OpenShift support #33
Conversation
knikolla
force-pushed
the
feature/openshift
branch
3 times, most recently
from
101a900
to
9d7a5bb
Compare
| name='OpenStack', description='OpenStack Cloud') | ||
| name='OpenStack', description='OpenStack Cloud' | ||
| ) | ||
| resource_models.ResourceType.objects.get_or_create( |
There was a problem hiding this comment.
I would break these commands into register_openstack_attributes and register_openshift_attributes. Its not so clear that you would have to run this command in order to create an openshift resource.
There was a problem hiding this comment.
Agree. I renamed the command to register_cloud_attributes
There was a problem hiding this comment.
Looks mostly good. Some comments:
The assign_role_on_user call in activate_allocation in tasks.py needs to be removed in order for the workflow to finish. add_user_to_allocation already makes this call and the duplicate PUT request always returns 400. This doesn't seem to stop the workflow from working however.
Expiring an allocation and reactivating an allocation doesn't trigger any calls to the acct-mgt service.
knikolla
force-pushed
the
feature/openshift
branch
from
9d7a5bb
to
d9df737
Compare
knikolla
force-pushed
the
feature/openshift
branch
2 times, most recently
from
4e9b29e
to
c4f4edf
Compare
- Updated Vagrantfile to setup Microshift and openshift-acct-mgt - Created ci/run_functional_tests_openshift.sh to run functional tests on Microshift and openshift-acct-mgt. - Implemented interface for Resource Allocator. - Implemented first functional test. - Implemented add_openshift_resource command and OpenShift resource type. - Implemented functional testing in OpenShift CI
knikolla
force-pushed
the
feature/openshift
branch
2 times, most recently
from
1603f11
to
1bf5aa6
Compare
This checks if deletion of a project works. Also removes unnecessary cd which didn't work on Github actions.
knikolla
force-pushed
the
feature/openshift
branch
2 times, most recently
from
ff7f830
to
19d84fc
Compare
knikolla
force-pushed
the
feature/openshift
branch
from
19d84fc
to
793576f
Compare
ci/microshift.sh
Outdated
|
|
||
| sudo docker run -d --name registry --network host registry:2 | ||
|
|
||
| sleep 30 |
There was a problem hiding this comment.
Can we replace this with an active check of some sort? E.g., polling microshift for a successful response?
There was a problem hiding this comment.
Most probably. Docker registries are REST APIs, so polling for a 200 OK might just work. For polling Microshift, rather than the registry, I'm not sure.
There was a problem hiding this comment.
Maybe it would be sufficient just to wait for a successful reply from the equivalent of kubectl get ns?
There was a problem hiding this comment.
I'll give it a try. Thanks!
| git clone https://github.com/cci-moc/openshift-acct-mgt.git ~/openshift-acct-mgt | ||
| cd ~/openshift-acct-mgt | ||
| sudo docker build . -t "localhost:5000/cci-moc/openshift-acct-mgt:latest" | ||
| sudo docker push "localhost:5000/cci-moc/openshift-acct-mgt:latest" |
There was a problem hiding this comment.
Should this be pinned to a particular version? Otherwise changes in openshift-acct-mgr could cause CI on this repository to break. Ideally we'd simply use a tagged image from a hosted repository (docker/quay/ghcr/etc), but even if we can't do that pinning to a particular commit or tag might be a good idea.
There was a problem hiding this comment.
Good question. I'd rather not, since the two systems are likely to be deployed separately, and this forces us to not break compatibility.
There was a problem hiding this comment.
Here's my concern, in case I wasn't clear:
In the current state, because we're pulling straight from the main branch of openshift-acct-mgt, we could end up with failing CI here just because openshift-acct-mgt is broken. By pinning to a specific known-good version we avoid that problem.
This way we're testing the code in this repository, rather than also testing the code in a dependent repository.
Does that change your mind at all?
There was a problem hiding this comment.
My mind was already changed, I was just being lazy. Ideally we would have a release process for openshift-acct-mgt and pin to a release that already has a published docker container rather than build. For now it should be enough to pin to a commit hash. I'll revise.
| if username and password: | ||
| session.auth = HTTPBasicAuth(username, password) | ||
| if os.environ.get('FUNCTIONAL_TESTS', '') == 'True': | ||
| session.verify = False |
There was a problem hiding this comment.
Should we have an environment variable corresponding directly to session.verify (like OPENSHIFT_{var_name}_VERIFY)? I can see situation in which people might want to run this code not during test, but also without valid certificates in place.
The variable could either be a boolean value, or a path to a certificate bundle:
verify = os.getenv(f'OPENSHIFT_{var_name}_VERIFY','true')
if verify:
ssl.verify = (verify.lower() == 'true') if verify.lower() in ['true', 'false'] else verify
There was a problem hiding this comment.
Makes sense. I'll incorporate this.
| return response.json() | ||
| if response.status_code == 404: | ||
| raise NotFound(f"{response.status_code}: {response.text}") | ||
| elif 'does not exist' in response.text or 'not found' in response.text: |
There was a problem hiding this comment.
I am sad that this is necessary :)
| @@ -2,6 +2,10 @@ | |||
| AllocationAttributeType) | |||
|
|
|||
|
|
|||
| def env_safe_name(name): | |||
| return name.replace(' ', '_').replace('-', '_').upper() | |||
There was a problem hiding this comment.
Will we ever see other punctuation in names? That is, should this use re.replace instead and just replace all non-ascii-letters-and-digits?
There was a problem hiding this comment.
I hope we don't see complex resource names, but eventually it might make sense to have more robust conversions. For now I'd rather keep it like this and I opened issue #48
|
@knikolla it looks like all of the comments are being worked on or already resolved. What are the next steps? |
- Removed unnecessary sleep timers
- Added 'OPENSHIFT_{var_name}_VERIFY' switch for tls verification
- Pinned openshift-acct-mgt to current version
knikolla
force-pushed
the
feature/openshift
branch
from
cbfb462
to
45895c2
Compare
NOTE: This is built on top of #32, therefore includes all commits in it
Future improvements: quotas, renaming attributes to be more generic
Closes #46