Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Konflux(ROX-22195): Install RHEL RPMs with subscription manager workaround #1573

Merged
merged 114 commits into from
Feb 29, 2024
Merged
Show file tree
Hide file tree
Changes from 5 commits
Commits
Show all changes
114 commits
Select commit Hold shift + click to select a range
7ff08c8
add custom Dockerfile for rhtap
tommartensen Oct 16, 2023
1c6a49d
Red Hat Trusted App Pipeline update collector (#1367)
red-hat-konflux[bot] Oct 16, 2023
69200d7
RHTAP: fix workspace size for checkouts (#1368)
tommartensen Oct 16, 2023
7410e30
broken dnf installs
tommartensen Oct 17, 2023
4399cad
Update RHTAP references (#1375)
red-hat-konflux[bot] Oct 19, 2023
37b0c74
Update RHTAP references (#1378)
red-hat-konflux[bot] Oct 23, 2023
80d6c38
use centos instead of ubi images
tommartensen Oct 25, 2023
8cc0a9a
Merge branch 'tm/rhtap-onboarding' of github.com:stackrox/collector i…
tommartensen Oct 25, 2023
8b4d052
Update RHTAP references (#1387)
red-hat-konflux[bot] Nov 6, 2023
3a55302
Merge branch 'master' into tm/rhtap-onboarding
tommartensen Nov 6, 2023
6945989
update pipelines
tommartensen Nov 6, 2023
a1811d5
increase storage for shared volume in pipeline
tommartensen Nov 6, 2023
157b8d0
falco submodule
tommartensen Nov 6, 2023
b26118c
update TODOs and LABELs
tommartensen Nov 6, 2023
807015c
restore falco
tommartensen Nov 6, 2023
6ade98a
clean up
tommartensen Nov 9, 2023
0d4cef0
Red Hat Trusted App Pipeline update collector-slim (#1414)
red-hat-konflux[bot] Nov 9, 2023
1ea2eb2
rename collector -> collector-slim
tommartensen Nov 9, 2023
3db110e
finish up
tommartensen Nov 13, 2023
56abbd3
Merge branch 'master' into tm/rhtap-onboarding
tommartensen Nov 13, 2023
346e7a4
fix build after rebase
tommartensen Nov 13, 2023
49f6bcd
Update RHTAP references (#1415)
red-hat-konflux[bot] Nov 13, 2023
f4d9d03
more oomph
tommartensen Nov 13, 2023
4f2e97e
Merge branch 'tm/rhtap-onboarding' of github.com:stackrox/collector i…
tommartensen Nov 13, 2023
a225b95
Update RHTAP references (#1420)
red-hat-konflux[bot] Nov 14, 2023
a8c55ee
attempt with default buildah size
tommartensen Nov 14, 2023
4f41bb5
fix task ref
tommartensen Nov 14, 2023
7ec670a
Update RHTAP references (#1421)
red-hat-konflux[bot] Nov 14, 2023
3957e05
Update RHTAP references (#1422)
red-hat-konflux[bot] Nov 15, 2023
a7bff4d
RHTAP Onboarding: 2nd attempt (#1425)
tommartensen Nov 17, 2023
e2bf0b3
move dockerfile
tommartensen Nov 20, 2023
b1eea97
emptyg
tommartensen Nov 20, 2023
780e997
disable prefetch-input
tommartensen Nov 20, 2023
bb8cfa8
remove guard on prefetch-dependencies task
tommartensen Nov 20, 2023
f4512eb
clean up Dockerfile
tommartensen Nov 20, 2023
119ff0a
add CODEOWNERS
tommartensen Nov 20, 2023
4c57a27
Merge branch 'master' into tm/rhtap-onboarding
tommartensen Nov 21, 2023
156c0e1
rename Dockerfile for slim
tommartensen Nov 21, 2023
6b393ab
Update RHTAP references (#1444)
red-hat-konflux[bot] Nov 27, 2023
3f5a901
Update .tekton/collector-slim-pull-request.yaml
tommartensen Nov 27, 2023
b867082
some recommendations from PR
tommartensen Nov 27, 2023
e3ea3cc
restrict pipeline for *rhtap* branches
tommartensen Nov 28, 2023
f62607e
cleanup
tommartensen Dec 4, 2023
ce0f293
Update RHTAP references (#1452)
red-hat-konflux[bot] Dec 4, 2023
fc214da
empty
tommartensen Dec 4, 2023
5adbce7
empty to check new pod limits
tommartensen Dec 4, 2023
9e2bcb1
Update RHTAP references (#1455)
red-hat-konflux[bot] Dec 5, 2023
ac2e9d8
empty commit
tommartensen Dec 5, 2023
8d41a38
test with CPU limits
tommartensen Dec 5, 2023
0710d12
Update RHTAP references (#1463)
red-hat-konflux[bot] Dec 6, 2023
cc2fd34
Update RHTAP references (#1464)
red-hat-konflux[bot] Dec 11, 2023
7a5b8a1
Update RHTAP references (#1467)
red-hat-konflux[bot] Dec 12, 2023
05a86d4
update Dockerfile with midstream changes
tommartensen Dec 12, 2023
bc4405f
Merge branch 'tm/rhtap-onboarding' of github.com:stackrox/collector i…
tommartensen Dec 12, 2023
bda0de0
Apply suggestions from code review
tommartensen Dec 12, 2023
bc5cf90
Merge branch 'master' into tm/rhtap-onboarding
tommartensen Dec 12, 2023
d44cd27
Merge branch 'tm/rhtap-onboarding' of github.com:stackrox/collector i…
tommartensen Dec 12, 2023
fb4ded4
fix comment
tommartensen Dec 12, 2023
1541146
Update RHTAP references (#1471)
red-hat-konflux[bot] Dec 13, 2023
0fbf75f
setup Snyk for collector
tommartensen Dec 13, 2023
be05ea1
bump to get green RHTAP CI
tommartensen Dec 13, 2023
4801067
empty commit for retrigger
tommartensen Dec 14, 2023
6b38abe
Update RHTAP references (#1474)
red-hat-konflux[bot] Dec 18, 2023
de9d423
Update RHTAP references (#1477)
red-hat-konflux[bot] Dec 20, 2023
9178b08
Update RHTAP references (#1478)
red-hat-konflux[bot] Jan 3, 2024
11e5321
add source image build task
tommartensen Jan 3, 2024
e66d192
test enabled builds
tommartensen Jan 3, 2024
ce6314a
fix workspaces
tommartensen Jan 3, 2024
ea19451
hack the rpm installation
tommartensen Jan 3, 2024
cbd01bc
skip cleanup
tommartensen Jan 3, 2024
86278b0
bodge
tommartensen Jan 3, 2024
f0099d9
add the three dependencies that are RHEL RPM only
tommartensen Jan 3, 2024
d6d4e6a
empty commit
tommartensen Jan 3, 2024
b3d216d
fix missing dependency installation
tommartensen Jan 3, 2024
8bd5588
give it a shot w/ the midstream Dockerfile
tommartensen Jan 4, 2024
242bfc0
fix installations in second stage by using ubi-nomrla
tommartensen Jan 4, 2024
fc6fc25
empty commit
tommartensen Jan 4, 2024
2a0117e
Merge branch 'master' into tm/rhtap-onboarding
tommartensen Jan 4, 2024
6681437
Merge branch 'tm/rhtap-onboarding' into tm/rhtap-dnf-enablement
tommartensen Jan 4, 2024
c84c61b
inject collector_version
tommartensen Jan 4, 2024
7bf4bdc
empty commit
tommartensen Jan 4, 2024
1fed215
empty to retrigger
tommartensen Jan 11, 2024
2acdd3e
format according to collector team's preferences
tommartensen Jan 11, 2024
8afcd6d
try with a ubi-minimal final stage
tommartensen Jan 11, 2024
902307e
fix last stage
tommartensen Jan 11, 2024
42207c9
empty
tommartensen Jan 15, 2024
e0d3640
Merge branch 'master' into tm/rhtap-dnf-enablement
tommartensen Jan 19, 2024
7bdaf04
Merge branch 'master' into tm/rhtap-dnf-enablement
tommartensen Feb 22, 2024
923b6f6
update subscription-manager-bro.sh script
tommartensen Feb 22, 2024
3572405
use scratch instead for final stage
tommartensen Feb 22, 2024
20050e5
fix
tommartensen Feb 22, 2024
a564841
2nd part
tommartensen Feb 22, 2024
ad7fb33
fix kernel-modules directory
tommartensen Feb 22, 2024
53b88d9
empty commit
tommartensen Feb 26, 2024
a00eb62
empty
tommartensen Feb 26, 2024
37dcf9e
add missing labels
tommartensen Feb 26, 2024
23d4abc
rename stage
tommartensen Feb 27, 2024
49c9860
cosmetic reorder
tommartensen Feb 27, 2024
5728876
rename script .rhtap -> .konflux
tommartensen Feb 27, 2024
e56e81a
port changes to all tekton pipelines
tommartensen Feb 27, 2024
82f3846
reduce builder to single stage
tommartensen Feb 27, 2024
cd34e5f
Revert "reduce builder to single stage"
tommartensen Feb 27, 2024
f1e1666
update full Dockerfile
tommartensen Feb 27, 2024
5520ffa
make the shfmt linter happy
tommartensen Feb 27, 2024
b447995
register
tommartensen Feb 27, 2024
08f069d
desperation
tommartensen Feb 27, 2024
ae2ff4f
remove gitignore
tommartensen Feb 27, 2024
dc1144e
Merge branch 'master' into tm/konflux-scratch-final-stage
tommartensen Feb 27, 2024
8aa4c0e
make rhtap maintainers owners of the konflux dir
tommartensen Feb 27, 2024
bb164dd
Update .tekton/collector-pull-request.yaml
tommartensen Feb 28, 2024
79d1c99
apply suggestion for workspace path
tommartensen Feb 28, 2024
c41368a
make prefetch and custom tasks run in parallel
tommartensen Feb 28, 2024
2eadede
link instead of copy; remove redundant info
tommartensen Feb 28, 2024
87f70d2
use a staging dir to avoid overriding existing content in builder image
tommartensen Feb 28, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions .tekton/collector-pull-request.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -238,14 +238,14 @@ spec:
# TODO(ROX-20651): use content sets instead of subscription manager for access to RHEL RPMs once available.
- name: smuggle-activation-key
image: registry.access.redhat.com/ubi8/ubi:latest
script: exec /workspace/source/source/.konflux/scripts/subscription-manager-bro.sh smuggle
script: exec "$(workspaces.source.path)/source/.konflux/scripts/subscription-manager-bro.sh" smuggle

- name: prefetch-dependencies
params:
- name: input
value: $(params.prefetch-input)
runAfter:
- prepare-rhel-rpm-subscriptions
- clone-repository
taskRef:
params:
- name: name
Expand All @@ -261,7 +261,6 @@ spec:

- name: fetch-support-package
runAfter:
- init
- clone-repository
taskSpec:
steps:
Expand Down Expand Up @@ -294,8 +293,9 @@ spec:
- name: COMMIT_SHA
value: $(tasks.clone-repository.results.commit)
runAfter:
- prefetch-dependencies
- fetch-support-package
- prefetch-dependencies
- prepare-rhel-rpm-subscriptions
taskRef:
params:
- name: name
Expand Down
8 changes: 4 additions & 4 deletions .tekton/collector-push.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -238,14 +238,14 @@ spec:
# TODO(ROX-20651): use content sets instead of subscription manager for access to RHEL RPMs once available.
- name: smuggle-activation-key
image: registry.access.redhat.com/ubi8/ubi:latest
script: exec /workspace/source/source/.konflux/scripts/subscription-manager-bro.sh smuggle
script: exec "$(workspaces.source.path)/source/.konflux/scripts/subscription-manager-bro.sh" smuggle

- name: prefetch-dependencies
params:
- name: input
value: $(params.prefetch-input)
runAfter:
- prepare-rhel-rpm-subscriptions
- clone-repository
taskRef:
params:
- name: name
Expand All @@ -261,7 +261,6 @@ spec:

- name: fetch-support-package
runAfter:
- init
- clone-repository
taskSpec:
steps:
Expand Down Expand Up @@ -294,8 +293,9 @@ spec:
- name: COMMIT_SHA
value: $(tasks.clone-repository.results.commit)
runAfter:
- prefetch-dependencies
- fetch-support-package
- prefetch-dependencies
- prepare-rhel-rpm-subscriptions
taskRef:
params:
- name: name
Expand Down
18 changes: 9 additions & 9 deletions collector/container/konflux-slim.Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,9 @@ FROM scratch as builder

COPY --from=rpm-implanter-builder /mnt /

COPY . .
ARG SOURCES_DIR=/staging
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Optional, cosmetics, and up to you.

Suggested change
ARG SOURCES_DIR=/staging
ARG SOURCES_DIR=/src


COPY . ${SOURCES_DIR}

ARG BUILD_DIR
ARG SRC_ROOT_DIR=${BUILD_DIR}
Expand All @@ -57,12 +59,12 @@ ARG TRACE_SINSP_EVENTS=false
WORKDIR ${BUILD_DIR}

RUN mkdir kernel-modules \
&& cp -a /builder builder \
&& cp -a /collector collector \
&& cp -a /falcosecurity-libs falcosecurity-libs \
&& cp -a /builder/third_party third_party \
&& cp -a /kernel-modules/MODULE_VERSION kernel-modules/MODULE_VERSION \
&& cp -a /CMakeLists.txt CMakeLists.txt
&& cp -a ${SOURCES_DIR}/builder builder \
&& ln -s builder/third_party third_party \
&& cp -a ${SOURCES_DIR}/collector collector \
&& cp -a ${SOURCES_DIR}/falcosecurity-libs falcosecurity-libs \
&& cp -a ${SOURCES_DIR}/kernel-modules/MODULE_VERSION kernel-modules/MODULE_VERSION \
&& cp -a ${SOURCES_DIR}/CMakeLists.txt CMakeLists.txt

# WITH_RHEL_RPMS controls for dependency installation, ie if they were already installed as RPMs.
ENV WITH_RHEL_RPMS=true
Expand All @@ -87,8 +89,6 @@ RUN ./builder/install/install-dependencies.sh && \

# Application
FROM registry.access.redhat.com/ubi8/ubi-minimal:latest AS ubi-minimal
# The installer must be ubi (not minimal) and must be 8.9 or later since the earlier versions complain:
# subscription-manager is disabled when running inside a container. Please refer to your host system for subscription management.
FROM ubi-normal AS rpm-implanter-app
msugakov marked this conversation as resolved.
Show resolved Hide resolved

COPY --from=ubi-minimal / /mnt
Expand Down
18 changes: 9 additions & 9 deletions collector/container/konflux.Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,9 @@ FROM scratch as builder

COPY --from=rpm-implanter-builder /mnt /

COPY . .
ARG SOURCES_DIR=/staging
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Optional, cosmetics, and up to you.

Suggested change
ARG SOURCES_DIR=/staging
ARG SOURCES_DIR=/src

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the chances of a directory in ubi existing called /src are slightly higher than /staging, so let's keep it like that.


COPY . ${SOURCES_DIR}

ARG BUILD_DIR
ARG SRC_ROOT_DIR=${BUILD_DIR}
Expand All @@ -57,12 +59,12 @@ ARG TRACE_SINSP_EVENTS=false
WORKDIR ${BUILD_DIR}

RUN mkdir kernel-modules \
&& cp -a /builder builder \
&& cp -a /collector collector \
&& cp -a /falcosecurity-libs falcosecurity-libs \
&& cp -a /builder/third_party third_party \
&& cp -a /kernel-modules/MODULE_VERSION kernel-modules/MODULE_VERSION \
&& cp -a /CMakeLists.txt CMakeLists.txt
&& cp -a ${SOURCES_DIR}/builder builder \
&& ln -s builder/third_party third_party \
&& cp -a ${SOURCES_DIR}/collector collector \
&& cp -a ${SOURCES_DIR}/falcosecurity-libs falcosecurity-libs \
&& cp -a ${SOURCES_DIR}/kernel-modules/MODULE_VERSION kernel-modules/MODULE_VERSION \
&& cp -a ${SOURCES_DIR}/CMakeLists.txt CMakeLists.txt

# WITH_RHEL_RPMS controls for dependency installation, ie if they were already installed as RPMs.
ENV WITH_RHEL_RPMS=true
Expand Down Expand Up @@ -125,8 +127,6 @@ RUN if [[ "$(ls -A /kernel-modules)" == "" ]]; then \

# Application
FROM registry.access.redhat.com/ubi8/ubi-minimal:latest AS ubi-minimal
# The installer must be ubi (not minimal) and must be 8.9 or later since the earlier versions complain:
# subscription-manager is disabled when running inside a container. Please refer to your host system for subscription management.
FROM ubi-normal AS rpm-implanter-app

COPY --from=ubi-minimal / /mnt
Expand Down
Loading