-
Notifications
You must be signed in to change notification settings - Fork 377
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug 1774642: Avoid hard links in cli-artifacts #171
Conversation
Hi @yselkowitz. Thanks for your PR. I'm waiting for a openshift member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/ok-to-test |
COPY --from=builder /go/src/github.com/openshift/oc/_output/bin/linux_amd64/oc /usr/share/openshift/linux_amd64/oc | ||
COPY --from=builder /go/src/github.com/openshift/oc/_output/bin/linux_arm64/oc /usr/share/openshift/linux_arm64/oc | ||
COPY --from=builder /go/src/github.com/openshift/oc/_output/bin/linux_ppc64le/oc /usr/share/openshift/linux_ppc64le/oc | ||
COPY --from=builder /go/src/github.com/openshift/oc/_output/bin/linux_s390x/oc /usr/share/openshift/linux_s390x/oc |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I prefer the previous approach, because with this one we still have inconsistent paths for with Windows and Mac binaries. Also, oc.exe
for Windows, no? And isn't this doubling the amd64 Linux oc
in the image?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- The copy-once-and-link approach didn't work for
oc adm release extract
, as discussed on Slack. This goes back to my original proposal which should be safer. - Just fixed the .exe and repushed.
- Yes, regardless of approach, there are duplicate oc binaries for the native arch, because cli-artifacts FROMs cli which includes a native
/usr/bin/oc
. If it is deemed safe to do so, perhaps cli-artifacts can inherit base instead, but I don't know for sure all the ways cli-artifacts are used. (base would be safe wrt the console-operator usage after my PR there lands, which it has in 4.3+ but not yet in 4.2).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@yselkowitz pointed out out of band that we do need to preserve non-hardlink files at the old locations for compat with existing 4.2.z oc
. So that's a good reason to prefer a Dockerfile fix. But we can use hardlinks to allow the console downloads deployment to use the standardized paths. I think. I'm not actually sure how our Dockerfile builds work; if we get a separate tar layer for each of these commands we might have trouble setting up links...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
With the CI release from this PR.
$ oc adm release info --image-for=cli-artifacts registry.svc.ci.openshift.org/ci-op-620kiff3/release:latest
registry.svc.ci.openshift.org/ci-op-620kiff3/stable@sha256:a5593b42790df013921d8144351886dd6afecf99d558347c5195661714f74c79
$ podman pull registry.svc.ci.openshift.org/ci-op-620kiff3/stable@sha256:a5593b42790df013921d8144351886dd6afecf99d558347c5195661714f74c79
$ podman save --format oci-dir --output cli-artifacts registry.svc.ci.openshift.org/ci-op-620kiff3/stable@sha256:a5593b42790df013921d8144351886dd6afecf99d558347c5195661714f74c79
$ jq -r '.layers[].digest' cli-artifacts/manifest.json
$ jq -r '.layers[].digest' cli-artifacts/manifest.json
sha256:2cab4440f9070965c8454792eee4b122bce5939cc6d21e554469f01e71712a89
sha256:64f2bd9f473b0ae150f07dc65aafb90beeec7ebaa722625055cb8c1ddede0b09
sha256:bd48b9cc9f65a873bde992c97649ace2895af41307502429527f35f1bebda2c0
sha256:86e61694888a7971fcd711f84b1eff117844813adb4ed388d34bdb2d347fd33d
sha256:51224f9c74f3f5df27f9f4a29e97832e6f8c19ea7856fe269dbf747a01cd6026
sha256:fa4f7b9bdc6c8e5a3e5eeb0bb79eaab791123b2ecc1b07f94ea06a1c40db3854
$ tar -tvf cli-artifacts/fa4f7b9bdc6c8e5a3e5eeb0bb79eaab791123b2ecc1b07f94ea06a1c40db3854
drwxr-xr-x 0/0 0 2019-10-08 05:41 usr/
drwxr-xr-x 0/0 0 2019-11-20 09:25 usr/share/
drwxr-xr-x 0/0 0 2019-11-20 09:25 usr/share/openshift/
-rwxr-xr-x 0/0 0 1969-12-31 16:00 usr/share/openshift/.wh..wh..opq
drwxr-xr-x 0/0 0 2019-11-20 09:25 usr/share/openshift/linux_amd64/
-rwxr-xr-x 0/0 82720408 2019-11-20 09:22 usr/share/openshift/linux_amd64/oc
drwxr-xr-x 0/0 0 2019-11-20 09:25 usr/share/openshift/linux_arm64/
-rwxr-xr-x 0/0 77812608 2019-11-20 09:23 usr/share/openshift/linux_arm64/oc
drwxr-xr-x 0/0 0 2019-11-20 09:25 usr/share/openshift/linux_ppc64le/
-rwxr-xr-x 0/0 79059232 2019-11-20 09:24 usr/share/openshift/linux_ppc64le/oc
drwxr-xr-x 0/0 0 2019-11-20 09:25 usr/share/openshift/linux_s390x/
-rwxr-xr-x 0/0 81223040 2019-11-20 09:25 usr/share/openshift/linux_s390x/oc
drwxr-xr-x 0/0 0 2019-11-20 09:25 usr/share/openshift/mac/
-rwxr-xr-x 0/0 93382160 2019-11-20 09:20 usr/share/openshift/mac/oc
drwxr-xr-x 0/0 0 2019-11-20 09:25 usr/share/openshift/windows/
-rwxr-xr-x 0/0 81619968 2019-11-20 09:21 usr/share/openshift/windows/oc.exe
So it looks like they all get squashed down into a single layer. How about:
COPY --from=builder /go/src/github.com/openshift/oc/_output/bin/ /usr/share/openshift/
RUN mkdir /usr/share/openshift/mac /usr/share/openshift/windows && mv /usr/share/openshift/darwin_amd64/oc /usr/share/openshift/mac/oc && ln -s /usr/share/openshift/mac/oc /usr/share/openshift/darwin_amd64/oc && mv /usr/share/openshift/windows_amd64/oc.exe /usr/share/openshift/windows/oc.exe && ln -s /usr/share/openshift/windows/oc.exe /usr/share/openshift/windows_amd64/oc.exe
That would keep the plain-file tar entries where they were before #153, but still allow the downloads deployment to work with the new, standardized paths.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
symlink approach I floated in that^ comment is working in #172.
openshift#153 introduced a regression because `oc adm release extract` does not handle the hard links well.
/retitle Bug 1774642: Avoid hard links in cli-artifacts |
@yselkowitz: This pull request references Bugzilla bug 1774642, which is valid. The bug has been updated to refer to the pull request using the external bug tracker. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
And because of the 4h timeout (which I don't understand), we have no gathered pod logs to explain why downloads was missing. But it makes me jumpy about this PR as it stands with 2510f47. |
/retest |
/assign @mfojtik |
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: crawford, mfojtik, yselkowitz The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
#153 introduced a regression because
oc adm release extract
does not handle the hard links well.