pause image: Disable DiagTrack service on Windows image #95950
Conversation
k8s-ci-robot
added
kind/bug
|
@claudiubelu: This issue is currently awaiting triage. If a SIG or subproject determines this is a relevant issue, they will accept it by applying the The Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
the
needs-priority
|
We also have #95840 for tracking this issue specifically. |
|
/lgtm |
k8s-ci-robot
added
the
lgtm
|
/release-note-none |
k8s-ci-robot
added
release-note-none
build/pause/Dockerfile_windows
Outdated
| COPY --from=windows-base /Windows/System32/config/SYSTEM /windows/ | ||
|
|
||
| RUN apk add chntpw | ||
| RUN printf "ed ControlSet001\Services\DiagTrack\Start\n\ |
There was a problem hiding this comment.
We were REALLY hoping to be able to do this and still build on Linux machines.
|
@claudiubelu one nit. LGTM |
claudiubelu
force-pushed
the
pause-diag-track
branch
from
a0e51fd
to
9a57dc2
Compare
k8s-ci-robot
removed
the
lgtm
|
/lgtm |
k8s-ci-robot
added
the
lgtm
|
@marosset @claudiubelu - ooh! one more what happens if you just ensure that diagtrack related dll/exe are excluded from the final image? (delete the thing! or don't copy it over) |
@dims It looks like this will actually work....! I wrote some garbage into a file, named it diagtrack.dll, then copied it over the actual dll with When I exec into the detached pause image I see C:\>sc.exe query diagtrack
[SC] EnumQueryServicesStatus:OpenService FAILED 1060:
The specified service does not exist as an installed service.
C:\>REG QUERY HKLM\SYSTEM\CurrentControlSet\Services\DiagTrack
ERROR: The system was unable to find the specified registry key or value.
C:\>REG QUERY HKLM\SYSTEM\CurrentControlSet\Services
<snip>
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\condrv
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DCLocator
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DcomLaunch
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dfsc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\disk
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache
</snip>It looks like the service never existed now - which is really strange... |
|
LOL i swear i haven't touched a windows box for over a decade. So i have no clue :) |
You might have just found your true calling. :D Come, join us. :D IMO, we could go with the solution proposed by dims. The image can be built: https://paste.ubuntu.com/p/kDJzrqtyxF/ , and checking the service on the newly built images on all the different hosts shows that the DiagTrack service is |
It has been observed that the DiagTrack service in the pause image is consuming a non-trivial amount of CPU. We don't need this service in the pause image, so we should disable it. We can disable the service by running chntpw in a docker buildx Linux stage and then copy the SYSTEM file back to the final Windows image. Co-Authored-By: Mark Rossetti <marosset@microsoft.com> Co-Authored-By: Davanum Srinivas <davanum@gmail.com>
claudiubelu
force-pushed
the
pause-diag-track
branch
from
9a57dc2
to
3f7c09e
Compare
k8s-ci-robot
added
size/XS
|
/test pull-kubernetes-bazel-test |
|
/approve Do we need to update version #? |
k8s-ci-robot
added
the
approved
|
We've bumped the pause image version to 3.4 with the initial Windows support in the image. That version has not been published / promoted yet [1]. It would be a good question if we should promote |
|
Since we haven't published/promoted this yet and we this change will help with resource consumption I think we should include this change in |
|
LGTM but someone else should probably add the label since I am listed as a co-author on this PR :) |
|
@marosset: GitHub didn't allow me to assign the following users: m2. Note that only kubernetes members, repo collaborators and people who have commented on this issue/PR can be assigned. Additionally, issues/PRs can only have 10 assignees at the same time. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/assign @michmike |
|
/lgtm |
k8s-ci-robot
added
the
lgtm
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: claudiubelu, dims, michmike The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
good workaround :) |
|
/hold cancel |
k8s-ci-robot
removed
the
do-not-merge/hold
What type of PR is this?
/kind bug
/sig windows
/sig node
What this PR does / why we need it:
It has been observed that the DiagTrack service in the pause image is consuming a non-trivial amount of CPU. We don't need
this service in the pause image, so we should disable it.
We can disable the service by running chntpw in a docker buildx Linux stage and then copy the SYSTEM file back to the final Windows image.
Co-Authored-By: Mark Rossetti marosset@microsoft.com
Which issue(s) this PR fixes:
Partially Fixes #95735
Special notes for your reviewer:
Does this PR introduce a user-facing change?:
Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.: