Step: telco-bastion-setup

Install a cluster through an ssh bastion service for telco testing

Container image used for this step: ci/telco-bastion:latest

ci/telco-bastion:latest resolves to an image imported from the specified imagestream tag on the build farm (documentation).

Environment

In addition to the default environment, the step exposes the following:

Variable Name Type Variable Content
OO_CHANNEL Parameter[?] What OpenShift version to install on the cluster

Source Code

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
#!/bin/bash

set -o nounset
set -o errexit
set -o pipefail

echo "************ telco-bastion setup command ************"

# TODO: Remove once OpenShift CI will be upgraded to 4.2 (see https://access.redhat.com/articles/4859371)
~/fix_uid.sh

# Workaround 777 perms on secret ssh password file
SSH_PASS=$(cat /var/run/ssh-pass/password)

cat << EOF > ~/inventory
[all]
sshd.bastion-telco ansible_ssh_user=tester ansible_ssh_common_args="-o ConnectTimeout=5 -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o ServerAliveInterval=90" ansible_password=$SSH_PASS
EOF

set -x

KCLI_PARAM=""
if [ ! -z $OO_CHANNEL ] ; then
    KCLI_PARAM="-P openshift_image=registry.ci.openshift.org/ocp/release:$OO_CHANNEL"
fi

cat << EOF > ~/ocp-install.yml
---
- name: Grab and run kcli to install openshift cluster
  hosts: all
  tasks:
  - name: Clone repo
    git:
      repo: https://github.com/karmab/kcli-openshift4-baremetal.git
      dest: ~/kcli-openshift4-baremetal
      version: master
      force: yes
    retries: 5
  - name: Add master workaround manifest
    blockinfile:
      path: ~/kcli-openshift4-baremetal/manifests/mc-wa-bz1929160-master.yaml
      create: yes
      block: |
        apiVersion: machineconfiguration.openshift.io/v1
        kind: MachineConfig
        metadata:
          labels:
            machineconfiguration.openshift.io/role: master
          name: local-host-bz-wa-master
        spec:
          config:
            ignition:
              version: 3.2.0
            storage:
              files:
              - path: /usr/local/bin/localhost-bz1929160-wa
                filesystem: root
                mode: 493
                contents:
                  source: data:text/plain;charset=utf8;base64,IyEvYmluL2Jhc2gKCnNldCAtZXV4ICAjIGV4aXQgb24gZXJyb3IKCkFUVEVNUFRTPTAKTUFYX0FUVEVNUFRTPTIwCgpIT1NUTkFNRT0kKGhvc3RuYW1lKQoKaWYgWyAke0hPU1ROQU1FfSA9PSAibG9jYWxob3N0IiBdOyB0aGVuCiAgICB1bnRpbCBbICR7QVRURU1QVFN9IC1lcSAke01BWF9BVFRFTVBUU30gXQogICAgZG8KICAgICAgICAjIGNoZWNrIGlmIHRoZSBub2RlIGdvdCBhbiBpcAogICAgICAgIGlwPSQoaXAgLW8gYWRkciBzaG93IGJyLWV4KQogICAgICAgIGlmIFsgJD8gLWVxIDAgXTsgdGhlbgogICAgICAgICAgICBob3N0X25hbWU9JChpcCAtbyBhZGRyIHNob3cgYnItZXggfCBoZWFkIC0xIHwgYXdrICd7cHJpbnQgJDR9JyB8IGN1dCAtZCcvJyAtZjEgfCBuc2xvb2t1cCB8IHRhaWwgLTIgfCBoZWFkIC0xIHwgYXdrICd7cHJpbnQgJDR9JyB8IHJldiB8IGN1dCAtZCcuJyAtZjItIHwgcmV2KQogICAgICAgICAgICBob3N0bmFtZWN0bCBzZXQtaG9zdG5hbWUgJHtob3N0X25hbWV9CiAgICAgICAgICAgIGV4aXQgMAogICAgICAgIGVsc2UKICAgICAgICAgICAgc2xlZXAgNQogICAgICAgIGZpCiAgICAgICAgKCggQVRURU1QVFMrKyApKQogICAgZG9uZQogICAgZXhpdCAxCmZpCg==
            systemd:
              units:
              - contents: |
                  [Unit]
                  Description=Set master node hostname to avoid bz1956360
                  After=ovs-configuration.service
                  Before=kubelet.service
        
                  [Service]
                  Type=oneshot
                  ExecStart=/usr/local/bin/localhost-bz1929160-wa
                  StandardOutput=journal+console
                  StandardError=journal+console
        
                  [Install]
                  WantedBy=network-online.target
                enabled: true
                name: local-host-wa.service
  - name: Add worker workaround manifest
    blockinfile:
      path: ~/kcli-openshift4-baremetal/manifests/mc-wa-bz1929160-worker.yaml
      create: yes
      block: |
        apiVersion: machineconfiguration.openshift.io/v1
        kind: MachineConfig
        metadata:
          labels:
            machineconfiguration.openshift.io/role: worker
          name: local-host-bz-wa-worker
        spec:
          config:
            ignition:
              version: 3.2.0
            storage:
              files:
              - path: /usr/local/bin/localhost-bz1929160-wa
                filesystem: root
                mode: 493
                contents:
                  source: data:text/plain;charset=utf8;base64,IyEvYmluL2Jhc2gKCnNldCAtZXV4ICAjIGV4aXQgb24gZXJyb3IKCkFUVEVNUFRTPTAKTUFYX0FUVEVNUFRTPTIwCgpIT1NUTkFNRT0kKGhvc3RuYW1lKQoKaWYgWyAke0hPU1ROQU1FfSA9PSAibG9jYWxob3N0IiBdOyB0aGVuCiAgICB1bnRpbCBbICR7QVRURU1QVFN9IC1lcSAke01BWF9BVFRFTVBUU30gXQogICAgZG8KICAgICAgICAjIGNoZWNrIGlmIHRoZSBub2RlIGdvdCBhbiBpcAogICAgICAgIGlwPSQoaXAgLW8gYWRkciBzaG93IGJyLWV4KQogICAgICAgIGlmIFsgJD8gLWVxIDAgXTsgdGhlbgogICAgICAgICAgICBob3N0X25hbWU9JChpcCAtbyBhZGRyIHNob3cgYnItZXggfCBoZWFkIC0xIHwgYXdrICd7cHJpbnQgJDR9JyB8IGN1dCAtZCcvJyAtZjEgfCBuc2xvb2t1cCB8IHRhaWwgLTIgfCBoZWFkIC0xIHwgYXdrICd7cHJpbnQgJDR9JyB8IHJldiB8IGN1dCAtZCcuJyAtZjItIHwgcmV2KQogICAgICAgICAgICBob3N0bmFtZWN0bCBzZXQtaG9zdG5hbWUgJHtob3N0X25hbWV9CiAgICAgICAgICAgIGV4aXQgMAogICAgICAgIGVsc2UKICAgICAgICAgICAgc2xlZXAgNQogICAgICAgIGZpCiAgICAgICAgKCggQVRURU1QVFMrKyApKQogICAgZG9uZQogICAgZXhpdCAxCmZpCg==
            systemd:
              units:
              - contents: |
                  [Unit]
                  Description=Set worker node hostname to avoid bz1956360
                  After=ovs-configuration.service
                  Before=kubelet.service
        
                  [Service]
                  Type=oneshot
                  ExecStart=/usr/local/bin/localhost-bz1929160-wa
                  StandardOutput=journal+console
                  StandardError=journal+console
        
                  [Install]
                  WantedBy=network-online.target
                enabled: true
                name: local-host-wa.service
  - name: Remove last run
    shell: kcli delete plan --yes upstream_ci
    ignore_errors: yes
  - name: Remove lock file
    file:
      path: /home/tester/vm_ready.txt
      state: absent
  - name: Run deployment
    shell: kcli create plan --paramfile /home/tester/kcli_parameters.yml upstream_ci $KCLI_PARAM
    args:
      chdir: ~/kcli-openshift4-baremetal
    async: 60
    poll: 0
EOF
cat << EOF > ~/copy-kubeconfig-to-bastion.yml
---
- name: Copy kubeconfig from installer to bastion
  hosts: all
  tasks:
  - name: Run playbook to copy kubeconfig from installer vm to bastion vm
    shell: ansible-playbook -i /home/tester/inventory /home/tester/kubeconfig.yml
EOF
cat << EOF > ~/fetch-kubeconfig.yml
---
- name: Fetch kubeconfig for cluster
  hosts: all
  tasks:
  - name: Grab the kubeconfig
    fetch:
      src: /home/tester/.kube/config
      dest: $SHARED_DIR/kubeconfig
      flat: yes
  - name: Modify local copy of kubeconfig
    lineinfile:
      path: $SHARED_DIR/kubeconfig
      regexp: '    server: https://127.0.0.1:6443'
      line: "    server: https://sshd.bastion-telco:6443"
    delegate_to: localhost
EOF

# Workaround for ssh connection killed
cat << EOF > ~/ssh-connection-workaround.yml
---
- name: Wait for kcli install to finish
  hosts: all
  tasks:
  - name: Try to grab file to see install finished
    shell: kcli scp root@cnfdc5-installer:/root/cluster_ready.txt /home/tester/vm_ready.txt
  - name: Check if successful
    stat: path=/home/tester/vm_ready.txt
    register: ready
  - name: Fail if file was not there
    fail:
      msg: Installation not finished yet
    when: ready.stat.exists == False
EOF

ansible-playbook -i ~/inventory ~/ocp-install.yml -vvvv || sleep 10800 # sleep 3 hours

MINUTES_WAITED=0
until [ $MINUTES_WAITED -ge 180 ] || ansible-playbook -i ~/inventory ~/ssh-connection-workaround.yml
do
    sleep 60
    echo "Installation not finished yet."
    ((MINUTES_WAITED+=1))
done

ansible-playbook -i ~/inventory ~/copy-kubeconfig-to-bastion.yml
ansible-playbook -i ~/inventory ~/fetch-kubeconfig.yml -vvvv

Properties

Property Value Description
Resource requests (cpu) 1000m Used in .resources.requests of the pod running this step.
Resource requests (memory) 500Mi Used in .resources.requests of the pod running this step.

GitHub Link:

https://github.com/openshift/release/blob/master/ci-operator/step-registry/telco-bastion/setup/telco-bastion-setup-ref.yaml

Owners:

Approvers:

Source code for this page located on GitHub