From 7a097fb302a87496363b2113d611846dbc6d6a18 Mon Sep 17 00:00:00 2001 From: Neil Hanlon Date: Sun, 19 Jun 2022 00:00:02 -0400 Subject: [PATCH] Ensure builds work properly - architectures must match * Actually use release version input to run build-iso command * Buildstamp should be an epoch * template out the job/pod names instead of doing them in the rendering * label pods with toleration --- iso/empanadas/Containerfile | 6 +-- .../empanadas/scripts/launch_builds.py | 8 ++-- .../empanadas/templates/kube/Job.tmpl | 42 +++++++++++-------- 3 files changed, 31 insertions(+), 25 deletions(-) diff --git a/iso/empanadas/Containerfile b/iso/empanadas/Containerfile index ce0ee1d..c3c4ed9 100644 --- a/iso/empanadas/Containerfile +++ b/iso/empanadas/Containerfile @@ -1,11 +1,7 @@ -FROM ghcr.io/neilhanlon/skbn:latest as skbn - FROM quay.io/centos/centos:stream9 ADD images/get_arch /get_arch -COPY --from=skbn /usr/src/app/skbn.git/skbn /usr/local/bin/skbn - ENV TINI_VERSION v0.19.0 RUN curl -o /tini -L "https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini-$(/get_arch)" RUN chmod +x /tini @@ -62,7 +58,7 @@ RUN chown peridotbuilder:mock /etc/yum.conf && chown -R peridotbuilder:mock /etc RUN pip install 'git+https://git.rockylinux.org/release-engineering/public/toolkit.git@feature/iso-kube#egg=empanadas&subdirectory=iso/empanadas' -RUN echo "nameserver 1.1.1.1" > /etc/resolv.conf +RUN pip install awscli ENV USER=1002 USER 1002 diff --git a/iso/empanadas/empanadas/scripts/launch_builds.py b/iso/empanadas/empanadas/scripts/launch_builds.py index 903a743..f0f82f7 100755 --- a/iso/empanadas/empanadas/scripts/launch_builds.py +++ b/iso/empanadas/empanadas/scripts/launch_builds.py @@ -1,6 +1,7 @@ # Launches the builds of ISOs import argparse +import datetime from empanadas.common import * from empanadas.common import _rootdir @@ -29,15 +30,16 @@ def run(): elif results.env == "all": arches = EKSARCH+EXTARCH + command = ["build-iso", "--release", f"{results.release}", "--rc", "--isolation", "simple"] + out = "" for arch in arches: out += job_template.render( architecture=arch, backoffLimit=4, - command=["build-iso", "--release", "9", "--rc", "--isolation", "simple"], - containerName=f"buildiso-{major}-{arch}", + buildTime=datetime.datetime.utcnow().strftime("%s"), + command=command, imageName="ghcr.io/neilhanlon/sig-core-toolkit:latest", - jobName=f"build-iso-{arch}", namespace="empanadas", major=major, restartPolicy="Never", diff --git a/iso/empanadas/empanadas/templates/kube/Job.tmpl b/iso/empanadas/empanadas/templates/kube/Job.tmpl index c3b0a92..bfcc20a 100644 --- a/iso/empanadas/empanadas/templates/kube/Job.tmpl +++ b/iso/empanadas/empanadas/templates/kube/Job.tmpl @@ -2,34 +2,35 @@ apiVersion: batch/v1 kind: Job metadata: - name: {{ jobName }} + name: build-iso-{{ major }}-{{ architecture }} namespace: {{ namespace }} spec: template: + metadata: + labels: + peridot.rockylinux.org/workflow-tolerates-arch: {{ architecture }} spec: containers: - - name: {{ containerName }} - image: {{ imageName }} - command: {{ command }} - lifecycle: - preStop: - exec: - command: [ - "skbn", - "cp", - "--src", - "/var/lib/mock/rocky-{{ major }}-{{ architecture }}/root/builddir/lorax-*`", - "--dst", - "s3://resf-empanadas/{{ containerName }}/$(date +%s)/", - "--parallel", - "2" - ] + - name: buildiso-{{ major }}-{{ architecture }} + image: {{ imageName }} + command: ["/bin/bash", "-c"] + args: + - | + {{ command | join(' ') }} + aws s3 cp --recursive --exclude=* --include=lorax* \ + /var/lib/mock/rocky-{{ major }}-$(uname -m)/root/builddir/ \ + "s3://resf-empanadas/buildiso-{{ major }}-{{ architecture }}/{{ buildTime }}/" securityContext: runAsUser: 0 runAsGroup: 0 privileged: true runAsNonRoot: false allowPrivilegeEscalation: true + volumeMounts: + - mountPath: /etc/resolv.conf + name: resolv-conf + - mountPath: /var/lib/mock/ + name: mock env: - name: AWS_REGION value: us-east-2 @@ -49,5 +50,12 @@ spec: operator: Equal value: {{ architecture }} restartPolicy: {{ restartPolicy }} + volumes: + - name: resolv-conf + hostPath: + path: /etc/resolv.conf + type: File + - name: mock + emptyDir: {} backoffLimit: {{ backoffLimit }}