Add telco5g sriov job with double interface

ci-operator/config/openshift/sriov-network-operator/openshift-sriov-network-operator-release-4.21.yaml

@@ -332,6 +332,47 @@ tests:
           memory: 200Mi
       timeout: 4h0m0s
     workflow: telco5g-sno-ztp-cnf
+- as: operator-e2e-sriov-sno
+  steps:
+    cluster_profile: aws
+    dependencies:
+      OO_INDEX: ci-index-operator-bundle
+    env:
+      OO_CHANNEL: alpha
+      OO_INSTALL_NAMESPACE: openshift-sriov-network-operator
+      OO_PACKAGE: sriov-network-operator
+      OO_TARGET_NAMESPACES: '!install'
+    post:
+    - ref: telco5g-delete-interface
+    test:
+    - ref: telco5g-add-interface
+    - as: start-sriov-operator
+      cli: latest
+      commands: |
+        oc apply -f - <<EOF
+        apiVersion: sriovnetwork.openshift.io/v1
+        kind: SriovOperatorConfig
+        metadata:
+          name: default
+          namespace: openshift-sriov-network-operator
+        spec:
+          enableInjector: true
+          enableOperatorWebhook: true
+          logLevel: 2
+        EOF
+      from: src
+      resources:
+        requests:
+          cpu: 100m
+          memory: 100Mi
+    - as: e2e
+      commands: make test-e2e-validation-only
+      from: src
+      resources:
+        requests:
+          cpu: 100m
+          memory: 200Mi
+    workflow: optional-operators-ci-aws-sno
 zz_generated_metadata:
   branch: release-4.21
   org: openshift

ci-operator/jobs/openshift/sriov-network-operator/openshift-sriov-network-operator-release-4.21-presubmits.yaml

@@ -661,6 +661,78 @@ presubmits:
         secret:
           secretName: result-aggregator
     trigger: (?m)^/test( | .* )operator-e2e,?($|\s.*)
+  - agent: kubernetes
+    always_run: true
+    branches:
+    - ^release-4\.21$
+    - ^release-4\.21-
+    cluster: build03
+    context: ci/prow/operator-e2e-sriov-sno
+    decorate: true
+    labels:
+      ci-operator.openshift.io/cloud: aws
+      ci-operator.openshift.io/cloud-cluster-profile: aws
+      ci.openshift.io/generator: prowgen
+      pj-rehearse.openshift.io/can-be-rehearsed: "true"
+    name: pull-ci-openshift-sriov-network-operator-release-4.21-operator-e2e-sriov-sno
+    rerun_command: /test operator-e2e-sriov-sno
+    spec:
+      containers:
+      - args:
+        - --gcs-upload-secret=/secrets/gcs/service-account.json
+        - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson
+        - --lease-server-credentials-file=/etc/boskos/credentials
+        - --report-credentials-file=/etc/report/credentials
+        - --secret-dir=/secrets/ci-pull-credentials
+        - --target=operator-e2e-sriov-sno
+        command:
+        - ci-operator
+        image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest
+        imagePullPolicy: Always
+        name: ""
+        resources:
+          requests:
+            cpu: 10m
+        volumeMounts:
+        - mountPath: /etc/boskos
+          name: boskos
+          readOnly: true
+        - mountPath: /secrets/ci-pull-credentials
+          name: ci-pull-credentials
+          readOnly: true
+        - mountPath: /secrets/gcs
+          name: gcs-credentials
+          readOnly: true
+        - mountPath: /secrets/manifest-tool
+          name: manifest-tool-local-pusher
+          readOnly: true
+        - mountPath: /etc/pull-secret
+          name: pull-secret
+          readOnly: true
+        - mountPath: /etc/report
+          name: result-aggregator
+          readOnly: true
+      serviceAccountName: ci-operator
+      volumes:
+      - name: boskos
+        secret:
+          items:
+          - key: credentials
+            path: credentials
+          secretName: boskos-credentials
+      - name: ci-pull-credentials
+        secret:
+          secretName: ci-pull-credentials
+      - name: manifest-tool-local-pusher
+        secret:
+          secretName: manifest-tool-local-pusher
+      - name: pull-secret
+        secret:
+          secretName: registry-pull-credentials
+      - name: result-aggregator
+        secret:
+          secretName: result-aggregator
+    trigger: (?m)^/test( | .* )operator-e2e-sriov-sno,?($|\s.*)
   - agent: kubernetes
     always_run: true
     branches:

ci-operator/step-registry/telco5g/add-interface/OWNERS

@@ -0,0 +1,8 @@
+approvers:
+- yuvalk
+- sshnaidm
+- lack
+- fedepaol
+- SchSeba
+- Sandeepyadav93
+- jzding

ci-operator/step-registry/telco5g/add-interface/telco5g-add-interface-commands.sh

@@ -0,0 +1,111 @@
+#!/bin/bash
+
+set -o nounset
+set -o errexit
+set -o pipefail
+
+echo "************ telco5g add-interface command ************"
+
+# Use AWS credentials from the cluster profile
+export AWS_SHARED_CREDENTIALS_FILE="${CLUSTER_PROFILE_DIR}/.awscred"
+
+# Install AWS CLI
+curl -sL "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o /tmp/awscli.zip
+unzip -o /tmp/awscli.zip -d /tmp/
+/tmp/aws/install --install-dir /tmp/aws-cli --bin-dir /tmp/bin
+export PATH="/tmp/bin:/tmp:${PATH}"
+aws --version
+
+# Install terraform
+TERRAFORM_VERSION="1.5.5"
+curl -sL "https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip" -o /tmp/terraform.zip
+unzip -o /tmp/terraform.zip -d /tmp/
+chmod +x /tmp/terraform
+terraform version
+
+# Discover the region and master instance
+INSTANCE_PREFIX="${NAMESPACE}"
+AWS_REGION=""
+MASTER_INSTANCE_ID=""
+for region in us-east-1 us-east-2 us-west-1 us-west-2; do
+  result=$(aws ec2 describe-instances \
+    --region "$region" \
+    --filters "Name=tag:Name,Values=${INSTANCE_PREFIX}*" \
+              "Name=instance-state-name,Values=running,stopped" \
+    --query 'Reservations[].Instances[].[InstanceId,Tags[?Key==`Name`].Value|[0],State.Name,Placement.AvailabilityZone]' \
+    --output text 2>/dev/null || true)
+  if [[ -n "$result" ]]; then
+    AWS_REGION="$region"
+    echo "Found instance(s) in region: ${AWS_REGION}"
+    echo "$result" | while read -r id name state az; do
+      echo "  Instance: ${id}  Name: ${name}  State: ${state}  AZ: ${az}"
+    done
+    # Select the instance with "master" in its name
+    MASTER_INSTANCE_ID=$(echo "$result" | awk '$2 ~ /master/ {print $1; exit}')
+    break
+  fi
+done
+
+if [[ -z "$AWS_REGION" ]]; then
+  echo "ERROR: Could not find instance with prefix '${INSTANCE_PREFIX}' in any US region"
+  exit 1
+fi
+
+if [[ -z "$MASTER_INSTANCE_ID" ]]; then
+  echo "ERROR: Could not find a master instance among the results"
+  exit 1
+fi
+
+echo "Selected master instance: ${MASTER_INSTANCE_ID}"
+
+# Save instance ID and region for the delete step
+echo "${MASTER_INSTANCE_ID}" > ${SHARED_DIR}/telco5g-instance-id
+echo "${AWS_REGION}" > ${SHARED_DIR}/telco5g-aws-region
+
+cat << EOF > ${SHARED_DIR}/main.tf
+provider "aws" {
+  region = "${AWS_REGION}"
+}
+
+variable "instance_id" {
+  description = "The EC2 instance ID to attach the secondary interface to"
+  type        = string
+}
+
+data "aws_instance" "target_instance" {
+  instance_id = var.instance_id
+}
+
+data "aws_subnet" "instance_subnet" {
+  id = data.aws_instance.target_instance.subnet_id
+}
+
+resource "aws_subnet" "secondary_subnet" {
+  vpc_id                  = data.aws_subnet.instance_subnet.vpc_id
+  cidr_block              = "10.0.250.0/24"
+  availability_zone       = data.aws_instance.target_instance.availability_zone
+  map_public_ip_on_launch = false
+  tags = {
+    Name = "secondary-subnet"
+  }
+}
+
+resource "aws_network_interface" "secondary_interface" {
+  subnet_id       = aws_subnet.secondary_subnet.id
+  private_ips     = ["10.0.250.10"]
+  tags = {
+    Name = "secondary-interface"
+  }
+}
+
+resource "aws_network_interface_attachment" "attach_interface" {
+  instance_id          = data.aws_instance.target_instance.id
+  network_interface_id = aws_network_interface.secondary_interface.id
+  device_index         = 1
+}
+
+EOF
+
+cd ${SHARED_DIR}
+terraform init
+terraform apply -auto-approve -var="instance_id=${MASTER_INSTANCE_ID}"

ci-operator/step-registry/telco5g/add-interface/telco5g-add-interface-ref.metadata.json

@@ -0,0 +1,14 @@
+{
+	"path": "telco5g/add-interface/telco5g-add-interface-ref.yaml",
+	"owners": {
+		"approvers": [
+			"yuvalk",
+			"sshnaidm",
+			"lack",
+			"fedepaol",
+			"SchSeba",
+			"Sandeepyadav93",
+			"jzding"
+		]
+	}
+}

ci-operator/step-registry/telco5g/add-interface/telco5g-add-interface-ref.yaml

@@ -0,0 +1,12 @@
+ref:
+  as: telco5g-add-interface
+  from: src
+  commands: telco5g-add-interface-commands.sh
+  resources:
+    requests:
+      cpu: 1000m
+      memory: 500Mi
+  timeout: 3h
+  documentation: |-
+    Run Terraform to add a secondary network interface to an AWS EC2 instance.
+    Requires a job with cluster_profile: aws to provide credentials.

ci-operator/step-registry/telco5g/delete-interface/OWNERS

@@ -0,0 +1,8 @@
+approvers:
+- yuvalk
+- sshnaidm
+- lack
+- fedepaol
+- SchSeba
+- Sandeepyadav93
+- jzding

ci-operator/step-registry/telco5g/delete-interface/telco5g-delete-interface-commands.sh

@@ -0,0 +1,32 @@
+#!/bin/bash
+
+set -o nounset
+set -o errexit
+set -o pipefail
+
+echo "************ telco5g delete-interface command ************"
+
+# Check if the add-interface step left state for us
+if [[ ! -f "${SHARED_DIR}/telco5g-instance-id" || ! -f "${SHARED_DIR}/telco5g-aws-region" ]]; then
+  echo "No terraform state from telco5g-add-interface found, skipping cleanup"
+  exit 0
+fi
+
+MASTER_INSTANCE_ID=$(cat "${SHARED_DIR}/telco5g-instance-id")
+AWS_REGION=$(cat "${SHARED_DIR}/telco5g-aws-region")
+echo "Destroying resources for instance ${MASTER_INSTANCE_ID} in ${AWS_REGION}"
+
+# Use AWS credentials from the cluster profile
+export AWS_SHARED_CREDENTIALS_FILE="${CLUSTER_PROFILE_DIR}/.awscred"
+
+# Install terraform
+TERRAFORM_VERSION="1.5.5"
+curl -sL "https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip" -o /tmp/terraform.zip
+unzip -o /tmp/terraform.zip -d /tmp/
+chmod +x /tmp/terraform
+export PATH="/tmp:${PATH}"
+terraform version
+
+cd ${SHARED_DIR}
+terraform init
+terraform destroy -auto-approve -var="instance_id=${MASTER_INSTANCE_ID}"

ci-operator/step-registry/telco5g/delete-interface/telco5g-delete-interface-ref.metadata.json

@@ -0,0 +1,14 @@
+{
+	"path": "telco5g/delete-interface/telco5g-delete-interface-ref.yaml",
+	"owners": {
+		"approvers": [
+			"yuvalk",
+			"sshnaidm",
+			"lack",
+			"fedepaol",
+			"SchSeba",
+			"Sandeepyadav93",
+			"jzding"
+		]
+	}
+}

ci-operator/step-registry/telco5g/delete-interface/telco5g-delete-interface-ref.yaml

@@ -0,0 +1,14 @@
+ref:
+  as: telco5g-delete-interface
+  from: src
+  best_effort: true
+  commands: telco5g-delete-interface-commands.sh
+  resources:
+    requests:
+      cpu: 1000m
+      memory: 500Mi
+  timeout: 30m
+  documentation: |-
+    Run Terraform destroy to remove the secondary network interface added by
+    telco5g-add-interface. Runs as best_effort so it does not block other
+    post steps if it fails.