Skip to content

Commit

Permalink
test: Run api tests against stage
Browse files Browse the repository at this point in the history
  • Loading branch information
croissanne authored and teg committed Oct 21, 2021
1 parent 6912bb1 commit b074aa9
Show file tree
Hide file tree
Showing 6 changed files with 4 additions and 394 deletions.
95 changes: 4 additions & 91 deletions schutzbot/deploy.sh
Original file line number Diff line number Diff line change
Expand Up @@ -12,89 +12,6 @@ echo -e "fastestmirror=1" | sudo tee -a /etc/dnf/dnf.conf
REPO_DIR=repo/image-builder/"${CI_PIPELINE_ID}"
sudo dnf localinstall -y "$REPO_DIR"/*"${ARCH}".rpm

# Retrieve composer&osbuild version from current stage deployment
pushd "$(mktemp -d)"
chmod 600 "$TERRAFORM_REPO_DEPLOY_KEY"
GIT_SSH_COMMAND="ssh -i $TERRAFORM_REPO_DEPLOY_KEY -oStrictHostKeyChecking=no" git clone --depth 1 --sparse git@github.com:osbuild/image-builder-terraform.git
OSBUILD_COMMIT="$(cat image-builder-terraform/terraform.tfvars.json | jq -r .osbuild_commit)"
OSBUILD_COMPOSER_COMMIT="$(cat image-builder-terraform/terraform.tfvars.json | jq -r .composer_commit)"
popd

DNF_REPO_BASEURL=http://osbuild-composer-repos.s3.amazonaws.com
sudo tee /etc/yum.repos.d/osbuild.repo << EOF
[osbuild]
name=osbuild ${OSBUILD_COMMIT}
baseurl=${DNF_REPO_BASEURL}/osbuild/rhel-${VERSION_ID%.*}-cdn/${ARCH}/${OSBUILD_COMMIT}
enabled=1
gpgcheck=0
priority=5
[osbuild-composer]
name=osbuild-composer ${OSBUILD_COMPOSER_COMMIT}
baseurl=${DNF_REPO_BASEURL}/osbuild-composer/rhel-${VERSION_ID%.*}-cdn/${ARCH}/${OSBUILD_COMPOSER_COMMIT}
enabled=1
gpgcheck=0
priority=6
EOF

# Install osbuild-composer
sudo dnf install -y osbuild-composer composer-cli

sudo mkdir -p /etc/osbuild-composer
sudo cp -a schutzbot/osbuild-composer.toml /etc/osbuild-composer/

sudo mkdir -p /etc/osbuild-worker

# if GCP credentials are defined in the ENV, add them to the worker's configuration
GOOGLE_APPLICATION_CREDENTIALS="${GOOGLE_APPLICATION_CREDENTIALS:-}"
if [[ -n "$GOOGLE_APPLICATION_CREDENTIALS" ]]; then
# The credentials file must be copied to a different location. Jenkins places
# it into /tmp and as a result, the worker would not see it due to using PrivateTmp=true.
GCP_CREDS_WORKER_PATH="/etc/osbuild-worker/gcp-credentials.json"
sudo cp "$GOOGLE_APPLICATION_CREDENTIALS" "$GCP_CREDS_WORKER_PATH"
echo -e "\n[gcp]\ncredentials = \"$GCP_CREDS_WORKER_PATH\"\n" | sudo tee -a /etc/osbuild-worker/osbuild-worker.toml
fi

# if Azure credentials are defined in the env, create the credentials file
V2_AZURE_CLIENT_ID="${V2_AZURE_CLIENT_ID:-}"
V2_AZURE_CLIENT_SECRET="${V2_AZURE_CLIENT_SECRET:-}"
if [[ -n "$V2_AZURE_CLIENT_ID" && -n "$V2_AZURE_CLIENT_SECRET" ]]; then
sudo tee /etc/osbuild-worker/azure-credentials.toml > /dev/null << EOF
client_id = "$V2_AZURE_CLIENT_ID"
client_secret = "$V2_AZURE_CLIENT_SECRET"
EOF
sudo tee -a /etc/osbuild-worker/osbuild-worker.toml > /dev/null << EOF
[azure]
credentials = "/etc/osbuild-worker/azure-credentials.toml"
EOF
fi


# Copy Fedora rpmrepo snapshots for use in weldr tests. RHEL's are usually more
# stable, and not available publically from rpmrepo.
sudo mkdir -p /etc/osbuild-composer/repositories
sudo cp -a schutzbot/repositories/fedora-*.json \
/etc/osbuild-composer/repositories/

# Generate all X.509 certificates for the tests
./schutzbot/generate-certs.sh

sudo systemctl enable --now osbuild-composer.socket
sudo systemctl enable --now osbuild-composer-api.socket

# The keys were regenerated but osbuild-composer might be already running.
# Let's try to restart it. In ideal world, this shouldn't be needed as every
# test case is supposed to run on a pristine machine. However, this is
# currently not true on Schutzbot
sudo systemctl try-restart osbuild-composer

# Basic verification
sudo composer-cli status show
sudo composer-cli sources list
for SOURCE in $(sudo composer-cli sources list); do
sudo composer-cli sources info "$SOURCE"
done

# Currently openstack/rhel-8.4-x86_64 cannot subcribe, subscription is disabled.
# In a non-subscribed system, cannot pull the Postgres container. So manually download it from quay.io
# Remove this after openstack/rhel-8.4-x86_64 can subscribe
Expand Down Expand Up @@ -135,14 +52,10 @@ sudo podman logs image-builder-migrate
echo "{\"000000\":{\"quota\":5,\"slidingWindow\":1209600000000000},\"000001\":{\"quota\":0,\"slidingWindow\":1209600000000000}}" > /tmp/quotas
# Start Image Builder container
sudo podman run -d -p 8086:8086 --pull=never --security-opt "label=disable" --net=host \
-e OSBUILD_URL=https://localhost:443 \
-e OSBUILD_CA_PATH=/etc/osbuild-composer/ca-crt.pem \
-e OSBUILD_CERT_PATH=/etc/osbuild-composer/client-crt.pem \
-e OSBUILD_KEY_PATH=/etc/osbuild-composer/client-key.pem \
-e OSBUILD_AWS_REGION="${AWS_REGION:-}"\
-e OSBUILD_AWS_ACCESS_KEY_ID="${V2_AWS_ACCESS_KEY_ID:-}" \
-e OSBUILD_AWS_SECRET_ACCESS_KEY="${V2_AWS_SECRET_ACCESS_KEY:-}" \
-e OSBUILD_AWS_S3_BUCKET="${AWS_BUCKET:-}" \
-e COMPOSER_URL=https://api.stage.openshift.com: \
-e COMPOSER_TOKEN_URL="https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token" \
-e OFFLINE_TOKEN="${OFFLINE_TOKEN:-}" \
-e OSBUILD_AWS_REGION="${AWS_REGION:-}" \
-e OSBUILD_GCP_REGION="${GCP_REGION:-}" \
-e OSBUILD_GCP_BUCKET="${GCP_BUCKET:-}" \
-e OSBUILD_AZURE_LOCATION="${AZURE_LOCATION:-}" \
Expand Down
95 changes: 0 additions & 95 deletions schutzbot/generate-certs.sh

This file was deleted.

85 changes: 0 additions & 85 deletions schutzbot/openssl.cnf

This file was deleted.

7 changes: 0 additions & 7 deletions schutzbot/osbuild-composer.toml

This file was deleted.

Loading

0 comments on commit b074aa9

Please sign in to comment.