Skip to content

Commit

Permalink
Create separate hypershift conformance step
Browse files Browse the repository at this point in the history
  • Loading branch information
@wangke19
wangke19 committed Feb 28, 2025
1 parent 015c551 commit 5667dc0
Show file tree
Hide file tree
Showing 4 changed files with 295 additions and 258 deletions.
261 changes: 3 additions & 258 deletions ci-operator/step-registry/hypershift/conformance/hypershift-conformance-chain.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,261 +1,6 @@
chain:
as: hypershift-conformance
steps:
- as: conformance-tests
from: tests
commands: |-
set -x
function cleanup() {
for child in $( jobs -p ); do
kill "${child}"
done
wait
}
trap cleanup EXIT
function patch_image_streams() {
# with OCP <= 4.17,
# imagestreams on the hosted cluster are ignoring
# the CA injected at creation/(installation) time.
# see: https://issues.redhat.com/browse/RFE-3093
# and: https://github.com/openshift/enhancements/pull/416/commits/e46072ecf77b58c79b4bece5e0c6a5a5546a1b8a
OCP_MINOR_VERSION=$(oc version | grep "Server Version" | cut -d '.' -f2)
if [ "$OCP_MINOR_VERSION" -le "17" ]; then
echo "#### Add trust for the mirroring registry"
oc get cm -n openshift-config user-ca-bundle -o json | jq -r '.data["ca-bundle.crt"]' > /tmp/ca-bundle.crt
oc create configmap registry-config --from-file=${DS_REGISTRY//:/..}=/tmp/ca-bundle.crt -n openshift-config
oc patch image.config.openshift.io/cluster --patch '{"spec":{"additionalTrustedCA":{"name":"registry-config"}}}' --type=merge
else
oc --kubeconfig="${HYPERSHIFT_MANAGEMENT_CLUSTER_KUBECONFIG}" patch hostedclusters -n "${HYPERSHIFT_NAMESPACE}" "${CLUSTER_NAME}" --type='merge' -p '{"spec":{"configuration":{"image":{"additionalTrustedCA":{"name": "user-ca-bundle"}}}}}'
fi
sleep 60
}
function mirror_test_images() {
echo "### Mirroring test images"
DEVSCRIPTS_TEST_IMAGE_REPO=${DS_REGISTRY}/localimages/local-test-image
openshift-tests images --to-repository ${DEVSCRIPTS_TEST_IMAGE_REPO} > /tmp/mirror
scp "${SSHOPTS[@]}" /tmp/mirror "root@${IP}:/tmp/mirror"
# shellcheck disable=SC2087
ssh "${SSHOPTS[@]}" "root@${IP}" bash - << EOF
oc image mirror -f /tmp/mirror --registry-config ${DS_WORKING_DIR}/pull_secret.json
oc image mirror --registry-config ${DS_WORKING_DIR}/pull_secret.json --filter-by-os="linux/${ARCHITECTURE}.*" registry.k8s.io/pause:3.8 $DEVSCRIPTS_TEST_IMAGE_REPO:e2e-28-registry-k8s-io-pause-3-8-aP7uYsw5XCmoDy5W
oc image mirror --registry-config ${DS_WORKING_DIR}/pull_secret.json --filter-by-os="linux/${ARCHITECTURE}.*" registry.k8s.io/pause:3.9 $DEVSCRIPTS_TEST_IMAGE_REPO:e2e-27-registry-k8s-io-pause-3-9-p9APyPDU5GsW02Rk
oc image mirror --registry-config ${DS_WORKING_DIR}/pull_secret.json --filter-by-os="linux/${ARCHITECTURE}.*" registry.k8s.io/pause:3.9 $DEVSCRIPTS_TEST_IMAGE_REPO:e2e-28-registry-k8s-io-pause-3-9-p9APyPDU5GsW02Rk
oc image mirror --registry-config ${DS_WORKING_DIR}/pull_secret.json --filter-by-os="linux/${ARCHITECTURE}.*" registry.k8s.io/pause:3.10 $DEVSCRIPTS_TEST_IMAGE_REPO:e2e-27-registry-k8s-io-pause-3-10-b3MYAwZ_MelO9baY
oc image mirror --registry-config ${DS_WORKING_DIR}/pull_secret.json --filter-by-os="linux/${ARCHITECTURE}.*" registry.k8s.io/etcd:3.5.15-0 $DEVSCRIPTS_TEST_IMAGE_REPO:e2e-11-registry-k8s-io-etcd-3-5-15-0-W7c5qq4cz4EE20EQ
EOF
TEST_ARGS+=$(echo " --from-repository ${DEVSCRIPTS_TEST_IMAGE_REPO} ")
}
if [[ -z "${HOSTED_CP:-}" ]]; then
export CLUSTER_NAME="$(echo -n $PROW_JOB_ID|sha256sum|cut -c-20)"
export HYPERSHIFT_MANAGEMENT_CLUSTER_KUBECONFIG="${KUBECONFIG}"
export HYPERSHIFT_MANAGEMENT_CLUSTER_NAMESPACE="$(oc get hcp -A -o=jsonpath="{.items[?(@.metadata.name==\"$CLUSTER_NAME\")].metadata.namespace}")"
export HYPERSHIFT_NAMESPACE="$(oc get hostedclusters -A -o=jsonpath="{.items[?(@.metadata.name==\"$CLUSTER_NAME\")].metadata.namespace}")"
export AWS_SHARED_CREDENTIALS_FILE=/etc/hypershift-pool-aws-credentials/credentials
export KUBECONFIG=${SHARED_DIR}/nested_kubeconfig
[[ -n ${CLUSTER_PROFILE_DIR:-} ]] && export AZURE_AUTH_LOCATION=${CLUSTER_PROFILE_DIR}/osServicePrincipal.json
else
export KUBECONFIG=${SHARED_DIR}/kubeconfig
fi
# In order for openshift-tests to pull external binary images from the
# payload, we need access enabled to the images on the build farm. In
# order to do that, we need to unset the KUBECONFIG so we talk to the
# build farm, not the cluster under test.
echo "Granting access for image pulling from the build farm..."
KUBECONFIG_BAK=$KUBECONFIG
unset KUBECONFIG
oc adm policy add-role-to-group system:image-puller system:unauthenticated --namespace "${NAMESPACE}"
export KUBECONFIG=$KUBECONFIG_BAK
if [[ -n "${USE_HYPERSHIFT_AZURE_CREDS:-}" ]]; then
export AZURE_AUTH_LOCATION=/etc/hypershift-ci-jobs-azurecreds/credentials.json
fi
if [ -f "${SHARED_DIR}/proxy-conf.sh" ] ; then
source "${SHARED_DIR}/proxy-conf.sh"
fi
if [ -f "${SHARED_DIR}/ds-vars.conf" ] ; then
source "${SHARED_DIR}/ds-vars.conf"
fi
if [ -f "${SHARED_DIR}/packet-conf.sh" ] ; then
source "${SHARED_DIR}/packet-conf.sh"
fi
CLUSTER_TYPE="$(oc get infrastructure cluster -ojsonpath='{.status.platform}'|tr '[:upper:]' '[:lower:]')"
case "${CLUSTER_TYPE}" in
gcp)
PROJECT="$(oc get -o jsonpath='{.status.platformStatus.gcp.projectID}' infrastructure cluster)"
REGION="$(oc get -o jsonpath='{.status.platformStatus.gcp.region}' infrastructure cluster)"
export TEST_PROVIDER="{\"type\":\"gce\",\"region\":\"${REGION}\",\"multizone\": true,\"multimaster\":true,\"projectid\":\"${PROJECT}\"}"
;;
aws|aws-arm64)
REGION="$(oc get -o jsonpath='{.status.platformStatus.aws.region}' infrastructure cluster)"
ZONE="$(oc get -o jsonpath='{.items[0].metadata.labels.failure-domain\.beta\.kubernetes\.io/zone}' nodes)"
export TEST_PROVIDER="{\"type\":\"aws\",\"region\":\"${REGION}\",\"zone\":\"${ZONE}\",\"multizone\":true,\"multimaster\":true}"
;;
azure4|azure)
REGION="$(oc get -o jsonpath='{.items[0].metadata.labels.failure-domain\.beta\.kubernetes\.io/region}' nodes)"
ZONE="$(oc get -o jsonpath='{.items[0].metadata.labels.failure-domain\.beta\.kubernetes\.io/zone}' nodes)"
export TEST_PROVIDER="{\"type\":\"azure\",\"region\":\"${REGION}\",\"zone\":\"${ZONE}\"}"
;;
azurestack)
export TEST_PROVIDER="none"
;;
vsphere)
export TEST_PROVIDER=vsphere;;
alibabacloud)
REGION="$(oc get -o jsonpath='{.status.platformStatus.alibabacloud.region}' infrastructure cluster)"
export TEST_PROVIDER="{\"type\":\"alibabacloud\",\"region\":\"${REGION}\",\"multizone\":true,\"multimaster\":true}"
export KUBE_SSH_USER=core
;;
openstack*)
# shellcheck disable=SC1090
source "${SHARED_DIR}/cinder_credentials.sh"
if test -n "${HTTP_PROXY:-}" -o -n "${HTTPS_PROXY:-}"; then
export TEST_PROVIDER='{"type":"openstack","disconnected":true}'
else
export TEST_PROVIDER='{"type":"openstack"}'
fi
;;
ovirt) export TEST_PROVIDER='{"type":"ovirt"}';;
none)
if [[ "${DISCONNECTED}" == "true" ]]; then
mirror_test_images
patch_image_streams
export TEST_PROVIDER='{"type":"baremetal","disconnected":true}'
else
export TEST_PROVIDER='{"type":"baremetal"}'
fi
;;
ibmcloud)
export TEST_PROVIDER='{"type":"ibmcloud"}'
IC_API_KEY="$(< "${CLUSTER_PROFILE_DIR}/ibmcloud-api-key")"
export IC_API_KEY
;;
kubevirt)
if [[ "${DISCONNECTED}" == "true" ]];
then
mirror_test_images
patch_image_streams
export TEST_PROVIDER='{"type":"kubevirt","disconnected":true}'
else
export TEST_PROVIDER='{"type":"kubevirt"}'
fi
;;
*) echo >&2 "Unsupported cluster type '${CLUSTER_TYPE}'"; exit 1;;
esac
if [[ "${TEST_SUITE}" == "openshift/conformance/parallel/minimal" ]]; then
TEST_SKIPS="${TEST_SKIPS:+${TEST_SKIPS}\|}\[Suite:openshift/conformance/parallel\]"
TEST_SUITE="openshift/conformance/parallel"
fi
if [[ -n "${TEST_CSI_DRIVER_MANIFEST}" ]]; then
export TEST_CSI_DRIVER_FILES=${SHARED_DIR}/${TEST_CSI_DRIVER_MANIFEST}
fi
if [[ -n "${TEST_INCLUDES}" ]]; then
TESTS="$(openshift-tests run --dry-run --provider "${TEST_PROVIDER}" "${TEST_SUITE}")"
echo "${TESTS}" | grep "${TEST_INCLUDES}" >/tmp/test_includes
fi
if [[ -n "${TEST_SKIPS}" ]]; then
TESTS="$(openshift-tests run --dry-run --provider "${TEST_PROVIDER}" "${TEST_SUITE}")"
echo "${TESTS}" | grep -v "${TEST_SKIPS}" >/tmp/tests
if [[ -n "${TEST_INCLUDES}" ]]; then
TEST_SKIPS_SPECIFIC=$(echo "$TEST_SKIPS" | sed 's/\\\[Suite:openshift\/conformance\/parallel\\\]$//')
TEST_SKIPS_SPECIFIC="${TEST_SKIPS_SPECIFIC%\\|}"
cat /tmp/test_includes | grep -v "${TEST_SKIPS_SPECIFIC:-placeholder_no_match}" >>/tmp/tests
fi
echo "Skipping tests:"
echo "${TESTS}" | grep -vxFf /tmp/tests || { exit_code=$?; echo 'Error: no tests were found matching the TEST_SKIPS regex:'; echo "$TEST_SKIPS"; return $exit_code; }
TEST_ARGS="${TEST_ARGS:-} --file /tmp/tests"
fi
sleep 6h
openshift-tests run ${TEST_SUITE} ${TEST_ARGS:-} \
--provider "${TEST_PROVIDER}" \
-o "${ARTIFACT_DIR}/e2e.log" \
--junit-dir "${ARTIFACT_DIR}/junit" 2>&1 | tee /tmp/openshift-tests.log
exit_code=${PIPESTATUS[0]}
# If this line is shown in the openshift-tests output, all of the conformance test cases passed,
# but the monitor test has failed. Currently we're ignoring MonitorTest failures until we resolve:
# https://issues.redhat.com/browse/CNV-33717
if [[ -n "${SKIP_MONITOR_TEST}" ]] && [[ $(grep "failed due to a MonitorTest failure" /tmp/openshift-tests.log) ]];
then
echo "overriding Monitor Test Failure"
exit_code=0
fi
exit ${exit_code}
credentials:
- mount_path: /etc/hypershift-pool-aws-credentials
name: hypershift-pool-aws-credentials
namespace: test-credentials
- mount_path: /etc/hypershift-ci-jobs-azurecreds
name: hypershift-ci-jobs-azurecreds
namespace: test-credentials
timeout: 14400s
grace_period: 30m0s
env:
- name: TEST_ARGS
default: ""
documentation: |-
Additional arguments to be passed to 'openshift-test'
- name: TEST_SUITE
default: openshift/conformance/parallel
documentation: |-
The test suite to run. Defaults to openshift/conformance/parallel
- name: TEST_SKIPS
default: ""
documentation: |
Regular expression (POSIX basic regular expression) of tests to skip.
It is suggested to test the regex to make sure that it matches with the available tests.
Tests can be listed by using 'openshift-tests run --dry-run (...)'. Sometimes, the tests
that are printed in Prow won't exactly match the list returned by openshift-tests.
- name: TEST_INCLUDES
default: ""
documentation: |
Regular expression (POSIX basic regular expression) of tests to include,
even if these tests were matched in the TEST_SKIPS expression.
- name: SKIP_MONITOR_TEST
default: ""
documentation: |-
if non-empty, ignores job failure which is as a result of a failure of the MonitorTest suite.
All conformance test cases need to pass for the job to pass, though.
- name: DISCONNECTED
default: "false"
documentation: Should we work on top of a disconnected environment
- name: ARCHITECTURE
default: "amd64"
documentation: Set the architecture for disconnected conformance (amd64, arm64, ppc64le, s390x)
- name: USE_HYPERSHIFT_AZURE_CREDS
default: "false"
documentation: "Whether to use hypershift-ci-jobs-azurecreds secret for Azure credentials. Set to 'true' to use the secret. Set to 'false' to use the default credentials."
- name: TEST_CSI_DRIVER_MANIFEST
default: ""
documentation: |-
Name of the CSI driver manifest file to use. Used by the `openshift-tests`
program as TEST_CSI_DRIVER_FILES env. var., see its documentation for
details. The file must be present in ${SHARED_DIR}.
- name: HOSTED_CP
default: ""
documentation: Execute against a ROSA hosted control plane
resources:
requests:
cpu: "3"
memory: 600Mi
- ref: hypershift-conformance
documentation: |-
Execute openshift conformance tests for hypershift.
Loading

0 comments on commit 5667dc0

Please sign in to comment.