In order to continue the work on https://fedoraproject.org/wiki/Changes/IoTArtifactsWithOSBuild, we need koji-osbuild installed in production Koji. The configuration should be the same as in staging Brew, I can provide more details if needed.
Metadata Update from @zlopez: - Issue priority set to: Waiting on Assignee (was: Needs Review) - Issue tagged with: medium-gain, medium-trouble, ops
Meeting set June 2nd 11:00 UTC to work through this task with @mobrien and @scoady
Btw, the osbuildImage task type is not shown in the list of methods when listing all tasks. That might be something worth fixing when deploying to prod. Thanks!
<img alt="noOsbuildImage.png" src="/fedora-infrastructure/issue/raw/files/88e62b91cc4764528257628c7051091ce497825075fd1ac60ea11c5ded322671-noOsbuildImage.png" />
We have put the plugins on the builder/hub and rpms + confs and it didn't work as expected. We will continue to look at it on Tuesday
Does there need to be a DB update done?
The osbuild Image tasks are now being successfully picked up by the builders but the Image Builder api can't be reached as the koji builders do not have internet access.
This is done in iptables for the builders. Just need to add a OUTPUT rule for this service (if we know what ip/network).
As this is an Elastic load balancer in AWS it will not have a reliable IP address so we will likely need a proxy on one side
I have asked the image builder folks if they could look at providing a static IP address through a Network Load Balancer or Accelerator in AWS. They will investigate and get back to us
Metadata Update from @kevin: - Issue tagged with: blocked
The current plan is to see if we can just deploy a pair of builders that only take osbuild jobs to talk to the api, and allow those to reach out to the api...
To do that we need to either: confirm we can only install the kojid plugin on a few builders and they will get all the osbuild jobs or find out if there's a 'method' or other koji hub policy we can use to direct those jobs to only a few builders.
So, that plan didn't work out, the next plan was to have a small script update the firewall on builders and keep the current ip of the api/identity urls reachable.
I did that and it's deployed and I think working.
✗ koji osbuild-image Fedora-Cloud-Base 35 fedora-35 f35-candidate x86_64 --repo 'http://download.fedoraproject.org/pub/fedora/linux/releases/35/Everything/$arch/os/' --image-type guest-image --release 2022072802 name: Fedora-Cloud-Base version: 35 distro: fedora-35 arches: x86_64 target: f35-candidate image types ['guest-image'] {'release': '2022072802', 'repo': ['http://download.fedoraproject.org/pub/fedora/linux/releases/35/Everything/$arch/os/']} Created task: 90410860 Task info: https://koji.fedoraproject.org/koji/taskinfo?taskID=90410860 Watching tasks (this may be safely interrupted)... 90410860 osbuildImage (noarch): free 90410860 osbuildImage (noarch): free -> open (buildvm-x86-04.iad2.fedoraproject.org) 90410860 osbuildImage (noarch): open (buildvm-x86-04.iad2.fedoraproject.org) -> closed 0 free 0 open 1 done 0 failed 90410870 tagBuild (noarch): closed 90410860 osbuildImage (noarch) completed successfully {'composer': {'server': 'https://api.openshift.com/', 'id': '9095ea2c-508d-4734-a504-6579e1cb6e81'}, 'koji': {'build': 2041196}}
I'm not sure the next steps here now... I guess we need to setup a repo and add IoT compose info to it and get it calling composer? Is that something to track here, or elsewhere?
On the osbuild-side, everything seems to be done. @pbrobinson, I think it's your turn now to continue the switch.
This is done from the infra perspective as builds work
Metadata Update from @mobrien: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.