rhcos: Embed full build metadata in binary #1423
Conversation
openshift-ci-robot
added
the
size/L
|
Some discussion in the previous PR #1402 (comment) |
cgwalters
force-pushed
the
rhcos-pin-meta
branch
from
f46097e
to
310c782
Compare
abhinavdahiya
requested review from
wking
and removed request for
tomassedovic and
steveej
cgwalters
force-pushed
the
rhcos-pin-meta
branch
2 times, most recently
from
73b02bd
to
3756253
Compare
pkg/rhcos/builds.go
Outdated
| } else { | ||
| build = rhcosBuildID | ||
| } | ||
| url := fmt.Sprintf("%s/%s/%s/meta.json", baseURL, rhcosBuildChannel, build) |
There was a problem hiding this comment.
I'd rather just stick with our existing OPENSHIFT_INSTALL_OS_IMAGE_OVERRIDE for overrides. Coupled with the bundled metadata for the pinned RHCOS that this PR is adding, that would mean we could drop this JSON request entirely. Different override approaches have been floated before in #1168 and #1402 though, so there's clearly some workflow where "supply the override AMI (or QCOW2 image URI, etc.)" is not seen as sufficient. Can you point me at that place, so I can float an approach that uses OPENSHIFT_INSTALL_OS_IMAGE_OVERRIDE?
There was a problem hiding this comment.
I think anyone who wants to test something related to RHCOS will find it far easier to supply a version number rather than parsing the version number and getting the AMI or extracting the qcow2 manually. I can very much say this is the case for me.
Further, I expect us to at some point have CI that overrides this. "Test this release payload with updated rhcos bootimage" is a valid thing to want to do for the same reason we want to override release payloads.
There was a problem hiding this comment.
Really we need both. The existing image override is useful to test an unofficial bootimage.
In fact just now I used both - tested with the latest rhcos from our buildsystem, hit an issue, did a local build with a test fix, then used the local override to point to file:///.
There was a problem hiding this comment.
I think anyone who wants to test something related to RHCOS will find it far easier to supply a version number rather than parsing the version number and getting the AMI or extracting the qcow2 manually.
How many people need this, though?
Further, I expect us to at some point have CI that overrides this. "Test this release payload with updated rhcos bootimage" is a valid thing to want to do for the same reason we want to override release payloads.
Sure, but my preferred approach for this is "override the release image" (via #1286).
Really we need both. The existing image override is useful to test an unofficial bootimage.
It can be used for testing official boot images too, right? The only issue is whether this lookup needs to be built into the installer, or if you can use external tool like this script.
There was a problem hiding this comment.
Sure, but my preferred approach for this is "override the release image" (via #1286).
You know I agree 💯 % with that - particularly because if e.g. say one is overriding the image thinking to test a kernel change to e.g. a NIC driver for a new cloud platform, it will be a surprise probably for most people that that change gets overwritten quickly by machine-os-content - which you need a custom release payload to change. (And we need to make changing both ergonomic, but that's another issue)
But my real argument here is:
The only issue is whether this lookup needs to be built into the installer
The code's already there though! It's just missing a few config knobs.
How many people need this, though?
It's not just the number of people - it's also that I don't want lots of places parsing that release schema - while we're unlikely to change it soon, again the installer already has the code, so let's just make it more useful.
There was a problem hiding this comment.
The code's already there though! It's just missing a few config knobs.
But this is our chance to get rid of it, and "more knobs" feels like doubling down on a known dead-end approach :p.
There was a problem hiding this comment.
But this is our chance to get rid of it, and "more knobs" feels like doubling down on a known dead-end approach :p.
I don't think we're going to deploy the dependencies necessary in #1286 anytime soon.
Also, this code would be useful for us to deal with the Ignition 3 change.
openshift-ci-robot
added
size/XXL
cgwalters
force-pushed
the
rhcos-pin-meta
branch
from
c351b9a
to
3756253
Compare
openshift-ci-robot
added
size/L
|
(Sorry, had a force push accident here...reset now) |
cgwalters
force-pushed
the
rhcos-pin-meta
branch
2 times, most recently
from
e245bc9
to
4cc5fdd
Compare
|
OK updated now 🆕 to address comments. |
|
/retest |
Gets us out of supporting RHEL7. This rolls in openshift#1423
The "bootimage" is the one we use before pivoting. Bump this so we don't need to support RHEL7 anymore even there. This rolls in openshift#1423
cgwalters
force-pushed
the
rhcos-pin-meta
branch
from
4cc5fdd
to
70730cd
Compare
|
/retest |
pkg/rhcos/builds.go
Outdated
| // rhcosBuildChannel is a name for a stream of builds | ||
| var rhcosBuildChannel string | ||
|
|
||
| func fetchRHCOSBuild(ctx context.Context) (metadata, error) { |
There was a problem hiding this comment.
this needs to be rewired as the overrides were dropped.
There was a problem hiding this comment.
I kept most of the code to handle multiple just dropped the override environment variables. What do you want exactly? Delete everything except support for reading the pinned JSON?
There was a problem hiding this comment.
Delete everything except support for reading the pinned JSON?
We still need a way to override for CI, but that override does not need any build fetching, so this signature looks fine to me.
|
I've floated a fixup in 009285d, adding support to the script for earlier Pythons, like my RHEL 7.5 CSB's 3.4.9. I'm also including the base URI from which the metadata was sourced, which can be used later in Go for constructing the bootimage URIs (libvirt QCOW2, etc.), so we don't have to code the likely source into the Go. I'll go back later tonight and adjust the Go to match. Thoughts? |
|
Ok, I've floated cabafdc as well, which adds |
|
And now I've floated 14cfc99 which:
|
|
/retest |
Please no. This is too much python with too many options for what I'm comfortable supporting in the installer repo.
This needs to be a follow up. |
Dropped from my squash commit with 14cfc99 -> b1daba1. I've left my expanded Python script alone for now, but am fine trimming it back down if we decide to only focus on updating |
|
/retest |
|
New squash, trimming the Python back down to just updating |
wking
changed the title
|
Updated the PR topic now that there are no longer new env vars; probably update the commit message too when squashing. |
|
Pushed 551acf1 -> e726a2b, fixing a bug in |
This way we avoid needing a service available at least for AWS installs. The AMIs now get hardcoded into the binary. `hack/update-rhcos-bootimage.py` is a small script which accepts a URL to build metadata and updates our cached version with just the subset of keys we care about (or potentially care about); e.g. not the pkgdiff. From Trevor: Drop the HTTP stuff in favor of just the local asset or `OPENSHIFT_INSTALL_OS_IMAGE_OVERRIDE`. The codecs business works around the lack of byte-stream support in json.load before Python 3.6 [1]. [1]: https://docs.python.org/3/library/json.html#json.load Co-authored-by: Trevor King <wking@tremily.us>
cgwalters
force-pushed
the
rhcos-pin-meta
branch
from
24cf48e
to
e080f04
Compare
Done, thanks! |
/retest |
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: cgwalters, wking The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci-robot
added
the
approved
/retest |
Crashlooping (etcd certs) is being tracked in rhbz#1694169 with a patch in coreos/kubecsr#25. Cinder failure seems to have been a one-off flake:
/retest |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
This way we avoid needing a service available at least for AWS
installs. The AMIs now get hardcoded into the binary.
Further, in order to make it easier for developers to test
alternative builds of RHCOS, add an override environment variable
just like is available for the release payload.