Putting the PR in draft while working on the following error:

Failed with error service level URLs (https://updatesjenkinsio.file.core.windows.net) are not supported in sync:

Found the culprit!

https://updatesjenkinsio.file.core.windows.net/: service level URL, not working.

https://updatesjenkinsio.file.core.windows.net/updates-jenkins-io: file share URL, working as intended.

I'm updating the corresponding credentials on trusted.ci.jenkins.io, and will put the PR in ready for review afterward.

Work in progress on this branch for now: https://github.com/jenkins-infra/update-center2/blob/pr-745/site/publish.sh

I'll report the changes here when the tests will be conclusive.

we now need to launch a mirrorbits scan ID or mirrorbits scan -all (Scan all mirrors at once) through kubectl to trigger a scan after rsync/azsync/awssync

we now need to launch a mirrorbits scan ID or mirrorbits scan -all (Scan all mirrors at once) through kubectl to trigger a scan after rsync/azsync/awssync

Update: kubectl is now installed

@daniel-beck @Wadeck @MarkEWaite @timja this PR is ready for review.

I've put every new operations behind an opt-in flag, to be set to optin as env var on the job to sync both updates.jenkins.io and azure.updates.jenkins.io.

After approval and before merging, we intend to make a backup of updates.jenkins.io JSONs from pkg.origin.jenkins.io VM (maybe a daily one), and a snapshot of the disk where the update-center2 job cache is stored.

The only change expected to this PR is the addition of an az login with a service principal followed by an az storage share generate-sas so the SAS token used to manipulate the file share will be short lived and revocable.

Ref:

• [INFRA-3100] Migrate updates.jenkins.io to another Cloud helpdesk#2649 (comment)

Related:

• Check if we could replace blobxfer by azcopy helpdesk#3414 (comment)

The only change expected to this PR is the addition of an az login with a service principal followed by an az storage share generate-sas so the SAS token used to manipulate the file share will be short lived and revocable.

The change will be similar to jenkins-infra/crawler#144, tested on trusted.ci.jenkins.io with our PoC job in the pr-745 branch:

https://trusted.ci.jenkins.io:1443/job/update_center_test_lemeurherve_helpdesk2649/job/test-update-center-pr-745/153/console

Sourcing the script won't be needed with jenkins-infra/jenkins-infra#3323 as it will be directly executable from /usr/local/bin, in the $PATH.

I'm waiting for jenkins-infra/jenkins-infra#3323 to be approved and merged before pushing it here so this PR remains valid in the mean time.

I'm waiting for jenkins-infra/jenkins-infra#3323 to be approved and merged before pushing it here so this PR remains valid in the mean time.

Corresponding change pushed: ebfac65

I need to add an AzureServicePrincipal credentials to the update-center2 freestyle job, with the expected environment variable names like https://github.com/jenkins-infra/crawler/blob/a846b4e4ef7088f732c25e369ef56ab05bf1e77e/Jenkinsfile#L74-L77

I've also fixed the kubectl call by updating mirrorbits pod name pattern in 6261823

I need to add an AzureServicePrincipal credentials to the update-center2 freestyle job, with the expected environment variable names like https://github.com/jenkins-infra/crawler/blob/a846b4e4ef7088f732c25e369ef56ab05bf1e77e/Jenkinsfile#L74-L77

Credentials configured in update_center job on trusted.ci.jenkins.io.

This pull request is complete and mergeable, ready for review.