Bug 1988425: Change to use mountPath: /host

[mccv1r0]

Change iptables chain names to not conflict with existing workaround(s)

Signed-off-by: Michael Cambria mcambria@redhat.com
(cherry picked from commit 32d72e5)

[openshift-ci]

@mccv1r0: This pull request references Bugzilla bug 1988425, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target release (4.9.0) matches configured target release for branch (4.9.0)
• bug is in the state NEW, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

Requesting review from QA contact:
/cc @zhaozhanqi

In response to this:

Bug 1988425: Change to use mountPath: /host

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[mccv1r0]

/test e2e-gcp-ovn

[mccv1r0]

/test e2e-metal-ipi-ovn-ipv6
/test e2e-agnostic-upgrade

[danwinship]

It's confusing that the commit message summary only describes one of the two things the commit does. Either split it into two commits, or else make the summary more generic ("fixes to azure iptables setup script" etc) and describe both fixes in the commit message body, rather than one in the summary and one in the body

[danwinship]

This seems not safe; is oc statically linked, but is it guaranteed to always be statically linked? I think you have to do chroot /host oc ... though of course then you also have to write the script out to /home/var/run rather than /var/run

[cgwalters]

I think we've glossed over this so far but due to FIPS needing openssl for Go, we can't rely on these things being fully static.

[cgwalters]

The other pattern is to use e.g. systemd-run -qPG -- oc observe pods -n openshift-sdn -l app=sdn -a '{ .status.hostIP }' -- /var/run/add_iptables.sh.

[mccv1r0]

@mjudeikis fyi

[mccv1r0]

The commit message already describes:

1. Change to use mountPath: /host
2. Change iptables chain names to not conflict with existing workaround(s)

For SDN, I'll probably need to change upstream to use systemd-run (or whatever ends up being used) and back port.

The OVN version of this fix will start with whatever consensus decides is best.

[mccv1r0]

/test e2e-gcp-ovn
/test e2e-metal-ipi-ovn-ipv6

[Makdaam]

/retest

[mccv1r0]

/retest

[mccv1r0]

/test e2e-gcp-ovn
/test e2e-agnostic-upgrade

[abhat]

/retest-required

[mccv1r0]

/retest-required

[mccv1r0]

/retest-required

[mccv1r0]

/test e2e-gcp-ovn

[Makdaam]

/test e2e-gcp-ovn

[mccv1r0]

/test e2e-gcp-ovn

[Makdaam]

/test e2e-gcp-ovn

[mccv1r0]

/test e2e-gcp-ovn

[mccv1r0]

@knobunc Can you override this required gcp test? As you know this PR changes yaml that runs on Azure only.

[mccv1r0]

/test e2e-gcp-ovn

[mccv1r0]

/test e2e-gcp-ovn

[mccv1r0]

/test e2e-openstack-ovn
/test e2e-gcp-ovn-upgrade

[brenton]

Is this PR opened against the correct branch? I would have expected it to merge into release-4.8. When I look now the master, release-4.10 and release-4.9 branches all already have the fix from https://bugzilla.redhat.com/show_bug.cgi?id=1984449.

[abhat]

@mccv1r0 since this is a master branch PR, the bz needs retitling?

[mccv1r0]

@mccv1r0 since this is a master branch PR, the bz needs retitling?

The PR needs to be against 4.8

It's a cherry-pick from master

[mccv1r0]

/test e2e-azure-ovn-dualstack

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[mccv1r0]

Must we hold up an SDN only change due to an OVN flake?

[mccv1r0]

/test e2e-azure-ovn-dualstack

[mccv1r0]

/test e2e-azure-ovn-dualstack

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[mffiedler]

Verified as with #1160. 4.8.z cluster-bot Azure cluster built from this PR. ssh into node works fine both before and after boot. Without this PR ssh just hangs.

/lgtm
/label qe-approved

[mccv1r0]

/test e2e-azure-ovn-dualstack

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dcbw, mccv1r0, mffiedler

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [dcbw]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[dcbw]

/override ci/prow/e2e-azure-ovn-dualstack

Error on cloud setup:
level=error msg=Error: updating Load Balancer "ci-op-5hhdw15j-f5292-k6tnt" (Resource Group "ci-op-5hhdw15j-f5292-k6tnt-rg") for Probe "api-internal-probe": network.LoadBalancersClient#CreateOrUpdate: Failure sending request: StatusCode=0 -- Original Error: Code="PrivateIPAddressVersionCannotBeModified" Message="Load balancer frontend IP configuration /subscriptions/d38f1e38-4bed-438e-b227-833f997adf6a/resourceGroups/ci-op-5hhdw15j-f5292-k6tnt-rg/providers/Microsoft.Network/loadBalancers/ci-op-5hhdw15j-f5292-k6tnt/frontendIPConfigurations/public-lb-ip-v6 has an existing private IP address version IPv6 and the request has private IP address version IPv4, which do not match. Private IP address version cannot be modified once the resource is created." Details=[]

[openshift-ci]

@dcbw: Overrode contexts on behalf of dcbw: ci/prow/e2e-azure-ovn-dualstack

In response to this:

/override ci/prow/e2e-azure-ovn-dualstack

Error on cloud setup:
level=error msg=Error: updating Load Balancer "ci-op-5hhdw15j-f5292-k6tnt" (Resource Group "ci-op-5hhdw15j-f5292-k6tnt-rg") for Probe "api-internal-probe": network.LoadBalancersClient#CreateOrUpdate: Failure sending request: StatusCode=0 -- Original Error: Code="PrivateIPAddressVersionCannotBeModified" Message="Load balancer frontend IP configuration /subscriptions/d38f1e38-4bed-438e-b227-833f997adf6a/resourceGroups/ci-op-5hhdw15j-f5292-k6tnt-rg/providers/Microsoft.Network/loadBalancers/ci-op-5hhdw15j-f5292-k6tnt/frontendIPConfigurations/public-lb-ip-v6 has an existing private IP address version IPv6 and the request has private IP address version IPv4, which do not match. Private IP address version cannot be modified once the resource is created." Details=[]

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[openshift-ci]

@mccv1r0: All pull requests linked via external trackers have merged:

• openshift/cluster-network-operator#1169

Bugzilla bug 1988425 has been moved to the MODIFIED state.

In response to this:

Bug 1988425: Change to use mountPath: /host

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.