[DNM] [env_op_images] Add pulled images report to env_op_images role#3820
[DNM] [env_op_images] Add pulled images report to env_op_images role#3820nemarjan wants to merge 2 commits intoopenstack-k8s-operators:mainfrom
Conversation
|
Skipping CI for Draft Pull Request. |
|
Build failed (check pipeline). Post https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/44f99764da904637b15366619bfe386e ✔️ openstack-k8s-operators-content-provider SUCCESS in 2h 31m 41s |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
Cross-references pod images against ICSP/IDMS mirror rules to report which images have a mirror configured and which pull directly from the original registry. Co-authored-by: Cursor <cursor@cursor.com> Signed-off-by: nemarjan <nemarjan@redhat.com>
nemarjan
force-pushed
the
logic-multiple-registries
branch
5 times, most recently
from
2718747 to
5ed5de8
Compare
|
Build failed (check pipeline). Post https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/024650ccc68343159b52144850714fdf ✔️ openstack-k8s-operators-content-provider SUCCESS in 2h 10m 48s |
nemarjan
force-pushed
the
logic-multiple-registries
branch
2 times, most recently
from
4282933 to
5ae5fab
Compare
|
Build failed (check pipeline). Post https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/f3a860921ee749599949a7c159a39ceb ✔️ openstack-k8s-operators-content-provider SUCCESS in 2h 11m 49s |
nemarjan
force-pushed
the
logic-multiple-registries
branch
3 times, most recently
from
c07895d to
80115fd
Compare
|
Build failed (check pipeline). Post https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/554dcc5512254d6a8a0feb15801e1fa1 ✔️ openstack-k8s-operators-content-provider SUCCESS in 2h 17m 05s |
nemarjan
force-pushed
the
logic-multiple-registries
branch
from
80115fd to
4530a09
Compare
|
Build failed (check pipeline). Post https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/93c073f390bc4396a0e93727c8669a15 ✔️ openstack-k8s-operators-content-provider SUCCESS in 2h 16m 30s |
nemarjan
force-pushed
the
logic-multiple-registries
branch
5 times, most recently
from
4bf52d0 to
5449b94
Compare
|
Build failed (check pipeline). Post https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/f2bc5cae3ee1449ea3ee8de2d237c38f ✔️ openstack-k8s-operators-content-provider SUCCESS in 2h 17m 18s |
nemarjan
force-pushed
the
logic-multiple-registries
branch
from
5449b94 to
e4a83cd
Compare
nemarjan
force-pushed
the
logic-multiple-registries
branch
2 times, most recently
from
6390c54 to
334fb7f
Compare
|
Build failed (check pipeline). Post https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/afbaedd8aa234832bd0cf661af1b280a ✔️ openstack-k8s-operators-content-provider SUCCESS in 1h 45m 38s |
nemarjan
force-pushed
the
logic-multiple-registries
branch
from
334fb7f to
b2e0d06
Compare
|
Build failed (check pipeline). Post https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/f5e8239a29ee4f3aad864ac5f1b2a101 ✔️ openstack-k8s-operators-content-provider SUCCESS in 2h 05m 16s |
nemarjan
force-pushed
the
logic-multiple-registries
branch
from
b2e0d06 to
4f0376f
Compare
|
Build failed (check pipeline). Post https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/eae473ac41d74049b9ea13b955db9e8d ✔️ openstack-k8s-operators-content-provider SUCCESS in 1h 40m 47s |
Cross-reference the pulled-images report with CRI-O journal logs from cluster nodes to confirm which images were actually pulled by the container runtime. Runs automatically when kubeconfig is defined, same as the pulled-images report itself. Co-authored-by: Cursor <cursor@cursor.com> Signed-off-by: nemarjan <nemarjan@redhat.com>
nemarjan
force-pushed
the
logic-multiple-registries
branch
from
4f0376f to
bbd3d23
Compare
evallesp
left a comment
evallesp
left a comment
There was a problem hiding this comment.
I like the way is getting. And functionally now is working as expected.
Check my suggestions. Feel free to close them specially those marked as "non-blocking"
| oc get nodes failed (rc={{ _verify_crio_nodes_json.rc }}); cannot fetch CRI-O logs. | ||
|
|
||
| # Filename is sanitised to avoid path-traversal with unusual node names. | ||
| - name: Fetch CRI-O unit logs per node |
There was a problem hiding this comment.
(blocking) suggestion: let's move this task.
One per take the result and another to write in the logs.
Use for the first one: ansible.builtin.command -> cmd: oc adm node-logs "{{ item }}" -u crio --since=-2h
(From previous command, we should think if 2h is enough.
Then following task should be using ansible.builtin.copy where dest is the log path, and origin is stdout from previous task registered variable.
| @@ -0,0 +1,298 @@ | |||
| #!/usr/bin/python | |||
There was a problem hiding this comment.
(non-blocking) requirement: We need to add tests for this script.
You can check crawl_n_mask tests at: tests/unit/modules
I'm Ok if we prepare following work to address this (reason why it's marked as non-blocking) but probably we can check the output of a AI model.
| failed_when: false | ||
|
|
||
| # Flatten all loop results, then one report row per container + initContainer. | ||
| - name: Build per-pod pulled images report |
There was a problem hiding this comment.
(blocking) suggestion: This should go in a jinja2 temlate file under template folder in the role.
| {% set match.expected_pull_basis = 'mirror' %} | ||
| {% endif %} | ||
| {% endfor %} | ||
| {% set _ = entries.append({ |
There was a problem hiding this comment.
(non-blocking) suggestion: I'm unsure if we want these all values.
| @@ -0,0 +1 @@ | |||
| ../../../plugins/modules/verify_pulled_report_crio.py No newline at end of file | |||
| @@ -4,6 +4,9 @@ A role to gather the container images used in the openstack deployment with spec | |||
| ## Parameters | |||
| * `cifmw_env_op_images_dir`: (String) Directory where the operator_images.yaml will be stored. Defaults to `~/ci-framework-data/artifacts` | |||
| * `cifmw_env_op_images_file`: (String) Name of the file storing the operator images and tags. Defaults to `operator_images.yaml` | |||
There was a problem hiding this comment.
(blocking) suggestion: I think we should add proper doc about this new feature.
| state: directory | ||
| mode: "0755" | ||
|
|
||
| # Legacy OpenShift mirror CRD; empty or error is OK (parsed as no items). |
There was a problem hiding this comment.
(non-blocking) suggestion: I'd remove some of these comments. Just leave where tasks have some lofic like thsoe jinja templates.
Also I'd reword them to feel more natural.
| mode: "0644" | ||
|
|
||
| # Console visibility: split rows by how ICSP/IDMS classification turned out. | ||
| - name: Images with expected_pull_basis source |
There was a problem hiding this comment.
(non-blocking) question: Do we need these debugs statements?
| loop_control: | ||
| label: "{{ item.item | default('') }}" | ||
|
|
||
| - name: Find fetched CRI-O log files |
There was a problem hiding this comment.
(non-blockign) suggestion: If we split the task into two, one for executing oc adm node-logs other for retrieving the logs, this might not be necessary anymore.
|
|
||
| # One flat list of rules for templating: each mirror list entry becomes | ||
| # its own row so prefix matching can use the same loop for all mirrors. | ||
| - name: Build source-to-mirror mapping from ICSP/IDMS |
There was a problem hiding this comment.
(blocking) suggestion: I think this comment has room for improvement. Maybe an example of the output?
2 participants
Cross-references pod images against ICSP/IDMS mirror rules to report which images have a mirror configured and which pull directly from the original registry.