New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[release-4.8] OCPBUGS-16208: Dockerfile: build both RHEL7 and RHEL8 shims #1776
[release-4.8] OCPBUGS-16208: Dockerfile: build both RHEL7 and RHEL8 shims #1776
Conversation
@jcaamano: This pull request references Jira Issue OCPBUGS-16208, which is invalid:
Comment The bug has been updated to refer to the pull request using the external bug tracker. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/retest-required |
/jira refresh |
@jcaamano: This pull request references Jira Issue OCPBUGS-16208, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Since the shim (ovn-k8s-cni-overlay) gets copied to the host OS and executed in the host mount namespace by CRIO/Multus it needs to be runtime compatible with the host OS. Running a RHEL8-built shim on a RHEL7 system doesn't work due to different shared library dependencies between the two OS versions. This wasn't a problem before because CGO_ENABLED=0 which essentially statically linked everything into the binary. But since we actually need CGO_ENABLED=1 (which ART forces on "official" builds anyway) to ensure we use OpenSSL's crypto for FIPS compliance, we run into the OS version problem with our binaries since they are really always built with CGO_ENABLED=1 anyway. So... build two separate versions of ovn-kubernetes in different layers, and copy the RHEL7 shim into a special location where our container startup scripts can find it. Signed-off-by: Jaime Caamaño Ruiz <jcaamano@redhat.com> (cherry picked from commit 932ef31)
46d786f
to
20f8d23
Compare
/override ci/prow/e2e-aws-ovn Need 4.8 backport of openshift/origin#27422, plus one image pull backoff issue for ingress-canary |
/lgtm |
@dcbw: Overrode contexts on behalf of dcbw: ci/prow/e2e-aws-ovn, ci/prow/e2e-aws-ovn-local-gateway, ci/prow/e2e-azure-ovn, ci/prow/e2e-vsphere-ovn, ci/prow/e2e-vsphere-windows In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: dcbw, jcaamano The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
@jcaamano: The following tests failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
/label cherry-pick-approved |
eafcda0
into
openshift:release-4.8
@jcaamano: Jira Issue OCPBUGS-16208: All pull requests linked via external trackers have merged: Jira Issue OCPBUGS-16208 has been moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
[ART PR BUILD NOTIFIER] This PR has been included in build ose-ovn-kubernetes-container-v4.8.0-202311261141.p0.geafcda0.assembly.stream for distgit ose-ovn-kubernetes. |
Since the shim (ovn-k8s-cni-overlay) gets copied to the host OS and executed in the host mount namespace by CRIO/Multus it needs to be runtime compatible with the host OS. Running a RHEL8-built shim on a RHEL7 system doesn't work due to different shared library dependencies between the two OS versions.
This wasn't a problem before because CGO_ENABLED=0 which essentially statically linked everything into the binary. But since we actually need CGO_ENABLED=1 (which ART forces on "official" builds anyway) to ensure we use OpenSSL's crypto for FIPS compliance, we run into the OS version problem with our binaries since they are really always built with CGO_ENABLED=1 anyway.
So... build two separate versions of ovn-kubernetes in different layers, and copy the RHEL7 shim into a special location where our container startup scripts can find it.
Signed-off-by: Jaime Caamaño Ruiz jcaamano@redhat.com
(cherry picked from commit 932ef31)
- What this PR does and why is it needed
- Special notes for reviewers
- How to verify it
- Description for the changelog