Skip to content

OCPBUGS-11124, OCPBUGS-11411: overlay: Mask pcrphase service#1280

Closed
mkowalski wants to merge 1 commit intoopenshift:masterfrom
mkowalski:pcrphase2
Closed

OCPBUGS-11124, OCPBUGS-11411: overlay: Mask pcrphase service#1280
mkowalski wants to merge 1 commit intoopenshift:masterfrom
mkowalski:pcrphase2

Conversation

@mkowalski
Copy link
Copy Markdown

@mkowalski mkowalski commented May 11, 2023

This PR masks systemd-pcrphase service which is not used at the moment. Its existence creates issues as it depends on the remote-fs and as a consequence blocks access to the system if network configuration is not correct.

Anyway in OpenShift we are not using remote home directories, so this would not be useful for us.

We are also modifying dependencies of systemd-user-sessions.service so that we are explicitly saying that we do not need network in order to allow access to the node.

Fixes: OCPBUGS-11124
Fixes: OCPBUGS-11411

@openshift-ci openshift-ci Bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label May 11, 2023
@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci Bot commented May 11, 2023

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@mkowalski
Copy link
Copy Markdown
Author

mkowalski commented May 11, 2023

/test all

@openshift-ci-robot openshift-ci-robot added jira/severity-critical Referenced Jira bug's severity is critical for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. labels May 11, 2023
@openshift-ci-robot
Copy link
Copy Markdown

openshift-ci-robot commented May 11, 2023

@mkowalski: This pull request references Jira Issue OCPBUGS-11411, which is valid.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target version (4.14.0) matches configured target version for branch (4.14.0)
  • bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @mike-nguyen

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

This PR masks systemd-pcrphase service which is not used at the moment. Its existence creates issues as it depends on the remote-fs and as a consequence blocks access to the system if network configuration is not correct.

Anyway in OpenShift we are not using remote home directories, so this would not be useful for us.

We are also modifying dependencies of systemd-user-sessions.service so that we are explicitly saying that we do not need network in order to allow access to the node.

Fixes: OCPBUGS-11124
Fixes: OCPBUGS-11411

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci openshift-ci Bot requested a review from mike-nguyen May 11, 2023 09:16
@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci Bot commented May 11, 2023

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: mkowalski
Once this PR has been reviewed and has the lgtm label, please assign cverna for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@mkowalski
Copy link
Copy Markdown
Author

mkowalski commented May 11, 2023

/cc @jlebon

Can you take a look if this way of masking a service will work in the assembly?

@openshift-ci openshift-ci Bot requested a review from jlebon May 11, 2023 09:33
@travier
Copy link
Copy Markdown
Member

travier commented May 11, 2023
edited
Loading

#1279 (comment)

@mkowalski mkowalski marked this pull request as ready for review May 11, 2023 16:09
@openshift-ci openshift-ci Bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label May 11, 2023
@openshift-ci openshift-ci Bot requested a review from c4rt0 May 11, 2023 16:12
cgwalters
cgwalters reviewed May 17, 2023
View reviewed changes
Comment thread manifest-rhel-9.2.yaml Outdated
EOF

# Tweak dependencies of systemd-user-sessions.service to not rely on network.
# Copy file to /etc because /usr is a read-only filesystem.
Copy link
Copy Markdown
Member

@cgwalters cgwalters May 17, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No. In this case we're doing this at build time to generate the content in /usr.

So we absolutely can just directly edit the file in /usr, and that's probably the better thing to do even.

Copy link
Copy Markdown
Member

@cgwalters cgwalters May 17, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(This is a fundamental difference between doing a PR for this repository versus e.g. https://github.com/openshift/machine-config-operator/ - the latter case is "configuration" that is lifecycled outside of the OS and lives in /etc or /var mostly; the content here goes in /usr)

In a layering world, this is unified because it's equally easy to drop higher level content in /usr too.

Copy link
Copy Markdown
Author

@mkowalski mkowalski May 22, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh this is great, makes it even easier for me then. Just fixed and now I modify directly in /usr

@mkowalski
OCPBUGS-11124, OCPBUGS-11411: overlay: Mask pcrphase service
a23a025 
This PR masks systemd-pcrphase service which is not used at the moment.
Its existence creates issues as it depends on the remote-fs and as a
consequence blocks access to the system if network configuration is not
correct.

Anyway in OpenShift we are not using remote home directories, so this
would not be useful for us.

We are also modifying dependencies of systemd-user-sessions.service so
that we are explicitly saying that we do not need network in order to
allow access to the node.

Fixes: OCPBUGS-11124
Fixes: OCPBUGS-11411
@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci Bot commented May 22, 2023

@mkowalski: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@jlebon
Copy link
Copy Markdown
Member

jlebon commented May 23, 2023

I think this is also superseded by #1294.

@mkowalski
Copy link
Copy Markdown
Author

mkowalski commented May 24, 2023

/close

Indeed #1294 is solving the issue

@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci Bot commented May 24, 2023

@mkowalski: Closed this PR.

Details

In response to this:

/close

Indeed #1294 is solving the issue

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci openshift-ci Bot closed this May 24, 2023
@openshift-ci-robot
Copy link
Copy Markdown

openshift-ci-robot commented May 24, 2023

@mkowalski: This pull request references Jira Issue OCPBUGS-11411. The bug has been updated to no longer refer to the pull request using the external bug tracker. All external bug links have been closed. The bug has been moved to the NEW state.

Details

In response to this:

This PR masks systemd-pcrphase service which is not used at the moment. Its existence creates issues as it depends on the remote-fs and as a consequence blocks access to the system if network configuration is not correct.

Anyway in OpenShift we are not using remote home directories, so this would not be useful for us.

We are also modifying dependencies of systemd-user-sessions.service so that we are explicitly saying that we do not need network in order to allow access to the node.

Fixes: OCPBUGS-11124
Fixes: OCPBUGS-11411

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cgwalters cgwalters cgwalters left review comments

@mike-nguyen mike-nguyen Awaiting requested review from mike-nguyen

@jlebon jlebon Awaiting requested review from jlebon

@c4rt0 c4rt0 Awaiting requested review from c4rt0

Assignees

No one assigned

Labels

bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. jira/severity-critical Referenced Jira bug's severity is critical for the branch this PR is targeting. jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@mkowalski @openshift-ci-robot @travier @jlebon @cgwalters