def add_release_payload_controller_resources(config, context):
with genlib.GenDoc(config.paths.path_rpc_resources.joinpath('admin_rbac.yaml'), context) as gendoc:
_service_account(gendoc)
_cluster_level_rbac_resources(gendoc)
_namespaced_rbac_resources(gendoc)
with genlib.GenDoc(config.paths.path_rpc_resources.joinpath('deployment.yaml'), context) as gendoc:
_deployment_resources(gendoc)
def generate_app_ci_content(config, git_clone_dir):
for private in (False, True):
for arch in config.arches:
context = Context(config, arch, private)
with genlib.GenDoc(
config.paths.path_rc_deployments.joinpath(
f'admin_deploy-{context.is_namespace}-controller.yaml'
), context) as gendoc:
content.add_imagestream_namespace_rbac(gendoc)
with genlib.GenDoc(
config.paths.path_rc_deployments.joinpath(
f'deploy-{context.is_namespace}-controller.yaml'),
context) as gendoc:
content.add_osd_rc_deployments(gendoc)
content.add_osd_files_cache_service_account_resources(gendoc)
content.add_osd_files_cache_resources(gendoc)
with genlib.GenDoc(
config.paths.path_rc_deployments.joinpath('serviceaccount.yaml'),
context=config) as gendoc:
content.add_osd_rc_service_account_resources(gendoc)
with genlib.GenDoc(config.paths.path_rc_deployments.joinpath(
'admin_deploy-ocp-publish-art.yaml'),
context=config) as gendoc:
content.add_art_publish(gendoc)
with genlib.GenDoc(
config.paths.path_rc_rpms.joinpath('rpms-ocp-3.11.yaml'),
context=config) as gendoc:
content.add_rpm_mirror_service(gendoc, git_clone_dir, '3.11')
for major_minor in config.releases:
with genlib.GenDoc(config.paths.path_rc_rpms.joinpath(
f'rpms-ocp-{major_minor}.yaml'),
context=config) as gendoc:
content.add_rpm_mirror_service(gendoc, git_clone_dir, major_minor)
# Generate the release-controller one-offs...
context = Context(config, "x86_64", False)
# Origin release-controller
with genlib.GenDoc(
config.paths.path_rc_deployments.joinpath(
'admin_deploy-origin-controller.yaml'), context) as gendoc:
content.generate_origin_admin_resources(gendoc)
with genlib.GenDoc(
config.paths.path_rc_deployments.joinpath(
'deploy-origin-controller.yaml'), context) as gendoc:
content.generate_origin_resources(gendoc)
# Signer
with genlib.GenDoc(
config.paths.path_rc_deployments.joinpath('deploy-ci-signer.yaml'),
context) as gendoc:
content.generate_signer_resources(gendoc)
def generate_development_rbac(config):
for private in (False, True):
for arch in config.arches:
context = Context(config, arch, private)
with genlib.GenDoc(
config.paths.path_rc_deployments.joinpath(
f'admin-{context.is_namespace}-rbac.yaml'),
context) as gendoc:
content.add_development_rbac(gendoc, context.is_namespace)
content.add_development_monitoring_rbac(gendoc)
context = Context(config, "x86_64", False)
with genlib.GenDoc(
config.paths.path_rc_deployments.joinpath(
'admin-origin-rbac.yaml'), context) as gendoc:
content.add_development_rbac(gendoc, 'origin')
def generate_trt_rbac(config):
with genlib.GenDoc(
config.paths.path_trt_resources.joinpath(
'admin_generated_rbac.yaml')) as gendoc:
for private in (False, True):
for arch in config.arches:
context = Context(config, arch, private)
_add_trt_admin_cluster_role_bindings(gendoc,
context.is_namespace)
def generate_api_ci_content(config):
for private in (False, True):
for arch in config.arches:
context = Context(config, arch, private)
with genlib.GenDoc(config.paths.path_rc_release_resources.joinpath(f'admin_config_updater_rbac{context.suffix}.yaml'), context) as gendoc:
content.add_art_namespace_config_updater_rbac(gendoc)
with genlib.GenDoc(config.paths.path_rc_release_resources.joinpath(f'admin_deploy-{context.is_namespace}-controller.yaml'), context) as gendoc:
content.add_imagestream_namespace_rbac(gendoc)
with genlib.GenDoc(config.paths.path_rc_release_resources.joinpath(f'deploy-{context.is_namespace}-controller.yaml'), context) as gendoc:
content.add_redirect_resources(gendoc)
with genlib.GenDoc(config.paths.path_rc_release_resources.joinpath('admin_deploy-ocp-publish-art.yaml'), context=config) as gendoc:
content.add_art_publish(gendoc)
# If there is an annotation defined for the public release controller, use it as a template
# for the private annotations.
for annotation_path in config.paths.path_rc_annotations.glob('release-ocp-*.json'):
if annotation_path.name.endswith('ci.json'): # There are no CI annotations for the private controllers
continue
if '-stable' in annotation_path.name: # There are no stable streams in private release controllers
continue
annotation_filename = os.path.basename(annotation_path)
with open(annotation_path, mode='r', encoding='utf-8') as f:
pub_annotation = json.load(f)
print(str(annotation_path))
priv_annotation = dict(pub_annotation)
priv_annotation['name'] += '-priv'
priv_annotation['mirrorPrefix'] += '-priv'
priv_annotation['to'] += '-priv'
priv_annotation.pop('check', None) # Don't worry about the state of other releases
priv_annotation.pop('publish', None) # Don't publish these images anywhere
priv_annotation.pop('periodic', None) # Don't configure periodics
priv_annotation['message'] = "<!-- GENERATED FROM PUBLIC ANNOTATION CONFIG - DO NOT EDIT. -->" + priv_annotation['message']
for _, test_config in priv_annotation['verify'].items():
test_config['prowJob']['name'] += '-priv'
# TODO: Private jobs are disabled until the -priv variants can be generated by prowgen
test_config['disabled'] = True
with config.paths.path_priv_rc_annotations.joinpath(annotation_filename).open(mode='w+', encoding='utf-8') as f:
json.dump(priv_annotation, f, sort_keys=True, indent=4)
def generate_app_ci_content(config, git_clone_dir):
for private in (False, True):
for arch in config.arches:
context = Context(config, arch, private)
with genlib.GenDoc(
config.paths.path_rc_deployments.joinpath(
f'admin_deploy-{context.is_namespace}-controller.yaml'
), context) as gendoc:
content.add_imagestream_namespace_rbac(gendoc)
with genlib.GenDoc(
config.paths.path_rc_deployments.joinpath(
f'deploy-{context.is_namespace}-controller.yaml'),
context) as gendoc:
content.add_osd_rc_deployments(gendoc)
content.add_osd_files_cache_service_account_resources(gendoc)
content.add_osd_files_cache_resources(gendoc)
with genlib.GenDoc(
config.paths.path_rc_deployments.joinpath('serviceaccount.yaml'),
context=config) as gendoc:
content.add_osd_rc_service_account_resources(gendoc)
with genlib.GenDoc(config.paths.path_rc_deployments.joinpath(
'admin_deploy-ocp-publish-art.yaml'),
context=config) as gendoc:
content.add_art_publish(gendoc)
with genlib.GenDoc(
config.paths.path_rc_rpms.joinpath('rpms-ocp-3.11.yaml'),
context=config) as gendoc:
content.add_rpm_mirror_service(gendoc, git_clone_dir, '3.11')
for major_minor in config.releases:
with genlib.GenDoc(config.paths.path_rc_rpms.joinpath(
f'rpms-ocp-{major_minor}.yaml'),
context=config) as gendoc:
content.add_rpm_mirror_service(gendoc, git_clone_dir, major_minor)
# If there is an annotation defined for the public release controller, use it as a template
# for the private annotations.
for annotation_path in config.paths.path_rc_annotations.glob(
'release-ocp-*.json'):
if annotation_path.name.endswith(
'ci.json'
): # There are no CI annotations for the private controllers
continue
if '-stable' in annotation_path.name: # There are no stable streams in private release controllers
continue
annotation_filename = os.path.basename(annotation_path)
with open(annotation_path, mode='r', encoding='utf-8') as f:
pub_annotation = json.load(f)
print(str(annotation_path))
priv_annotation = dict(pub_annotation)
priv_annotation['name'] += '-priv'
priv_annotation['mirrorPrefix'] += '-priv'
# The "multi" release-controller purposefully does not use the "to" annotation:
if 'to' in pub_annotation:
priv_annotation['to'] += '-priv'
priv_annotation.pop(
'check', None) # Don't worry about the state of other releases
priv_annotation.pop('publish',
None) # Don't publish these images anywhere
priv_annotation.pop('periodic', None) # Don't configure periodics
priv_annotation[
'message'] = "<!-- GENERATED FROM PUBLIC ANNOTATION CONFIG - DO NOT EDIT. -->" + priv_annotation[
'message']
for _, test_config in priv_annotation['verify'].items():
test_config['prowJob']['name'] += '-priv'
# TODO: Private jobs are disabled until the -priv variants can be generated by prowgen
test_config['disabled'] = True
with config.paths.path_priv_rc_annotations.joinpath(
annotation_filename).open(mode='w+', encoding='utf-8') as f:
json.dump(priv_annotation, f, sort_keys=True, indent=4)
# Generate the release-controller one-offs...
context = Context(config, "x86_64", False)
# Origin release-controller
with genlib.GenDoc(
config.paths.path_rc_deployments.joinpath(
'admin_deploy-origin-controller.yaml'), context) as gendoc:
content.generate_origin_admin_resources(gendoc)
with genlib.GenDoc(
config.paths.path_rc_deployments.joinpath(
'deploy-origin-controller.yaml'), context) as gendoc:
content.generate_origin_resources(gendoc)
# Signer
with genlib.GenDoc(
config.paths.path_rc_deployments.joinpath('deploy-ci-signer.yaml'),
context) as gendoc:
content.generate_signer_resources(gendoc)
# Development RBAC
generate_development_rbac(config)
def run(git_clone_dir):
releases_4x = []
for name in glob.glob(
f'{git_clone_dir}/ci-operator/jobs/openshift/release/openshift-release-release-4.*-periodics.yaml'
):
bn = os.path.splitext(os.path.basename(name))[
0] # e.g. openshift-release-release-4.4-periodics
major_minor = bn.split('-')[-2] # 4.4
releases_4x.append(major_minor)
path_base = pathlib.Path(git_clone_dir)
path_rc_deployments = path_base.joinpath(
'clusters/app.ci/release-controller')
path_rc_release_resources = path_base.joinpath(
'core-services/release-controller')
path_rc_build_configs = path_rc_release_resources
path_rc_build_configs.mkdir(exist_ok=True)
path_rc_annotations = path_rc_release_resources.joinpath('_releases')
path_priv_rc_annotations = path_rc_annotations.joinpath(
'priv'
) # location where priv release controller annotations are generated
path_priv_rc_annotations.mkdir(exist_ok=True)
releases_4x.sort(
) # Glob does provide any guarantees on ordering, so force an order by sorting.
config = Config(releases_4x)
for private in (False, True):
for arch in config.arches:
context = Context(config, arch, private)
with genlib.GenDoc(
path_rc_deployments.joinpath(
f'deploy-{context.is_namespace}-controller.yaml'),
context) as gendoc:
content.add_osd_rc_deployments(gendoc)
with genlib.GenDoc(
path_rc_release_resources.joinpath(
f'admin_config_updater_rbac{context.suffix}.yaml'),
context) as gendoc:
content.add_art_namespace_config_updater_rbac(gendoc)
with genlib.GenDoc(
path_rc_release_resources.joinpath(
f'admin_deploy-{context.is_namespace}-controller.yaml'
), context) as gendoc:
content.add_imagestream_namespace_rbac(gendoc)
with genlib.GenDoc(
path_rc_release_resources.joinpath(
f'deploy-{context.is_namespace}-controller.yaml'),
context) as gendoc:
content.add_redirect_and_files_cache_resources(gendoc)
with genlib.GenDoc(path_rc_deployments.joinpath('serviceaccount.yaml'),
context=config) as gendoc:
content.add_osd_rc_service_account_resources(gendoc)
with genlib.GenDoc(path_rc_release_resources.joinpath(
'admin_deploy-ocp-publish-art.yaml'),
context=config) as gendoc:
content.add_art_publish(gendoc)
for major_minor in releases_4x:
with genlib.GenDoc(path_rc_release_resources.joinpath(
f'rpms-ocp-{major_minor}.yaml'),
context=config) as gendoc:
content.add_rpm_mirror_service(gendoc, git_clone_dir, major_minor)
# If there is an annotation defined for the public release controller, use it as a template
# for the private annotations.
for annotation_path in path_rc_annotations.glob(f'release-ocp-*.json'):
if annotation_path.name.endswith(
('ci.json'
)): # There are no CI annotations for the private controllers
continue
if '-stable' in annotation_path.name: # There are no stable streams in private release controllers
continue
annotation_filename = os.path.basename(annotation_path)
with open(annotation_path, mode='r', encoding='utf-8') as f:
pub_annotation = json.load(f)
print(str(annotation_path))
priv_annotation = dict(pub_annotation)
priv_annotation['name'] += '-priv'
priv_annotation['mirrorPrefix'] += '-priv'
priv_annotation['to'] += '-priv'
priv_annotation.pop(
'check', None) # Don't worry about the state of other releases
priv_annotation.pop('publish',
None) # Don't publish these images anywhere
priv_annotation[
'message'] = "<!-- GENERATED FROM PUBLIC ANNOTATION CONFIG - DO NOT EDIT. -->" + priv_annotation[
'message']
for _, test_config in priv_annotation['verify'].items():
test_config['prowJob']['name'] += '-priv'
# TODO: Private jobs are disabled until the -priv variants can be generated by prowgen
test_config['disabled'] = True
with path_priv_rc_annotations.joinpath(annotation_filename).open(
mode='w+', encoding='utf-8') as f:
json.dump(priv_annotation, f, sort_keys=True, indent=4)
