Uploaded image for project: 'openstack-k8s'
  1. openstack-k8s
  2. OSPK8-613

[Spike] research U/S Prow -> D/S hosts tests execution using vpn

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Done
    • Icon: Major Major
    • OSPdO-QE-CI
    • None
    • False
    • None
    • False

      research U/S Prow -> D/S hosts tests execution using "tests vpn"

       

       

      Ask Test Platform Team a QuestionWORKFLOW  1 day ago

      @dptp-helpdesk, @Sandeep Yadav has asked a question:
      Topic:

      Other Topic

      Component(s):

      Prow installation in internal network

      Question:

      Hello o/,Need help with some queries:-* Is it possible to install Prow internally in the RH network? Or do we have an already existing PROW instance in the RH network?

       

      • What does it take to install PROW internally and how expensive is the maintenance/ any known security concerns?I came across [1] that prow only supports Github providers currently and I wonder if there are some other known issues which can hinder the deployment of prow in the internal network.Basically, we are brainstorming if it is possible to reuse the prow downstream so that we don't use two different build systems - Jenkins downstream and prow Upstream(Using a single system will allow us to add coverage closer to upstream and also give the flexibility to reuse CI code/jobs).
        Secondly, Having an internal PROW instance will enable us to trigger our PROW jobs on internal infra like PSI internal which I don't think is possible currently with Public Prow.Thanks for any pointers/suggestions on if it's a good/bad idea. Apologies if it's already been discussed previously or if this is not the correct platform to raise this. Appreciate it if you can point me to any previous discussion/person/blog which can help us with this information.

      Show 10 more replies
       
      jguzik  23 hours ago

      If you need privacy though, there is a possibility to have private repos or even org as my colleague @stephen mentioned.
      ----New
       
      bbguimaraes  23 hours ago

      If you completely control the target network, people found it easier to configure a direct connection from our build clusters to it.
       
      bbguimaraes  23 hours ago

      But yes, you can configure VPN connections for tests, see: https://docs.ci.openshift.org/docs/how-tos/adding-a-cluster-profile#vpn-connection.For private images, you'll need: https://docs.ci.openshift.org/docs/how-tos/external-images#mirror-private-images.
       
      !https://slack-imgs.com/?c=1&o1=wi32.he32.si&url=https%3A%2F%2Fdocs.ci.openshift.org%2Ffavicons%2Fapple-touch-icon-180x180.png|width=16,height=16!docs.ci.openshift.org
      Add a New Cluster Profile
      How to add a cluster profile to the test platform.
       
      !https://slack-imgs.com/?c=1&o1=wi32.he32.si&url=https%3A%2F%2Fdocs.ci.openshift.org%2Ffavicons%2Fapple-touch-icon-180x180.png|width=16,height=16!docs.ci.openshift.org
      Using External Images in CI
      How to mirror external images to the CI environments for use in jobs.
       
      Sandeep Yadav  21 hours ago

      @jguzik @bbguimaraes oh nice so we can configure VPN - thanks for info, we will checkout the docs.Do we have some existing tests/jobs which already configure VPN to run tests? Curious to know if this workflow(Configuring VPN in test) is already well tested. (edited) 
       
      Sandeep Yadav  21 hours ago

      @stephenI have some queries regarding your earlier comment:->> we also have some private gh repos for qe that have their own deck instance  and private bucket for their logs?* What it mean by own deck instance?

      What it mean by own deck instance?

      The frontend for prow: https://prow.ci.openshift.org/. We can create private instances of deck that are secured by oauth.

      How can we configure private bucket for logs?

      We would have to do that for you if it became necessary. We point your jobs at a different bucket. This is really just a necessary point to having a private deck instance. I suppose you could provide us with an SA for your own GCS bucket and we could utilize that, but with QE we maintain the bucket.
       
      jguzik  21 hours ago

       Do we have some existing tests/jobs which already configure VPN to run tests? Curious to know if this workflow(Configuring VPN in test) is already well tested.

      As far as I know, they are the only client right now: https://github.com/openshift/release/pull/27092 The feature is quite fresh.
       
      Sandeep Yadav  21 hours ago
      @stephen thanks it make more sense now.
       
       
      bbguimaraes  20 hours ago

      VPN connections have been in constant use in the Nutanix E2E jobs for a while now, e.g.: https://prow.ci.openshift.org/view/gs/origin-ci-test/pr-logs/pull/openshift_installer/5798/pull-ci-openshift-installer-master-e2e-nutanix/1557021185105989632.

      DPTP BotAPP  20 hours ago

      It looks like you mentioned a job result in your message. Here is some helpful information:
      e2e-nutanix:

      Resulting test pods: https://gcsweb-ci.apps.ci.l2s4.p1.openshiftapps.com/gcs/origin-ci-test/pr-logs/pull/openshift_installer/5798/pull-ci-openshift-installer-master-e2e-nutanix/1557021185105989632/artifacts/build-resources/pods.json.

      DPTP BotAPP  20 hours ago

      It looks like you mentioned a job result in your message. Here is some helpful information:
      e2e-nutanix:

      @bbguimaraes thanks! We will read the documentation and get back with queries. (if any)

              pkomarov pini komarov
              pkomarov pini komarov
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: