diff --git a/ci-operator/config/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.22__amd64-nightly.yaml b/ci-operator/config/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.22__amd64-nightly.yaml index 5325b1c34cef9..2d0e18573bdc5 100644 --- a/ci-operator/config/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.22__amd64-nightly.yaml +++ b/ci-operator/config/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.22__amd64-nightly.yaml @@ -3741,12 +3741,43 @@ tests: - ref: cucushift-installer-reportportal-marker test: - chain: openshift-e2e-test-qe-destructive -- as: gcp-ipi-confidential-secureboot-mini-perm-f14 +- as: gcp-ipi-confidential-secureboot-mini-perm-f14-mco cron: 44 2 2,16 * * steps: cluster_profile: gcp-qe env: COMPUTE_CONFIDENTIAL_COMPUTE: AMDEncryptedVirtualizationNestedPaging + COMPUTE_NODE_REPLICAS: "2" + COMPUTE_NODE_TYPE: n2d-standard-2 + COMPUTE_ON_HOST_MAINTENANCE: Terminate + CONFIDENTIAL_COMPUTE: AMDEncryptedVirtualization + CONTROL_PLANE_NODE_TYPE: c3d-standard-4 + GCP_INSTALL_USE_MINIMAL_PERMISSIONS: "yes" + test: + - chain: openshift-e2e-test-qe + workflow: cucushift-installer-rehearse-gcp-ipi-secureboot-confidential-computing +- as: gcp-ipi-confidential-secureboot-mini-perm-f14-mco-a + cron: 47 3 3,17 * * + steps: + cluster_profile: gcp-qe + env: + COMPUTE_CONFIDENTIAL_COMPUTE: AMDEncryptedVirtualizationNestedPaging + COMPUTE_NODE_REPLICAS: "2" + COMPUTE_NODE_TYPE: n2d-standard-2 + COMPUTE_ON_HOST_MAINTENANCE: Terminate + CONFIDENTIAL_COMPUTE: AMDEncryptedVirtualization + CONTROL_PLANE_NODE_TYPE: c3d-standard-4 + GCP_INSTALL_USE_MINIMAL_PERMISSIONS: "yes" + test: + - chain: openshift-e2e-test-qe + workflow: cucushift-installer-rehearse-gcp-ipi-secureboot-confidential-computing +- as: gcp-ipi-confidential-secureboot-mini-perm-f14-mco-b + cron: 50 4 4,18 * * + steps: + cluster_profile: gcp-qe + env: + COMPUTE_CONFIDENTIAL_COMPUTE: AMDEncryptedVirtualizationNestedPaging + COMPUTE_NODE_REPLICAS: "2" COMPUTE_NODE_TYPE: n2d-standard-2 COMPUTE_ON_HOST_MAINTENANCE: Terminate CONFIDENTIAL_COMPUTE: AMDEncryptedVirtualization diff --git a/ci-operator/config/openshift/verification-tests/openshift-verification-tests-main__installer-rehearse-4.22.yaml b/ci-operator/config/openshift/verification-tests/openshift-verification-tests-main__installer-rehearse-4.22.yaml index 2b24c160e63b6..9d694eaeecf15 100644 --- a/ci-operator/config/openshift/verification-tests/openshift-verification-tests-main__installer-rehearse-4.22.yaml +++ b/ci-operator/config/openshift/verification-tests/openshift-verification-tests-main__installer-rehearse-4.22.yaml @@ -109,6 +109,25 @@ tests: dependencies: OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE: release:multi-latest workflow: cucushift-installer-rehearse-gcp-upi +- as: gcp-ipi-confidential-secureboot-mco-test-f28 + cron: 30 10 15 * * + steps: + allow_skip_on_success: true + cluster_profile: gcp-qe + env: + COMPUTE_CONFIDENTIAL_COMPUTE: AMDEncryptedVirtualizationNestedPaging + COMPUTE_NODE_REPLICAS: "2" + COMPUTE_NODE_TYPE: n2d-standard-2 + COMPUTE_ON_HOST_MAINTENANCE: Terminate + CONFIDENTIAL_COMPUTE: AMDEncryptedVirtualization + CONTROL_PLANE_NODE_TYPE: c3d-standard-4 + CUSTOM_OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE: quay.io/openshift-release-dev/ocp-release:4.22.0-ec.2-x86_64 + GCP_INSTALL_USE_MINIMAL_PERMISSIONS: "yes" + SLEEP_DURATION: 10h + test: + - chain: cucushift-installer-check-cluster-health + - ref: cucushift-installer-wait + workflow: cucushift-installer-rehearse-gcp-ipi-secureboot-confidential-computing - as: installer-rehearse-gcp-regions cron: '@yearly' steps: diff --git a/ci-operator/jobs/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.22-periodics.yaml b/ci-operator/jobs/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.22-periodics.yaml index 0081448da73a9..ce3a137b2a7d4 100644 --- a/ci-operator/jobs/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.22-periodics.yaml +++ b/ci-operator/jobs/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.22-periodics.yaml @@ -37104,7 +37104,7 @@ periodics: ci.openshift.io/generator: prowgen job-release: "4.22" pj-rehearse.openshift.io/can-be-rehearsed: "true" - name: periodic-ci-openshift-openshift-tests-private-release-4.22-amd64-nightly-gcp-ipi-confidential-secureboot-mini-perm-f14 + name: periodic-ci-openshift-openshift-tests-private-release-4.22-amd64-nightly-gcp-ipi-confidential-secureboot-mini-perm-f14-mco spec: containers: - args: @@ -37114,7 +37114,187 @@ periodics: - --oauth-token-path=/usr/local/github-credentials/oauth - --report-credentials-file=/etc/report/credentials - --secret-dir=/secrets/ci-pull-credentials - - --target=gcp-ipi-confidential-secureboot-mini-perm-f14 + - --target=gcp-ipi-confidential-secureboot-mini-perm-f14-mco + - --variant=amd64-nightly + command: + - ci-operator + env: + - name: HTTP_SERVER_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /usr/local/github-credentials + name: github-credentials-openshift-ci-robot-private-git-cloner + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: github-credentials-openshift-ci-robot-private-git-cloner + secret: + secretName: github-credentials-openshift-ci-robot-private-git-cloner + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator +- agent: kubernetes + cluster: build04 + cron: 47 3 3,17 * * + decorate: true + decoration_config: + skip_cloning: true + extra_refs: + - base_ref: release-4.22 + org: openshift + repo: openshift-tests-private + labels: + ci-operator.openshift.io/cloud: gcp + ci-operator.openshift.io/cloud-cluster-profile: gcp-qe + ci-operator.openshift.io/variant: amd64-nightly + ci.openshift.io/generator: prowgen + job-release: "4.22" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: periodic-ci-openshift-openshift-tests-private-release-4.22-amd64-nightly-gcp-ipi-confidential-secureboot-mini-perm-f14-mco-a + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --oauth-token-path=/usr/local/github-credentials/oauth + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=gcp-ipi-confidential-secureboot-mini-perm-f14-mco-a + - --variant=amd64-nightly + command: + - ci-operator + env: + - name: HTTP_SERVER_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /usr/local/github-credentials + name: github-credentials-openshift-ci-robot-private-git-cloner + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: github-credentials-openshift-ci-robot-private-git-cloner + secret: + secretName: github-credentials-openshift-ci-robot-private-git-cloner + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator +- agent: kubernetes + cluster: build04 + cron: 50 4 4,18 * * + decorate: true + decoration_config: + skip_cloning: true + extra_refs: + - base_ref: release-4.22 + org: openshift + repo: openshift-tests-private + labels: + ci-operator.openshift.io/cloud: gcp + ci-operator.openshift.io/cloud-cluster-profile: gcp-qe + ci-operator.openshift.io/variant: amd64-nightly + ci.openshift.io/generator: prowgen + job-release: "4.22" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: periodic-ci-openshift-openshift-tests-private-release-4.22-amd64-nightly-gcp-ipi-confidential-secureboot-mini-perm-f14-mco-b + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --oauth-token-path=/usr/local/github-credentials/oauth + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=gcp-ipi-confidential-secureboot-mini-perm-f14-mco-b - --variant=amd64-nightly command: - ci-operator diff --git a/ci-operator/jobs/openshift/verification-tests/openshift-verification-tests-main-periodics.yaml b/ci-operator/jobs/openshift/verification-tests/openshift-verification-tests-main-periodics.yaml index bda77e9e16d44..bda97735c7527 100644 --- a/ci-operator/jobs/openshift/verification-tests/openshift-verification-tests-main-periodics.yaml +++ b/ci-operator/jobs/openshift/verification-tests/openshift-verification-tests-main-periodics.yaml @@ -67186,6 +67186,89 @@ periodics: - name: result-aggregator secret: secretName: result-aggregator +- agent: kubernetes + cluster: build12 + cron: 30 10 15 * * + decorate: true + decoration_config: + skip_cloning: true + extra_refs: + - base_ref: main + org: openshift + repo: verification-tests + labels: + ci-operator.openshift.io/cloud: gcp + ci-operator.openshift.io/cloud-cluster-profile: gcp-qe + ci-operator.openshift.io/variant: installer-rehearse-4.22 + ci.openshift.io/generator: prowgen + job-release: "4.22" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: periodic-ci-openshift-verification-tests-main-installer-rehearse-4.22-gcp-ipi-confidential-secureboot-mco-test-f28 + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=gcp-ipi-confidential-secureboot-mco-test-f28 + - --variant=installer-rehearse-4.22 + command: + - ci-operator + env: + - name: HTTP_SERVER_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator - agent: kubernetes cluster: build01 cron: '@yearly' diff --git a/ci-operator/step-registry/openshift-extended/test/longduration/openshift-extended-test-longduration-commands.sh b/ci-operator/step-registry/openshift-extended/test/longduration/openshift-extended-test-longduration-commands.sh index 676c2b1538ab4..42a064a5fe109 100755 --- a/ci-operator/step-registry/openshift-extended/test/longduration/openshift-extended-test-longduration-commands.sh +++ b/ci-operator/step-registry/openshift-extended/test/longduration/openshift-extended-test-longduration-commands.sh @@ -265,6 +265,42 @@ if [[ $IS_ACTIVE_CLUSTER_OPENSHIFT != "false" ]]; then ocpVersion=$(oc get clusterversion -o json | jq -r '.items[0].status.desired.version') fi +# Debug wait with timeout (default 3 hours) - placed AFTER cluster is ready +DEBUG_WAIT_TIMEOUT="${DEBUG_WAIT_TIMEOUT:-10800}" +echo "==========================================" +echo "DEBUG WAIT ACTIVE - Cluster ready for debugging" +echo "==========================================" +echo "Cluster is fully provisioned and ready!" +echo "Timeout: ${DEBUG_WAIT_TIMEOUT} seconds ($(($DEBUG_WAIT_TIMEOUT / 3600)) hours)" +echo "" +echo "To access the cluster:" +echo " 1. Find this pod in Prow job logs" +echo " 2. oc rsh -n test-credentials " +echo " 3. export KUBECONFIG=\${SHARED_DIR}/kubeconfig" +echo " 4. oc get nodes" +echo "" +echo "To continue tests, create the signal file:" +echo " touch /tmp/continue" +echo "==========================================" + +elapsed=0 +while [ ! -f "/tmp/continue" ] && [ $elapsed -lt $DEBUG_WAIT_TIMEOUT ] +do + sleep 10 + elapsed=$((elapsed + 10)) + if [ $((elapsed % 300)) -eq 0 ]; then + hours=$((elapsed / 3600)) + minutes=$(((elapsed % 3600) / 60)) + echo "Debug wait: ${hours}h ${minutes}m elapsed (${elapsed}s / ${DEBUG_WAIT_TIMEOUT}s)..." + fi +done + +if [ -f "/tmp/continue" ]; then + echo "Continue signal received. Proceeding with tests..." +else + echo "Debug wait timeout reached after $(($DEBUG_WAIT_TIMEOUT / 3600)) hours. Proceeding with tests..." +fi + #if OVERRIDE_OC_MIRROR then download oc-mirror from mirror.openshift.com if [[ "${OVERRIDE_OC_MIRROR:-}" == "true" ]]; then echo "OCP Version: ${ocpVersion:-}" diff --git a/ci-operator/step-registry/openshift-extended/test/openshift-extended-test-commands.sh b/ci-operator/step-registry/openshift-extended/test/openshift-extended-test-commands.sh index ba79b6432d346..5dffe209221cc 100755 --- a/ci-operator/step-registry/openshift-extended/test/openshift-extended-test-commands.sh +++ b/ci-operator/step-registry/openshift-extended/test/openshift-extended-test-commands.sh @@ -271,6 +271,42 @@ if [[ $IS_ACTIVE_CLUSTER_OPENSHIFT != "false" ]]; then oc get clusterversion version -o yaml || true fi +# Debug wait with timeout (default 3 hours) - placed AFTER cluster is ready +DEBUG_WAIT_TIMEOUT="${DEBUG_WAIT_TIMEOUT:-10800}" +echo "==========================================" +echo "DEBUG WAIT ACTIVE - Cluster ready for debugging" +echo "==========================================" +echo "Cluster is fully provisioned and ready!" +echo "Timeout: ${DEBUG_WAIT_TIMEOUT} seconds ($(($DEBUG_WAIT_TIMEOUT / 3600)) hours)" +echo "" +echo "To access the cluster:" +echo " 1. Find this pod in Prow job logs" +echo " 2. oc rsh -n test-credentials " +echo " 3. export KUBECONFIG=\${SHARED_DIR}/kubeconfig" +echo " 4. oc get nodes" +echo "" +echo "To continue tests, create the signal file:" +echo " touch /tmp/continue" +echo "==========================================" + +elapsed=0 +while [ ! -f "/tmp/continue" ] && [ $elapsed -lt $DEBUG_WAIT_TIMEOUT ] +do + sleep 10 + elapsed=$((elapsed + 10)) + if [ $((elapsed % 300)) -eq 0 ]; then + hours=$((elapsed / 3600)) + minutes=$(((elapsed % 3600) / 60)) + echo "Debug wait: ${hours}h ${minutes}m elapsed (${elapsed}s / ${DEBUG_WAIT_TIMEOUT}s)..." + fi +done + +if [ -f "/tmp/continue" ]; then + echo "Continue signal received. Proceeding with tests..." +else + echo "Debug wait timeout reached after $(($DEBUG_WAIT_TIMEOUT / 3600)) hours. Proceeding with tests..." +fi + function remove_kubeadmin_user() { if [[ "$KUBEADMIN_REMOVED" == "true" ]]; then ret_delete_admin=0