CORS-4336: Add CI jobs for AWS European Sovereign Cloud (EUSC) by liweinan · Pull Request #75568 · openshift/release

liweinan · 2026-03-02T18:04:40Z

Implement continuous integration support for AWS EUSC partition (aws-eusc) in eusc-de-east-1 region. Includes cluster profile definition, service endpoints configuration, custom AMI handling, and periodic test jobs.

This enables OpenShift testing on AWS's new European Sovereign Cloud infrastructure, which requires explicit endpoint configuration and custom RHCOS AMIs not available in public regions.

openshift-ci-robot · 2026-03-02T18:04:45Z

@liweinan: This pull request references CORS-4336 which is a valid jira issue.

Details

In response to this:

Implement continuous integration support for AWS EUSC partition (aws-eusc) in eusc-de-east-1 region. Includes cluster profile definition, service endpoints configuration, custom AMI handling, and periodic test jobs.

This enables OpenShift testing on AWS's new European Sovereign Cloud infrastructure, which requires explicit endpoint configuration and custom RHCOS AMIs not available in public regions.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

openshift-ci-robot · 2026-03-02T18:06:05Z

@liweinan, pj-rehearse: unable to determine affected jobs. This could be due to a branch that needs to be rebased. ERROR:

could not load configuration from candidate revision of release repo: failed to load ci-operator configuration from release repo: invalid ci-operator config: configuration has 2 errors:

 * tests[125]: invalid cluster profile "aws-eusc-qe"
 * tests[126]: invalid cluster profile "aws-eusc-qe"

Interacting with pj-rehearse

Comment: /pj-rehearse to run up to 5 rehearsals
Comment: /pj-rehearse skip to opt-out of rehearsals
Comment: /pj-rehearse {test-name}, with each test separated by a space, to run one or more specific rehearsals
Comment: /pj-rehearse more to run up to 10 rehearsals
Comment: /pj-rehearse max to run up to 25 rehearsals
Comment: /pj-rehearse auto-ack to run up to 5 rehearsals, and add the rehearsals-ack label on success
Comment: /pj-rehearse list to get an up-to-date list of affected jobs
Comment: /pj-rehearse abort to abort all active rehearsals
Comment: /pj-rehearse network-access-allowed to allow rehearsals of tests that have the restrict_network_access field set to false. This must be executed by an openshift org member who is not the PR author

Once you are satisfied with the results of the rehearsals, comment: /pj-rehearse ack to unblock merge. When the rehearsals-ack label is present on your PR, merge will no longer be blocked by rehearsals.
If you would like the rehearsals-ack label removed, comment: /pj-rehearse reject to re-block merging.

...t/openshift-tests-private/openshift-openshift-tests-private-release-4.22__amd64-nightly.yaml

ci-operator/step-registry/cluster-profiles/cluster-profiles-config.yaml

...ipi/private/provision/cucushift-installer-rehearse-aws-eusc-ipi-private-provision-chain.yaml

ci-operator/step-registry/ipi/conf/aws/eusc-ami/ipi-conf-aws-eusc-ami-commands.sh

yunjiang29 · 2026-03-05T02:26:01Z

@liweinan as we discussed offline, for the new partition we need three types of cluster:

common IPI cluster
private cluster
disconnected (private) cluster
and based on above basic cluster, we also need to cover STS, custom KMS key, FIPS and minimum permission, you can refer to existing jobs.

...t/openshift-tests-private/openshift-openshift-tests-private-release-4.22__amd64-nightly.yaml

liweinan · 2026-03-05T02:38:24Z

@yunjiang29 Thanks for the review! I'll refactor this PR today.

openshift-ci-robot · 2026-03-05T12:18:26Z

@liweinan, pj-rehearse: unable to determine affected jobs. This could be due to a branch that needs to be rebased. ERROR:

could not load configuration from candidate revision of release repo: failed to load ci-operator configuration from release repo: invalid ci-operator config: configuration has 2 errors:

 * tests[126]: invalid cluster profile "aws-eusc"
 * tests[127]: invalid cluster profile "aws-eusc"

Interacting with pj-rehearse

Comment: /pj-rehearse to run up to 5 rehearsals
Comment: /pj-rehearse skip to opt-out of rehearsals
Comment: /pj-rehearse {test-name}, with each test separated by a space, to run one or more specific rehearsals
Comment: /pj-rehearse more to run up to 10 rehearsals
Comment: /pj-rehearse max to run up to 25 rehearsals
Comment: /pj-rehearse auto-ack to run up to 5 rehearsals, and add the rehearsals-ack label on success
Comment: /pj-rehearse list to get an up-to-date list of affected jobs
Comment: /pj-rehearse abort to abort all active rehearsals
Comment: /pj-rehearse network-access-allowed to allow rehearsals of tests that have the restrict_network_access field set to false. This must be executed by an openshift org member who is not the PR author

Once you are satisfied with the results of the rehearsals, comment: /pj-rehearse ack to unblock merge. When the rehearsals-ack label is present on your PR, merge will no longer be blocked by rehearsals.
If you would like the rehearsals-ack label removed, comment: /pj-rehearse reject to re-block merging.

liweinan · 2026-03-06T03:16:23Z

@yunjiang29 Thanks for the detailed review! I'll update the PR recordingly.

openshift-ci-robot · 2026-03-06T06:37:31Z

@liweinan, pj-rehearse: unable to determine affected jobs. This could be due to a branch that needs to be rebased. ERROR:

could not load configuration from candidate revision of release repo: failed to load ci-operator configuration from release repo: invalid ci-operator config: configuration has 2 errors:

 * tests[126]: invalid cluster profile "aws-eusc"
 * tests[127]: invalid cluster profile "aws-eusc"

Interacting with pj-rehearse

Comment: /pj-rehearse to run up to 5 rehearsals
Comment: /pj-rehearse skip to opt-out of rehearsals
Comment: /pj-rehearse {test-name}, with each test separated by a space, to run one or more specific rehearsals
Comment: /pj-rehearse more to run up to 10 rehearsals
Comment: /pj-rehearse max to run up to 25 rehearsals
Comment: /pj-rehearse auto-ack to run up to 5 rehearsals, and add the rehearsals-ack label on success
Comment: /pj-rehearse list to get an up-to-date list of affected jobs
Comment: /pj-rehearse abort to abort all active rehearsals
Comment: /pj-rehearse network-access-allowed to allow rehearsals of tests that have the restrict_network_access field set to false. This must be executed by an openshift org member who is not the PR author

Once you are satisfied with the results of the rehearsals, comment: /pj-rehearse ack to unblock merge. When the rehearsals-ack label is present on your PR, merge will no longer be blocked by rehearsals.
If you would like the rehearsals-ack label removed, comment: /pj-rehearse reject to re-block merging.

Address yunfei's review comments on PR openshift#75568: 1. Job naming convention: - Rename jobs from -f60 to -f7 suffix (non-destructive tests) - Update cron schedule to standard f7 pattern: 7,14,23,30 2. Private cluster configuration: - Add complete private cluster setup with bastion host - Add VPC, security groups, and proxy configuration - Set PUBLISH=Internal for private cluster access - Add minimal IAM permission provisioning - Follow pattern from cucushift-installer-rehearse-aws-ipi-private-provision 3. AMI configuration fix: - Replace deprecated compute.platform.aws.amiID field - Use platform.aws.defaultMachinePlatform.amiID instead

openshift-ci-robot · 2026-03-06T06:40:37Z

@liweinan, pj-rehearse: unable to determine affected jobs. This could be due to a branch that needs to be rebased. ERROR:

could not load configuration from candidate revision of release repo: failed to load ci-operator configuration from release repo: invalid ci-operator config: configuration has 2 errors:

 * tests[126]: invalid cluster profile "aws-eusc"
 * tests[127]: invalid cluster profile "aws-eusc"

Interacting with pj-rehearse

Comment: /pj-rehearse to run up to 5 rehearsals
Comment: /pj-rehearse skip to opt-out of rehearsals
Comment: /pj-rehearse {test-name}, with each test separated by a space, to run one or more specific rehearsals
Comment: /pj-rehearse more to run up to 10 rehearsals
Comment: /pj-rehearse max to run up to 25 rehearsals
Comment: /pj-rehearse auto-ack to run up to 5 rehearsals, and add the rehearsals-ack label on success
Comment: /pj-rehearse list to get an up-to-date list of affected jobs
Comment: /pj-rehearse abort to abort all active rehearsals
Comment: /pj-rehearse network-access-allowed to allow rehearsals of tests that have the restrict_network_access field set to false. This must be executed by an openshift org member who is not the PR author

Once you are satisfied with the results of the rehearsals, comment: /pj-rehearse ack to unblock merge. When the rehearsals-ack label is present on your PR, merge will no longer be blocked by rehearsals.
If you would like the rehearsals-ack label removed, comment: /pj-rehearse reject to re-block merging.

1. Job naming convention: - Rename jobs from -f60 to -f7 suffix (non-destructive tests) - Update cron schedule to standard f7 pattern: 7,14,23,30 2. Private cluster configuration: - Add complete private cluster setup with bastion host - Add VPC, security groups, and proxy configuration - Set PUBLISH=Internal for private cluster access - Add minimal IAM permission provisioning - Follow pattern from cucushift-installer-rehearse-aws-ipi-private-provision 3. AMI configuration fix: - Replace deprecated compute.platform.aws.amiID field - Use platform.aws.defaultMachinePlatform.amiID instead 4. Generalize step registry components for reusability: - Enhance ipi-conf-aws-custom-endpoints to support multiple AWS partitions * Add AWS_DOMAIN_SUFFIX env var (defaults to amazonaws.com) * Support amazonaws.eu for EUSC, amazonaws.com.cn for China * Allow full URLs for maximum flexibility - Make ipi-conf-aws-eusc-ami more generic * Support AWS_CUSTOM_AMI_ID for general use * Maintain AWS_EUSC_AMI_ID for backward compatibility * Can be used for EUSC, China, GovCloud, or custom AMI scenarios - Use generic steps in EUSC provision chain with partition-specific config - Remove obsolete ipi-conf-aws-eusc-endpoints (replaced by generic version)

openshift-ci-robot · 2026-03-06T07:00:15Z

@liweinan, pj-rehearse: unable to determine affected jobs. This could be due to a branch that needs to be rebased. ERROR:

could not load configuration from candidate revision of release repo: failed to load ci-operator configuration from release repo: invalid ci-operator config: configuration has 2 errors:

 * tests[126]: invalid cluster profile "aws-eusc"
 * tests[127]: invalid cluster profile "aws-eusc"

Interacting with pj-rehearse

Comment: /pj-rehearse to run up to 5 rehearsals
Comment: /pj-rehearse skip to opt-out of rehearsals
Comment: /pj-rehearse {test-name}, with each test separated by a space, to run one or more specific rehearsals
Comment: /pj-rehearse more to run up to 10 rehearsals
Comment: /pj-rehearse max to run up to 25 rehearsals
Comment: /pj-rehearse auto-ack to run up to 5 rehearsals, and add the rehearsals-ack label on success
Comment: /pj-rehearse list to get an up-to-date list of affected jobs
Comment: /pj-rehearse abort to abort all active rehearsals
Comment: /pj-rehearse network-access-allowed to allow rehearsals of tests that have the restrict_network_access field set to false. This must be executed by an openshift org member who is not the PR author

Once you are satisfied with the results of the rehearsals, comment: /pj-rehearse ack to unblock merge. When the rehearsals-ack label is present on your PR, merge will no longer be blocked by rehearsals.
If you would like the rehearsals-ack label removed, comment: /pj-rehearse reject to re-block merging.

...erator/step-registry/ipi/conf/aws/custom-endpoints/ipi-conf-aws-custom-endpoints-commands.sh

1. Job naming convention: - Rename jobs from -f60 to -f7 suffix (non-destructive tests) - Update cron schedule to standard f7 pattern: 7,14,23,30 2. Private cluster configuration: - Add complete private cluster setup with bastion host - Add VPC, security groups, and proxy configuration - Set PUBLISH=Internal for private cluster access - Add minimal IAM permission provisioning - Follow pattern from cucushift-installer-rehearse-aws-ipi-private-provision 3. Generalize step registry components for maximum reusability: a) Enhance ipi-conf-aws-custom-endpoints for all AWS partitions: - Add AWS_DOMAIN_SUFFIX env var (defaults to amazonaws.com) - Support amazonaws.eu (EUSC), amazonaws.com.cn (China) - Allow full URLs for maximum flexibility - Remove obsolete ipi-conf-aws-eusc-endpoints step b) Extend ipi-conf-aws to support custom AMI configuration: - Add AWS_AMI_ID env var for custom RHCOS AMI - Useful for EUSC, China, GovCloud, or any partition without public AMIs - Fix deprecated amiID field -> defaultMachinePlatform.amiID - Auto-detection still works for C2S/SC2S - Remove obsolete ipi-conf-aws-eusc-ami step c) EUSC provision chain now uses only generic steps with env config This refactoring reduces code duplication (net -59 lines) and makes step components reusable across all AWS partitions.

openshift-ci-robot · 2026-03-06T07:12:44Z

@liweinan, pj-rehearse: unable to determine affected jobs. This could be due to a branch that needs to be rebased. ERROR:

could not load configuration from candidate revision of release repo: failed to load ci-operator configuration from release repo: invalid ci-operator config: configuration has 2 errors:

 * tests[126]: invalid cluster profile "aws-eusc"
 * tests[127]: invalid cluster profile "aws-eusc"

Interacting with pj-rehearse

Comment: /pj-rehearse to run up to 5 rehearsals
Comment: /pj-rehearse skip to opt-out of rehearsals
Comment: /pj-rehearse {test-name}, with each test separated by a space, to run one or more specific rehearsals
Comment: /pj-rehearse more to run up to 10 rehearsals
Comment: /pj-rehearse max to run up to 25 rehearsals
Comment: /pj-rehearse auto-ack to run up to 5 rehearsals, and add the rehearsals-ack label on success
Comment: /pj-rehearse list to get an up-to-date list of affected jobs
Comment: /pj-rehearse abort to abort all active rehearsals
Comment: /pj-rehearse network-access-allowed to allow rehearsals of tests that have the restrict_network_access field set to false. This must be executed by an openshift org member who is not the PR author

Once you are satisfied with the results of the rehearsals, comment: /pj-rehearse ack to unblock merge. When the rehearsals-ack label is present on your PR, merge will no longer be blocked by rehearsals.
If you would like the rehearsals-ack label removed, comment: /pj-rehearse reject to re-block merging.

liweinan · 2026-03-10T13:59:36Z

Relative PRs merged: #75441 / openshift/ci-tools#4973

Update generated Prow job configurations after rebasing to the latest origin/main. Changes include: - Updated cluster assignments to match current build cluster distribution - EUSC jobs properly integrated with latest job generation logic

Delete 4 EUSC-specific workflows and 2 provision chains, replacing them with standard AWS workflows. This reduces maintenance burden and ensures consistency with standard AWS job configurations. Changes: - Delete cucushift-installer-rehearse-aws-eusc-ipi workflow - Delete cucushift-installer-rehearse-aws-eusc-ipi-private workflow - Delete cucushift-installer-rehearse-aws-eusc-ipi-private-sts workflow - Delete cucushift-installer-rehearse-aws-eusc-ipi-disconnected-private workflow - Delete cucushift-installer-rehearse-aws-eusc-ipi provision chain - Delete cucushift-installer-rehearse-aws-eusc-ipi-private provision chain Modified 5 jobs to use standard AWS workflows: - aws-eusc-ipi-fips-f7 → cucushift-installer-rehearse-aws-ipi - aws-eusc-ipi-f28-destructive → cucushift-installer-rehearse-aws-ipi - aws-eusc-ipi-private-sts-fips-f7 → aws-ipi-private-cco-manual-security-token-service - aws-eusc-ipi-private-mini-perm-f28 → cucushift-installer-rehearse-aws-ipi-private - aws-eusc-ipi-disc-priv-f28 → cucushift-installer-rehearse-aws-ipi-disconnected-private All modified jobs now include: - cluster_profile: aws-eusc (handles region and AMI configuration) - COMPUTE_NODE_TYPE: m5.xlarge - CONTROL_PLANE_INSTANCE_TYPE: m6i.xlarge Preserved for further discussion: - cucushift-installer-rehearse-aws-eusc-ipi-disconnected-private-kms (unique combination not available in standard AWS workflows) Result: -300 lines, 100% workflow reuse for modified jobs

- Delete last EUSC-specific workflow: cucushift-installer-rehearse-aws-eusc-ipi-disconnected-private-kms - Delete associated provision chain - Update aws-eusc-ipi-disc-priv-kms-f7 job to use standard cucushift-installer-rehearse-aws-ipi-disconnected-private workflow - Add COMPUTE_NODE_TYPE and CONTROL_PLANE_INSTANCE_TYPE env vars to the job All EUSC jobs now use standard AWS workflows with cluster_profile: aws-eusc. This completes the refactoring based on review feedback.

openshift-ci · 2026-03-19T01:53:32Z

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: liweinan
Once this PR has been reviewed and has the lgtm label, please assign liangxia, patrickdillon for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

Two critical bug fixes in ipi-conf-aws-commands.sh: 1. Fix CONTROL_PLANE_AMI being unconditionally overwritten - Before: Always fetched from GitHub in C2S/SC2S environments - After: Only auto-detect if user hasn't provided CONTROL_PLANE_AMI - Impact: Users can now override AMI for control plane nodes 2. Fix COMPUTE_AMI being unconditionally overwritten - Before: COMPUTE_AMI="${CONTROL_PLANE_AMI}" (always overwrites) - After: COMPUTE_AMI="${COMPUTE_AMI:-${CONTROL_PLANE_AMI}}" (respects user value) - Impact: Users can now specify different AMIs for compute nodes Both fixes are 100% backward compatible with existing jobs. All current C2S/SC2S jobs don't set these env vars, so behavior unchanged.

liweinan · 2026-03-19T02:20:18Z

Here is the list of PRs to support EUSC:

openshift/installer#10303 (see comment)
openshift/cluster-ingress-operator#1360
openshift/api#2708

ci-operator/step-registry/ipi/conf/aws/ipi-conf-aws-commands.sh

...t/openshift-tests-private/openshift-openshift-tests-private-release-4.22__amd64-nightly.yaml

...t/openshift-tests-private/openshift-openshift-tests-private-release-4.22__multi-nightly.yaml

liweinan · 2026-03-19T08:21:47Z

@yunjiang29 Thanks for the detailed review! I'll update the PR accordingly.

Changes per yunjiang29's review comments: 1. Remove all 6 EUSC jobs from amd64-nightly.yaml - All EUSC jobs now run against multi-nightly payload only - ARM for non-destructive (f7), AMD for destructive (f28) 2. Fix ipi-conf-aws-commands.sh for C2S/SC2S: - Restore version info comment: "# custom rhcos ami for non-public regions" - Restore inline comments: "# 4.9 and below" and "# 4.10 and above" - Add COMPUTE_AMI and echo in C2S block - Remove unreasonable default COMPUTE_AMI logic outside C2S block 3. Fix multi-nightly.yaml jobs: a) Rename KMS job to include "etcd" and meet 61-char limit: aws-eusc-ipi-byo-kms-encryption-fips-tp-amd-f28-destructive → aws-eusc-ipi-byo-kms-etcd-encryption-fips-tp-f28-destructive b) Fix KMS config for destructive job: ENABLE_AWS_KMS_KEY_COMPUTE/CONTROL_PLANE: yes → no ENABLE_AWS_KMS_KEY_DEFAULT_MACHINE: no → yes c) Add -mini-perm to STS job names (they use AWS_INSTALL_USE_MINIMAL_PERMISSIONS): aws-eusc-ipi-private-sts-tp-arm-f7 → aws-eusc-ipi-private-sts-mini-perm-tp-arm-f7 aws-eusc-ipi-private-sts-tp-amd-f28-destructive → aws-eusc-ipi-private-sts-mini-perm-tp-amd-f28-destructive Result: - 8 EUSC jobs in multi-nightly (4 ARM f7 + 4 AMD f28-destructive) - 4 installer presubmit jobs (unchanged) - 0 EUSC jobs in amd64-nightly - Total: 12 EUSC jobs (down from 18)

openshift-ci-robot · 2026-03-20T01:31:28Z

[REHEARSALNOTIFIER]
@liweinan: the pj-rehearse plugin accommodates running rehearsal tests for the changes in this PR. Expand 'Interacting with pj-rehearse' for usage details. The following rehearsable tests have been affected by this change:

Test name	Repo	Type	Reason
pull-ci-openshift-cluster-api-provider-ibmcloud-main-okd-scos-e2e-aws-ovn	openshift/cluster-api-provider-ibmcloud	presubmit	Registry content changed
pull-ci-openshift-cluster-api-provider-ibmcloud-release-4.21-okd-scos-e2e-aws-ovn	openshift/cluster-api-provider-ibmcloud	presubmit	Registry content changed
pull-ci-openshift-cluster-api-provider-ibmcloud-release-4.11-e2e-aws	openshift/cluster-api-provider-ibmcloud	presubmit	Registry content changed
pull-ci-openshift-cluster-api-provider-ibmcloud-release-4.10-e2e-aws	openshift/cluster-api-provider-ibmcloud	presubmit	Registry content changed
pull-ci-openshift-cluster-api-provider-ibmcloud-release-4.11-e2e-aws-serial	openshift/cluster-api-provider-ibmcloud	presubmit	Registry content changed
pull-ci-openshift-cluster-api-provider-ibmcloud-release-4.10-e2e-aws-serial	openshift/cluster-api-provider-ibmcloud	presubmit	Registry content changed
pull-ci-openshift-sdn-release-4.11-e2e-aws	openshift/sdn	presubmit	Registry content changed
pull-ci-openshift-sdn-release-4.10-e2e-aws	openshift/sdn	presubmit	Registry content changed
pull-ci-openshift-sdn-release-4.9-e2e-aws	openshift/sdn	presubmit	Registry content changed
pull-ci-openshift-sdn-release-4.8-e2e-aws	openshift/sdn	presubmit	Registry content changed
pull-ci-openshift-sdn-release-4.7-e2e-aws	openshift/sdn	presubmit	Registry content changed
pull-ci-openshift-sdn-release-4.6-e2e-aws	openshift/sdn	presubmit	Registry content changed
pull-ci-openshift-sdn-release-4.5-e2e-aws	openshift/sdn	presubmit	Registry content changed
pull-ci-openshift-sdn-release-4.4-e2e-aws	openshift/sdn	presubmit	Registry content changed
pull-ci-openshift-sdn-release-4.3-e2e-aws	openshift/sdn	presubmit	Registry content changed
pull-ci-openshift-sdn-release-4.2-e2e-aws	openshift/sdn	presubmit	Registry content changed
pull-ci-openshift-sdn-release-4.16-e2e-aws-sdn	openshift/sdn	presubmit	Registry content changed
pull-ci-openshift-sdn-release-4.16-e2e-aws-live-migration-sdn-ovn	openshift/sdn	presubmit	Registry content changed
pull-ci-openshift-sdn-release-4.16-e2e-aws-live-migration-sdn-ovn-rollback	openshift/sdn	presubmit	Registry content changed
pull-ci-openshift-sdn-release-4.15-e2e-aws-sdn	openshift/sdn	presubmit	Registry content changed
pull-ci-openshift-sdn-release-4.15-e2e-aws-live-migration-sdn-ovn	openshift/sdn	presubmit	Registry content changed
pull-ci-openshift-sdn-release-4.15-e2e-aws-live-migration-sdn-ovn-rollback	openshift/sdn	presubmit	Registry content changed
pull-ci-openshift-sdn-release-4.14-e2e-aws-sdn	openshift/sdn	presubmit	Registry content changed
pull-ci-openshift-sdn-release-4.13-e2e-aws-sdn	openshift/sdn	presubmit	Registry content changed
pull-ci-openshift-sdn-release-4.12-e2e-aws-sdn	openshift/sdn	presubmit	Registry content changed

A total of 16226 jobs have been affected by this change. The above listing is non-exhaustive and limited to 25 jobs.

A full list of affected jobs can be found here

Interacting with pj-rehearse

Comment: /pj-rehearse to run up to 5 rehearsals
Comment: /pj-rehearse skip to opt-out of rehearsals
Comment: /pj-rehearse {test-name}, with each test separated by a space, to run one or more specific rehearsals
Comment: /pj-rehearse more to run up to 10 rehearsals
Comment: /pj-rehearse max to run up to 25 rehearsals
Comment: /pj-rehearse auto-ack to run up to 5 rehearsals, and add the rehearsals-ack label on success
Comment: /pj-rehearse list to get an up-to-date list of affected jobs
Comment: /pj-rehearse abort to abort all active rehearsals
Comment: /pj-rehearse network-access-allowed to allow rehearsals of tests that have the restrict_network_access field set to false. This must be executed by an openshift org member who is not the PR author

Once you are satisfied with the results of the rehearsals, comment: /pj-rehearse ack to unblock merge. When the rehearsals-ack label is present on your PR, merge will no longer be blocked by rehearsals.
If you would like the rehearsals-ack label removed, comment: /pj-rehearse reject to re-block merging.

openshift-ci · 2026-03-20T01:36:50Z

@liweinan: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

yunjiang29 · 2026-03-20T06:29:46Z

ci-operator/step-registry/ipi/conf/aws/ipi-conf-aws-commands.sh

@@ -319,31 +319,30 @@ rm /tmp/pull-secret
 # fi

 # custom rhcos ami for non-public regions
-RHCOS_AMI=
-if [[ "${CLUSTER_TYPE}" =~ ^aws-s?c2s$ ]]; then
+if [[ "${CLUSTER_TYPE}" =~ ^aws-s?c2s$ ]] && [[ -z "${CONTROL_PLANE_AMI}" ]]; then


Suggested change

if [[ "${CLUSTER_TYPE}" =~ ^aws-s?c2s$ ]] && [[ -z "${CONTROL_PLANE_AMI}" ]]; then

if [[ "${CLUSTER_TYPE}" =~ ^aws-s?c2s$ ]] && [[ -z "${CONTROL_PLANE_AMI}" ]] && [[ -z "${COMPUTE_AMI}" ]]; then

yunjiang29 · 2026-03-20T06:43:36Z

...t/openshift-tests-private/openshift-openshift-tests-private-release-4.22__multi-nightly.yaml

    test:
    - chain: openshift-e2e-test-qe
    workflow: baremetal-lab-upi
+- as: aws-eusc-ipi-byo-kms-etcd-encryption-fips-tp-arm-f7


@liweinan this part looks good, please copy these configs to openshift-openshift-tests-private-release-4.23__multi-nightly.yaml and openshift-openshift-tests-private-release-5.0__multi-nightly.yaml as well

patrickdillon · 2026-03-20T17:59:57Z

@tthvo's initial EUSC PR has merged, so we might actually be able to rehearse this, if credentials are setup:

/pj-rehearse pull-ci-openshift-installer-main-e2e-aws-eusc-techpreview

openshift-ci-robot · 2026-03-20T17:59:59Z

@patrickdillon: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Mar 2, 2026

openshift-ci bot requested review from neisw and xingxingxia March 2, 2026 18:05

yunjiang29 reviewed Mar 5, 2026

View reviewed changes

...t/openshift-tests-private/openshift-openshift-tests-private-release-4.22__amd64-nightly.yaml Outdated Show resolved Hide resolved

yunjiang29 reviewed Mar 5, 2026

View reviewed changes

...t/openshift-tests-private/openshift-openshift-tests-private-release-4.22__amd64-nightly.yaml Outdated Show resolved Hide resolved

yunjiang29 reviewed Mar 5, 2026

View reviewed changes

ci-operator/step-registry/cluster-profiles/cluster-profiles-config.yaml Outdated Show resolved Hide resolved

yunjiang29 reviewed Mar 5, 2026

View reviewed changes

...ipi/private/provision/cucushift-installer-rehearse-aws-eusc-ipi-private-provision-chain.yaml Outdated Show resolved Hide resolved

yunjiang29 reviewed Mar 5, 2026

View reviewed changes

...ipi/private/provision/cucushift-installer-rehearse-aws-eusc-ipi-private-provision-chain.yaml Outdated Show resolved Hide resolved

yunjiang29 reviewed Mar 5, 2026

View reviewed changes

...ipi/private/provision/cucushift-installer-rehearse-aws-eusc-ipi-private-provision-chain.yaml Outdated Show resolved Hide resolved

yunjiang29 reviewed Mar 5, 2026

View reviewed changes

ci-operator/step-registry/ipi/conf/aws/eusc-ami/ipi-conf-aws-eusc-ami-commands.sh Outdated Show resolved Hide resolved

yunjiang29 reviewed Mar 5, 2026

View reviewed changes

...t/openshift-tests-private/openshift-openshift-tests-private-release-4.22__amd64-nightly.yaml Outdated Show resolved Hide resolved

liweinan force-pushed the add-aws-eusc-ci-jobs branch from 24fed80 to de00d69 Compare March 5, 2026 12:16

liweinan force-pushed the add-aws-eusc-ci-jobs branch from 4b73bfe to 7f83d83 Compare March 6, 2026 06:38

liweinan force-pushed the add-aws-eusc-ci-jobs branch from 7f83d83 to 55daf83 Compare March 6, 2026 06:58

liweinan commented Mar 6, 2026

View reviewed changes

...erator/step-registry/ipi/conf/aws/custom-endpoints/ipi-conf-aws-custom-endpoints-commands.sh Outdated Show resolved Hide resolved

liweinan force-pushed the add-aws-eusc-ci-jobs branch from 55daf83 to c6c4827 Compare March 6, 2026 07:10

Regenerate jobs after rebase to origin/main

c96110f

Update generated Prow job configurations after rebasing to the latest origin/main. Changes include: - Updated cluster assignments to match current build cluster distribution - EUSC jobs properly integrated with latest job generation logic

liweinan force-pushed the add-aws-eusc-ci-jobs branch from 17c85bd to c96110f Compare March 18, 2026 14:56

liweinan force-pushed the add-aws-eusc-ci-jobs branch from aa44a64 to 987a500 Compare March 19, 2026 01:44