OCPBUGS-33227: Use openshift-install binary for releases >= 4.16 #6304
Conversation
openshift-ci-robot
added
jira/severity-critical
|
@carbonin: This pull request references Jira Issue OCPBUGS-33227, which is invalid:
Comment The bug has been updated to refer to the pull request using the external bug tracker. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
openshift-ci-robot
added
the
jira/invalid-bug
openshift-ci
bot
added
the
size/L
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: carbonin The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
|
/jira refresh |
openshift-ci-robot
added
jira/valid-bug
|
@carbonin: This pull request references Jira Issue OCPBUGS-33227, which is valid. The bug has been moved to the POST state. 3 validation(s) were run on this bug
No GitHub users were found matching the public email listed for the QA contact in Jira (josclark@redhat.com), skipping review request. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #6304 +/- ##
==========================================
+ Coverage 68.27% 68.28% +0.01%
==========================================
Files 241 241
Lines 35863 35873 +10
==========================================
+ Hits 24486 24497 +11
Misses 9214 9214
+ Partials 2163 2162 -1
|
In 4.16 the installer binaries started to be built against EL9 libraries rather than EL8. Additionally support for baremetal installs was added to the `openshift-install` binary which was also made statically linked. This means that using `openshift-baremetal-install` from a 4.16 release on an EL8-based image will cause errors like: ``` Failed to prepare the installation due to an unexpected error: failed generating install config for cluster 47ff23ae-012a-421e-89a9-8ae1ca04a67f: error running openshift-install manifests, /data/install-config-generate/installercache/quay.io/openshift-release-dev/ocp-release:4.16.0-rc.0-x86_64/ln_1715091595_openshift-baremetal-install: /lib64/libc.so.6: version `GLIBC_2.34' not found (required by /data/install-config-generate/installercache/quay.io/openshift-release-dev/ocp-release:4.16.0-rc.0-x86_64/ln_1715091595_openshift-baremetal-install) ``` To address this, this commit moves installs for clusters >= 4.16 to use `openshift-install` which will work correctly regardless of the container base image it is run on. This is only possible for 4.16 and greater releases because the changes that allow `openshift-install` to do baremetal installations (and to statically link it) were only made for 4.16 and will not be backported to older releases. This is a temporary fix as installing FIPS compliant clusters will still require using `openshift-baremetal-install` so the ultimate goal is to be able to run `openshift-baremetal-install` for any supported OCP version. Note that this is only relevant for the case where assisted-service is an el8-based image, which is not the case currently. This PR is mostly meant for backport to earlier versions which will still need to install 4.16. Related to https://issues.redhat.com/browse/CORS-3024 Resolves https://issues.redhat.com/browse/OCPBUGS-33227
carbonin
force-pushed
the
4.16-installer-binary
branch
from
4363dd3
to
bab591c
Compare
|
/lgtm |
|
/test edge-e2e-metal-assisted Operator didn't become ready, not an issue with this PR |
|
/lgtm |
|
/retest |
1 similar comment
|
/retest |
|
/hold Looks like this may indeed be causing the test failure. |
openshift-ci
bot
added
the
do-not-merge/hold
|
/unhold It wasn't causing the test failure. It's https://issues.redhat.com/browse/OCPBUGS-33493 |
openshift-ci
bot
removed
the
do-not-merge/hold
|
Spoke with @gamli75 and we're going to override to get this one in since it's blocking telco QE and they already tested the fix and verified it works. /override ci/prow/edge-e2e-metal-assisted |
|
@carbonin: Overrode contexts on behalf of carbonin: ci/prow/edge-e2e-metal-assisted In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
@carbonin: all tests passed! Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
|
@carbonin: Jira Issue OCPBUGS-33227: All pull requests linked via external trackers have merged: Jira Issue OCPBUGS-33227 has been moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
/cherry-pick release-ocm-2.10 |
|
@gamli75: new pull request created: #6319 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
[ART PR BUILD NOTIFIER] This PR has been included in build ose-agent-installer-api-server-container-v4.16.0-202405151511.p0.gfdf233a.assembly.stream.el9 for distgit ose-agent-installer-api-server. |
|
@carbonin doesn't this break FIPS on the agent-based installer? |
….16 (openshift#6304)" We must always use the openshift-baremetal-install binary because otherwise enabling FIPS is not possible. The agent-based installer depends on this. This reverts commit fdf233a.
In 4.16 the installer binaries started to be built against EL9 libraries rather than EL8. Additionally support for baremetal installs was added to the
openshift-installbinary which was also made statically linked.This means that using
openshift-baremetal-installfrom a 4.16 release on an EL8-based image will cause errors like:To address this, this commit moves installs for clusters >= 4.16 to use
openshift-installwhich will work correctly regardless of the container base image it is run on. This is only possible for 4.16 and greater releases because the changes that allowopenshift-installto do baremetal installations (and to statically link it) were only made for 4.16 and will not be backported to older releases.This is a temporary fix as installing FIPS compliant clusters will still require using
openshift-baremetal-installso the ultimate goal is to be able to runopenshift-baremetal-installfor any supported OCP version.Note that this is only relevant for the case where assisted-service is an el8-based image, which is not the case currently. This PR is mostly meant for backport to earlier versions which will still need to install 4.16.
List all the issues related to this PR
Related to https://issues.redhat.com/browse/CORS-3024
Resolves https://issues.redhat.com/browse/OCPBUGS-33227
What environments does this code impact?
How was this code tested?
Deployed manually and installed both 4.15 and 4.16 SNO successfully.
Also provided the patched image to telco QE for testing.
Checklist
docs, README, etc)Reviewers Checklist