github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-07-31 07:19:06 +00:00
Code Issues Projects Releases Wiki Activity

ci.ocp: Retry first az command as login takes time to propagate

Browse Source 
In CI we hit problem where just after `az login` the first `az
network vnet list` command fails due to permission. We see
"insufficient permissions" or "pending permissions", suggesting we should
retry later. Manual tests and successful runs indicate we do have the
permissions, but not immediately after login.

Azure docs suggest using extra `az account set` but still the
propagation might take some time. Add a loop retrying
the first command a few times before declaring failure.

Signed-off-by: Lukáš Doktor <ldoktor@redhat.com>
This commit is contained in:
Lukáš Doktor 2025-05-13 09:29:01 +02:00
parent c203d7eba6
commit 0e4fb62bb4
No known key found for this signature in database
GPG Key ID: 26B362E47FCF22C1
1 changed files with 15 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
ci/openshift-ci/peer-pods-azure.sh
View File

@ -32,8 +32,21 @@ AZURE_SUBSCRIPTION_ID="$(jq -r .data.azure_subscription_id azure_credentials.jso
rm -f azure_credentials.json
AZURE_RESOURCE_GROUP=$(oc get infrastructure/cluster -o jsonpath='{.status.platformStatus.azure.resourceGroupName}')
az login --service-principal -u "${AZURE_CLIENT_ID}" -p "${AZURE_CLIENT_SECRET}" --tenant "${AZURE_TENANT_ID}"
AZURE_VNET_NAME=$(az network vnet list --resource-group "${AZURE_RESOURCE_GROUP}" --query "[].{Name:name}" --output tsv)
# Recommended on az sites to refresh the subscription
az account set --subscription "${AZURE_SUBSCRIPTION_ID}"
# This command still sometimes fails directly after login
for I in {1..30}; do
AZURE_VNET_NAME=$(az network vnet list --resource-group "${AZURE_RESOURCE_GROUP}" --query "[].{Name:name}" --output tsv ||:)
if [[ -z "${AZURE_VNET_NAME}" ]]; then
sleep "${I}"
else # VNET set, we are done
break
fi
done
if [[ -z "${AZURE_VNET_NAME}" ]]; then
echo "Failed to get AZURE_VNET_NAME in 30 iterations"
exit 1
fi
AZURE_SUBNET_NAME=$(az network vnet subnet list --resource-group "${AZURE_RESOURCE_GROUP}" --vnet-name "${AZURE_VNET_NAME}" --query "[].{Id:name} | [? contains(Id, 'worker')]" --output tsv)
AZURE_SUBNET_ID=$(az network vnet subnet list --resource-group "${AZURE_RESOURCE_GROUP}" --vnet-name "${AZURE_VNET_NAME}" --query "[].{Id:id} | [? contains(Id, 'worker')]" --output tsv)
AZURE_REGION=$(az group show --resource-group "${AZURE_RESOURCE_GROUP}" --query "{Location:location}" --output tsv)