From e337fa6a93bd4a76ea8d5dc16b010df9945d1414 Mon Sep 17 00:00:00 2001 From: Micah Abbott Date: Wed, 3 Oct 2018 09:21:01 -0400 Subject: [PATCH 1/3] utils: add an `openshift_login()` helper This adds a utility function to login to an OpenShift service and switches to a desired project. I snuck in a small change to the `registry_login()` function to echo out what the command looks like. --- pipeline-utils.groovy | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/pipeline-utils.groovy b/pipeline-utils.groovy index 5ad79c81..8918eaa1 100644 --- a/pipeline-utils.groovy +++ b/pipeline-utils.groovy @@ -155,9 +155,17 @@ def sh_capture(cmd) { def registry_login(oscontainer_name, creds) { def registry = oscontainer_name.split('/')[0]; def (username, password) = creds.split(':'); + sh "echo 'podman login -u '${username}' -p '' ${registry}"; sh "set +x; podman login -u '${username}' -p '${password}' ${registry}"; } +def openshift_login(url, creds, project) { + def (username, password) = creds.split(':'); + sh "echo oc login --token ' ${url}"; + sh "set +x; oc login --token '${password}' ${url}"; + sh "oc project '${project}'"; +} + // re-implementation of some functionality from scripts/pull-mount-oscontainer // takes a directory mounted in from the host, creates a new location to // store containers, and bind mounts it to '/var/lib/containers` From 21dc36b2a08e6eeddf7af6ba0776547374fe8bf3 Mon Sep 17 00:00:00 2001 From: Micah Abbott Date: Wed, 3 Oct 2018 09:23:30 -0400 Subject: [PATCH 2/3] treecompose: use `oc` commands to tag images This change forgoes the use of `skopeo copy` to tag the container image with an ostree commit and instead directly talks to OpenShift to apply the tag. I think this should be less likely to fail as we don't have to rely on a longer, more network intensive `skopeo copy` operation. Note: we are explicitly tagging the sha256sum reference of the image, rather than re-tagging the `buildmaster` tag. This means the ostree commit tag will always point to the sha256sum of the image, rather than the `buildmaster` tag, which changes each build. --- Jenkinsfile.treecompose | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/Jenkinsfile.treecompose b/Jenkinsfile.treecompose index b8a0974f..72af0706 100644 --- a/Jenkinsfile.treecompose +++ b/Jenkinsfile.treecompose @@ -3,6 +3,7 @@ def NODE = "rhcos-jenkins" def API_CI_REGISTRY = "registry.svc.ci.openshift.org" def OS_NAME = "maipo"; def OSCONTAINER_IMG = API_CI_REGISTRY + "/rhcos/os-${OS_NAME}" +def OPENSHIFT_URL = "https://api.ci.openshift.org"; def COMPOSEFLAGS = ""; // We write to this one for now @@ -36,6 +37,7 @@ node(NODE) { withCredentials([ usernameColonPassword(credentialsId: params.REGISTRY_CREDENTIALS, variable: 'CREDS'), ]) { + utils.openshift_login("${OPENSHIFT_URL}", "${CREDS}", "rhcos") utils.registry_login("${OSCONTAINER_IMG}", "${CREDS}") sh """ if ! skopeo inspect docker://${OSCONTAINER_IMG}:buildmaster; then @@ -109,10 +111,11 @@ node(NODE) { stage("Push container") { sh """ podman push ${OSCONTAINER_IMG}:buildmaster - skopeo copy docker://${OSCONTAINER_IMG}:buildmaster docker://${OSCONTAINER_IMG}:${composeMeta.commit} skopeo inspect docker://${OSCONTAINER_IMG}:buildmaster | jq '.Digest' > imgid.txt """ def cid = readFile('imgid.txt').trim().replaceAll('"',''); + // tag the image by SHA256 using OpenShift means + sh """oc tag os-${OS_NAME}@${cid} os-${OS_NAME}:${composeMeta.commit}""" currentBuild.description = "🆕 ${OSCONTAINER_IMG}@${cid} (${composeMeta.version})"; } From c999d96b73f8892444e4936eb632c3f9635e8533 Mon Sep 17 00:00:00 2001 From: Micah Abbott Date: Wed, 3 Oct 2018 09:29:16 -0400 Subject: [PATCH 3/3] aws-test: use `oc` to handle tagging This implements the use of `oc` to handle the tagging of the container image to `alpha` and to garbage collect ostree commit tags that we no longer need. --- Jenkinsfile.aws-test | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/Jenkinsfile.aws-test b/Jenkinsfile.aws-test index a48ef2bb..4460a1c6 100644 --- a/Jenkinsfile.aws-test +++ b/Jenkinsfile.aws-test @@ -4,6 +4,8 @@ def AWS_REGION = "us-east-1" def API_CI_REGISTRY = "registry.svc.ci.openshift.org" def OS_NAME = "maipo"; def OSCONTAINER_IMG = API_CI_REGISTRY + "/rhcos/os-${OS_NAME}" +def OPENSHIFT_URL = "https://api.ci.openshift.org"; + // We copy tested AMIs to other regions; this // list is hardcoded right now pending discussion // with ops about which regions we should target @@ -64,14 +66,17 @@ node(NODE) { aws_json = readJSON file: "aws-${AWS_REGION}.json"; def ami_intermediate = aws_json["HVM"]; - // login to registry and setup container storage - utils.registry_login("${OSCONTAINER_IMG}", "${CREDS}") - utils.prep_container_storage("${WORKSPACE}") + // login to OpenShift + registry and setup container storage + utils.openshift_login("${OPENSHIFT_URL}", "${CREDS}", "rhcos"); + utils.registry_login("${OSCONTAINER_IMG}", "${CREDS}"); + utils.prep_container_storage("${WORKSPACE}"); - currentBuild.description = "version=${version} ami=${ami_intermediate}" + currentBuild.description = "version=${version} ami=${ami_intermediate}"; sh """ # Do testing with intermediate aws image passed in by cloud job if ! kola -b rhcos -p aws --aws-type t2.small --tapfile rhcos-aws.tap --aws-ami ${ami_intermediate} --aws-region ${AWS_REGION} -j ${NUM_VMS} run; then + # if the tests fail, GC the ostree commit tag + oc tag -d os-${OS_NAME}:${ostree_commit} exit 1 fi @@ -100,8 +105,9 @@ node(NODE) { ${WORKSPACE}/aws.json \ s3://${S3_PUBLIC_BUCKET}/aws-tested.json - # Copy the container image to alpha - skopeo copy docker://${OSCONTAINER_IMG}:${ostree_commit} docker://${OSCONTAINER_IMG}:alpha + # Tag the image to alpha; GC the ostree commit tag + oc tag os-${OS_NAME}:${ostree_commit} os-${OS_NAME}:alpha + oc tag -d os-${OS_NAME}:${ostree_commit} """ } }