Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

mantle/ore: gcp: add image family support, add deprecate image functionality #1319

Merged
merged 7 commits into from
Apr 7, 2020
Merged

mantle/ore: gcp: add image family support, add deprecate image functionality #1319

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
9a323e5
cosalib/gcp: add ability to pass through --fcos arg to ore
dustymabe Apr 5, 2020
53b7650
mantle: Add ability to specify Image Family for GCP uploads
dustymabe Apr 5, 2020
0c1f910
mantle/api: gcloud: don't mutate Image arg if not provided
dustymabe Apr 6, 2020
25e7f8c
mantle/ore: add ore gcloud deprecate-image
dustymabe Apr 6, 2020
1a3f913
mantle/ore: glcoud: gofmt -w mantle/cmd/ore/gcloud/upload.go
dustymabe Apr 6, 2020
0f7ada4
cosalib/gcp: make call to ore pass through provided bucket argument
dustymabe Apr 7, 2020
389213a
cosalib/gcp: add compat code for callers providing --bucket gs://*
dustymabe Apr 7, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
74 changes: 74 additions & 0 deletions mantle/cmd/ore/gcloud/deprecate-image.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
// Copyright 2020 Red Hat
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package gcloud

import (
"fmt"

"github.com/coreos/mantle/platform/api/gcloud"
"github.com/spf13/cobra"
)

var (
cmdDeprecateImage = &cobra.Command{
Use: "deprecate-image --image=ImageName [--state=DeprecationState] [--replacement=Replacement]",
Short: "Deprecate GCP image",
Long: "Change deprecation status of existing GCP image",
Run: runDeprecateImage,
}

deprecateImageState string
deprecateImageReplacement string
)

func init() {
// note that --image comes from the toplevel options in gcloud.go
cmdDeprecateImage.Flags().StringVar(&deprecateImageState, "state",
string(gcloud.DeprecationStateDeprecated),
fmt.Sprintf("Deprecation state must be one of: %s,%s,%s,%s",
gcloud.DeprecationStateActive,
gcloud.DeprecationStateDeprecated,
gcloud.DeprecationStateObsolete,
gcloud.DeprecationStateDeleted))
cmdDeprecateImage.Flags().StringVar(&deprecateImageReplacement,
"replacement", "", "optional: link to replacement for the deprecated image")
GCloud.AddCommand(cmdDeprecateImage)
}

func runDeprecateImage(cmd *cobra.Command, args []string) {
// Check that the user provided an image
if opts.Image == "" {
plog.Fatal("Must provide an image name via --image")
}

// Check that the deprecation state is a valid one
switch gcloud.DeprecationState(deprecateImageState) {
case gcloud.DeprecationStateActive,
gcloud.DeprecationStateDeprecated,
gcloud.DeprecationStateObsolete,
gcloud.DeprecationStateDeleted:
// Do nothing, state is valid
default:
plog.Fatalf("Specified deprecation state is invalid: %s\n", deprecateImageState)
}

plog.Debugf("Attempting to change GCP image deprecation state of %s to %s\n",
opts.Image, deprecateImageState)
_, err := api.DeprecateImage(opts.Image,
gcloud.DeprecationState(deprecateImageState), deprecateImageReplacement)
if err != nil {
plog.Fatalf("Changing deprecation state of image failed: %v\n", err)
}
}
15 changes: 9 additions & 6 deletions mantle/cmd/ore/gcloud/upload.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,12 +36,13 @@ var (
Run: runUpload,
}

uploadBucket string
uploadImageName string
uploadFile string
uploadFedora bool
uploadForce bool
uploadWriteUrl string
uploadBucket string
uploadImageName string
uploadFile string
uploadFedora bool
uploadForce bool
uploadWriteUrl string
uploadImageFamily string
)

func init() {
Expand All @@ -54,6 +55,7 @@ func init() {
cmdUpload.Flags().BoolVar(&uploadFedora, "fcos", false, "Flag this is Fedora CoreOS (or a derivative); currently enables SECURE_BOOT and UEFI_COMPATIBLE")
cmdUpload.Flags().BoolVar(&uploadForce, "force", false, "overwrite existing GS and GCE images without prompt")
cmdUpload.Flags().StringVar(&uploadWriteUrl, "write-url", "", "output the uploaded URL to the named file")
cmdUpload.Flags().StringVar(&uploadImageFamily, "family", "", "GCP image family to attach image to")
GCloud.AddCommand(cmdUpload)
}

Expand Down Expand Up @@ -128,6 +130,7 @@ func runUpload(cmd *cobra.Command, args []string) {
storageSrc := fmt.Sprintf("https://storage.googleapis.com/%v/%v", uploadBucket, imageNameGS)
_, pending, err := api.CreateImage(&gcloud.ImageSpec{
Name: imageNameGCE,
Family: uploadImageFamily,
SourceImage: storageSrc,
}, uploadForce, uploadFedora)
if err == nil {
Expand Down
14 changes: 8 additions & 6 deletions mantle/platform/api/gcloud/api.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,12 +57,14 @@ func New(opts *Options) (*API, error) {
// If the image name isn't a full api endpoint accept a name beginning
// with "projects/" to specify a different project from the instance.
// Also accept a short name and use instance project.
if strings.HasPrefix(opts.Image, "projects/") {
opts.Image = endpointPrefix + opts.Image
} else if !strings.Contains(opts.Image, "/") {
opts.Image = fmt.Sprintf("%sprojects/%s/global/images/%s", endpointPrefix, opts.Project, opts.Image)
} else if !strings.HasPrefix(opts.Image, endpointPrefix) {
return nil, fmt.Errorf("GCE Image argument must be the full api endpoint, begin with 'projects/', or use the short name")
if opts.Image != "" {
if strings.HasPrefix(opts.Image, "projects/") {
opts.Image = endpointPrefix + opts.Image
} else if !strings.Contains(opts.Image, "/") {
opts.Image = fmt.Sprintf("%sprojects/%s/global/images/%s", endpointPrefix, opts.Project, opts.Image)
} else if !strings.HasPrefix(opts.Image, endpointPrefix) {
return nil, fmt.Errorf("GCE Image argument must be the full api endpoint, begin with 'projects/', or use the short name")
}
}

var (
Expand Down
20 changes: 19 additions & 1 deletion src/cosalib/gcp.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,11 @@ def gcp_run_ore(build, args):
if args.project is None:
raise Exception(arg_exp_str.format("project", "GCP_PROJECT"))

# compat for RHCOS pipeline - remove after cloud-gcp.groovy is updated
# to pass --bucket without prepending `gs://`
if not args.bucket.startswith('gs://'):
args.bucket = f"gs://{args.bucket}"

ore_args = ['ore']
if args.log_level == "DEBUG":
ore_args.extend(['--log-level', "DEBUG"])
Expand All @@ -54,13 +59,18 @@ def gcp_run_ore(build, args):
'--basename', build.build_name,
'upload',
'--force', # We want to support restarting the pipeline
'--bucket', f'gs://{args.bucket}/{build.build_name}',
'--bucket', f'{args.bucket}',
'--json-key', args.json_key,
'--name', gcp_name,
'--file', f"{build.image_path}",
'--write-url', urltmp,
])

if args.fcos:
ore_args.extend(['--fcos'])
if args.family:
ore_args.extend(['--family', args.family])

run_verbose(ore_args)
build.meta['gcp'] = {
'image': gcp_name,
Expand Down Expand Up @@ -98,4 +108,12 @@ def gcp_cli(parser):
parser.add_argument("--project",
help="GCP Project name",
default=os.environ.get("GCP_PROJECT_NAME"))
parser.add_argument("--fcos",
help="""Flag this is Fedora CoreOS (or a derivative);
Currently enables SECURE_BOOT and UEFI_COMPATIBLE""",
action="store_true",
default=False)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why have this be off by default?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See also openshift/installer#2921 which merged.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

assuming we want to have SECURE_BOOT and UEFI_COMPATIBLE everywhere we could just get rid of the flag altogether and bake it in at a lower level.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

though I'd prefer to do this in a follow up if you don't mind.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

assuming we want to have SECURE_BOOT and UEFI_COMPATIBLE everywhere we could just get rid of the flag altogether and bake it in at a lower level.

That's exactly the status quo today, it's baked into ore by default but you went out of the way to explicitly disable it.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nevermind it's off by default, I was wrong.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

follow-up to make SECURE_BOOT and UEFI_COMPATIBLE standard and remove the --fcos option: #1333

parser.add_argument("--family",
help="GCP image family to attach image to",
default=None)
return parser