adopt buildmaster and alpha tags for oscontainer
#308
Conversation
openshift-ci-robot
added
the
size/M
|
The primary downside of this is that today, the api.ci cluster will be garbage collecting untagged oscontainers. If we start pushing ostree-commits-as-tags, we'll need to implement some GC policy ourselves. Which quickly gets into something like this: https://github.com/cgwalters/playground/blob/master/rust/imagestream-ostree-hash/src/imagestream-ostree-hash.rs I could try to stick that code inside the coreos-assembler container? |
|
The other big topic here is that if we go to the always-pivot approach from openshift/installer#281 We'd basically stop caring too much about the AMIs, and our AWS test would be "boot and pivot". This would significantly simplify a lot of things. I mean more generally we would need to be uploading AMIs (we will have to ship fixes to e.g. Ignition) but they can be on a much less frequent basis. |
|
At a high level...I didn't know you were working on this, I probably would have asked nicely for work to focus on the assembler 😄 But - improving the current pipeline is useful too! We just have to carefully weigh the risk/rewards. Let's split out the two prep patches to the util API, they look clean and we can merge them now. |
I think we could implement this trivially by just using
Yeah, I was just tinkering in this area and wanted to measure the reception. I could try to fit this into the assembler, but I guess I'm still not clear on everything the assembler would be responsible for and how to work in pieces like this. I'm comfortable with sending the majority of this PR to
Will do. |
Yeah that'd help a lot.
Right, that's a big topic. I'm still trying to land the oscontainer basics there along with some work around how the images are sync'd. |
So let's hold off on this PR for now, with the expectation that we'll be able to do more intelligent tagging/promotion once It's not like there is any tooling here or on the OpenShift side that is waiting for a |
I chatted with @cgwalters and we decided to give this PR a shot, but first I need to try to implement the I've split out the utility functions in to a separate PR (#309) |
|
/hold |
openshift-ci-robot
added
the
do-not-merge/hold
miabbott
force-pushed
the
version_tagging
branch
4 times, most recently
from
0b34a81 to
120d657
Compare
miabbott
force-pushed
the
version_tagging
branch
from
120d657 to
39de164
Compare
|
/hold cancel |
openshift-ci-robot
removed
the
do-not-merge/hold
|
I'm pretty sure this should work; though kind of hard to test since it involves manipulating the production registry. |
miabbott
force-pushed
the
version_tagging
branch
from
2ea99a6 to
5879c43
Compare
|
Rebased ⬆️ |
Jenkinsfile.treecompose
Outdated
| podman push ${OSCONTAINER_IMG}:buildmaster | ||
| podman push ${OSCONTAINER_IMG}:${composeMeta.commit} | ||
| skopeo inspect docker://${OSCONTAINER_IMG}:buildmaster | jq '.Digest' > imgid.txt | ||
| podman inspect --format='{{.Id}}' ${OSCONTAINER_IMG}:buildmaster > imgid.txt |
There was a problem hiding this comment.
Duplicate writes to imgid.txt?
There was a problem hiding this comment.
Ugh, screwed up my rebase.
Jenkinsfile.aws-test
Outdated
| @@ -32,6 +35,7 @@ node(NODE) { | |||
| sshUserPrivateKey(credentialsId: params.ARTIFACT_SSH_CREDS_ID, keyFileVariable: 'KEY_FILE'), | |||
| ]) { | |||
| utils.rsync_file_in_dest(ARTIFACT_SERVER, KEY_FILE, "${images}/cloud/latest/meta.json", "${WORKSPACE}/meta.json") | |||
| ostree_commit = utils.sh_capture("jq -r '.[\"ostree-commit\"]' ${WORKSPACE}/meta.json") | |||
There was a problem hiding this comment.
This isn't new (you're building on code right below), but probably we should just use readJSON rather than calling out to jq - Groovy is a real programming language.
There was a problem hiding this comment.
Okay, I'll include another commit to use that in this area.
Jenkinsfile.aws-test
Outdated
| # Tag the container image to alpha, then GC the image tagged with the ostree commit | ||
| podman pull ${OSCONTAINER_IMG}:${ostree_commit} | ||
| podman tag ${OSCONTAINER_IMG}:${ostree_commit} ${OSCONTAINER_IMG}:alpha | ||
| podman push ${OSCONTAINER_IMG}:alpha |
There was a problem hiding this comment.
We don't actually need to pull locally here, we can just skopeo copy right?
In an effort to get closer to what has been discussed in openshift#150, the tagging scheme has been changed so that the latest container image out of the pipeline is tagged with `buildmaster` and the commit ID. The usage of the commit ID allows for other parts of the piepline to easily refer to it for other operations.
In openshift#150, it was discussed that an `alpha` tag should be made for the oscontainer (and cloud image) after it passes the tests run in AWS. This change accomplishes this goal by pulling the oscontainer by commit ID, tagging it as `alpha` and pushing it to the registry. (After a successful test, obviously) If the AWS tests fail, the image tagged with the ostree commit is garbage collected and no alpha promotion happens.
To bootstrap the change to `buildmaster`, we need to do a quick test if the tag exists on the registry. If it exists, we can pull from it, otherwise we need to use `latest`
miabbott
force-pushed
the
version_tagging
branch
from
5879c43 to
e4f784a
Compare
|
New commits incorporating feedback from @cgwalters ⬆️ |
|
/lgtm |
This pile of commits attempts to implement some of the versioning scheme for the
oscontainerdiscussed in #201.Firstly, during the
treecomposepipeline, theoscontaineris no longer tagged withlatest, but withbuildmaster. Additionally, it is tagged with theostreecommit that was used to generate the container image.This
ostreecommit is passed to theaws-testpipeline after a successfulcloudpipeline run. In theaws-testpipeline, theoscontaineris pulled by theostreecommit and if the AWS tests are successful, theoscontaineris tagged withalphaand pushed to the registry.This is probably not the best way to do this kind of image promotion and will likely be obsoleted by
coreos-assembler, but I figured I would still put this out there to see how it was received.