From 91ef94c261935775947db79b9b7a429b87184854 Mon Sep 17 00:00:00 2001 From: Trevor Dolby <107267051+trevor-dolby-at-ibm-com@users.noreply.github.com> Date: Thu, 11 Apr 2024 16:28:07 -0500 Subject: [PATCH] Tekton updates (#53) (#54) * Tekton updates (#53) * Move endpoint to pipeline run * Doc update * Switch to generateName * Fix branch name * Switch to generateName * OpenShift doc change * CP4i fixup * Fix permissions Signed-off-by: Trevor Dolby * Fix buildah image --------- Signed-off-by: Trevor Dolby * Tekton updates (#55) * Move endpoint to pipeline run * Doc update * Switch to generateName * Fix branch name * Switch to generateName * OpenShift doc change * CP4i fixup * Fix permissions Signed-off-by: Trevor Dolby * Fix buildah image * 12.0.11 fixup --------- Signed-off-by: Trevor Dolby --------- Signed-off-by: Trevor Dolby --- .../ace-toolkit-xvnc/devcontainer.json | 2 +- .devcontainer/devcontainer.json | 2 +- .../devcontainer.json | 2 +- .devcontainer/quay.io/devcontainer.json | 2 +- .github/workflows/docker-image.yml | 4 +-- .github/workflows/main-cp.yml | 2 +- .github/workflows/main.yml | 2 +- TeaRESTApplication/README.md | 2 +- demo-infrastructure/README-jenkins.md | 2 +- .../docker/ace-minimal-build/Dockerfile | 2 +- .../docker/ace-minimal-build/README.md | 6 ++-- .../Jenkinsfile.windows-containers | 2 +- .../windows-containers/README.md | 2 +- tekton/Dockerfile | 6 ++-- tekton/README.md | 34 +++++++++++++------ tekton/ace-pipeline-run.yaml | 8 ++--- .../aceaas/40-ibmint-aceaas-deploy-task.yaml | 4 ++- .../aceaas/41-ibmint-aceaas-config-task.yaml | 6 ++-- tekton/aceaas/aceaas-pipeline-run.yaml | 11 +++--- tekton/aceaas/aceaas-pipeline.yaml | 7 ++++ tekton/minimal-image-build/README.md | 10 +++--- .../ace-minimal-build-image-pipeline-run.yaml | 4 ++- .../ace-minimal-image-pipeline-run.yaml | 4 ++- tekton/minimal-image-build/apply-yaml.sh | 2 +- tekton/os/ace-pipeline-run.yaml | 15 -------- tekton/os/cp4i/12-ibmint-cp4i-build-task.yaml | 6 ++-- tekton/os/cp4i/Dockerfile | 2 +- tekton/os/cp4i/README.md | 23 +++++-------- tekton/os/cp4i/apply-yaml.sh | 27 +++++++++++++++ tekton/os/cp4i/cp4i-pipeline-run.yaml | 6 ++-- tekton/os/cp4i/cp4i-pipeline.yaml | 2 +- tekton/os/force-pull-of-images.yaml | 4 +-- .../14-ibmint-ace-build-temp-db2-task.yaml | 4 +-- 33 files changed, 125 insertions(+), 92 deletions(-) delete mode 100644 tekton/os/ace-pipeline-run.yaml create mode 100755 tekton/os/cp4i/apply-yaml.sh diff --git a/.devcontainer/ace-toolkit-xvnc/devcontainer.json b/.devcontainer/ace-toolkit-xvnc/devcontainer.json index c6cf0e5..3d46616 100644 --- a/.devcontainer/ace-toolkit-xvnc/devcontainer.json +++ b/.devcontainer/ace-toolkit-xvnc/devcontainer.json @@ -1,6 +1,6 @@ { "name": "ace-demo-pipeline-toolkit-xvnc-devcontainer", - "image": "tdolby/experimental:ace-devcontainer-xvnc-12.0.10.0", + "image": "tdolby/experimental:ace-devcontainer-xvnc-12.0.11.0", "containerEnv": { "LICENSE": "accept" }, diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index 1df0c11..a429973 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -1,6 +1,6 @@ { "name": "ace-demo-pipeline-devcontainer", - "image": "tdolby/experimental:ace-minimal-devcontainer-12.0.10.0", + "image": "tdolby/experimental:ace-minimal-devcontainer-12.0.11.0", "containerEnv": { "LICENSE": "accept" }, diff --git a/.devcontainer/quay.io-ace-toolkit-xvnc/devcontainer.json b/.devcontainer/quay.io-ace-toolkit-xvnc/devcontainer.json index 701f98e..ea18d92 100644 --- a/.devcontainer/quay.io-ace-toolkit-xvnc/devcontainer.json +++ b/.devcontainer/quay.io-ace-toolkit-xvnc/devcontainer.json @@ -1,6 +1,6 @@ { "name": "ace-demo-pipeline-quay.io-toolkit-xvnc-devcontainer", - "image": "quay.io/trevor_dolby/ace-devcontainer-xvnc:12.0.10.0", + "image": "quay.io/trevor_dolby/ace-devcontainer-xvnc:12.0.11.0", "containerEnv": { "LICENSE": "accept" }, diff --git a/.devcontainer/quay.io/devcontainer.json b/.devcontainer/quay.io/devcontainer.json index 181fe46..d9219b2 100644 --- a/.devcontainer/quay.io/devcontainer.json +++ b/.devcontainer/quay.io/devcontainer.json @@ -1,6 +1,6 @@ { "name": "ace-demo-pipeline-devcontainer-quay-io", - "image": "quay.io/trevor_dolby/ace-minimal-devcontainer:12.0.10.0", + "image": "quay.io/trevor_dolby/ace-minimal-devcontainer:12.0.11.0", "containerEnv": { "LICENSE": "accept" }, diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml index a3b3b45..8486a7f 100644 --- a/.github/workflows/docker-image.yml +++ b/.github/workflows/docker-image.yml @@ -8,7 +8,7 @@ jobs: build: runs-on: ubuntu-latest container: - image: tdolby/experimental:ace-minimal-build-12.0.10.0-alpine + image: tdolby/experimental:ace-minimal-build-12.0.11.0-alpine volumes: - /var/run/docker.sock:/var/run/docker.sock options: -u 0 @@ -37,7 +37,7 @@ jobs: - name: Build the image run: | cd /tmp/build - docker build --file Dockerfile --build-arg BASE_IMAGE=tdolby/experimental:ace-minimal-12.0.10.0-alpine -t tdolby/experimental:tea-github-action-latest . + docker build --file Dockerfile --build-arg BASE_IMAGE=tdolby/experimental:ace-minimal-12.0.11.0-alpine -t tdolby/experimental:tea-github-action-latest . - name: Push the image run: | diff --git a/.github/workflows/main-cp.yml b/.github/workflows/main-cp.yml index 7d26fe8..53670fe 100644 --- a/.github/workflows/main-cp.yml +++ b/.github/workflows/main-cp.yml @@ -15,7 +15,7 @@ jobs: # Set the cp.icr.io ace container as runtime. # Running as root (-u 0) allows the installation of the docker binaries. container: - image: cp.icr.io/cp/appc/ace:12.0.10.0-r1 + image: cp.icr.io/cp/appc/ace:12.0.11.0-r1 options: -u 0 credentials: username: ${{ secrets.CP_USERNAME }} diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 34cbbea..bd3cab7 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -19,7 +19,7 @@ jobs: # The type of runner that the job will run on runs-on: ubuntu-latest container: - image: tdolby/experimental:ace-minimal-12.0.10.0-alpine + image: tdolby/experimental:ace-minimal-12.0.11.0-alpine options: -u 0 env: LICENSE: accept diff --git a/TeaRESTApplication/README.md b/TeaRESTApplication/README.md index f2209a7..c28b7a4 100644 --- a/TeaRESTApplication/README.md +++ b/TeaRESTApplication/README.md @@ -10,7 +10,7 @@ curl -X POST --data '{"name": "Assam", "strength": 5}' http://173.193.79.84:3153 curl http://173.193.79.84:31531/tea/index/1 ``` -Can be run locally as well as in the cloud, and for full details this repo should be pulled into an ACE 12.0.10.0 toolkit (via the egit plugin) and examined there. +Can be run locally as well as in the cloud, and for full details this repo should be pulled into an ACE 12.0.11.0 toolkit (via the egit plugin) and examined there. ## Implementation diff --git a/demo-infrastructure/README-jenkins.md b/demo-infrastructure/README-jenkins.md index 0ed3e87..c2da81a 100644 --- a/demo-infrastructure/README-jenkins.md +++ b/demo-infrastructure/README-jenkins.md @@ -28,7 +28,7 @@ so that the component tests can run successfully. This is required regardless of deploy target (integration node or ACEaaS). For Windows, the ACE_COMMAND environment variable may need to be changed to match a locally-installed -version of ACE (currently set to 12.0.10). Container support is not required. +version of ACE (currently set to 12.0.11). Container support is not required. For Linux, the pipeline will use containers for the actual build steps, and this requires either the `ace` container image from cp.icr.io or the `ace-minimal-build` container image to be created diff --git a/demo-infrastructure/docker/ace-minimal-build/Dockerfile b/demo-infrastructure/docker/ace-minimal-build/Dockerfile index ad8e6e1..9724680 100644 --- a/demo-infrastructure/docker/ace-minimal-build/Dockerfile +++ b/demo-infrastructure/docker/ace-minimal-build/Dockerfile @@ -1,6 +1,6 @@ # Copyright (c) 2022 Open Technologies for Integration # Licensed under the MIT license (see LICENSE for details) -ARG BASE_IMAGE=ace-minimal:12.0.10.0-alpine +ARG BASE_IMAGE=ace-minimal:12.0.11.0-alpine FROM $BASE_IMAGE # diff --git a/demo-infrastructure/docker/ace-minimal-build/README.md b/demo-infrastructure/docker/ace-minimal-build/README.md index f6effd8..ba7049a 100644 --- a/demo-infrastructure/docker/ace-minimal-build/README.md +++ b/demo-infrastructure/docker/ace-minimal-build/README.md @@ -2,13 +2,13 @@ Used by the pipeline in this repo to run the ACE commands within a CI or other pipeline build. -Built on top of ace-minimal:12.0.10.0-alpine (in a registry of your choice and built from +Built on top of ace-minimal:12.0.11.0-alpine (in a registry of your choice and built from https://github.com/ot4i/ace-docker/tree/master/experimental/ace-minimal) but will be pushed to the same registry via the Tekton pipelines in tekton/minimal-image-build in this repo if using Tekton. For Jenkins build purposes, this image is needed locally and should be built with ``` -docker build -t ace-minimal-build:12.0.10.0-alpine . +docker build -t ace-minimal-build:12.0.11.0-alpine . ``` -after building ace-minimal:12.0.10.0-alpine from the ace-docker repo (linked above). +after building ace-minimal:12.0.11.0-alpine from the ace-docker repo (linked above). diff --git a/demo-infrastructure/windows-containers/Jenkinsfile.windows-containers b/demo-infrastructure/windows-containers/Jenkinsfile.windows-containers index f2df87e..bb5ca0a 100644 --- a/demo-infrastructure/windows-containers/Jenkinsfile.windows-containers +++ b/demo-infrastructure/windows-containers/Jenkinsfile.windows-containers @@ -1,5 +1,5 @@ pipeline { - agent { docker { image 'ace-jenkins:12.0.10.0-windows' } } + agent { docker { image 'ace-jenkins:12.0.11.0-windows' } } parameters { /* These values would be better moved to a configuration file and provided by */ /* the Config File Provider plugin (or equivalent), but this is good enough */ diff --git a/demo-infrastructure/windows-containers/README.md b/demo-infrastructure/windows-containers/README.md index 96b0113..b507809 100644 --- a/demo-infrastructure/windows-containers/README.md +++ b/demo-infrastructure/windows-containers/README.md @@ -22,7 +22,7 @@ The repo must be cloned locally, possibly configured with a download URL (see [ace-basic](https://github.com/ot4i/ace-docker/tree/main/experimental/windows/ace-basic)), and then the following command should be run in the experimental/windows/ace-basic directory ``` -docker build --build-arg FROMIMAGE=jenkins/agent:windowsservercore-ltsc2019 -t ace-jenkins:12.0.10.0-windows . +docker build --build-arg FROMIMAGE=jenkins/agent:windowsservercore-ltsc2019 -t ace-jenkins:12.0.11.0-windows . ``` to create the ace-jenkins image used by this pipeline. diff --git a/tekton/Dockerfile b/tekton/Dockerfile index a355181..4bc4b53 100644 --- a/tekton/Dockerfile +++ b/tekton/Dockerfile @@ -2,15 +2,15 @@ # Licensed under the MIT license (see LICENSE for details) #FROM tdolby/experimental:ace-minimal-11.0.0.11-alpine -ARG BASE_IMAGE=ace-minimal:12.0.10.0-alpine +ARG BASE_IMAGE=ace-minimal:12.0.11.0-alpine FROM $BASE_IMAGE # Used for tekton and Maven containers # # To run locally, build into an ace-server directory somewhere (such as /tmp/maven-output/ace-server), copy -# this Dockerfile into the parent directory, and then (assuming 12.0.10) run +# this Dockerfile into the parent directory, and then (assuming 12.0.11) run # -# docker build --build-arg BASE_IMAGE=tdolby/experimental:ace-minimal-12.0.10.0-alpine -t tea-tekton-test . +# docker build --build-arg BASE_IMAGE=tdolby/experimental:ace-minimal-12.0.11.0-alpine -t tea-tekton-test . # # from the parent directory (such as /tmp/maven-output) # diff --git a/tekton/README.md b/tekton/README.md index 37f16e6..eef974c 100644 --- a/tekton/README.md +++ b/tekton/README.md @@ -79,7 +79,7 @@ kubectl create secret generic jdbc-secret --from-literal=USERID='blah' --from-li ``` with the obvious replacements. -## Tekton dashboard +### Tekton dashboard The Tekton dashboard (for non-OpenShift users) can be installed as follows: ``` @@ -95,6 +95,11 @@ dashboard HTTP port can be made available locally as follows: kubectl --namespace tekton-pipelines port-forward --address 0.0.0.0 svc/tekton-dashboard 9097:9097 ``` +### Pipeline creation + +At this point, the instructions split into two: for deployment to containers, see the following section. +For ACE-as-a-Service, see [ACE-as-a-Service target](#ace-as-a-service-target) below. + ## Container deploy target ![Pipeline overview](/demo-infrastructure/images/tekton-pipeline.png) @@ -113,12 +118,19 @@ task is only run if `knativeDeploy` is set to `true` when the pipeline is run). Once that has been accomplished, the simplest way to run the pipeline is ``` -kubectl apply -f tekton/ace-pipeline-run.yaml -tkn pipelinerun logs ace-pipeline-run-1 -f +kubectl create -f tekton/ace-pipeline-run.yaml +tkn pipelinerun logs -L -f ``` and this should build the projects, run the unit tests, create a docker image, and then create a deployment that runs the application. +Note that previous versions of the instructions suggested running +``` +kubectl apply -f tekton/ace-pipeline-run.yaml +tkn pipelinerun logs ace-pipeline-run-1 -f +``` +using a fixed name for the pipeline run, but using a generated name allows build history to be preserved. + ### How to know if the container deploy pipeline has succeeded The end result should be a running container with the tea application deployed, listening for requests on /tea/index at the @@ -162,8 +174,8 @@ registry authentication for some reason when using single-node OpenShift with a After that, the pipeline run YAML should be changed to point to the OpenShift registry, and the pipeline run as normal: ``` -kubectl apply -f tekton/ace-pipeline-run.yaml -tkn pipelinerun logs ace-pipeline-run-1 -f +kubectl create -f tekton/ace-pipeline-run.yaml +tkn pipelinerun logs -L -f ``` The OpenShift Pipeline operator provides a web interface for the pipeline runs also, which may be an easier way to view progress. @@ -199,7 +211,8 @@ appropriate credentials: kubectl create secret docker-registry ibm-entitlement-key --docker-username=cp --docker-password=myEntitlementKey --docker-server=cp.icr.io ``` Ensure that the ace-tekton-service-account includes the `ibm-entitlement-key` secret for both secrets -and imagePullSecrets. For those without an IBM Entitlement Key, the `ace-minimal` image will also work. +and imagePullSecrets. For those without an IBM Entitlement Key, the `ace-minimal` image will also work, and +the service account will not need to be changed. Setting up the pipeline requires Tekton to be installed (which may already have happend via OpenShift operators, in which case skip the first line), tasks to be created, and the pipeline itself to be configured: @@ -215,7 +228,7 @@ should be created using values acquired using the ACEaaS console. See [https://www.ibm.com/docs/en/app-connect/saas?topic=overview-accessing-api](https://www.ibm.com/docs/en/app-connect/saas?topic=overview-accessing-api) for details on how to find or create the correct credentials, and then set the following ``` -kubectl create secret generic aceaas-credentials --from-literal=appConEndpoint=MYENDPOINT --from-literal=appConInstanceID=MYINSTANECID --from-literal=appConClientID=HEXNUMBERSTRING --from-literal=appConApiKey=BASE64APIKEY --from-literal=appConClientSecret=HEXNUMBERCLIENTSECRET +kubectl create secret generic aceaas-credentials --from-literal=appConInstanceID=MYINSTANCEID --from-literal=appConClientID=HEXNUMBERSTRING --from-literal=appConApiKey=BASE64APIKEY --from-literal=appConClientSecret=HEXNUMBERCLIENTSECRET ``` The pipeline should create the required configurations based on the JDBC credentials and other values if the createConfiguration parameter is set to `true`; this should only be used @@ -223,10 +236,11 @@ for the first pipeline run or after any change to the credentials (see the "ACEa limits" section of [README-aceaas-pipelines.md](/demo-infrastructure/README-aceaas-pipelines.md) for more information). -Once that has been accomplished, the simplest way to run the pipeline is +Once the required edits to `aceaas-pipeline-run.yaml` have been made (including setting the +ACEaaS API endpoint, if not using the US East region), the simplest way to run the pipeline is ``` -kubectl apply -f tekton/aceaas/aceaas-pipeline-run.yaml -tkn pipelinerun logs aceaas-pipeline-run-1 -f +kubectl create -f tekton/aceaas/aceaas-pipeline-run.yaml +tkn pipelinerun logs -L -f ``` and this should build the projects, run the tests, and then deploy to ACEaaS. diff --git a/tekton/ace-pipeline-run.yaml b/tekton/ace-pipeline-run.yaml index 8f708d5..d65636e 100644 --- a/tekton/ace-pipeline-run.yaml +++ b/tekton/ace-pipeline-run.yaml @@ -1,13 +1,9 @@ apiVersion: tekton.dev/v1beta1 kind: PipelineRun metadata: - # Can use generated names with kubectl create; follow logs with "tkn pipeline logs ace-pipeline -f" to - # avoid needing a fixed name. - #generateName: ace-pipeline-run- - + generateName: ace-pipeline-run- # Fixed name allows "tkn pr delete ace-pipeline-run-1 -f ; kubectl apply -f tekton/ace-pipeline-run.yaml ; tkn pr logs ace-pipeline-run-1 -f" - # which has a slightly nicer log format. - name: ace-pipeline-run-1 + #name: ace-pipeline-run-1 spec: serviceAccountName: ace-tekton-service-account pipelineRef: diff --git a/tekton/aceaas/40-ibmint-aceaas-deploy-task.yaml b/tekton/aceaas/40-ibmint-aceaas-deploy-task.yaml index 9044313..48a169f 100644 --- a/tekton/aceaas/40-ibmint-aceaas-deploy-task.yaml +++ b/tekton/aceaas/40-ibmint-aceaas-deploy-task.yaml @@ -14,6 +14,8 @@ spec: type: string - name: buildImage type: string + - name: appConEndpoint + type: string - name: deployPrefix type: string results: @@ -128,7 +130,7 @@ spec: echo Deploying BAR file echo ======================================================================== - export appConEndpoint=$(cat /run/secrets/aceaas/appConEndpoint) + export appConEndpoint=$(params.appConEndpoint) export appConInstanceID=$(cat /run/secrets/aceaas/appConInstanceID) export appConClientID=$(cat /run/secrets/aceaas/appConClientID) export appConApiKey=$(cat /run/secrets/aceaas/appConApiKey) diff --git a/tekton/aceaas/41-ibmint-aceaas-config-task.yaml b/tekton/aceaas/41-ibmint-aceaas-config-task.yaml index 005927e..ce3fdb7 100644 --- a/tekton/aceaas/41-ibmint-aceaas-config-task.yaml +++ b/tekton/aceaas/41-ibmint-aceaas-config-task.yaml @@ -14,6 +14,8 @@ spec: type: string - name: buildImage type: string + - name: appConEndpoint + type: string - name: deployPrefix type: string - name: barURL @@ -46,7 +48,7 @@ spec: unset LD_LIBRARY_PATH set -e # Fail on error - export appConEndpoint=$(cat /run/secrets/aceaas/appConEndpoint) + export appConEndpoint=$(params.appConEndpoint) export appConInstanceID=$(cat /run/secrets/aceaas/appConInstanceID) export appConClientID=$(cat /run/secrets/aceaas/appConClientID) export appConApiKey=$(cat /run/secrets/aceaas/appConApiKey) @@ -154,7 +156,7 @@ spec: unset LD_LIBRARY_PATH set -e # Fail on error - export appConEndpoint=$(cat /run/secrets/aceaas/appConEndpoint) + export appConEndpoint=$(params.appConEndpoint) export appConInstanceID=$(cat /run/secrets/aceaas/appConInstanceID) export appConClientID=$(cat /run/secrets/aceaas/appConClientID) export appConApiKey=$(cat /run/secrets/aceaas/appConApiKey) diff --git a/tekton/aceaas/aceaas-pipeline-run.yaml b/tekton/aceaas/aceaas-pipeline-run.yaml index 44edd21..b0611fa 100644 --- a/tekton/aceaas/aceaas-pipeline-run.yaml +++ b/tekton/aceaas/aceaas-pipeline-run.yaml @@ -1,13 +1,9 @@ apiVersion: tekton.dev/v1beta1 kind: PipelineRun metadata: - # Can use generated names with kubectl create; follow logs with "tkn pipeline logs aceaas-pipeline -f" to - # avoid needing a fixed name. - #generateName: aceaas-pipeline-run- - + generateName: aceaas-pipeline-run- # Fixed name allows "tkn pr delete aceaas-pipeline-run-1 -f ; kubectl apply -f tekton/aceaas/aceaas-pipeline-run.yaml ; tkn pr logs aceaas-pipeline-run-1 -f" - # which has a slightly nicer log format. - name: aceaas-pipeline-run-1 + #name: aceaas-pipeline-run-1 spec: serviceAccountName: ace-tekton-service-account pipelineRef: @@ -26,3 +22,6 @@ spec: value: "tdolby" - name: createConfiguration value: "true" + - name: appConEndpoint + # US East default + value: "api.p-vir-c1.appconnect.automation.ibm.com" diff --git a/tekton/aceaas/aceaas-pipeline.yaml b/tekton/aceaas/aceaas-pipeline.yaml index e166f8e..820fde9 100644 --- a/tekton/aceaas/aceaas-pipeline.yaml +++ b/tekton/aceaas/aceaas-pipeline.yaml @@ -14,6 +14,9 @@ spec: type: string - name: deployPrefix type: string + - name: appConEndpoint + type: string + default: "api.p-vir-c1.appconnect.automation.ibm.com" - name: createConfiguration type: string default: "false" @@ -30,6 +33,8 @@ spec: value: $(params.buildImage) - name: deployPrefix value: $(params.deployPrefix) + - name: appConEndpoint + value: $(params.appConEndpoint) - name: create-config-and-runtime taskRef: name: aceaas-create-config-and-runtime @@ -40,6 +45,8 @@ spec: value: $(params.revision) - name: buildImage value: $(params.buildImage) + - name: appConEndpoint + value: $(params.appConEndpoint) - name: deployPrefix value: $(params.deployPrefix) - name: barURL diff --git a/tekton/minimal-image-build/README.md b/tekton/minimal-image-build/README.md index aa7b16c..5590446 100644 --- a/tekton/minimal-image-build/README.md +++ b/tekton/minimal-image-build/README.md @@ -71,7 +71,7 @@ and proceed through the pages until the main download page with a link: The link is likely to be of the form ``` -https://iwm.dhe.ibm.com/sdfdl/v2/regs2/mbford/Xa.2/Xb.WJL1cUPI9gANEhP8GuPD_qX1rj6x5R4yTUM7s_C2ue8/Xc.12.0.10.0-ACE-LINUX64-DEVELOPER.tar.gz/Xd./Xf.LpR.D1vk/Xg.12164875/Xi.swg-wmbfd/XY.regsrvs/XZ.pPVETUejcqPsVfDVKbdNu6IRpo4TkyKu/12.0.10.0-ACE-LINUX64-DEVELOPER.tar.gz +https://iwm.dhe.ibm.com/sdfdl/v2/regs2/mbford/Xa.2/Xb.WJL1cUPI9gANEhP8GuPD_qX1rj6x5R4yTUM7s_C2ue8/Xc.12.0.11.0-ACE-LINUX64-DEVELOPER.tar.gz/Xd./Xf.LpR.D1vk/Xg.12164875/Xi.swg-wmbfd/XY.regsrvs/XZ.pPVETUejcqPsVfDVKbdNu6IRpo4TkyKu/12.0.11.0-ACE-LINUX64-DEVELOPER.tar.gz ``` Copy that link into the aceDownloadUrl parameter, adjusting the version numbers in the other files as needed. @@ -84,8 +84,8 @@ image and push it to the registry: kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml kubectl apply -f tekton/minimal-image-build/01-ace-minimal-image-build-and-push-task.yaml kubectl apply -f tekton/minimal-image-build/ace-minimal-image-pipeline.yaml -kubectl apply -f tekton/minimal-image-build/ace-minimal-image-pipeline-run.yaml -tkn pipelinerun logs ace-minimal-image-pipeline-run-1 -f +kubectl create -f tekton/minimal-image-build/ace-minimal-image-pipeline-run.yaml +tkn pipelinerun logs -L -f ``` The ace-minimal-build-image-pipeline builds not only the ace-minimal-build image but also @@ -95,8 +95,8 @@ kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/latest/ kubectl apply -f tekton/minimal-image-build/01-ace-minimal-image-build-and-push-task.yaml kubectl apply -f tekton/minimal-image-build/02-ace-minimal-build-image-build-and-push-task.yaml kubectl apply -f tekton/minimal-image-build/ace-minimal-build-image-pipeline.yaml -kubectl apply -f tekton/minimal-image-build/ace-minimal-build-image-pipeline-run.yaml -tkn pipelinerun logs ace-minimal-build-image-pipeline-run-1 -f +kubectl create -f tekton/minimal-image-build/ace-minimal-build-image-pipeline-run.yaml +tkn pipelinerun logs -L -f ``` ## OpenShift diff --git a/tekton/minimal-image-build/ace-minimal-build-image-pipeline-run.yaml b/tekton/minimal-image-build/ace-minimal-build-image-pipeline-run.yaml index 910002e..fb5447b 100644 --- a/tekton/minimal-image-build/ace-minimal-build-image-pipeline-run.yaml +++ b/tekton/minimal-image-build/ace-minimal-build-image-pipeline-run.yaml @@ -1,7 +1,9 @@ apiVersion: tekton.dev/v1beta1 kind: PipelineRun metadata: - name: ace-minimal-build-image-pipeline-run-1 + generateName: ace-minimal-build-image-pipeline-run- + # Fixed name allows "tkn pr delete ace-minimal-build-image-pipeline-run-1 -f ; kubectl apply -f tekton/ace-minimal-build-image-pipeline-run.yaml ; tkn pr logs ace-minimal-build-image-pipeline-run-1 -f" + #name: ace-minimal-build-image-pipeline-run-1 spec: serviceAccountName: ace-tekton-service-account # Use this instead if building in a CP4i environment diff --git a/tekton/minimal-image-build/ace-minimal-image-pipeline-run.yaml b/tekton/minimal-image-build/ace-minimal-image-pipeline-run.yaml index 3884a13..d4c4ad2 100644 --- a/tekton/minimal-image-build/ace-minimal-image-pipeline-run.yaml +++ b/tekton/minimal-image-build/ace-minimal-image-pipeline-run.yaml @@ -1,7 +1,9 @@ apiVersion: tekton.dev/v1beta1 kind: PipelineRun metadata: - name: ace-minimal-image-pipeline-run-1 + generateName: ace-minimal-image-pipeline-run- + # Fixed name allows "tkn pr delete ace-minimal-image-pipeline-run-1 -f ; kubectl apply -f tekton/ace-minimal-image-pipeline-run.yaml ; tkn pr logs ace-minimal-image-pipeline-run-1 -f" + #name: ace-minimal-image-pipeline-run-1 spec: serviceAccountName: ace-tekton-service-account # Use this instead if building in a CP4i environment diff --git a/tekton/minimal-image-build/apply-yaml.sh b/tekton/minimal-image-build/apply-yaml.sh index 25fae2e..1c523cc 100755 --- a/tekton/minimal-image-build/apply-yaml.sh +++ b/tekton/minimal-image-build/apply-yaml.sh @@ -20,4 +20,4 @@ echo "Use ${YAMLDIR}/ace-minimal-build-image-pipeline-run.yaml to build both ima echo echo "Example command sequence to run the pipeline and show the Tekton logs:" echo -echo "kubectl apply -f ${YAMLDIR}/ace-minimal-build-image-pipeline-run.yaml ; tkn pr logs ace-minimal-build-image-pipeline-run-1 -f" \ No newline at end of file +echo "kubectl create -f ${YAMLDIR}/ace-minimal-build-image-pipeline-run.yaml ; tkn pr logs -L -f" \ No newline at end of file diff --git a/tekton/os/ace-pipeline-run.yaml b/tekton/os/ace-pipeline-run.yaml deleted file mode 100644 index a241a3f..0000000 --- a/tekton/os/ace-pipeline-run.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: tekton.dev/v1beta1 -kind: PipelineRun -metadata: - name: ace-pipeline-run-1 -spec: - serviceAccountName: ace-tekton-service-account - pipelineRef: - name: ace-pipeline - params: - - name: dockerRegistry - value: "image-registry.openshift-image-registry.svc.cluster.local:5000/default" -# - name: buildImage -# value: "ace-minimal-build:12.0.10.0-alpine-java11" -# - name: runtimeImage -# value: "ace-minimal:12.0.10.0-alpine-java11" diff --git a/tekton/os/cp4i/12-ibmint-cp4i-build-task.yaml b/tekton/os/cp4i/12-ibmint-cp4i-build-task.yaml index 7876db6..41b3626 100644 --- a/tekton/os/cp4i/12-ibmint-cp4i-build-task.yaml +++ b/tekton/os/cp4i/12-ibmint-cp4i-build-task.yaml @@ -119,7 +119,8 @@ spec: securityContext: runAsUser: 0 # Needed for hostPath volumes on OpenShift - privileged: true + # Must also change cp4i-scc.yaml + #privileged: true capabilities: add: ["CHOWN", "DAC_OVERRIDE","FOWNER","SETFCAP","SETGID","SETUID"] # specifying DOCKER_CONFIG is required to allow buildah to detect docker credential @@ -212,7 +213,8 @@ spec: securityContext: runAsUser: 0 # Needed for hostPath volumes on OpenShift - privileged: true + # Must also change cp4i-scc.yaml + #privileged: true capabilities: add: ["CHOWN", "DAC_OVERRIDE","FOWNER","SETFCAP","SETGID","SETUID"] # specifying DOCKER_CONFIG is required to allow buildah to detect docker credential diff --git a/tekton/os/cp4i/Dockerfile b/tekton/os/cp4i/Dockerfile index 713ac43..dfced4f 100644 --- a/tekton/os/cp4i/Dockerfile +++ b/tekton/os/cp4i/Dockerfile @@ -2,7 +2,7 @@ # Licensed under the MIT license (see LICENSE for details) #FROM tdolby/experimental:ace-minimal-11.0.0.11-alpine -ARG BASE_IMAGE=ace-server-prod:12.0.10.0-r1 +ARG BASE_IMAGE=ace-server-prod:12.0.11.0-r1 FROM $BASE_IMAGE # Used for tekton and Maven containers diff --git a/tekton/os/cp4i/README.md b/tekton/os/cp4i/README.md index be83996..add4a8e 100644 --- a/tekton/os/cp4i/README.md +++ b/tekton/os/cp4i/README.md @@ -58,18 +58,19 @@ kubectl --namespace openshift-image-registry port-forward --address 0.0.0.0 svc/ ``` at which point the OpenShift registry will be accessible from localhost:5000. -As an example, the following sequence would tage the 12.0.10.0-r1 image and upload to the registry: +As an example, the following sequence would tage the 12.0.11.0-r1 image and upload to the registry: ``` -docker pull cp.icr.io/cp/appc/ace-server-prod@sha256:d0e4347ce61007aaba0242e26ac5f0dc82296cfbc59857170c7059e2f4e4b4fc -docker tag cp.icr.io/cp/appc/ace-server-prod@sha256:d0e4347ce61007aaba0242e26ac5f0dc82296cfbc59857170c7059e2f4e4b4fc image-registry.openshift-image-registry.svc.cluster.local:5000/default/ace-server-prod:12.0.10.0-r1 -docker push image-registry.openshift-image-registry.svc.cluster.local:5000/default/ace-server-prod:12.0.10.0-r1 +docker pull cp.icr.io/cp/appc/ace-server-prod@sha256:6a317b9b057c3ad433dd447c4ff929c6b0af1c9c6e2bcc4d7bab4989e3c95cca +docker tag cp.icr.io/cp/appc/ace-server-prod@sha256:6a317b9b057c3ad433dd447c4ff929c6b0af1c9c6e2bcc4d7bab4989e3c95cca + image-registry.openshift-image-registry.svc.cluster.local:5000/default/ace-server-prod:12.0.11.0-r1 +docker push image-registry.openshift-image-registry.svc.cluster.local:5000/default/ace-server-prod:12.0.11.0-r1 ``` Note that the ACE operator often uses the version-and-date form of the image tag when creating containers, which would also work; the following tags refer to the same image: ``` -cp.icr.io/cp/appc/ace-server-prod:12.0.10.0-r1-20231023-073732 -cp.icr.io/cp/appc/ace-server-prod@sha256:d0e4347ce61007aaba0242e26ac5f0dc82296cfbc59857170c7059e2f4e4b4fc +cp.icr.io/cp/appc/ace-server-prod:12.0.11.1-r1-20240125-170703 +cp.icr.io/cp/appc/ace-server-prod@sha256:6a317b9b057c3ad433dd447c4ff929c6b0af1c9c6e2bcc4d7bab4989e3c95cca ``` Configurations need to be created for the JDBC credentials (teajdbc-policy and teajdbc) and default policy project name @@ -95,14 +96,8 @@ kubectl apply -f tekton/os/cp4i/cp4i-pipeline.yaml ``` and to run the pipeline ``` -kubectl apply -f tekton/os/cp4i/cp4i-pipeline-run.yaml -tkn pipelinerun -n cp4i logs cp4i-pipeline-run-1 -f -``` - -If the Tekton pipeline tasks fail to start with image pull errors saying "authentication needed", it may be -necessary to pull the containers onto the node being used for the build; creating the "force pull" pod may resolve this: -``` -kubectl apply -f tekton/os/cp4i/force-pull-cp4i.yaml +kubectl create -f tekton/os/cp4i/cp4i-pipeline-run.yaml +tkn pipelinerun -n cp4i logs -L -f ``` ## Results diff --git a/tekton/os/cp4i/apply-yaml.sh b/tekton/os/cp4i/apply-yaml.sh new file mode 100755 index 0000000..d455c8f --- /dev/null +++ b/tekton/os/cp4i/apply-yaml.sh @@ -0,0 +1,27 @@ +#!/bin/bash + +# Assumes the current shell has oc in PATH, is logged in, and has +# the correct namespace set as default. + +# We might be run from the root of the repo or from the subdirectory +export YAMLDIR=`dirname $0` + +set -e # Exit on error +set -x # Show what we're doing + + +oc apply -f ${YAMLDIR}/cp4i-scc.yaml +oc apply -f ${YAMLDIR}/service-account-cp4i.yaml +oc adm policy add-scc-to-user cp4i-scc -n cp4i -z cp4i-tekton-service-account +oc apply -f ${YAMLDIR}/12-ibmint-cp4i-build-task.yaml +oc apply -f ${YAMLDIR}/13-component-test-in-cp4i-task.yaml +oc apply -f ${YAMLDIR}/22-deploy-to-cp4i-task.yaml +oc apply -f ${YAMLDIR}/cp4i-pipeline.yaml + +set +x +echo "Success; the pipeline can now be run after the *-run.yaml files are customized." +echo "Use ${YAMLDIR}/cp4i-pipeline-run.yaml to run the CP4i pipeline. " +echo +echo "Example command sequence to run the pipeline and show the Tekton logs:" +echo +echo "oc create -f ${YAMLDIR}/cp4i-pipeline-run.yaml ; tkn pr logs -L -f" diff --git a/tekton/os/cp4i/cp4i-pipeline-run.yaml b/tekton/os/cp4i/cp4i-pipeline-run.yaml index 74f6089..48f737d 100644 --- a/tekton/os/cp4i/cp4i-pipeline-run.yaml +++ b/tekton/os/cp4i/cp4i-pipeline-run.yaml @@ -1,7 +1,7 @@ apiVersion: tekton.dev/v1beta1 kind: PipelineRun metadata: - name: cp4i-pipeline-run-1 + generateName: cp4i-pipeline-run- namespace: cp4i spec: serviceAccountName: cp4i-tekton-service-account @@ -15,7 +15,7 @@ spec: - name: revision value: "main" - name: buildImage - #value: "cp.icr.io/cp/appc/ace:12.0.11.0-r1" - value: "image-registry.openshift-image-registry.svc.cluster.local:5000/default/ace-minimal-build:12.0.11.0-alpine" + value: "cp.icr.io/cp/appc/ace:12.0.11.0-r1" + #value: "image-registry.openshift-image-registry.svc.cluster.local:5000/default/ace-minimal-build:12.0.11.0-alpine" - name: runtimeBaseImage value: "image-registry.openshift-image-registry.svc.cluster.local:5000/default/ace-server-prod:12.0.11.1-r1-20240125-170703" diff --git a/tekton/os/cp4i/cp4i-pipeline.yaml b/tekton/os/cp4i/cp4i-pipeline.yaml index 3c2d81e..68b4066 100644 --- a/tekton/os/cp4i/cp4i-pipeline.yaml +++ b/tekton/os/cp4i/cp4i-pipeline.yaml @@ -17,7 +17,7 @@ spec: - name: buildImage type: string default: "cp.icr.io/cp/appc/ace:12.0.11.0-r1" - #default: "image-registry.openshift-image-registry.svc.cluster.local:5000/default/ace-minimal-build:12.0.10.0-alpine" + #default: "image-registry.openshift-image-registry.svc.cluster.local:5000/default/ace-minimal-build:12.0.11.0-alpine" - name: runtimeBaseImage type: string default: "cp.icr.io/cp/appc/ace-server-prod:12.0.11.1-r1-20240125-170703" diff --git a/tekton/os/force-pull-of-images.yaml b/tekton/os/force-pull-of-images.yaml index 63e590f..1c4f7d9 100644 --- a/tekton/os/force-pull-of-images.yaml +++ b/tekton/os/force-pull-of-images.yaml @@ -6,12 +6,12 @@ spec: containers: - name: force-pull-base imagePullPolicy: Always - image: image-registry.openshift-image-registry.svc.cluster.local:5000/default/ace-minimal:12.0.10.0-alpine + image: image-registry.openshift-image-registry.svc.cluster.local:5000/default/ace-minimal:12.0.11.0-alpine command: ["sleep"] args: ["100"] - name: force-pull-build imagePullPolicy: Always - image: image-registry.openshift-image-registry.svc.cluster.local:5000/default/ace-minimal-build:12.0.10.0-alpine + image: image-registry.openshift-image-registry.svc.cluster.local:5000/default/ace-minimal-build:12.0.11.0-alpine command: ["sleep"] args: ["100"] restartPolicy: Never diff --git a/tekton/temp-db2/14-ibmint-ace-build-temp-db2-task.yaml b/tekton/temp-db2/14-ibmint-ace-build-temp-db2-task.yaml index 633b942..3a8c054 100644 --- a/tekton/temp-db2/14-ibmint-ace-build-temp-db2-task.yaml +++ b/tekton/temp-db2/14-ibmint-ace-build-temp-db2-task.yaml @@ -211,8 +211,8 @@ spec: - mountPath: /work name: work - name: docker-build-and-push - #image: quay.io/buildah/stable:v1 - image: registry.redhat.io/rhel8/buildah:8.9-5 + image: quay.io/buildah/stable:v1 + #image: registry.redhat.io/rhel8/buildah:8.9-5 securityContext: runAsUser: 0 # Needed for hostPath volumes on OpenShift