MCO-694: revert from layered pool to non-layered pool #4284
Conversation
openshift-ci-robot
added
the
jira/valid-reference
|
@cheesesashimi: This pull request references MCO-694 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.16.0" version, but no target version was set. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
openshift-ci
bot
added
the
do-not-merge/work-in-progress
|
Skipping CI for Draft Pull Request. |
|
/test e2e-gcp-op |
openshift-ci
bot
added
the
approved
|
One thing we could investigate is something a bit like #1190 where we avoid mutating the system's /etc and explicitly make a new bootloader entry. |
|
/test e2e-gcp-op |
|
Issues go stale after 90d of inactivity. Mark the issue as fresh by commenting If this issue is safe to close now please do so with /lifecycle stale |
openshift-ci
bot
added
the
lifecycle/stale
openshift-merge-robot
added
the
needs-rebase
cheesesashimi
force-pushed
the
zzlotnik/revert-to-non-layered
branch
from
2f6ba4a to
979f59f
Compare
openshift-merge-robot
removed
the
needs-rebase
|
/remove-lifecycle stale |
openshift-ci
bot
removed
the
lifecycle/stale
|
/test e2e-gcp-op |
2 similar comments
|
/test e2e-gcp-op |
|
/test e2e-gcp-op |
cheesesashimi
force-pushed
the
zzlotnik/revert-to-non-layered
branch
2 times, most recently
from
bf0c69d to
aaad79e
Compare
|
/test e2e-gcp-op |
3 similar comments
|
/test e2e-gcp-op |
|
/test e2e-gcp-op |
|
/test e2e-gcp-op |
openshift-ci
bot
removed
the
do-not-merge/work-in-progress
There was a problem hiding this comment.
Really liking the new runtimeassests method! Thanks for adapting the PR!
/lgtm
/hold
Holding for:
- QE pre-merge approval
- removal of test code after MCO-703: Lifecycle Buildah with MCO #4471 merges
| // If the new OS image equals the OS image URL value, this means we're in a | ||
| // revert-from-layering situation. This also means we can return early after | ||
| // taking a different path. | ||
| if newImage == newConfig.Spec.OSImageURL { |
There was a problem hiding this comment.
I guess I originally thought that a user can also set the image back by hand, but that should be fine here as well.
| @@ -456,6 +474,9 @@ func prepareForTest(t *testing.T, cs *framework.ClientSet, testOpts onClusterBui | |||
| pushSecretName, err := getBuilderPushSecretName(cs) | |||
| require.NoError(t, err) | |||
|
|
|||
| // REMOVE AFTER https://github.com/openshift/machine-config-operator/pull/4471 LANDS! | |||
There was a problem hiding this comment.
I think we can land that first since it's mostly ready to go
openshift-ci
bot
added
the
do-not-merge/hold
|
Going to remove the hold now that #4471 has landed. @cheesesashimi could you rebase when you get a chance? /hold cancel |
openshift-merge-robot
added
the
needs-rebase
openshift-ci
bot
removed
the
do-not-merge/hold
This adds code that reverts from a layered MachineConfigPool to a non-layered MachineConfigPool. Why this was so troublesome is: - When a MachineConfig is written to the node, it is placed in the portions of the filesystem that are mutable according to ostree. - When a container image containing those MachineConfigs is written onto the node using rpm-ostree, it technically overwrites those preexisting MachineConfigs. In doing so, the container is now claiming (for lack of a better term) ownership of those files. - The "factory" OS image does not contain these MachineConfigs. - So when we roll back from the customized image to the "factory" image, because the MachineConfig files on disk are now owned by the customized container, they are removed when the factory OS image is rebased. If an ad-hoc file is written to a mutable part of the filesystem after the container has been applied, provided that the container does not claim ownership of a file with the same name, the ad-hoc file will persist after a reboot. To take full advantage of this fact, this PR does the following: 1. Introduces a new subpackage called `pkg/daemon/runtimeassets`. The purpose of this package is to house any configs or templates that need to be applied to a node during runtime but should not be part of the clusters MachineConfig. There is the potential for this to be used by the certificate writer path in the future. 2. Introduces a `machine-config-daemon-revert.service` systemd service which is only rendered, written to the node , and enabled whenever a revert operation is being done. 3. After the file is written to the nodes' filesystem, the node reboots. 4. During the bootup, the new service detects the presence of `/etc/mco/machineconfig-revert.json` and runs the MCD in bootstrap mode to rewrite all of the configs to disk. This (unfortunately) requires a second node reboot. 5. Following the second node reboot, the node should be in the reverted configuration.
cheesesashimi
force-pushed
the
zzlotnik/revert-to-non-layered
branch
from
ce47545 to
07db49e
Compare
openshift-merge-robot
removed
the
needs-rebase
|
/lgtm I just realized the original hold is for QE verification. I'm going to re-add that in case we missed some edge cases. Feel free to unhold if no longer necessary |
openshift-ci
bot
added
do-not-merge/hold
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: cheesesashimi, yuqi-zhang The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
The failure in |
|
I'm not sure if this case is handled, so wanted to check - what happens to node annotations when reverted? related context here |
|
When reverted, the |
|
/retest-required |
Just to clarify, do you mean that annotations are set to blank, or that they are completely removed on the node object? |
I mean that they are completely removed. |
|
/hold cancel |
openshift-ci
bot
removed
the
do-not-merge/hold
|
/retest-required |
|
@cheesesashimi: all tests passed! Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
|
[ART PR BUILD NOTIFIER] Distgit: ose-machine-config-operator |
- What I did
This adds code that reverts from a layered MachineConfigPool to a non-layered MachineConfigPool.
Why this was so troublesome is:
If an ad-hoc file is written to a mutable part of the filesystem after the container has been applied, provided that the container does not claim ownership of a file with the same name, the ad-hoc file will persist after a reboot. To take full advantage of this fact, this PR does the following:
pkg/daemon/runtimeassets. The purpose of this package is to house any configs or templates that need to be applied to a node during runtime but should not be part of the clusters MachineConfig. There is the potential for this to be used by the certificate writer path in the future.machine-config-daemon-revert.servicesystemd service which is only rendered, written to the node , and enabled whenever a revert operation is being done./etc/mco/machineconfig-revert.jsonand runs the MCD in bootstrap mode to rewrite all of the configs to disk. This (unfortunately) requires a second node reboot.- How to verify it
$ onclustertesting setup --enable-feature-gate --pool=layered in-cluster-registry.$ oc label node/<nodename> 'node-role.kubernetes.io/layered='$ oc label node/<nodename> 'node-role.kubernetes.io/layered-'- Description for the changelog
Allows reverting from layered MachineConfigPool to non-layered MachineConfigPool