OSAC-854: add nightly vmaas snapshot build job

ci-operator/config/osac-project/osac-test-infra/osac-project-osac-test-infra-main.yaml

@@ -67,6 +67,23 @@ tests:
   - intranet
   steps:
     workflow: osac-project-cluster-tool-vmaas
+- as: snapshot-vmaas
+  capabilities:
+  - intranet
+  cron: 0 2 * * *
+  steps:
+    cluster_profile: packet-assisted
+    env:
+      ASSISTED_CONFIG: |
+        OLM_OPERATORS=cnv,lvm
+        NUM_MASTERS=1
+        NUM_WORKERS=0
+        MASTER_MEMORY=65536
+        MASTER_DISK_COUNT=2
+        MASTER_DISK=200000000000
+        MASTER_CPU=24
+        OPENSHIFT_VERSION=4.20
+    workflow: osac-project-cluster-tool-snapshot-vmaas
 - as: e2e-metal-vmaas-compute-instance-creation
   capabilities:
   - intranet

ci-operator/jobs/osac-project/osac-test-infra/osac-project-osac-test-infra-main-periodics.yaml

@@ -679,3 +679,88 @@ periodics:
     - name: result-aggregator
       secret:
         secretName: result-aggregator
+- agent: kubernetes
+  cluster: build03
+  cron: 0 2 * * *
+  decorate: true
+  decoration_config:
+    sparse_checkout_files:
+    - Containerfile
+  extra_refs:
+  - base_ref: main
+    org: osac-project
+    repo: osac-test-infra
+    sparse_checkout_files:
+    - Containerfile
+  labels:
+    capability/intranet: intranet
+    ci-operator.openshift.io/cloud: packet-edge
+    ci-operator.openshift.io/cloud-cluster-profile: packet-assisted
+    ci.openshift.io/generator: prowgen
+    job-release: "4.20"
+    pj-rehearse.openshift.io/can-be-rehearsed: "true"
+  name: periodic-ci-osac-project-osac-test-infra-main-snapshot-vmaas
+  spec:
+    containers:
+    - args:
+      - --gcs-upload-secret=/secrets/gcs/service-account.json
+      - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson
+      - --lease-server-credentials-file=/etc/boskos/credentials
+      - --report-credentials-file=/etc/report/credentials
+      - --secret-dir=/secrets/ci-pull-credentials
+      - --target=snapshot-vmaas
+      command:
+      - ci-operator
+      env:
+      - name: HTTP_SERVER_IP
+        valueFrom:
+          fieldRef:
+            fieldPath: status.podIP
+      image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest
+      imagePullPolicy: Always
+      name: ""
+      ports:
+      - containerPort: 8080
+        name: http
+      resources:
+        requests:
+          cpu: 10m
+      volumeMounts:
+      - mountPath: /etc/boskos
+        name: boskos
+        readOnly: true
+      - mountPath: /secrets/ci-pull-credentials
+        name: ci-pull-credentials
+        readOnly: true
+      - mountPath: /secrets/gcs
+        name: gcs-credentials
+        readOnly: true
+      - mountPath: /secrets/manifest-tool
+        name: manifest-tool-local-pusher
+        readOnly: true
+      - mountPath: /etc/pull-secret
+        name: pull-secret
+        readOnly: true
+      - mountPath: /etc/report
+        name: result-aggregator
+        readOnly: true
+    serviceAccountName: ci-operator
+    volumes:
+    - name: boskos
+      secret:
+        items:
+        - key: credentials
+          path: credentials
+        secretName: boskos-credentials
+    - name: ci-pull-credentials
+      secret:
+        secretName: ci-pull-credentials
+    - name: manifest-tool-local-pusher
+      secret:
+        secretName: manifest-tool-local-pusher
+    - name: pull-secret
+      secret:
+        secretName: registry-pull-credentials
+    - name: result-aggregator
+      secret:
+        secretName: result-aggregator

ci-operator/step-registry/osac-project/cluster-tool/snapshot-vmaas/OWNERS

@@ -0,0 +1,4 @@
+approvers:
+  - osac-cicd
+reviewers:
+  - osac-cicd

ci-operator/step-registry/osac-project/cluster-tool/snapshot-vmaas/osac-project-cluster-tool-snapshot-vmaas-workflow.metadata.json

@@ -0,0 +1,11 @@
+{
+	"path": "osac-project/cluster-tool/snapshot-vmaas/osac-project-cluster-tool-snapshot-vmaas-workflow.yaml",
+	"owners": {
+		"approvers": [
+			"osac-cicd"
+		],
+		"reviewers": [
+			"osac-cicd"
+		]
+	}
+}

ci-operator/step-registry/osac-project/cluster-tool/snapshot-vmaas/osac-project-cluster-tool-snapshot-vmaas-workflow.yaml

@@ -0,0 +1,23 @@
+workflow:
+  as: osac-project-cluster-tool-snapshot-vmaas
+  steps:
+    cluster_profile: packet-assisted
+    allow_best_effort_post_steps: true
+    pre:
+      - ref: ofcir-acquire
+      - ref: assisted-ofcir-setup
+      - chain: assisted-common-pre
+      - ref: osac-project-installer
+    test:
+      - ref: osac-project-cluster-tool-snapshot
+    post:
+      - ref: osac-project-gather
+      - ref: ofcir-gather
+      - ref: ofcir-release
+    env:
+      CLUSTERTYPE: "assisted_large_el9"
+  documentation: |-
+    Provisions a baremetal cluster via assisted-installer, installs OSAC,
+    then snapshots the cluster using cluster-tool and pushes the snapshot
+    OCI image to a container registry. Used as a nightly job to keep the
+    snapshot current for presubmit cluster-tool boot jobs.

ci-operator/step-registry/osac-project/cluster-tool/snapshot/OWNERS

@@ -0,0 +1,4 @@
+approvers:
+  - osac-cicd
+reviewers:
+  - osac-cicd

ci-operator/step-registry/osac-project/cluster-tool/snapshot/osac-project-cluster-tool-snapshot-commands.sh

@@ -0,0 +1,61 @@
+#!/bin/bash
+
+set -o nounset
+set -o errexit
+set -o pipefail
+
+echo "************ cluster-tool snapshot ************"
+echo "CLUSTER_TOOL_COMMIT: ${CLUSTER_TOOL_COMMIT}"
+echo "SNAPSHOT_REGISTRY: ${SNAPSHOT_REGISTRY}"
+echo "SNAPSHOT_TAG: ${SNAPSHOT_TAG}"
+echo "-------------------------------------------"
+
+FLAVOR_NAME="${SNAPSHOT_TAG}"
+QUAY_USER=$(cat /var/run/vault/osac-quay-creds/user)
+
+QUAY_PASS=$(cat /var/run/vault/osac-quay-creds/password)
+
+timeout -s 9 90m ssh -F "${SHARED_DIR}/ssh_config" ci_machine bash -s \
+    "${CLUSTER_TOOL_COMMIT}" \
+    "${SNAPSHOT_REGISTRY}" \
+    "${SNAPSHOT_TAG}" \
+    "${FLAVOR_NAME}" \
+    "${QUAY_USER}" \
+    "${QUAY_PASS}" \
+    <<'REMOTE_EOF'
+set -euo pipefail
+
+COMMIT="$1"
+REGISTRY="$2"
+TAG="$3"
+FLAVOR="$4"
+QUAY_USER="$5"
+QUAY_PASS="$6"
+
+echo "=== Installing cluster-tool ==="
+curl -fsSL "https://raw.githubusercontent.com/omer-vishlitzky/cluster-tool/${COMMIT}/cluster-tool" \
+    -o /usr/local/bin/cluster-tool
+chmod +x /usr/local/bin/cluster-tool
+
+echo "=== Setting up cluster-tool ==="
+python3 /usr/local/bin/cluster-tool connect ci --host local --data-path /home/cluster-tool
+
+echo "=== Discovering cluster ID ==="
+CLUSTER_ID=$(virsh list --name | grep test-infra-cluster | sed 's/test-infra-cluster-//;s/-master-0//' | head -1)
+[[ -z "${CLUSTER_ID}" ]] && echo "ERROR: No running test-infra cluster found" && exit 1
+echo "Found cluster ID: ${CLUSTER_ID}"
+
+echo "=== Creating snapshot ==="
+python3 /usr/local/bin/cluster-tool snapshot --name "${FLAVOR}" --source "${CLUSTER_ID}"
+
+echo "=== Authenticating to registry ==="
+printf '%s' "${QUAY_PASS}" | podman login "$(echo "${REGISTRY}" | cut -d/ -f1)" \
+    -u "${QUAY_USER}" --password-stdin
+
+echo "=== Pushing snapshot ==="
+python3 /usr/local/bin/cluster-tool push "${FLAVOR}" --registry "${REGISTRY}" --tag "${TAG}"
+
+echo "=== Snapshot push complete ==="
+REMOTE_EOF
+
+echo "Snapshot step finished successfully."

ci-operator/step-registry/osac-project/cluster-tool/snapshot/osac-project-cluster-tool-snapshot-ref.metadata.json

@@ -0,0 +1,11 @@
+{
+	"path": "osac-project/cluster-tool/snapshot/osac-project-cluster-tool-snapshot-ref.yaml",
+	"owners": {
+		"approvers": [
+			"osac-cicd"
+		],
+		"reviewers": [
+			"osac-cicd"
+		]
+	}
+}

ci-operator/step-registry/osac-project/cluster-tool/snapshot/osac-project-cluster-tool-snapshot-ref.yaml

@@ -0,0 +1,29 @@
+ref:
+  as: osac-project-cluster-tool-snapshot
+  from: dev-scripts
+  grace_period: 10m
+  timeout: 2h0m0s
+  commands: osac-project-cluster-tool-snapshot-commands.sh
+  resources:
+    requests:
+      cpu: 100m
+      memory: 200Mi
+  credentials:
+  - namespace: test-credentials
+    name: osac-quay-creds
+    mount_path: /var/run/vault/osac-quay-creds
+  env:
+  - name: CLUSTER_TOOL_COMMIT
+    default: "main"
+    documentation: cluster-tool git ref to download (branch, tag, or commit)
+  - name: SNAPSHOT_REGISTRY
+    default: "quay.io/rh-ee-ovishlit/cluster-flavors"
+    documentation: Container registry and repository to push the snapshot to
+  - name: SNAPSHOT_TAG
+    default: "osac-vmaas"
+    documentation: Tag for the pushed snapshot image
+  documentation: |-
+    Snapshots a running OSAC cluster using cluster-tool and pushes the
+    resulting OCI image to a container registry. Expects the cluster to
+    have been provisioned by assisted-installer and OSAC installed via
+    osac-project-installer in a prior step.