From 468b6cd67daa5dd3138c7b1d34d6fad419ac668d Mon Sep 17 00:00:00 2001 From: Niels de Vos Date: Thu, 26 Nov 2020 17:04:01 +0100 Subject: [PATCH] ci: pull images from local registry directly The mirror option of the Docker Registry container is very limited and prevents updating or manually pushing images to the registry. Instead, it tries to push the images to the docker.io, which is not what we need. Signed-off-by: Niels de Vos --- containerized-tests.groovy | 24 ++++++++++++++---------- mini-e2e-helm.groovy | 22 +++++++++++++--------- mini-e2e.groovy | 22 +++++++++++++--------- upgrade-tests.groovy | 22 +++++++++++++--------- 4 files changed, 53 insertions(+), 37 deletions(-) diff --git a/containerized-tests.groovy b/containerized-tests.groovy index e816ec29f..619139fc1 100644 --- a/containerized-tests.groovy +++ b/containerized-tests.groovy @@ -19,11 +19,15 @@ def ssh(cmd) { def podman_login(registry, username, passwd) { ssh "podman login --authfile=~/.podman-auth.json --username=${username} --password='${passwd}' ${registry}" - ssh 'cp container-registry.conf /etc/containers/registries.conf' } -def podman_pull(registry, image) { - ssh "podman pull --authfile=~/.podman-auth.json ${registry}/${image} && podman tag ${registry}/${image} ${image}" +// podman_pull pulls image from the source (CI internal) registry, and tags it +// as unqualified image name and into the destination registry. This prevents +// pulling from the destination registry. +// +// Images need to be pre-pushed into the source registry, though. +def podman_pull(source, destination, image) { + ssh "podman pull --authfile=~/.podman-auth.json ${source}/${image} && podman tag ${source}/${image} ${image} ${destination}/${image}" } node('cico-workspace') { @@ -75,7 +79,7 @@ node('cico-workspace') { try { stage('prepare bare-metal machine') { - sh 'scp -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no ./prepare.sh container-registry.conf root@${CICO_NODE}:' + sh 'scp -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no ./prepare.sh root@${CICO_NODE}:' // TODO: already checked out the PR on the node, scp the contents? ssh "./prepare.sh --workdir=${workdir} --gitrepo=${git_repo} --ref=${ref}" } @@ -107,7 +111,7 @@ node('cico-workspace') { return } - podman_pull(ci_registry, "${cached_image}:test") + podman_pull(ci_registry, ci_registry, "${cached_image}:test") } }, devel: { @@ -118,7 +122,7 @@ node('cico-workspace') { return } - podman_pull(ci_registry, "${cached_image}:devel") + podman_pull(ci_registry, ci_registry, "${cached_image}:devel") } }, ceph: { @@ -129,24 +133,24 @@ node('cico-workspace') { ).trim() // base_image is like ceph/ceph:v15 - podman_pull("docker.io", "${base_image}") + podman_pull(ci_registry, "docker.io", "${base_image}") } } } stage('test & build') { parallel test: { node ('cico-workspace') { - ssh "cd /opt/build/go/src/github.com/ceph/ceph-csi && make containerized-test CONTAINER_CMD=podman ENV_CSI_IMAGE_NAME=${cached_image} ${use_test_image}" + ssh "cd /opt/build/go/src/github.com/ceph/ceph-csi && make containerized-test CONTAINER_CMD=podman ENV_CSI_IMAGE_NAME=${ci_registry}/${cached_image} ${use_test_image}" } }, verify: { node ('cico-workspace') { - ssh "cd /opt/build/go/src/github.com/ceph/ceph-csi && make containerized-test TARGET=mod-check CONTAINER_CMD=podman ENV_CSI_IMAGE_NAME=${cached_image} ${use_test_image}" + ssh "cd /opt/build/go/src/github.com/ceph/ceph-csi && make containerized-test TARGET=mod-check CONTAINER_CMD=podman ENV_CSI_IMAGE_NAME=${ci_registry}/${cached_image} ${use_test_image}" } }, build: { node('cico-workspace') { - ssh "cd /opt/build/go/src/github.com/ceph/ceph-csi && make containerized-build CONTAINER_CMD=podman ENV_CSI_IMAGE_NAME=${cached_image} ${use_build_image}" + ssh "cd /opt/build/go/src/github.com/ceph/ceph-csi && make containerized-build CONTAINER_CMD=podman ENV_CSI_IMAGE_NAME=${ci_registry}/${cached_image} ${use_build_image}" } } } diff --git a/mini-e2e-helm.groovy b/mini-e2e-helm.groovy index 2c298797b..e7368d2da 100644 --- a/mini-e2e-helm.groovy +++ b/mini-e2e-helm.groovy @@ -19,11 +19,15 @@ def ssh(cmd) { def podman_login(registry, username, passwd) { ssh "podman login --authfile=~/.podman-auth.json --username=${username} --password='${passwd}' ${registry}" - ssh 'cp container-registry.conf /etc/containers/registries.conf' } -def podman_pull(registry, image) { - ssh "podman pull --authfile=~/.podman-auth.json ${registry}/${image} && podman tag ${registry}/${image} ${image}" +// podman_pull pulls image from the source (CI internal) registry, and tags it +// as unqualified image name and into the destination registry. This prevents +// pulling from the destination registry. +// +// Images need to be pre-pushed into the source registry, though. +def podman_pull(source, destination, image) { + ssh "podman pull --authfile=~/.podman-auth.json ${source}/${image} && podman tag ${source}/${image} ${image} ${destination}/${image}" } node('cico-workspace') { @@ -104,7 +108,7 @@ node('cico-workspace') { if (params.ghprbPullId != null) { ref = "pull/${ghprbPullId}/merge" } - sh 'scp -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no ./prepare.sh ./single-node-k8s.sh ./podman2minikube.sh container-registry.conf root@${CICO_NODE}:' + sh 'scp -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no ./prepare.sh ./single-node-k8s.sh ./podman2minikube.sh root@${CICO_NODE}:' ssh "./prepare.sh --workdir=/opt/build/go/src/github.com/ceph/ceph-csi --gitrepo=${git_repo} --ref=${ref}" } stage('pull base container images') { @@ -118,9 +122,9 @@ node('cico-workspace') { } // base_image is like ceph/ceph:v15 - podman_pull("docker.io", "${base_image}") + podman_pull(ci_registry, "docker.io", "${base_image}") // cephcsi:devel is used with 'make containerized-build' - podman_pull(ci_registry, "ceph-csi:devel") + podman_pull(ci_registry, ci_registry, "ceph-csi:devel") } stage('build artifacts') { // build container image @@ -136,7 +140,7 @@ node('cico-workspace') { if (rook_version != '') { // single-node-k8s.sh pushes the image into minikube - podman_pull("docker.io", "rook/ceph:${rook_version}") + podman_pull(ci_registry, "docker.io", "rook/ceph:${rook_version}") } timeout(time: 30, unit: 'MINUTES') { @@ -144,9 +148,9 @@ node('cico-workspace') { } // vault:latest and nginx:latest are used by the e2e tests - podman_pull("docker.io", "library/vault:latest") + podman_pull(ci_registry, "docker.io", "library/vault:latest") ssh "./podman2minikube.sh docker.io/library/vault:latest" - podman_pull("docker.io", "library/nginx:latest") + podman_pull(ci_registry, "docker.io", "library/nginx:latest") ssh "./podman2minikube.sh docker.io/library/nginx:latest" } stage('deploy ceph-csi through helm') { diff --git a/mini-e2e.groovy b/mini-e2e.groovy index 1816aa253..1652792ac 100644 --- a/mini-e2e.groovy +++ b/mini-e2e.groovy @@ -16,11 +16,15 @@ def ssh(cmd) { def podman_login(registry, username, passwd) { ssh "podman login --authfile=~/.podman-auth.json --username=${username} --password='${passwd}' ${registry}" - ssh 'cp container-registry.conf /etc/containers/registries.conf' } -def podman_pull(registry, image) { - ssh "podman pull --authfile=~/.podman-auth.json ${registry}/${image} && podman tag ${registry}/${image} ${image}" +// podman_pull pulls image from the source (CI internal) registry, and tags it +// as unqualified image name and into the destination registry. This prevents +// pulling from the destination registry. +// +// Images need to be pre-pushed into the source registry, though. +def podman_pull(source, destination, image) { + ssh "podman pull --authfile=~/.podman-auth.json ${source}/${image} && podman tag ${source}/${image} ${image} ${destination}/${image}" } node('cico-workspace') { @@ -101,7 +105,7 @@ node('cico-workspace') { if (params.ghprbPullId != null) { ref = "pull/${ghprbPullId}/merge" } - sh 'scp -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no ./prepare.sh ./single-node-k8s.sh ./podman2minikube.sh container-registry.conf root@${CICO_NODE}:' + sh 'scp -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no ./prepare.sh ./single-node-k8s.sh ./podman2minikube.sh root@${CICO_NODE}:' ssh "./prepare.sh --workdir=/opt/build/go/src/github.com/ceph/ceph-csi --gitrepo=${git_repo} --ref=${ref}" } stage('pull base container images') { @@ -115,9 +119,9 @@ node('cico-workspace') { } // base_image is like ceph/ceph:v15 - podman_pull("docker.io", "${base_image}") + podman_pull(ci_registry, "docker.io", "${base_image}") // cephcsi:devel is used with 'make containerized-build' - podman_pull(ci_registry, "ceph-csi:devel") + podman_pull(ci_registry, ci_registry, "ceph-csi:devel") } stage('build artifacts') { // build container image @@ -133,7 +137,7 @@ node('cico-workspace') { if (rook_version != '') { // single-node-k8s.sh pushes the image into minikube - podman_pull("docker.io", "rook/ceph:${rook_version}") + podman_pull(ci_registry, "docker.io", "rook/ceph:${rook_version}") } timeout(time: 30, unit: 'MINUTES') { @@ -141,9 +145,9 @@ node('cico-workspace') { } // vault:latest and nginx:latest are used by the e2e tests - podman_pull("docker.io", "library/vault:latest") + podman_pull(ci_registry, "docker.io", "library/vault:latest") ssh "./podman2minikube.sh docker.io/library/vault:latest" - podman_pull("docker.io", "library/nginx:latest") + podman_pull(ci_registry, "docker.io", "library/nginx:latest") ssh "./podman2minikube.sh docker.io/library/nginx:latest" } stage('run e2e') { diff --git a/upgrade-tests.groovy b/upgrade-tests.groovy index b7d08b773..bc3ddbc76 100644 --- a/upgrade-tests.groovy +++ b/upgrade-tests.groovy @@ -16,11 +16,15 @@ def ssh(cmd) { def podman_login(registry, username, passwd) { ssh "podman login --authfile=~/.podman-auth.json --username=${username} --password='${passwd}' ${registry}" - ssh 'cp container-registry.conf /etc/containers/registries.conf' } -def podman_pull(registry, image) { - ssh "podman pull --authfile=~/.podman-auth.json ${registry}/${image} && podman tag ${registry}/${image} ${image}" +// podman_pull pulls image from the source (CI internal) registry, and tags it +// as unqualified image name and into the destination registry. This prevents +// pulling from the destination registry. +// +// Images need to be pre-pushed into the source registry, though. +def podman_pull(source, destination, image) { + ssh "podman pull --authfile=~/.podman-auth.json ${source}/${image} && podman tag ${source}/${image} ${image} ${destination}/${image}" } node('cico-workspace') { @@ -101,7 +105,7 @@ node('cico-workspace') { if (params.ghprbPullId != null) { ref = "pull/${ghprbPullId}/merge" } - sh 'scp -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no ./prepare.sh ./single-node-k8s.sh ./podman2minikube.sh container-registry.conf root@${CICO_NODE}:' + sh 'scp -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no ./prepare.sh ./single-node-k8s.sh ./podman2minikube.sh root@${CICO_NODE}:' ssh "./prepare.sh --workdir=/opt/build/go/src/github.com/ceph/ceph-csi --gitrepo=${git_repo} --ref=${ref}" } stage('pull base container images') { @@ -115,9 +119,9 @@ node('cico-workspace') { } // base_image is like ceph/ceph:v15 - podman_pull("docker.io", "${base_image}") + podman_pull(ci_registry, "docker.io", "${base_image}") // cephcsi:devel is used with 'make containerized-build' - podman_pull(ci_registry, "ceph-csi:devel") + podman_pull(ci_registry, ci_registry, "ceph-csi:devel") } stage('build artifacts') { // build container image @@ -133,7 +137,7 @@ node('cico-workspace') { if (rook_version != '') { // single-node-k8s.sh pushes the image into minikube - podman_pull("docker.io", "rook/ceph:${rook_version}") + podman_pull(ci_registry, "docker.io", "rook/ceph:${rook_version}") } timeout(time: 30, unit: 'MINUTES') { @@ -141,9 +145,9 @@ node('cico-workspace') { } // vault:latest and nginx:latest are used by the e2e tests - podman_pull("docker.io", "library/vault:latest") + podman_pull(ci_registry, "docker.io", "library/vault:latest") ssh "./podman2minikube.sh docker.io/library/vault:latest" - podman_pull("docker.io", "library/nginx:latest") + podman_pull(ci_registry, "docker.io", "library/nginx:latest") ssh "./podman2minikube.sh docker.io/library/nginx:latest" } stage("run ${test_type} upgrade tests") {