mcc: accept ign3 & translate down

[kikisdeliveryservice]

Phase 1 of Ign3 transition, the MCC accept Ign3 configs translates them down to version 2 and applies to pool while preserving the original V3 configs. New func IgnParseWrapper() allows us to use one function to parse both configs and can be used for later phases.

Related pre-work : coreos/ign-converter#4

[kikisdeliveryservice]

/skip

[kikisdeliveryservice]

Feb 14 03:38:05.549: INFO: > ERROR: (gcloud.compute.instance-groups.list-instances) could not parse resource []

/retest

[runcom]

amazing, I think this has to be a combination of this and #996 in order to actually accept Ign v3 and have a smoke e2e that creates a v3 MachineConfig (which is later translated down to v2 internally for the 4.5 timeframe cc @yuqi-zhang )

[yuqi-zhang]

If we want #996 in first we will probably have to adapt this to convert from v3 and rawextention. We also would need a way to detect versioning in a rawextention object before converting, which 996 currently does not seem to have. https://github.com/openshift/machine-config-operator/pull/996/files#r381541065

[kikisdeliveryservice]

Finally rebased to pick up new RawExt changes after being blocked but that PR.

[ashcrow]

/retest

[ashcrow]

/retest ci/prow/e2e-gcp-upgrade

[openshift-ci-robot]

@ashcrow: The /retest command does not accept any targets.
The following commands are available to trigger jobs:

• /test e2e-aws
• /test e2e-aws-disruptive
• /test e2e-aws-scaleup-rhel7
• /test e2e-gcp-op
• /test e2e-gcp-upgrade
• /test e2e-metal-ipi
• /test e2e-openstack
• /test e2e-ovirt
• /test e2e-vsphere
• /test images
• /test unit
• /test verify

Use /test all to run all jobs.

In response to this:

/retest ci/prow/e2e-gcp-upgrade

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[ashcrow]

/test e2e-gcp-upgrade

[kikisdeliveryservice]

@ashcrow those failures don't have anything to do with this pr. no need to retest just yet! :)

[runcom]

/retest

[runcom]

found the issue - it's an ordering issue with machineconfig names, we know that MC are ordered when being merged together. I will also make the updateSSHKeys function better as today it just uses the last entry (?!) which is what causes this in tandem

This also explains why it works when you run the test alone in a live cluster but it would have failed in a live cluster as well if MC names were messed up like here. It explains also why Urvashi's PR was failing with a similar error on grep as she had the very same issue about MC names ordering.

This is the content of the rendered MC for this ign3 test:

passwd: {
users: [
{
name: "core",
sshAuthorizedKeys: [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUq7W38xCZ9WGSWCvustaMGMT04tRohw6AKGzI7P7xql5lhCAReyt72n9qWQRZsE1YiCSQuTfXI1oc8NpSM7+lMLwj12G8z3I1YT31JHr9LLYg/XIcExkzfBI920CaS82VqmKOpI9+ARHSJBdIbKRI0f5Y+u4xbc5UzKCJX8jcKGG7nEiw8zm+cvAlfOgssMK+qJppIbVcb2iZNTsw5i2aX6FDMyC+b17DQHzBGpNbhZYxuoERZVRcnYctgIzuo6fD60gniX0fVvrchlOnubB1sRYbloP2r6UE22w/dpLKOFE5i7CA0ZzNBERZ94cIKumIH9MiJs1a6bMe89VOjjNV devenv "
]
},
{
name: "core",
sshAuthorizedKeys: [
"1234_test_ign3"
]
},
{
name: "core",
sshAuthorizedKeys: [
"1234_test",
"abc_test"
]
}
]
},

and you can see the MCD is only using the last one:

I0423 09:28:06.841256    2039 update.go:500] user data to be verified before ssh update: {<nil>  []  core false false false <nil>  [1234_test abc_test]  false <nil>}

affected code is here:

// Update a given PasswdUser's SSHKey
func (dn *Daemon) updateSSHKeys(newUsers []igntypes.PasswdUser) error {
	if len(newUsers) == 0 {
		return nil
	}

	// we're also appending all keys for any user to core, so for now
	// we pass this to atomicallyWriteSSHKeys to write.
	var concatSSHKeys string
	for _, k := range newUsers[len(newUsers)-1].SSHAuthorizedKeys {
		concatSSHKeys = concatSSHKeys + string(k) + "\n"
	}
	if !dn.mock {
		// Note we write keys only for the core user and so this ignores the user list
		if err := dn.atomicallyWriteSSHKey(concatSSHKeys); err != nil {
			return err
		}
	}
	return nil
}

I'm fixing it by just updating the name of the MC and update MCD fix (being tested here #1676 as it also fixes the issue here but it's not needed for this PR, just the names change is needed but that PR will prove me wrong and we can go with the other fix maybe and it did lol)

[runcom]

Pending my fix

/hold

[sinnykumari]

Nice debugging Antonio!

[runcom]

was able to push directly (I had wrong remotes setup in my git and assumed it was off because it's the same error, took me some time to figure out and now I was able to push)

/hold cancel

[runcom]

was able to push directly (I had wrong remotes setup in my git and assumed it was off because it's the same error, took me some time to figure out and now I was able to push)

/hold cancel

[runcom]

was able to push directly (I had wrong remotes setup in my git and assumed it was off because it's the same error, took me some time to figure out and now I was able to push)

/hold cancel

[runcom]

/retest

[runcom]

/refresh

[runcom]

/retest

[runcom]

I think we can leave this as is now and it'll go in as soon as tests turn green as the override is already taken into account

[runcom]

also github is having issues from time to time today

/retest

[LorbusChris]

/retest

[LorbusChris]

/retest

[yuqi-zhang]

The sshkey fix LGTM, it passes tests on #1676 as well

[runcom]

fixed finally https://prow.svc.ci.openshift.org/view/gcs/origin-ci-test/pr-logs/pull/openshift_machine-config-operator/1676/pull-ci-openshift-machine-config-operator-master-e2e-gcp-op/2005

I'll pick that commit here as that's the one really fixing the issue here.

[runcom]

/retest

[ashcrow]

/lgtm

[openshift-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ashcrow, kikisdeliveryservice, LorbusChris, runcom

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [ashcrow,kikisdeliveryservice,runcom]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[runcom]

/skip

[openshift-ci-robot]

@kikisdeliveryservice: The following test failed, say /retest to rerun all failed tests:

Test name	Commit	Details	Rerun command
ci/prow/e2e-aws-scaleup-rhel7	2f7a92b	link	/test e2e-aws-scaleup-rhel7

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[runcom]

/skip