WIP windows support for kured#460
Conversation
| $cbsKey = Get-ItemProperty "HKLM:\Software\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction Ignore | ||
| if ($cbsKey.PSObject.Properties.name -contains 'RebootPending') { | ||
| Write-Output "Reboot requried - Component Based Servicing:RebootPending registry value detected" | ||
| New-Item -Path '/var/run' -Name 'reboot-required' -ItemType File -Force |
There was a problem hiding this comment.
Remind me: why do we want to emulate the sentinel filepath pattern here, why not just return 0 (reboot required) if any of the two keys here have the required reboot properties?
There was a problem hiding this comment.
Sure - Both of those registry keys are only cleared on the next boot if Windows servicing operations set those keys.
If a user manually sets either of those keys and then reboots this would most likely result in the node being stuck in a reboot loop.
Adding a sentinel file here seemed like a more generic approach. I can image situations where things outside of the windows servicing stack would want to trigger a reboot once (things like node-problem-detector for example).
I also feel it is important to be able to detect when there is a pending reboot due to things like Windows Update needing to reboot the node for security fixes to be applied. Having a powershell script that can detect both situations seemed a good compromise.
There was a problem hiding this comment.
That makes sense. So basically the idea here is to promote the general idea of "create the sentinel file c:\var\run\reboot-required to indicate that you want a reboot.
And the init container that we're shipping is a POC for how to implement an end-to-end solution (because you need a thing to delete that file at bootup to make this strategy work).
evrardjp
left a comment
evrardjp
left a comment
There was a problem hiding this comment.
I didn't fully review, but I feel like we can improve the code readability by implementing interfaces and the right types.
| } | ||
|
|
||
| func main() { | ||
| os.Stdout.WriteString(fmt.Sprintf("Command line args: %v\n", os.Args)) |
There was a problem hiding this comment.
do we need this line? Do we need it in main?
There was a problem hiding this comment.
No, sorry these were to help me figure out an issue related to microsoft/hcsshim#1207.
I'll remove all of these.
There was a problem hiding this comment.
Well, you found it useful to have flags displayed, so we should probably address that in a later patch :)
| // On Windows kubed daemonset needs to run in a HostProcess container which | ||
| // run all processes in the hosts process namespace. | ||
| return command | ||
| } else { |
There was a problem hiding this comment.
Shouldn't we start to build an interface instead, and make sure the linker/user input allows us to infer the type of command to run?
| var config *rest.Config | ||
| var err error | ||
|
|
||
| if runtime.GOOS == windows { |
There was a problem hiding this comment.
If we implement interface with windows/linux k8s servers as types, then we could have a method for getting the config based on those. It would look simpler and simpler to test.
There was a problem hiding this comment.
I'll look into building an interface to for windows/linux behaviors so we can remove the GOOS if/else statements in the code.
I wanted to cleanup some other parts of this PR first (like building the container images with make targets) but that is done.
| // buildSentinelCommand creates the shell command line which will need wrapping to escape | ||
| // the container boundaries | ||
| func buildSentinelCommand(rebootSentinelFile string, rebootSentinelCommand string) []string { | ||
| func buildSentinelCommand(rebootSentinelFile string, rebootSentinelCommand string, GOOS string) []string { |
Signed-off-by: Mark Rossetti <marosset@microsoft.com>
marosset
force-pushed
the
windows-support
branch
from
ee6eafc to
2d9b5c3
Compare
… paths and use the correct service account Signed-off-by: Mark Rossetti <marosset@microsoft.com>
|
|
||
| var ( | ||
| version = "unreleased" | ||
| windows = "windows" |
| "k8s.io/client-go/tools/clientcmd" | ||
| ) | ||
|
|
||
| type osSpecificBehaviors interface { |
There was a problem hiding this comment.
I'm open to suggestions for better names for any of the objects in this file :-/
Signed-off-by: Mark Rossetti <marosset@microsoft.com>
rchaganti
left a comment
rchaganti
left a comment
There was a problem hiding this comment.
Adding a couple of comments around Test-PendingReboot.ps1 to ensure the code written follows the PowerShell best practices.
|
|
||
| $autoUpdateKey = Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" -ErrorAction Ignore | ||
| if ($autoUpdateKey.PSObject.Properties.name -contains 'RebootRequired') { | ||
| Write-Output "Reboot required - Auto Update:RebootRequired registry value detected" |
There was a problem hiding this comment.
Write-Output returns objects to the pipeline. We do not use it in a script unless that behavior is expected. Instead, you can use Write-Information.
PS C:\scripts> .\Test-PendingReboot.ps1
Reboot not required
|
|
||
| if (Test-Path -Path '/var/run/reboot-required') { | ||
| Write-Output "Reboot required" | ||
| exit 0 |
There was a problem hiding this comment.
if your intention is to return 0 or 1, you must use return keyword and not exit. exit kills the PowerShell session where this function runs.
PS C:\scripts> $return = .\Test-PendingReboot.ps1
PS C:\scripts> $return
Reboot not required
If you see in this, the return value from the script is not 0 or 1. Instead, it returned Reboot not required. If you replace the Write-Output with Write-Information and exit with return, here is what you will see.
PS C:\scripts> $return = .\Test-PendingReboot.ps1
PS C:\scripts> $return
1
|
This PR was automatically considered stale due to lack of activity. Please refresh it and/or join our slack channels to highlight it, before it automatically closes (in 7 days). |
ckotzbauer
added
keep
|
This PR was automatically considered stale due to lack of activity. Please refresh it and/or join our slack channels to highlight it, before it automatically closes (in 7 days). |
|
This PR was automatically considered stale due to lack of activity. Please refresh it and/or join our slack channels to highlight it, before it automatically closes (in 7 days). |
|
@marosset Are there any news on this? Is this still WIP? |
|
This PR was automatically considered stale due to lack of activity. Please refresh it and/or join our slack channels to highlight it, before it automatically closes (in 7 days). |
5 participants
Signed-off-by: Mark Rossetti marosset@microsoft.com
Here is a prototype that I have working for Windows support.
A few things to note include:
c:\var\run\reboot-requiredif it exists. This way things outside of the Windows servicing stack can write the sentinel file and expect a reboot to be triggered once.c:\var\run\reboot-requiredif one of several registry keys controlled by the servicing stack is set. These keys are cleared as servicing operations are processed."'s in command line args (these interfere with command construction if not trimmed)