Bug 1885365: daemon: properly handle unit enable/disables

[yuqi-zhang]

Remove the hardlink to multi-user.target and instead invoke systemctl
to directly enable/disable units as needed, so [Install] - wantedby
sections are properly parsed.

Also call systemctl preset on units that are deleted/changed, to
ensure "rollback" of unit enablement to system defaults. Remove
the Ignition-written preset file to account for this.

[openshift-ci-robot]

@yuqi-zhang: This pull request references Bugzilla bug 1885365, which is valid. The bug has been updated to refer to the pull request using the external bug tracker.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target release (4.7.0) matches configured target release for branch (4.7.0)
• bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

In response to this:

Bug 1885365: daemon: properly handle unit enable/disables

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[yuqi-zhang]

need to fix up a bit more but general idea is up for review

[bgilbert]

LGTM generally.

[yuqi-zhang]

Tested with the following:

apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
metadata:
  labels:
    machineconfiguration.openshift.io/role: worker
  name: 98-test-service
spec:
  config:
    ignition:
      version: 3.1.0
    systemd:
      units:
        - name: test.service
          contents: |
            [Unit]
            Description=Hello Test Service
            After=network-online.target
            [Service]
            Type=simple
            ExecStart=/usr/bin/echo hello
            [Install]
            WantedBy=network-online.target

and

apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
metadata:
  labels:
    machineconfiguration.openshift.io/role: worker
  name: 98-test-service-2
spec:
  config:
    ignition:
      version: 3.1.0
    systemd:
      units:
        - name: test.service
          enabled: true

Adding the first correctly adds the service
Adding the second correctly enables and runs the service upon reboot, linking to network-online.service
Removing the second correctly disables the service

Also tested without this PR, the above would link to multi-user.target.wants instead (incorrect) and does not get disabled when you remove the second MC (incorrect)

[yuqi-zhang]

/skip

[openshift-ci-robot]

@yuqi-zhang: The specified target(s) for /test were not found.
The following commands are available to trigger jobs:

• /test cluster-bootimages
• /test e2e-aws
• /test e2e-aws-disruptive
• /test e2e-aws-proxy
• /test e2e-aws-workers-rhel7
• /test e2e-azure
• /test e2e-gcp-op
• /test e2e-metal-ipi
• /test e2e-openstack
• /test e2e-ovirt
• /test e2e-ovn-step-registry
• /test e2e-upgrade
• /test e2e-vsphere
• /test e2e-vsphere-upi
• /test images
• /test okd-e2e-aws
• /test okd-e2e-gcp-op
• /test okd-e2e-upgrade
• /test okd-images
• /test unit
• /test verify

Use /test all to run the following jobs:

• pull-ci-openshift-machine-config-operator-master-e2e-aws
• pull-ci-openshift-machine-config-operator-master-e2e-aws-workers-rhel7
• pull-ci-openshift-machine-config-operator-master-e2e-gcp-op
• pull-ci-openshift-machine-config-operator-master-e2e-metal-ipi
• pull-ci-openshift-machine-config-operator-master-e2e-ovn-step-registry
• pull-ci-openshift-machine-config-operator-master-e2e-upgrade
• pull-ci-openshift-machine-config-operator-master-images
• pull-ci-openshift-machine-config-operator-master-okd-e2e-aws
• pull-ci-openshift-machine-config-operator-master-okd-images
• pull-ci-openshift-machine-config-operator-master-unit
• pull-ci-openshift-machine-config-operator-master-verify

In response to this:

/test ci/prow/e2e-gcp-op

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[yuqi-zhang]

/test e2e-gcp-op

[yuqi-zhang]

So there's a small issue with this approach: there appears to be roughly a ~35% increase in operation time due to the extra writes and calls to systemctl. At the very least this times out our GCP-OP tests.

Our options then seem to be:

1. incur the performance penalty and bump test timeouts
2. go back to writing the files by hand, and add a parser ourselves to find the install section of the unit, when its enabled, and link based on that instead of hardcoding links

[cgwalters]

Today the MCO rewrites files even if they didn't change; if we fixed that it'd be a general improvement and also fix that bug I think.

[yuqi-zhang]

Today the MCO rewrites files even if they didn't change; if we fixed that it'd be a general improvement and also fix that bug I think.

I was under the impression that this was somewhat intentional. Although inefficient, this has some benefits e.g. allowing us to use the forcefile option to re-write all the configs, in case of a drift-degraded situation.

We could consider that separately. I also don't see how it would fix this issue, as the fundamental problem is a wrong hardcode + no restoration of system defaults

[bgilbert]

Hand-implementing [Install] would require handling or intentionally ignoring various corner cases: Alias, Also, and DefaultInstance for templated units. I wouldn't recommend it.

systemctl {enable,disable,preset} support specifying multiple units on the command line. You could accumulate three lists of units to configure, and then at the end, run systemctl exactly once per category of change.

[bgilbert]

LGTM

[dcbw]

/retest

[yuqi-zhang]

Rebased, will see whether slowdowns are still seen in gcp-op tests

[sinnykumari]

/retest

[yuqi-zhang]

Comparing runtimes of most recent gcp-op tests from other PRs, I don't see a significant difference in runtime for the tests that passed. Will retest a few more times after gcp-op issues are fixed.

[yuqi-zhang]

Tested again with the steps in #2145 (comment). Once we're confident in GCP-OP not being slowed down by this, I'm ready to have this merge

[yuqi-zhang]

/retest

[yuqi-zhang]

/retest

[yuqi-zhang]

/retest

[yuqi-zhang]

/retest

[yuqi-zhang]

/retest

[darkmuggle]

/approve
/lgtm

Reading over the PR and the code, this LGTM.

[openshift-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: bgilbert, darkmuggle, yuqi-zhang

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [yuqi-zhang]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[yuqi-zhang]

One more test to be safe. I seem some minor slowdowns but I think they are unrelated to this PR. Overall seems to be matching expectations

/test ci/prow/e2e-gcp-op

[openshift-ci-robot]

@yuqi-zhang: The specified target(s) for /test were not found.
The following commands are available to trigger jobs:

• /test cluster-bootimages
• /test e2e-agnostic-upgrade
• /test e2e-aws
• /test e2e-aws-disruptive
• /test e2e-aws-proxy
• /test e2e-aws-serial
• /test e2e-aws-workers-rhel7
• /test e2e-azure
• /test e2e-gcp-op
• /test e2e-metal-assisted
• /test e2e-metal-ipi
• /test e2e-metal-ipi-ovn-dualstack
• /test e2e-openstack
• /test e2e-ovirt
• /test e2e-ovn-step-registry
• /test e2e-vsphere
• /test e2e-vsphere-upi
• /test images
• /test okd-e2e-aws
• /test okd-e2e-gcp-op
• /test okd-e2e-upgrade
• /test okd-images
• /test unit
• /test verify

Use /test all to run the following jobs:

• pull-ci-openshift-machine-config-operator-master-e2e-agnostic-upgrade
• pull-ci-openshift-machine-config-operator-master-e2e-aws
• pull-ci-openshift-machine-config-operator-master-e2e-aws-serial
• pull-ci-openshift-machine-config-operator-master-e2e-aws-workers-rhel7
• pull-ci-openshift-machine-config-operator-master-e2e-gcp-op
• pull-ci-openshift-machine-config-operator-master-e2e-metal-ipi
• pull-ci-openshift-machine-config-operator-master-e2e-ovn-step-registry
• pull-ci-openshift-machine-config-operator-master-images
• pull-ci-openshift-machine-config-operator-master-okd-e2e-aws
• pull-ci-openshift-machine-config-operator-master-okd-images
• pull-ci-openshift-machine-config-operator-master-unit
• pull-ci-openshift-machine-config-operator-master-verify

In response to this:

One more test to be safe

/test ci/prow/e2e-gcp-op

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[yuqi-zhang]

/test e2e-gcp-op

[yuqi-zhang]

Times look fine
/hold cancel

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-ci-robot]

@yuqi-zhang: All pull requests linked via external trackers have merged:

• openshift/machine-config-operator#2145

Bugzilla bug 1885365 has been moved to the MODIFIED state.

In response to this:

Bug 1885365: daemon: properly handle unit enable/disables

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.