Step: osd-create-create

The cluster creation step uses ocm to create an OSD cluster using the provided cluster profile. The cluster profile should include an sso-client-id and sso-client-secret to login. The cluster profile should also include .awscred and aws-account-id (presently OSD only supports AWS). If the clusterExpects $SHARED_DIR/ocm-cluster-create-args to contain additional (cloud platform specific) arguments to pass on the ocm create command line. Platform specific arguments might for AWS: --compute-machine-type=.. --aws-account-id=.. --aws-secret-key-id=.. --aws-secret-access-key=..

Container image used for this step: cli-ocm

cli-ocm resolves to an image built or imported by the ci-operator configuration (documentation).

Environment

In addition to the default environment, the step exposes the following:

Variable Name Type Variable Content
CLUSTER_VERSION Parameter[?] The version for ocm to install (e.g. "4.6.12"). Specify a major/minor (e.g. "4.6") to get the latest version from that stream.
CLUSTER_NAME Parameter[?] The name of the OSD cluster to create. Must be unique for the account, lowercase, and no more than 15 characters.
COMPUTE_MACHINE_TYPE Parameter[?] If not specified, a default will be chosen appropriate for your cluster_profile.
CLUSTER_DURATION Parameter[?] Set a non-default number of seconds for the cluster to live after creation.
COMPUTE_NODES Parameter[?] (default: 2)
OCM_LOGIN_URL Parameter[?] ocm login URL. (default: staging)
CLOUD_PROVIDER_REGION Parameter[?] Set a region for the ocm cluster creation. If not specified, a cluster_profile appropriate setting will be used.

Source Code

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
#!/bin/bash

set -o nounset
set -o errexit
set -o pipefail

trap 'CHILDREN=$(jobs -p); if test -n "${CHILDREN}"; then kill ${CHILDREN} && wait; fi' TERM

CLUSTER_NAME=${CLUSTER_NAME:-$NAMESPACE}
CLUSTER_VERSION=${CLUSTER_VERSION:-}
SSO_CLIENT_ID=$(cat "${CLUSTER_PROFILE_DIR}/sso-client-id")
SSO_CLIENT_SECRET=$(cat "${CLUSTER_PROFILE_DIR}/sso-client-secret")

AWSCRED="${CLUSTER_PROFILE_DIR}/.awscred"
OCM_CREATE_ARGS=""
if [[ -f "${AWSCRED}" ]]; then
  # Gather fields from the cluster_profile secret
  AWS_ACCESS_KEY_ID=$(cat "${AWSCRED}" | grep aws_access_key_id | tr -d ' ' | cut -d '=' -f 2)
  AWS_SECRET_ACCESS_KEY=$(cat "${AWSCRED}" | grep aws_secret_access_key | tr -d ' ' | cut -d '=' -f 2)
  AWS_ACCOUNT_ID=$(cat "${CLUSTER_PROFILE_DIR}/aws-account-id")
  OCM_CREATE_ARGS="--aws-account-id ${AWS_ACCOUNT_ID} --aws-access-key-id ${AWS_ACCESS_KEY_ID} --aws-secret-access-key ${AWS_SECRET_ACCESS_KEY}"

  # Set defaults for AWS if necessary
  COMPUTE_MACHINE_TYPE=${COMPUTE_MACHINE_TYPE:-"m5.xlarge"}
  declare -a AWS_REGIONS=('us-east-1' 'us-east-2' 'us-west-1' 'us-west-2')
  RAND_REGION="${AWS_REGIONS[$RANDOM % ${#AWS_REGIONS[@]}]}"
  CLOUD_PROVIDER_REGION=${CLOUD_PROVIDER_REGION:-"${RAND_REGION}"}
  echo "Will launch in AWS region: ${CLOUD_PROVIDER_REGION}"
else
  echo "Did not find compatible cloud provider cluster_profile"
  exit 1
fi

export HOME=${SHARED_DIR}
mkdir -p "${HOME}"
echo "Logging into ${OCM_LOGIN_URL} SSO"
ocm login --url "${OCM_LOGIN_URL}" --client-id "${SSO_CLIENT_ID}" --client-secret "${SSO_CLIENT_SECRET}"

versions=$(ocm list versions)
echo -e "Available cluster versions:\n${versions}"

if [[ $CLUSTER_VERSION =~ ^[0-9]+\.[0-9]+$ ]]; then
  CLUSTER_VERSION=$(echo "$versions" | grep ${CLUSTER_VERSION} | tail -1)
else
  # Match the whole line
  CLUSTER_VERSION=$(echo "$versions" | grep -x ${CLUSTER_VERSION})
fi

if [[ -z "$CLUSTER_VERSION" ]]; then
  echo "Requested cluster version not available!"
  exit 1
fi

echo "Cluster version: $CLUSTER_VERSION"

OLD_CLUSTER_ID=$(ocm list clusters --columns=id --parameter search="name is '${CLUSTER_NAME}'" | tail -n 1)
if [[ "$OLD_CLUSTER_ID" != ID* ]]; then
  # A cluster id was returned; not just the ID column heading.
  # Previous cluster was orphaned somehow. Shut it down.
  echo "A cluster with the name (${CLUSTER_NAME}) already exists and will need to be manually deleted; cluster-id: ${OLD_CLUSTER_ID}"
  exit 1
fi

CLUSTER_INFO="${ARTIFACT_DIR}/ocm-cluster.txt"

echo "Parameters for cluster request:"
echo "  Cluster name: ${CLUSTER_NAME}"
echo "  Compute nodes: ${COMPUTE_NODES}"
echo "  Cluster version: ${CLUSTER_VERSION}"
echo "  Compute machine type: ${COMPUTE_MACHINE_TYPE}"
echo "  Cloud provider region: ${CLOUD_PROVIDER_REGION}"
ocm create cluster ${OCM_CREATE_ARGS} \
                   --ccs "${CLUSTER_NAME}" \
                   --compute-nodes "${COMPUTE_NODES}" \
                   --version "${CLUSTER_VERSION}" \
                   --compute-machine-type "${COMPUTE_MACHINE_TYPE}" \
                   --region "${CLOUD_PROVIDER_REGION}" \
                   > "${CLUSTER_INFO}"

CLUSTER_ID=$(cat "${CLUSTER_INFO}" | grep '^ID:' | tr -d '[:space:]' | cut -d ':' -f 2)
echo "Cluster ${CLUSTER_NAME} is being created with cluster-id: ${CLUSTER_ID}"

# By default, OSD will setup clusters running for a few days before they expire.
# In case things go wrong in our flow, give the cluster an initial expiration
# that will minimize wasted compute if post steps are not successful.
# After installation, the expiration will be bumped according to CLUSTER_DURATION.
INIT_EXPIRATION_DATE=$(date -u -d "+3hours" "+%Y-%m-%dT%H:%M:%S.00000Z")
echo '{ "expiration_timestamp": "'"${INIT_EXPIRATION_DATE}"'" }' | ocm patch "/api/clusters_mgmt/v1/clusters/${CLUSTER_ID}"

# Store the cluster ID for the delete operation
echo -n "${CLUSTER_ID}" > "${HOME}/cluster-id"

echo "Waiting for cluster ready..."
while true; do
  sleep 60
  CLUSTER_STATE=$(ocm cluster status "${CLUSTER_ID}" | grep 'State:' | tr -d '[:space:]' | cut -d ':' -f 2)
  echo "Cluster state: ${CLUSTER_STATE}"
  if [[ "${CLUSTER_STATE}" == "ready" ]]; then
    echo "Cluster is reported as ready"
    break
  fi
  if [[ "${CLUSTER_STATE}" != "installing" && "${CLUSTER_STATE}" != "pending" ]]; then
    ocm get "/api/clusters_mgmt/v1/clusters/${CLUSTER_ID}/logs/install" > "${ARTIFACT_DIR}/.osd_install.log" || echo "error: Unable to pull installation log."
    echo "error: Cluster reported invalid state: ${CLUSTER_STATE}"
    exit 1
  fi
done

if [[ -n "${CLUSTER_DURATION}" ]]; then
  # Set the expiration according to desired cluster TTL
  EXPIRATION_DATE=$(date -u -d "+${CLUSTER_DURATION}sec" "+%Y-%m-%dT%H:%M:%S.00000Z")
  echo '{ "expiration_timestamp": "'"${EXPIRATION_DATE}"'" }' | ocm patch "/api/clusters_mgmt/v1/clusters/${CLUSTER_ID}"
fi

ocm get "/api/clusters_mgmt/v1/clusters/${CLUSTER_ID}/logs/install" > "${ARTIFACT_DIR}/.osd_install.log"
ocm get "/api/clusters_mgmt/v1/clusters/${CLUSTER_ID}/credentials" | jq -r .kubeconfig > "${SHARED_DIR}/kubeconfig"
ocm get "/api/clusters_mgmt/v1/clusters/${CLUSTER_ID}/credentials" | jq -jr .admin.password > "${SHARED_DIR}/kubeadmin-password"
CONSOLE_URL=$(ocm get "/api/clusters_mgmt/v1/clusters/${CLUSTER_ID}" | jq -r .console.url)
echo "${CONSOLE_URL}" > "${SHARED_DIR}/console.url"

echo "Console URL: ${CONSOLE_URL}"
while true; do
  echo "Waiting for reachable api.."
  if oc --kubeconfig "${SHARED_DIR}/kubeconfig" get project/openshift-apiserver; then
    break
  fi
  sleep 30
done

# OSD replaces the provider selection template and eliminate the kube:admin option.
# Restore the ugly, but kube:admin containing, default template.
cd /tmp
oc --kubeconfig "${SHARED_DIR}/kubeconfig" patch oauth.config.openshift.io cluster --type='json' -p='{"spec":{"templates": null}}' --type=merge

exit 0

Properties

Property Value Description
Termination grace period[?] 10m0s Period of time until SIGKILL signal is sent to the test pod (after SIGTERM signal is sent).
Resource requests (cpu) 100m Used in .resources.requests of the pod running this step.
Resource requests (memory) 300Mi Used in .resources.requests of the pod running this step.

GitHub Link:

https://github.com/openshift/release/blob/master/ci-operator/step-registry/osd/create/create/osd-create-create-ref.yaml

Owners:

Approvers:

Reviewers:

Source code for this page located on GitHub