Debugging aws-ipi-confidential-fips-mini-perm profile

[melvinjoseph86]

Summary by CodeRabbit

Release Notes

• Tests
  • Updated confidential computing test configuration with new scenario parameters
  • Modified test execution sequence with additional staging steps
  • Adjusted test infrastructure timing for extended test scenarios

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[melvinjoseph86]

/pj-rehearse periodic-ci-openshift-openshift-tests-private-release-4.22-amd64-nightly-aws-ipi-confidential-fips-mini-perm-f7

[openshift-merge-bot]

@melvinjoseph86: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[coderabbitai]

Warning

Rate limit exceeded

@melvinjoseph86 has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 0 minutes and 1 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 0 minutes and 1 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 2ec4d41c-e114-4a4b-82aa-849079c6a4ab

📥 Commits

Reviewing files that changed from the base of the PR and between 8a0d2a0 and d62d05b.

📒 Files selected for processing (1)

• ci-operator/config/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.22__amd64-nightly.yaml

Walkthrough

This pull request modifies a CI test configuration to update environment variables and test execution flow, while adding a delay in the corresponding test script. The BASE_DOMAIN variable is removed and TEST_SCENARIOS is added to the test definition. The test section changes from a single chain reference to a multi-stage sequence, and a 90-minute delay is inserted into the test script execution path.

Changes

Cohort / File(s)	Summary
CI Test Configuration ci-operator/config/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.22__amd64-nightly.yaml	Modified aws-ipi-confidential-fips-mini-perm-f7 test: removed BASE_DOMAIN env var, added TEST_SCENARIOS: "43284" env var, and changed test execution from chain: openshift-e2e-test-qe to sequential ref: wait followed by ref: openshift-extended-test.
Test Script ci-operator/step-registry/openshift-extended/test/openshift-extended-test-commands.sh	Added unconditional sleep 5400 (90-minute delay) after the cluster type case statement block, affecting all execution paths.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

---

Important

Pre-merge checks failed

Please resolve all errors before merging. Addressing warnings is optional.

❌ Failed checks (1 error, 1 inconclusive)

Check name	Status	Explanation	Resolution
Ote Binary Stdout Contract	❌ Error	Repository contains CI/CD configuration and step registry workflows, not OTE binary source code or binaries.	This is the openshift/release repository for CI configuration; OTE binaries are built and maintained elsewhere.
Single Node Openshift (Sno) Test Compatibility	❓ Inconclusive	Unable to verify changes from provided shell scripts without actual execution output or repository context.	Provide the actual output from these diagnostic commands or access to the repository to assess the changes.

✅ Passed checks (8 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change - debugging a specific test profile (aws-ipi-confidential-fips-mini-perm) by modifying its test steps and environment variables.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Stable And Deterministic Test Names	✅ Passed	The custom check for stable and deterministic Ginkgo test names is not applicable to this pull request as the modified files contain a YAML test configuration file and a shell script orchestration helper, neither of which contain Ginkgo test definitions.
Test Structure And Quality	✅ Passed	The custom check for Ginkgo test code quality is not applicable to this pull request. The PR modifies CI operator configuration files (YAML) and a shell script for test execution, neither of which contain Ginkgo test code.
Microshift Test Compatibility	✅ Passed	This pull request does not introduce any new Ginkgo e2e tests. The modifications are limited to CI configuration changes (modifying a YAML test profile and adding a 90-minute sleep in a test orchestration shell script). No new Go test files with Ginkgo test definitions are being added to the codebase. Since the MicroShift Test Compatibility check specifically applies only when new Ginkgo e2e tests are added, this check is not applicable to this PR.
Topology-Aware Scheduling Compatibility	✅ Passed	Changes are limited to CI test configuration and test execution scripts without Kubernetes scheduling directives or topology-dependent logic.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	This PR does not add any new Ginkgo e2e tests. Modifications are limited to CI operator configuration and shell scripts with no Go test code.

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: melvinjoseph86
Once this PR has been reviewed and has the lgtm label, please assign memodi for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• ci-operator/config/openshift/openshift-tests-private/OWNERS
• ci-operator/step-registry/openshift-extended/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

ci-operator/config/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.22__amd64-nightly.yaml (1)

323-324: Set wait duration explicitly for this profile.

Relying on wait defaults makes runtime harder to reason about. Set SLEEP_DURATION in env so intent is explicit and stable.

💡 Suggested fix

     env:
       AWS_INSTALL_USE_MINIMAL_PERMISSIONS: "yes"
       COMPUTE_CONFIDENTIAL_COMPUTE: AMDEncryptedVirtualizationNestedPaging
       COMPUTE_NODE_TYPE: m6a.2xlarge
       CONFIDENTIAL_COMPUTE: ""
       CONTROL_PLANE_CONFIDENTIAL_COMPUTE: AMDEncryptedVirtualizationNestedPaging
       CONTROL_PLANE_INSTANCE_TYPE: m6a.2xlarge
       FIPS_ENABLED: "true"
       TEST_SCENARIOS: "43284"
+      SLEEP_DURATION: "2h"
     test:
     - ref: wait
     - ref: openshift-extended-test

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@ci-operator/config/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.22__amd64-nightly.yaml`
around lines 323 - 324, This profile currently relies on the shared "wait"
defaults; add an explicit SLEEP_DURATION environment variable in the profile's
env block (e.g., add an env entry with name: SLEEP_DURATION and a chosen value
like "5m" or the project-standard duration) so runtime wait is explicit and
stable—update the profile's env section near the refs for
wait/openshift-extended-test and ensure the new SLEEP_DURATION uses the same
units/format as other SLEEP_DURATION usages in the repo.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In
`@ci-operator/step-registry/openshift-extended/test/openshift-extended-test-commands.sh`:
- Line 247: The unconditional "sleep 5400" in
openshift-extended-test-commands.sh adds 90 minutes of fixed latency; change it
to be gated by an explicit debug env var (e.g., ENABLE_EXTENDED_TEST_SLEEP)
defaulting to off so normal consumers aren't delayed. Replace the bare sleep
5400 invocation with a conditional that only runs the sleep when the env var is
set to "true" (or a similar agreed token), and document the env var in the
script header or comments so consumers know how to enable it for debugging.

---

Nitpick comments:
In
`@ci-operator/config/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.22__amd64-nightly.yaml`:
- Around line 323-324: This profile currently relies on the shared "wait"
defaults; add an explicit SLEEP_DURATION environment variable in the profile's
env block (e.g., add an env entry with name: SLEEP_DURATION and a chosen value
like "5m" or the project-standard duration) so runtime wait is explicit and
stable—update the profile's env section near the refs for
wait/openshift-extended-test and ensure the new SLEEP_DURATION uses the same
units/format as other SLEEP_DURATION usages in the repo.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 512fd065-c7a0-4658-8abe-877348e0f9b8

📥 Commits

Reviewing files that changed from the base of the PR and between ad70e65 and 8a0d2a0.

📒 Files selected for processing (2)

• ci-operator/config/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.22__amd64-nightly.yaml
• ci-operator/step-registry/openshift-extended/test/openshift-extended-test-commands.sh

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Avoid unconditional 90-minute sleep in this shared step.

This adds fixed latency to every openshift-extended-test consumer and can significantly increase timeout/lease risk. Please gate it behind an explicit debug env var (default off) or remove it.

💡 Suggested fix

-sleep 5400
+if [[ "${DEBUG_SLEEP_SECONDS:-0}" =~ ^[0-9]+$ ]] && (( DEBUG_SLEEP_SECONDS > 0 )); then
+    echo "Debug sleep enabled: ${DEBUG_SLEEP_SECONDS}s"
+    sleep "${DEBUG_SLEEP_SECONDS}"
+fi

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	sleep 5400
	if [[ "${DEBUG_SLEEP_SECONDS:-0}" =~ ^[0-9]+$ ]] && (( DEBUG_SLEEP_SECONDS > 0 )); then
	echo "Debug sleep enabled: ${DEBUG_SLEEP_SECONDS}s"
	sleep "${DEBUG_SLEEP_SECONDS}"
	fi

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@ci-operator/step-registry/openshift-extended/test/openshift-extended-test-commands.sh`
at line 247, The unconditional "sleep 5400" in
openshift-extended-test-commands.sh adds 90 minutes of fixed latency; change it
to be gated by an explicit debug env var (e.g., ENABLE_EXTENDED_TEST_SLEEP)
defaulting to off so normal consumers aren't delayed. Replace the bare sleep
5400 invocation with a conditional that only runs the sleep when the env var is
set to "true" (or a similar agreed token), and document the env var in the
script header or comments so consumers know how to enable it for debugging.

[melvinjoseph86]

/pj-rehearse periodic-ci-openshift-openshift-tests-private-release-4.22-amd64-nightly-aws-ipi-confidential-fips-mini-perm-f7

[openshift-merge-bot]

@melvinjoseph86: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[melvinjoseph86]

/pj-rehearse periodic-ci-openshift-openshift-tests-private-release-4.22-amd64-nightly-aws-ipi-confidential-fips-mini-perm-f7

[openshift-merge-bot]

@melvinjoseph86: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[melvinjoseph86]

/pj-rehearse periodic-ci-openshift-openshift-tests-private-release-4.22-amd64-nightly-aws-ipi-confidential-fips-mini-perm-f7

[openshift-merge-bot]

@melvinjoseph86: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[openshift-ci]

@melvinjoseph86: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/rehearse/periodic-ci-openshift-openshift-tests-private-release-4.22-amd64-nightly-aws-ipi-confidential-fips-mini-perm-f7	d62d05b	link	unknown	/pj-rehearse periodic-ci-openshift-openshift-tests-private-release-4.22-amd64-nightly-aws-ipi-confidential-fips-mini-perm-f7

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.