Bug 1842071: Add links to Power and Z documentation #3688
Conversation
…oints Update the S3 bucket that stores the ignition config to use a presigned URL. This allows the S3 bucket to be accesseed via HTTP(s) similar to Azure and GCP thus allowing the installer to pick the correct endpoint based on region/user specification. https://issues.redhat.com/browse/CORS-1322
The "libvirt" RPM is a meta package which depends on every single other libvirt RPM. It is undesirable to install this because it pulls in a huge chain of dependencies, which are irrelevant for accomplishing the steps described in this document. The main interesting thing it was likely needed for is the "virsh" client, and can thus be replaced by the "libvirt-client" RPM The "libvirt-daemon-kvm" RPM pulls in everything needed for a typical libvirt installation that will be used for running KVM guests, and is the recommended option for scenarios that don't need to go to extreme to minimize features installed. The "qemu-kvm" RPM does not need to be listed explicitly, since it is already a dependancy of "libvirt-daemon-kvm". Further information to help understand the libvirt RPM choices is present at https://libvirt.org/kbase/rpm-deployment.html Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
A connection to libvirtd gives the client application privileges that are equivalent to those of a root shell. IOW, disabling authentication and encryption in libvirtd is akin to running a telnet server with no root password. This implication is not obvious to users following the guide, so should be spelt out explicitly, so they understand it is critical to correctly apply the firewall rules listed later in the install guide. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
In newer libvirtd that ships the "libvirt-tcp.socket" unit files for socket activation, the --listen argument to libvirtd should not be used. Enabling both socket activation and the --listen argument will cause libvirtd to exit with an error about mutually exclusive configuration options. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Before this documentation change, there was no clear indication of the expected disk latency in the OpenStack requirements. The threshold value (10ms) is taken from a post[1] on the IBM Cloud blog, which the official ETCD documentation points to. [1]: https://www.ibm.com/cloud/blog/using-fio-to-tell-whether-your-storage-is-fast-enough-for-etcd
Before this commit, bootstrap machines that failed to come up would look like [1]: level=info msg="Waiting up to 30m0s for the Kubernetes API at https://api.ci-op-6266tp8r-77109.origin-ci-int-aws.dev.rhcloud.com:6443..." level=error msg="Attempted to gather ClusterOperator status after installation failure: listing ClusterOperator objects: Get https://api.ci-op-6266tp8r-77109.origin-ci-int-aws.dev.rhcloud.com:6443/apis/config.openshift.io/v1/clusteroperators: dial tcp 3.221.214.197:6443: connect: connection refused" level=info msg="Pulling debug logs from the bootstrap machine" level=error msg="Attempted to gather debug logs after installation failure: failed to create SSH client, ensure the proper ssh key is in your keyring or specify with --key: dial tcp 3.84.188.207:22: connect: connection refused" level=fatal msg="Bootstrap failed to complete: waiting for Kubernetes API: context deadline exceeded" With this commit, that last error will look like: level=error msg="Attempted to gather debug logs after installation failure: failed to connect to the bootstrap machine: dial tcp 3.84.188.207:22: connect: connection refused" without the unrelated (to this failure mode) distraction about SSH keys. [1]: https://prow.svc.ci.openshift.org/view/gcs/origin-ci-test/logs/release-openshift-origin-installer-e2e-aws-upgrade/12076 Updated the commit to match with the latest changes.
As OpenStack allows resources to have the same name, it's possible that we end up with multiple security groups with same name, and the deletion of those resources for UPI fails as currently we're relying on sg Name. This commit fixes the issue by ensuring the resoruce ID is used instead.
Bug 1841072: [UPI] Rely on security group ID when deleting it
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: abhinavdahiya The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci-robot
added
the
approved
|
/retest Please review the full test history for this PR and help us cut down flakes. |
2 similar comments
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
manojnkumar
changed the title
openshift-ci-robot
added
the
bugzilla/severity-high
|
@manojnkumar: This pull request references Bugzilla bug 1842071, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
openshift-ci-robot
added
the
bugzilla/invalid-bug
|
/bugzilla refresh Recalculating validity in case the underlying Bugzilla bug has changed. |
|
@openshift-bot: This pull request references Bugzilla bug 1842071, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/bugzilla refresh Recalculating validity in case the underlying Bugzilla bug has changed. |
|
@openshift-bot: This pull request references Bugzilla bug 1842071, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Warn about security risks of the recommended libvirt install configuration
|
/bugzilla refresh |
openshift-ci-robot
added
bugzilla/severity-medium
|
@abhinavdahiya: This pull request references Bugzilla bug 1842071, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker. 3 validation(s) were run on this bug
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
openshift-ci-robot
added
bugzilla/valid-bug
|
/test e2e-aws |
|
/override ci/prow/e2e-aws this is a docs update. |
|
@abhinavdahiya: Overrode contexts on behalf of abhinavdahiya: ci/prow/e2e-aws In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/retest |
|
/override ci/prow/e2e-aws-upgrade this is a docs update. |
|
@abhinavdahiya: Overrode contexts on behalf of abhinavdahiya: ci/prow/e2e-aws-upgrade In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Bug 1842607: update README with vSphere IPI docs
…-refused cmd/openshift-install/gather: Recognize "connection refused"
…om_endpoints aws: update the bootstrap ignition fetching to use custom region endpoints
openshift-ci-robot
added
the
needs-rebase
|
New changes are detected. LGTM label has been removed. |
openshift-ci-robot
removed
lgtm
|
@manojnkumar: The following tests failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
/hold |
openshift-ci-robot
added
the
do-not-merge/hold
|
@manojnkumar PTAL, there's a lot of unrelated changes here most likely due to a bad rebase |
|
Let me close this out and restart. Thanks @sdodson @patrickdillon @abhinavdahiya |
|
@manojnkumar: This pull request references Bugzilla bug 1842071. The bug has been updated to no longer refer to the pull request using the external bug tracker. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Top level README update to link to the Power and Z documentation.