Skip to content

Commit

Permalink
feat: Updated kubevirtci s390x jobs to use GCS REST API
Browse files Browse the repository at this point in the history
As gsutils or glcoud cli aren't supported on s390x arch, using REST APIs to do file operations from s390x.

Signed-off-by: chandramerla <[email protected]>
  • Loading branch information
chandramerla committed Sep 10, 2024
1 parent 5c0f5c3 commit a9e54df
Show file tree
Hide file tree
Showing 4 changed files with 147 additions and 10 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -139,7 +139,6 @@ periodics:
SHORT_SHA=$(git rev-parse --short HEAD) &&
image_tag=$(cat cluster-provision/k8s/base-image | cut -d ':' -f 2) &&
echo "$image_tag" > amd64-centos9-$SHORT_SHA &&
#TODO: replace with methods which work on s390x as gsutil not supported for s390x.
gsutil cp ./amd64-centos9-$SHORT_SHA gs://kubevirt-prow/release/kubevirt/kubevirtci/amd64-centos9-$SHORT_SHA
# docker-in-docker needs privileged mode
env:
Expand Down Expand Up @@ -185,18 +184,19 @@ periodics:
- >
# For getting centos image tag from amd64 prow job and use same for xs390x and manifest-list images
SHORT_SHA=$(git rev-parse --short HEAD) &&
GCS_FILE_PATH=gs://kubevirt-prow/release/kubevirt/kubevirtci/amd64-centos9-$SHORT_SHA &&
GCS_FILE_PATH=release/kubevirt/kubevirtci/amd64-centos9-$SHORT_SHA &&
CHECK_INTERVAL=30 &&
source /usr/local/bin/gcs_restapi.sh &&
while true; do
if gsutil -q stat "$GCS_FILE_PATH"; then
if stat_gcs_file kubevirt-prow "$GCS_FILE_PATH"; then
echo "File $GCS_FILE_PATH is now available."
break
else
echo "File $GCS_FILE_PATH not found. Checking again in $CHECK_INTERVAL seconds."
sleep $CHECK_INTERVAL
fi
done &&
export KUBEVIRTCI_TAG=$(gsutil cat "$GCS_FILE_PATH") || echo "Failed to fetch KUBEVIRTCI_TAG" &&
export KUBEVIRTCI_TAG=$(cat_gcs_file kubevirt-prow "$GCS_FILE_PATH") || { echo "Failed to fetch KUBEVIRTCI_TAG"; exit 1; } &&
echo "Fetched KUBEVIRTCI_TAG: $KUBEVIRTCI_TAG" &&
cat $QUAY_PASSWORD | podman login --username $(<$QUAY_USER) --password-stdin quay.io &&
./hack/bump-centos-version.sh &&
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -99,22 +99,24 @@ postsubmits:
- >
cat $QUAY_PASSWORD | podman login --username $(<$QUAY_USER) --password-stdin quay.io &&
SHORT_SHA=$(git rev-parse --short HEAD) &&
GCS_FILE_PATH=gs://kubevirt-prow/release/kubevirt/kubevirtci/amd64-$SHORT_SHA &&
GCS_FILE_PATH=release/kubevirt/kubevirtci/amd64-$SHORT_SHA &&
source /usr/local/bin/gcs_restapi.sh
CHECK_INTERVAL=30 &&
while true; do
if gsutil -q stat "$GCS_FILE_PATH"; then
if stat_gcs_file kubevirt-prow "$GCS_FILE_PATH"; then
echo "File $GCS_FILE_PATH is now available."
break
else
echo "File $GCS_FILE_PATH not found. Checking again in $CHECK_INTERVAL seconds."
sleep $CHECK_INTERVAL
fi
done &&
export KUBEVIRTCI_TAG=$(gsutil cat "$GCS_FILE_PATH") &&
export KUBEVIRTCI_TAG=$(cat_gcs_file kubevirt-prow "$GCS_FILE_PATH") || { echo "Failed to fetch KUBEVIRTCI_TAG"; exit 1; } &&
echo "Fetched KUBEVIRTCI_TAG: $KUBEVIRTCI_TAG" &&
./publish.sh &&
echo "$(git tag --points-at HEAD | head -1)" > latest &&
gsutil cp ./latest gs://kubevirt-prow/release/kubevirt/kubevirtci/latest
gsutil rm "$GCS_FILE_PATH"
upload_to_gcs ./latest kubevirt-prow release/kubevirt/kubevirtci/latest
rm_gcs_file kubevirt-prow "$GCS_FILE_PATH"
# docker-in-docker needs privileged mode
env:
- name: GIMME_GO_VERSION
Expand Down
3 changes: 2 additions & 1 deletion images/bootstrap/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,7 @@ RUN dnf install -y \
qemu-user-static \
bind-utils \
wget \
openssl \
python3-jinja2 &&\
dnf -y clean all

Expand Down Expand Up @@ -121,7 +122,7 @@ RUN git config --global --add safe.directory '*'
# env PODMAN_IN_CONTAINER_ENABLED is set and similarly responsible for generating

# .bazelrc files if bazel remote caching is enabled
COPY ["entrypoint.sh", "runner.sh", "create_bazel_cache_rcs.sh", \
COPY ["entrypoint.sh", "gcs_restapi.sh", "runner.sh", "create_bazel_cache_rcs.sh", \
"/usr/local/bin/"]

ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
134 changes: 134 additions & 0 deletions images/bootstrap/gcs_restapi.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,134 @@
#!/usr/bin/env bash
# Copyright 2018 The Kubernetes Authors.
# Copyright 2021 The KubeVirt Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# Function to get access token
get_access_token() {
local sa_email=$(jq -r '.client_email' "$GOOGLE_APPLICATION_CREDENTIALS")
local sa_key=$(jq -r '.private_key' "$GOOGLE_APPLICATION_CREDENTIALS")
local jwt_header=$(echo -n '{"alg":"RS256","typ":"JWT"}' | base64 -w 0 | tr '+/' '-_' | tr -d '=')
local jwt_claim=$(echo -n '{"iss":"'$sa_email'","scope":"https://www.googleapis.com/auth/cloud-platform","aud":"https://oauth2.googleapis.com/token","exp":'$(($(date +%s) + 3600))',"iat":'$(date +%s)'}' | base64 -w 0 | tr '+/' '-_' | tr -d '=')
local jwt_signature=$(echo -n "$jwt_header.$jwt_claim" | openssl dgst -binary -sha256 -sign <(echo "$sa_key") | base64 -w 0 | tr '+/' '-_' | tr -d '=')
local jwt="$jwt_header.$jwt_claim.$jwt_signature"

local response=$(curl -s -X POST https://oauth2.googleapis.com/token \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&assertion=$jwt")

echo $(echo "$response" | jq -r '.access_token')
}

# Function to validate GOOGLE_APPLICATION_CREDENTIALS and obtain an access token
get_access_token_or_exit() {
if [ -z "${GOOGLE_APPLICATION_CREDENTIALS}" ]; then
echo "GOOGLE_APPLICATION_CREDENTIALS is not set. Please set it to the path of your service account key file."
exit 1
fi

access_token=$(get_access_token)
if [ -z "$access_token" ]; then
echo "Failed to obtain access token. Check your service account key file."
exit 1
fi
}

urlencode_path() {
local path="$1"
echo "$path" | sed 's/\//%2F/g'
}

# Function to upload a file to Google Cloud Storage
upload_to_gcs() {
local source_file="$1"
local bucket_name="$2"
local destination_blob=$(urlencode_path "$3")
local content_type="application/octet-stream"

get_access_token_or_exit

upload_response=$(curl -X POST \
--data-binary @"$source_file" \
-H "Authorization: Bearer $access_token" \
-H "Content-Type: $content_type" \
"https://storage.googleapis.com/upload/storage/v1/b/$bucket_name/o?uploadType=media&name=$destination_blob")

if echo "$upload_response" | jq -e '.name' > /dev/null; then
echo "File $source_file uploaded successfully as $destination_blob"
return 0
else
echo "Upload failed. Response:"
echo "$upload_response" | jq '.'
return 1
fi
}

# Function to check if a file exists in GCS
stat_gcs_file() {
local bucket_name="$1"
local gcs_file_path=$(urlencode_path "$2")

get_access_token_or_exit

stat_response=$(curl -s -X GET \
-H "Authorization: Bearer $access_token" \
"https://storage.googleapis.com/storage/v1/b/$bucket_name/o/$gcs_file_path")

if echo "$stat_response" | jq -e '.error' > /dev/null; then
return 1
else
return 0
fi
}

# Function to read the content of a file from GCS
cat_gcs_file() {
local bucket_name="$1"
local gcs_file_path=$(urlencode_path "$2")

get_access_token_or_exit

file_content=$(curl -s -X GET \
-H "Authorization: Bearer $access_token" \
"https://storage.googleapis.com/storage/v1/b/$bucket_name/o/$gcs_file_path?alt=media")

if [ -z "$file_content" ]; then
echo "Error: No content received"
return 1
else
echo "$file_content"
return 0
fi
}

# Function to delete a file from GCS
rm_gcs_file() {
local bucket_name="$1"
local gcs_file_path=$(urlencode_path "$2")

get_access_token_or_exit

delete_response=$(curl -s -X DELETE \
-H "Authorization: Bearer $access_token" \
"https://storage.googleapis.com/storage/v1/b/$bucket_name/o/$gcs_file_path")

if [ -z "$delete_response" ]; then
echo "File $gcs_file_path deleted successfully."
return 0
else
echo "Failed to delete file. Response:"
echo "$delete_response" | jq '.'
return 1
fi
}

0 comments on commit a9e54df

Please sign in to comment.