e619f96f11b --- /dev/null +++ b/ci-operator/step-registry/mirror-images/by-oc-image-in-bastion/mirror-images-by-oc-image-in-bastion-ref.metadata.json @@ -0,0 +1,11 @@ +{ + "path": "mirror-images/by-oc-image-in-bastion/mirror-images-by-oc-image-in-bastion-ref.yaml", + "owners": { + "approvers": [ + "patrickdillon", + "yunjiang29", + "jianlinliu", + "jinyunma" + ] + } +} \ No newline at end of file diff --git a/ci-operator/step-registry/mirror-images/by-oc-image-in-bastion/mirror-images-by-oc-image-in-bastion-ref.yaml b/ci-operator/step-registry/mirror-images/by-oc-image-in-bastion/mirror-images-by-oc-image-in-bastion-ref.yaml new file mode 100644 index 0000000000000..e4e7aac02c391 --- /dev/null +++ b/ci-operator/step-registry/mirror-images/by-oc-image-in-bastion/mirror-images-by-oc-image-in-bastion-ref.yaml @@ -0,0 +1,23 @@ +ref: + as: mirror-images-by-oc-image-in-bastion + from: upi-installer + timeout: 2h0m0s + grace_period: 10m + commands: mirror-images-by-oc-image-in-bastion-commands.sh + resources: + requests: + cpu: 10m + memory: 100Mi + credentials: + - namespace: test-credentials + name: openshift-custom-mirror-registry + mount_path: /var/run/vault/mirror-registry + dependencies: + - name: "release:latest" + env: OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE + documentation: |- + Mirror only the CI release payload to bastion registry using oc image mirror (SSH into bastion). + Unlike oc adm release mirror, this only mirrors the CI-internal release manifest (not quay.io components). + quay.io components are handled via pull-through cache (bastion:6001) at cluster runtime. + This works in vsphere-dis-2 where: CI pod cannot reach bastion:5000, but bastion can access + CI registry (build02) and its own localhost:5000. diff --git a/ci-operator/step-registry/vsphere/deprovision/customized-resourcepool-check/vsphere-deprovision-customized-resourcepool-check-commands.sh b/ci-operator/step-registry/vsphere/deprovision/customized-resourcepool-check/vsphere-deprovision-customized-resourcepool-check-commands.sh index 21e5ea2dd5cf5..7a7b91b4cb8a2 100644 --- a/ci-operator/step-registry/vsphere/deprovision/customized-resourcepool-check/vsphere-deprovision-customized-resourcepool-check-commands.sh +++ b/ci-operator/step-registry/vsphere/deprovision/customized-resourcepool-check/vsphere-deprovision-customized-resourcepool-check-commands.sh @@ -3,6 +3,10 @@ set -o errexit set -o nounset set -o pipefail # shellcheck source=/dev/null +if [[ ! -f "${SHARED_DIR}/metadata.json" ]]; then + echo "metadata.json not found, cluster was not installed, skipping..." + exit 0 +fi source "${SHARED_DIR}/govc.sh" unset SSL_CERT_FILE unset GOVC_TLS_CA_CERTS