MCO-497: Prep node for RHCOS 9 upgrade

[cheesesashimi]

- What I did

- How to verify it

- Description for the changelog

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: cheesesashimi

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [cheesesashimi]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci-robot]

@cheesesashimi: This pull request references MCO-497 which is a valid jira issue.

In response to this:

- What I did

- How to verify it

- Description for the changelog

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[cgwalters]

PR to add hotfixes up at coreos/coreos-assembler#3352 and openshift/os#1162

Demonstration container up at quay.io/cgwalters/ostest:

$ podman run --rm -ti --entrypoint ls quay.io/cgwalters/ostest -al /usr/share/rpm-ostree/extensions/hotfixes
total 2936
drwxr-xr-x. 1 root root      94 Feb 13 23:06 .
drwxr-xr-x. 1 root root      16 Feb 13 23:06 ..
-rw-r--r--. 1 root root      94 Feb 13 23:03 hotfixes.json
-rw-r--r--. 1 root root 3002316 Feb 13 23:03 rpm-ostree-2022.2-2.el8.x86_64.rpm

[cheesesashimi]

I'm fairly certain this is correct for the applyLayeredOSChanges() path. However, I'm not as certain for the applyLegacyOSChanges() path.

[cgwalters]

I think applyLegacyOSChanges() may be fully dead code now? cc @jkyros

[cheesesashimi]

If that path is dead, I'd like to remove it in a follow-up PR. No sense in keeping it around if it's not being used.

[jkyros]

applyLegacyOSChanges() can only be reached if someone feeds us an "old format" image. I'm assuming the only way to get to 4.13 is through a 4.12 version (like, we don't support someone forcing an upgrade from 4.11 to 4.13), so yes, if that assumption is true, I think we can safely take applyLegacyOSChanges() out for 4.13, which is awesome, because that was an unpleasant bit of code. 😄

[cheesesashimi]

It seems odd that only FCOS and SCOS set this field and that RHCOS simply doesn't. It is possible that I examined the wrong container labels when I was setting up the tests for this code.

[cgwalters]

Yeah 😢 This is because of the machine-os-content zombie issue...some links for this in openshift/os#1048

Basically oc adm release new barfs and dies if there are two container images in the release which claim to be an operating system. OKD already set things up so that machine-os-content is an alias, so they don't have this problem.

[cheesesashimi]

I've included the commands I used to obtain the image labels for a sanity check. If I was looking at the wrong source image, please let me know.

[cheesesashimi]

I added an additional check to this e2e test that gets the OS image labels given the current release on the test cluster. This way, we can get the same early warning if something changes unexpectedly.

[cheesesashimi]

Is this the right way to upgrade rpm-ostree with the extensions container repo set up?

[cgwalters]

One tricky bit is we'll likely need to run this code in the host mount namespace. So something like:

systemd-run -qP /bin/sh -c 'rpm-ostree usroverlay; rpm -Uvh /path/to/extensions/hotfixes/8/*.rpm && systemctl restart rpm-ostreed'

or so.

The actual path to the mounted hotfixes will be a hotfixes subdirectory of the extensions path.

[cheesesashimi]

Gotcha. Yeah, that may take a bit to get right or I'll have to drop it in a temp file first.

[cheesesashimi]

/test unit
/test verify

[openshift-ci]

@cheesesashimi: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[cgwalters]

Zack and I had a realtime chat about this. Summary from my PoV:

• Get https://bugzilla.redhat.com/show_bug.cgi?id=2169429 at least QE approved and then we'll fast-track it into the OCP 4.13/rhel8 channel
• Update Add hotfixes-rhel-coreos-9.yaml os#1162 to pull in that fix
• Rerun a build of the 4.13-9.2 pipeline to pull in an updated extensions container with that patched rpm-ostree
• Clean up and iterate on this PR, land it
• Rebase Switch to rhel-coreos-9 #3485 on master

or so?

[cgwalters]

Let's also try to handle the standard OCI label for this. See ostreedev/ostree-rs-ext#454

Basically the standard key is org.opencontainers.image.version so let's look for that first.

[cheesesashimi]

I don't see that key in any of the labels I used to set up the tests. Did I not get the right labels?

[cgwalters]

One tricky bit is we'll likely need to run this code in the host mount namespace. So something like:

systemd-run -qP /bin/sh -c 'rpm-ostree usroverlay; rpm -Uvh /path/to/extensions/hotfixes/8/*.rpm && systemctl restart rpm-ostreed'

or so.

The actual path to the mounted hotfixes will be a hotfixes subdirectory of the extensions path.

[cgwalters]

I think applyLegacyOSChanges() may be fully dead code now? cc @jkyros

[cheesesashimi]

Closing due to strategy change. See: https://issues.redhat.com/browse/OCPBUGS-7275?focusedCommentId=21743230&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-21743230