USHIFT-7167: Update ami references

[pacevedom]

Summary by CodeRabbit

This PR updates OpenShift CI infrastructure (ci-operator jobs and step-registry scripts) to add and use newer RHEL images for MicroShift and to make related cluster-bot/prepare-host logic compatible with multiple RHEL major versions. It also contains a small CI test environment fix for the lvm-operator jobs.

What changed in practical terms:

• MicroShift CI job definitions (main, release-4.22, and release-4.22 periodics) now set MICROSHIFT_OS to rhel-9.8 for EL9 jobs and to rhel-10.2 for EL10 jobs. This affects many e2e/bootc workflows, nightly periodics (amd64 + arm64), OVN conformance, clusterbot-nightly, footprint/perf and AI-serving nightly jobs, and related release/periodic variants so CI will provision/test against these newer RHEL images.
• AWS EC2 infra script (openshift-microshift-infra-aws-ec2-commands.sh) extends its ami_map with AMI IDs for rhel-9.8 and rhel-10.2 (x86_64 and arm64) across us-east-1, us-west-2 and eu-central-1 so stacks can be created with those OS images.
• Cluster-bot logic (openshift-microshift-clusterbot-commands.sh) now allows rhel-9.8 and rhel-10.2 in its allowed_os list and continues to validate MICROSHIFT_OS/MICROSHIFT_ARCH and instance selection.
• Prepare-host script (clusterbot prepare-host commands) builds MicroShift repo URLs dynamically by deriving the RHEL major version from MICROSHIFT_OS (computing an el_version) instead of hardcoding el9/rhel-9. This ensures RHEL 10 uses correct repo paths.
• LVM operator CI config (openshift-lvm-operator-release-4.14.yaml) unsets GOFLAGS before running unit and e2e test commands (and in test_binary_build_commands) to avoid inconsistent vendoring-related build/test failures.

Notes:

• The changes are configuration and scripting updates for CI infra and do not alter exported/public code entities.

[openshift-ci-robot]

@pacevedom: This pull request references USHIFT-7167 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "5.0.0" version, but no target version was set.

Details

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 937aa985-a632-4a18-aa1e-29a262ca7e5c

📥 Commits

Reviewing files that changed from the base of the PR and between 570358a and 0f5ef6c.

📒 Files selected for processing (2)

• ci-operator/step-registry/openshift/microshift/clusterbot/openshift-microshift-clusterbot-commands.sh
• ci-operator/step-registry/openshift/microshift/clusterbot/prepare-host/openshift-microshift-clusterbot-prepare-host-commands.sh

---

Walkthrough

This PR adds unset GOFLAGS to LVM operator unit and E2E test commands, updates MicroShift CI jobs to use rhel-9.8 (EL9) and rhel-10.2 (EL10), adds AMI mappings for those OS versions, and updates clusterbot allowed OS list and repo path derivation.

Changes

LVM Operator GOFLAGS Environment Setup

Layer / File(s)	Summary
Unset GOFLAGS in unit and E2E test commands ci-operator/config/openshift/lvm-operator/openshift-lvm-operator-release-4.14.yaml	Unit test stage commands now start with unset GOFLAGS before exporting Codecov token and running make test. E2E test stage commands now unset GOFLAGS before running make e2e.

MicroShift RHEL OS Version Updates

Layer / File(s)	Summary
MicroShift CI job MICROSHIFT_OS updates ci-operator/config/openshift/microshift/openshift-microshift-main.yaml, ci-operator/config/openshift/microshift/openshift-microshift-release-4.22.yaml, ci-operator/config/openshift/microshift/openshift-microshift-release-4.22__periodics.yaml	MICROSHIFT_OS values changed from rhel-9.6 to rhel-9.8 for EL9 jobs and to rhel-10.2 for EL10 jobs across e2e, bootc, conformance, footprint/performance, AI model serving, and release/periodic job definitions.
MicroShift AWS EC2 AMI mappings ci-operator/step-registry/openshift/microshift/infra/aws/ec2/openshift-microshift-infra-aws-ec2-commands.sh	ami_map extended with AMI IDs for rhel-9.8 and rhel-10.2 for x86_64 and arm64 in us-east-1 and eu-central-1.
Clusterbot allowed OS and repo path derivation ci-operator/step-registry/openshift/microshift/clusterbot/openshift-microshift-clusterbot-commands.sh, ci-operator/step-registry/openshift/microshift/clusterbot/prepare-host/openshift-microshift-clusterbot-prepare-host-commands.sh	Added rhel-9.8 and rhel-10.2 to allowed_os and compute el_version by parsing MICROSHIFT_OS to build repo/download paths instead of hardcoding el9.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• openshift/release#79802: Modifies the LVM operator CI configuration to add unset GOFLAGS before running tests, matching the core change in this PR.
• openshift/release#79824: Also updates the LVM operator test commands with unset GOFLAGS before unit and E2E tests.

Suggested labels

lgtm, area/pipelines, rehearsals-ack

🚥 Pre-merge checks | ✅ 15

✅ Passed checks (15 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'USHIFT-7167: Update ami references' is partially related to the changeset. While some changes do update AMI references in scripts, the PR also includes broader updates to MICROSHIFT_OS environment variables across multiple CI configuration files and dynamic version handling logic.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	PR contains only YAML CI config and shell scripts; no Ginkgo test files or test definitions are modified, making the "Stable and Deterministic Test Names" check inapplicable.
Test Structure And Quality	✅ Passed	This PR contains only YAML CI configuration files and shell scripts; no Ginkgo test code was modified. The custom check for "Test Structure and Quality" is not applicable.
Microshift Test Compatibility	✅ Passed	PR modifies only CI infrastructure and configuration files (YAML, shell scripts). No new Ginkgo e2e test code was added; check requirement doesn't apply.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	This PR does not add any new Ginkgo e2e tests. All changes are CI configuration (YAML) and infrastructure setup scripts (shell). The check is not applicable.
Topology-Aware Scheduling Compatibility	✅ Passed	PR modifies only CI/CD infrastructure and test environment configs (OS versions, AMI mappings), not deployment manifests or scheduling constraints.
Ote Binary Stdout Contract	✅ Passed	PR modifies only CI configuration YAML files and shell scripts; no Go test binaries or OTE-related code modified. Check is not applicable.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	This PR adds no Ginkgo e2e tests; it only updates CI configuration (YAML) and infrastructure setup scripts (bash). The check is not applicable.
No-Weak-Crypto	✅ Passed	CI configuration changes only. No weak crypto algorithms, custom implementations, or insecure secret comparisons found in any files.
Container-Privileges	✅ Passed	PR modifies CI configuration and shell scripts only; no container/K8s manifests with privileged settings or privilege-escalating configurations present.
No-Sensitive-Data-In-Logs	✅ Passed	The PR contains proper credential handling with set +x disabling around AWS credentials in both scripts. AWS access keys are only created in files and never logged to stdout.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In
`@ci-operator/config/openshift/microshift/openshift-microshift-release-4.22__periodics.yaml`:
- Line 176: The periodic job fails because MICROSHIFT_OS rhel-9.8 is not in the
allowed_os whitelist used by the clusterbot step; update the allowed_os
definition in
ci-operator/step-registry/openshift/microshift/clusterbot/openshift-microshift-clusterbot-commands.sh
to include "rhel-9.8" (or broaden the validation to accept rhel-9.x) so the
script accepts the new OS value referenced by the periodic config; modify the
allowed_os array (or validation logic) accordingly and ensure any conditional
checks that reference allowed_os include the new entry.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 24c16d93-f9ea-430a-a66d-e67453e98a03

📥 Commits

Reviewing files that changed from the base of the PR and between 684ae01 and 570358a.

📒 Files selected for processing (5)

• ci-operator/config/openshift/lvm-operator/openshift-lvm-operator-release-4.14.yaml
• ci-operator/config/openshift/microshift/openshift-microshift-main.yaml
• ci-operator/config/openshift/microshift/openshift-microshift-release-4.22.yaml
• ci-operator/config/openshift/microshift/openshift-microshift-release-4.22__periodics.yaml
• ci-operator/step-registry/openshift/microshift/infra/aws/ec2/openshift-microshift-infra-aws-ec2-commands.sh

[pacevedom]

/pj-rehearse more

[openshift-merge-bot]

@pacevedom: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[agullon]

@pacevedom it looks good, but do you think we should include this changes about cluster bot on this PR or on a separate one?

[agullon]

/lgtm

[pacevedom]

/pj-rehearse more

[openshift-merge-bot]

@pacevedom: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: agullon, pacevedom

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• ci-operator/config/openshift/lvm-operator/OWNERS [pacevedom]
• ci-operator/config/openshift/microshift/OWNERS [agullon,pacevedom]
• ci-operator/step-registry/openshift/microshift/OWNERS [agullon,pacevedom]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-merge-bot]

[REHEARSALNOTIFIER]
@pacevedom: the pj-rehearse plugin accommodates running rehearsal tests for the changes in this PR. Expand 'Interacting with pj-rehearse' for usage details. The following rehearsable tests have been affected by this change:

Test name	Repo	Type	Reason
pull-ci-openshift-microshift-release-4.22-e2e-aws-ai-model-serving	openshift/microshift	presubmit	Ci-operator config changed
pull-ci-openshift-microshift-release-4.22-e2e-aws-footprint-and-performance	openshift/microshift	presubmit	Ci-operator config changed
pull-ci-openshift-microshift-release-4.22-e2e-aws-tests	openshift/microshift	presubmit	Ci-operator config changed
pull-ci-openshift-microshift-release-4.22-e2e-aws-tests-arm	openshift/microshift	presubmit	Ci-operator config changed
pull-ci-openshift-microshift-release-4.22-e2e-aws-tests-bootc-arm-el10	openshift/microshift	presubmit	Ci-operator config changed
pull-ci-openshift-microshift-release-4.22-e2e-aws-tests-bootc-arm-el9	openshift/microshift	presubmit	Ci-operator config changed
pull-ci-openshift-microshift-release-4.22-e2e-aws-tests-bootc-el10	openshift/microshift	presubmit	Ci-operator config changed
pull-ci-openshift-microshift-release-4.22-e2e-aws-tests-bootc-el9	openshift/microshift	presubmit	Ci-operator config changed
pull-ci-openshift-microshift-release-4.22-e2e-aws-tests-bootc-periodic-arm-el10	openshift/microshift	presubmit	Ci-operator config changed
pull-ci-openshift-microshift-release-4.22-e2e-aws-tests-bootc-periodic-arm-el9	openshift/microshift	presubmit	Ci-operator config changed
pull-ci-openshift-microshift-release-4.22-e2e-aws-tests-bootc-periodic-el10	openshift/microshift	presubmit	Ci-operator config changed
pull-ci-openshift-microshift-release-4.22-e2e-aws-tests-bootc-periodic-el9	openshift/microshift	presubmit	Ci-operator config changed
pull-ci-openshift-microshift-release-4.22-e2e-aws-tests-bootc-release-arm-el10	openshift/microshift	presubmit	Ci-operator config changed
pull-ci-openshift-microshift-release-4.22-e2e-aws-tests-bootc-release-arm-el9	openshift/microshift	presubmit	Ci-operator config changed
pull-ci-openshift-microshift-release-4.22-e2e-aws-tests-bootc-release-el10	openshift/microshift	presubmit	Ci-operator config changed
pull-ci-openshift-microshift-release-4.22-e2e-aws-tests-bootc-release-el9	openshift/microshift	presubmit	Ci-operator config changed
pull-ci-openshift-microshift-release-4.22-e2e-aws-tests-bootc-upstream	openshift/microshift	presubmit	Ci-operator config changed
pull-ci-openshift-microshift-release-4.22-e2e-aws-tests-bootc-upstream-arm	openshift/microshift	presubmit	Ci-operator config changed
pull-ci-openshift-microshift-release-4.22-e2e-aws-tests-periodic	openshift/microshift	presubmit	Ci-operator config changed
pull-ci-openshift-microshift-release-4.22-e2e-aws-tests-periodic-arm	openshift/microshift	presubmit	Ci-operator config changed
pull-ci-openshift-microshift-release-4.22-e2e-aws-tests-release	openshift/microshift	presubmit	Ci-operator config changed
pull-ci-openshift-microshift-release-4.22-e2e-aws-tests-release-arm	openshift/microshift	presubmit	Ci-operator config changed
pull-ci-openshift-microshift-release-4.22-ocp-full-conformance-rhel-eus	openshift/microshift	presubmit	Ci-operator config changed
pull-ci-openshift-microshift-release-4.22-ocp-full-conformance-serial-rhel-eus	openshift/microshift	presubmit	Ci-operator config changed
pull-ci-openshift-microshift-main-e2e-aws-ai-model-serving	openshift/microshift	presubmit	Ci-operator config changed

A total of 351 jobs have been affected by this change. The above listing is non-exhaustive and limited to 25 jobs.

A full list of affected jobs can be found here
The following jobs are not rehearsable without the network-access-rehearsals-ok, and approved labels present on this PR. This is due to the restrict_network_access field being set to false. The network-access-rehearsals-ok label can be added by any openshift org member other than the PR's author by commenting: /pj-rehearse network-access-allowed:

Test name
periodic-ci-openshift-microshift-main-e2e-aws-tests-cache-nightly-arm
pull-ci-openshift-microshift-main-e2e-aws-tests-cache
pull-ci-openshift-microshift-main-e2e-aws-tests-cache-arm
periodic-ci-openshift-microshift-main-e2e-aws-tests-cache-nightly
pull-ci-openshift-microshift-release-4.22-e2e-aws-tests-cache
pull-ci-openshift-microshift-release-4.22-e2e-aws-tests-cache-arm
periodic-ci-openshift-microshift-release-4.22-e2e-aws-tests-cache-nightly
periodic-ci-openshift-microshift-release-4.22-e2e-aws-tests-cache-nightly-arm

Interacting with pj-rehearse

Comment: /pj-rehearse to run up to 5 rehearsals
Comment: /pj-rehearse skip to opt-out of rehearsals
Comment: /pj-rehearse {test-name}, with each test separated by a space, to run one or more specific rehearsals
Comment: /pj-rehearse more to run up to 10 rehearsals
Comment: /pj-rehearse max to run up to 25 rehearsals
Comment: /pj-rehearse auto-ack to run up to 5 rehearsals, and add the rehearsals-ack label on success
Comment: /pj-rehearse list to get an up-to-date list of affected jobs
Comment: /pj-rehearse abort to abort all active rehearsals
Comment: /pj-rehearse network-access-allowed to allow rehearsals of tests that have the restrict_network_access field set to false. This must be executed by an openshift org member who is not the PR author

Once you are satisfied with the results of the rehearsals, comment: /pj-rehearse ack to unblock merge. When the rehearsals-ack label is present on your PR, merge will no longer be blocked by rehearsals.
If you would like the rehearsals-ack label removed, comment: /pj-rehearse reject to re-block merging.

[openshift-ci]

@pacevedom: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/rehearse/openshift/microshift/main/e2e-aws-tests-bootc-arm-el10	0f5ef6c	link	unknown	/pj-rehearse pull-ci-openshift-microshift-main-e2e-aws-tests-bootc-arm-el10
ci/rehearse/openshift/ovn-kubernetes/release-5.1/e2e-aws-ovn-microshift	570358a	link	unknown	/pj-rehearse pull-ci-openshift-ovn-kubernetes-release-5.1-e2e-aws-ovn-microshift
ci/rehearse/openshift/microshift/release-5.1/e2e-aws-footprint-and-performance	0f5ef6c	link	unknown	/pj-rehearse pull-ci-openshift-microshift-release-5.1-e2e-aws-footprint-and-performance
ci/rehearse/openshift/microshift/release-5.1/e2e-aws-ai-model-serving	0f5ef6c	link	unknown	/pj-rehearse pull-ci-openshift-microshift-release-5.1-e2e-aws-ai-model-serving
ci/rehearse/openshift/microshift/main/e2e-aws-tests	0f5ef6c	link	unknown	/pj-rehearse pull-ci-openshift-microshift-main-e2e-aws-tests
ci/rehearse/openshift/microshift/main/e2e-aws-tests-arm	0f5ef6c	link	unknown	/pj-rehearse pull-ci-openshift-microshift-main-e2e-aws-tests-arm

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.