|
OpenShift Build and Usage Procedures |
[[TOC]]
What follows is a tutorial on how to build images on an OpenShift cluster in a three-step process
(base image, build artifact image, target image). Note that all image
streams/build configs assume the OC project/namespace oaicicd-ran.
If you want to regenerate images from modified sources, you have to rebuild the ran-build image. If you reinstalled dependencies, you have to restart from ran-base.
You first need to login. Do:
oc login -u <username> -p <password> --server <url>To build the RAN images, we use the codeready-builder-for-rhel-8-x86_64-rpms repository with all the proper development libraries.
This repository is not directly accessible from the UBI RHEL8 image (registry.access.redhat.com/ubi8/ubi:latest).
Therefore, we need to copy certificates and subscription manager configuration files from a registered RHEL8 machine.
on a RHEL8 physical machine (or a virtual machine) connected to the OpenShift Cluster, recover the entitlement and the RH subscription manager configs:
oc create configmap rhsm-conf --from-file /etc/rhsm/rhsm.conf
oc create configmap rhsm-ca --from-file /etc/rhsm/ca/redhat-uep.pem
oc create secret generic etc-pki-entitlement --from-file /etc/pki/entitlement/{NUMBER_ON_YOUR_COMPUTER}.pem --from-file /etc/pki/entitlement/{NUMBER_ON_YOUR_COMPUTER}-key.pemThese configmaps and secret will be shared by all the build configs in your OC project. No need to do it each time. However, these files expire every month or so. If you have done a build on your OC project and try again a few weeks later, you may need to re-copy them. (The CI recopies them every time.)
oc delete secret etc-pki-entitlement
oc delete cm rhsm-conf
oc delete cm rhsm-caCreate an image stream and build config that specify image properties and build parameters, then start the build:
oc create -f openshift/ran-base-is.yaml
oc create -f openshift/ran-base-bc.yaml
oc start-build ran-base --from-file=<oai-repo-directory> --followThe --from-file=<oai-repo-directory> uploads the repository (from which the
build is done) as a binary blob. It is therefore possible to make merges or
other (local) modifications and build an image.
The same as for the base image.
oc create -f openshift/ran-build-is.yaml
oc create -f openshift/ran-build-bc.yaml
oc start-build ran-build --from-file=<oai-repo-directory> --followThe same as for the base image:
oc create -f openshift/oai-gnb-is.yaml
oc create -f openshift/oai-gnb-bc.yaml
oc start-build oai-gnb --from-file=<oai-repo-directory> --followBuild artifacts, such as build logs, can be retrieved by checking the logs of
the individual build steps. For example, for the ran-build step, you can do:
oc logs ran-build-1-buildwhere ran-build-1-build is the name of the ran-build build (type oc get pods to get a list of all pods).
It is also possible to retrieve the build logs from a running pod. Currently,
this is only used for the ran-base step (the others using a python script to
scrape it from stdout):
oc create -f openshift/ran-base-log-retrieval.yaml
oc rsync ran-base-log-retrieval:/oai-ran/cmake_targets/log cmake_targets/log/ran-base
oc delete -f openshift/ran-base-log-retrieval.yamlThe images are uploaded into the OpenShift image registry. To download, login using podman, then pull an image:
oc whoami -t | sudo podman login -u <username> --password-stdin <url> --tls-verify=false
sudo podman pull <url>/oaicicd-ran/<image>:<tag> --tls-verify=false
sudo podman logout <url>The <image> could be oai-gnb, and the <tag> ci-temp.
Helm charts are located under charts. Assuming that the image is in the image
registry, the physims could be deployed as shown in the following steps:
grep -rl OAICICD_PROJECT ./charts/ | xargs sed -i -e "s#OAICICD_PROJECT#oaicicd-ran#" # select the correct project
sed -i -e "s#TAG#ci-temp#g" ./charts/physims/values.yaml # select the correct tag
helm install physim ./charts/physims/ # deploy
oc get pods # get the list of deployed containers
oc logs <pod> # inspect the logs of a pod
helm uninstall physim # undeploy