USHIFT-6152: Reenable FIPS scenarios

[ggiguash]

In RPM-based FIPS tests, we need to explicitly install CNI plugins because cri-o 1.34.z no longer has this dependency. Otherwise, podman calls fail with the following errors:

$ sudo podman run --rm --authfile /etc/crio/openshift-pull-secret --privileged -v /etc/crio/openshift-pull-secret:/root/.config/containers/auth.json registry.ci.openshift.org/ci/check-payload:latest scan operator --spec quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:fe0eaf3c9dd4275c3cde5f06afa69f9af87a8c85d315fe2ed896937efeb7b55c 
WARN[0000] Failed to load cached network config: network podman not found in CNI cache, falling back to loading network podman from disk 
WARN[0000] 1 error occurred:
        * plugin type="tuning" failed (delete): failed to find plugin "tuning" in path [/usr/local/libexec/cni /usr/libexec/cni /usr/local/lib/cni /usr/lib/cni /opt/cni/bin]
 
Error: plugin type="bridge" failed (add): failed to find plugin "bridge" in path [/usr/local/libexec/cni /usr/libexec/cni /usr/local/lib/cni /usr/lib/cni /opt/cni/bin]

[openshift-ci-robot]

@ggiguash: This pull request references USHIFT-6152 which is a valid jira issue.

Details

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[ggiguash]

/test ?

[openshift-ci]

@ggiguash: The following commands are available to trigger required jobs:

/test e2e-aws-ai-model-serving

/test e2e-aws-footprint-and-performance

/test e2e-aws-tests

/test e2e-aws-tests-arm

/test e2e-aws-tests-bootc

/test e2e-aws-tests-bootc-arm

/test e2e-aws-tests-bootc-periodic

/test e2e-aws-tests-bootc-periodic-arm

/test e2e-aws-tests-bootc-release

/test e2e-aws-tests-bootc-release-arm

/test e2e-aws-tests-bootc-upstream

/test e2e-aws-tests-bootc-upstream-arm

/test e2e-aws-tests-cache

/test e2e-aws-tests-cache-arm

/test e2e-aws-tests-periodic

/test e2e-aws-tests-periodic-arm

/test e2e-aws-tests-release

/test e2e-aws-tests-release-arm

/test ocp-full-conformance-rhel-eus

/test ocp-full-conformance-serial-rhel-eus

/test test-rpm

/test test-unit

/test verify

The following commands are available to trigger optional jobs:

/test images

/test security

/test test-rebase

Use /test all to run the following jobs that were automatically triggered:

pull-ci-openshift-microshift-main-e2e-aws-tests

pull-ci-openshift-microshift-main-e2e-aws-tests-arm

pull-ci-openshift-microshift-main-e2e-aws-tests-bootc

pull-ci-openshift-microshift-main-e2e-aws-tests-bootc-arm

pull-ci-openshift-microshift-main-e2e-aws-tests-bootc-periodic

pull-ci-openshift-microshift-main-e2e-aws-tests-bootc-periodic-arm

pull-ci-openshift-microshift-main-e2e-aws-tests-bootc-release

pull-ci-openshift-microshift-main-e2e-aws-tests-bootc-release-arm

pull-ci-openshift-microshift-main-e2e-aws-tests-periodic

pull-ci-openshift-microshift-main-e2e-aws-tests-periodic-arm

pull-ci-openshift-microshift-main-e2e-aws-tests-release

pull-ci-openshift-microshift-main-e2e-aws-tests-release-arm

pull-ci-openshift-microshift-main-images

pull-ci-openshift-microshift-main-security

pull-ci-openshift-microshift-main-test-unit

pull-ci-openshift-microshift-main-verify

Details

In response to this:

/test ?

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[ggiguash]

/test e2e-aws-tests-release
/test e2e-aws-tests-bootc-periodic
/test e2e-aws-tests-periodic

[ggiguash]

/test e2e-aws-tests-release
/test e2e-aws-tests-bootc-periodic
/test e2e-aws-tests-periodic

[ggiguash]

/test e2e-aws-tests-bootc

[openshift-ci-robot]

@ggiguash: This pull request references USHIFT-6152 which is a valid jira issue.

Details

In response to this:

In RPM-based FIPS tests, we need to explicitly install CNI plugins because cri-o 1.34.z no longer has this dependency. Otherwise, podman calls fail with the following errors:

$ sudo podman run --rm --authfile /etc/crio/openshift-pull-secret --privileged -v /etc/crio/openshift-pull-secret:/root/.config/containers/auth.json registry.ci.openshift.org/ci/check-payload:latest scan operator --spec quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:fe0eaf3c9dd4275c3cde5f06afa69f9af87a8c85d315fe2ed896937efeb7b55c 
WARN[0000] Failed to load cached network config: network podman not found in CNI cache, falling back to loading network podman from disk 
WARN[0000] 1 error occurred:
       * plugin type="tuning" failed (delete): failed to find plugin "tuning" in path [/usr/local/libexec/cni /usr/libexec/cni /usr/local/lib/cni /usr/lib/cni /opt/cni/bin]

Error: plugin type="bridge" failed (add): failed to find plugin "bridge" in path [/usr/local/libexec/cni /usr/libexec/cni /usr/local/lib/cni /usr/lib/cni /opt/cni/bin]

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[pacevedom]

/test ?

[openshift-ci]

@pacevedom: The following commands are available to trigger required jobs:

/test e2e-aws-ai-model-serving

/test e2e-aws-footprint-and-performance

/test e2e-aws-tests

/test e2e-aws-tests-arm

/test e2e-aws-tests-bootc

/test e2e-aws-tests-bootc-arm

/test e2e-aws-tests-bootc-periodic

/test e2e-aws-tests-bootc-periodic-arm

/test e2e-aws-tests-bootc-release

/test e2e-aws-tests-bootc-release-arm

/test e2e-aws-tests-bootc-upstream

/test e2e-aws-tests-bootc-upstream-arm

/test e2e-aws-tests-cache

/test e2e-aws-tests-cache-arm

/test e2e-aws-tests-periodic

/test e2e-aws-tests-periodic-arm

/test e2e-aws-tests-release

/test e2e-aws-tests-release-arm

/test ocp-full-conformance-rhel-eus

/test ocp-full-conformance-serial-rhel-eus

/test test-rpm

/test test-unit

/test verify

The following commands are available to trigger optional jobs:

/test images

/test security

/test test-rebase

Use /test all to run the following jobs that were automatically triggered:

pull-ci-openshift-microshift-main-e2e-aws-tests

pull-ci-openshift-microshift-main-e2e-aws-tests-arm

pull-ci-openshift-microshift-main-e2e-aws-tests-bootc

pull-ci-openshift-microshift-main-e2e-aws-tests-bootc-arm

pull-ci-openshift-microshift-main-e2e-aws-tests-bootc-periodic

pull-ci-openshift-microshift-main-e2e-aws-tests-bootc-periodic-arm

pull-ci-openshift-microshift-main-e2e-aws-tests-bootc-release

pull-ci-openshift-microshift-main-e2e-aws-tests-bootc-release-arm

pull-ci-openshift-microshift-main-e2e-aws-tests-periodic

pull-ci-openshift-microshift-main-e2e-aws-tests-periodic-arm

pull-ci-openshift-microshift-main-e2e-aws-tests-release

pull-ci-openshift-microshift-main-e2e-aws-tests-release-arm

pull-ci-openshift-microshift-main-images

pull-ci-openshift-microshift-main-security

pull-ci-openshift-microshift-main-test-unit

pull-ci-openshift-microshift-main-verify

Details

In response to this:

/test ?

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[pacevedom]

/test e2e-aws-tests-cache
/test e2e-aws-tests-cache-arm

[pacevedom]

/retest

[ggiguash]

The failed tests are not FIPS

/override ci/prow/e2e-aws-tests-bootc-release ci/prow/e2e-aws-tests-bootc-release-arm
/verified by CI

[openshift-ci-robot]

@ggiguash: This PR has been marked as verified by CI.

Details

In response to this:

The failed tests are not FIPS

/override ci/prow/e2e-aws-tests-bootc-release ci/prow/e2e-aws-tests-bootc-release-arm
/verified by CI

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci]

@ggiguash: Overrode contexts on behalf of ggiguash: ci/prow/e2e-aws-tests-bootc-release, ci/prow/e2e-aws-tests-bootc-release-arm

Details

In response to this:

The failed tests are not FIPS

/override ci/prow/e2e-aws-tests-bootc-release ci/prow/e2e-aws-tests-bootc-release-arm
/verified by CI

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[pacevedom]

/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ggiguash, pacevedom

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [ggiguash,pacevedom]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci-robot]

/retest-required

Remaining retests: 0 against base HEAD 76d8fad and 2 for PR HEAD 5f56921 in total

[openshift-ci-robot]

/retest-required

Remaining retests: 0 against base HEAD 3bd053f and 1 for PR HEAD 5f56921 in total

[ggiguash]

All FIPS tests passed. Overriding the jobs to save on CI cycles
/override ci/prow/e2e-aws-tests-bootc-periodic ci/prow/e2e-aws-tests-bootc-periodic-arm ci/prow/e2e-aws-tests-periodic-arm

[openshift-ci]

@ggiguash: Overrode contexts on behalf of ggiguash: ci/prow/e2e-aws-tests-bootc-periodic, ci/prow/e2e-aws-tests-bootc-periodic-arm, ci/prow/e2e-aws-tests-periodic-arm

Details

In response to this:

All FIPS tests passed. Overriding the jobs to save on CI cycles
/override ci/prow/e2e-aws-tests-bootc-periodic ci/prow/e2e-aws-tests-bootc-periodic-arm ci/prow/e2e-aws-tests-periodic-arm

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[openshift-ci]

@ggiguash: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.