Review layered-image-buildsys SOP
Signed-off-by: Michal Konečný <mkonecny@redhat.com>
This commit is contained in:
Michal Konečný
parent
5a42d63c77
commit
1d6c2e258a
2 changed files with 18 additions and 19 deletions
|
|
@ -62,7 +62,7 @@
|
||||||
** xref:koji-archive.adoc[Koji Archive - SOP]
|
** xref:koji-archive.adoc[Koji Archive - SOP]
|
||||||
** xref:koji-builder-setup.adoc[Setup Koji Builder - SOP]
|
** xref:koji-builder-setup.adoc[Setup Koji Builder - SOP]
|
||||||
** xref:koschei.adoc[Koschei - SOP]
|
** xref:koschei.adoc[Koschei - SOP]
|
||||||
** xref:layered-image-buildsys.adoc[layered-image-buildsys - SOP in review ]
|
** xref:layered-image-buildsys.adoc[Layered Image Build System - SOP]
|
||||||
** xref:librariesio2fedmsg.adoc[librariesio2fedmsg - SOP in review ]
|
** xref:librariesio2fedmsg.adoc[librariesio2fedmsg - SOP in review ]
|
||||||
** xref:mailman.adoc[mailman - SOP in review ]
|
** xref:mailman.adoc[mailman - SOP in review ]
|
||||||
** xref:making-ssl-certificates.adoc[making-ssl-certificates - SOP in review ]
|
** xref:making-ssl-certificates.adoc[making-ssl-certificates - SOP in review ]
|
||||||
|
|
|
||||||
|
|
@ -9,11 +9,10 @@ to build Layered Container Images in the Fedora Infrastructure via Koji.
|
||||||
|
|
||||||
== Contents
|
== Contents
|
||||||
|
|
||||||
[arabic]
|
* <<_contact_information>>
|
||||||
. Contact Information
|
* <<_overview>>
|
||||||
. Overview
|
* <<_setup>>
|
||||||
. Setup
|
* <<_outage>>
|
||||||
. Outage
|
|
||||||
|
|
||||||
== Contact Information
|
== Contact Information
|
||||||
|
|
||||||
|
|
@ -42,15 +41,15 @@ will submit a build to Koji via the `fedpkg container-build` command a
|
||||||
https://src.fedoraproject.org/projects/container/*[DistGit]. This will
|
https://src.fedoraproject.org/projects/container/*[DistGit]. This will
|
||||||
trigger the build to be scheduled in
|
trigger the build to be scheduled in
|
||||||
https://www.openshift.org/[OpenShift] via
|
https://www.openshift.org/[OpenShift] via
|
||||||
https://github.com/projectatomic/osbs-client[osbs-client] tooling, this
|
https://github.com/projectatomic/osbs-client[osbs-client] tooling,
|
||||||
will create a custom
|
which creates a custom
|
||||||
https://docs.openshift.org/latest/dev_guide/builds.html[OpenShift Build]
|
https://docs.okd.io/latest/cicd/builds/understanding-image-builds.html[OpenShift Build]
|
||||||
which will use the pre-made buildroot container image that we have
|
which will use the pre-made buildroot container image that we have
|
||||||
created. The https://github.com/projectatomic/atomic-reactor[Atomic
|
created. The https://github.com/projectatomic/atomic-reactor[Atomic
|
||||||
Reactor] (`atomic-reactor`) utility will run within the buildroot and
|
Reactor] (`atomic-reactor`) utility will run within the buildroot and
|
||||||
prep the build container where the actual build action will execute, it
|
prep the build container where the actual build action will execute, it
|
||||||
will also maintain uploading the
|
will also maintain uploading the
|
||||||
https://fedoraproject.org/wiki/Koji/ContentGenerators[Content Generator]
|
https://docs.pagure.org/koji/content_generators/[Content Generator]
|
||||||
metadata back to https://fedoraproject.org/wiki/Koji[Koji] and upload
|
metadata back to https://fedoraproject.org/wiki/Koji[Koji] and upload
|
||||||
the built image to the candidate docker registry. This will run on a
|
the built image to the candidate docker registry. This will run on a
|
||||||
host with iptables rules restricting access to the docker bridge, this
|
host with iptables rules restricting access to the docker bridge, this
|
||||||
|
|
@ -120,7 +119,7 @@ $ sudo rbac-playbook groups/osbs/deploy-cluster.yml
|
||||||
This is going to deploy the OpenShift cluster used by OSBS. Currently
|
This is going to deploy the OpenShift cluster used by OSBS. Currently
|
||||||
the playbook deploys 2 clusters (x86_64 and aarch64). Ansible tags can
|
the playbook deploys 2 clusters (x86_64 and aarch64). Ansible tags can
|
||||||
be used to deploy only one of these if needed for example
|
be used to deploy only one of these if needed for example
|
||||||
[.title-ref]#osbs-x86-deploy-openshift#.
|
_osbs-x86-deploy-openshift_.
|
||||||
|
|
||||||
If the openshift-ansible playbook fails it can be easier to run it
|
If the openshift-ansible playbook fails it can be easier to run it
|
||||||
directly from osbs-control01 and use the verbose mode.
|
directly from osbs-control01 and use the verbose mode.
|
||||||
|
|
@ -151,7 +150,7 @@ dsjflksfkgjgkjfdl ....
|
||||||
....
|
....
|
||||||
|
|
||||||
The token needs to be saved in the private ansible repo in
|
The token needs to be saved in the private ansible repo in
|
||||||
[.title-ref]#files/osbs/production/x86-64-osbs-koji#. Once this is done
|
`files/osbs/production/x86-64-osbs-koji`. Once this is done
|
||||||
you can run the builder playbook to update that token.
|
you can run the builder playbook to update that token.
|
||||||
|
|
||||||
....
|
....
|
||||||
|
|
@ -160,10 +159,10 @@ $ sudo rbac-playbook groups/buildvm.yml -t osbs
|
||||||
|
|
||||||
=== Operation
|
=== Operation
|
||||||
|
|
||||||
Koji Hub will schedule the containerBuild on a koji builder via the
|
Koji Hub will schedule the `containerBuild` on a koji builder via the
|
||||||
koji-containerbuild-hub plugin, the builder will then submit the build
|
`koji-containerbuild-hub` plugin, the builder will then submit the build
|
||||||
in OpenShift via the koji-containerbuild-builder plugin which uses the
|
in OpenShift via the `koji-containerbuild-builder` plugin which uses the
|
||||||
osbs-client python API that wraps the OpenShift API along with a custom
|
`osbs-client` python API that wraps the OpenShift API along with a custom
|
||||||
OpenShift Build JSON payload.
|
OpenShift Build JSON payload.
|
||||||
|
|
||||||
The Build is then scheduled in OpenShift and it's logs are captured by
|
The Build is then scheduled in OpenShift and it's logs are captured by
|
||||||
|
|
@ -176,8 +175,8 @@ generator.
|
||||||
If Koji is down, then builds can't be scheduled but repairing Koji is
|
If Koji is down, then builds can't be scheduled but repairing Koji is
|
||||||
outside the scope of this document.
|
outside the scope of this document.
|
||||||
|
|
||||||
If either the candidate-registry.fedoraproject.org or
|
If either the _candidate-registry.fedoraproject.org_ or
|
||||||
registry.fedoraproject.org Container Registries are unavailable, but
|
_registry.fedoraproject.org_. Container registries are unavailable, but
|
||||||
repairing those is also outside the scope of this document.
|
repairing those is also outside the scope of this document.
|
||||||
|
|
||||||
=== OSBS Failures
|
=== OSBS Failures
|
||||||
|
|
@ -188,7 +187,7 @@ are known about and the recovery procedures are listed below.
|
||||||
==== Ran out of disk space
|
==== Ran out of disk space
|
||||||
|
|
||||||
Docker uses a lot of disk space, and while the osbs-nodes have been
|
Docker uses a lot of disk space, and while the osbs-nodes have been
|
||||||
alloted what is considered to be ample disk space for builds (since they
|
allocated what is considered to be ample disk space for builds (since they
|
||||||
are automatically cleaned up periodically) it is possible this will run
|
are automatically cleaned up periodically) it is possible this will run
|
||||||
out.
|
out.
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue