-
Notifications
You must be signed in to change notification settings - Fork 447
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug 1793323: Remove the use of /etc/passwd in favor of cri-o #1015
Conversation
@akram: This pull request references Bugzilla bug 1793323, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
aws flake:
/test e2e-aws-jenkins |
/assign @gabemontero can you PTAL ? |
/retest |
/lgtm |
/retest Please review the full test history for this PR and help us cut down flakes. |
/hold A couple of points @akram @waveywaves
|
@gabemontero I tried on a 4.2 cluster and indeed, /etc/passwd contains the uid of the the arbitrary user
So, this is kind of redundant with the use of NSS_WRAPPER.
I wanted to be able to simply cherry-pick the commit to 4.3, 4.2 and 4.1 . So, does it harm to add it? |
OK, good wrt confirming @bparees 's notion IIRC, the thought was that this did not exist in 4.1, but confirming that would be ideal.
My preference would be
But of course if anyone here wants to debate that approach further, let's do so. |
it was backported to some 4.1.z: https://coreos.slack.com/archives/C02UD0TT3/p1579544937000700 i think it's acceptable to say that for 4.x the fix requires you upgrade to a level of 4.x that includes the crio behavior, but the risk here is that if we publish a 4.1 image that relies on that crio behavior, it breaks existing customers until they upgrade. that would be bad. but i agree with @gabemontero that the desired final state is to not use nss_wrapper, it pulls in an additional package which has been problematic in the past. So i would agree that we should only do the nss_wrapper fix in the fewest possible releases (3.11, maybe 4.1). |
@bparees and @gabemontero |
great thanks @akram btw, the fix in openshift/origin#24434 had passing in e2e-aws-jenkins ... just waiting for various flakes to be avoided to get that mergeable |
002f167
to
b167ab9
Compare
update the PR title @akram |
/hold cancel |
@akram: This pull request references Bugzilla bug 1793323, which is valid. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/retest Please review the full test history for this PR and help us cut down flakes. |
3 similar comments
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/hold no reason to have this PR retest (cause the bot sees the lgtm) until the origin PR @waveywaves has up merges to change the config option used. we can unhold once the origin PR merges. |
from the last failing run:
|
/retest |
/test e2e-aws-jenkins |
2 similar comments
/test e2e-aws-jenkins |
/test e2e-aws-jenkins |
I believe you all have a problem related perhaps to this change @akram @waveywaves From the e2e-aws-jenkins test logs:
|
/hold |
This is related to cri-o that is setting home as "/" for the injected user.
however:
|
/hold cancel |
69fc0a3
to
257e10a
Compare
/retest |
/test e2e-aws-jenkins |
Now, the error happens also with maven agent, where the mvn command in agent also needs to get specified the |
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: akram, waveywaves The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
@akram: All pull requests linked via external trackers have merged. Bugzilla bug 1793323 has been moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/cherry-pick release-4.3 |
@akram: #1015 failed to apply on top of branch "release-4.3":
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
cri-o automatically appends the arbitrary user assigned by openshift to /etc/passwd.
/etc/passwd doesn't have to be group writable then, neither we need nss_wrapper.
This PR removes the use of both for 4.2+