New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug 1995785: crio: complete crio default config #2723
Bug 1995785: crio: complete crio default config #2723
Conversation
relevant line is
this enables all not currently enabled items in that command |
For completeness this is related to https://bugzilla.redhat.com/show_bug.cgi?id=1993385#c3 |
65a4c11
to
ae1daa0
Compare
This looks fine but the commit message could use some more detail. |
aa8bad7
to
52f42dc
Compare
Instead of relying on /etc/crio/crio.conf (shipped in the cri-o rpm) for fields, we should import all relevant fields into MCO. This will allow us to eventaully use MCO to remove /etc/crio/crio.conf (and have the rpm stop shipping it). We do this because there exists a strange interaction with rpm-ostree and old version of MCO, where all files in `/etc/ are treated as `%config(noreplace)`. In this case, from ostree's PoV the file was "manually" modified (by the MCO), then the MCO stopped modifying it. ostree doesn't know that though, so the file became "unmanaged state". However, this unmanaged state causes updates to the rpm to not translate to the disk, and there remains a stale `conmon = "/usr/libexec/crio/conmon"` line in /etc/crio/crio.conf, which causes nodes to not come up. Instead of allowing nodes to not come up, we populate the MCO template with all relevant fields in the cri-o rpm (including "conmon" option, even though it's being set to the default), which will override the stale config, and allow us to eventually remove it from the rpm and remove it from disk in MCO. Signed-off-by: Peter Hunt <pehunt@redhat.com>
/lgtm |
I built a 4.9 image for this as |
Not worth a respin, but that's not quite correct. It's more that all files in Or to rephrase, the problem is that the file was edited compared to the RPM default, and then stopped being modified; not that it was "managed by an RPM". |
/cherrypick release-4.8 |
@cgwalters: once the present PR merges, I will cherry-pick it on top of release-4.8 in a new PR and assign it to you. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
52f42dc
to
7d79caa
Compare
updated the commit, ptal @cgwalters |
@haircommander: This pull request references Bugzilla bug 1995785, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/bugzilla refresh |
@rphillips: An error was encountered querying GitHub for users with public email (schoudha@redhat.com) for bug 1995785 on the Bugzilla server at https://bugzilla.redhat.com. No known errors were detected, please see the full error message for details. Full error message.
Post "http://ghproxy/graphql": dial tcp 172.30.229.2:80: i/o timeout
Please contact an administrator to resolve this issue, then request a bug refresh with In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/bugzilla refresh |
@rphillips: This pull request references Bugzilla bug 1995785, which is valid. 3 validation(s) were run on this bug
No GitHub users were found matching the public email listed for the QA contact in Bugzilla (schoudha@redhat.com), skipping review request. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
[APPROVALNOTIFIER] This PR is APPROVED Approval requirements bypassed by manually added approval. This pull-request has been approved by: haircommander, mrunalp, rphillips The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Do we need to think about how these “all relevant fields” will be kept up-to-date? I.e. is there a risk of CRI-O upstream, and/or the RPM maintainer, adjusting the default config file, and MCO not being updated? Alternatively, would it be possible to somehow convince ostree to return Or are the relevant maintainers actually paying more attention to the MCO than to the upstream and/or RPM configuration, so this is not really a concern at all? |
Absolutely, that's easy: we can change the MCO to This path though is aligned with the yum/rpm case of the semantics of There's code in the MCO which tries to simulate this with I think this is the second or third bug we've had of this form. I think the most robust fix is: crio ships defaults in Also, related to this: when the MCO writes its drop in, it should only write values that actually changed, and not write the whole config file. |
upgrade failed with:
That's not unique to this PR, and sounds orthogonal. I think we should:
to get this landed and unblock the backport chain for this |
@wking: wking unauthorized: /override is restricted to Repo administrators, approvers in top level OWNERS file. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@haircommander: The following tests failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
Given the urgency and fact that the e2e test is required by basically red. Let's merge to unblock /override ci/prow/e2e-agnostic-upgrade |
@kikisdeliveryservice: Overrode contexts on behalf of kikisdeliveryservice: ci/prow/e2e-agnostic-upgrade In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@cgwalters: new pull request created: #2726 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@haircommander: All pull requests linked via external trackers have merged: Bugzilla bug 1995785 has been moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/bugzilla refresh |
@kikisdeliveryservice: Bugzilla bug 1995785 is in an unrecognized state (MODIFIED) and will not be moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Instead of relying on /etc/crio/crio.conf (shipped in the cri-o rpm) for fields, we should import all relevant fields into MCO.
This will allow us to eventaully use MCO to remove /etc/crio/crio.conf (and have the rpm stop shipping it).
We do this because there exists a feature where rpm-ostree pins a file if it was ever managed by an RPM, and doesn't update it.
however, we want to be able to change crio configuration post-installation, and having a pinned crio config could interfere with that.
Finally, even though conmon path ("conmon" option) is set to the default, we include it here, to work around the aforementioned bug manifesting
in CRI-O failing to come up.
Signed-off-by: Peter Hunt pehunt@redhat.com
- What I did
- How to verify it
- Description for the changelog