Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(RELEASE-1389): update-fbc-catalog need publishingCredentials #794

Open
wants to merge 3 commits into
base: development
Choose a base branch
from

Conversation

theflockers
Copy link
Contributor

this PR adds the publishingCredentials parameter to the update-fbc-catalog pipeline and tasks that is
required to fetch the targetIndex config.

Describe your changes

Relevant Jira

Checklist before requesting a review

  • I have marked as draft or added do not merge label if there's a dependency PR
    • If you want reviews on your draft PR, you can add reviewers or add the release-service-maintainers handle if you are unsure who to tag
  • My commit message includes Signed-off-by: My name <email>
  • I have bumped the task/pipeline version string and updated changelog in the relevant README
  • I read CONTRIBUTING.MD and commit formatting

Copy link

openshift-ci bot commented Jan 29, 2025

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@theflockers
Copy link
Contributor Author

should be done in the publishing itself to not break stage fbc builds.

@theflockers
Copy link
Contributor Author

reopening. It can only be done here due to the fact it should interfere wather IIB should be called or not.

@theflockers theflockers reopened this Jan 29, 2025
@theflockers theflockers force-pushed the task-needs-publishing-creds branch 2 times, most recently from 3361cc9 to bf44073 Compare January 30, 2025 09:36
@theflockers theflockers marked this pull request as ready for review January 30, 2025 10:19
@theflockers theflockers requested a review from a team as a code owner January 30, 2025 10:19
@theflockers
Copy link
Contributor Author

/ok-to-test

@theflockers theflockers requested a review from mmalina January 30, 2025 13:23
@theflockers theflockers changed the title fix: update-fbc-catalog need publishingCredentials fix(RELEASE-1389): update-fbc-catalog need publishingCredentials Jan 30, 2025
this PR adds the publishingCredentials parameter to
the update-fbc-catalog pipeline and tasks that is
required to fetch the targetIndex config.

Signed-off-by: Leandro Mendes <[email protected]>
- text comment
- parameter default
- using jq -n
- README

Signed-off-by: Leandro Mendes <[email protected]>
@theflockers theflockers force-pushed the task-needs-publishing-creds branch from 15cec37 to 450e423 Compare January 30, 2025 13:27
@theflockers
Copy link
Contributor Author

/retest

1 similar comment
@theflockers
Copy link
Contributor Author

/retest

mmalina
mmalina previously approved these changes Jan 30, 2025
Signed-off-by: Leandro Mendes <[email protected]>
@openshift-ci openshift-ci bot removed the lgtm label Jan 30, 2025
@openshift-ci openshift-ci bot added the lgtm label Jan 30, 2025
@@ -91,6 +91,7 @@ spec:
else
iib_service_account_secret="iib-service-account-prod"
fi
publishing_credentials=$(jq -r '.fbc.publishingCredentials // "catalog-publishing-secret"' "$DATA_FILE")
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is fine, but I think it is kind of weird having the default in both here and the internal pipeline parameter default. The pipeline default won't matter, only this one will, but still a little confusing if they get out of sync. Maybe remove the default in one of the two spots?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The thing is that the default in the other place won't really work without extra work here (checking for null or empty) - if you just remove this default here (which I suggested adding), then you would default to "null". So yeah, I'd just remove the default in the pipeline.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1, I think removing from the pipeline is better anyway

@konflux-ci-qe-bot
Copy link

@theflockers: The following test has Failed, say /retest to rerun failed tests.

PipelineRun Name Status Rerun command Build Log Test Log
konflux-e2e-tests-catalog-4lclf Failed /retest View Pipeline Log View Test Logs

Inspecting Test Artifacts

To inspect your test artifacts, follow these steps:

  1. Install ORAS (see the ORAS installation guide).
  2. Download artifacts with the following commands:
mkdir -p oras-artifacts
cd oras-artifacts
oras pull quay.io/konflux-test-storage/konflux-team/release-service-catalog:konflux-e2e-tests-catalog-4lclf

Test results analysis

🚨 Failed to provision a cluster, see the log for more details:

Click to view logs
INFO: Log in to your Red Hat account...
INFO: Configure AWS Credentials...
WARN: The current version (1.2.47) is not up to date with latest rosa cli released version (1.2.49).
WARN: It is recommended that you update to the latest version.
INFO: Logged in as 'konflux-ci-418295695583' on 'https://api.openshift.com'
INFO: Create ROSA with HCP cluster...
WARN: The current version (1.2.47) is not up to date with latest rosa cli released version (1.2.49).
WARN: It is recommended that you update to the latest version.
INFO: Creating cluster 'kx-090314d8d2'
INFO: To view a list of clusters and their status, run 'rosa list clusters'
INFO: Cluster 'kx-090314d8d2' has been created.
INFO: Once the cluster is installed you will need to add an Identity Provider before you can login into the cluster. See 'rosa create idp --help' for more information.

Name: kx-090314d8d2
Domain Prefix: kx-090314d8d2
Display Name: kx-090314d8d2
ID: 2gkkbsd4vt1c1fa7ome2mae3a1nm4kfb
External ID: c57338cc-4f68-4475-9b4d-c9e3a5bbd506
Control Plane: ROSA Service Hosted
OpenShift Version: 4.15.43
Channel Group: stable
DNS: Not ready
AWS Account: 418295695583
AWS Billing Account: 418295695583
API URL:
Console URL:
Region: us-east-1
Availability:

  • Control Plane: MultiAZ
  • Data Plane: SingleAZ

Nodes:

  • Compute (desired): 3
  • Compute (current): 0
    Network:
  • Type: OVNKubernetes
  • Service CIDR: 172.30.0.0/16
  • Machine CIDR: 10.0.0.0/16
  • Pod CIDR: 10.128.0.0/14
  • Host Prefix: /23
  • Subnets: subnet-05b9daa0609597f68, subnet-04cf6376374bf9e09
    EC2 Metadata Http Tokens: optional
    Role (STS) ARN: arn:aws:iam::418295695583:role/ManagedOpenShift-HCP-ROSA-Installer-Role
    Support Role ARN: arn:aws:iam::418295695583:role/ManagedOpenShift-HCP-ROSA-Support-Role
    Instance IAM Roles:
  • Worker: arn:aws:iam::418295695583:role/ManagedOpenShift-HCP-ROSA-Worker-Role
    Operator IAM Roles:
  • arn:aws:iam::418295695583:role/rosa-hcp-openshift-cluster-csi-drivers-ebs-cloud-credentials
  • arn:aws:iam::418295695583:role/rosa-hcp-openshift-cloud-network-config-controller-cloud-credent
  • arn:aws:iam::418295695583:role/rosa-hcp-kube-system-control-plane-operator
  • arn:aws:iam::418295695583:role/rosa-hcp-kube-system-kms-provider
  • arn:aws:iam::418295695583:role/rosa-hcp-kube-system-kube-controller-manager
  • arn:aws:iam::418295695583:role/rosa-hcp-kube-system-capa-controller-manager
  • arn:aws:iam::418295695583:role/rosa-hcp-openshift-image-registry-installer-cloud-credentials
  • arn:aws:iam::418295695583:role/rosa-hcp-openshift-ingress-operator-cloud-credentials
    Managed Policies: Yes
    State: waiting (Waiting for user action)
    Private: No
    Delete Protection: Disabled
    Created: Jan 30 2025 15:00:06 UTC
    User Workload Monitoring: Enabled
    Details Page: https://console.redhat.com/openshift/details/s/2sLyZiyGyP20ebsWVAuh4GYgL4W
    OIDC Endpoint URL: https://oidc.op1.openshiftapps.com/2du11g36ejmoo4624pofphlrgf4r9tf3 (Managed)
    Etcd Encryption: Disabled
    Audit Log Forwarding: Disabled
    External Authentication: Disabled
    Zero Egress: Disabled

INFO: Preparing to create operator roles.
INFO: Operator Roles already exists
INFO: Preparing to create OIDC Provider.
INFO: OIDC provider already exists
INFO: To determine when your cluster is Ready, run 'rosa describe cluster -c kx-090314d8d2'.
INFO: To watch your cluster installation logs, run 'rosa logs install -c kx-090314d8d2 --watch'.
INFO: Track the progress of the cluster creation...
WARN: The current version (1.2.47) is not up to date with latest rosa cli released version (1.2.49).
WARN: It is recommended that you update to the latest version.
�[0;33mW:�[m Region flag will be removed from this command in future versions
INFO: Cluster 'kx-090314d8d2' is in waiting state waiting for installation to begin. Logs will show up within 5 minutes
0001-01-01 00:00:00 +0000 UTC hostedclusters kx-090314d8d2 Version
2025-01-30 15:03:33 +0000 UTC hostedclusters kx-090314d8d2 ValidAWSIdentityProvider StatusUnknown
2025-01-30 15:03:40 +0000 UTC hostedclusters kx-090314d8d2 Condition not found in the CVO.
2025-01-30 15:03:40 +0000 UTC hostedclusters kx-090314d8d2 Condition not found in the CVO.
2025-01-30 15:03:40 +0000 UTC hostedclusters kx-090314d8d2 The hosted control plane is not found
2025-01-30 15:03:40 +0000 UTC hostedclusters kx-090314d8d2 The hosted control plane is not found
2025-01-30 15:03:40 +0000 UTC hostedclusters kx-090314d8d2 The hosted control plane is not found
2025-01-30 15:03:40 +0000 UTC hostedclusters kx-090314d8d2 The hosted control plane is not found
2025-01-30 15:03:40 +0000 UTC hostedclusters kx-090314d8d2 The hosted control plane is not found
2025-01-30 15:03:40 +0000 UTC hostedclusters kx-090314d8d2 Condition not found in the CVO.
2025-01-30 15:03:40 +0000 UTC hostedclusters kx-090314d8d2 Waiting for hosted control plane to be healthy
2025-01-30 15:03:40 +0000 UTC hostedclusters kx-090314d8d2 Condition not found in the CVO.
2025-01-30 15:03:40 +0000 UTC hostedclusters kx-090314d8d2 Condition not found in the CVO.
2025-01-30 15:03:40 +0000 UTC hostedclusters kx-090314d8d2 The hosted control plane is not found
2025-01-30 15:03:40 +0000 UTC hostedclusters kx-090314d8d2 Ignition server deployment not found
2025-01-30 15:03:40 +0000 UTC hostedclusters kx-090314d8d2 Configuration passes validation
2025-01-30 15:03:40 +0000 UTC hostedclusters kx-090314d8d2 HostedCluster is supported by operator configuration
2025-01-30 15:03:40 +0000 UTC hostedclusters kx-090314d8d2 Release image is valid
2025-01-30 15:03:40 +0000 UTC hostedclusters kx-090314d8d2 The hosted control plane is not found
2025-01-30 15:03:40 +0000 UTC hostedclusters kx-090314d8d2 Reconciliation active on resource
2025-01-30 15:03:41 +0000 UTC hostedclusters kx-090314d8d2 HostedCluster is at expected version
2025-01-30 15:03:42 +0000 UTC hostedclusters kx-090314d8d2 Required platform credentials are found
2025-01-30 15:03:42 +0000 UTC hostedclusters kx-090314d8d2 failed to get referenced secret ocm-production-2gkkbsd4vt1c1fa7ome2mae3a1nm4kfb/cluster-api-cert: Secret "cluster-api-cert" not found
0001-01-01 00:00:00 +0000 UTC hostedclusters kx-090314d8d2 Version
2025-01-30 15:03:40 +0000 UTC hostedclusters kx-090314d8d2 Release image is valid
2025-01-30 15:03:40 +0000 UTC hostedclusters kx-090314d8d2 Ignition server deployment not found
2025-01-30 15:03:40 +0000 UTC hostedclusters kx-090314d8d2 Condition not found in the CVO.
2025-01-30 15:03:40 +0000 UTC hostedclusters kx-090314d8d2 Condition not found in the CVO.
2025-01-30 15:03:40 +0000 UTC hostedclusters kx-090314d8d2 Waiting for hosted control plane kubeconfig to be created
2025-01-30 15:03:40 +0000 UTC hostedclusters kx-090314d8d2 HostedCluster is supported by operator configuration
2025-01-30 15:03:40 +0000 UTC hostedclusters kx-090314d8d2 Condition not found in the CVO.
2025-01-30 15:03:40 +0000 UTC hostedclusters kx-090314d8d2 Condition not found in the CVO.
2025-01-30 15:03:40 +0000 UTC hostedclusters kx-090314d8d2 Condition not found in the CVO.
2025-01-30 15:03:40 +0000 UTC hostedclusters kx-090314d8d2 Reconciliation active on resource
2025-01-30 15:03:40 +0000 UTC hostedclusters kx-090314d8d2 Configuration passes validation
2025-01-30 15:03:41 +0000 UTC hostedclusters kx-090314d8d2 HostedCluster is at expected version
2025-01-30 15:03:42 +0000 UTC hostedclusters kx-090314d8d2 Required platform credentials are found
2025-01-30 15:05:23 +0000 UTC hostedclusters kx-090314d8d2 OIDC configuration is valid
2025-01-30 15:05:23 +0000 UTC hostedclusters kx-090314d8d2 Reconciliation completed successfully
2025-01-30 15:05:25 +0000 UTC hostedclusters kx-090314d8d2 WebIdentityErr
2025-01-30 15:05:26 +0000 UTC hostedclusters kx-090314d8d2 All is well
2025-01-30 15:05:26 +0000 UTC hostedclusters kx-090314d8d2 lookup api.kx-090314d8d2.zvgt.p3.openshiftapps.com on 172.30.0.10:53: no such host
2025-01-30 15:05:26 +0000 UTC hostedclusters kx-090314d8d2 capi-provider deployment has 1 unavailable replicas
2025-01-30 15:05:26 +0000 UTC hostedclusters kx-090314d8d2 Configuration passes validation
2025-01-30 15:05:26 +0000 UTC hostedclusters kx-090314d8d2 AWS KMS is not configured
2025-01-30 15:05:26 +0000 UTC hostedclusters kx-090314d8d2 Waiting for etcd to reach quorum
2025-01-30 15:05:26 +0000 UTC hostedclusters kx-090314d8d2 Kube APIServer deployment not found
2025-01-30 15:05:35 +0000 UTC hostedclusters kx-090314d8d2 All is well
2025-01-30 15:06:17 +0000 UTC hostedclusters kx-090314d8d2 EtcdAvailable QuorumAvailable
2025-01-30 15:07:25 +0000 UTC hostedclusters kx-090314d8d2 Kube APIServer deployment is available
2025-01-30 15:07:35 +0000 UTC hostedclusters kx-090314d8d2 All is well
2025-01-30 15:07:46 +0000 UTC hostedclusters kx-090314d8d2 The hosted cluster is not degraded
0001-01-01 00:00:00 +0000 UTC hostedclusters kx-090314d8d2 Version
2025-01-30 15:03:40 +0000 UTC hostedclusters kx-090314d8d2 Release image is valid
2025-01-30 15:03:40 +0000 UTC hostedclusters kx-090314d8d2 Configuration passes validation
2025-01-30 15:03:40 +0000 UTC hostedclusters kx-090314d8d2 Condition not found in the CVO.
2025-01-30 15:03:40 +0000 UTC hostedclusters kx-090314d8d2 Condition not found in the CVO.
2025-01-30 15:03:40 +0000 UTC hostedclusters kx-090314d8d2 Ignition server deployment is not yet available
2025-01-30 15:03:40 +0000 UTC hostedclusters kx-090314d8d2 Condition not found in the CVO.
2025-01-30 15:03:40 +0000 UTC hostedclusters kx-090314d8d2 Reconciliation active on resource
2025-01-30 15:03:40 +0000 UTC hostedclusters kx-090314d8d2 HostedCluster is supported by operator configuration
2025-01-30 15:03:40 +0000 UTC hostedclusters kx-090314d8d2 Condition not found in the CVO.
2025-01-30 15:03:40 +0000 UTC hostedclusters kx-090314d8d2 Condition not found in the CVO.
2025-01-30 15:03:41 +0000 UTC hostedclusters kx-090314d8d2 HostedCluster is at expected version
2025-01-30 15:03:42 +0000 UTC hostedclusters kx-090314d8d2 Required platform credentials are found
2025-01-30 15:05:23 +0000 UTC hostedclusters kx-090314d8d2 Reconciliation completed successfully
2025-01-30 15:05:23 +0000 UTC hostedclusters kx-090314d8d2 OIDC configuration is valid
2025-01-30 15:05:26 +0000 UTC hostedclusters kx-090314d8d2 AWS KMS is not configured
2025-01-30 15:05:26 +0000 UTC hostedclusters kx-090314d8d2 All is well
2025-01-30 15:05:26 +0000 UTC hostedclusters kx-090314d8d2 lookup api.kx-090314d8d2.zvgt.p3.openshiftapps.com on 172.30.0.10:53: no such host
2025-01-30 15:05:26 +0000 UTC hostedclusters kx-090314d8d2 Configuration passes validation
2025-01-30 15:05:35 +0000 UTC hostedclusters kx-090314d8d2 All is well
2025-01-30 15:06:17 +0000 UTC hostedclusters kx-090314d8d2 EtcdAvailable QuorumAvailable
2025-01-30 15:07:25 +0000 UTC hostedclusters kx-090314d8d2 Kube APIServer deployment is available
2025-01-30 15:07:35 +0000 UTC hostedclusters kx-090314d8d2 All is well
2025-01-30 15:07:57 +0000 UTC hostedclusters kx-090314d8d2 [catalog-operator deployment has 1 unavailable replicas, certified-operators-catalog deployment has 2 unavailable replicas, cloud-credential-operator deployment has 1 unavailable replicas, cluster-network-operator deployment has 1 unavailable replicas, cluster-storage-operator deployment has 1 unavailable replicas, community-operators-catalog deployment has 2 unavailable replicas, csi-snapshot-controller-operator deployment has 1 unavailable replicas, dns-operator deployment has 1 unavailable replicas, hosted-cluster-config-operator deployment has 1 unavailable replicas, ignition-server deployment has 3 unavailable replicas, ingress-operator deployment has 1 unavailable replicas, olm-operator deployment has 1 unavailable replicas, packageserver deployment has 3 unavailable replicas, redhat-marketplace-catalog deployment has 2 unavailable replicas, redhat-operators-catalog deployment has 2 unavailable replicas, router deployment has 1 unavailable replicas]
2025-01-30 15:08:22 +0000 UTC hostedclusters kx-090314d8d2 The hosted control plane is available
INFO: Cluster 'kx-090314d8d2' is now ready
INFO: ROSA with HCP cluster is ready, create a cluster admin account for accessing the cluster
WARN: The current version (1.2.47) is not up to date with latest rosa cli released version (1.2.49).
WARN: It is recommended that you update to the latest version.
INFO: Storing login command...
INFO: Check if it's able to login to OCP cluster...
Retried 1 times...
Retried 2 times...
Retried 3 times...
INFO: Check if apiserver is ready...
[INFO] Checking cluster operators' status...
[INFO] Attempt 1/10
NAME VERSION AVAILABLE PROGRESSING DEGRADED SINCE MESSAGE
console
csi-snapshot-controller 4.15.43 True False False 4m26s
dns 4.15.43 False True True 4m28s DNS "default" is unavailable.
image-registry False True True 3m34s Available: The deployment does not have available replicas...
ingress False True True 3m52s The "default" ingress controller reports Available=False: IngressControllerUnavailable: One or more status conditions indicate unavailable: DeploymentAvailable=False (DeploymentUnavailable: The deployment has Available status condition set to False (reason: MinimumReplicasUnavailable) with message: Deployment does not have minimum availability.)
insights
kube-apiserver 4.15.43 True False False 4m17s
kube-controller-manager 4.15.43 True False False 4m17s
kube-scheduler 4.15.43 True False False 4m17s
kube-storage-version-migrator
monitoring
network 4.15.43 True True False 3m56s DaemonSet "/openshift-multus/multus" is not available (awaiting 2 nodes)...
node-tuning False True False 4m4s DaemonSet "tuned" has no available Pod(s)
openshift-apiserver 4.15.43 True False False 4m17s
openshift-controller-manager 4.15.43 True False False 4m17s
openshift-samples
operator-lifecycle-manager 4.15.43 True False False 4m9s
operator-lifecycle-manager-catalog 4.15.43 True False False 4m18s
operator-lifecycle-manager-packageserver 4.15.43 True False False 4m16s
service-ca
storage 4.15.43 False True False 4m16s AWSEBSCSIDriverOperatorCRAvailable: AWSEBSDriverNodeServiceControllerAvailable: Waiting for the DaemonSet to deploy the CSI Node Service
[INFO] Cluster operators are accessible.
[INFO] Waiting for cluster operators to be in 'Progressing=false' state...
clusteroperator.config.openshift.io/console condition met
clusteroperator.config.openshift.io/csi-snapshot-controller condition met
clusteroperator.config.openshift.io/dns condition met
clusteroperator.config.openshift.io/image-registry condition met
clusteroperator.config.openshift.io/ingress condition met
clusteroperator.config.openshift.io/insights condition met
clusteroperator.config.openshift.io/kube-apiserver condition met
clusteroperator.config.openshift.io/kube-controller-manager condition met
clusteroperator.config.openshift.io/kube-scheduler condition met
clusteroperator.config.openshift.io/kube-storage-version-migrator condition met
clusteroperator.config.openshift.io/monitoring condition met
clusteroperator.config.openshift.io/network condition met
clusteroperator.config.openshift.io/node-tuning condition met
clusteroperator.config.openshift.io/openshift-apiserver condition met
clusteroperator.config.openshift.io/openshift-controller-manager condition met
clusteroperator.config.openshift.io/openshift-samples condition met
clusteroperator.config.openshift.io/operator-lifecycle-manager condition met
clusteroperator.config.openshift.io/operator-lifecycle-manager-catalog condition met
clusteroperator.config.openshift.io/operator-lifecycle-manager-packageserver condition met
clusteroperator.config.openshift.io/service-ca condition met
clusteroperator.config.openshift.io/storage condition met


Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants