providers/qemu: support Ignition block device on s390x and ppc64le #905
Conversation
|
See coreos/coreos-assembler#1004 (comment) |
|
we need the same mechanism for ppc too since ppc doesn't support fw_cfg ..should the qemu provider just support fetching config from the config-drive for non x86 arches ? Of course for ppc , we still need the cluster-api-provider libvirt to support config drive just like for s390x so we can make use of it - but i am bringing this up for the sake of a long term discussion |
|
If we introduce a hack, we need an exit strategy too. What's the plan for when we want to remove this? |
|
@dbenoit17 we need to re-initiate this discussion so that we can get this to work for s390x |
|
@Prashanth684 Were you able to test this? Once this goes in, it's going to be harder to move to something cleaner. Just quickly, has the alternative @lucab mentioned here been investigated? #825 (comment). |
@jlebon No I have not tested this fix yet, we have just been using the openstack image itself to run the CI. I will build try to test this fix and let you know. As for #825 , we need some kvm experts from IBM to look into this and give their feedback. I will take this as an action item to talk to some of their kvm experts and get some suggestions from them, but I'm guessing it won't be done anytime soon as #825 has been open for a while now. We need this change for CI on Openshift 4.3 for s390x and that means this fix is our only viable option for now. |
Just tested this on s390x and it works. @jlebon another alternative to getting the fix upstream is to just patch the downstream Ignition rpm spec for RHCOS since this is specifically needed only in the RHCOS image used by Openshift CI s390x pipeline. This patch would have to carried-forward downstream till #825 is addressed. |
|
I don't honestly see a feasible plan (actions+timeline) to ever get out of this terrible hack without breaking the whole world; does that plan exist somewhere? Additionally, there has been literally no effort in investigating how to do this in a non-hackish way with platform-specific capabilities of |
|
We're discussing changing the semantics for QEMU here: #928 |
I think the problem was when #825 was opened, it was not opened with the motive to find a solution in qemu itself but rather to work around it. The IBM team went with the config drive solution for the Openshift installer, the problem being that with the config drive approach, it would only work with Openstack platform. So for most of their and our CI testing, we were using the Openstack image. But now with the automated CI, we only have the option of using the qemu image (since this was turned down: openshift/installer#2092). We are also discussing an alternative to somehow use the Openstack image for CI instead of the qemu image which would be a better way to do it. |
|
Can we move forward with this and just put a big "experimental" label on it? Within OpenShift, our customers don't actually make use of this mechanism anyway (we recommend using |
Is there a way to do this at the technical level? Or is it more of a policy thing? I guess for now we can just print scary warnings on the console or something. |
|
I think it would be a combination of policy and a s̰̮̉ͮ̇c̞̠̮̤͍͔̊̚ͅa͈̟̘̬̲̟̅̾͋̆r̳̘͎̭͚̦̐̉̀͑͐̋̓y̆͋̓ͫ ̣̺̤͈̪͛̊͂ͩ̃̉̚w̞͍̣̍̓̓̌a͉̗͇̻͈͉̻r̜̜͖͎͖̜͛̈́ͅniͣn͖̼̹̓̓̓͋̐gͪͧ͊͗ͮͪ̂. We could bother with creating a feature flag mechanism eventually, but that seems overkill for this. |
jlebon
changed the title
@Prashanth684 Can you test this on s390x and ppc64le? |
Thanks @jlebon . Will do. @crawford going ahead with this option would require changes to the terraform-libvirt-provider which would then have to be bumped in the Openshift installer FYI. So we have to be prepared for that. And the cluster-api-provider-libvirt too. |
works on s390x. i was able to bring up an rhcos VM up with terraform. will also test ppc64le |
works on ppc64le as well. |
That's okay. We had to do that in the 4.2 branch as well. Fortunately, libvirt is not a supported platform, so there is relatively little risk. |
|
Had a chat with @lucab and we've agreed that re-using the same |
Add experimental support for fetching Ignition configs via a virtio block device with serial `ignition`. The main advantage of this is that it is cross-platform. But for now, we only use it on platforms which don't support the QEMU firmware config approach, which are (of those we care about) s390x and ppc64le. We may end up using it across the remaining platforms. See related discussions in: coreos#928
This finally unifies the advantages of `cosa run` and `kola spawn`. I kept getting annoyed by how serial console sizing is broken (e.g. trying to use `less` etc.). Using `ssh` via `kola spawn` addresses that, but it means you can't debug the initramfs. Now things work in an IMO pretty cool way; if you do e.g. `cosa run --kargs ignition.config.url=blah://` (or inject a bad Ignition config) to cause a failure in the initramfs, you'll see a nice error (building on coreos/ignition-dracut#146 ) telling you to rerun with `cosa run --devshell-console`. Things are also wired up cleanly so that we support rebooting with the equivalent of `kola spawn --reconnect` (which we should probably remove now). You can exit via *either* quitting SSH cleanly or using `poweroff`, and the lifecycle of ssh and qemu is wired together. And finally, if we detect a cosa workdir we also bind it in by default. More to come here, such as auto-injecting debugging tools and containers.
|
What's the qemu incantation to use this? The "convenience" |
Yeah, (This is also what kola does for |
…fault Move from injecting ingnition directly in to the VM image on non-fw_cfg architectures to passing it via virtio-blk device. It should be more performant and should be more robust going forward. See: coreos/ignition#905
…fault Move from injecting ingnition directly in to the VM image on non-fw_cfg architectures to passing it via virtio-blk device. It should be more performant and should be more robust going forward. See: coreos/ignition#905
|
For anyone in the future who stumbles upon this like I did: @jebon pointed me at #928 (comment) so this should work instead of passing |
Add experimental support for fetching Ignition configs via a virtio
block device with serial/ID
ignition.The main advantage of this is that it is cross-platform. But for now, we
only use it on platforms which don't support the QEMU firmware config
approach, which are (of those we care about) s390x and ppc64le. We may
end up using it across the remaining platforms.
See related discussions in:
#928