Bug 1768978: RHCOS: bump to 43.81.201911081536.0 for FIPS support by yuqi-zhang · Pull Request #2633 · openshift/installer

yuqi-zhang · 2019-11-06T18:11:40Z

Build 43.81.201911061504.0 has all the necessary bits for FIPS day 1
support in RHCOS, with necessary dracut modules.

Signed-off-by: Yu Qi Zhang jerzhang@redhat.com

openshift-ci-robot · 2019-11-06T18:11:46Z

@yuqi-zhang: This pull request references Bugzilla bug 1768978, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

Bug 1768978: RHCOS: bump to 43.81.201911061504.0 for FIPS support

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

yuqi-zhang · 2019-11-06T18:15:54Z

Corresponding payload passed promotion: https://storage.googleapis.com/origin-ci-test/logs/release-promote-openshift-machine-os-content-e2e-aws-4.3/2992/build-log.txt

To test, this machine-os-content is in 4.3.0-0.ci-2019-11-06-170148 and later

yuqi-zhang · 2019-11-06T18:52:06Z

/hold

FIPS is acting up

cgwalters · 2019-11-06T19:26:11Z

/test e2e-vsphere
I am 97.32986121% sure this will really, pinky swear, fix the vsphere installs too. Was fairly crazy because there were three bugs there... I fixed two and then after fixing the first two and testing it a third bug came in at the same time...

ashcrow · 2019-11-06T20:46:29Z

/retest

yuqi-zhang · 2019-11-06T20:49:23Z

The tests are failing because the boostrap configs don't have encapsulation necessary for FIPS. Don't worry about retesting for now

jcpowermac · 2019-11-07T19:18:26Z

/test e2e-vsphere

jcpowermac · 2019-11-07T19:40:34Z

bootstrap node failure in vsphere

cgwalters · 2019-11-07T20:03:58Z

OK, yeah we still have more fixes coming. Hopefully 43.81.201911071053.0 will get this.

cgwalters · 2019-11-07T20:50:42Z

@yuqi-zhang can you bump to 43.81.201911071801.0 ?

yuqi-zhang · 2019-11-07T20:55:03Z

Done, also updated commit message and title

yuqi-zhang · 2019-11-07T20:55:30Z

/test e2e-azure

yuqi-zhang · 2019-11-07T20:55:41Z

/test e2e-vsphere

jcpowermac · 2019-11-07T20:59:17Z

thx @yuqi-zhang I will keep an eye out once the VMs start landing in vSphere CI env.

cgwalters · 2019-11-07T21:19:08Z

I don't understand those CI failures...
/retest

yuqi-zhang · 2019-11-07T21:24:10Z

rebased on master to be safe

yuqi-zhang · 2019-11-07T21:24:19Z

/test e2e-azure

yuqi-zhang · 2019-11-07T21:24:25Z

/test e2e-vsphere

yuqi-zhang · 2019-11-07T21:56:39Z

/retest

[INFO] Acquiring a lease ...
failed to acquire a resource: Post http://boskos.ci/acquire?dest=leased&owner=ci-op-10bhcfsn-1d3f3&request_id=6041391185526090318&state=free&type=aws-quota-slice: dial tcp 172.30.131.17:80: connect: no route to host

jcpowermac · 2019-11-07T22:02:02Z

Tested with my own ignition in vSphere. This release resolves the DHCP reset issue on reboot.
This PR should significantly improve vSphere CI results.

cgwalters · 2019-11-08T00:11:01Z

/retest

ashcrow · 2019-11-08T13:55:08Z

/retest

jcpowermac · 2019-11-08T14:53:24Z

/test e2e-vsphere

jcpowermac · 2019-11-08T15:00:51Z

Just reviewed the current vSphere CI env - The bootstrap node has been destroyed and a master node is still set to a static address at least for vsphere:
lgtm

[core@control-plane-0 ~]$ sudo rpm-ostree status
State: idle
AutomaticUpdates: disabled
Deployments:
● pivot://registry.svc.ci.openshift.org/ci-op-wsjyh5nq/stable@sha256:5470738d7464bbd33e3bbf578578b70dcf951b4be2b236a5e0938ac397ba4335
              CustomOrigin: Managed by machine-config-operator
                   Version: 43.81.201911080953.0 (2019-11-08T09:58:27Z)

  ostree://be562ba2d4a7f5d111cf654fef236bac72538b41096f9417f38f3ab9f205af97
                   Version: 43.81.201911071801.0 (2019-11-07T18:06:37Z)
[core@control-plane-0 ~]$ ip a show ens192
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:b6:db:0b brd ff:ff:ff:ff:ff:ff
    inet 139.178.87.133/25 brd 139.178.87.255 scope global noprefixroute ens192
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:feb6:db0b/64 scope link
       valid_lft forever preferred_lft forever
[core@control-plane-0 ~]$ cat /etc/sysconfig/network-scripts/ifcfg-ens192
TYPE=Ethernet
BOOTPROTO=none
NAME=ens192
DEVICE=ens192
ONBOOT=yes
IPADDR=139.178.87.133
PREFIX=25
GATEWAY=139.178.87.129
DOMAIN=ci-op-wsjyh5nq-67021.origin-ci-int-aws.dev.rhcloud.com
DNS1=1.1.1.1
DNS2=9.9.9.9

sdodson · 2019-11-08T15:14:14Z

@iamemilio @Fedosin @mandre to follow up on openstack failure

yuqi-zhang · 2019-11-08T15:16:25Z

One more update to the PR incoming with a last fix for fips, then I will remove the hold

mandre · 2019-11-08T17:14:11Z

@yuqi-zhang We'll need a patch to make OpenStack image download decompress the gzipped file, otherwise this is going to break all openstack jobs. @Fedosin is currently working on that patch.

yuqi-zhang · 2019-11-08T17:15:26Z

That's fine, let me know when that's in place

Build 43.81.201911081536.0 has all the necessary bits for FIPS day 1 support in RHCOS, with necessary dracut modules. Note that this also correctly suffixes .gz for various image types. Those images were already zipped correctly, but did not have extensions. Signed-off-by: Yu Qi Zhang <jerzhang@redhat.com>

yuqi-zhang · 2019-11-08T20:43:47Z

Updated to what hopefully is the last image BUT this still requires #2645

yuqi-zhang · 2019-11-08T20:46:01Z

Also note that various images now correctly suffix .gz extension (which I've noted in commit message) and that might trip over some other jobs

openshift-ci-robot · 2019-11-08T22:30:57Z

@yuqi-zhang: The following tests failed, say /retest to rerun them all:

Test name	Commit	Details	Rerun command
ci/prow/e2e-vsphere	286874b9ac6012d3cfa1d7d10907ecd85d4f3bcd	link	`/test e2e-vsphere`
ci/prow/e2e-libvirt	`68cc577`	link	`/test e2e-libvirt`
ci/prow/e2e-aws-scaleup-rhel7	`68cc577`	link	`/test e2e-aws-scaleup-rhel7`

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

mrunalp · 2019-11-08T23:13:11Z

/test e2e-aws

mandre · 2019-11-09T09:31:06Z

@yuqi-zhang the patch for OpenStack at #2645 is now ready for reviews. Thanks @Fedosin for the quick fix!

sdodson · 2019-11-11T16:38:35Z

/test e2e-openstack

sdodson · 2019-11-11T19:49:10Z

Discussed with @yuqi-zhang offline, this is good to go.
/hold cancel

sdodson · 2019-11-11T19:50:12Z

/lgtm

openshift-ci-robot · 2019-11-11T19:50:29Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ashcrow, sdodson, yuqi-zhang

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

~~OWNERS~~ [sdodson]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

openshift-ci-robot · 2019-11-11T23:17:22Z

@yuqi-zhang: All pull requests linked via external trackers have merged. Bugzilla bug 1768978 has been moved to the MODIFIED state.

Details

In response to this:

Bug 1768978: RHCOS: bump to 43.81.201911081536.0 for FIPS support

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

openshift-ci-robot added the bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. label Nov 6, 2019

openshift-ci-robot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Nov 6, 2019

ashcrow approved these changes Nov 6, 2019

View reviewed changes

openshift-ci-robot requested review from jcpowermac and patrickdillon November 6, 2019 18:13

openshift-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Nov 6, 2019

yuqi-zhang force-pushed the update-rhcos-fips branch from b0b47dc to c6f9e5f Compare November 7, 2019 20:54

yuqi-zhang changed the title ~~Bug 1768978: RHCOS: bump to 43.81.201911061504.0 for FIPS support~~ Bug 1768978: RHCOS: bump to 43.81.201911071801.0 for FIPS support Nov 7, 2019

yuqi-zhang force-pushed the update-rhcos-fips branch from c6f9e5f to 286874b Compare November 7, 2019 21:24

yuqi-zhang force-pushed the update-rhcos-fips branch from b3e6e59 to 68cc577 Compare November 8, 2019 20:42

yuqi-zhang changed the title ~~Bug 1768978: RHCOS: bump to 43.81.201911071801.0 for FIPS support~~ Bug 1768978: RHCOS: bump to 43.81.201911081536.0 for FIPS support Nov 8, 2019

Fedosin mentioned this pull request Nov 9, 2019

Bug 1770441: OpenStack: unpack compressed image data #2645

Merged

openshift-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Nov 11, 2019

openshift-ci-robot assigned sdodson Nov 11, 2019

openshift-ci-robot added the lgtm Indicates that a PR is ready to be merged. label Nov 11, 2019

openshift-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Nov 11, 2019

openshift-merge-robot merged commit db4b076 into openshift:master Nov 11, 2019

wking mentioned this pull request Apr 10, 2020

OpenStack: Docs: Fix a typo in the property name #3439

Merged

Conversation

yuqi-zhang commented Nov 6, 2019

Uh oh!

openshift-ci-robot commented Nov 6, 2019

Uh oh!

yuqi-zhang commented Nov 6, 2019

Uh oh!

yuqi-zhang commented Nov 6, 2019

Uh oh!

cgwalters commented Nov 6, 2019

Uh oh!

ashcrow commented Nov 6, 2019

Uh oh!

yuqi-zhang commented Nov 6, 2019

Uh oh!

jcpowermac commented Nov 7, 2019

Uh oh!

jcpowermac commented Nov 7, 2019

Uh oh!

cgwalters commented Nov 7, 2019

Uh oh!

cgwalters commented Nov 7, 2019

Uh oh!

yuqi-zhang commented Nov 7, 2019

Uh oh!

yuqi-zhang commented Nov 7, 2019

Uh oh!

yuqi-zhang commented Nov 7, 2019

Uh oh!

jcpowermac commented Nov 7, 2019

Uh oh!

cgwalters commented Nov 7, 2019

Uh oh!

yuqi-zhang commented Nov 7, 2019

Uh oh!

yuqi-zhang commented Nov 7, 2019

Uh oh!

yuqi-zhang commented Nov 7, 2019

Uh oh!

yuqi-zhang commented Nov 7, 2019

Uh oh!

jcpowermac commented Nov 7, 2019

Uh oh!

cgwalters commented Nov 8, 2019

Uh oh!

ashcrow commented Nov 8, 2019

Uh oh!

jcpowermac commented Nov 8, 2019

Uh oh!

jcpowermac commented Nov 8, 2019

Uh oh!

sdodson commented Nov 8, 2019

Uh oh!

yuqi-zhang commented Nov 8, 2019

Uh oh!

mandre commented Nov 8, 2019

Uh oh!

yuqi-zhang commented Nov 8, 2019

Uh oh!

yuqi-zhang commented Nov 8, 2019

Uh oh!

yuqi-zhang commented Nov 8, 2019

Uh oh!

openshift-ci-robot commented Nov 8, 2019 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

mrunalp commented Nov 8, 2019

Uh oh!

mandre commented Nov 9, 2019

Uh oh!

sdodson commented Nov 11, 2019

Uh oh!

sdodson commented Nov 11, 2019

Uh oh!

sdodson commented Nov 11, 2019

Uh oh!

openshift-ci-robot commented Nov 11, 2019

Uh oh!

openshift-ci-robot commented Nov 11, 2019

Uh oh!

openshift-ci-robot commented Nov 8, 2019 •

edited

Loading