platform/azure: add kola/ore commands for Azure #771
Conversation
arithx
changed the title
|
Marking WIP until I can perform additional testing (have been hitting an error |
arithx
force-pushed
the
kola-azure
branch
2 times, most recently
from
de84589
to
4b02752
Compare
arithx
changed the title
|
All tests that aren't excluded are now passing. Unmarking as WIP. Good to review. |
|
@dm0- that works on Azure, testing on other platforms currently and if everything is passing I'll push the change |
arithx
force-pushed
the
kola-azure
branch
2 times, most recently
from
5e2a257
to
7df68b4
Compare
|
Updates are pushed and this is ready for review. I've tested all of the new ARM based functionality but do not have access to the ASM creds to test those components (the old ore commands & plume). |
|
@dm0- in the updated locksmith TLS tests I've changed them to generate the cert into |
auth/azure.go
Outdated
| @@ -148,3 +168,25 @@ func ReadAzureProfile(path string) (*AzureProfile, error) { | |||
|
|
|||
| return &ap, nil | |||
| } | |||
|
|
|||
| func DecodeUtfbomFile(contents []byte) ([]byte, error) { | |||
There was a problem hiding this comment.
There was a problem hiding this comment.
We already have dimchansky/utfbom as a vendored dependency because of Azure, switching to x/text/encoding/unicode will also require x/text/transform neither of which are currently vendored.
Do you have a preference between the two?
| return fmt.Errorf("unable to fetch release bucket %v version: %v", a.opts.Sku, err) | ||
| } | ||
|
|
||
| scanner := bufio.NewScanner(resp.Body) |
There was a problem hiding this comment.
I think I remember seeing parsing this format somewhere else. Should break that out into a util package or something after this PR.
platform/machine/azure/cluster.go
Outdated
| if err != nil { | ||
| return nil, err | ||
| } | ||
| ac.sshKey = keys[0].String() |
There was a problem hiding this comment.
is keys always going to have at least 1 element?
There was a problem hiding this comment.
I believe so, when a new SSH agent (which is what the Keys function is listing) is created a key is always generated (see NewSSHAgent in network/ssh.go). We're also doing this same direct access of keys[0] in DigitalOcean.
| @@ -59,17 +59,23 @@ func init() { | |||
| ] | |||
| } | |||
| }`) | |||
|
|
|||
| // These tests are disabled on Azure because the hostname | |||
There was a problem hiding this comment.
Maybe list the disabled tests in the commit message
README.md
Outdated
| ``` | ||
| $ az login` | ||
| ``` | ||
| It also requires that the environment variable `AZURE_AUTH_LOCATION` points to a JSON file. The JSON file will require a service provider active directory account to be created. |
There was a problem hiding this comment.
Can mantle set this if it's unset so users do not need to?
There was a problem hiding this comment.
I could either add a parameter that points to this and/or make a standardized location for it and handle that if it's not already present.
But as it's user generated and not used by anything other than Microsoft/go-autorest there isn't currently a standardized location.
There was a problem hiding this comment.
I'd say just pick one and go with it, needing to set an environment variable to run kola is a pain.
There was a problem hiding this comment.
@bgilbert: do you have a preference?
There was a problem hiding this comment.
One thing I'd add about setting this environment variable is that there isn't going to be a good way to Unset the environment variable. We tend to do platform specific configuration inside of the Cluster or API but those do not provide sufficient points for deferred cleanup of an environment variable.
There was a problem hiding this comment.
IIRC environment vars should die with the process.
| The JSON file exported to the variable `AZURE_AUTH_LOCATION` should be generated by hand and have the following contents: | ||
| ``` | ||
| { | ||
| "clientId": "<service provider id>", |
There was a problem hiding this comment.
should note this is from the az ad sp create-for-rbac
arithx
force-pushed
the
kola-azure
branch
3 times, most recently
from
1134022
to
f29b0eb
Compare
|
Update pushed |
cmd/ore/azure/azure.go
Outdated
| @@ -42,6 +43,7 @@ func init() { | |||
|
|
|||
| sv := Azure.PersistentFlags().StringVar | |||
| sv(&azureProfile, "azure-profile", "", "Azure Profile json file") | |||
| sv(&azureAuth, "azure-auth", "", "Azure auth location") | |||
There was a problem hiding this comment.
can we default this to something like .azure/credentials.json. I don't really care what, but we should have a canonical location so kola runs with azure don't need special args/envs
arithx
force-pushed
the
kola-azure
branch
4 times, most recently
from
cb358d9
to
637504d
Compare
|
Updates pushed
|
|
Made a small change to the |
|
rebased & updated |
| ac.sshKey = af.FakeSSHKey | ||
| } | ||
|
|
||
| ac.ResourceGroup, err = af.api.CreateResourceGroup("kola-cluster") |
There was a problem hiding this comment.
I'm going to open up an issue once this PR merges for moving the creation of the Resource Group & Storage Account into the Flight. It would have required a non-insignificant amount of refactoring to include in this change set, as such to reduce review complexity (@ajeddeloh has reviewed this code previously) I've left it as is.
There was a problem hiding this comment.
Looks sane at a high level! Will let @ajeddeloh do a final more informed ACK.
auth/azure.go
Outdated
| ) | ||
|
|
||
| const AzureProfilePath = ".azure/azureProfile.json" | ||
| // A version of the Options struct from platform/api/azure that only | ||
| // contains the ASM values. Otherwise there's a cyclical depdendency |
| Azure.AddCommand(cmdCreateImageARM) | ||
| } | ||
|
|
||
| func runCreateImageARM(cmd *cobra.Command, args []string) error { |
There was a problem hiding this comment.
I was really confused for a sec and thought Azure supported ARM.
There was a problem hiding this comment.
Yeah ARM (Azure Resource Manager) can be a confusing name when looking from our usual scope.
arithx
force-pushed
the
kola-azure
branch
2 times, most recently
from
110ec5f
to
a108da6
Compare
|
I tested the ARM functionality here end to end with @arithx earlier today. It LGTM and, in fact, is absolutely essential for us to push images to Azure using the type of credentials available to us these days. Put more bluntly, without this, the existing azure implementation is not useful for COSA/RHCOS/FCOS. Any effort to get this merged quickly would be greatly appreciated. (cc: @yuqi-zhang ) |
| @@ -18,14 +18,39 @@ import ( | |||
| "bytes" | |||
There was a problem hiding this comment.
Tiny nit: s/form/from/ in commit message.
platform/machine/azure/flight.go
Outdated
| @@ -0,0 +1,119 @@ | |||
| // Copyright 2016 CoreOS, Inc. | |||
There was a problem hiding this comment.
Should probably only have RH
| package azure | ||
|
|
||
| import ( | ||
| "fmt" |
There was a problem hiding this comment.
\n between go standard library and other imports
Bump the version fo the azure SDK to get required functionality for later PRs & add additional sections used by the kola API for testing.
Creates an Options struct inside of auth/azure which contains the ASM options. These are still present inside of the platform/api/azure/options struct but removes the dependency on platform/api/azure from auth/azure. This allows the azure API to call ReadAzureProfile inside of the New function.
GenerateFakeKey was added for DigitalOcean but it is now needed by Azure as well. Move it to a centralized area and update Digitalocean to use the new location.
Adds the Azure cluster. For each cluster a resource group will be created inside of Azure which is removed at the end of the clusters lifecycle (ensuring resource cleanup). The Azure API requires that all machines are given an SSH key, if the test is specifically not providing an SSH key the cluster will generate a fake key via the platform/util function GenerateFakeKey.
Updates the existing Azure API to have methods for spawning new instances, images, etc. for use with kola testing.
Adds a new version of the create-image & upload-blob commands which use ARM credentials (Azure AD service providers), as well as a GC command to clean up resource groups.
The Azure SDK requires a hostname to be set via the API during machine creation and then overwrites the hostname post-boot via wa-agent. Update the metadata/contents test to only validate COREOS_AZURE_IPV4_DYNAMIC as the machines being created are not behind a load balancer. The disabled tests on Azure are: - coreos.ignition.v1.sethostname - coreos.ignition.v2.sethostname - coreos.install.cloudinit - linux.nfs.v3 - linux.nfs.v4 - systemd.journal.remote
Updates the coreos.locksmith.tls test to use a seperate configuration file for SSL rather than overwriting the default. On Azure overwriting the default SSL config breaks wa-agent.
The updated New call for the API takes the API options which contains the auth based options inside of them.
|
Comments addressed |
Add support for Azure to kola and add additional ore commands utilizing the ARM API.