Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OCPBUGS-15860: [4.12] Rebase openshift/etcd to 3.5.9 #207

Merged
merged 122 commits into from Aug 7, 2023
Merged

OCPBUGS-15860: [4.12] Rebase openshift/etcd to 3.5.9 #207

merged 122 commits into from Aug 7, 2023

Conversation

tjungblu
Copy link

Essentially what we've done to 4.13, just in one go:

  • rebase via forkpoint to the latest release
  • pick the golang updates
  • pick the upstream work for rev bumps
  • pick adding the etcdutl into the docker image
git rebase --rebase-merges --fork-point v3.5.6 v3.5.9
git cherry-pick 4b310a07331a661991e7f137b51dc95645837172
git cherry-pick dc7b2599a2f57f4f041cd837a6d5455084392fa9
git cherry-pick cfa79a5d17c0dbbc7c3bbb71af6c4e6c9ab7d802
git cherry-pick a66a9b83109630f67526ada6b556fe2cb4d3673d
git cherry-pick 0970055c1e38f7c9902037b6e4c1ea52db172c6b

ahrtr and others added 30 commits July 26, 2023 10:12
@ahrtr @tjungblu
deps: bump golang.org/x/net to v0.4.0 to address CVEs
53ba144 
CVE-2021-44716
CVE-2022-27664

Signed-off-by: Benjamin Wang <wachao@vmware.com>
@chaochn47 @tjungblu
[3.5] Backport: non mutating requests pass through quotaKVServer when…
bd8e382 
… NOSPACE

Signed-off-by: Vaibhav Mehta <mehvaibh@amazon.com>
@ahrtr @tjungblu
etcdserver: intentionally set the memberID as 0 in corruption alarm
65a230b 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
@ahrtr @tjungblu
clientv3: revert the client side change in 14547
89a9ad2 
In order to fix etcd-io#12385,
PR etcd-io#14322 introduced a change
in which the client side may retry based on the error message
returned from server side.

This is not good, as it's too fragile and it's also changed the
protocol between client and server. Please see the discussion
in kubernetes/kubernetes#114403

Note: The issue etcd-io#12385 only
happens when auth is enabled, and client side reuse the same client
to watch.

So we decided to rollback the change on 3.5, reasons:
1.K8s doesn't enable auth at all. It has no any impact on K8s.
2.It's very easy for client application to workaround the issue.
  The client just needs to create a new client each time before watching.

Signed-off-by: Benjamin Wang <wachao@vmware.com>
@ahrtr @tjungblu
bump go version to 1.17.13
24acfd2 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
@mehvaibh @tjungblu
Fix go fmt error
6b53d8d 
Signed-off-by: Vaibhav Mehta <mehvaibh@amazon.com>
@ahrtr @tjungblu
Merge pull request etcd-io#14852 from ahrtr/remove_memberid_alarm_3.5…
e15221e 
…_20221125

[3.5] etcdserver: intentionally set the memberID as 0 in corruption alarm
@ArkaSaha30 @tjungblu
Add trivy nightly scan for release-3.5
fe78e94 
Signed-off-by: ArkaSaha30 <arkasaha30@gmail.com>
@mitake @tjungblu
Merge pull request etcd-io#14995 from ahrtr/revert_14322_20221215
46095cb 
clientv3: revert the client side change in 14547
@ahrtr @tjungblu
format the source code and tidy the dependencies using go 1.17.13
8710c36 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
@ahrtr @tjungblu
etcdserver: fix nil pointer panic for readonly txn
673cf97 
Backporting etcd-io#14895

Signed-off-by: Benjamin Wang <wachao@vmware.com>
@ahrtr @tjungblu
Merge pull request etcd-io#14884 from mehvaibh/release-3.5
3cbf340 
[3.5] Backport: non mutating requests pass through quotaKVServer when NOSPACE
@tjungblu
cidc: specify the correct branch name of release-3.5 in workflow for …
036a87e 
…trivy nightly scan

To checkout the corresponding branch in cicd workflow. Specify the correct branch name in each branch.

Signed-off-by: zsimon <zsimon@vmware.com>
@ahrtr @tjungblu
Merge pull request etcd-io#15006 from ArkaSaha30/trivy-release-3-5
a51b8bf 
Add trivy nightly scan for `release-3.5`
@ahrtr @tjungblu
remove .travis.yml
7ac51e2 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
@ahrtr @tjungblu
Merge pull request etcd-io#14899 from ahrtr/fix_readyonly_txn_panic_3…
532e5e9 
….5_20221206

[3.5] etcdserver: fix nil pointer panic for readonly txn
@ahrtr @tjungblu
security: use distroless base image to address critical Vulnerabilities
fa03b9d 
Command:
trivy image --severity CRITICAL gcr.io/etcd-development/etcd:v3.5.6 -f json -o 3.5.6_image_critical.json

Signed-off-by: Benjamin Wang <wachao@vmware.com>
@ahrtr @tjungblu
Merge pull request etcd-io#15010 from 4everming/fix/Specify_branch_na…
69419ae 
…me_for_the_Trivy_Scan_in_release3.5

fix:  specify the correct branch name of release-3.5 in workflow for…
@ahrtr @tjungblu
resolve build error: parameter may not start with quote character '
bdad2f4 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
@tsaarni @tjungblu
client/pkg/v3: fixes Solaris build of transport
a0e8741 
Add empty implementation for reuse port socket option since Solaris does not
support SO_REUSEPORT.

(cherry picked from commit af626eb)

Conflicts:
	client/pkg/transport/sockopt_unix.go

Signed-off-by: Andrew Stormont <andyjstormont@gmail.com>
@ahrtr @tjungblu
Merge pull request etcd-io#15016 from ahrtr/use_distroless_3.5_20221219
02987f7 
[3.5] Security: use distroless base image to address critical Vulnerabilities
@ahrtr @tjungblu
Remove dependency on gobin
1e1db78 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
@ptabor @tjungblu
Merge pull request etcd-io#14920 from andy-js/andy-js/release-3.5
f0a76d1 
client/pkg/v3: fixes Solaris build of transport
@ahrtr @tjungblu
3.5: remove the dependency on busybox
d004c1b 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
@ahrtr @tjungblu
Merge pull request etcd-io#15018 from ahrtr/deps_3.5_20221219
88a7e02 
[3.5] Security: address HIGH Vulnerabilities
@ahrtr @tjungblu
update nsswitch.conf for 3.5
63ff966 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
@ahrtr @tjungblu
Merge pull request etcd-io#15037 from ahrtr/remove_busybox_3.5_20221223
13079ff 
3.5: remove the dependency on busybox
@ahrtr @tjungblu
etcdserver: return membership.ErrIDNotFound when the memberID not found
004c23a 
Backport etcd-io#15095.

When promoting a learner, we need to wait until the leader's applied ID
catches up to the commitId. Afterwards, check whether the learner ID
exist or not, and return `membership.ErrIDNotFound` directly in the API
if the member ID not found, to avoid the request being unnecessarily
delivered to raft.

Signed-off-by: Benjamin Wang <wachao@vmware.com>
@ahrtr @tjungblu
Merge pull request etcd-io#15041 from ahrtr/update_nsswitch_3.5
d9afd16 
[3.5] Update nsswitch.conf for 3.5
@serathius @tjungblu
Merge pull request etcd-io#15096 from ahrtr/3.5_promote_non_exist_id_…
5374eb0 
…20230113

[3.5] etcdserver: return membership.ErrIDNotFound when the memberID not found
@openshift-ci-robot openshift-ci-robot added jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. labels Jul 26, 2023
@openshift-ci-robot
Copy link

@tjungblu: This pull request references Jira Issue OCPBUGS-15860, which is valid. The bug has been moved to the POST state.

6 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target version (4.12.z) matches configured target version for branch (4.12.z)
  • bug is in the state New, which is one of the valid states (NEW, ASSIGNED, POST)
  • dependent bug Jira Issue OCPBUGS-15859 is in the state Verified, which is one of the valid states (VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE))
  • dependent Jira Issue OCPBUGS-15859 targets the "4.13.z" version, which is one of the valid target versions: 4.13.0, 4.13.z
  • bug has dependents

Requesting review from QA contact:
/cc @geliu2016

The bug has been updated to refer to the pull request using the external bug tracker.

In response to this:

Essentially what we've done to 4.13, just in one go:

  • rebase via forkpoint to the latest release
  • pick the golang updates
  • pick the upstream work for rev bumps
  • pick adding the etcdutl into the docker image
git rebase --rebase-merges --fork-point v3.5.6 v3.5.9
git cherry-pick 4b310a07331a661991e7f137b51dc95645837172
git cherry-pick dc7b2599a2f57f4f041cd837a6d5455084392fa9
git cherry-pick cfa79a5d17c0dbbc7c3bbb71af6c4e6c9ab7d802
git cherry-pick a66a9b83109630f67526ada6b556fe2cb4d3673d
git cherry-pick 0970055c1e38f7c9902037b6e4c1ea52db172c6b

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci openshift-ci bot requested a review from geliu2016 July 26, 2023 08:25
@dusk125
Copy link

dusk125 commented Jul 26, 2023

/lgtm
/label backport-risk-assessed

@openshift-ci openshift-ci bot added the backport-risk-assessed Indicates a PR to a release branch has been evaluated and considered safe to accept. label Jul 26, 2023
@tjungblu
Copy link
Author

Thanks @dusk125

going to leave it soaking in 4.13 for a while, at least until it's the fast channel next week

/hold

@tjungblu
Copy link
Author

/override ci/prow/unit

@openshift-ci openshift-ci bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jul 26, 2023
@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Jul 26, 2023
@openshift-ci
Copy link

openshift-ci bot commented Jul 26, 2023

@tjungblu: Overrode contexts on behalf of tjungblu: ci/prow/unit

In response to this:

/override ci/prow/unit

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

geliu2016
geliu2016 approved these changes Jul 27, 2023
View reviewed changes
Copy link

@geliu2016 geliu2016 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/label cherry-pick-approved

@openshift-ci openshift-ci bot added the cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. label Jul 27, 2023
@tjungblu
Copy link
Author

tjungblu commented Aug 7, 2023

/hold cancel

ready to proceed as per https://redhat-internal.slack.com/archives/CB95J6R4N/p1691393773257259

@openshift-ci openshift-ci bot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Aug 7, 2023
@Elbehery
Copy link

Elbehery commented Aug 7, 2023

/lgtm
/approve

thanks @tjungblu

@tjungblu
Copy link
Author

tjungblu commented Aug 7, 2023

/override ci/prow/unit

@openshift-ci
Copy link

openshift-ci bot commented Aug 7, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dusk125, Elbehery, geliu2016, tjungblu

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:
  • OWNERS [Elbehery,dusk125,tjungblu]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci-robot
Copy link

/retest-required

Remaining retests: 0 against base HEAD c1d76ff and 2 for PR HEAD 07d0ec7 in total

@openshift-ci
Copy link

openshift-ci bot commented Aug 7, 2023

@tjungblu: Overrode contexts on behalf of tjungblu: ci/prow/unit

In response to this:

/override ci/prow/unit

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@Elbehery
Copy link

Elbehery commented Aug 7, 2023

it fails on

go: go.etcd.io/bbolt@v1.3.7 requires
	github.com/stretchr/testify@v1.8.1: missing go.sum entry; to add it:
	go mod download github.com/stretchr/testify
must be run from 'go.etcd.io/etcd/v3' module directory

@tjungblu
Copy link
Author

tjungblu commented Aug 7, 2023

that's OK, because it still runs with the old golang version. Once the container image is reconciled it's going green again.

@tjungblu
Copy link
Author

tjungblu commented Aug 7, 2023

/override ci/prow/unit

@openshift-ci
Copy link

openshift-ci bot commented Aug 7, 2023

@tjungblu: Overrode contexts on behalf of tjungblu: ci/prow/unit

In response to this:

/override ci/prow/unit

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci
Copy link

openshift-ci bot commented Aug 7, 2023

@tjungblu: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/unit 07d0ec7 link true /test unit

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@openshift-merge-robot openshift-merge-robot merged commit 9f987a5 into openshift:openshift-4.12 Aug 7, 2023
7 checks passed
@openshift-ci-robot
Copy link

@tjungblu: Jira Issue OCPBUGS-15860: All pull requests linked via external trackers have merged:

Jira Issue OCPBUGS-15860 has been moved to the MODIFIED state.

In response to this:

Essentially what we've done to 4.13, just in one go:

  • rebase via forkpoint to the latest release
  • pick the golang updates
  • pick the upstream work for rev bumps
  • pick adding the etcdutl into the docker image
git rebase --rebase-merges --fork-point v3.5.6 v3.5.9
git cherry-pick 4b310a07331a661991e7f137b51dc95645837172
git cherry-pick dc7b2599a2f57f4f041cd837a6d5455084392fa9
git cherry-pick cfa79a5d17c0dbbc7c3bbb71af6c4e6c9ab7d802
git cherry-pick a66a9b83109630f67526ada6b556fe2cb4d3673d
git cherry-pick 0970055c1e38f7c9902037b6e4c1ea52db172c6b

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-merge-robot
Copy link

Fix included in accepted release 4.12.0-0.nightly-2023-08-07-235608

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@geliu2016 geliu2016 geliu2016 approved these changes

@deads2k deads2k Awaiting requested review from deads2k

@dusk125 dusk125 Awaiting requested review from dusk125

Assignees

@Elbehery Elbehery

@dusk125 dusk125

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. backport-risk-assessed Indicates a PR to a release branch has been evaluated and considered safe to accept. cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. lgtm Indicates that a PR is ready to be merged.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet