ETCD-612: Added a callback to provide additional pre-conditions for installation

[jubittajohn]

Added the callback shouldRevisionInstall to provide additional conditions for installation

These changes are consumed by : openshift/cluster-etcd-operator#1278

[openshift-ci-robot]

@jubittajohn: This pull request references ETCD-612 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.17.0" version, but no target version was set.

In response to this:

…onditions for installation

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci-robot]

@jubittajohn: This pull request references ETCD-612 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.17.0" version, but no target version was set.

In response to this:

Added the callback shouldRevisionInstall to provide additional conditions for installation

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[tjungblu]

as far as I understand, this blocks the entire controller, which we don't want, we want the current revisions to continue to rollout.

We can be more granular here and just block the ensureInstallerPod routine from spawning just the installer pod. That way it wouldn't block existing rollouts. Having said that, I think there are generally very little tests around this, so we need to run a couple of payload tests in cluster-etcd-operator (CEO) as well

[tjungblu]

shouldn't that be

Suggested change

	if !shouldInstall {
	if err != nil {
	return err
	}
	if !shouldInstall {
	return nil
	}

[tjungblu]

maybe also add an info logging statement here, so we know if it was skipped

[jubittajohn]

@tjungblu But only if there is error the requeue will happen as per the current logic here. https://github.com/openshift/library-go/blob/master/pkg/operator/staticpod/controller/installer/installer_controller.go#L481.

[tjungblu]

then we need to rethink the ensureInstallerPod signature potentially. I don't think we should trigger an event for this for example:

c.eventRecorder.Warningf("InstallerPodFailed", "Failed to create installer pod for revision %d count %d on node %q: %v", 
       currNodeState.TargetRevision, currNodeState.LastFailedCount, currNodeState.NodeName, err) 

that's misleading, because there was no actual error that failed the installation. We just skipped it.

[tjungblu]

ah okay, now I get it. If you want to use an error for control flow, that's fine. But then we don't really need the boolean to denote whether to skip it or not.

I (personally) would use the error for real errors though.

[tjungblu]

I only very superficially looked through your tests, but I'm generally missing one with multiple NodeStatuses.

Maybe more meaningful for etcd would be a test with three nodes at those revisions:

master-0 = 4
master-1 = 3 (would be next to get to 4)
master-2 = 3

Now our quorum guard says master-0 went away (eg, machine was turned off). What happens to the remaining revisions?

I would expect this to block the installation of rev 4 on master-1 and master-2.
Maybe also think of a couple of such tests, maybe with a more structured permutation approach. We can discuss this also next Tuesday.

[jubittajohn]

/assign @dusk125

[openshift-ci-robot]

@jubittajohn: This pull request references ETCD-612 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.17.0" version, but no target version was set.

In response to this:

Added the callback shouldRevisionInstall to provide additional conditions for installation

This changes are consumed by : openshift/cluster-etcd-operator#1278

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci-robot]

@jubittajohn: This pull request references ETCD-612 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.17.0" version, but no target version was set.

In response to this:

Added the callback shouldRevisionInstall to provide additional conditions for installation

These changes are consumed by : openshift/cluster-etcd-operator#1278

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[tjungblu]

/lgtm (non binding)

can you please also squash all commits into one and remove the WIP please?

[tjungblu]

/assign @dgrisonnet

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: jubittajohn, tjungblu
Once this PR has been reviewed and has the lgtm label, please ask for approval from dgrisonnet. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• pkg/operator/staticpod/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[dgrisonnet]

I think we should follow the same precondition pattern that we have in the static resource controller: https://github.com/openshift/library-go/blob/master/pkg/operator/staticresourcecontroller/static_resource_controller.go#L55-L59. Meaning that we would allow for any condition to be defined to gate the revision process.

Also, we should pass on a context in that method and propagate it all the way down in case we need to cancel it for some reasons. Especially in https://github.com/openshift/cluster-etcd-operator/blob/master/pkg/operator/ceohelpers/bootstrap.go#L139 and maybe some other functions that don't take it yet.

[tjungblu]

good idea, @jubittajohn can we create it slightly different like this?

type StaticPodInstallerPreconditionsFuncType func(ctx context.Context) (bool, error)

and then the struct value could look like this

installPrecondition StaticPodInstallerPreconditionsFuncType

that way is more consistent with the other packages.

[dgrisonnet]

I think this check should be moved to manageInstallationPods because this function is supposed to be only about creating the installer pod.

[dgrisonnet]

we could maybe even move it inside the sync function before the call to manageInstallationPods since we want to skip the installation process entirely when the preconditions are not fulfilled.

[tjungblu]

yeah we thought so, but it's better to continue the current rollout. See #1749 (comment)

[dgrisonnet]

good point. it made me notice that we might be subject to the following issue: #1749 (comment)

[dusk125]

lgtm, but I'll let Damien have the last word

[dgrisonnet]

Let's imagine the following scenario:
t0: sync for a new revision occurs, preconditions are true, the installer pod is created
t1: preconditions became false while installation is still in progress
t2: sync happens again, ensureInstallerPod returns true for requeuing because the installer pod can't be installed due to the preconditions not being met.

When that happens, we return early in

library-go/pkg/operator/staticpod/controller/installer/installer_controller.go

Lines 500 to 503 in f152bd5

	if requeue {
	klog.V(4).Infof("Requeuing the creation of installer pod for revision %d on node %q", currNodeState.TargetRevision, currNodeState.NodeName)
	return true, 0, nil
	}

which means that the statuses will not be updated unless the preconditions are met again.

To prevent the whole flow from being dependent on the preconditions, we should make sure that the preconditions are only evaluated when the installer pod isn't already present.

[tjungblu]

maybe I'm off, but wouldn't t2 not go through the ensureInstallerPod branch? the previous if condition should be true?

if operatorStatus.LatestAvailableRevision > currNodeState.TargetRevision {
				// no backoff if new revision is pending
			}

@jubittajohn can we add a unit test for the condition that @dgrisonnet mentioned? I think he has a valid point that we definitely must update the node status for ongoing installations, even when the precondition is false.

[jubittajohn]

@dgrisonnet As pointed out , ensureInstallerPod returns true at t2.
@tjungblu The if condition mentioned would evaluate to false at t2 allowing the installer creation process to continue. The mentioned condition only evaluates to true when a later revision is pending compared to the one currently being rolled out. Therefore, the ensureInstallerPod is invoked.

To address this, I have added a check as suggested to ensure that preconditions are only evaluated when the installer pod isn't already present. Additionally, I have added a unit test for this scenario to confirm the behavior.

Could you please review the new changes ?

[tjungblu]

looks good, thanks for the test case :)

[tjungblu]

can we leave a log statement here, too, please?

[tjungblu]

Suggested change

	return true, nil
	klog.Infof("Skipping the creation of installer pod [%s] because of precondition check", installerPodName)
	return true, nil

[tjungblu]

just as an example, feel free to find a more fitting log statement

[openshift-ci]

@jubittajohn: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.