diff --git a/ci/openshift-ci/peer-pods-azure.sh b/ci/openshift-ci/peer-pods-azure.sh old mode 100644 new mode 100755 index 40bf583a8d..8177db609f --- a/ci/openshift-ci/peer-pods-azure.sh +++ b/ci/openshift-ci/peer-pods-azure.sh @@ -1,10 +1,17 @@ #!/bin/bash -e +# +# Copyright (c) 2025 Red Hat, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# # Setup peer-pods using cloud-api-adaptor on azure # # WARNING: When running outside "eastus" region this script creates a new # resource group in "eastus" region and peers the network. You # have to remove these manually (or use temporary accounts) +SCRIPT_DIR=$(dirname "$0") + ############################### # Disable security to allow e2e ############################### @@ -27,8 +34,21 @@ AZURE_SUBSCRIPTION_ID="$(jq -r .data.azure_subscription_id azure_credentials.jso rm -f azure_credentials.json AZURE_RESOURCE_GROUP=$(oc get infrastructure/cluster -o jsonpath='{.status.platformStatus.azure.resourceGroupName}') az login --service-principal -u "${AZURE_CLIENT_ID}" -p "${AZURE_CLIENT_SECRET}" --tenant "${AZURE_TENANT_ID}" - -AZURE_VNET_NAME=$(az network vnet list --resource-group "${AZURE_RESOURCE_GROUP}" --query "[].{Name:name}" --output tsv) +# Recommended on az sites to refresh the subscription +az account set --subscription "${AZURE_SUBSCRIPTION_ID}" +# This command still sometimes fails directly after login +for I in {1..30}; do + AZURE_VNET_NAME=$(az network vnet list --resource-group "${AZURE_RESOURCE_GROUP}" --query "[].{Name:name}" --output tsv ||:) + if [[ -z "${AZURE_VNET_NAME}" ]]; then + sleep "${I}" + else # VNET set, we are done + break + fi +done +if [[ -z "${AZURE_VNET_NAME}" ]]; then + echo "Failed to get AZURE_VNET_NAME in 30 iterations" + exit 1 +fi AZURE_SUBNET_NAME=$(az network vnet subnet list --resource-group "${AZURE_RESOURCE_GROUP}" --vnet-name "${AZURE_VNET_NAME}" --query "[].{Id:name} | [? contains(Id, 'worker')]" --output tsv) AZURE_SUBNET_ID=$(az network vnet subnet list --resource-group "${AZURE_RESOURCE_GROUP}" --vnet-name "${AZURE_VNET_NAME}" --query "[].{Id:id} | [? contains(Id, 'worker')]" --output tsv) AZURE_REGION=$(az group show --resource-group "${AZURE_RESOURCE_GROUP}" --query "{Location:location}" --output tsv) @@ -46,16 +66,19 @@ USER_ASSIGNED_CLIENT_ID="$(az identity show --resource-group "${AZURE_RESOURCE_G PP_REGION=eastus if [[ "${AZURE_REGION}" == "${PP_REGION}" ]]; then echo "Using the current region ${AZURE_REGION}" + PEERING=0 PP_RESOURCE_GROUP="${AZURE_RESOURCE_GROUP}" PP_VNET_NAME="${AZURE_VNET_NAME}" PP_SUBNET_NAME="${AZURE_SUBNET_NAME}" PP_SUBNET_ID="${AZURE_SUBNET_ID}" else echo "Creating peering between ${AZURE_REGION} and ${PP_REGION}" + PEERING=1 PP_RESOURCE_GROUP="${AZURE_RESOURCE_GROUP}-eastus" PP_VNET_NAME="${AZURE_VNET_NAME}-eastus" PP_SUBNET_NAME="${AZURE_SUBNET_NAME}-eastus" PP_NSG_NAME="${AZURE_VNET_NAME}-nsg-eastus" + echo " creating new PP_RESOURCE_GROUP=${PP_RESOURCE_GROUP}" az group create --name "${PP_RESOURCE_GROUP}" --location "${PP_REGION}" az network vnet create --resource-group "${PP_RESOURCE_GROUP}" --name "${PP_VNET_NAME}" --location "${PP_REGION}" --address-prefixes 10.2.0.0/16 --subnet-name "${PP_SUBNET_NAME}" --subnet-prefixes 10.2.1.0/24 az network nsg create --resource-group "${PP_RESOURCE_GROUP}" --name "${PP_NSG_NAME}" --location "${PP_REGION}" @@ -210,8 +233,22 @@ done; exit 1 ) || { echo "kata-remote runtimeclass not initialized in 60s"; kube ################ # Deploy webhook ################ -pushd ci/openshift-ci/cluster/ +pushd "${SCRIPT_DIR}/cluster/" kubectl create ns default || true kubectl config set-context --current --namespace=default KATA_RUNTIME=kata-remote ./deploy_webhook.sh popd + + +################################## +# Log warning when peering created +################################## +if [[ ${PEERING} -ne 0 ]]; then + echo "This script created additional resources to create peering between ${AZURE_REGION} and ${PP_REGION}. Ensure you release those resources after the testing (or use temporary subscription)" + PP_VARS=("PP_RESOURCE_GROUP" "PP_VNET_NAME" "PP_SUBNET_NAME" "PP_NSG_NAME" "AZURE_VNET_ID" "PP_VNET_ID" "PP_SUBNET_ID") + for PP_VAR in "${PP_VARS[@]}"; do + echo "${PP_VAR}=${!PP_VAR}" + done + echo + echo "by running 'az group delete --name ${PP_RESOURCE_GROUP}'" +fi