We want to be able to safely gather any artifacts without worrying about
any possible secrets leaking. Every artifacts that we want to upload
will now have to be placed in /tmp/artifacts which will then be uploaded
to S3 by the executor and link to the artifacts will be provided in the
logs. Only people with access to our AWS account can see them.
There's conflicting ansible versions in the 86 nightlies and epel. There
should be a correct combination of plugins which fixes the callback on
86. But let's drop it to unblock for now.
With new weldr-client package the metadata tar archive created has
permissions set to 600 instead of 644 which causes permission failures
when interacting with it. Adding sudo to resolve that.
It no longer makes sense because:
- we don't make any changes to 8.5
- we don't regenerate test manifests for 8.5
- osbuild-composer for 8.5 is in the rhel-8.5.0 branch
Also, the latest-8.5.0 symlink was removed, which broke the CI.
Signed-off-by: Ondřej Budai <ondrej@budai.cz>
The commonly used 'greenprint' function now adds a date + timestamp to
each message for debugging and tracking the duration of segments of each
scripts.
Update the first blueprint to use "normal" kernel instead of to
use "rt" kernel. Then upgrade to "rt" kernel.
To work with this bug fix, we need osbuild fix and have to pin to
osbuild latest commit.
The customizations.user is removed from upgrade blueprint to work
with this bug fix. But it's for RHEL 8.5 only.
3a8c6c8a introduced a new logic for killing journalctl. Unfortunately, it
doesn't work properly. In ostree tests, multiple journalctls are spawned
but there can be only one trap active at a time. This caused all but the last
journalctls to hang indefinitely. Unfortunately, hanging background processes
is something that causes the GitLab CI to hang indefinitely as well.
This commit modifies the logic a bit: The trap is still set. However, there's
also an explicit kill of journalctl after the compose is finished. After the
process is successfully killed, the trap is removed.
Signed-off-by: Ondřej Budai <ondrej@budai.cz>
Update ostree-ng.sh to install and run ostree commit on UEFI VM
ostree.sh keeps on BIOS VM. Both of BIOS and UEFI are covered.
check_ostree.yaml ansible playbook has to be updated to support
both BISO and UEFI
sudo journalctl -af -n 1 -u "${WORKER_UNIT}" &
WORKER_JOURNAL_PID=$!
In this snippet, WORKER_JOURNAL_PID is set to the PID of the sudo process.
Sudo doesn't propagate any signals - therefore the child process of sudo
(journalctl in this case) isn't killed when a signal is sent to the parent.
Use pkill -P instead which kills all processes where sudo is the parent.
Signed-off-by: Ondřej Budai <ondrej@budai.cz>
According to Ben's suggestion, test has been updated to aligin with
customer scenario.
1. Setup ostree prod repo, building installer and edge upgrade
will be from prod repo
2. Containers for building installer and edge upgrade will be
running as stage repo
3. Before edge system update, prod repo will pull update content
from stage repo, make static-delta and summary
Run tests with user-specified ostree ref.
The ref needs to be specified in the container build as well (without a
URL) to be used for the commit that will be served to the installer.
The same variable/ref is also used to retrieve the $UPGRADE_HASH for the
final OS test.
