From a109dbfd04ccac7b67cde5900482cb1e1fd0469d Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Mon, 20 May 2019 17:21:51 +0000 Subject: [PATCH] WIP: Bug 1711844: bootkube.sh: Use pause image from payload A while ago we switched to pulling the pause image from the payload, this fixes things to do the same for the bootstrap node. We need this to support disconnected installs, countries where gcr.io is firewalled, and further we really only want to consume our own release payload, and not trust external registries. --- .../files/usr/local/bin/bootkube.sh.template | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/data/data/bootstrap/files/usr/local/bin/bootkube.sh.template b/data/data/bootstrap/files/usr/local/bin/bootkube.sh.template index 9346f4b5fe7..ecb30c8f094 100755 --- a/data/data/bootstrap/files/usr/local/bin/bootkube.sh.template +++ b/data/data/bootstrap/files/usr/local/bin/bootkube.sh.template @@ -38,6 +38,18 @@ OPENSHIFT_HYPERKUBE_IMAGE=$(podman run --quiet --rm ${release} image hyperkube) CLUSTER_BOOTSTRAP_IMAGE=$(podman run --quiet --rm ${release} image cluster-bootstrap) +# Now, as early as possible we replace the pause image and reload crio to use it, to ensure +# that we're using the pause image from our payload just like the primary cluster. +# The config should match the one generated by the MCO ideally: +# https://github.com/openshift/machine-config-operator/blob/e861ccb12f09c7c768d51fdf0a17879fcc9a87d5/templates/master/01-master-container-runtime/_base/files/crio.yaml +# But for now we're just changing the key bits: image and command. +# Perhaps down the line we change this to run something like: +# podman run machine-config-daemon bootstrap ... (passing the release image and the host rootfs) +sed -i -e 's,pause_image *=.*,pause_image = "'${MACHINE_CONFIG_INFRA_IMAGE}'",' /etc/crio/crio.conf +sed -i -e 's,pause_command *=.*,pause_command = "/usr/bin/pod",' /etc/crio/crio.conf +# Note crio today has a reload command but it just dies from the SIGHUP sent... +systemctl restart cri-o.service + mkdir --parents ./{bootstrap-manifests,manifests} if [ ! -f cvo-bootstrap.done ]