openshift · openshift-merge-robot · Jul 8, 2020 · Jun 24, 2020
diff --git a/ci-operator/config/openshift/installer/openshift-installer-master.yaml b/ci-operator/config/openshift/installer/openshift-installer-master.yaml
@@ -142,6 +142,10 @@ tests:
   steps:
     cluster_profile: aws
     workflow: openshift-e2e-aws
+- as: e2e-aws-proxy
+  steps:
+    cluster_profile: aws
+    workflow: openshift-e2e-aws-proxy
 - as: e2e-aws-shared-vpc
   steps:
     cluster_profile: aws

diff --git a/ci-operator/jobs/openshift/installer/openshift-installer-master-presubmits.yaml b/ci-operator/jobs/openshift/installer/openshift-installer-master-presubmits.yaml
@@ -248,67 +248,42 @@ presubmits:
     decoration_config:
       skip_cloning: true
     labels:
+      ci-operator.openshift.io/prowgen-controlled: "true"
       pj-rehearse.openshift.io/can-be-rehearsed: "true"
     name: pull-ci-openshift-installer-master-e2e-aws-proxy
     optional: true
     rerun_command: /test e2e-aws-proxy
     spec:
       containers:
       - args:
-        - --artifact-dir=$(ARTIFACTS)
-        - --give-pr-author-access-to-namespace=true
         - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson
-        - --kubeconfig=/etc/apici/kubeconfig
         - --lease-server-password-file=/etc/boskos/password
-        - --lease-server-username=ci
-        - --lease-server=https://boskos-ci.svc.ci.openshift.org
-        - --repo=installer
+        - --report-password-file=/etc/report/password.txt
+        - --report-username=ci
         - --secret-dir=/usr/local/e2e-aws-proxy-cluster-profile
         - --target=e2e-aws-proxy
-        - --template=/usr/local/e2e-aws-proxy
         command:
         - ci-operator
-        env:
-        - name: CLUSTER_TYPE
-          value: aws
-        - name: CLUSTER_VARIANT
-          value: proxy
-        - name: JOB_NAME_SAFE
-          value: e2e-aws-proxy
-        - name: TEST_COMMAND
-          value: TEST_SUITE=openshift/conformance/parallel run-tests
         image: ci-operator:latest
         imagePullPolicy: Always
         name: ""
         resources:
           requests:
             cpu: 10m
         volumeMounts:
-        - mountPath: /etc/apici
-          name: apici-ci-operator-credentials
-          readOnly: true
         - mountPath: /etc/boskos
           name: boskos
           readOnly: true
         - mountPath: /usr/local/e2e-aws-proxy-cluster-profile
           name: cluster-profile
-        - mountPath: /usr/local/e2e-aws-proxy
-          name: job-definition
-          subPath: cluster-launch-installer-upi-e2e.yaml
         - mountPath: /etc/pull-secret
           name: pull-secret
           readOnly: true
-        - mountPath: /etc/sentry-dsn
-          name: sentry-dsn
+        - mountPath: /etc/report
+          name: result-aggregator
           readOnly: true
       serviceAccountName: ci-operator
       volumes:
-      - name: apici-ci-operator-credentials
-        secret:
-          items:
-          - key: sa.ci-operator.apici.config
-            path: kubeconfig
-          secretName: apici-ci-operator-credentials
       - name: boskos
         secret:
           items:
@@ -320,15 +295,12 @@ presubmits:
           sources:
           - secret:
               name: cluster-secrets-aws
-      - configMap:
-          name: prow-job-cluster-launch-installer-upi-e2e
-        name: job-definition
       - name: pull-secret
         secret:
           secretName: regcred
-      - name: sentry-dsn
+      - name: result-aggregator
         secret:
-          secretName: sentry-dsn
+          secretName: result-aggregator
     trigger: (?m)^/test( | .* )e2e-aws-proxy,?($|\s.*)
   - agent: kubernetes
     always_run: false

diff --git a/ci-operator/step-registry/gather/proxy/OWNERS b/ci-operator/step-registry/gather/proxy/OWNERS
@@ -0,0 +1,3 @@
+approvers:
+- wking
+- ewolinetz
diff --git a/ci-operator/step-registry/gather/proxy/gather-proxy-commands.sh b/ci-operator/step-registry/gather/proxy/gather-proxy-commands.sh
@@ -0,0 +1,45 @@
+#!/bin/bash
+set -o nounset
+set -o errexit
+set -o pipefail
+
+trap 'CHILDREN=$(jobs -p); if test -n "${CHILDREN}"; then kill ${CHILDREN} && wait; fi' TERM
+
+export AWS_SHARED_CREDENTIALS_FILE="${CLUSTER_PROFILE_DIR}/.awscred"
+
+if test ! -f "${SHARED_DIR}/proxyregion"
+then
+	echo "No proxyregion, so unknown AWS region, so unable to tear down ."
+	exit 0
+fi
+
+REGION="$(cat "${SHARED_DIR}/proxyregion")"
+PROXY_NAME="${NAMESPACE}-${JOB_NAME_HASH}"
+
+# cleaning up after ourselves
+if aws --region "${REGION}" s3api head-bucket --bucket "${PROXY_NAME}" /dev/null 2>&1
+then
+  aws --region "${REGION}" s3 rb "s3://${PROXY_NAME}" --force
+fi
+
+STACK_NAME="${PROXY_NAME}-proxy"
+
+# collect logs from the proxy here
+if [ -f "${SHARED_DIR}/proxyip" ]; then
+  proxy_ip="$(cat "${SHARED_DIR}/proxyip")"
+
+  if ! whoami &> /dev/null; then
+    if [ -w /etc/passwd ]; then
+      echo "${USER_NAME:-default}:x:$(id -u):0:${USER_NAME:-default} user:${HOME}:/sbin/nologin" >> /etc/passwd
+    fi
+  fi
+  eval "$(ssh-agent)"
+  ssh-add "${CLUSTER_PROFILE_DIR}/ssh-privatekey"
+  ssh -A -o PreferredAuthentications=publickey -o StrictHostKeyChecking=false -o UserKnownHostsFile=/dev/null "core@${proxy_ip}" 'journalctl -u squid' > "${ARTIFACT_DIR}/squid.service"
+fi
+
+aws --region "${REGION}" cloudformation delete-stack --stack-name "${STACK_NAME}" &
+wait "$!"
+
+aws --region "${REGION}" cloudformation wait stack-delete-complete --stack-name "${STACK_NAME}" &
+wait "$!"
diff --git a/ci-operator/step-registry/gather/proxy/gather-proxy-ref.yaml b/ci-operator/step-registry/gather/proxy/gather-proxy-ref.yaml
@@ -0,0 +1,13 @@
+ref:
+  as: gather-proxy
+  from_image:
+    namespace: ocp
+    name: "4.5"
+    tag: upi-installer
+  commands: gather-proxy-commands.sh
+  resources:
+    requests:
+      cpu: 300m
+      memory: 300Mi
+  documentation: |-
+    The gather step collects journal logs from the proxy and deprovisions it.
diff --git a/ci-operator/step-registry/ipi/aws/post/proxy/OWNERS b/ci-operator/step-registry/ipi/aws/post/proxy/OWNERS
@@ -0,0 +1,3 @@
+approvers:
+- wking
+- ewolinetz
diff --git a/ci-operator/step-registry/ipi/aws/post/proxy/ipi-aws-post-proxy-chain.yaml b/ci-operator/step-registry/ipi/aws/post/proxy/ipi-aws-post-proxy-chain.yaml
@@ -0,0 +1,8 @@
+chain:
+  as: ipi-aws-post-proxy
+  steps:
+  - ref: gather-aws-console
+  - ref: gather-proxy
+  - chain: ipi-deprovision
+  documentation: |-
+    The IPI cleanup step contains all steps that gather and deprovision an OpenShift cluster on AWS, provisioned by the `ipi-aws-pre-proxy` chain.
diff --git a/ci-operator/step-registry/ipi/aws/pre/proxy/OWNERS b/ci-operator/step-registry/ipi/aws/pre/proxy/OWNERS
@@ -0,0 +1,3 @@
+approvers:
+- wking
+- ewolinetz
diff --git a/ci-operator/step-registry/ipi/aws/pre/proxy/ipi-aws-pre-proxy-chain.yaml b/ci-operator/step-registry/ipi/aws/pre/proxy/ipi-aws-pre-proxy-chain.yaml
@@ -0,0 +1,8 @@
+chain:
+  as: ipi-aws-pre-proxy
+  steps:
+  - chain: ipi-conf-aws-proxy
+  - chain: ipi-install
+  documentation: |-
+    The proxy setup step contains all steps that provision an OpenShift cluster
+    in a shared VPC configuration on AWS behind by a single proxy instance on ec2.
diff --git a/ci-operator/step-registry/ipi/conf/aws/proxy/OWNERS b/ci-operator/step-registry/ipi/conf/aws/proxy/OWNERS
@@ -0,0 +1,3 @@
+approvers:
+- wking
+- ewolinetz
diff --git a/ci-operator/step-registry/ipi/conf/aws/proxy/ipi-conf-aws-proxy-chain.yaml b/ci-operator/step-registry/ipi/conf/aws/proxy/ipi-conf-aws-proxy-chain.yaml
@@ -0,0 +1,7 @@
+chain:
+  as: ipi-conf-aws-proxy
+  steps:
+  - chain: ipi-conf-aws-sharednetwork
+  - ref: ipi-conf-aws-proxy
+  documentation: |-
+    The IPI configure aws proxy step chain spins up a squid proxy in a separate ec2 instance and appends the proxy info to the install-config.yaml file.