Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bug 1768978: RHCOS: bump to 43.81.201911081536.0 for FIPS support #2633

Merged

Conversation

@yuqi-zhang
Copy link
Contributor

yuqi-zhang commented Nov 6, 2019

Build 43.81.201911061504.0 has all the necessary bits for FIPS day 1
support in RHCOS, with necessary dracut modules.

Signed-off-by: Yu Qi Zhang jerzhang@redhat.com

@openshift-ci-robot

This comment has been minimized.

Copy link

openshift-ci-robot commented Nov 6, 2019

@yuqi-zhang: This pull request references Bugzilla bug 1768978, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker.

In response to this:

Bug 1768978: RHCOS: bump to 43.81.201911061504.0 for FIPS support

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@ashcrow
ashcrow approved these changes Nov 6, 2019
@yuqi-zhang

This comment has been minimized.

Copy link
Contributor Author

yuqi-zhang commented Nov 6, 2019

Corresponding payload passed promotion: https://storage.googleapis.com/origin-ci-test/logs/release-promote-openshift-machine-os-content-e2e-aws-4.3/2992/build-log.txt

To test, this machine-os-content is in 4.3.0-0.ci-2019-11-06-170148 and later

@yuqi-zhang

This comment has been minimized.

Copy link
Contributor Author

yuqi-zhang commented Nov 6, 2019

/hold

FIPS is acting up

@cgwalters

This comment has been minimized.

Copy link
Contributor

cgwalters commented Nov 6, 2019

/test e2e-vsphere
I am 97.32986121% sure this will really, pinky swear, fix the vsphere installs too. Was fairly crazy because there were three bugs there... I fixed two and then after fixing the first two and testing it a third bug came in at the same time...

@ashcrow

This comment has been minimized.

Copy link
Member

ashcrow commented Nov 6, 2019

/retest

@yuqi-zhang

This comment has been minimized.

Copy link
Contributor Author

yuqi-zhang commented Nov 6, 2019

The tests are failing because the boostrap configs don't have encapsulation necessary for FIPS. Don't worry about retesting for now

@jcpowermac

This comment has been minimized.

Copy link
Contributor

jcpowermac commented Nov 7, 2019

/test e2e-vsphere

@jcpowermac

This comment has been minimized.

Copy link
Contributor

jcpowermac commented Nov 7, 2019

bootstrap node failure in vsphere
image

@cgwalters

This comment has been minimized.

Copy link
Contributor

cgwalters commented Nov 7, 2019

OK, yeah we still have more fixes coming. Hopefully 43.81.201911071053.0 will get this.

@cgwalters

This comment has been minimized.

Copy link
Contributor

cgwalters commented Nov 7, 2019

@yuqi-zhang can you bump to 43.81.201911071801.0 ?

@yuqi-zhang yuqi-zhang force-pushed the yuqi-zhang:update-rhcos-fips branch from b0b47dc to c6f9e5f Nov 7, 2019
@yuqi-zhang yuqi-zhang changed the title Bug 1768978: RHCOS: bump to 43.81.201911061504.0 for FIPS support Bug 1768978: RHCOS: bump to 43.81.201911071801.0 for FIPS support Nov 7, 2019
@yuqi-zhang

This comment has been minimized.

Copy link
Contributor Author

yuqi-zhang commented Nov 7, 2019

Done, also updated commit message and title

@yuqi-zhang

This comment has been minimized.

Copy link
Contributor Author

yuqi-zhang commented Nov 7, 2019

/test e2e-azure

@yuqi-zhang

This comment has been minimized.

Copy link
Contributor Author

yuqi-zhang commented Nov 7, 2019

/test e2e-vsphere

@jcpowermac

This comment has been minimized.

Copy link
Contributor

jcpowermac commented Nov 7, 2019

thx @yuqi-zhang I will keep an eye out once the VMs start landing in vSphere CI env.

@cgwalters

This comment has been minimized.

Copy link
Contributor

cgwalters commented Nov 7, 2019

I don't understand those CI failures...
/retest

@yuqi-zhang yuqi-zhang force-pushed the yuqi-zhang:update-rhcos-fips branch from c6f9e5f to 286874b Nov 7, 2019
@yuqi-zhang

This comment has been minimized.

Copy link
Contributor Author

yuqi-zhang commented Nov 7, 2019

rebased on master to be safe

@yuqi-zhang

This comment has been minimized.

Copy link
Contributor Author

yuqi-zhang commented Nov 7, 2019

/test e2e-azure

@yuqi-zhang

This comment has been minimized.

Copy link
Contributor Author

yuqi-zhang commented Nov 7, 2019

/test e2e-vsphere

@yuqi-zhang

This comment has been minimized.

Copy link
Contributor Author

yuqi-zhang commented Nov 7, 2019

/retest

[INFO] Acquiring a lease ...
failed to acquire a resource: Post http://boskos.ci/acquire?dest=leased&owner=ci-op-10bhcfsn-1d3f3&request_id=6041391185526090318&state=free&type=aws-quota-slice: dial tcp 172.30.131.17:80: connect: no route to host

@jcpowermac

This comment has been minimized.

Copy link
Contributor

jcpowermac commented Nov 7, 2019

Tested with my own ignition in vSphere. This release resolves the DHCP reset issue on reboot.
This PR should significantly improve vSphere CI results.

@cgwalters

This comment has been minimized.

Copy link
Contributor

cgwalters commented Nov 8, 2019

/retest

@ashcrow

This comment has been minimized.

Copy link
Member

ashcrow commented Nov 8, 2019

/retest

@jcpowermac

This comment has been minimized.

Copy link
Contributor

jcpowermac commented Nov 8, 2019

/test e2e-vsphere

@jcpowermac

This comment has been minimized.

Copy link
Contributor

jcpowermac commented Nov 8, 2019

Just reviewed the current vSphere CI env - The bootstrap node has been destroyed and a master node is still set to a static address at least for vsphere:
lgtm

[core@control-plane-0 ~]$ sudo rpm-ostree status
State: idle
AutomaticUpdates: disabled
Deployments:
● pivot://registry.svc.ci.openshift.org/ci-op-wsjyh5nq/stable@sha256:5470738d7464bbd33e3bbf578578b70dcf951b4be2b236a5e0938ac397ba4335
              CustomOrigin: Managed by machine-config-operator
                   Version: 43.81.201911080953.0 (2019-11-08T09:58:27Z)

  ostree://be562ba2d4a7f5d111cf654fef236bac72538b41096f9417f38f3ab9f205af97
                   Version: 43.81.201911071801.0 (2019-11-07T18:06:37Z)
[core@control-plane-0 ~]$ ip a show ens192
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:b6:db:0b brd ff:ff:ff:ff:ff:ff
    inet 139.178.87.133/25 brd 139.178.87.255 scope global noprefixroute ens192
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:feb6:db0b/64 scope link
       valid_lft forever preferred_lft forever
[core@control-plane-0 ~]$ cat /etc/sysconfig/network-scripts/ifcfg-ens192
TYPE=Ethernet
BOOTPROTO=none
NAME=ens192
DEVICE=ens192
ONBOOT=yes
IPADDR=139.178.87.133
PREFIX=25
GATEWAY=139.178.87.129
DOMAIN=ci-op-wsjyh5nq-67021.origin-ci-int-aws.dev.rhcloud.com
DNS1=1.1.1.1
DNS2=9.9.9.9
@sdodson

This comment has been minimized.

Copy link
Member

sdodson commented Nov 8, 2019

@iamemilio @Fedosin @mandre to follow up on openstack failure

@yuqi-zhang

This comment has been minimized.

Copy link
Contributor Author

yuqi-zhang commented Nov 8, 2019

One more update to the PR incoming with a last fix for fips, then I will remove the hold

@mandre

This comment has been minimized.

Copy link
Contributor

mandre commented Nov 8, 2019

@yuqi-zhang We'll need a patch to make OpenStack image download decompress the gzipped file, otherwise this is going to break all openstack jobs. @Fedosin is currently working on that patch.

@yuqi-zhang

This comment has been minimized.

Copy link
Contributor Author

yuqi-zhang commented Nov 8, 2019

That's fine, let me know when that's in place

Build 43.81.201911081536.0 has all the necessary bits for FIPS day 1
support in RHCOS, with necessary dracut modules. Note that this also
correctly suffixes .gz for various image types. Those images were
already zipped correctly, but did not have extensions.

Signed-off-by: Yu Qi Zhang <jerzhang@redhat.com>
@yuqi-zhang yuqi-zhang force-pushed the yuqi-zhang:update-rhcos-fips branch from b3e6e59 to 68cc577 Nov 8, 2019
@yuqi-zhang yuqi-zhang changed the title Bug 1768978: RHCOS: bump to 43.81.201911071801.0 for FIPS support Bug 1768978: RHCOS: bump to 43.81.201911081536.0 for FIPS support Nov 8, 2019
@yuqi-zhang

This comment has been minimized.

Copy link
Contributor Author

yuqi-zhang commented Nov 8, 2019

Updated to what hopefully is the last image BUT this still requires #2645

@yuqi-zhang

This comment has been minimized.

Copy link
Contributor Author

yuqi-zhang commented Nov 8, 2019

Also note that various images now correctly suffix .gz extension (which I've noted in commit message) and that might trip over some other jobs

@openshift-ci-robot

This comment has been minimized.

Copy link

openshift-ci-robot commented Nov 8, 2019

@yuqi-zhang: The following tests failed, say /retest to rerun them all:

Test name Commit Details Rerun command
ci/prow/e2e-vsphere 286874b link /test e2e-vsphere
ci/prow/e2e-libvirt 68cc577 link /test e2e-libvirt
ci/prow/e2e-aws-scaleup-rhel7 68cc577 link /test e2e-aws-scaleup-rhel7

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@mrunalp

This comment has been minimized.

Copy link
Member

mrunalp commented Nov 8, 2019

/test e2e-aws

@mandre

This comment has been minimized.

Copy link
Contributor

mandre commented Nov 9, 2019

@yuqi-zhang the patch for OpenStack at #2645 is now ready for reviews. Thanks @Fedosin for the quick fix!

@sdodson

This comment has been minimized.

Copy link
Member

sdodson commented Nov 11, 2019

/test e2e-openstack

@sdodson

This comment has been minimized.

Copy link
Member

sdodson commented Nov 11, 2019

Discussed with @yuqi-zhang offline, this is good to go.
/hold cancel

@sdodson

This comment has been minimized.

Copy link
Member

sdodson commented Nov 11, 2019

/lgtm

@openshift-ci-robot

This comment has been minimized.

Copy link

openshift-ci-robot commented Nov 11, 2019

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ashcrow, sdodson, yuqi-zhang

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-merge-robot openshift-merge-robot merged commit db4b076 into openshift:master Nov 11, 2019
14 of 16 checks passed
14 of 16 checks passed
ci/prow/e2e-aws-scaleup-rhel7 Job failed.
Details
ci/prow/e2e-libvirt Job failed.
Details
ci/prow/e2e-aws Job succeeded.
Details
ci/prow/e2e-aws-upgrade Job succeeded.
Details
ci/prow/e2e-openstack Job succeeded.
Details
ci/prow/gofmt Job succeeded.
Details
ci/prow/golint Job succeeded.
Details
ci/prow/govet Job succeeded.
Details
ci/prow/images Job succeeded.
Details
ci/prow/shellcheck Job succeeded.
Details
ci/prow/tf-fmt Job succeeded.
Details
ci/prow/tf-lint Job succeeded.
Details
ci/prow/unit Job succeeded.
Details
ci/prow/verify-vendor Job succeeded.
Details
ci/prow/yaml-lint Job succeeded.
Details
tide In merge pool.
Details
@openshift-ci-robot

This comment has been minimized.

Copy link

openshift-ci-robot commented Nov 11, 2019

@yuqi-zhang: All pull requests linked via external trackers have merged. Bugzilla bug 1768978 has been moved to the MODIFIED state.

In response to this:

Bug 1768978: RHCOS: bump to 43.81.201911081536.0 for FIPS support

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
9 participants
You can’t perform that action at this time.