Add support for creating arm machine on GCP

openshift · Feb 6, 2025 · 59c874d · 59c874d
1 parent 2c07017
commit 59c874d
Show file tree

Hide file tree

Showing 24 changed files with 481 additions and 0 deletions.
diff --git a/ci-operator/config/crc-org/snc/crc-org-snc-master.yaml b/ci-operator/config/crc-org/snc/crc-org-snc-master.yaml
@@ -41,6 +41,11 @@ tests:
   steps:
     cluster_profile: gcp
     workflow: code-ready-snc-microshift
+- as: e2e-microshift-arm
+  cluster: build01
+  steps:
+    cluster_profile: gcp
+    workflow: code-ready-snc-microshift-arm
 zz_generated_metadata:
   branch: master
   org: crc-org

diff --git a/ci-operator/jobs/crc-org/snc/crc-org-snc-master-presubmits.yaml b/ci-operator/jobs/crc-org/snc/crc-org-snc-master-presubmits.yaml
@@ -75,6 +75,81 @@ presubmits:
         secret:
           secretName: result-aggregator
     trigger: (?m)^/test( | .* )e2e-microshift,?($|\s.*)
+  - agent: kubernetes
+    always_run: true
+    branches:
+    - ^master$
+    - ^master-
+    cluster: build01
+    context: ci/prow/e2e-microshift-arm
+    decorate: true
+    decoration_config:
+      skip_cloning: true
+    labels:
+      ci-operator.openshift.io/cloud: gcp
+      ci-operator.openshift.io/cloud-cluster-profile: gcp
+      ci-operator.openshift.io/cluster: build01
+      ci.openshift.io/generator: prowgen
+      pj-rehearse.openshift.io/can-be-rehearsed: "true"
+    name: pull-ci-crc-org-snc-master-e2e-microshift-arm
+    rerun_command: /test e2e-microshift-arm
+    spec:
+      containers:
+      - args:
+        - --gcs-upload-secret=/secrets/gcs/service-account.json
+        - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson
+        - --lease-server-credentials-file=/etc/boskos/credentials
+        - --report-credentials-file=/etc/report/credentials
+        - --secret-dir=/secrets/ci-pull-credentials
+        - --target=e2e-microshift-arm
+        command:
+        - ci-operator
+        image: ci-operator:latest
+        imagePullPolicy: Always
+        name: ""
+        resources:
+          requests:
+            cpu: 10m
+        volumeMounts:
+        - mountPath: /etc/boskos
+          name: boskos
+          readOnly: true
+        - mountPath: /secrets/ci-pull-credentials
+          name: ci-pull-credentials
+          readOnly: true
+        - mountPath: /secrets/gcs
+          name: gcs-credentials
+          readOnly: true
+        - mountPath: /secrets/manifest-tool
+          name: manifest-tool-local-pusher
+          readOnly: true
+        - mountPath: /etc/pull-secret
+          name: pull-secret
+          readOnly: true
+        - mountPath: /etc/report
+          name: result-aggregator
+          readOnly: true
+      serviceAccountName: ci-operator
+      volumes:
+      - name: boskos
+        secret:
+          items:
+          - key: credentials
+            path: credentials
+          secretName: boskos-credentials
+      - name: ci-pull-credentials
+        secret:
+          secretName: ci-pull-credentials
+      - name: manifest-tool-local-pusher
+        secret:
+          secretName: manifest-tool-local-pusher
+      - name: pull-secret
+        secret:
+          secretName: registry-pull-credentials
+      - name: result-aggregator
+        secret:
+          secretName: result-aggregator
+    trigger: (?m)^/test( | .* )e2e-microshift-arm,?($|\s.*)
   - agent: kubernetes
     always_run: true
     branches:

diff --git a/ci-operator/step-registry/code-ready/snc/microshift-arm/OWNERS b/ci-operator/step-registry/code-ready/snc/microshift-arm/OWNERS
@@ -0,0 +1,8 @@
+approvers:
+  - praveenkumar
+  - cfergeau
+  - gbraad
+reviewers:
+  - praveenkumar
+  - cfergeau
+  - gbraad
diff --git a/...gistry/code-ready/snc/microshift-arm/code-ready-snc-microshift-arm-workflow.metadata.json b/...gistry/code-ready/snc/microshift-arm/code-ready-snc-microshift-arm-workflow.metadata.json
@@ -0,0 +1,15 @@
+{
+	"path": "code-ready/snc/microshift-arm/code-ready-snc-microshift-arm-workflow.yaml",
+	"owners": {
+		"approvers": [
+			"praveenkumar",
+			"cfergeau",
+			"gbraad"
+		],
+		"reviewers": [
+			"praveenkumar",
+			"cfergeau",
+			"gbraad"
+		]
+	}
+}
diff --git a/...r/step-registry/code-ready/snc/microshift-arm/code-ready-snc-microshift-arm-workflow.yaml b/...r/step-registry/code-ready/snc/microshift-arm/code-ready-snc-microshift-arm-workflow.yaml
@@ -0,0 +1,13 @@
+workflow:
+  as: code-ready-snc-microshift-arm
+  steps:
+    pre:
+      - chain: upi-gcp-arm-pre
+      - ref: code-ready-snc-subscription
+    test:
+      - ref: code-ready-snc-microshift-arm-test
+    post:
+      - ref: gather-snc
+      - chain: upi-gcp-arm-post
+  documentation: |-
+    The snc E2E workflow executes the common end-to-end test suite for snc with a GCP arm cluster configuration.
diff --git a/ci-operator/step-registry/code-ready/snc/microshift-arm/test/OWNERS b/ci-operator/step-registry/code-ready/snc/microshift-arm/test/OWNERS
@@ -0,0 +1,8 @@
+approvers:
+  - praveenkumar
+  - cfergeau
+  - gbraad
+reviewers:
+  - praveenkumar
+  - cfergeau
+  - gbraad
diff --git a/...egistry/code-ready/snc/microshift-arm/test/code-ready-snc-microshift-arm-test-commands.sh b/...egistry/code-ready/snc/microshift-arm/test/code-ready-snc-microshift-arm-test-commands.sh
@@ -0,0 +1,80 @@
+#!/bin/bash
+set -euo pipefail
+
+trap 'CHILDREN=$(jobs -p); if test -n "${CHILDREN}"; then kill ${CHILDREN} && wait; fi' TERM
+
+GOOGLE_PROJECT_ID="$(< ${CLUSTER_PROFILE_DIR}/openshift_gcp_project)"
+GOOGLE_COMPUTE_REGION="${LEASED_RESOURCE}"
+GOOGLE_COMPUTE_ZONE="$(< ${SHARED_DIR}/openshift_gcp_compute_zone)"
+if [[ -z "${GOOGLE_COMPUTE_ZONE}" ]]; then
+  echo "Expected \${SHARED_DIR}/openshift_gcp_compute_zone to contain the GCP zone"
+  exit 1
+fi
+
+INSTANCE_PREFIX="${NAMESPACE}"-"${JOB_NAME_HASH}"
+
+mkdir -p "${HOME}"/.ssh
+mock-nss.sh
+
+# gcloud compute will use this key rather than create a new one
+cp "${CLUSTER_PROFILE_DIR}"/ssh-privatekey "${HOME}"/.ssh/google_compute_engine
+chmod 0600 "${HOME}"/.ssh/google_compute_engine
+cp "${CLUSTER_PROFILE_DIR}"/ssh-publickey "${HOME}"/.ssh/google_compute_engine.pub
+echo 'ServerAliveInterval 30' | tee -a "${HOME}"/.ssh/config
+echo 'ServerAliveCountMax 1200' | tee -a "${HOME}"/.ssh/config
+chmod 0600 "${HOME}"/.ssh/config
+
+# Copy pull secret to user home
+cp "${CLUSTER_PROFILE_DIR}"/pull-secret "${HOME}"/pull-secret
+
+gcloud auth activate-service-account --quiet --key-file "${CLUSTER_PROFILE_DIR}"/gce.json
+gcloud --quiet config set project "${GOOGLE_PROJECT_ID}"
+gcloud --quiet config set compute/zone "${GOOGLE_COMPUTE_ZONE}"
+gcloud --quiet config set compute/region "${GOOGLE_COMPUTE_REGION}"
+
+cat > "${HOME}"/run-tests.sh << 'EOF'
+#!/bin/bash
+
+set -euo pipefail
+export PATH=/home/packer:$PATH
+
+function run-tests() {
+  pushd snc
+  set -e
+  export OPENSHIFT_PULL_SECRET_PATH="${HOME}"/pull-secret
+  ./ci_microshift.sh
+  popd
+}
+
+run-tests
+EOF
+
+chmod +x "${HOME}"/run-tests.sh
+
+LD_PRELOAD=/usr/lib64/libnss_wrapper.so gcloud compute scp \
+  --quiet \
+  --project "${GOOGLE_PROJECT_ID}" \
+  --zone "${GOOGLE_COMPUTE_ZONE}" \
+  --recurse "${HOME}"/run-tests.sh packer@"${INSTANCE_PREFIX}":~/run-tests.sh
+
+LD_PRELOAD=/usr/lib64/libnss_wrapper.so gcloud compute scp \
+  --quiet \
+  --project "${GOOGLE_PROJECT_ID}" \
+  --zone "${GOOGLE_COMPUTE_ZONE}" \
+  --recurse "${HOME}"/pull-secret packer@"${INSTANCE_PREFIX}":~/pull-secret
+
+LD_PRELOAD=/usr/lib64/libnss_wrapper.so gcloud compute scp \
+  --quiet \
+  --project "${GOOGLE_PROJECT_ID}" \
+  --zone "${GOOGLE_COMPUTE_ZONE}" \
+  --recurse /opt/snc packer@"${INSTANCE_PREFIX}":~/snc
+
+LD_PRELOAD=/usr/lib64/libnss_wrapper.so gcloud compute --project "${GOOGLE_PROJECT_ID}" ssh \
+  --zone "${GOOGLE_COMPUTE_ZONE}" \
+  packer@"${INSTANCE_PREFIX}" \
+  --command 'sudo yum install -y unzip'
+
+LD_PRELOAD=/usr/lib64/libnss_wrapper.so gcloud compute --project "${GOOGLE_PROJECT_ID}" ssh \
+  --zone "${GOOGLE_COMPUTE_ZONE}" \
+  packer@"${INSTANCE_PREFIX}" \
+  --command "export PULL_NUMBER=${PULL_NUMBER} && timeout 360m bash -ce \"/home/packer/run-tests.sh\""
diff --git a/...y/code-ready/snc/microshift-arm/test/code-ready-snc-microshift-arm-test-ref.metadata.json b/...y/code-ready/snc/microshift-arm/test/code-ready-snc-microshift-arm-test-ref.metadata.json
@@ -0,0 +1,15 @@
+{
+	"path": "code-ready/snc/microshift-arm/test/code-ready-snc-microshift-arm-test-ref.yaml",
+	"owners": {
+		"approvers": [
+			"praveenkumar",
+			"cfergeau",
+			"gbraad"
+		],
+		"reviewers": [
+			"praveenkumar",
+			"cfergeau",
+			"gbraad"
+		]
+	}
+}
diff --git a/...p-registry/code-ready/snc/microshift-arm/test/code-ready-snc-microshift-arm-test-ref.yaml b/...p-registry/code-ready/snc/microshift-arm/test/code-ready-snc-microshift-arm-test-ref.yaml
@@ -0,0 +1,23 @@
+ref:
+  as: code-ready-snc-microshift-arm-test
+  from: snc
+  grace_period: 10m
+  commands: code-ready-snc-microshift-arm-test-commands.sh
+  resources:
+    requests:
+      cpu: 10m
+      memory: 100Mi
+  timeout: 4h0m0s
+  env:
+    - name: HOME
+      default: /tmp/secret
+    - name: NSS_WRAPPER_PASSWD
+      default: /tmp/secret/passwd
+    - name: NSS_WRAPPER_GROUP
+      default: /tmp/secret/group
+    - name: NSS_USERNAME
+      default: packer
+    - name: NSS_GROUPNAME
+      default: packer
+  documentation: >-
+    This step provision the snc deployments created by upi-install-gcp-arm.
diff --git a/ci-operator/step-registry/upi/gcp/arm/OWNERS b/ci-operator/step-registry/upi/gcp/arm/OWNERS
@@ -0,0 +1,8 @@
+approvers:
+  - praveenkumar
+  - cfergeau
+  - gbraad
+reviewers:
+  - praveenkumar
+  - cfergeau
+  - gbraad
diff --git a/ci-operator/step-registry/upi/gcp/arm/post/OWNERS b/ci-operator/step-registry/upi/gcp/arm/post/OWNERS
@@ -0,0 +1 @@
+../OWNERS
diff --git a/ci-operator/step-registry/upi/gcp/arm/post/upi-gcp-arm-post-chain.metadata.json b/ci-operator/step-registry/upi/gcp/arm/post/upi-gcp-arm-post-chain.metadata.json
@@ -0,0 +1,15 @@
+{
+	"path": "upi/gcp/arm/post/upi-gcp-arm-post-chain.yaml",
+	"owners": {
+		"approvers": [
+			"praveenkumar",
+			"cfergeau",
+			"gbraad"
+		],
+		"reviewers": [
+			"praveenkumar",
+			"cfergeau",
+			"gbraad"
+		]
+	}
+}
diff --git a/ci-operator/step-registry/upi/gcp/arm/post/upi-gcp-arm-post-chain.yaml b/ci-operator/step-registry/upi/gcp/arm/post/upi-gcp-arm-post-chain.yaml
@@ -0,0 +1,6 @@
+chain:
+  as: upi-gcp-arm-post
+  steps:
+    - ref: upi-gcp-arm-post
+  documentation: >-
+    This chain deprovisions all the components created by the upi-gcp-pre chain.
diff --git a/ci-operator/step-registry/upi/gcp/arm/post/upi-gcp-arm-post-commands.sh b/ci-operator/step-registry/upi/gcp/arm/post/upi-gcp-arm-post-commands.sh
@@ -0,0 +1,34 @@
+#!/bin/bash
+
+set -eo pipefail
+
+INSTANCE_PREFIX="${NAMESPACE}-${UNIQUE_HASH}"
+GOOGLE_PROJECT_ID="$(< ${CLUSTER_PROFILE_DIR}/openshift_gcp_project)"
+GOOGLE_COMPUTE_REGION="${LEASED_RESOURCE}"
+GOOGLE_COMPUTE_ZONE="$(< ${SHARED_DIR}/openshift_gcp_compute_zone)"
+if [[ -z "${GOOGLE_COMPUTE_ZONE}" ]]; then
+  echo "Expected \${SHARED_DIR}/openshift_gcp_compute_zone to contain the GCP zone"
+  exit 1
+fi
+
+function teardown() {
+  # This is for running the gcloud commands
+  mock-nss.sh
+  gcloud auth activate-service-account \
+    --quiet --key-file "${CLUSTER_PROFILE_DIR}/gce.json"
+  gcloud --quiet config set project "${GOOGLE_PROJECT_ID}"
+  gcloud --quiet config set compute/zone "${GOOGLE_COMPUTE_ZONE}"
+  gcloud --quiet config set compute/region "${GOOGLE_COMPUTE_REGION}"
+
+  set -x
+  set +e
+
+  echo "Deprovisioning cluster ..."
+  gcloud compute instances delete "${INSTANCE_PREFIX}" --quiet
+  gcloud compute firewall-rules delete "${INSTANCE_PREFIX}" --quiet
+  gcloud compute networks subnets delete "${INSTANCE_PREFIX}" --quiet
+  gcloud compute networks delete "${INSTANCE_PREFIX}" --quiet
+}
+
+trap 'teardown' EXIT
+trap 'CHILDREN=$(jobs -p); if test -n "${CHILDREN}"; then kill ${CHILDREN} && wait; fi' TERM
diff --git a/ci-operator/step-registry/upi/gcp/arm/post/upi-gcp-arm-post-ref.metadata.json b/ci-operator/step-registry/upi/gcp/arm/post/upi-gcp-arm-post-ref.metadata.json
@@ -0,0 +1,15 @@
+{
+	"path": "upi/gcp/arm/post/upi-gcp-arm-post-ref.yaml",
+	"owners": {
+		"approvers": [
+			"praveenkumar",
+			"cfergeau",
+			"gbraad"
+		],
+		"reviewers": [
+			"praveenkumar",
+			"cfergeau",
+			"gbraad"
+		]
+	}
+}
diff --git a/ci-operator/step-registry/upi/gcp/arm/post/upi-gcp-arm-post-ref.yaml b/ci-operator/step-registry/upi/gcp/arm/post/upi-gcp-arm-post-ref.yaml
@@ -0,0 +1,22 @@
+ref:
+  as: upi-gcp-arm-post
+  from: libvirt-installer
+  grace_period: 10m
+  commands: upi-gcp-arm-post-commands.sh
+  resources:
+    requests:
+      cpu: 10m
+      memory: 100Mi
+  env:
+    - name: HOME
+      default: /tmp/secret
+    - name: NSS_WRAPPER_PASSWD
+      default: /tmp/secret/passwd
+    - name: NSS_WRAPPER_GROUP
+      default: /tmp/secret/group
+    - name: NSS_USERNAME
+      default: packer
+    - name: NSS_GROUPNAME
+      default: packer
+  documentation: >-
+    This step deprovisions the gcloud deployments created by upi-install-gcp-arm.
diff --git a/ci-operator/step-registry/upi/gcp/arm/pre/OWNERS b/ci-operator/step-registry/upi/gcp/arm/pre/OWNERS
@@ -0,0 +1 @@
+../OWNERS
diff --git a/ci-operator/step-registry/upi/gcp/arm/pre/upi-gcp-arm-pre-chain.metadata.json b/ci-operator/step-registry/upi/gcp/arm/pre/upi-gcp-arm-pre-chain.metadata.json
@@ -0,0 +1,15 @@
+{
+	"path": "upi/gcp/arm/pre/upi-gcp-arm-pre-chain.yaml",
+	"owners": {
+		"approvers": [
+			"praveenkumar",
+			"cfergeau",
+			"gbraad"
+		],
+		"reviewers": [
+			"praveenkumar",
+			"cfergeau",
+			"gbraad"
+		]
+	}
+}