Skip to content

Commit

Permalink
bots: Fix openshift image build
Browse files Browse the repository at this point in the history
 - Drop kubevirt for now. It has been broken for many months now (cockpit-project#9479,
   cockpit-project#9638), and we must rebuild openshift to finally unbreak our cockpit/ws
   container (cockpit-project#9941). kubevirt tests continue to run on the
   openshift-prerelease image.

 - Move image to fedora-28, so that we can move cockpit/ws and
   cockpit/base to fedora-28.

 - Drop workaround for openshift/origin#18715,
   the fix is in latest OpenShift 3.9.0 now.

Fixes cockpit-project#9479
Closes cockpit-project#9975
  • Loading branch information
martinpitt committed Sep 4, 2018
1 parent 549a630 commit c85a143
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 23 deletions.
2 changes: 1 addition & 1 deletion bots/images/scripts/openshift.bootstrap
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
#! /bin/bash

BASE=$(dirname $0)
BOOTSTRAP_VOLUME_SIZE="20G" $BASE/virt-builder-fedora "$1" fedora-27 x86_64
BOOTSTRAP_VOLUME_SIZE="20G" $BASE/virt-builder-fedora "$1" fedora-28 x86_64
29 changes: 7 additions & 22 deletions bots/images/scripts/openshift.setup
Original file line number Diff line number Diff line change
Expand Up @@ -150,24 +150,6 @@ rm -r /tmp/registry
cp /openshift.local.config/master/ca.crt /etc/pki/ca-trust/source/anchors/openshift-ca.crt
update-ca-trust extract

# HACK: Work around GnuTLS (client-side) or Go TLS (server-side) bug with
# multiple O= RDNs; if it's in the "wrong" order, create a new admin
# certificate that swaps it around
# See https://github.com/openshift/origin/issues/18715
if openssl x509 -in /openshift.local.config/master/admin.crt -text | grep -q 'Subject:.*system:cluster-admins.*system:masters'; then
echo "Regenerating admin certificate to work around https://github.com/openshift/origin/issues/18715"
pushd /openshift.local.config/master/
mv admin.key admin.key.orig
mv admin.crt admin.crt.orig
mv admin.kubeconfig admin.kubeconfig.orig
openssl genrsa -out admin.key 2048
openssl req -new -nodes -key admin.key -out admin.csr -subj '/O=system:masters/O=system:cluster-admins/CN=system:admin'
openssl x509 -req -in admin.csr -CA ca.crt -CAkey ca.key -CAcreateserial -days 730 -out admin.crt
rm admin.csr
oc adm create-kubeconfig --certificate-authority=ca.crt --client-certificate=admin.crt --client-key=admin.key --master="https://10.111.112.101:8443" --kubeconfig=admin.kubeconfig
popd
fi

mkdir -p /root/.kube
cp /openshift.local.config/master/admin.kubeconfig /root/.kube/config

Expand Down Expand Up @@ -304,11 +286,14 @@ printf 'AuthorizedKeysCommand /usr/local/bin/authorized-kube-keys --kubeconfig=/
# Pull down remaining images
/var/lib/testvm/docker-images.setup

# Prepare Kubevirt for later installation
/var/lib/testvm/kubevirt.setup
# kubevirt is currently uninstallable: https://github.com/cockpit-project/cockpit/pull/9638
if [ -n "$PRERELEASE" ]; then
# Prepare Kubevirt for later installation
/var/lib/testvm/kubevirt.setup

# use the pristine kube config; kubevirt.setup changes it
cp /openshift.local.config/master/admin.kubeconfig /root/.kube/config
# use the pristine kube config; kubevirt.setup changes it
cp /openshift.local.config/master/admin.kubeconfig /root/.kube/config
fi

dnf install -y cockpit-system

Expand Down

0 comments on commit c85a143

Please sign in to comment.