COS-2902: Add C10s variant#1498
Conversation
|
Do not merge as it includes changes that we do not want but that are here to test in CI (see commits). |
openshift-ci
Bot
added
the
do-not-merge/hold
openshift-ci
Bot
added
the
approved
|
/retest |
2 similar comments
|
/retest |
|
/retest |
|
Hmm, almost seems like the logs are truncated... This is probably fallout from coreos/coreos-assembler#3785. |
I can't reproduce this locally, but I have a suspicion that `tail` can exit too quickly in some circumstances, causing truncated output: openshift/os#1498 (comment) coreos#3785 (comment) Rather than having an unconditional `sleep`, let's make it easier to test that theory by having an env var we can use to make it optional. Then we'll test that in CI. Mid-term, I'd like to revert 79b15c8 soon so we can go back to virtio-serial which is just so much cleaner.
|
Let's see if coreos/coreos-assembler#3792 helps (then here, we'd |
I can't reproduce this locally, but I have a suspicion that `tail` can exit too quickly in some circumstances, causing truncated output: openshift/os#1498 (comment) #3785 (comment) Rather than having an unconditional `sleep`, let's make it easier to test that theory by having an env var we can use to make it optional. Then we'll test that in CI. Mid-term, I'd like to revert 79b15c8 soon so we can go back to virtio-serial which is just so much cleaner.
|
/retest |
|
Ahh and indeed now we clearly see the error for all of them which means we were missing output. Yuck OK, so we need to fix the |
Thanks! I indeed had a missing change in those commits. |
|
Hum, the workaround is not that ugly and only impacts CI here so maybe we should merge it for now until we've fixed this COSA. |
|
CI fixes in openshift/release#51750 |
So far. :) It's racy so I don't see why it couldn't happen in the prod pipeline. I'd hate for someone to be debugging a failure there and working with incomplete output thinking the error is happening somewhere other than it really is. I guess though a major hack is to just add a |
openshift-merge-robot
added
the
needs-rebase
openshift-merge-robot
removed
the
needs-rebase
|
Failing on missing the teamd package. |
|
will there be a way to switch between building c9s and c10s, or will we have a follow up moving to c10s (in packages-openshift.yaml and other places) after this PR? |
|
I'm looking into the failures here. |
When building the node image, we want it to be able to use the repos defined in the git repo itself. For the local developer case, this is implicitly done by `cosa podman-build`: https://github.com/coreos/coreos-assembler/blob/325ca2be9fc349ba329f49fab65ea207ba338d19/src/cmd-podman-build#L34 But nothing does that in the OpenShift CI case. So do it. We should then be able to delete that line from `cosa podman-build` to avoid duplicate definitions. Note that in the CentOS Stream case, the canonical repos live in the node image already so we could use that, but it's cleaner I think to ensure we're consistently using the same repo definition files whether we're building the base image, the node image, or the extensions (e.g. the repo IDs are different, and there are subtleties between using the compose vs mirror repos). While we're here, also make sure that we delete the `okd.repo` file we injected; we don't want that in the final image.
We group the el9 manifest imports and move the glusterfs-fuse and containernetworking-plugins packages to el9-shared one as there are not yet shipped for EL9. The CentOS Stream Storage SIG does not yet provide GlusterFS [1] for EL10 whereas it does for EL9 [2]. containernetworking-plugins was dropped in EL10 as per [3][4]. [1] https://mirror.stream.centos.org/SIGs/10-stream/storage/x86_64/ [2] https://mirror.stream.centos.org/SIGs/9-stream/storage/x86_64/ [3] https://gitlab.com/redhat/centos-stream/rpms/containernetworking-plugins/-/commit/56377da48755ece6ddd7e3f6c38b6f7f7db66625 [4] https://issues.redhat.com/browse/CS-2264
This will make it easier to diff with c9s-mirror.repo file. Also add a link to the issue that is causing us to hardcode x86_64 so that we can remove that hardcoding one day.
- The c9s-sig-virtualization isn't available on all architectures so drop it from the global list at the top. - Drop the repos: appstream from the commented out wasm extension since that repo is in the global list at the top it won't need to be specified there. - Add comments in repos used inside extension definitions about why they are being named versus being in the global repo list at the top.
The openvswitch RPM from the ipsec extension is pulled from this repo.
|
Pushed up a few fixes.. still working on some other things. |
The `centos-gpg-keys` changed the location of the rpm gpg signing key in Centos 10. [1] Also, SHA1 is disabled in RHEL 10, so update to use the SHA-256 key [2]. [1] https://gitlab.com/redhat/centos-stream/rpms/centos-stream-release/-/commit/e4bbded6ccfe46343d14d8f9c10c278be757921c [2] https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/10-beta/html/considerations_in_adopting_rhel_10/security#security
The 'fips-mode-setup' script have been removed in EL10 since [1][2], but is still needed for EL9. Partially closes openshift#1665 [1] https://gitlab.com/redhat/centos-stream/rpms/crypto-policies/-/commit/67e22dbc3721d1d17505bff85228b465cd5ca225 [2] https://gitlab.com/redhat-crypto/fedora-crypto-policies/-/commit/ff7551bbb3011f17cb8c6aac03f64682dde14c21
This was brought in with 4.19 so let's update the testing here too.
We determined that this isn't used anywhere.
|
ok a few more fixes now. I think (hope) the only thing left failing is the okd-scos-images |
|
Please everyone refrain from pushing to this PR unless I ask you to do so. |
We'll maintain both c9s and c10s variants. The repos in |
|
@travier: all tests passed! Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
|
/retitle COS-2902: Add C10s variant |
|
@travier: This pull request references COS-2902 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.19.0" version, but no target version was set. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: jbtrystram, jlebon, travier The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
@Prashanth684 there is an on-going follow-up patch #1786 which implements what you are asking for (specially the commit e621356) |
10 participants
c9s: Point image-c9s to image-rhel-9.4
c9s: Use RPMs from 9.4 RHAOS repo
Revert "c9s.repo: temporarily use mirrored repos"
This reverts commit 88e41a0.
DoNotMerge: CI changes to test C10S builds
manifests: Add initial c10s based variant
See: #1466
kola-denylist.yaml: Update for c10s variant
c10s.repo: Skip GPG checks for now
Corresponding Fedora CoreOS changes: coreos/fedora-coreos-config#3015