In this blog I wrote on Medium last year, I showed you how to cross-build ppc64le container images on an x86_64 machine. Now in this blog post, we will be using the Tekton pipeline to achieve the same. To do this, we will SSH into a remote x86_64 host through the Tekton pipeline by providing the required credentials and the shell script we want to run there.
Tekton pipeline setup
Pre-requisites
- An x86_64 Openshift cluster with version 4.9 or above
- Enable Role-Based Access Control (RBAC) in the clusters.
- Grant cluster-admin role to the current user on the cluster
Step 1: Environment Setup
Login to the Openshift Cluster and create a new project “tekton-pipelines”
. This namespace is used by all the Tekton components.
oc login -u kubeadmin -p <kubepassword>
oc new-project tekton-pipelines
Step 2: Install OpenShift Pipelines Operator
- Log into your cluster’s OpenShift Console with cluster-admin privileges
- Use the left-hand menu to navigate to Operators
- In the Operators, submenu click on OperatorHub
- Use the Filter/Search box to filter on OpenShift Pipelines
- Click the Red Hat OpenShift Pipelines tile
- In the flyout menu to the right-click the Install button near the top
- On the next screen “Install Operator” scroll to the bottom of the page and click Install
Step 3: Install Tekton CLI
You can install tkn CLI from here depending on the OS and Arch which you are using. After the successful installation, you can check the version by
rpm -Uvh https://github.com/tektoncd/cli/releases/download/v0.26.0/tektoncd-cli-0.26.0_Linux-64bit.rpm
tkn version
Step 4: Install Tekton Dashboard
oc apply -f https://github.com/tektoncd/dashboard/releases/download/v0.29.1/tekton-dashboard-release.yaml
oc get pods --namespace tekton-pipelines --watch
oc create route edge tekton-dashboard --service=tekton-dashboard --port=http --insecure-policy=Redirect -n tekton-pipelines
Verify that the dashboard pod is in a running state by executing the command below:
oc get pods --namespace tekton-pipelines --watch
NAME READY STATUS RESTARTS AGE
tekton-dashboard-545b99657d-xnmz7 1/1 Running 0 5d
Open the route link provided by the below command in your browser to access the Tekton dashboard.
oc get route
Build the Tekton pipeline
Step 1: Generate SSH key
Create SSH key pair if it doesn’t exist by using the following steps on the cluster.
cd ~/.sshssh-keygen -o -t rsa
Press Enter to complete with the default configurations, we will leave that passphrase empty for now but, you can use it to add extra security to your key.
When you type ls
you should find two files: id_rsa and id_rsa.pub.
id_rsa has the private key while id_rsa.pub has the public key.
Step 2: Add public ssh key to the authorized_keys file of the remote x86 VM
First view/copy the contents of your recently generated public key id_rsa.pub
on the x86 cluster. The public ssh key begins with "ssh-rsa" and ends with your email address:
cat ~/.ssh/id_rsa.pub
Login to your remote x86 VM and edit authorized_keys
file by putting the contents of your public key below any other keys in that file:
vi ~/.ssh/authorized_keys
Step 3: Test SSH connection using the private key
Just to make sure that the public ssh key is added correctly to the authorized_keys file of the remote x86 VM, try SSHing into the remote x86 machine from the x86 cluster with the corresponding private key.
ssh -i /root/.ssh/id_rsa username@hostname
Step 4. Clone the source code
git clone https://github.com/mayurwaghmode/Cross-Building-using-Tekton.git
cd Cross-Building-using-Tekton
Step 5. Configure the source code
This secret will contain the private SSH key in base64 encoded format. To get the private key in base64 encoded format, use the below command on the remote VM.
cat ~/.ssh/id_rsa | base64 -w 0
Update the private key in the config/secrets.yaml
file.
Now create the secret by applying the secrets.yaml file.
oc create -f config/secrets.yaml
Create a TaskRun
for remote ssh logging into the x86_64 machine
Parameters
- HOST: The remote host to which you want to connect. (Required)
- USERNAME: Connect as a user. (Required)
- PORT: Port number to connect (default: 22).
- SSH_SCRIPT: The shell script which you want to run on the remote host. (Required)
To build the ppc64le container on a remote x86_64 VM we are using the Dockerfile located here.
Setup quay repository with proper account permissions
Create a Quay repository where you want to deploy the ppc64le container built from the Tekton pipeline. Make sure that you have Read+Write permissions to the repository.
Update your Quay login credentials and recently created Quay repository in the SSH_SCRIPT value of taskrun.yaml
Apply the Tasks and TaskRuns
oc apply -f task/
oc apply -f taskrun.yaml
Monitor the taskRuns on the Tekton dashboard. The below command can be used to see the PipelineRun logs on CLI.
tkn taskrun logs -f
Done! The ppc64le container is successfully built on a remote x86_64 VM through Tekton Pipeline. Now that your ppc64le image is public, you can run it on any ppc64le system with podman
or docker
!
podman run quay.io/Quay-User-Name/Quay-Repository-Name
Troubleshooting
While building the ppc64le container on the remote VM if you encounter the below error then you need to disable the SELinux of the remote host.
container exited on segmentation fault
error building at STEP "RUN apt-get update -y": error while running runtime: exit status 1
SELinux enabled on the remote host does not allow the full functionality of Qemu-user-static. To check the SELinux status use seastatus
command. If SELinux status is not disabled then followed this by logging into the remote VM.
Thanks for reading! I hope you found this tutorial helpful. Feel free to reach out in case of any queries. Happy learning!
Originally published on Medium