This is the CI repository for the Cloud SIG.
We manage and provision Jenkins jobs through code (IaC) with
the help of jenkins-job-builder.
You can find the jobs definition in github.com/rdo-infra/ci-config
You can propose changes against the associated Gerrit project in review.rdoproject.org
We are hosting Jenkins server and nodes on pods on OCP (OpenShift Container Platform).
Jenkins is configured to spawn nodes in which jobs will be running.
The integration of OCP in Jenkins is handled by CentOS CI team.
The pod template we are using is cico-workspace-rdo with the configuration as below:
Name: cico-workspace-rdo
Labels: cico-workspace-rdo
Usage: Only build job with label expressions matching this node
Pod template to inherit from: cico-workspace
Container Template
Name: jnlp
Docker image: quay.io/rdoinfra/cico-workspace-rdo:latest
Always pull image: opt-in
Working directory: /tmp
Arguments to pass in the command: ${computer.jnlpmac} ${computer.name}
Allocate pseudo-TTY: opt-in
Environment Variable from Secret
Key: CICO_API_KEY
SecretName: duffy-api-key
SecretKey: key
The repository namespace is rdoinfra/cico-workspace-rdo
For each new image build we increment the tag by 1, then we tag it as latest and check if
everything is fine in jobs execution.
If there is an issue with new build, then we can rollback the promotion directly in Tag History menu, by reverting operation in Revert column.
Below the list of plugins which are installed by CloudSIG:
Note: those plugins are installed in addition to the ones installed by CentOS Infra team.
We need to add a Gerrit connection in manager.
To do so, add a new Gerrit Server in Manage Jenkins > Uncategorized > Gerrit Trigger with the data below:
Configure Global Security under Environment Injector Plugin;Do not show injected variables.Configure Global Security under Hidden security warnings;Security Warnings;Environment Injector Plugin: Exposure of sensitive build variables stored by EnvInject 1.90 and earlier. This will make sure to hide that error message so it doesn’t appear again.The 2 lines above come from https://stackoverflow.com/a/49368564
The credentials with the informations below are created:
| ID | Name | Kind | Description |
|---|---|---|---|
| 1a12dfa4-7fc5-47a7-aa17-cc56572a41c7 | /** | Username with password | |
| d31fc651-105c-4af6-a2a5-ed486a5897ca | DLRN api password | Secret text | DLRN api password |
| 8a8657ce-adba-465d-9ef9-8d9759327fa9 | Rsync Password log server | Secret text | Rsync Password log server |
| 68c0bffe-4663-47aa-9134-abcae35ace47 | rdo-ci (Upstream RDO CI key) | SSH Username with private key | Upstream RDO CI key |
| da788440-7c2e-4118-9fe9-a5264b40bcb1 | RDO REGISTRY TOKEN | Secret text | RDO REGISTRY TOKEN |
The secrets are kept by Cloud-SIG admins.
Authentication is done against OpenShift which delegates the operation to accounts.centos.org (Noggin/FreeIPA) through OAuth.
From Configure Global Security under Authorization click on Matrix-based security.
Overall/read and Job/read permissions.Overall/read and Job/read permissions.Overall/administrater permissions.Overall/administrater permissions.Overall/administrater permissions.Overall/administrater permissions.Note: each user who wants write access needs an account in accounts.centos.org and must be in sig-cloud group.
Fedora is sponsored by Red Hat. Learn more about the relationship between Red Hat and Fedora »
© Red Hat, Inc. and others.