Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

migrations: verify source and target containerdisks using checksums #10747

Merged
merged 5 commits into from Dec 12, 2023
Merged

migrations: verify source and target containerdisks using checksums #10747

merged 5 commits into from Dec 12, 2023

Conversation

acardace
Copy link
Member

@acardace acardace commented Nov 17, 2023
edited

Starting from version 1.28 CRIO doesn't post a pullable imageID in the containerStatus field inside the Pod status.
Therefore virt-controller cannot guarantee that containerdisks pulled on the target pod will be equal to what was pulled on the source virt-launcher.

This patch makes virt-handler compute and verify CRC32 checksums of the source and target pod containerdisks to make sure they did not change.

If the checksums do not match virt-handler will fail the migration.

What this PR does / why we need it:

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #10616

Special notes for your reviewer:

Checklist

This checklist is not enforcing, but it's a reminder of items that could be relevant to every PR.
Approvers are expected to review this list.

Release note:

Fix KubeVirt for CRIO 1.28 by using checksums to verify containerdisks when migrating VMIs

@kubevirt-bot kubevirt-bot added release-note Denotes a PR that will be considered when it comes time to generate release notes. dco-signoff: no Indicates the PR's author has not DCO signed all their commits. labels Nov 17, 2023
@kubevirt-bot kubevirt-bot added kind/api-change Categorizes issue or PR as related to adding, removing, or otherwise changing an API size/L labels Nov 17, 2023
@acardace acardace force-pushed the fix-containerdisks-migrations branch from e8ee571 to edfdf6e Compare November 17, 2023 11:22
@kubevirt-bot kubevirt-bot added dco-signoff: yes Indicates the PR's author has DCO signed all their commits. and removed dco-signoff: no Indicates the PR's author has not DCO signed all their commits. labels Nov 17, 2023
@acardace
Copy link
Member Author

/cc @brianmcarey @xpivarc

@acardace
Copy link
Member Author

Unit tests are still missing, I'll be adding some shortly.

@acardace acardace force-pushed the fix-containerdisks-migrations branch from edfdf6e to fac50ef Compare November 20, 2023 10:23
@acardace
Copy link
Member Author

@xpivarc @fossedihelm the PR is ready for review

@acardace acardace force-pushed the fix-containerdisks-migrations branch from fac50ef to 5bc966d Compare November 20, 2023 11:44
fossedihelm
fossedihelm reviewed Nov 21, 2023
View reviewed changes
Copy link
Contributor

@fossedihelm fossedihelm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @acardace! Some small nit below.
IIUC if the checksum is not present, it is like a checksum match.
So, in case of upgrade with LiveMigrate workload update strategy, it can be possible that the containerdisk differ from the original one. Am I right?
Thank you!

staging/src/kubevirt.io/api/core/v1/types.go Outdated Show resolved Hide resolved
pkg/container-disk/container-disk.go Outdated Show resolved Hide resolved
vasiliy-ul
vasiliy-ul reviewed Nov 22, 2023
View reviewed changes
pkg/virt-handler/vm.go Outdated
@@ -2683,6 +2722,18 @@ func (d *VirtualMachineController) vmUpdateHelperMigrationTarget(origVMI *v1.Vir
return nil
}

// Verify container disks checksum
err = d.containerDiskMounter.VerifyChecksums(vmi)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If I understand correctly, this will change the existing behavior. In the case when floating tags are used for containerdisk images, with this change the migration will fail if a tag points to a newer version. The current implementation is sort of agnostic to that, since it refers to the image by its digest. Probably the topic 'whether the usage of floating tags is a good practice or not' is debatable, but I think that if we decide to go with this approach, it should be clearly documented that floating tags will likely cause migration failure with crio >= 1.28. WDYT?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unfortunately yes, we will break some users because Kubernetes doesn't require to report digest. I believe this is the only reasonable handling. Documenting this and discouraging users from using floating tags is a must. Note: This will be backported to 1.0 and 1.1

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just as a thought: would it make sense to mention that right in the release notes?

@akalenyu
Copy link
Contributor

akalenyu commented Nov 22, 2023
edited

Since CRIO 1.28 doesn't post a pullable imageID in the containerStatus

Isn't cri-o breaking a long-standing promise doing this, without providing an alternative?
@vasiliy-ul @haircommander WDYT?

@vasiliy-ul
Copy link
Contributor

Isn't cri-o breaking a long-standing promise doing this, without providing an alternative?

Well, it depends. Some time ago I faced a similar issue with an old containerdisk image and containerd: #7138. I investigated the topic a little bit and found this discussion (still open after several years): kubernetes/kubernetes#46255. Apparently Kubernetes does not promise that ImageID contains a unique pullable reference. It was basically our assumption at that point, since it worked for all most commonly used runtimes.

@akalenyu
Copy link
Contributor

Isn't cri-o breaking a long-standing promise doing this, without providing an alternative?

Well, it depends. Some time ago I faced a similar issue with an old containerdisk image and containerd: #7138. I investigated the topic a little bit and found this discussion (still open after several years): kubernetes/kubernetes#46255. Apparently Kubernetes does not promise that ImageID contains a unique pullable reference. It was basically our assumption at that point, since it worked for all most commonly used runtimes.

I see. I still think that during that time a lot of consumers have accumulated dependencies on this assumption, so an alternative should have at least been provided. https://www.hyrumslaw.com/

@vasiliy-ul
Copy link
Contributor

I see. I still think that during that time a lot of consumers have accumulated dependencies on this assumption, so an alternative should have at least been provided. https://www.hyrumslaw.com/

I personally tend to agree. We can potentially at least initiate a discussion, perhaps, with crio folks... or even try to bring this up to a broader k8s community (though, looking at the previously mentioned issue, which is still open after >5 years... I am not very optimistic on that).

@acardace acardace force-pushed the fix-containerdisks-migrations branch from 5bc966d to 9d46b67 Compare November 23, 2023 21:41
@acardace acardace force-pushed the fix-containerdisks-migrations branch from 9d46b67 to 6c776fd Compare November 24, 2023 07:38
@acardace
Copy link
Member Author

/retest-required

vasiliy-ul
vasiliy-ul reviewed Nov 27, 2023
View reviewed changes
pkg/container-disk/container-disk.go Outdated Show resolved Hide resolved
pkg/virt-handler/container-disk/mount.go Show resolved Hide resolved
pkg/virt-handler/container-disk/mount.go Outdated Show resolved Hide resolved
pkg/virt-handler/container-disk/mount.go Outdated Show resolved Hide resolved
pkg/virt-handler/vm.go Outdated Show resolved Hide resolved
pkg/virt-handler/vm.go Outdated
@@ -2683,6 +2722,18 @@ func (d *VirtualMachineController) vmUpdateHelperMigrationTarget(origVMI *v1.Vir
return nil
}

// Verify container disks checksum
err = d.containerDiskMounter.VerifyChecksums(vmi)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just as a thought: would it make sense to mention that right in the release notes?

staging/src/kubevirt.io/api/core/v1/types.go Outdated Show resolved Hide resolved
@acardace
Copy link
Member Author

acardace commented Dec 7, 2023

/unhold
compute lanes are passing now.

@kubevirt-bot kubevirt-bot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Dec 7, 2023
@haircommander
Copy link

Isn't cri-o breaking a long-standing promise doing this, without providing an alternative?
@vasiliy-ul @haircommander WDYT?

hey folks, sorry for chiming in late here. I do agree that we ar technically breaking behavior we've kept for a while, despite not promising that's how it would always work. The problem is really in the Kubelet relying on ImageRef when it should be thinking about ImageID. We could potentially pursue a fix there and then revert cri-o/cri-o#7149 to have imageRef refer to the image originally pulled, but until we can fix the underlying issue in cri-o/cri-o#7143 we have to choose kubelet compatibility over kubevirt cc @saschagrunert

@acardace
Copy link
Member Author

acardace commented Dec 7, 2023

@vasiliy-ul @xpivarc please take a look

vasiliy-ul
vasiliy-ul approved these changes Dec 11, 2023
View reviewed changes
Copy link
Contributor

@vasiliy-ul vasiliy-ul left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good overall. Just added one suggestion inline.

pkg/virt-handler/container-disk/mount.go Outdated Show resolved Hide resolved
@kubevirt-bot kubevirt-bot added the lgtm Indicates that a PR is ready to be merged. label Dec 11, 2023
@acardace
migrations: verify source and target containerdisks using a CRC32 che…
921efe2 
…cksum

Since CRIO 1.28 doesn't post a pullable imageID in the containerStatus
field inside the Pod status, this patch makes virt-handler compute and
verify CRC32 checksums of the source and target pod containerdisks.

If the checksum do not match virt-handler will fail the migration.

Signed-off-by: Antonio Cardace <acardace@redhat.com>
@acardace
virt-handler: improve containerdisk mockability
9717e40 
Signed-off-by: Antonio Cardace <acardace@redhat.com>
@acardace
containerdisks: add checksum unit tests
baa1e83 
Signed-off-by: Antonio Cardace <acardace@redhat.com>
@acardace
virt-handler: refactor container-disk/mount.go
41ca882 
Refactor to re-use `getRootDiskPath()` and `getKernelArtifactPaths`
to reduce code duplication.

Signed-off-by: Antonio Cardace <acardace@redhat.com>
@acardace
virt-handler: add 32Mi to mem request
8de93af 
to account for the 32Mi buffer used to verify containerdisk checksums

Signed-off-by: Antonio Cardace <acardace@redhat.com>
@acardace acardace force-pushed the fix-containerdisks-migrations branch from 4121b74 to 8de93af Compare December 11, 2023 11:34
@kubevirt-bot kubevirt-bot removed the lgtm Indicates that a PR is ready to be merged. label Dec 11, 2023
@kubevirt-bot kubevirt-bot added the lgtm Indicates that a PR is ready to be merged. label Dec 11, 2023
@xpivarc
Copy link
Member

xpivarc commented Dec 11, 2023

I am going to review this today.

@kbidarkar
Copy link
Contributor

/retest-required

@dhiller
Copy link
Contributor

dhiller commented Dec 12, 2023
edited

@dhiller's review-bot says:

  • 👎 This doesn't look like a simple kubevirtci bump.
I found suspicious hunks:

Files:

  • vendor/github.com/onsi/ginkgo/v2/types/version.go
  • pkg/virt-operator/resource/generate/rbac/cluster.go
  • hack/generate.sh
  • tests/vmi_gpu_test.go
  • vendor/sigs.k8s.io/structured-merge-diff/v4/schema/schemaschema.go
  • hack/build-go.sh
  • staging/src/kubevirt.io/client-go/generated/prometheus-operator/clientset/versioned/typed/monitoring/v1/fake/fake_monitoring_client.go
  • pkg/virt-handler/non-root.go
  • staging/src/kubevirt.io/client-go/generated/prometheus-operator/clientset/versioned/typed/monitoring/v1/fake/fake_podmonitor.go
  • vendor/google.golang.org/protobuf/proto/size.go
  • vendor/k8s.io/klog/v2/k8s_references.go
  • vendor/github.com/onsi/ginkgo/v2/ginkgo/generators/generators_common.go
  • pkg/virt-launcher/virtwrap/manager.go
  • vendor/github.com/google/uuid/uuid.go
  • pkg/virt-api/definitions/definitions.go
  • staging/src/kubevirt.io/client-go/generated/prometheus-operator/clientset/versioned/typed/monitoring/v1/podmonitor.go
  • pkg/virt-operator/resource/generate/rbac/BUILD.bazel
  • pkg/virt-operator/util/client.go
  • pkg/virt-operator/resource/generate/components/BUILD.bazel
  • vendor/github.com/google/uuid/.travis.yml
  • staging/src/kubevirt.io/api/clone/v1alpha1/types_swagger_generated.go
  • go.sum
  • vendor/github.com/onsi/gomega/matchers/be_an_existing_file.go
  • vendor/k8s.io/utils/pointer/pointer.go
  • vendor/github.com/onsi/ginkgo/v2/reporters/junit_report.go
  • pkg/virt-operator/util/BUILD.bazel
  • staging/src/kubevirt.io/api/core/v1/schema.go
  • pkg/virt-controller/watch/clone/BUILD.bazel
  • vendor/google.golang.org/protobuf/types/descriptorpb/descriptor.pb.go
  • vendor/github.com/onsi/gomega/matchers/be_a_directory.go
  • pkg/virt-handler/container-disk/generated_mock_mount.go
  • manifests/generated/kv-resource.yaml
  • staging/src/kubevirt.io/client-go/generated/prometheus-operator/clientset/versioned/typed/monitoring/v1/fake/fake_thanosruler.go
  • pkg/virt-launcher/virtwrap/converter/network.go
  • pkg/network/setup/netstat.go
  • manifests/generated/operator-csv.yaml.in
  • staging/src/kubevirt.io/client-go/generated/prometheus-operator/clientset/versioned/scheme/register.go
  • vendor/github.com/onsi/ginkgo/v2/ginkgo/generators/generate_command.go
  • tests/decorators/decorators.go
  • pkg/virt-operator/resource/apply/BUILD.bazel
  • pkg/virt-operator/resource/generate/components/prometheus.go
  • vendor/github.com/emicklei/go-restful/v3/CHANGES.md
  • pkg/virt-handler/BUILD.bazel
  • vendor/github.com/onsi/gomega/matchers.go
  • pkg/virt-operator/resource/generate/components/validations_generated.go
  • staging/src/kubevirt.io/client-go/generated/prometheus-operator/clientset/versioned/scheme/BUILD.bazel
  • pkg/virt-api/webhooks/validating-webhook/admitters/vms-admitter_test.go
  • tests/infrastructure/prometheus.go
  • staging/src/kubevirt.io/client-go/generated/prometheus-operator/clientset/versioned/typed/monitoring/v1/servicemonitor.go
  • tools/doc-generator/BUILD.bazel
  • pkg/virtctl/BUILD.bazel
  • staging/src/kubevirt.io/api/core/v1/types.go
  • hack/prom-rule-ci/prom-rules-tests.yaml
  • staging/src/kubevirt.io/client-go/generated/prometheus-operator/clientset/versioned/typed/monitoring/v1/BUILD.bazel
  • hack/bootstrap.sh
  • vendor/github.com/coreos/prometheus-operator/pkg/apis/monitoring/v1/crd_kinds.go
  • pkg/instancetype/compatibility_test.go
  • tests/clone_test.go
  • vendor/github.com/google/uuid/node_js.go
  • pkg/hooks/manager_test.go
  • vendor/github.com/go-openapi/jsonpointer/pointer.go
  • tests/libnode/node.go
  • pkg/virt-api/webhooks/validating-webhook/admitters/vms-admitter.go
  • pkg/network/domainspec/BUILD.bazel
  • vendor/golang.org/x/oauth2/oauth2.go
  • pkg/virt-controller/services/multus_annotations.go
  • docs/release-v1-perf-scale-benchmarks.md
  • vendor/sigs.k8s.io/structured-merge-diff/v4/schema/elements.go
  • pkg/network/setup/network.go
  • vendor/github.com/coreos/prometheus-operator/pkg/apis/monitoring/v1/register.go
  • pkg/virt-api/webhooks/validating-webhook/admitters/vmclone-admitter.go
  • vendor/google.golang.org/protobuf/types/known/anypb/any.pb.go
  • tests/numa/numa.go
  • vendor/google.golang.org/appengine/urlfetch/BUILD.bazel
  • vendor/github.com/emicklei/go-restful/v3/route_builder.go
  • vendor/golang.org/x/oauth2/internal/oauth2.go
  • vendor/github.com/onsi/ginkgo/v2/internal/focus.go
  • pkg/virt-operator/resource/apply/instancetypes.go
  • staging/src/kubevirt.io/client-go/generated/prometheus-operator/clientset/versioned/typed/monitoring/v1/alertmanager.go
  • vendor/github.com/evanphx/json-patch/patch.go
  • vendor/google.golang.org/protobuf/internal/genid/descriptor_gen.go
  • pkg/virt-api/rest/authorizer.go
  • pkg/virt-operator/resource/generate/components/prometheus_test.go
  • tests/BUILD.bazel
  • staging/src/kubevirt.io/client-go/api/openapi_generated.go
  • pkg/hooks/BUILD.bazel
  • staging/src/kubevirt.io/client-go/generated/prometheus-operator/clientset/versioned/typed/monitoring/v1/fake/fake_servicemonitor.go
  • tests/vmi_configuration_test.go
  • pkg/virt-controller/watch/vmi_test.go
  • tests/monitoring/monitoring.go
  • vendor/github.com/imdario/mergo/README.md
  • tests/performance/BUILD.bazel
  • pkg/virt-config/feature-gates.go
  • tests/network/vmi_infosource.go
  • vendor/github.com/onsi/ginkgo/v2/internal/ordering.go
  • vendor/google.golang.org/appengine/internal/BUILD.bazel
  • pkg/virt-handler/container-disk/mount_test.go
  • tests/usb/usb.go
  • tests/usb/BUILD.bazel
  • docs/metrics.md
  • pkg/virt-launcher/virtwrap/converter/converter_test.go
  • tests/infrastructure/tls-configuration.go
  • pkg/hooks/manager.go
  • pkg/virtctl/create/clone/clone.go
  • pkg/virt-operator/kubevirt_test.go
  • vendor/github.com/coreos/prometheus-operator/pkg/apis/monitoring/v1/types.go
  • staging/src/kubevirt.io/api/core/v1/schema_swagger_generated.go
  • cmd/sidecars/BUILD.bazel
  • tests/migration/migration.go
  • vendor/github.com/go-openapi/jsonreference/internal/normalize_url.go
  • staging/src/kubevirt.io/client-go/generated/prometheus-operator/clientset/versioned/typed/monitoring/v1/thanosruler.go
  • vendor/google.golang.org/protobuf/encoding/prototext/encode.go
  • pkg/host-disk/host-disk_test.go
  • pkg/virt-handler/container-disk/BUILD.bazel
  • pkg/virt-controller/services/template_test.go
  • pkg/virt-launcher/virtwrap/converter/vcpu/vcpu.go
  • pkg/virt-operator/resource/apply/prometheus_test.go
  • cmd/sidecars/sidecar_shim.go
  • pkg/virt-controller/services/renderresources.go
  • go.mod
  • vendor/github.com/onsi/gomega/matchers/have_exact_elements.go
  • pkg/container-disk/container-disk_test.go
  • hack/prom-rule-ci/BUILD.bazel
  • vendor/google.golang.org/appengine/internal/main_vm.go
  • tests/hotplug/BUILD.bazel
  • vendor/github.com/coreos/prometheus-operator/pkg/apis/monitoring/v1/thanos_types.go
  • vendor/github.com/go-logfmt/logfmt/README.md
  • vendor/google.golang.org/appengine/internal/main.go
  • staging/src/kubevirt.io/client-go/generated/prometheus-operator/clientset/versioned/fake/register.go
  • vendor/github.com/coreos/prometheus-operator/pkg/apis/monitoring/v1/bindata.go
  • pkg/virt-operator/resource/generate/install/strategy.go
  • vendor/github.com/onsi/gomega/CHANGELOG.md
  • tests/storage/hotplug.go
  • vendor/google.golang.org/appengine/internal/api_classic.go
  • pkg/virt-controller/watch/clone/vm-target.go
  • vendor/google.golang.org/appengine/internal/identity_classic.go
  • pkg/virt-handler/container-disk/mount.go
  • vendor/google.golang.org/appengine/internal/api.go
  • vendor/golang.org/x/oauth2/internal/BUILD.bazel
  • tests/network/hotplug_bridge.go
  • rpm/BUILD.bazel
  • hack/prom-rule-ci/rule-spec-dumper.go
  • pkg/instancetype/instancetype_test.go
  • vendor/google.golang.org/appengine/internal/identity_flex.go
  • pkg/virt-operator/resource/apply/prometheus.go
  • pkg/virt-operator/resource/apply/reconcile.go
  • vendor/github.com/onsi/ginkgo/v2/reporters/teamcity_report.go
  • pkg/virt-launcher/virtwrap/converter/converter.go
  • vendor/golang.org/x/oauth2/internal/token.go
  • pkg/handler-launcher-com/cmd/v1/cmd.proto
  • staging/src/kubevirt.io/client-go/go.sum
  • vendor/github.com/emicklei/go-restful/v3/constants.go
  • vendor/golang.org/x/oauth2/internal/client_appengine.go
  • vendor/sigs.k8s.io/structured-merge-diff/v4/value/reflectcache.go
  • vendor/google.golang.org/appengine/internal/api_common.go
  • tests/monitoring/BUILD.bazel
  • pkg/controller/BUILD.bazel
  • pkg/virt-api/webhooks/validating-webhook/admitters/vmclone-admitter_test.go
  • staging/src/kubevirt.io/client-go/go.mod
  • hack/gen-proto.sh
  • vendor/github.com/coreos/prometheus-operator/pkg/apis/monitoring/v1/BUILD.bazel
  • manifests/generated/rbac-operator.authorization.k8s.yaml.in
  • vendor/github.com/coreos/prometheus-operator/pkg/apis/monitoring/BUILD.bazel
  • vendor/golang.org/x/oauth2/token.go
  • tests/performance/realtime.go
  • vendor/github.com/google/uuid/CONTRIBUTING.md
  • vendor/github.com/onsi/gomega/matchers/be_a_regular_file.go
  • pkg/network/setup/netstat_test.go
  • vendor/github.com/onsi/gomega/.gitignore
  • vendor/github.com/google/uuid/README.md
  • hack/cluster-deploy.sh
  • vendor/github.com/onsi/gomega/gomega_dsl.go
  • vendor/k8s.io/klog/v2/klog.go
  • vendor/github.com/go-openapi/swag/util.go
  • vendor/github.com/onsi/ginkgo/v2/internal/node.go
  • tests/containerdisk/containerdisk.go
  • staging/src/kubevirt.io/client-go/generated/prometheus-operator/clientset/versioned/typed/monitoring/v1/fake/fake_prometheusrule.go
  • vendor/github.com/emicklei/go-restful/v3/route.go
  • vendor/github.com/emicklei/go-restful/v3/README.md
  • automation/repeated_test.sh
  • /dev/null
  • pkg/virt-handler/device-manager/usb_device.go
  • pkg/virt-operator/resource/generate/components/daemonsets.go
  • tests/framework/checks/BUILD.bazel
  • WORKSPACE
  • tests/network/bindingplugin.go
  • pkg/virt-config/virt-config.go
  • staging/src/kubevirt.io/client-go/generated/prometheus-operator/clientset/versioned/typed/monitoring/v1/fake/BUILD.bazel
  • vendor/google.golang.org/protobuf/internal/encoding/text/encode.go
  • tests/network/primary_pod_network.go
  • pkg/virt-handler/isolation/isolation.go
  • staging/src/kubevirt.io/api/clone/v1alpha1/types.go
  • tests/monitoring/vm_monitoring.go
  • vendor/k8s.io/klog/v2/internal/serialize/keyvalues.go
  • vendor/k8s.io/utils/pointer/BUILD.bazel
  • staging/src/kubevirt.io/client-go/generated/prometheus-operator/clientset/versioned/typed/monitoring/v1/prometheusrule.go
  • pkg/virtctl/root.go
  • pkg/hooks/generated_mock_manager.go
  • vendor/github.com/go-logfmt/logfmt/decode.go
  • vendor/modules.txt
  • pkg/virt-operator/resource/apply/delete.go
  • staging/src/kubevirt.io/client-go/generated/prometheus-operator/clientset/versioned/typed/monitoring/v1/prometheus.go
  • vendor/github.com/go-logfmt/logfmt/CHANGELOG.md
  • staging/src/kubevirt.io/client-go/generated/prometheus-operator/clientset/versioned/typed/monitoring/v1/fake/fake_alertmanager.go
  • vendor/google.golang.org/protobuf/internal/order/order.go
  • vendor/google.golang.org/protobuf/types/known/timestamppb/timestamp.pb.go
  • pkg/virt-controller/services/template.go
  • pkg/virt-controller/watch/clone/clone.go
  • vendor/google.golang.org/appengine/internal/identity.go
  • tests/vmi_hook_sidecar_test.go
  • vendor/github.com/onsi/ginkgo/v2/ginkgo/generators/generate_templates.go
  • tools/doc-generator/doc-generator.go
  • vendor/google.golang.org/protobuf/encoding/protojson/encode.go
  • vendor/github.com/emicklei/go-restful/v3/response.go
  • pkg/instancetype/instancetype.go
  • vendor/google.golang.org/appengine/internal/transaction.go
  • vendor/sigs.k8s.io/structured-merge-diff/v4/value/mapunstructured.go
  • vendor/google.golang.org/appengine/urlfetch/urlfetch.go
  • vendor/google.golang.org/protobuf/reflect/protoreflect/source_gen.go
  • tests/operator/operator.go
  • pkg/rest/mime.go
  • pkg/virt-handler/vm.go
  • pkg/controller/virtinformers.go
  • cmd/virt-launcher/virt-launcher.go
  • staging/src/kubevirt.io/api/core/v1/deepcopy_generated.go
  • pkg/virt-operator/resource/apply/instancetype_test.go
  • pkg/virt-api/webhooks/validating-webhook/admitters/vmi-create-admitter.go
  • tests/hotplug/cpu.go
  • vendor/github.com/onsi/ginkgo/v2/reporters/json_report.go
  • pkg/host-disk/host-disk.go
  • pkg/instancetype/BUILD.bazel
  • staging/src/kubevirt.io/client-go/generated/prometheus-operator/clientset/versioned/fake/BUILD.bazel
  • pkg/virt-api/webhooks/validating-webhook/admitters/BUILD.bazel
  • vendor/github.com/emicklei/go-restful/v3/request.go
  • pkg/virt-api/webhooks/validating-webhook/admitters/vmi-create-admitter_test.go
  • tests/guestlog/guestlog.go
  • vendor/google.golang.org/protobuf/internal/genid/type_gen.go
  • vendor/google.golang.org/protobuf/internal/encoding/json/encode.go
  • pkg/hooks/info/info.go
  • pkg/container-disk/container-disk.go
  • vendor/k8s.io/klog/v2/BUILD.bazel
  • pkg/handler-launcher-com/cmd/v1/cmd.pb.go
  • staging/src/kubevirt.io/client-go/generated/prometheus-operator/clientset/versioned/typed/monitoring/v1/generated_expansion.go
  • vendor/github.com/onsi/ginkgo/v2/internal/suite.go
  • vendor/github.com/coreos/prometheus-operator/NOTICE
  • pkg/virt-launcher/virtwrap/device/hostdevice/hostdev.go
  • pkg/virt-api/api.go
  • pkg/virt-launcher/virtwrap/live-migration-target.go
  • vendor/google.golang.org/appengine/internal/identity_vm.go
  • api/openapi-spec/swagger.json
  • pkg/network/domainspec/interface.go
  • pkg/virt-launcher/virtwrap/live-migration-source.go
  • pkg/virt-handler/vm_test.go
  • pkg/virt-operator/BUILD.bazel
  • staging/src/kubevirt.io/client-go/generated/prometheus-operator/clientset/versioned/typed/monitoring/v1/fake/fake_prometheus.go
  • vendor/sigs.k8s.io/structured-merge-diff/v4/typed/validate.go
  • pkg/virt-launcher/virtwrap/converter/BUILD.bazel
  • vendor/github.com/onsi/gomega/format/format.go
  • pkg/virt-launcher/virtwrap/api/schema.go
  • staging/src/kubevirt.io/client-go/generated/prometheus-operator/clientset/versioned/typed/monitoring/v1/monitoring_client.go
  • tests/monitoring/prometheus_utils.go
  • pkg/virt-controller/services/renderresources_test.go
  • vendor/sigs.k8s.io/structured-merge-diff/v4/typed/typed.go
  • vendor/google.golang.org/protobuf/internal/version/version.go
  • tests/libnode/BUILD.bazel
  • pkg/virt-launcher/virtwrap/api/deepcopy_generated.go
  • vendor/sigs.k8s.io/structured-merge-diff/v4/typed/merge.go
  • pkg/virt-controller/watch/clone/util.go
  • pkg/virt-controller/watch/vmi.go
  • vendor/sigs.k8s.io/structured-merge-diff/v4/value/mapreflect.go
  • vendor/github.com/onsi/ginkgo/v2/CHANGELOG.md
  • pkg/virt-operator/resource/generate/install/BUILD.bazel
  • staging/src/kubevirt.io/api/core/v1/types_swagger_generated.go
  • pkg/network/setup/podnic.go
  • staging/src/kubevirt.io/api/clone/v1alpha1/deepcopy_generated.go
  • pkg/virt-api/BUILD.bazel
  • pkg/virt-controller/watch/clone/clone_test.go
  • vendor/github.com/coreos/prometheus-operator/pkg/apis/monitoring/v1/zz_generated.deepcopy.go

This PR does not satisfy at least one automated review criteria.

This PR does not require further manual action.

Note: botreview (kubevirt/project-infra#3100) is a Work In Progress!

@dhiller dhiller mentioned this pull request Dec 12, 2023
Open
24 tasks
xpivarc
xpivarc reviewed Dec 12, 2023
View reviewed changes
Copy link
Member

@xpivarc xpivarc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/approve

pkg/virt-handler/container-disk/mount.go
func (m *mounter) getContainerDiskPath(vmi *v1.VirtualMachineInstance, volume *v1.Volume, volumeIndex int) (*safepath.Path, error) {
sock, err := m.socketPathGetter(vmi, volumeIndex)
if err != nil {
return nil, ErrDiskContainerGone
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: The caller of getContainerDiskPath or caller of the caller could just check errors.Is(err, os.ErrNotExist)

@kubevirt-bot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: xpivarc

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@kubevirt-bot kubevirt-bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Dec 12, 2023
@kubevirt-bot kubevirt-bot merged commit 836ed33 into kubevirt:main Dec 12, 2023
37 checks passed
@fossedihelm
Copy link
Contributor

/cherrypick release-1.1

@kubevirt-bot kubevirt-bot mentioned this pull request Dec 12, 2023
Merged
@kubevirt-bot
Copy link
Contributor

@fossedihelm: new pull request created: #10873

In response to this:

/cherrypick release-1.1

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@acardace
Copy link
Member Author

/cherrypick release-1.0

@kubevirt-bot
Copy link
Contributor

@acardace: #10747 failed to apply on top of branch "release-1.0":

Applying: migrations: verify source and target containerdisks using a CRC32 checksum
Using index info to reconstruct a base tree...
M	api/openapi-spec/swagger.json
M	pkg/container-disk/container-disk.go
M	pkg/virt-controller/services/template.go
M	pkg/virt-handler/container-disk/mount.go
M	pkg/virt-handler/vm.go
M	pkg/virt-operator/resource/generate/components/validations_generated.go
M	staging/src/kubevirt.io/api/core/v1/deepcopy_generated.go
M	staging/src/kubevirt.io/api/core/v1/types.go
M	staging/src/kubevirt.io/api/core/v1/types_swagger_generated.go
M	staging/src/kubevirt.io/client-go/api/openapi_generated.go
Falling back to patching base and 3-way merge...
Auto-merging staging/src/kubevirt.io/client-go/api/openapi_generated.go
CONFLICT (content): Merge conflict in staging/src/kubevirt.io/client-go/api/openapi_generated.go
Auto-merging staging/src/kubevirt.io/api/core/v1/types_swagger_generated.go
Auto-merging staging/src/kubevirt.io/api/core/v1/types.go
Auto-merging staging/src/kubevirt.io/api/core/v1/deepcopy_generated.go
Auto-merging pkg/virt-operator/resource/generate/components/validations_generated.go
Auto-merging pkg/virt-handler/vm.go
Auto-merging pkg/virt-handler/container-disk/mount.go
Auto-merging pkg/virt-controller/services/template.go
Auto-merging pkg/container-disk/container-disk.go
Auto-merging api/openapi-spec/swagger.json
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
Patch failed at 0001 migrations: verify source and target containerdisks using a CRC32 checksum
When you have resolved this problem, run "git am --continue".
If you prefer to skip this patch, run "git am --skip" instead.
To restore the original branch and stop patching, run "git am --abort".

In response to this:

/cherrypick release-1.0

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@brianmcarey brianmcarey mentioned this pull request Dec 13, 2023
Merged
@chenrui333 chenrui333 mentioned this pull request Mar 6, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@0xFelix 0xFelix 0xFelix left review comments

@fossedihelm fossedihelm fossedihelm left review comments

@xpivarc xpivarc xpivarc left review comments

@akalenyu akalenyu akalenyu left review comments

@vasiliy-ul vasiliy-ul vasiliy-ul approved these changes

@brianmcarey brianmcarey Awaiting requested review from brianmcarey

Assignees

@vasiliy-ul vasiliy-ul

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. dco-signoff: yes Indicates the PR's author has DCO signed all their commits. kind/api-change Categorizes issue or PR as related to adding, removing, or otherwise changing an API lgtm Indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/XXL
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

VM Migrations fail on clusters with cri-o version v1.28