Merge pull request #1106 from rphillips/copy_extensions

Bug 2033751: fix -rt builds and copy extensions into resulting image
openshift · Jan 13, 2022 · dba670a · dba670a
2 parents 50f645e + 9b19ca9
commit dba670a
Show file tree

Hide file tree

Showing 3 changed files with 78 additions and 26 deletions.
diff --git a/REBASE.openshift.md b/REBASE.openshift.md
@@ -161,6 +161,7 @@ communication, please see the [the spreadsheet used for the 1.19
 rebase](https://docs.google.com/spreadsheets/d/10KYptJkDB1z8_RYCQVBYDjdTlRfyoXILMa0Fg8tnNlY/edit).
 
 ## Picking commits from the previous rebase branch to the new branch
+
 Go through the spreadsheet and for every commit set one of the appropriate actions:
  - `p`, to pick the commit
  - `s`, to squash it (add a comment with the sha of the target)
@@ -218,7 +219,7 @@ Explicit commit rules:
 
 ## Update the hyperkube image version to the release tag
 
-The [hyperkube dockerfile](openshift-hack/images/hyperkube/Dockerfile.rhel)
+The [hyperkube image](openshift-hack/images/hyperkube/Dockerfile.rhel)
 hard-codes the Kubernetes version in an image label. It's necessary to manually
 set this label to the new release tag. Prefix the commit summary with
 `UPSTREAM: <carry>: (squash)` and squash it before merging the rebase PR.
@@ -227,6 +228,16 @@ This value, among other things, is used by ART to inject appropriate version of
 kubernetes during build process, so it always has to reflect correct level of
 kubernetes.
 
+## Update base-os and test images
+
+To be able to use the latest kubelet from a pull request, in this repository
+we build [machine-os-content image](openshift-hack/images/os/Dockerfile).
+Make sure that both `FROM` and `curl` operation in `RUN` command use appropriate
+OCP version which corresponds with what we have in the [hyperkube image](openshift-hack/images/hyperkube/Dockerfile.rhel).
+
+Similarly, update `FROM` in [test image](openshift-hack/images/tests/Dockerfile.rhel)
+to match the one from [hyperkube image](openshift-hack/images/hyperkube/Dockerfile.rhel).
+
 ## Updating dependencies
 
 Once the commits are all picked from the previous rebase branch, and your PR
@@ -329,6 +340,15 @@ most. Re-picking carries should not result in conflicts since the base of the
 rebase branch will be the same as before. The only potential sources of conflict
 will be the newly added commits.
 
+## Ensuring the stability of the release
+
+To ensure we don't regress the product by introducing a new level of kubernetes
+it is required to create a new sheet in the following spreadsheet and pass all
+the variants: https://docs.google.com/spreadsheets/d/1PBk3eqYaPbvY982k_a0W7EGx7CBCHTmKrN6FyNSTDeA/edit#gid=0
+
+NOTE: Double check with TRT team if the current variants in that spreadsheet
+are up-to-date.
+
 ## Send email announcing upcoming merge
 
 Second email should be send close O(~3 days) to merging the bump:
@@ -416,12 +436,12 @@ git log v1.21.1..v1.21.2 --ancestry-path --reverse --no-merges
 
 ## Updating with `rebase.sh` (experimental)
 
-The above steps are available as a script that will merge and rebase along the happy path without automatic conflict 
+The above steps are available as a script that will merge and rebase along the happy path without automatic conflict
 resolution and at the end will create a PR for you.
 
 Here are the steps:
-1. Create a new BugZilla with the respective OpenShift version to rebase (Target Release stays ---), 
-   Prio&Severity to High with a proper description of the change logs. 
+1. Create a new BugZilla with the respective OpenShift version to rebase (Target Release stays ---),
+   Prio&Severity to High with a proper description of the change logs.
    See [BZ2021468](https://bugzilla.redhat.com/show_bug.cgi?id=2021468) as an example.
 2. It's best to start off with a fresh fork of [openshift/kubernetes](https://github.com/openshift/kubernetes/). Stay on the master branch.
 3. This script requires `jq`, `git`, `podman` and `bash`, `gh` is optional.
@@ -430,10 +450,10 @@ Here are the steps:
 openshift-hack/rebase.sh --k8s-tag=v1.21.2 --openshift-release=release-4.8 --bugzilla-id=2003027
 ```
 
-where `k8s-tag` is the [kubernetes/kubernetes](https://github.com/kubernetes/kubernetes/) release tag, the `openshift-release`  
-is the OpenShift release branch in [openshift/kubernetes](https://github.com/openshift/kubernetes/) and the `bugzilla-id` is the 
+where `k8s-tag` is the [kubernetes/kubernetes](https://github.com/kubernetes/kubernetes/) release tag, the `openshift-release`
+is the OpenShift release branch in [openshift/kubernetes](https://github.com/openshift/kubernetes/) and the `bugzilla-id` is the
 BugZilla ID created in step (1).
 
 5. In case of conflicts, it will ask you to step into another shell to resolve those. The script will continue by committing the resolution with `UPSTREAM: <drop>`.
 6. At the end, there will be a "rebase-$VERSION" branch pushed to your fork.
-7. If you have `gh` installed and are logged in, it will attempt to create a PR for you by opening a web browser. 
+7. If you have `gh` installed and are logged in, it will attempt to create a PR for you by opening a web browser.
diff --git a/openshift-hack/images/os/Dockerfile b/openshift-hack/images/os/Dockerfile
@@ -1,26 +1,18 @@
+# fedora:29 is an image built within the release scripts:
+# https://github.com/openshift/release/blob/b45a09d248b8cdb8fe3bf5f3cfa0b4fee57d04c8/ci-operator/config/openshift/kubernetes/openshift-kubernetes-release-4.10.yaml#L63-L65
 FROM fedora:29 AS build
 
+# the registry is defined here:
+# https://github.com/openshift/release/blob/b45a09d248b8cdb8fe3bf5f3cfa0b4fee57d04c8/ci-operator/config/openshift/kubernetes/openshift-kubernetes-release-4.10.yaml#L68
 COPY --from=registry.svc.ci.openshift.org/openshift/origin-v4.0:machine-os-content /srv/ /srv/
-RUN set -x && yum install -y ostree rpm-ostree yum-utils selinux-policy-targeted && \
-    curl http://base-4-3-rhel8.ocp.svc > /etc/yum.repos.d/rhel8.repo && \
-    commit=$( find /srv -name *.commit | sed -Ee 's|.*objects/(.+)/(.+)\.commit|\1\2|' | head -1 ) && \
-    mkdir /tmp/working && cd /tmp/working && \
-    rpm-ostree db list --repo /srv/repo $commit > /tmp/packages && \
-    PACKAGES=(openshift-hyperkube) && \
-    yumdownloader -y --disablerepo=* --enablerepo=built --destdir=/tmp/rpms "${PACKAGES[@]}" && \
-    if ! grep -q cri-o /tmp/packages; then yumdownloader -y --disablerepo=* --enablerepo=rhel-8* --destdir=/tmp/rpms cri-o cri-tools; fi && \
-    if ! grep -q machine-config-daemon /tmp/packages; then yumdownloader -y --disablerepo=* --enablerepo=rhel-8* --destdir=/tmp/rpms machine-config-daemon; fi && \
-    ls /tmp/rpms/ && (cd /tmp/rpms/ && ls ${PACKAGES[@]/%/*}) && \
-    for i in $(find /tmp/rpms/ -name *.rpm); do echo "Extracting $i ..."; rpm2cpio $i | cpio -div; done && \
-    if [[ -d etc ]]; then mv etc usr/; fi && \
-    mkdir -p /tmp/tmprootfs/etc && \
-    ostree --repo=/srv/repo checkout -U $commit --subpath /usr/etc/selinux /tmp/tmprootfs/etc/selinux && \
-    ostree --repo=/srv/repo commit --parent=$commit --tree=ref=$commit --tree=dir=. \
-        --selinux-policy /tmp/tmprootfs \
-        -s "origin-ci-dev overlay RPMs" --branch=origin-ci-dev
+COPY --from=registry.svc.ci.openshift.org/openshift/origin-v4.0:machine-os-content /extensions/ /extensions/
+WORKDIR /
+COPY install.sh .
+RUN ./install.sh
 
 FROM scratch
 COPY --from=build /srv/ /srv/
+COPY --from=build /extensions/ /extensions/
 
-LABEL io.openshift.build.version-display-names="machine-os=rhcos image for testing openshift kubernetes kubelet only- if you see this outside of PR runs for openshift kubernetes- you found an urgent blocker bug" \
-      io.openshift.build.versions="machine-os=1.2.3-testing-if-you-see-this-outside-of-PR-runs-for-openshift-kubernetes-you-found-an-urgent-blocker-bug"
+LABEL io.openshift.build.version-display-names="machine-os=rhcos image for testing openshift kubernetes kubelet only- if you see this outside of PR runs for openshift kubernetes- you found an urgent blocker bug"
+LABEL io.openshift.build.versions="machine-os=1.2.3-testing-if-you-see-this-outside-of-PR-runs-for-openshift-kubernetes-you-found-an-urgent-blocker-bug"
diff --git a/openshift-hack/images/os/install.sh b/openshift-hack/images/os/install.sh
@@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+
+set -xeou pipefail
+
+yum install -y ostree rpm-ostree yum-utils selinux-policy-targeted xfsprogs
+curl http://base-4-10-rhel8.ocp.svc > /etc/yum.repos.d/rhel8.repo
+
+commit=$( find /srv -name *.commit | sed -Ee 's|.*objects/(.+)/(.+)\.commit|\1\2|' | head -1 )
+mkdir /tmp/working && cd /tmp/working
+rpm-ostree db list --repo /srv/repo $commit > /tmp/packages
+
+PACKAGES=(openshift-hyperkube)
+yumdownloader -y --disablerepo=* --enablerepo=built --destdir=/tmp/rpms "${PACKAGES[@]}"
+if ! grep -q cri-o /tmp/packages; then
+  yumdownloader -y --disablerepo=* --enablerepo=rhel-8* --destdir=/tmp/rpms cri-o cri-tools
+fi
+
+ls /tmp/rpms/ && (cd /tmp/rpms/ && ls ${PACKAGES[@]/%/*})
+for i in $(find /tmp/rpms/ -name *.rpm); do
+  echo "Extracting $i ..."; rpm2cpio $i | cpio -div
+done
+
+if [[ -d etc ]]; then
+  mv etc usr/
+fi
+
+mkdir -p /tmp/tmprootfs/etc
+
+ostree --repo=/srv/repo checkout \
+  -U $commit \
+  --subpath /usr/etc/selinux \
+  /tmp/tmprootfs/etc/selinux
+
+ostree --repo=/srv/repo commit \
+  --parent=$commit \
+  --tree=ref=$commit \
+  --tree=dir=. \
+  --selinux-policy /tmp/tmprootfs \
+  -s "origin-ci-dev overlay RPMs" \
+  --branch=origin-ci-dev