Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

podvm: revert agent-config path to /etc #1627

Merged
merged 1 commit into from
Dec 20, 2023
Merged

podvm: revert agent-config path to /etc #1627

merged 1 commit into from
Dec 20, 2023

Conversation

mkulke
Copy link
Contributor

@mkulke mkulke commented Dec 19, 2023

The ./podvm kata-agent unit has been set to use a config file in /etc. Having the kata-agent config file in /run will break the CAA libvirt tests, since we have dependencies that rely on the config being in /etc. ./podvm-mkosi will override this path to a configuration in /run.

Tested w/ PodVM images built w/ packer + mkosi

@stevenhorsman stevenhorsman added the test_e2e_libvirt Run Libvirt e2e tests label Dec 19, 2023
stevenhorsman
stevenhorsman approved these changes Dec 19, 2023
View reviewed changes
Copy link
Member

@stevenhorsman stevenhorsman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code LGTM, I'm trying it out on s390x with packer just to test, but if libvirt-e2e ci test pass then that's good enough for me.

@stevenhorsman
Copy link
Member

I guess there is still the question of whether the guest-components that read directly from /etc/agent-config.toml will be broken in the mkosi build if that is still using the new /run/peerpods/ path?

@stevenhorsman
Copy link
Member

libvirt-e2e ci test pass then that's good enough for me

Just the secrets test failed in the CI and that could be due to the nginx layers ordering issues, so I think it's fine.

=== RUN   TestLibvirtCreatePodWithSecret/SecretPeerPod_test/Secret_has_been_created_and_contains_data
    assessment_runner_test.go:344: 
    assessment_runner_test.go:345: Internal error occurred: error executing command in container: failed to exec in container: failed to start exec "32ce47417d75e209e51f7aacaa0b1e136587114bb2ba8d465698b20c39dd6bcd": cannot enter container 86e0eb56d6f2cc18357ea3ae33ed949a8f8eb929763909b6b13c2e42495f416c, with err Container not ready or running, impossible to enter: unknown
time="2023-12-19T13:56:35Z" level=info msg="Deleting Secret... nginx-secret"
time="2023-12-19T13:56:35Z" level=info msg="Deleting pod nginx-secret-pod..."
time="2023-12-19T13:56:40Z" level=info msg="Pod nginx-secret-pod has been successfully deleted within 60s"
--- FAIL: TestLibvirtCreatePodWithSecret (82.38s)
    --- FAIL: TestLibvirtCreatePodWithSecret/SecretPeerPod_test (82.38s)
        --- FAIL: TestLibvirtCreatePodWithSecret/SecretPeerPod_test/Secret_has_been_created_and_contains_data (6.21s)

@mkulke
Copy link
Contributor Author

mkulke commented Dec 19, 2023

I guess there is still the question of whether the guest-components that read directly from /etc/agent-config.toml will be broken in the mkosi build if that is still using the new /run/peerpods/ path?

yes, independently from this PR, cc_kbc doesn't work w/ mkosi at the moment, as the relevant paths are hardcoded in guest-components, so we need to add a fix for that still.

@mkulke mkulke force-pushed the mkulke/revert-podvm-agentconfig-path branch from 21c4595 to 8003dab Compare December 19, 2023 14:52
@stevenhorsman stevenhorsman mentioned this pull request Dec 19, 2023
Merged
@mkulke mkulke requested a review from bpradipt December 19, 2023 17:00
@mkulke
podvm: revert agent-config path to /etc
903989a 
The ./podvm kata-agent unit has been set to use a config file in /etc. Having the kata-agent
config file in /run will break the CAA libvirt tests, since we have dependencies that rely
on the config being in /etc. ./podvm-mkosi will override this path to a configuration in
/run.

Signed-off-by: Magnus Kulke <magnuskulke@microsoft.com>
liudalibj
liudalibj approved these changes Dec 20, 2023
View reviewed changes
Copy link
Member

@liudalibj liudalibj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, with this fix, it will unblock the daily e2e-test for ibmcloud and libvirt.
Thanks @mkulke

@mkulke mkulke force-pushed the mkulke/revert-podvm-agentconfig-path branch from 8003dab to 903989a Compare December 20, 2023 06:55
@mkulke mkulke requested a review from bpradipt December 20, 2023 06:56
@mkulke mkulke merged commit c70971e into confidential-containers:main Dec 20, 2023
25 checks passed
@mkulke mkulke deleted the mkulke/revert-podvm-agentconfig-path branch December 20, 2023 07:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@surajssd surajssd surajssd approved these changes

@stevenhorsman stevenhorsman stevenhorsman approved these changes

@liudalibj liudalibj liudalibj approved these changes

@wainersm wainersm Awaiting requested review from wainersm

@katexochen katexochen Awaiting requested review from katexochen

@bpradipt bpradipt Awaiting requested review from bpradipt

Assignees
No one assigned
Labels
test_e2e_libvirt Run Libvirt e2e tests
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@mkulke @stevenhorsman @surajssd @bpradipt @liudalibj