profile
viewpoint
Sally O'Malley sallyom Red Hat In my real life, I play a software engineer.

ironcladlou/openshift4-libvirt-gcp 17

Run an OpenShift 4.0 cluster on a single GCP instance using nested virtualization.

projectatomic/oci-register-machine 14

RegisterMachine Go

sallyom/cli-runtime 1

Set of helpers for creating kubectl commands and plugins.

sallyom/cluster-kube-controller-manager-operator 1

The kube-controller-manager operator installs and maintains the kube-controller-manager on a cluster

sallyom/cluster-kube-scheduler-operator 1

Installs and maintains the kube-scheduler on a cluster.

DirectXMan12/origin-idler 0

See https://github.com/openshift/service-idler

sallyom/api 0

Canonical location of the OpenShift API definition.

sallyom/apiserver-library-go 0

k/k dependent helpers for kube-apiserver and openshift-apiserver

push eventsallyom/kubernetes

Jordan Liggitt

commit sha 7049149181189eae304246cc49de78d08eef4f80

Generated files

view details

Kubernetes Prow Robot

commit sha 99c50dfd3c0a07f2576d9572f5ee313447a325a8

Merge pull request #85225 from DataDog/eric.mountain/cleanup_refmanager_master Removes container RefManager

view details

Kubernetes Prow Robot

commit sha e9f560d7205e860fa8ffb1ae629b934474dc084f

Merge pull request #89710 from dims/update-hcsshim-to-latest Update hcsshim to latest - v0.8.9

view details

Kubernetes Prow Robot

commit sha 2a6d25d0f2178536987050f83837c439001960b4

Merge pull request #90696 from brianpursley/IssueTemplate Added issue templates for kubectl

view details

Kubernetes Prow Robot

commit sha 2572066ac0219e4b1aca1e046812ae995cb83c0e

Merge pull request #91424 from prasadkatti/add_validate_etcd_tests Add tests for ValidateEtcd

view details

Kubernetes Prow Robot

commit sha 472a4e9ce281b6aac13d80f09e2fd925cb209e03

Merge pull request #91448 from RainbowMango/pr_fix_metric_naming update metrics to conform promlint

view details

Kubernetes Prow Robot

commit sha 0891f69f5ec27cdbcb6336ce3cfe6efdcc1d1e05

Merge pull request #91510 from ahg-g/ahg-preempt Add Preemption benchmark

view details

Abdullah Gharaibeh

commit sha 27caa6e7271fc14c7e45270e75835be0bd5f6aa1

merge pod condition update with setting nominated node name in the scheduler

view details

Xiang Dai

commit sha e09bc312cbc5986f6e3410dda50f6b7bb7c4ec16

*.sh: cleanup all white noise Signed-off-by: Xiang Dai <long0dai@foxmail.com>

view details

Alex Wang

commit sha 505ae6930f84c24a65fa8e66528b3989ea464cfc

add integration-test for NonPreemption

view details

Kubernetes Prow Robot

commit sha c8ceeed6982752db80def3a16266e72a6046db0e

Merge pull request #91191 from denkensk/add-integration-test-nonpreempt Add integration test for NonPreemption

view details

zhouya0

commit sha b6213ed931930eba27b4a53db54b4b4d224a1c59

Support kubectl create deployment with replicas

view details

SataQiu

commit sha f1729b06d781fefe7c66e2e4bde63035ac4664a7

add duration to image pulling event

view details

Han Kang

commit sha 6c588c3f441252f42fd37526297ed92d1e1f3acf

fix a number of unbounded dimensions in request metrics (#89451) * fix a number of unbounded dimensions in request metrics * add test suite for cleanVerb and cleanContentType * Properly validate that the content-type and charset (if applicable) are RFC compliant * add additional test case * truncate list of content-types Change-Id: Ia5fe0d2e2c602e4def4b8e0849cc19f3f9251818

view details

Kubernetes Prow Robot

commit sha 83f343011f566130b813e81c84c40d218d10fecc

Merge pull request #91308 from julianvmodesto/remove-deprecated-server-dry-run-flag Remove deprecated --server-dry-run from kubectl apply

view details

RainbowMango

commit sha 4a4d1947b031aa301be6046c641faae275f5223b

fix a client-go crash handler not working issue.

view details

Sascha Grunert

commit sha d2fc2d282d7712dc17a6e922a61cd835cc934e21

Update cri-tools to v1.18.0 This updates cri-tools to the latest release as well as pointing the artifacts to the new Google Cloud Bucket `k8s-artifacts-cri-tools`. This reverts commit ce1840d25317304765967a0580404935fe011860. Signed-off-by: Sascha Grunert <sgrunert@suse.com>

view details

RainbowMango

commit sha d1a883293930336b5c561448900e40d9c4fe4676

Fix a wrong usage of recover in apiserver.

view details

Yecheng Fu

commit sha 32df4300ef61a58c196f3738fcb4750fc2f94573

emit correct event when unbound delay binding claim is used by pod

view details

André Bauer

commit sha 7433364bb4d0cf36d6b411e963688a7766973537

update gemfile to fix metadata plugin bug Signed-off-by: André Bauer <monotek23@gmail.com>

view details

push time in 3 days

push eventsallyom/release

Sally O'Malley

commit sha a3e72cefd47cfdf3db65ae706eeafc69ef222499

REMOVE: test commit w/ curl files

view details

push time in 4 days

push eventsallyom/installer

Sally O'Malley

commit sha 37f9e33b309daff485bd60f6e6b149f19b163623

Remove the need for externally built libvirt CI images. Currently, libvirt testing requires images built outside of CI, and not maintained by the installer team. These images are built manually with packer out of https://github.com/ironcladlou/openshift4-libvirt-gcp/blob/rhel8/IMAGES.md Instead, the provision script that is run when creating these external images should be maintained here, and kept in line with any changes or updates in the installer repository. Also baked into the libvirt CI images is a script that runs the install. This also should live here and be maintained by the installer team. There will be a transition period in the libvirt test environment while these scripts are moved from external images to the libvirt-installer image. Once the transition is complete, the libvirt-installer image no longer has to build the installer (saving time in the CI tests). Instead, the installer will be extracted from the provided release image (in CI, it's `${RELEASE_IMAGE_LATEST}`).

view details

push time in 4 days

push eventsallyom/oc

David Eads

commit sha 7ec02e2eacdf66c5a6b77e44ee779398d5aee80b

run inspect in parallel

view details

Cesar Wong

commit sha 9a67db39371dfe837aa73d6ea599fb345e755e4f

oc adm release extract - add option to extract credential requests only

view details

Maciej Szulik

commit sha 71d0970ecf7dca78d9f84e9ee14b5d287fa40547

Write a proper readme

view details

OpenShift Merge Robot

commit sha 7762806d2191ee4880307cf5973a1b7fe916d6d9

Merge pull request #464 from soltysh/readme Write a proper readme

view details

Stanislav Laznicka

commit sha 9401cfbfc99ad4576a5c18613be8931f4dd13a3f

allow switching project even to users outside self-provisioner role (revert) This reverts commit f7d2755ed11135de6f40f82ec24ad91a4fd71fad.

view details

OpenShift Merge Robot

commit sha 024bef381e92875c8b929bf1d79681757fc34f62

Merge pull request #476 from stlaz/revert_project_switch Bug 1849983: allow switching project even to users outside self-provisioner role (revert)

view details

OpenShift Merge Robot

commit sha 51011e4849252c723b520643d27d3fa164d28c61

Merge pull request #467 from csrwng/extract_credential_requests oc adm release extract - add option to extract credential requests only

view details

OpenShift Merge Robot

commit sha ad8b00fb56b2e0263a08404df252ba9a87b0b872

Merge pull request #449 from deads2k/paralle make oc adm inspect run in parallel and remove rate limits

view details

Sally O'Malley

commit sha 8dce43f5f91ca7665cd931524de243cd9622f75e

write ImageContentSourcePolicy to file with oc adm release mirror

view details

Sally O'Malley

commit sha 527923e8fc67c8c2a759a0744a7ee2a5d0c53daa

Bug 1823143: add logic to set registry/repository/name instead of only using image references for 'oc adm release ...' commands 1. Try to gather image source info from ImageContentSourcePolicy, if this doesn't succeed go to 2. 2. Set the registry/repo/name to be that of user-given release rather than its refs. If image not found, go to 3. 3. Use the image-references from given release. This will succeed if user has access to the image-reference registry. When working with mirrored release payloads, a release from a mirrored registry, mylocalregistry/ocp/release:4.5.0-0.nightly-2020-04-18-093630 mirrored from registry.svc.ci.openshift.org/ocp/release:4.5.0-0.nightly-2020-04-18-093630 - Both reference 'quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2eb0a51...'. In case of disconnected, oc will use 'mylocalregistry/ocp/release' instead of 'quay.io/openshift-release-dev/ocp-v4.0-art-dev' _or_ will get image source information from ICSP in cluster.

view details

Sally O'Malley

commit sha 41ef93eff16060caceb418d15f2f9688bbbca805

error if passed icsp-file but did not verify image source

view details

Sally O'Malley

commit sha e27be550971c7dca2fb5730760e1aedec6c3041d

join icps-to and release-image-signature-to-dir flags into --release-image-config-dir

view details

push time in 5 days

Pull request review commentopenshift/enhancements

CLI in-cluster management

+---+title: cli-in-cluster-management+authors:+  - "@sallyom"+reviewers:+  - TBD+  - "@soltysh"+approvers:+  - TBD+  - "@soltysh"+creation-date: 2019-12-03+last-updated: 2020-03-24-20+status: provisional+---++# CLI In-Cluster Management++## Release Signoff Checklist++- [ ] Enhancement is `implementable`+- [ ] Design details are appropriately documented from clear requirements+- [ ] Test plan is defined+- [ ] Graduation criteria for dev preview, tech preview, GA+- [ ] User-facing documentation is created in [openshift-docs](https://github.com/openshift/openshift-docs/)++## Summary++This proposal is describing the mechanism for how authors of a Command Line Interface (CLI) such as oc, kubectl, odo, istio, tekton, or knative,+can deliver tools to OpenShift clusters.  An in-cluster feature is needed to manage various CLIs available for OpenShift and related services.  The goal is for+ a user to discover, install and upgrade tools easily and from a single location.++Each component is responsible for building and publishing its artifacts and registering information regarding supplied binaries.+Currently, that location is [index of /pub/openshift-v4/clients](https://mirror.openshift.com/pub/openshift-v4/clients/),+and this makes it difficult for disconnected installations to mirror them.++The CLI in-cluster manager will retrieve binaries from images that package a CLI's artifacts.  Through the use of local mirrored+registries, disconnected environments will have access to OpenShift CLIs.  Currently, we provide disconnected environments +cli-artifacts and oc download links that do not require anything outside the cluster.  The goal is to provide the same for other+binaries/tools/CLIs.++The CLI in-cluster manager will provide a mechanism to provide, list, install, and upgrade OpenShift tools/plugins/CLIs from+within a cluster. Through a new ClusterCLI [Custom Resource](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/),+each CLI will provide necessary information about its provided artifacts, including its description and location within the image.  The ClusterCLI/oc +Custom Resource will serve as a reference consumer implementation for other CLIs to follow.    ++## Motivation++As more services are created on top of OpenShift, more CLIs are introduced to simplify interaction with these services.+Some current examples are oc, kubectl, odo, istio, tekton, and knative.  It is difficult for users to discover what tools exist, +where to download them from and which version they should download.  We need to simplify as much as possible the interaction+of services on OpenShift.  We need a mechanism for providing and consuming tools that is simple to add on to as new CLIs are +developed from a variety of sources - and this needs to be managed from within a cluster and with disconnected installs.+This is the motivation for the CLI in-cluster manager.++### Goals++Each component wishing to provide customers with their binaries in-cluster will build and publish artifacts via an official channel to a central index+from which the CLI in-cluster manager can access them. ++Possible routes for supplying CLI binaries:    +1.  Central index that has links to where artifacts are stored.  This is what we have now with+[the ConsoleCLIDownload CRD](https://github.com/openshift/api/blob/master/console/v1/0000_10_consoleclidownload.crd.yaml).+Currently, a user can run `oc get consoleclidownloads oc-cli-downloads -o yaml` or `oc get consoleclidownloads odo-cli-downloads -o yaml` +to get a download link for `odo` or `oc`.  The in-cluster cli-manager will take this a step further to handle installing binaries on the user's system, +in the $HOME directory, that are known compatible with a cluster's version.  The challenge is that we need a mechanism that works in disconnected environments.+Also, this has created a burden of maintenance for the console team.  Furthermore, we want to offer a mechanism that other CLI authors can leverage to deliver tools in-cluster.  ++2.  Central repository where all artifacts are stored - [index of /pub/openshift-v4/clients](https://mirror.openshift.com/pub/openshift-v4/clients/)+currently is where crc, oc, ocp-dev-preview, ocp, odo, and serverless artifacts are published.  This is currently how OpenShift CLIs are published.  The ConsoleCLIDownloads+CRs reference this index.  The challenge is offering these in disconnected environments and automating the download and extraction of the artifacts.  ++3.  Images for each CLI. The CLI in-cluster manager would provide an extract mechanism for each CLI image, similar to how we currently +`oc adm release extract --command oc` and `oc image extract`.   A Custom Resource for each CLI would provide the in-cluster CLI manager information about each CLI and its image.+In disconnected, the images will be available through a mirrored local registry.  The logic for `oc image extract` can be re-used and extended for extracting the CLIs.  CLIs would+be managed by users through extending the oc commands we currently have to extract `oc` and `openshift-install` binaries from the release payload.  This would provide the function we need, but looking to the future there is an+upstream effort we can use to provide an in-cluster CLI manager while also providing a mechanism that the Kubernetes community as a whole can utilize.  That brings us to option 4.++4.  The CLI in-cluster manager can provide CLIs as plugins through [krew](https://github.com/kubernetes-sigs/krew).  CLI images will serve the artifacts to enable disconnected downloads, and OpenShift CLIs will be available as +[krew plugins](https://github.com/kubernetes-sigs/krew-index/tree/master/plugins).+    * Krew and Krew plugins are upstream projects that Kubernetes users are already familiar with+    * From the [README](https://github.com/kubernetes-sigs/krew/#what-does-krew-do): `Krew is a tool that makes it easy to use kubectl plugins. Krew helps you discover plugins, install and manage them on your machine. It is similar to tools like apt, dnf or brew. Today, over 70 kubectl plugins are available on Krew.` It makes sense to offer OpenShift CLIs in the same way.+    * With krew, artifacts will be packaged within an image.  Each cluster will have an index of CLI images.  Mirrored local registries will provide binaries to disconnected environments.  ++Option 4 is the option we as a team are leaning toward.  It requires that each OpenShift CLI publish artifacts, for example, [index of /pub/openshift-v4/clients](https://mirror.openshift.com/pub/openshift-v4/clients/)+then create an image similar to this: [example cli-artifacts image](https://github.com/openshift/oc/blob/master/images/cli-artifacts/Dockerfile.rhel).  CLI artifacts are packaged in images.+The CLI in-cluster manager will gather information from each CLI's CR about each CLI and its image.  A Krew index will be populated in every cluster to provide available CLIs and plugins for a cluster.++### Non-Goals++* CLI manager will not build or serve the binaries.  It will know where to find them.+* This proposal is not concerned with _which_ binaries will be managed.  This proposal is meant to determine the mechanism only.  Consumers and publishers are clients of the mechanism. +* CLI manager will not create or update the ClusterCLI Custom Resources, those will be managed by individual CLIs and their operators. ++### Requirements:++1. CLI author requirements:+    - provide CLI image containing binaries+    - Custom Resource that describes the binaries (location within the image, metadata, description)+2. An operator that will be responsible for:+    - registering the new CLI CRD +    - reading metadata from CR from authors and extracting the binaries from the CLI images to local disk+    - serving extracted binaries+    - serving krew-compatible index+3. oc changes:+    - embed krew++## Proposal++### User Stories++#### Story 1++As a user, I want a CLI in-cluster manager for various CLIs available for OpenShift and related services so that I can discover, install and list them+The user will invoke the following commands:++* `oc krew list` to view installed plugins

without oc and without the console? To download from the cluster you'd have to connect to the cluster. You can always download from wherever the binaries are published (like https://mirror.openshift.com/pub/openshift-v4/clients/)

sallyom

comment created time in 5 days

Pull request review commentopenshift/enhancements

Make oc aware of ImageContentSourcePolicy

+---+title: image-content-source-policy-awareness+authors:+  - "@sallyom"+reviewers:+  - "@smarterclayton"+  - "@soltysh"+  - "@wking"+approvers:+  - "@smarterclayton"+creation-date: 2020-05-19+last-updated: 2020-05-19+status: provisional+---++# ImageContentSourcePolicy (ICSP) Awareness++ICSP allows OpenShift (CVO, CRI-O) to check down a list of possible mirrors to find an image with the matching digest it is+looking for.  `oc` should do the same.  ++There have been several bugs opened around the experience of a +user in a disconnected environment using `oc adm release` commands.  If+using a mirrored image and the mirrored source registry is connected, +the following commands do not succeed when in a disconnected environment:++```console+$ oc adm release extract --tools registry.example.com/repo/name:tag+$ oc adm release mirror registry.example.com/repo/name:tag --to someregistry/repo/name+$ oc adm must-gather+```++This is because the mirrored image tags (the individual component images from a payload)+retain references to the mirrored registry, usually something like +`quay.io/openshift-release-dev/ocp-v4.0-art-dev`.  ++There needs to be logic in `oc` to look for `ImageContentSourcePolicy` from a cluster.+`oc` should look for `ICSP` in the cluster/current context if connected and if user has permission to +access ICSPs.  `oc` should gather information about RepositoryDigestMirrors from ICSP and use that+when extracting or mirroring images, or when running must-gather.  If no ICSP found or if ICSP image doesn't+exist, then use the user-given image.  If that image is not accessible, then fall back to the current flow of+using the image-reference from the user-given image.++Current bugs regarding this Issue:   +* https://bugzilla.redhat.com/show_bug.cgi?id=1823839+* https://bugzilla.redhat.com/show_bug.cgi?id=1823143 and also for 4.3, 4.5, 4.6+++## Release Signoff Checklist++- [ ] Enhancement is `implementable`+- [ ] Design details are appropriately documented from clear requirements+- [ ] Test plan is defined+- [ ] Graduation criteria for dev preview, tech preview, GA+- [ ] User-facing documentation is created in [openshift-docs](https://github.com/openshift/openshift-docs/)++## Open Questions++* Should new flags be introduced OR should oc try each scenario until it succeeds in finding the registry/repo/name:digest?+    * NO FLAGS:+        1. Try ImageContentSources from cluster -> if oc can access ICSP and cluster, get images from ICSP, check if an image exists, if so use it+        2. Try user-given registry/repo/name -> check if registry/repo/name:digest exists, if so use it+        3. (The current flow): If the above fall through, try the image-reference from user-given image - use it - may or may not succeed +        if disconnected or not authorized to access image-reference registry+    * FLAGS:+        * *--icsp-to* will define where to write an ICSP file to.  If unset, `oc adm release mirror` will write to current directory.+        * *--icsp-file* will define where to get ICSP from a file.  If set, `oc adm release extract|mirror` will use this ICSP data.+    * FLAGS DECIDED AGAINST:+        * boolean `--use-icsp` and if true, check for cluster and/or icsp file?  This is problematic, because even if a user is currently connected to a cluster, +        it doesn't mean they want to use information from that cluster with an `oc adm release ...` command.  +        So here, we'd need a different `--cluster-icsp` boolean and `--icsp-file` string flag.  The flags are adding up here, and that is not desireable. +        * string `--image-content-source aregistry/arepo/arelease`. I don't like this, because it would be redundant for a user to run something like this: +        `oc adm release extract --command oc myreg:5000/myrepo/release:tag --image-content-source myreg:5000/myrepo/release`.  +        * Instead, a boolean `--set-prefix` would allow a user to specify "I want to use the prefix of the release image I have specified, +        rather than any underlying image reference."+* This proposal is for the `FLAGS`, that `oc` will try ICSP, user-given image, then fall back on underlying image-reference from user-given image. +* See `User Stories` below for examples. ++## Summary++ICSP allows OpenShift (CVO, CRI-O) to check down a list of possible mirrors to find an image with the matching digest it is+looking for.  `oc` should do the same.  If no ICSP found, then try user-given image.  If that doesn't succeed, then use underlying+image-reference from user-given image.++## Proposal++* `oc adm release mirror` writes an ICSP file to the current directory or wherever you specify +* Add logic to `oc adm release` to become aware of ICSP in cluster+* Add logic to `oc adm release` to use the ICSP to complete extracts, mirroring, must-gather++## User Stories++A user runs:+1. `oc adm must-gather`

removed must-gather use-case

sallyom

comment created time in 5 days

push eventsallyom/enhancements

Sally O'Malley

commit sha eca51039f501b56aa5c3397c65a5a0549cf83003

remove must-gather use-case

view details

push time in 5 days

Pull request review commentopenshift/enhancements

Make oc aware of ImageContentSourcePolicy

+---+title: image-content-source-policy-awareness+authors:+  - "@sallyom"+reviewers:+  - "@smarterclayton"+  - "@soltysh"+  - "@wking"+approvers:+  - "@smarterclayton"+creation-date: 2020-05-19+last-updated: 2020-05-19+status: provisional+---++# ImageContentSourcePolicy (ICSP) Awareness++ICSP allows OpenShift (CVO, CRI-O) to check down a list of possible mirrors to find an image with the matching digest it is+looking for.  `oc` should do the same.  ++There have been several bugs opened around the experience of a +user in a disconnected environment using `oc adm release` commands.  If+using a mirrored image and the mirrored source registry is connected, +the following commands do not succeed when in a disconnected environment:++```console+$ oc adm release extract --tools registry.example.com/repo/name:tag+$ oc adm release mirror registry.example.com/repo/name:tag --to someregistry/repo/name+$ oc adm must-gather+```++This is because the mirrored image tags (the individual component images from a payload)+retain references to the mirrored registry, usually something like +`quay.io/openshift-release-dev/ocp-v4.0-art-dev`.  ++There needs to be logic in `oc` to look for `ImageContentSourcePolicy` from a cluster.+`oc` should look for `ICSP` in the cluster/current context if connected and if user has permission to +access ICSPs.  `oc` should gather information about RepositoryDigestMirrors from ICSP and use that+when extracting or mirroring images, or when running must-gather.  If no ICSP found or if ICSP image doesn't+exist, then use the user-given image.  If that image is not accessible, then fall back to the current flow of+using the image-reference from the user-given image.++Current bugs regarding this Issue:   +* https://bugzilla.redhat.com/show_bug.cgi?id=1823839+* https://bugzilla.redhat.com/show_bug.cgi?id=1823143 and also for 4.3, 4.5, 4.6+++## Release Signoff Checklist++- [ ] Enhancement is `implementable`+- [ ] Design details are appropriately documented from clear requirements+- [ ] Test plan is defined+- [ ] Graduation criteria for dev preview, tech preview, GA+- [ ] User-facing documentation is created in [openshift-docs](https://github.com/openshift/openshift-docs/)++## Open Questions++* Should new flags be introduced OR should oc try each scenario until it succeeds in finding the registry/repo/name:digest?+    * NO FLAGS:+        1. Try ImageContentSources from cluster -> if oc can access ICSP and cluster, get images from ICSP, check if an image exists, if so use it+        2. Try user-given registry/repo/name -> check if registry/repo/name:digest exists, if so use it+        3. (The current flow): If the above fall through, try the image-reference from user-given image - use it - may or may not succeed +        if disconnected or not authorized to access image-reference registry+    * FLAGS:+        * *--icsp-to* will define where to write an ICSP file to.  If unset, `oc adm release mirror` will write to current directory.+        * *--icsp-file* will define where to get ICSP from a file.  If set, `oc adm release extract|mirror` will use this ICSP data.+    * FLAGS DECIDED AGAINST:+        * boolean `--use-icsp` and if true, check for cluster and/or icsp file?  This is problematic, because even if a user is currently connected to a cluster, +        it doesn't mean they want to use information from that cluster with an `oc adm release ...` command.  +        So here, we'd need a different `--cluster-icsp` boolean and `--icsp-file` string flag.  The flags are adding up here, and that is not desireable. +        * string `--image-content-source aregistry/arepo/arelease`. I don't like this, because it would be redundant for a user to run something like this: +        `oc adm release extract --command oc myreg:5000/myrepo/release:tag --image-content-source myreg:5000/myrepo/release`.  +        * Instead, a boolean `--set-prefix` would allow a user to specify "I want to use the prefix of the release image I have specified, +        rather than any underlying image reference."+* This proposal is for the `FLAGS`, that `oc` will try ICSP, user-given image, then fall back on underlying image-reference from user-given image. +* See `User Stories` below for examples. ++## Summary++ICSP allows OpenShift (CVO, CRI-O) to check down a list of possible mirrors to find an image with the matching digest it is+looking for.  `oc` should do the same.  If no ICSP found, then try user-given image.  If that doesn't succeed, then use underlying+image-reference from user-given image.++## Proposal++* `oc adm release mirror` writes an ICSP file to the current directory or wherever you specify +* Add logic to `oc adm release` to become aware of ICSP in cluster+* Add logic to `oc adm release` to use the ICSP to complete extracts, mirroring, must-gather++## User Stories++A user runs:+1. `oc adm must-gather`+    * `oc` will look for ICSP from cluster (no flag necessary here, since this cmd is always run while connected to a cluster) and will use the mirror from ICSP to launch the must-gather pod.  If no ICSP found, will look in `-n openshift` for must-gather imagestream.+2. `oc adm release extract --tools registry.example.com/repo/release:tag`+    * `oc` will look for ICSP and if found, will extract from the ICSP mirror (aregistry/arepo/release:tag-toolsha) rather than from the image reference that the user will not+    have access to if in disconnected environment.  If ICSP not found, will extract from the user-given registry.example.com/repo/tool:digest.  +    If neither of these succeed, will proceed to use the image-reference from the user-given image.  The extract will succeed if user has access and permission to the+    underlying image registry/repo/name.+2. `oc adm release extract --icsp-file /path/to/icsp.yaml --tools anightly/release:tag`+    * `oc` will try to use data from the icsp file, it will extract from the ICSP mirror (aregistry/arepo/release:tag-toolsha) rather than from the image reference.+    It will not try other sources, if the --icsp-file flag is provided.  +3. `oc adm release mirror --icsp-to /path/to/file aregistry/arepo/release:tag --to anotherreg/arepo/release`+    * `oc` will write an ICSP file to the given path.  If no --icsp-to flag, `oc` will write the ICSP file to the current directory. 

updated

sallyom

comment created time in 5 days

push eventsallyom/enhancements

Sally O'Malley

commit sha e353aade33b0011e110cd3e21250da935d70db5a

Make oc aware of ImageContentSourcePolicy

view details

push time in 5 days

Pull request review commentopenshift/enhancements

Make oc aware of ImageContentSourcePolicy

+---+title: image-content-source-policy-awareness+authors:+  - "@sallyom"+reviewers:+  - "@smarterclayton"+  - "@soltysh"+  - "@wking"+approvers:+  - "@smarterclayton"+creation-date: 2020-05-19+last-updated: 2020-05-19+status: provisional+---++# ImageContentSourcePolicy (ICSP) Awareness++ICSP allows OpenShift (CVO, CRI-O) to check down a list of possible mirrors to find an image with the matching digest it is+looking for.  `oc` should do the same.  ++There have been several bugs opened around the experience of a +user in a disconnected environment using `oc adm release` commands.  If+using a mirrored image and the mirrored source registry is connected, +the following commands do not succeed when in a disconnected environment:++```console+$ oc adm release extract --tools registry.example.com/repo/name:tag+$ oc adm release mirror registry.example.com/repo/name:tag --to someregistry/repo/name+$ oc adm must-gather+```++This is because the mirrored image tags (the individual component images from a payload)+retain references to the mirrored registry, usually something like +`quay.io/openshift-release-dev/ocp-v4.0-art-dev`.  ++There needs to be logic in `oc` to look for `ImageContentSourcePolicy` from a cluster.+`oc` should look for `ICSP` in the cluster/current context if connected and if user has permission to +access ICSPs.  `oc` should gather information about RepositoryDigestMirrors from ICSP and use that+when extracting or mirroring images, or when running must-gather.  If no ICSP found or if ICSP image doesn't+exist, then use the user-given image.  If that image is not accessible, then fall back to the current flow of+using the image-reference from the user-given image.++Current bugs regarding this Issue:   +* https://bugzilla.redhat.com/show_bug.cgi?id=1823839+* https://bugzilla.redhat.com/show_bug.cgi?id=1823143 and also for 4.3, 4.5, 4.6+++## Release Signoff Checklist++- [ ] Enhancement is `implementable`+- [ ] Design details are appropriately documented from clear requirements+- [ ] Test plan is defined+- [ ] Graduation criteria for dev preview, tech preview, GA+- [ ] User-facing documentation is created in [openshift-docs](https://github.com/openshift/openshift-docs/)++## Open Questions++* Should new flags be introduced OR should oc try each scenario until it succeeds in finding the registry/repo/name:digest?+    * NO FLAGS:+        1. Try ImageContentSources from cluster -> if oc can access ICSP and cluster, get images from ICSP, check if an image exists, if so use it+        2. Try user-given registry/repo/name -> check if registry/repo/name:digest exists, if so use it+        3. (The current flow): If the above fall through, try the image-reference from user-given image - use it - may or may not succeed +        if disconnected or not authorized to access image-reference registry+    * FLAGS:+        * *--icsp-to* will define where to write an ICSP file to.  If unset, `oc adm release mirror` will write to current directory.+        * *--icsp-file* will define where to get ICSP from a file.  If set, `oc adm release extract|mirror` will use this ICSP data.+    * FLAGS DECIDED AGAINST:+        * boolean `--use-icsp` and if true, check for cluster and/or icsp file?  This is problematic, because even if a user is currently connected to a cluster, +        it doesn't mean they want to use information from that cluster with an `oc adm release ...` command.  +        So here, we'd need a different `--cluster-icsp` boolean and `--icsp-file` string flag.  The flags are adding up here, and that is not desireable. +        * string `--image-content-source aregistry/arepo/arelease`. I don't like this, because it would be redundant for a user to run something like this: +        `oc adm release extract --command oc myreg:5000/myrepo/release:tag --image-content-source myreg:5000/myrepo/release`.  +        * Instead, a boolean `--set-prefix` would allow a user to specify "I want to use the prefix of the release image I have specified, +        rather than any underlying image reference."+* This proposal is for the `FLAGS`, that `oc` will try ICSP, user-given image, then fall back on underlying image-reference from user-given image. +* See `User Stories` below for examples. ++## Summary++ICSP allows OpenShift (CVO, CRI-O) to check down a list of possible mirrors to find an image with the matching digest it is+looking for.  `oc` should do the same.  If no ICSP found, then try user-given image.  If that doesn't succeed, then use underlying+image-reference from user-given image.++## Proposal++* `oc adm release mirror` writes an ICSP file to the current directory or wherever you specify +* Add logic to `oc adm release` to become aware of ICSP in cluster+* Add logic to `oc adm release` to use the ICSP to complete extracts, mirroring, must-gather++## User Stories++A user runs:+1. `oc adm must-gather`+    * `oc` will look for ICSP from cluster (no flag necessary here, since this cmd is always run while connected to a cluster) and will use the mirror from ICSP to launch the must-gather pod.  If no ICSP found, will look in `-n openshift` for must-gather imagestream.+2. `oc adm release extract --tools registry.example.com/repo/release:tag`+    * `oc` will look for ICSP and if found, will extract from the ICSP mirror (aregistry/arepo/release:tag-toolsha) rather than from the image reference that the user will not+    have access to if in disconnected environment.  If ICSP not found, will extract from the user-given registry.example.com/repo/tool:digest.  +    If neither of these succeed, will proceed to use the image-reference from the user-given image.  The extract will succeed if user has access and permission to the+    underlying image registry/repo/name.+2. `oc adm release extract --icsp-file /path/to/icsp.yaml --tools anightly/release:tag`+    * `oc` will try to use data from the icsp file, it will extract from the ICSP mirror (aregistry/arepo/release:tag-toolsha) rather than from the image reference.+    It will not try other sources, if the --icsp-file flag is provided.  +3. `oc adm release mirror --icsp-to /path/to/file aregistry/arepo/release:tag --to anotherreg/arepo/release`

we're writing ICSP to a file, so it can be used later to extract from, to apply to a cluster, etc. oc adm catalog mirror already does this.

sallyom

comment created time in 5 days

Pull request review commentopenshift/enhancements

Make oc aware of ImageContentSourcePolicy

+---+title: image-content-source-policy-awareness+authors:+  - "@sallyom"+reviewers:+  - "@smarterclayton"+  - "@soltysh"+  - "@wking"+approvers:+  - "@smarterclayton"+creation-date: 2020-05-19+last-updated: 2020-05-19+status: provisional+---++# ImageContentSourcePolicy (ICSP) Awareness++ICSP allows OpenShift (CVO, CRI-O) to check down a list of possible mirrors to find an image with the matching digest it is+looking for.  `oc` should do the same.  ++There have been several bugs opened around the experience of a +user in a disconnected environment using `oc adm release` commands.  If+using a mirrored image and the mirrored source registry is connected, +the following commands do not succeed when in a disconnected environment:++```console+$ oc adm release extract --tools registry.example.com/repo/name:tag+$ oc adm release mirror registry.example.com/repo/name:tag --to someregistry/repo/name+$ oc adm must-gather+```++This is because the mirrored image tags (the individual component images from a payload)+retain references to the mirrored registry, usually something like +`quay.io/openshift-release-dev/ocp-v4.0-art-dev`.  ++There needs to be logic in `oc` to look for `ImageContentSourcePolicy` from a cluster.+`oc` should look for `ICSP` in the cluster/current context if connected and if user has permission to +access ICSPs.  `oc` should gather information about RepositoryDigestMirrors from ICSP and use that+when extracting or mirroring images, or when running must-gather.  If no ICSP found or if ICSP image doesn't+exist, then use the user-given image.  If that image is not accessible, then fall back to the current flow of+using the image-reference from the user-given image.++Current bugs regarding this Issue:   +* https://bugzilla.redhat.com/show_bug.cgi?id=1823839+* https://bugzilla.redhat.com/show_bug.cgi?id=1823143 and also for 4.3, 4.5, 4.6+++## Release Signoff Checklist++- [ ] Enhancement is `implementable`+- [ ] Design details are appropriately documented from clear requirements+- [ ] Test plan is defined+- [ ] Graduation criteria for dev preview, tech preview, GA+- [ ] User-facing documentation is created in [openshift-docs](https://github.com/openshift/openshift-docs/)++## Open Questions++* Should new flags be introduced OR should oc try each scenario until it succeeds in finding the registry/repo/name:digest?+    * NO FLAGS:+        1. Try ImageContentSources from cluster -> if oc can access ICSP and cluster, get images from ICSP, check if an image exists, if so use it+        2. Try user-given registry/repo/name -> check if registry/repo/name:digest exists, if so use it+        3. (The current flow): If the above fall through, try the image-reference from user-given image - use it - may or may not succeed +        if disconnected or not authorized to access image-reference registry+    * FLAGS:+        * *--icsp-to* will define where to write an ICSP file to.  If unset, `oc adm release mirror` will write to current directory.+        * *--icsp-file* will define where to get ICSP from a file.  If set, `oc adm release extract|mirror` will use this ICSP data.+    * FLAGS DECIDED AGAINST:+        * boolean `--use-icsp` and if true, check for cluster and/or icsp file?  This is problematic, because even if a user is currently connected to a cluster, +        it doesn't mean they want to use information from that cluster with an `oc adm release ...` command.  +        So here, we'd need a different `--cluster-icsp` boolean and `--icsp-file` string flag.  The flags are adding up here, and that is not desireable. +        * string `--image-content-source aregistry/arepo/arelease`. I don't like this, because it would be redundant for a user to run something like this: +        `oc adm release extract --command oc myreg:5000/myrepo/release:tag --image-content-source myreg:5000/myrepo/release`.  +        * Instead, a boolean `--set-prefix` would allow a user to specify "I want to use the prefix of the release image I have specified, +        rather than any underlying image reference."+* This proposal is for the `FLAGS`, that `oc` will try ICSP, user-given image, then fall back on underlying image-reference from user-given image. +* See `User Stories` below for examples. ++## Summary++ICSP allows OpenShift (CVO, CRI-O) to check down a list of possible mirrors to find an image with the matching digest it is+looking for.  `oc` should do the same.  If no ICSP found, then try user-given image.  If that doesn't succeed, then use underlying+image-reference from user-given image.++## Proposal++* `oc adm release mirror` writes an ICSP file to the current directory or wherever you specify +* Add logic to `oc adm release` to become aware of ICSP in cluster+* Add logic to `oc adm release` to use the ICSP to complete extracts, mirroring, must-gather++## User Stories++A user runs:+1. `oc adm must-gather`+    * `oc` will look for ICSP from cluster (no flag necessary here, since this cmd is always run while connected to a cluster) and will use the mirror from ICSP to launch the must-gather pod.  If no ICSP found, will look in `-n openshift` for must-gather imagestream.+2. `oc adm release extract --tools registry.example.com/repo/release:tag`+    * `oc` will look for ICSP and if found, will extract from the ICSP mirror (aregistry/arepo/release:tag-toolsha) rather than from the image reference that the user will not+    have access to if in disconnected environment.  If ICSP not found, will extract from the user-given registry.example.com/repo/tool:digest.  +    If neither of these succeed, will proceed to use the image-reference from the user-given image.  The extract will succeed if user has access and permission to the

So, if a user has mirrored an image from quay.io/openshift-release-dev/ocp-release:tag to repo/release/ocp:tag then w/out this PR, when you extract from repo/release/ocp:tag oc adm release extract only extracts from the original, quay.io/openshift-release-dev/ocp-release:tag.

With this PR, result of a user running: $ oc adm release extract --tools repo/release/ocp:tag will be:

  1. Try to extract from ICSP file or ICSP from connected cluster
  2. Try to extract from user-given release ( repo/release/ocp:tag )
  3. If those fail, then fall to extract from the image reference (the original image) . This may or may not succeed, depending on if you have access to that registry thru pull-secret/reg credentials.
sallyom

comment created time in 5 days

push eventironcladlou/openshift4-libvirt-gcp

Sally O'Malley

commit sha 707011ec9079e0d94f9360d5482d29a2f2320a70

update okd release to 4.5.0-0.okd-2020-06-29-110348-beta6

view details

push time in 5 days

push eventsallyom/openshift4-libvirt-gcp

Sally O'Malley

commit sha 707011ec9079e0d94f9360d5482d29a2f2320a70

update okd release to 4.5.0-0.okd-2020-06-29-110348-beta6

view details

push time in 5 days

push eventironcladlou/openshift4-libvirt-gcp

Sally O'Malley

commit sha 754112a978d74f795f8a82f29e515db16ad4432b

update okd release to 4.5.0-0.okd-2020-06-29-110348-beta6

view details

push time in 6 days

push eventsallyom/openshift4-libvirt-gcp

Sally O'Malley

commit sha 754112a978d74f795f8a82f29e515db16ad4432b

update okd release to 4.5.0-0.okd-2020-06-29-110348-beta6

view details

push time in 6 days

push eventironcladlou/openshift4-libvirt-gcp

Sally O'Malley

commit sha 8d2dbab4da0fe83a701bd555ca5ffe64efe824f7

fix zone

view details

push time in 6 days

push eventsallyom/openshift4-libvirt-gcp

Sally O'Malley

commit sha 8d2dbab4da0fe83a701bd555ca5ffe64efe824f7

fix zone

view details

push time in 6 days

pull request commentopenshift/installer

Remove the need for externally built libvirt CI images.

Why would the installer team maintain this in the installer repo?

The 2 files here (provision-host.sh) and (create-cluster) are exactly what is required to run a libvirt install on a rhel8.2 host. Every time there is a change in the installer repository specific to libvirt, these scripts have to be modified. This is best tracked in the installer repository. By building the image and running the setup that is documented in the installer repository (which is exactly what is in the 2 scripts), the installer team can ensure the libvirt environment is always working.

sallyom

comment created time in 6 days

Pull request review commentopenshift/installer

Remove the need for externally built libvirt CI images.

+#!/bin/bash

these 2 files (provision-host and create-cluster) will be copied from the libvirt-installer image to the gcp instance launched through CI.

sallyom

comment created time in 6 days

Pull request review commentopenshift/installer

Remove the need for externally built libvirt CI images.

+#!/bin/bash

I've been maintaining it for the past several months.

sallyom

comment created time in 6 days

Pull request review commentopenshift/installer

Remove the need for externally built libvirt CI images.

+#!/bin/bash

This file will be scp'd to the gcp instance where the libvirt install runs. Why not keep it in this repository, since the installer team should be the ones who maintain it?

sallyom

comment created time in 6 days

push eventsallyom/release

Sally O'Malley

commit sha 059e9a55fbdeaf5a3bdcd3b84800c442be3f8d5f

update libvirt template, extract installer from RELEASE_IMAGE_LATEST

view details

Sally O'Malley

commit sha 202882553d578d9830f313027428bc4b20105f03

REMOVE: test commit w/ curl files

view details

push time in 6 days

push eventsallyom/installer

Sally O'Malley

commit sha 0f10c0266c00aec700bd2572b064b58d4cbb0f5f

Remove the need for externally built libvirt CI images. Currently, libvirt testing requires images built outside of CI, and not maintained by the installer team. These images are built manually with packer out of https://github.com/ironcladlou/openshift4-libvirt-gcp/blob/rhel8/IMAGES.md Instead, the provision script that is run when creating these external images should be maintained here, and kept in line with any changes or updates in the installer repository. Also baked into the libvirt CI images is a script that runs the install. This also should live here and be maintained by the installer team. There will be a transition period in the libvirt test environment while these scripts are moved from external images to the libvirt-installer image. Once the transition is complete, the libvirt-installer image no longer has to build the installer (saving time in the CI tests). Instead, the installer will be extracted from the provided release image (in CI, it's `${RELEASE_IMAGE_LATEST}`).

view details

push time in 6 days

push eventsallyom/release

Sally O'Malley

commit sha 4058ddccffee069a999fccff2cca082fdfaa3aa5

update libvirt template, extract installer from RELEASE_IMAGE_LATEST

view details

Sally O'Malley

commit sha 15ddbd1ddd1c2ae13cfb0e32eb1978599d38ffac

REMOVE: test commit w/ curl files

view details

push time in 6 days

push eventsallyom/release

Sally O'Malley

commit sha c9d764ef45ab62ff8a8f713953ece7f4f492b855

REMOVE: test commit w/ curl files

view details

push time in 6 days

push eventsallyom/installer

Sally O'Malley

commit sha b03fc2a6f2ed189efde11e67984672552aad5961

Remove the need for externally built libvirt CI images. Currently, libvirt testing requires images built outside of CI, and not maintained by the installer team. These images are built manually with packer out of https://github.com/ironcladlou/openshift4-libvirt-gcp/blob/rhel8/IMAGES.md Instead, the provision script that is run when creating these external images should be maintained here, and kept in line with any changes or updates in the installer repository. Also baked into the libvirt CI images is a script that runs the install. This also should live here and be maintained by the installer team. There will be a transition period in the libvirt test environment while these scripts are moved from external images to the libvirt-installer image. Once the transition is complete, the libvirt-installer image no longer has to build the installer (saving time in the CI tests). Instead, the installer will be extracted from the provided release image (in CI, it's `${RELEASE_IMAGE_LATEST}`).

view details

push time in 6 days

push eventsallyom/release

Sally O'Malley

commit sha 867a0fe328ce02382932d73ae5482e79ac286871

update libvirt template, extract installer from RELEASE_IMAGE_LATEST

view details

Sally O'Malley

commit sha 00f88a4543ff8fc04352aed917775422d78df0c1

REMOVE: test commit w/ curl files

view details

push time in 6 days

push eventsallyom/release

Sally O'Malley

commit sha c79144fdabd105e6ca966ec249746e404a179a68

REMOVE: test commit w/ curl files

view details

push time in 6 days

push eventsallyom/release

Sally O'Malley

commit sha dd515ae096fdb9eff2eac8329b26714c331d6ab9

REMOVE: test commit w/ curl files

view details

push time in 6 days

push eventsallyom/release

Sally O'Malley

commit sha 7744f88b6ee31e5d2f459c17cd1bfe826617c9d4

update libvirt template, extract installer from RELEASE_IMAGE_LATEST

view details

Sally O'Malley

commit sha ef9616e910acf6358da4087b8696871776ce93ec

REMOVE: test commit w/ curl files

view details

push time in 6 days

pull request commentopenshift/release

WIP: Update libvirt template, extract installer from RELEASE_IMAGE_LATEST

/hold

until I figure out order of changes that need to merge

sallyom

comment created time in 6 days

PR opened openshift/release

WIP: Update libvirt template, extract installer from RELEASE_IMAGE_LATEST

This PR depends on https://github.com/openshift/installer/pull/3812 and will require some coordination.

+46 -38

0 comment

1 changed file

pr created time in 6 days

create barnchsallyom/release

branch : update-libvirt-e2e-template

created branch time in 6 days

push eventsallyom/installer

Sally O'Malley

commit sha 52880097162a8d443522ff643a12e921f2867372

Remove the need for externally built libvirt CI images. Currently, libvirt testing requires images built outside of CI, and not maintained by the installer team. These images are built manually with packer out of https://github.com/ironcladlou/openshift4-libvirt-gcp/blob/rhel8/IMAGES.md Instead, the provision script that is run when creating these external images should be maintained here, and kept in line with any changes or updates in the installer repository. Also baked into the libvirt CI images is a script that runs the install. This also should live here and be maintained by the installer team. There will be a transition period in the libvirt test environment while these scripts are moved from external images to the libvirt-installer image. Once the transition is complete, the libvirt-installer image no longer has to build the installer (saving time in the CI tests). Instead, the installer will be extracted from the provided release image (in CI, it's `${RELEASE_IMAGE_LATEST}`).

view details

push time in 6 days

PR opened openshift/installer

Remove the need for externally built libvirt CI images.

Currently, libvirt testing requires images built outside of CI, and not maintained by the installer team. These images are built manually with packer out of https://github.com/ironcladlou/openshift4-libvirt-gcp/blob/rhel8/IMAGES.md Instead, the provision script that is run when creating these external images should be maintained here, and kept in line with any changes or updates in the installer repository.

Also baked into the libvirt CI images is a script that runs the install. This also should live here and be maintained by the installer team.

There will be a transition period in the libvirt test environment while these scripts are moved from external images to the libvirt-installer image. Once the transition is complete, the libvirt-installer image no longer has to build the installer (saving time in the CI tests). Instead, the installer will be extracted from the provided release image (in CI, it's ${RELEASE_IMAGE_LATEST}).

+197 -1

0 comment

4 changed files

pr created time in 6 days

create barnchsallyom/installer

branch : libvirt-ci-update

created branch time in 6 days

push eventsallyom/installer

David Igou

commit sha 02e050f30658d2e168e9f430b63509ccec1c9cde

upi: update upi/vsphere/README.md Clarify that a DHCP server is still required at the beginning of the installation to download the ignition files. In response to #2552

view details

David Eads

commit sha 5259a9d0abd106a22a1a9e627ea2c3befa3babbf

bootstrap: restore 30 minute bootstrap timeout We made improvements in the etcd operator to bring the bootstrap timeout back to 30 minutes.

view details

Dan Winship

commit sha 4a9769fbffb04b8c6fada6acc19c5707d35d4cec

Give a proper error when misusing OPENSHIFT_INSTALL_AZURE_EMULATE_SINGLESTACK_IPV6

view details

Martin André

commit sha 1aedcd8aa9d10e91537786c8314b8cb52b3492b7

OpenStack: Remove DNS VIP Depends on https://github.com/openshift/machine-config-operator/pull/1666

view details

Adrian Moreno

commit sha 7827bab98c2b8fe474d523fe2ee0bb4ec5bd6d39

GCP: add support for image licenses Add an optional parameter in the GCP install-config that contains a list of license URLs to be added to the compute image Credits: Based on the work by Colin Walters Signed-off-by: Adrian Moreno <amorenoz@redhat.com>

view details

W. Trevor King

commit sha 0344dd85c45262066cb1326c3cb60c679809b3e1

cmd/openshift-install: Drop unused 'directory' arguments Looks like I forgot to clean these up when pivoting from destroyBootstrap to waitForBootstrapComplete and removing the only directory consumer in bfc40f87fb (cmd/openshift-install/upi: Add a user-provided-infrastructure subcommand, 2019-03-08, #1393).

view details

Aditya Narayanaswamy

commit sha 54bf1a1c477809e61405c1c96ebceac19c07d9a6

wait-for install-complete: Fix re-generation of install config If the cluster is created and the wait-for install-complete command is called to check the status, the installer checks if the install config exists to get the platform information to set the timeout for baremetal clusters a little higher. Since the install config is consumed during the cluster creation, the installer will then start to re-generate the install config and ask the user to provide the information again. Modified the platform information gathering to only pick the information up only if the information is available and if it does not exist, set the timeout value to the maximum value required as default. This will now avoid re-generation of the install config.

view details

wjiang

commit sha b97603c48d1e4083510651c9366974c9b91edf01

[UPI on OSP] make remove network and port more faster Merge ports deletion requests to one instead of deleting one by one to save time. And also for networks

view details

Fabiano Franz

commit sha 7dc9e73a3a917b49e9b6b3b42bdce5641a985ef2

Upgrade terraform-provider-azurerm to v2.8.0 from the openshift fork

view details

Fabiano Franz

commit sha 223b26de125b82af9c7075fe59a7cb9fa7467760

Remove deprecated fields from Azure Terraform templates

view details

Fabiano Franz

commit sha aae2b9eee4f241bc58617260dea67e64d68419c2

Migrate Azure TF templates: azurerm_virtual_machine -> azurerm_linux_virtual_machine

view details

karmab

commit sha c27a3b9676d77d70443d05e56cd00bfba83e65e4

Baremetal: allow bootstrap vm to use libvirt networks

view details

Russell Teague

commit sha 4b89a1aeee8ed7a89fcce0520a3b8f6a26aadef1

upi/aws/cloudformation: Define healthcheck probes for LBs Probes for internal and external endpoints should use "/readyz"

view details

OpenShift Merge Robot

commit sha 45c3614f95b78cf0c693ab9ee03b2de60d3acbc5

Merge pull request #3532 from wking/drop-unused-wait-dir cmd/openshift-install: Drop unused 'directory' arguments

view details

OpenShift Merge Robot

commit sha 20e472f69982c1d10e6e978c98f77a79acf5fb1c

Merge pull request #3133 from deads2k/bootstrap-faster bootstrap: restore 30 minute bootstrap timeout

view details

staebler

commit sha 419d5bf1acbcc21f847355395705a5e3494dabc2

support for other Azure cloud environments Add the `azure.cloudName` field to the installconfig. This field directs which Azure cloud environment is used for the cluster. The `status.platformStatus.azure.cloudName` field is set in the infrastructure.config.openshift.io resource to match the cloud name configured in the installconfig. The `cloud` field is set in the cloud-provider-config ConfigMap to match the cloud name configured in the installconfig. See https://github.com/openshift/enhancements/pull/321 https://issues.redhat.com/browse/CORS-1442

view details

staebler

commit sha 8f798c862cee63935abc579cc7a918e3b9835324

support for installer connecting to other Azure cloud environments Use the cloud name specified in the installconfig to have the installer, destroyer, and terraform connect to the correct Azure cloud environment. https://issues.redhat.com/browse/CORS-1442

view details

staebler

commit sha 833be8c75f728612f1554fece43d901f1d19731f

vendor: bump github.com/openshift/api version Bump to the latest github.com/openshift/api version in order to pick up changes to the infrastructure.config.openshift.io type for supporting other Azure cloud environments. Changes from openshift/api#650. https://issues.redhat.com/browse/CORS-1442

view details

OpenShift Merge Robot

commit sha 81ca4f2a0e73c4f7872f416a73b257bf0a318e74

Merge pull request #3691 from karmab/baremetal_bridges baremetal: allow bootstrap vm to use libvirt nat networks

view details

OpenShift Merge Robot

commit sha 96bcb39151610592d25f52f6c24786e64e446c95

Merge pull request #3526 from fabianofranz/cors-1422-2.x-azure-terraform-provider Upgrade Azure Terraform provider to v2.x.x

view details

push time in 6 days

Pull request review commentopenshift/release

Covert libvirt template to workflow

+#!/bin/bash+set -euo pipefail++trap 'CHILDREN=$(jobs -p); if test -n "${CHILDREN}"; then kill ${CHILDREN} && wait; fi' TERM++INSTANCE_PREFIX="${NAMESPACE}"-"${JOB_NAME_HASH}"++mkdir -p "${HOME}"/.ssh+mock-nss.sh++# gcloud compute will use this key rather than create a new one+cp "${CLUSTER_PROFILE_DIR}"/ssh-privatekey "${HOME}"/.ssh/google_compute_engine+chmod 0600 "${HOME}"/.ssh/google_compute_engine+cp "${CLUSTER_PROFILE_DIR}"/ssh-publickey "${HOME}"/.ssh/google_compute_engine.pub++# Copy pull secret to user home+cp "${CLUSTER_PROFILE_DIR}"/pull-secret "${HOME}"/pull-secret++gcloud auth activate-service-account --quiet --key-file "${CLUSTER_PROFILE_DIR}"/gce.json+gcloud --quiet config set project "${GOOGLE_PROJECT_ID}"+gcloud --quiet config set compute/zone "${GOOGLE_COMPUTE_ZONE}"+gcloud --quiet config set compute/region "${GOOGLE_COMPUTE_REGION}"+++LD_PRELOAD=/usr/lib64/libnss_wrapper.so gcloud compute scp \+  --quiet \+  --project "${GOOGLE_PROJECT_ID}" \+  --zone "${GOOGLE_COMPUTE_ZONE}" \+  --recurse /bin/openshift-install packer@"${INSTANCE_PREFIX}":/home/packer/openshift-install

When this merges and images are updated, this can go away #L25-29

praveenkumar

comment created time in 8 days

Pull request review commentopenshift/release

Covert libvirt template to workflow

+#!/bin/bash+set -euo pipefail++trap 'CHILDREN=$(jobs -p); if test -n "${CHILDREN}"; then kill ${CHILDREN} && wait; fi' TERM++INSTANCE_PREFIX="${NAMESPACE}"-"${JOB_NAME_HASH}"++mkdir -p "${HOME}"/.ssh+mock-nss.sh++# gcloud compute will use this key rather than create a new one+cp "${CLUSTER_PROFILE_DIR}"/ssh-privatekey "${HOME}"/.ssh/google_compute_engine+chmod 0600 "${HOME}"/.ssh/google_compute_engine+cp "${CLUSTER_PROFILE_DIR}"/ssh-publickey "${HOME}"/.ssh/google_compute_engine.pub++# Copy pull secret to user home+cp "${CLUSTER_PROFILE_DIR}"/pull-secret "${HOME}"/pull-secret++gcloud auth activate-service-account --quiet --key-file "${CLUSTER_PROFILE_DIR}"/gce.json+gcloud --quiet config set project "${GOOGLE_PROJECT_ID}"+gcloud --quiet config set compute/zone "${GOOGLE_COMPUTE_ZONE}"+gcloud --quiet config set compute/region "${GOOGLE_COMPUTE_REGION}"+++LD_PRELOAD=/usr/lib64/libnss_wrapper.so gcloud compute scp \+  --quiet \+  --project "${GOOGLE_PROJECT_ID}" \+  --zone "${GOOGLE_COMPUTE_ZONE}" \+  --recurse /bin/openshift-install packer@"${INSTANCE_PREFIX}":/home/packer/openshift-install++LD_PRELOAD=/usr/lib64/libnss_wrapper.so gcloud compute scp \+  --quiet \+  --project "${GOOGLE_PROJECT_ID}" \+  --zone "${GOOGLE_COMPUTE_ZONE}" \+  --recurse "${HOME}"/pull-secret packer@"${INSTANCE_PREFIX}":/home/packer/pull-secret++LD_PRELOAD=/usr/lib64/libnss_wrapper.so gcloud compute --project "${GOOGLE_PROJECT_ID}" ssh \+  --zone "${GOOGLE_COMPUTE_ZONE}" \+  packer@"${INSTANCE_PREFIX}" \+  --command 'sudo mv /home/packer/openshift-install /usr/local/bin/openshift-install'++set +x+echo "Will now launch libvirt cluster in the gce instance with ${RELEASE_IMAGE_LATEST}"+# Install allows up to 30min beyond than what installer allows by default. In the create-cluster script+# see the `wait-for install-complete` added here: https://github.com/ironcladlou/openshift4-libvirt-gcp/blob/rhel8/tools/create-cluster+# https://github.com/openshift/installer/issues/3043+LD_PRELOAD=/usr/lib64/libnss_wrapper.so gcloud compute --project "${GOOGLE_PROJECT_ID}" ssh \+  --zone "${GOOGLE_COMPUTE_ZONE}" \+  packer@"${INSTANCE_PREFIX}" \+  --command "export OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE=${RELEASE_IMAGE_LATEST} OPENSHIFT_INSTALL_INVOKER=openshift-internal-ci/${JOB_NAME}/${BUILD_ID} && timeout 150m bash -ce \"create-cluster installer\""

When this merges and images are updated, #L50 will be this: --command "export RELEASE_IMAGE=${RELEASE_IMAGE_LATEST} OPENSHIFT_INSTALL_INVOKER=openshift-internal-ci/${JOB_NAME}/${BUILD_ID} && timeout 150m bash -ce \"create-cluster installer\""

praveenkumar

comment created time in 8 days

Pull request review commentopenshift/release

Covert libvirt template to workflow

+#!/bin/bash+set -euo pipefail++trap 'CHILDREN=$(jobs -p); if test -n "${CHILDREN}"; then kill ${CHILDREN} && wait; fi' TERM++INSTANCE_PREFIX="${NAMESPACE}"-"${JOB_NAME_HASH}"++mkdir -p "${HOME}"/.ssh+mock-nss.sh++# gcloud compute will use this key rather than create a new one+cp "${CLUSTER_PROFILE_DIR}"/ssh-privatekey "${HOME}"/.ssh/google_compute_engine+chmod 0600 "${HOME}"/.ssh/google_compute_engine+cp "${CLUSTER_PROFILE_DIR}"/ssh-publickey "${HOME}"/.ssh/google_compute_engine.pub++# Copy pull secret to user home+cp "${CLUSTER_PROFILE_DIR}"/pull-secret "${HOME}"/pull-secret++gcloud auth activate-service-account --quiet --key-file "${CLUSTER_PROFILE_DIR}"/gce.json+gcloud --quiet config set project "${GOOGLE_PROJECT_ID}"+gcloud --quiet config set compute/zone "${GOOGLE_COMPUTE_ZONE}"+gcloud --quiet config set compute/region "${GOOGLE_COMPUTE_REGION}"+++LD_PRELOAD=/usr/lib64/libnss_wrapper.so gcloud compute scp \+  --quiet \+  --project "${GOOGLE_PROJECT_ID}" \+  --zone "${GOOGLE_COMPUTE_ZONE}" \+  --recurse /bin/openshift-install packer@"${INSTANCE_PREFIX}":/home/packer/openshift-install++LD_PRELOAD=/usr/lib64/libnss_wrapper.so gcloud compute scp \+  --quiet \+  --project "${GOOGLE_PROJECT_ID}" \+  --zone "${GOOGLE_COMPUTE_ZONE}" \+  --recurse "${HOME}"/pull-secret packer@"${INSTANCE_PREFIX}":/home/packer/pull-secret++LD_PRELOAD=/usr/lib64/libnss_wrapper.so gcloud compute --project "${GOOGLE_PROJECT_ID}" ssh \+  --zone "${GOOGLE_COMPUTE_ZONE}" \+  packer@"${INSTANCE_PREFIX}" \+  --command 'sudo mv /home/packer/openshift-install /usr/local/bin/openshift-install'

When this merges and images are updated, this can go away #L37-40

praveenkumar

comment created time in 8 days

Pull request review commentopenshift/release

Covert libvirt template to workflow

+#!/bin/bash+set -euo pipefail++trap 'CHILDREN=$(jobs -p); if test -n "${CHILDREN}"; then kill ${CHILDREN} && wait; fi' TERM++INSTANCE_PREFIX="${NAMESPACE}"-"${JOB_NAME_HASH}"++mkdir -p "${HOME}"/.ssh+mock-nss.sh++# gcloud compute will use this key rather than create a new one+cp "${CLUSTER_PROFILE_DIR}"/ssh-privatekey "${HOME}"/.ssh/google_compute_engine+chmod 0600 "${HOME}"/.ssh/google_compute_engine+cp "${CLUSTER_PROFILE_DIR}"/ssh-publickey "${HOME}"/.ssh/google_compute_engine.pub++# Copy pull secret to user home+cp "${CLUSTER_PROFILE_DIR}"/pull-secret "${HOME}"/pull-secret++gcloud auth activate-service-account --quiet --key-file "${CLUSTER_PROFILE_DIR}"/gce.json+gcloud --quiet config set project "${GOOGLE_PROJECT_ID}"+gcloud --quiet config set compute/zone "${GOOGLE_COMPUTE_ZONE}"+gcloud --quiet config set compute/region "${GOOGLE_COMPUTE_REGION}"+++LD_PRELOAD=/usr/lib64/libnss_wrapper.so gcloud compute scp \+  --quiet \+  --project "${GOOGLE_PROJECT_ID}" \+  --zone "${GOOGLE_COMPUTE_ZONE}" \+  --recurse /bin/openshift-install packer@"${INSTANCE_PREFIX}":/home/packer/openshift-install

https://github.com/ironcladlou/openshift4-libvirt-gcp/pull/33

praveenkumar

comment created time in 8 days

push eventsallyom/openshift4-libvirt-gcp

Sally O'Malley

commit sha 0788bb5830239621ce2e79397f851fc9b08da467

downgrade qemu-kvm and set network in image builds

view details

push time in 8 days

push eventsallyom/openshift4-libvirt-gcp

Sally O'Malley

commit sha e2800e85fdc98e1730cced20ccf2f685b944bf95

extract installer binary, instead of OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE and use pre-configured network.

view details

Sally O'Malley

commit sha cf4656a89b614aab340c3346a1db0231cfca786a

downgrade qemu-kvm and set network in image builds

view details

push time in 8 days

push eventsallyom/openshift4-libvirt-gcp

Sally O'Malley

commit sha 845ff3684adb32e887209c1c3a73270596c0bf74

extract installer binary, instead of OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE and use pre-configured network.

view details

push time in 8 days

PR opened ironcladlou/openshift4-libvirt-gcp

extract installer binary, instead OVERRIDE and use pre-configured network.

This PR:

  • Updates create-cluster to extract the libvirt installer from the given RELEASE_IMAGE, rather than set OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE. Temporarily handle both variables to transition CI and not break libvirt test.
  • Uses a pre-configured, shared network & subnet with firewall rules set for accessing the gcp instance. This is ocp4-libvirt-dev in the openshift-gce-devel gcp project.
  • Adds a create-network-subnet.sh script in case one does not want to use the shared network.
  • Modifies the create and teardown scripts to remove the network, subnet, firewall creation.
+74 -41

0 comment

7 changed files

pr created time in 8 days

push eventsallyom/release

Ricardo Maraschini

commit sha 006f030ab60f5540e84019d382898e6ab6b014a9

Migrating build to golang-1.13. Dockerfile.rhel on base repository now refers to golang-1.13, updating the AS property here accordingly.

view details

Jeremy Poulin

commit sha 6f2fa9051388409c22be20721a31eadda6fa12f0

Adding repo overrides to supply missing images and bump test coverage

view details

Prashanth Sundararaman

commit sha b7074cb22418f0f6b0054c0aa57a5b1ef07d8b53

Remove "ci" from RELEASE_IMAGE in s390x 4.2/4.3 jobs

view details

Prashanth Sundararaman

commit sha c7dbcc8be393156a52e6d4b1d814335692beb461

Fixes hardcoded libvirt memory override by setting the desired memory and disk using yq. When openshift/installer#3666 lands the job will fail for master as sed script will look for 7168 that it will never find. Making this change to accomodate all releases.

view details

Roy Golan

commit sha 200aa533c372d3f70394ce94bc30eb87f7a1a976

add ovirt/cluster-api-provider to image mirror mapping Signed-off-by: Roy Golan <rgolan@redhat.com>

view details

Alvaro Aleman

commit sha d61e4e8445733574c7d24961797046105c4b4e55

Redirect to app.ci boskos

view details

Gal-Zaidman

commit sha cf4040dd55df676db8688c7b5c06bcffff830b99

oVirt: e2e fix lease/teardown pods race On e2e runs we use a lease pod for getting a boskos lease and a teardown pod for cleaning our CI env. Untill now there is a problem because once the test pod finishes the lease and teardown pods got released at the same time and then a lease can be aquired while the Env didn't finish teardown, which can cause runs to fail due to resources. This commit will make the lease pod exit after the teardown pod has finished teardown Therfor ending the race Signed-off-by: Gal-Zaidman <gzaidman@redhat.com>

view details

Jacob Tanenbaum

commit sha 53ffbef04fc8e6466772f141887239c2b61beb9a

Adding initial e2e test for ovn-kubernetes repo on openstack

view details

Hongkai Liu

commit sha be3f14337c95f504e04fe9c93f99681e7a5d3911

Clean up support-operator usage

view details

Alvaro Aleman

commit sha d142fd5a8f0a639f4099f4459bd3ac150ed8ad2e

Fix typo in dptp-controller-manager rbac

view details

Alvaro Aleman

commit sha da6f93e4a3de370370456765924f8cea40118942

Add build01 and build02 kubeconfigs to pj-reherase

view details

W. Trevor King

commit sha 7b8e5e1e15fc1bb58de5c61527d072e0e3793e51

ci-operator/step-registry/openshift/e2e/test: Add TEST_COMMAND and TEST_SUITE Taking advantage of openhsift/ci-tools@62e7498d66 (ci-operator multi-stage: add step parameters, 2020-05-27, openshift/ci-tools#854). This commit doesn't override the defaults yet, but a useful override would be: TEST_COMMAND=run-upgrade TEST_SUITE=all This replaces test-suite.txt, which landed in a2fd8c3bfb (step-registry: add Origin E2E test step, 2020-01-31, #6965), and also had no consumers.

view details

openshift-bot

commit sha 62429d7843d20579b014670dbe8f28c0fcfbb367

Update prow to v20200616-2b47381ded, and other images as necessary.

view details

Vadim Rutkovsky

commit sha f4f4ccae667a6d59afae3c9563007f6d2ad9b55f

ci-operator/jobs/openshift/release: run e2e tests on machine-os-content promotion for okd

view details

Vadim Rutkovsky

commit sha 7a6bdac465664bc9222637e76397f9a8f018385a

ci-operator/jobs/openshift/release/openshift-release-release-4.5-periodics: DEBUG

view details

Tomas Nozicka

commit sha de84ee4a1a766791b6d707866c35762512ff160a

Fix cluster-config-operator dockerfile name

view details

Tomas Nozicka

commit sha e1e1b274f9306329276045ffbe28102205ef32c4

Fix cluster-config-operator dockerfile name 4.5

view details

flacatus

commit sha 39143e8e9f749d359abfca6137ba64a41896d22a

Onboard devfile organization and add new e2e tests Signed-off-by: flacatus <flacatus@redhat.com>

view details

Tomas Nozicka

commit sha cd7184bc4e461c8ced0b352a5eac0bb13c40a07e

Fix cluster-config-operator dockerfile name 4.4

view details

Tomas Nozicka

commit sha b206f28fe832016a3352f34bf5ecd1b70b6506b1

Fix cluster-config-operator dockerfile name 4.3

view details

push time in 8 days

push eventironcladlou/openshift4-libvirt-gcp

Sally O'Malley

commit sha 0076ec09c0d2b0db09bb7883d010366500b1e7b4

remove pull-secret requirement and use public base image

view details

push time in 8 days

push eventsallyom/openshift4-libvirt-gcp

Sally O'Malley

commit sha 0076ec09c0d2b0db09bb7883d010366500b1e7b4

remove pull-secret requirement and use public base image

view details

push time in 8 days

push eventironcladlou/openshift4-libvirt-gcp

Sally O'Malley

commit sha 534cd4ad033fcf715c17d8cc93511935e219eac1

update to n1-standard-16

view details

Sally O'Malley

commit sha d91edf0c2e28df7015e390b639f883a2dca9faf9

remove pull-secret requirement and use public base image

view details

push time in 9 days

push eventsallyom/openshift4-libvirt-gcp

Sally O'Malley

commit sha d91edf0c2e28df7015e390b639f883a2dca9faf9

remove pull-secret requirement and use public base image

view details

push time in 9 days

pull request commentdevconfcz/devconf

Update DevConf.US FAQs

/lgtm

Thanks @umohnani8!

umohnani8

comment created time in 9 days

Pull request review commentopenshift/release

Add periodic 31-day-cert-recovery

 periodics:+- agent: kubernetes+  cluster: api.ci+  decorate: true+  interval: 48h+  labels:+    ci.openshift.io/release-type: informing+    job-release: "4.5"+    pj-rehearse.openshift.io/can-be-rehearsed: "true"+  name: release-openshift-origin-installer-libvirt-31-day-4.5

yes, done

sallyom

comment created time in 9 days

push eventsallyom/release

Ricardo Maraschini

commit sha 006f030ab60f5540e84019d382898e6ab6b014a9

Migrating build to golang-1.13. Dockerfile.rhel on base repository now refers to golang-1.13, updating the AS property here accordingly.

view details

Alvaro Aleman

commit sha d61e4e8445733574c7d24961797046105c4b4e55

Redirect to app.ci boskos

view details

Aleksandar Kostadinov

commit sha 747c75aa8428d6aca698227d23886bd5e1a92358

permanent pull service account for flexy-containerized CI

view details

Honza Pokorny

commit sha 9358a3203779e911dd7eda0044731dcce15a3445

openshift/baremetal-operator: upgrade golang to 1.14

view details

Alvaro Aleman

commit sha bac4fbd46dccb0479613bccdbc15b8948c53eba1

Move release-controller to app.ci

view details

Roy Golan

commit sha 3da64ae812c3de467d18fed486183537e1e8092b

Job configs for openshift/ovirt-csi-driver-operator Signed-off-by: Roy Golan <rgolan@redhat.com>

view details

Hongkai Liu

commit sha f18d3988505294baf7b9d3d8171cc854c1331486

Recover optional fields for 4.5 jobs

view details

Hongkai Liu

commit sha 79a1eb1870e01c25a965a9bfcaf53c94798d1086

Do not remove manually-added `optional: true`

view details

Hongkai Liu

commit sha 541b36590ba205491f171c4707c323951a9d37ba

Populate secret cert-issuer on build01

view details

OpenShift Merge Robot

commit sha 6a2286003dca925c217fee42a89246f321c4641f

Merge pull request #9862 from hongkailiu/cert_manager_build01_b Populate secret cert-issuer on build01

view details

Artyom Lukianov

commit sha 1e7c08405683d593220a195fb2561dfd85693403

Update the PAO master job to work with 4.6 Signed-off-by: Artyom Lukianov <alukiano@redhat.com>

view details

Federico Paolinelli

commit sha fcd82b9ed673ff83e363cafe460d474af0bcaf09

Add a job running e2e tests for network metrics daemon. Now that e2e tests are being added to the daemon, it's nice to run them as part of CI. Signed-off-by: Federico Paolinelli <fpaoline@redhat.com>

view details

OpenShift Merge Robot

commit sha f2410a10bc9b461534161969571565e9563cd129

Merge pull request #9865 from cynepco3hahue/update_pao_job Update the PAO master job to work with 4.6

view details

Bruno Barcarol Guimarães

commit sha ad6dc5d858ff96aeb2f71ae75843133337067819

Move `e2e-gcp-image-ecosystem` to multi-stage

view details

Bruno Barcarol Guimarães

commit sha 2829c6f1bb47dd706c48cabdec699e7acc770606

Move `e2e-aws-image-registry` to multi-stage

view details

Amol Gautam

commit sha 96606a6d932f7ac17d91ccd33e2aeb21994b7254

Add aws-account-shredder to Openshift CI (#9816) * Add aws-account-operator to Openshift CI * Add aws-account-operator to Openshift CI * Add aws-account-operator to Openshift CI * Add aws-account-operator to Openshift CI * Add aws-account-operator to Openshift CI * Add aws-account-operator to Openshift CI * Add aws-account-operator to Openshift CI

view details

OpenShift Merge Robot

commit sha fed7e79b9e4d215a01201892b45b7c37b5e609dc

Merge pull request #9849 from alvaroaleman/release-controller Move release-controller to app.ci

view details

Alvaro Aleman

commit sha 0d6e1a28e54f9bf959cd86667fc6ae776e3823be

Fix args for ppc64/s390x release-controllers

view details

Alvaro Aleman

commit sha 4e4e8f261f7e1c2ad035316656d2a45f439ea448

Release-controllers: Add missing service

view details

OpenShift Merge Robot

commit sha 47156d34e639a9de74ab833d0170bb9dd7d0dfe8

Merge pull request #9868 from alvaroaleman/fix-4 Fix args for ppc64/s390x release-controllers and add missing svcs

view details

push time in 9 days

push eventironcladlou/openshift4-libvirt-gcp

Sally O'Malley

commit sha db9ce3e1cf9ca6880abf99c528a7d37b7061a414

add git ref to clone installer

view details

Sally O'Malley

commit sha 38c9b5081facd0316344b62bd3ada6e4ef827f41

document that google project is configurable and install kubectl

view details

Sally O'Malley

commit sha 5963aaa0de1ca02faa6de504220e1854cd2f51f7

update provision.sh to generate install-config without env vars

view details

Sally O'Malley

commit sha 4fc731ad9fff96e9d79f0aba94f8ad90fa835357

edit baseDomain, create openshift.conf not tectonic.conf

view details

Sally O'Malley

commit sha b4890ff059556f6fa7861a114d8352e1261f9eb3

update install-config.yml|yaml, and TAGS=libvirt_destroy|libvirt

view details

Sally O'Malley

commit sha 5f8b4a591778dc0f7f019a38ffd86d4631175b7a

add machineCIDR to install-config

view details

Sally O'Malley

commit sha fd2bd000921a3bdd2f3c8093c3f6a321fd7b4d9c

add install-config-version v1beta1

view details

Sally O'Malley

commit sha a34b5d31bf0568cb4366805fc71657f234de306d

updates install-config.yaml

view details

Praveen Kumar

commit sha 0390ba45c046f903ac786f67d1a78d72cac0b73f

provision.sh: Add yq binary and domain entry to NM configuration Right now auth route is not accessible by default and need to be add as part of NetworkManager configuration. Also to make this whole route stuff works with libvirt we need to add a different domain `.apps.openshift.testing`. (Tested with installer 0.14.0 tag)

view details

Zeeshan Ali

commit sha 9e27af91b1e32389491f15b625c459914a69dfb9

Link to console issue Link to the console issue we're working around with editing of ingress config file.

view details

Praveen Kumar

commit sha 21815186eac37ff117384fb5a500c4a8da2a0464

tools/create-cluster: Remove tee from cluster create We don't need to redirect the logs since now installer auto create it under $INSTALL_DIR/.openshift_install.log file

view details

Praveen Kumar

commit sha d9fc1789da2e5bacf58f9f62b7ee65b91fe0160a

Update installconfig for installer. - Update the oc version which have must-gather tooling now.

view details

Praveen Kumar

commit sha e5446b9ddc01c9e5294ca5e21e8a27b9470873c1

RHEL-8 VM config update for GCP nested virt

view details

Praveen Kumar

commit sha 71ad8a9ed29f3330fa282bb9edbb9f3b2e56c63a

Put rich firewall rules instead iptables. - Updated the oc version with latest release. - Removed selinux disabling part

view details

Sally O'Malley

commit sha 8ad068122609bc1fe243a256890315bafcff44b5

update go, clients, install-config, provision.sh

view details

Sally O'Malley

commit sha 0b4e858973de6345a9469cb8238eede74bc60d5d

configure 1 worker, update README to add firewall, subnet

view details

Sally O'Malley

commit sha 2384a70a0add056fa640d8d9dcc8f3e1a1ffa5ec

add release override instruction, add README instructions for teardown, teardown script

view details

Sally O'Malley

commit sha a83c85a83f9c4dc1d6b343a0e6c7666004388aa9

scripts updates: 1) set libvirt master memory via machineconfigs 2) add wait-for installer-complete 3) ensure OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE is set when running create-cluster 4) retry with scp copy in create-gcp-resources script 5) pretty colors in create/teardown scripts, README update

view details

Sally O'Malley

commit sha e1e2ea97488ffab3ee68010c5da9480984fa7b60

Merge pull request #31 from sallyom/master rhel8 branch -> master branch

view details

push time in 11 days

PR merged ironcladlou/openshift4-libvirt-gcp

Reviewers
rhel8 branch -> master branch

rhel8 branch is where development has been, master branch has not been maintained. Make master branch rhel8, and from here on out, develop on master branch.

/assign @praveenkumar

+214 -103

2 comments

10 changed files

sallyom

pr closed time in 11 days

push eventsallyom/oc

Maciej Szulik

commit sha 71d0970ecf7dca78d9f84e9ee14b5d287fa40547

Write a proper readme

view details

OpenShift Merge Robot

commit sha 7762806d2191ee4880307cf5973a1b7fe916d6d9

Merge pull request #464 from soltysh/readme Write a proper readme

view details

Stanislav Laznicka

commit sha 9401cfbfc99ad4576a5c18613be8931f4dd13a3f

allow switching project even to users outside self-provisioner role (revert) This reverts commit f7d2755ed11135de6f40f82ec24ad91a4fd71fad.

view details

OpenShift Merge Robot

commit sha 024bef381e92875c8b929bf1d79681757fc34f62

Merge pull request #476 from stlaz/revert_project_switch Bug 1849983: allow switching project even to users outside self-provisioner role (revert)

view details

push time in 11 days

Pull request review commentopenshift/oc

Bug 1823143: Implement enhancement for "Add ImageContentSource awareness to oc"

 func printImageContentInstructions(out io.Writer, from, to string, signatureToDi 	} 	delete(unstructuredObj.Object["metadata"].(map[string]interface{}), "creationTimestamp") -	icspExample, err := yaml.Marshal(unstructuredObj.Object)+	icspDataBytes, err := yaml.Marshal(unstructuredObj.Object) 	if err != nil {-		return fmt.Errorf("Unable to marshal ImageContentSourcePolicy example yaml: %v", err)+		return fmt.Errorf("Unable to marshal ImageContentSourcePolicy yaml: %v", err)+	}+	icspFile := o.ICSPTo

The release-signature configmap change that writes the configmap to disk added a flag, release-image-signature-to-dir that I modified in this PR to release-image-config-dir so it can be dual purpose. This requires a change to current users, though, so we might want to keep the release-image-signature-to-dir and add a new flag for the icsp-to-dir.

sallyom

comment created time in 11 days

push eventsallyom/oc

Sally O'Malley

commit sha ee99e9512b3b008e750de9bb18795735017056e6

Bug 1823143: add logic to set registry/repository/name instead of only using image references for 'oc adm release ...' commands 1. Try to gather image source info from ImageContentSourcePolicy, if this doesn't succeed go to 2. 2. Set the registry/repo/name to be that of user-given release rather than its refs. If image not found, go to 3. 3. Use the image-references from given release. This will succeed if user has access to the image-reference registry. When working with mirrored release payloads, a release from a mirrored registry, mylocalregistry/ocp/release:4.5.0-0.nightly-2020-04-18-093630 mirrored from registry.svc.ci.openshift.org/ocp/release:4.5.0-0.nightly-2020-04-18-093630 - Both reference 'quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2eb0a51...'. In case of disconnected, oc will use 'mylocalregistry/ocp/release' instead of 'quay.io/openshift-release-dev/ocp-v4.0-art-dev' _or_ will get image source information from ICSP in cluster.

view details

Sally O'Malley

commit sha d5da493c40f73c07d320d524af4476e76b07dd10

error if passed icsp-file but did not verify image source

view details

Sally O'Malley

commit sha 09c961d059f8fa7a0c33ca69d19e054099116904

join icps-to and release-image-signature-to-dir flags into --release-image-config-dir

view details

push time in 11 days

Pull request review commentopenshift/oc

Bug 1823143: Implement enhancement for "Add ImageContentSource awareness to oc"

 func (i *ReleaseInfo) Platform() string { }  func (o *InfoOptions) LoadReleaseInfo(image string, retrieveImages bool) (*ReleaseInfo, error) {+	opts := extract.NewOptions(genericclioptions.IOStreams{Out: o.Out, ErrOut: o.ErrOut})+	opts.SecurityOptions = o.SecurityOptions+	opts.ImageSourceOptions = o.ImageSourceOptions+	opts.FileDir = o.FileDir++	setPrefix, imageSources, err := imagemanifest.GetImageSourcePrefixes(opts.ImageSourceOptions.ImageContentSourcePolicyList, image)

moved setPrefix to useImageContentSources

sallyom

comment created time in 11 days

Pull request review commentopenshift/oc

Bug 1823143: Implement enhancement for "Add ImageContentSource awareness to oc"

+package manifest++import (+	"context"+	"fmt"+	"io/ioutil"++	"github.com/spf13/pflag"++	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"+	kruntime "k8s.io/apimachinery/pkg/runtime"+	"k8s.io/klog"+	kcmdutil "k8s.io/kubectl/pkg/cmd/util"++	operatorv1alpha1 "github.com/openshift/api/operator/v1alpha1"+	operatorv1alpha1scheme "github.com/openshift/client-go/operator/clientset/versioned/scheme"+	operatorv1alpha1client "github.com/openshift/client-go/operator/clientset/versioned/typed/operator/v1alpha1"+	"github.com/openshift/library-go/pkg/image/reference"+)++// ImageSourceOptions sets correct image source for oc adm commands+type ImageSourceOptions struct {+	ImageContentSourcePolicyFile string+	ImageContentSourcePolicyList []operatorv1alpha1.ImageContentSourcePolicy+}++// Bind adds the options to the flag set.+func (o *ImageSourceOptions) Bind(flags *pflag.FlagSet) {+	flags.StringVar(&o.ImageContentSourcePolicyFile, "icsp-file", o.ImageContentSourcePolicyFile, "Path to an ImageContentSourcePolicy file.  If set, data from this file will be used to set source release image.")+}++// GetICSPs returns a list of ImageContentSourcePolicy objects found from file or from a connected cluster.+func (o *ImageSourceOptions) GetICSPs(f kcmdutil.Factory) error {+	// If ImageContentSourceFile is given, only add ImageContentSource from file, don't search cluster ICSP+	if len(o.ImageContentSourcePolicyFile) != 0 {+		icspData, err := ioutil.ReadFile(o.ImageContentSourcePolicyFile)+		if err != nil {+			return fmt.Errorf("unable to read ImageContentSourceFile %s: %v", o.ImageContentSourcePolicyFile, err)+		}+		if len(icspData) == 0 {+			return fmt.Errorf("no data found in ImageContentSourceFile %s", o.ImageContentSourcePolicyFile)+		}+		icspObj, err := kruntime.Decode(operatorv1alpha1scheme.Codecs.UniversalDeserializer(), icspData)+		if err != nil {+			return fmt.Errorf("error decoding ImageContentSourcePolicy from %s: %v", o.ImageContentSourcePolicyFile, err)+		}+		var icsp *operatorv1alpha1.ImageContentSourcePolicy+		var ok bool+		if icsp, ok = icspObj.(*operatorv1alpha1.ImageContentSourcePolicy); !ok {+			return fmt.Errorf("could not decode ImageContentSourcePolicy from %s", o.ImageContentSourcePolicyFile)+		}+		o.ImageContentSourcePolicyList = append(o.ImageContentSourcePolicyList, *icsp)+		return nil+	}+	restConfig, err := f.ToRESTConfig()+	if err != nil {+		// may or may not be connected to a cluster+		// don't error if can't connect+		klog.V(4).Infof("did not connect to an OpenShift 4.x server")+		return nil+	}+	icspClient, err := operatorv1alpha1client.NewForConfig(restConfig)+	if err != nil {+		// may or may not be connected to a cluster+		// don't error if can't connect+		klog.V(4).Infof("did not connect to an OpenShift 4.x server")+		return nil+	}+	icsps, err := icspClient.ImageContentSourcePolicies().List(context.TODO(), metav1.ListOptions{})+	if err != nil {+		// may or may not have access to ICSPs in cluster+		// don't error if can't access ICSPs

updated the message there.

sallyom

comment created time in 11 days

issue openedironcladlou/openshift4-libvirt-gcp

setup should extract installer rather than build it.

During CI runs, /bin/openshift-install from the libvirt image (binary build w/ libvirt tags) is scp'd over to gcp instance. Instead, the openshift-baremetal-install binary should be extracted from the RELEASE_IMAGE_LATEST (from CI template) and then the OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE is not required.

2 changes then:

  1. the openshift-install build/update is no longer necessary in this setup (see provision.sh) but we need to add a default extracted binary from each release (at time of writing this would be 4.4 or 4.5 release)
  2. CI template/libvirt CI image needs an update (outside of this issue)

created time in 12 days

pull request commentironcladlou/openshift4-libvirt-gcp

rhel8 branch -> master branch

@praveenkumar ok to merge upstream/rhel8 to upstream/master? From here on out, we'll develop on master branch and periodically merge master -> rhel8.

sallyom

comment created time in 12 days

push eventsallyom/openshift4-libvirt-gcp

Zeeshan Ali

commit sha a7c6d1cb2c2e431695cc72a8aa9c8d7187874e15

create-cluster: Wait another 30m for cluster to initialize Seems at the moment we're hitting the 30m timeout almost 100% of the time. Let's ask the installer to wait another 30m if it fails. Once the Installer supports specifying time to wait for, we'll use that here to wait for only 10 additional minutes.

view details

Praveen Kumar

commit sha 5f933363626cea1ad321f25dfae0aabf89c3b62c

Merge pull request #19 from zeenix/wait-longer create-cluster: Wait another 30m for cluster to initialize

view details

Praveen Kumar

commit sha 6a5737b2949a81ae360954072f97c434ccd982a5

Update openshift-client-linux binary which have must-gather fix

view details

Praveen Kumar

commit sha 0fab67912ebc22be3e3afa3be20757cdaac55f29

Merge pull request #20 from praveenkumar/master Update openshift-client-linux binary which have must-gather fix

view details

Praveen Kumar

commit sha 37d79f0f30322aa612268f217983409703587f65

Update firewalld rules as expected Currently we were exposing '192.168.126.0/24' over trusted zone which means it's publicly exposed but we just need it for the libvirt communication inside the host. zone `dmz` is the internal one and can be used for this purpose. Also to forward the request from `192.168.126.0/24` to `192.168.122.1` it is easier to add using firewalld cmd with specific zone instead of using `iptables` one.

view details

Praveen Kumar

commit sha 761777b83e03768f2a30df95b0a6e029be13e32e

Approve the csr manually. As of now because of https://github.com/openshift/installer/issues/1893 csr approval not going through so as a workaround we need to approve it ourself.

view details

Praveen Kumar

commit sha 9033e88274b0bc7fa58e4ec8875e1c6fd4ab1742

Merge pull request #21 from praveenkumar/firewall-fix Update firewalld rules as expected

view details

Zeeshan Ali

commit sha c44bd596fedbded1b170a36ebf136f12f2d57ca5

Revert "Approve the csr manually." This reverts commit 761777b83e03768f2a30df95b0a6e029be13e32e. The workaround is no longer needed: https://github.com/openshift/cluster-machine-approver/pull/37

view details

Praveen Kumar

commit sha da24c19d5d0bba3db70f5e6f3f0ddb266d042157

Merge pull request #23 from zeenix/drop-csr-workaround Revert "Approve the csr manually."

view details

Sally O'Malley

commit sha db9ce3e1cf9ca6880abf99c528a7d37b7061a414

add git ref to clone installer

view details

Sally O'Malley

commit sha 38c9b5081facd0316344b62bd3ada6e4ef827f41

document that google project is configurable and install kubectl

view details

Sally O'Malley

commit sha 5963aaa0de1ca02faa6de504220e1854cd2f51f7

update provision.sh to generate install-config without env vars

view details

Sally O'Malley

commit sha 4fc731ad9fff96e9d79f0aba94f8ad90fa835357

edit baseDomain, create openshift.conf not tectonic.conf

view details

Sally O'Malley

commit sha b4890ff059556f6fa7861a114d8352e1261f9eb3

update install-config.yml|yaml, and TAGS=libvirt_destroy|libvirt

view details

Sally O'Malley

commit sha 5f8b4a591778dc0f7f019a38ffd86d4631175b7a

add machineCIDR to install-config

view details

Sally O'Malley

commit sha fd2bd000921a3bdd2f3c8093c3f6a321fd7b4d9c

add install-config-version v1beta1

view details

Sally O'Malley

commit sha a34b5d31bf0568cb4366805fc71657f234de306d

updates install-config.yaml

view details

Praveen Kumar

commit sha 0390ba45c046f903ac786f67d1a78d72cac0b73f

provision.sh: Add yq binary and domain entry to NM configuration Right now auth route is not accessible by default and need to be add as part of NetworkManager configuration. Also to make this whole route stuff works with libvirt we need to add a different domain `.apps.openshift.testing`. (Tested with installer 0.14.0 tag)

view details

Zeeshan Ali

commit sha 9e27af91b1e32389491f15b625c459914a69dfb9

Link to console issue Link to the console issue we're working around with editing of ingress config file.

view details

Praveen Kumar

commit sha 21815186eac37ff117384fb5a500c4a8da2a0464

tools/create-cluster: Remove tee from cluster create We don't need to redirect the logs since now installer auto create it under $INSTALL_DIR/.openshift_install.log file

view details

push time in 12 days

pull request commentironcladlou/openshift4-libvirt-gcp

Update client binary version from 4.1.x to 4.3.x, remove rhcos-image

This was implemented in rhel8 branch, and we're settting rhel8 to master.

praveenkumar

comment created time in 12 days

PR closed ironcladlou/openshift4-libvirt-gcp

rhel8 branch -> master

push rhel8 branch to master master branch has not been maintained, rhel8 branch is used throughout CI

+213 -102

1 comment

10 changed files

sallyom

pr closed time in 12 days

pull request commentironcladlou/openshift4-libvirt-gcp

rhel8 branch -> master

closing, in favor of https://github.com/ironcladlou/openshift4-libvirt-gcp/pull/31

sallyom

comment created time in 12 days

PR opened ironcladlou/openshift4-libvirt-gcp

rhel8 branch -> master branch

rhel8 branch is where development has been, master branch has not been maintained. Make master branch rhel8, and from here on out, develop on master branch.

+213 -102

0 comment

10 changed files

pr created time in 12 days

push eventsallyom/openshift4-libvirt-gcp

Praveen Kumar

commit sha ee087a490a058cde4248b0c9630b4d831e967fb4

RHEL-8 VM config update for GCP nested virt

view details

Praveen Kumar

commit sha 974b53c10ac313b48497c1e2bd6184c8c056b959

Put rich firewall rules instead iptables. - Updated the oc version with latest release. - Removed selinux disabling part

view details

Praveen Kumar

commit sha b1cd2bbd5beeadb49cca075dd9ca76953b79a571

Merge pull request #22 from praveenkumar/rhel8 Put rich firewall rules instead iptables.

view details

Sally O'Malley

commit sha 347d9da7a87d726ee4a1ed5ec28dc3e6800f4416

update go, clients, install-config, provision.sh

view details

Dan Mace

commit sha d5185abf397233784baaea93c3d3b2eb7d648876

Merge pull request #25 from sallyom/update-go-1-13 update go, clients, install-config, rhcos

view details

Sally O'Malley

commit sha fc4bfc8a69a701b383bae75d44581fac6ed98561

configure 1 worker, update README to add firewall, subnet

view details

Praveen Kumar

commit sha b2498785c7dfcc1bb2d2119525f308e4216887d5

Merge pull request #26 from sallyom/configure-1-worker configure 1 worker, update README to add firewall, subnet

view details

Sally O'Malley

commit sha 270c5881ade51499afd504949eb53206a6121d7f

add release override instruction, add README instructions for teardown, teardown script

view details

Dan Mace

commit sha 9ea13b77a2aa0437bba4541e6463f3674cddbcbc

Merge pull request #27 from sallyom/add-override-release-image add release override instruction, gcp create/teardown scripts

view details

Sally O'Malley

commit sha 8577036d1387993c536e4b0b7d2d43fa470d9a33

scripts updates: 1) set libvirt master memory via machineconfigs 2) add wait-for installer-complete 3) ensure OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE is set when running create-cluster 4) retry with scp copy in create-gcp-resources script 5) pretty colors in create/teardown scripts, README update

view details

Sally O'Malley

commit sha 06a921fafb9a51d2d0a8be922506371d78f62fd8

Merge pull request #28 from sallyom/rhel8 update how to set libvirt master memory add wait-for installer-complete

view details

push time in 12 days

create barnchsallyom/openshift4-libvirt-gcp

branch : master_outdated

created branch time in 12 days

PR opened ironcladlou/openshift4-libvirt-gcp

rhel8 branch -> master

push rhel8 branch to master master branch has not been maintained, rhel8 branch is used throughout CI

+213 -102

0 comment

10 changed files

pr created time in 12 days

issue commentironcladlou/openshift4-libvirt-gcp

qemu-kvm version issue in rhel 8.2 gcp image

more detailed version inforamation:

Installed Packages (this is after downgrade, this is the good version)
Name         : qemu-kvm
Epoch        : 15
Version      : 2.12.0
Release      : 88.module+el8.1.0+5708+85d8e057.3
Architecture : x86_64
Size         : 0.0  
Source       : qemu-kvm-2.12.0-88.module+el8.1.0+5708+85d8e057.3.src.rpm
Repository   : @System
From repo    : rhui-rhel-8-for-x86_64-appstream-rhui-rpms
Summary      : QEMU is a machine emulator and virtualizer
URL          : http://www.qemu.org/
License      : GPLv2 and GPLv2+ and CC-BY
Description  : qemu-kvm is an open source virtualizer that provides hardware
             : emulation for the KVM hypervisor. qemu-kvm acts as a virtual
             : machine monitor together with the KVM kernel modules, and emulates the
             : hardware for a full system such as a PC and its associated peripherals.

Available Packages (this is the version that is broken)
Name         : qemu-kvm
Epoch        : 15
Version      : 2.12.0
Release      : 99.module+el8.2.0+5827+8c39933c
Architecture : x86_64
Size         : 100 k
Source       : qemu-kvm-2.12.0-99.module+el8.2.0+5827+8c39933c.src.rpm
Repository   : rhui-rhel-8-for-x86_64-appstream-rhui-rpms
Summary      : QEMU is a machine emulator and virtualizer
URL          : http://www.qemu.org/
License      : GPLv2 and GPLv2+ and CC-BY
Description  : qemu-kvm is an open source virtualizer that provides hardware
             : emulation for the KVM hypervisor. qemu-kvm acts as a virtual
             : machine monitor together with the KVM kernel modules, and emulates the
             : hardware for a full system such as a PC and its associated peripherals.
sallyom

comment created time in 12 days

push eventsallyom/release

Sally O'Malley

commit sha 44a8f6e7e1f080e0b4e18f7e2c13fd9f721a103a

add periodic 31-day-cert-recovery

view details

Sally O'Malley

commit sha a2d98cd36b02680b731acc99ee20e7c4186fb215

libvirt-31-day only 4.5 rehearse

view details

push time in 12 days

issue openedironcladlou/openshift4-libvirt-gcp

qemu-kvm version issue in rhel 8.2 gcp image

slack thread w/ output

8.1 rhel (good-install succeeds): qemu-kvm-2.12.0-88.module+el8.1.0+5708+85d8e057.3.x86_64
8.2 rhel (see thread above for output): qemu-kvm-2.12.0-99.module+el8.2.0+5827+8c39933c.x86_64

For now, I have built images from IMAGES.md with an added line to provision script sudo dnf downgrade qemu-kvm to get the working version above.

created time in 12 days

push eventsallyom/release

Jeremy Poulin

commit sha 6f2fa9051388409c22be20721a31eadda6fa12f0

Adding repo overrides to supply missing images and bump test coverage

view details

Prashanth Sundararaman

commit sha b7074cb22418f0f6b0054c0aa57a5b1ef07d8b53

Remove "ci" from RELEASE_IMAGE in s390x 4.2/4.3 jobs

view details

Prashanth Sundararaman

commit sha c7dbcc8be393156a52e6d4b1d814335692beb461

Fixes hardcoded libvirt memory override by setting the desired memory and disk using yq. When openshift/installer#3666 lands the job will fail for master as sed script will look for 7168 that it will never find. Making this change to accomodate all releases.

view details

Roy Golan

commit sha 200aa533c372d3f70394ce94bc30eb87f7a1a976

add ovirt/cluster-api-provider to image mirror mapping Signed-off-by: Roy Golan <rgolan@redhat.com>

view details

Jacob Tanenbaum

commit sha 53ffbef04fc8e6466772f141887239c2b61beb9a

Adding initial e2e test for ovn-kubernetes repo on openstack

view details

Vadim Rutkovsky

commit sha f4f4ccae667a6d59afae3c9563007f6d2ad9b55f

ci-operator/jobs/openshift/release: run e2e tests on machine-os-content promotion for okd

view details

Vadim Rutkovsky

commit sha 7a6bdac465664bc9222637e76397f9a8f018385a

ci-operator/jobs/openshift/release/openshift-release-release-4.5-periodics: DEBUG

view details

Jan Chaloupka

commit sha 231ec5084b20441ea29e87e761e2109a94a9f9e3

openshift/origin: deploy loki in gcp-e2e

view details

Eric Fried

commit sha a278f4adcb1d8b685169259c8d5c3f60d580ad3c

Restore ci-ext PR build for aws-efs-operator Undo https://github.com/openshift/release/pull/9444

view details

Michael Wilson

commit sha b02ed0773ca606405cb09f916a0f3039ea101069

SDCICD-200. Moving aws jobs to quay.io osde2e image. We're getting rid of our scripting glue and using our osde2e quay image instead. This is a lot of work, so we're starting with just the AWS jobs and will do the rest afterwards.

view details

Jeremy Poulin

commit sha a43b8b8b0e2e69f2e96db2f60d8a1c45bf23b668

Truncated last 4 digits of build id

view details

Hongkai Liu

commit sha 84caca35daf5653dbae0c3931a42b1b6e6715ad4

Fix the namespace of secrets aws-ci-infra-ci-build0{1|2}-audit-logs-uploader-credentials

view details

Peter Hunt

commit sha d89997dc0e9426ca6bfe317d511f4d9c5c42c2f0

build01: add openshift-dev key It's pretty hard to debug the runtime on a node if one can't replace the runtime. Unfortunately, `oc debug node/` only works by dropping a pod on the system, and thus the CRI-O binary can't be replaced to debug. Instead, we should add ssh keys (just for nodes with the debug role) to be able to access nodes directly Signed-off-by: Peter Hunt <pehunt@redhat.com>

view details

Hongkai Liu

commit sha 05df0feab5ab91c5c255f66cba7f1140a78418f8

Upload audit logs on build02 to aws CloudWatch

view details

Alvaro Aleman

commit sha 25a7e57fd718f1a63b6a181b32ae530659fb22b3

Remove kubeconfig arg from jobs

view details

Dominic Finn

commit sha aa09f25d94fff85e3e66db05fc8a9a3e8e1d7794

removed build context

view details

Jian Zhang

commit sha 5c4631920dc1a07276b9072c1a5734c512bcac9d

add auto merge

view details

OpenShift Merge Robot

commit sha 6e798af22b304612e4456eaace8ad49996b45c43

Merge pull request #9714 from dofinn/remove_app-sre_build removed build context

view details

openshift-bot

commit sha 789d0c9eb9d9a4a734041123b7f5d80ecbe0ff61

Update prow to v20200616-356025b923, and other images as necessary.

view details

Jian Zhang

commit sha ba70fd1b8357d66abefcfba931a834eed4e6736e

enable the approve plugin

view details

push time in 12 days

Pull request review commentopenshift/enhancements

Make oc aware of ImageContentSourcePolicy

+---+title: image-content-source-policy-awareness+authors:+  - "@sallyom"+reviewers:+  - "@smarterclayton"+  - "@soltysh"+  - "@wking"+approvers:+  - "@smarterclayton"+creation-date: 2020-05-19+last-updated: 2020-05-19+status: provisional+---++# ImageContentSourcePolicy (ICSP) Awareness++ICSP allows OpenShift (CVO, CRI-O) to check down a list of possible mirrors to find an image with the matching digest it is+looking for.  `oc` should do the same.  ++There have been several bugs opened around the experience of a +user in a disconnected environment using `oc adm release` commands.  If+using a mirrored image and the mirrored source registry is connected, +the following commands do not succeed when in a disconnected environment:++```console+$ oc adm release extract --tools aprivateregistry/repo/name:tag+$ oc adm release mirror aprivateregistry/repo/name:tag --to someregistry/repo/name+$ oc adm must-gather+```++This is because the mirrored image tags (the individual component images from a payload)+retain references to the mirrored registry, usually something like +`quay.io/openshift-release-dev/ocp-v4.0-art-dev`.  ++There needs to be logic in `oc` to look for `ImageContentSourcePolicy` either from a file or from a cluster.+`oc` should look for `ICSP` in the cluster/current context if connected, and if not, from a file in an expected location,+probably from the current directory.  `oc` should gather information about RepositoryDigestMirrors from ICSP and use that+when extracting or mirroring images, or when running must-gather.++Current bugs regarding this Issue:   +* https://bugzilla.redhat.com/show_bug.cgi?id=1823839+* https://bugzilla.redhat.com/show_bug.cgi?id=1823143 and also for 4.3, 4.5, 4.6+++## Release Signoff Checklist++- [ ] Enhancement is `implementable`+- [ ] Design details are appropriately documented from clear requirements+- [ ] Test plan is defined+- [ ] Graduation criteria for dev preview, tech preview, GA+- [ ] User-facing documentation is created in [openshift-docs](https://github.com/openshift/openshift-docs/)++## Open Questions++* In what order should `oc` gather info about an image?  Need to order the following:+    * ICSP from file+    * ICSP from cluster+    * image reference from user-given image++* Should oc adm release mirror write an ICSP file to the current directory rather than a print to stdout?+* Should there be a flag to direct oc to re-order the above 3 choices, to tell oc which information source to use?++## Summary++ICSP allows OpenShift (CVO, CRI-O) to check down a list of possible mirrors to find an image with the matching digest it is+looking for.  `oc` should do the same.  ++## Proposal++* Add logic to `oc adm release` and/or openshift/library-go/pkg/image to become aware of ICSP file

With so many flags already for the oc adm release commands, I was thinking the --alternative-repository flag could be avoided. I will add it, though, if we need it (and since @smarterclayton suggested it, he's probably thinking we do). I am thinking a user would give their repository and expect to either run the cmd against that exact repository, or from the image reference, or from the ICSP data. These are already there, without the extra flag. Example: oc adm release extract --tools quay.io/sallyom/test-release:4.5.0-0.nightly-2020-06-22-125424 -v=2 will extract from quay.io/sallyom/test-release - this fails from master unless you have the credentials for quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d960fc054c342.... since that is where the quay.io/sallyom image is mirrored from.
I don't think a user would run oc adm release extract --tools quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d960fc05... --alternative-repository quay.io/sallyom/test-release that seems like it's not necessary to me, but I'll add it if we want it.

sallyom

comment created time in 13 days

Pull request review commentopenshift/enhancements

Make oc aware of ImageContentSourcePolicy

+---+title: image-content-source-policy-awareness+authors:+  - "@sallyom"+reviewers:+  - "@smarterclayton"+  - "@soltysh"+  - "@wking"+approvers:+  - "@smarterclayton"+creation-date: 2020-05-19+last-updated: 2020-05-19+status: provisional+---++# ImageContentSourcePolicy (ICSP) Awareness++ICSP allows OpenShift (CVO, CRI-O) to check down a list of possible mirrors to find an image with the matching digest it is+looking for.  `oc` should do the same.  ++There have been several bugs opened around the experience of a +user in a disconnected environment using `oc adm release` commands.  If+using a mirrored image and the mirrored source registry is connected, +the following commands do not succeed when in a disconnected environment:++```console+$ oc adm release extract --tools registry.example.com/repo/name:tag+$ oc adm release mirror registry.example.com/repo/name:tag --to someregistry/repo/name+$ oc adm must-gather+```++This is because the mirrored image tags (the individual component images from a payload)+retain references to the mirrored registry, usually something like +`quay.io/openshift-release-dev/ocp-v4.0-art-dev`.  ++There needs to be logic in `oc` to look for `ImageContentSourcePolicy` from a cluster.+`oc` should look for `ICSP` in the cluster/current context if connected and if user has permission to +access ICSPs.  `oc` should gather information about RepositoryDigestMirrors from ICSP and use that+when extracting or mirroring images, or when running must-gather.  If no ICSP found or if ICSP image doesn't+exist, then use the user-given image.  If that image is not accessible, then fall back to the current flow of+using the image-reference from the user-given image.++Current bugs regarding this Issue:   +* https://bugzilla.redhat.com/show_bug.cgi?id=1823839+* https://bugzilla.redhat.com/show_bug.cgi?id=1823143 and also for 4.3, 4.5, 4.6+++## Release Signoff Checklist++- [ ] Enhancement is `implementable`+- [ ] Design details are appropriately documented from clear requirements+- [ ] Test plan is defined+- [ ] Graduation criteria for dev preview, tech preview, GA+- [ ] User-facing documentation is created in [openshift-docs](https://github.com/openshift/openshift-docs/)++## Open Questions++* Should new flags be introduced OR should oc try each scenario until it succeeds in finding the registry/repo/name:digest?+    * NO FLAGS:+        1. Try ImageContentSources from cluster -> if oc can access ICSP and cluster, get images from ICSP, check if an image exists, if so use it+        2. Try user-given registry/repo/name -> check if registry/repo/name:digest exists, if so use it+        3. (The current flow): If the above fall through, try the image-reference from user-given image - use it - may or may not succeed +        if disconnected or not authorized to access image-reference registry+    * FLAGS:+        * *--icsp-to* will define where to write an ICSP file to.  If unset, `oc adm release mirror` will write to current directory.

ICSP isn't formed if mirroring to a directory. To get the ICSP, mirror from 1 registry to another: oc adm release mirror someregistry/repo/release:tag --to anotherregistry/repo/release
When mirroring to a local directory, ICSP isn't created. The reason for saving to file is so a user has the copy, so they can apply to a cluster if they lose that stdout. Or, they can pass --icsp-file=path to oc adm release extract.

sallyom

comment created time in 13 days

Pull request review commentopenshift/oc

Bug 1823143: Implement enhancement for "Add ImageContentSource awareness to oc"

 func NewMirror(f kcmdutil.Factory, parentName string, streams genericclioptions. 	} 	flags := cmd.Flags() 	o.SecurityOptions.Bind(flags)+	o.ImageSourceOptions.Bind(flags) 	o.ParallelOptions.Bind(flags)  	flags.StringVar(&o.From, "from", o.From, "Image containing the release payload.") 	flags.StringVar(&o.To, "to", o.To, "An image repository to push to.") 	flags.StringVar(&o.ToImageStream, "to-image-stream", o.ToImageStream, "An image stream to tag images into.") 	flags.StringVar(&o.FromDir, "from-dir", o.FromDir, "A directory to import images from.") 	flags.StringVar(&o.ToDir, "to-dir", o.ToDir, "A directory to export images to.")+	flags.StringVar(&o.ICSPTo, "icsp-to", o.ICSPTo, "Path to write ImageContentSourcePolicy file to.  If not set, will write to current directory.")

Pushed a commit w/ a single flag --release-config-dir that sets the directory for both release-image-signature-dir and icsp-to dir.

sallyom

comment created time in 13 days

push eventsallyom/oc

Jan Chaloupka

commit sha 7f77e4ac3deb3a0ebd458b0784e7a5c96d98f71f

oc set probe: add support for startup probe Startup probes were introduced with Kubernetes 1.16

view details

Sally O'Malley

commit sha 5585f1e107afa5f5dd53fba740bf52b0763102cc

improve 'oc adm release info|new' error when given release image does not exist

view details

Sally O'Malley

commit sha a2ae72bd4bea89dfadae23bd2514c6e7a6651743

Deprecate 'oc adm create-kubeconfig'

view details

Sally O'Malley

commit sha c19bb5dccfff4dc81192cd8e4c37d36b679e5d3d

generated

view details

OpenShift Merge Robot

commit sha 2ce7496bcf9e3a3cf3033a5b9ca1708e739e6d01

Merge pull request #435 from sallyom/bz1827486 Bug 1827486: clarify usage of 'oc adm create-kubeconfig'

view details

OpenShift Merge Robot

commit sha 4f753f8475af4dac1add8481c3a95a55d8fdc8ac

Merge pull request #459 from ingvagabund/oc-set-probe-add-startup-probe bug 1844354: oc set probe: add support for startup probe

view details

Michal Fojtik

commit sha 81ac547cdf99605233986d5d545d638f69abc391

Bug 1846078: fix typo in oc adm upgrade help

view details

Jan Chaloupka

commit sha 2214377e356f3c2978e37c305f33d6a470585d27

oc project: rewrite context after kubeconfig is read

view details

OpenShift Merge Robot

commit sha 07f1f5ff7e1090b5d62ddf804f5349be3a066d0a

Merge pull request #469 from ingvagabund/oc-project-context bug 1840411: oc project: rewrite context after kubeconfig is read

view details

OpenShift Merge Robot

commit sha 31651a16e3e0162f9b2671d9bed2c6b805a51b4f

Merge pull request #468 from mfojtik/fix-typo Bug 1846078: fix typo in oc adm upgrade help

view details

OpenShift Merge Robot

commit sha b644a4b43e8d1cd9fa003e7686ce19454f456d08

Merge pull request #463 from sallyom/bug1817145 Bug 1817145: Improve 'oc adm release info|new' error when given release image does not exist

view details

Sally O'Malley

commit sha e4b232c18ea7dc13ea6b64abbb2bc95b564a2662

write ImageContentSourcePolicy to file with oc adm release mirror

view details

Sally O'Malley

commit sha 2ff23314d579ba1da7003fee632efada8f0431a5

Bug 1823143: add logic to set registry/repository/name instead of only using image references for 'oc adm release ...' commands 1. Try to gather image source info from ImageContentSourcePolicy, if this doesn't succeed go to 2. 2. Set the registry/repo/name to be that of user-given release rather than its refs. If image not found, go to 3. 3. Use the image-references from given release. This will succeed if user has access to the image-reference registry. When working with mirrored release payloads, a release from a mirrored registry, mylocalregistry/ocp/release:4.5.0-0.nightly-2020-04-18-093630 mirrored from registry.svc.ci.openshift.org/ocp/release:4.5.0-0.nightly-2020-04-18-093630 - Both reference 'quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2eb0a51...'. In case of disconnected, oc will use 'mylocalregistry/ocp/release' instead of 'quay.io/openshift-release-dev/ocp-v4.0-art-dev' _or_ will get image source information from ICSP in cluster.

view details

Sally O'Malley

commit sha 038d6460776a19ebe7c45dcf873b61dde37d8cc5

error if passed icsp-file but did not verify image source

view details

Sally O'Malley

commit sha 1328f16faf80834520596e60c22cdd0bc3f31d1f

joing icps-to and release-image-signature-to-dir flags into --release-config-dir

view details

push time in 13 days

Pull request review commentopenshift/oc

Bug 1823143: Implement enhancement for "Add ImageContentSource awareness to oc"

 func NewMirror(f kcmdutil.Factory, parentName string, streams genericclioptions. 	} 	flags := cmd.Flags() 	o.SecurityOptions.Bind(flags)+	o.ImageSourceOptions.Bind(flags) 	o.ParallelOptions.Bind(flags)  	flags.StringVar(&o.From, "from", o.From, "Image containing the release payload.") 	flags.StringVar(&o.To, "to", o.To, "An image repository to push to.") 	flags.StringVar(&o.ToImageStream, "to-image-stream", o.ToImageStream, "An image stream to tag images into.") 	flags.StringVar(&o.FromDir, "from-dir", o.FromDir, "A directory to import images from.") 	flags.StringVar(&o.ToDir, "to-dir", o.ToDir, "A directory to export images to.")+	flags.StringVar(&o.ICSPTo, "icsp-to", o.ICSPTo, "Path to write ImageContentSourcePolicy file to.  If not set, will write to current directory.")

I was going to do that initially, but the flag is --release-image-signature-to-dir - should that be more generic for both files - the signature + icsp files? @wking

sallyom

comment created time in 13 days

Pull request review commentopenshift/oc

Bug 1823143: Implement enhancement for "Add ImageContentSource awareness to oc"

 func NewMirror(f kcmdutil.Factory, parentName string, streams genericclioptions. 	} 	flags := cmd.Flags() 	o.SecurityOptions.Bind(flags)+	o.ImageSourceOptions.Bind(flags) 	o.ParallelOptions.Bind(flags)  	flags.StringVar(&o.From, "from", o.From, "Image containing the release payload.") 	flags.StringVar(&o.To, "to", o.To, "An image repository to push to.") 	flags.StringVar(&o.ToImageStream, "to-image-stream", o.ToImageStream, "An image stream to tag images into.") 	flags.StringVar(&o.FromDir, "from-dir", o.FromDir, "A directory to import images from.") 	flags.StringVar(&o.ToDir, "to-dir", o.ToDir, "A directory to export images to.")+	flags.StringVar(&o.ICSPTo, "icsp-to", o.ICSPTo, "Path to write ImageContentSourcePolicy file to.  If not set, will write to current directory.")

oh, the ICSP file can be saved to the "config" directory, in absence of a --icsp-to-dir flag - same as what we do with the signature file. i'll make that change.

sallyom

comment created time in 13 days

Pull request review commentopenshift/oc

Write a proper readme

-### TODO: ADD README.md here+# OpenShift Client - oc++With OpenShift Client CLI (oc), you can create applications and manage OpenShift+resources.  It is built on top of [kubectl](https://github.com/kubernetes/kubectl/)+which means it provides its full capabilities to connect with any kubernetes+compliant cluster, and on top adds commands simplifying interaction with an+OpenShift cluster.+++# Contributing++All contributions are welcome - ic uses the Apache 2 license and does not require

ic to oc there

soltysh

comment created time in 13 days

pull request commentopenshift/oc

[release-4.4] Bug 1808174: bump(golang.org/x/crypto|net|sys)

/lgtm

soltysh

comment created time in 13 days

pull request commentopenshift/oc

[release-4.4] Bug 1808174: bump(golang.org/x/crypto|net|sys)

/retest

soltysh

comment created time in 13 days

push eventsallyom/oc

Jan Chaloupka

commit sha 7f77e4ac3deb3a0ebd458b0784e7a5c96d98f71f

oc set probe: add support for startup probe Startup probes were introduced with Kubernetes 1.16

view details

Sally O'Malley

commit sha 5585f1e107afa5f5dd53fba740bf52b0763102cc

improve 'oc adm release info|new' error when given release image does not exist

view details

Sally O'Malley

commit sha a2ae72bd4bea89dfadae23bd2514c6e7a6651743

Deprecate 'oc adm create-kubeconfig'

view details

Sally O'Malley

commit sha c19bb5dccfff4dc81192cd8e4c37d36b679e5d3d

generated

view details

OpenShift Merge Robot

commit sha 2ce7496bcf9e3a3cf3033a5b9ca1708e739e6d01

Merge pull request #435 from sallyom/bz1827486 Bug 1827486: clarify usage of 'oc adm create-kubeconfig'

view details

OpenShift Merge Robot

commit sha 4f753f8475af4dac1add8481c3a95a55d8fdc8ac

Merge pull request #459 from ingvagabund/oc-set-probe-add-startup-probe bug 1844354: oc set probe: add support for startup probe

view details

Michal Fojtik

commit sha 81ac547cdf99605233986d5d545d638f69abc391

Bug 1846078: fix typo in oc adm upgrade help

view details

Jan Chaloupka

commit sha 2214377e356f3c2978e37c305f33d6a470585d27

oc project: rewrite context after kubeconfig is read

view details

OpenShift Merge Robot

commit sha 07f1f5ff7e1090b5d62ddf804f5349be3a066d0a

Merge pull request #469 from ingvagabund/oc-project-context bug 1840411: oc project: rewrite context after kubeconfig is read

view details

OpenShift Merge Robot

commit sha 31651a16e3e0162f9b2671d9bed2c6b805a51b4f

Merge pull request #468 from mfojtik/fix-typo Bug 1846078: fix typo in oc adm upgrade help

view details

OpenShift Merge Robot

commit sha b644a4b43e8d1cd9fa003e7686ce19454f456d08

Merge pull request #463 from sallyom/bug1817145 Bug 1817145: Improve 'oc adm release info|new' error when given release image does not exist

view details

push time in 13 days

pull request commentopenshift/release

Add periodic 31-day-cert-recovery

/retest

sallyom

comment created time in 13 days

push eventsallyom/release

Sally O'Malley

commit sha 9ea72b38fc371fee03e1234d602ab64fc1055032

libvirt-31-day only 4.7 rehearse

view details

push time in 17 days

pull request commentopenshift/origin

add extended clusteroperators delete operand namespace recover test

/retest

sallyom

comment created time in 17 days

pull request commentopenshift/release

Add periodic 31-day-cert-recovery

/hold cancel

sallyom

comment created time in 17 days

push eventsallyom/release

Sally O'Malley

commit sha bf4e30ec3f2d932710e4ce95cfc8fd3fbf412b56

add periodic 31-day-cert-recovery

view details

push time in 17 days

push eventsallyom/release

Sally O'Malley

commit sha 5fe9d5a7e542c5e2a5ae08bedb382d034bf6907e

add periodic 31-day-cert-recovery

view details

Sally O'Malley

commit sha a3d2bc3ee4b1d2ba45a111699126d68dcd257864

TEST COMMIT: REMOVED REHEARSALS EXCEPT THE ONE I ADDED: REMOVE THIS

view details

push time in 18 days

push eventsallyom/release

Sally O'Malley

commit sha 90bba36fc9d8279af5935188c2256d6a07ef8792

add periodic 31-day-cert-recovery

view details

Sally O'Malley

commit sha 13b5756b99792452f246cca61f9ba80aebd40a64

TEST COMMIT: REMOVED REHEARSALS EXCEPT THE ONE I ADDED: REMOVE THIS

view details

push time in 18 days

more