From 256728fb906e20ad8accfaf61f0f6c46963685a2 Mon Sep 17 00:00:00 2001 From: Praveen Kumar Date: Mon, 5 Jun 2023 09:42:12 +0530 Subject: [PATCH 01/43] Add internalIP as node IP for kubelet drop-in unit for OKD bundle As of now internalP is part of kubelet drop-in unit file for OCP bundle only but it should be same for OKD also. During d90d53d22d51fdf406e265ac964206f46d2badd0 looks like it added the regression. --- createdisk.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/createdisk.sh b/createdisk.sh index b86954ed..9447e453 100755 --- a/createdisk.sh +++ b/createdisk.sh @@ -113,7 +113,7 @@ cat crio-wipe.service | ${SSH} core@${VM_IP} "sudo tee -a /etc/systemd/system/cr # Preload routes controller ${SSH} core@${VM_IP} -- "sudo podman pull quay.io/crcont/routes-controller:${image_tag}" -if [ ${BUNDLE_TYPE} == "snc" ]; then +if [ ${BUNDLE_TYPE} != "microshift" ]; then # Add internalIP as node IP for kubelet systemd unit file # More details at https://bugzilla.redhat.com/show_bug.cgi?id=1872632 ${SSH} core@${VM_IP} 'sudo bash -x -s' < Date: Mon, 5 Jun 2023 12:26:50 +0530 Subject: [PATCH 02/43] Update mirror url for 4.14 candidate bits 4.14 is in dev phase so mirror url changed to `ocp-dev-preview` --- build-patched-kao-kcmo-images.sh | 6 +++--- snc.sh | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/build-patched-kao-kcmo-images.sh b/build-patched-kao-kcmo-images.sh index 4bb7728f..50e6b232 100755 --- a/build-patched-kao-kcmo-images.sh +++ b/build-patched-kao-kcmo-images.sh @@ -23,7 +23,7 @@ rm -fr crc-cluster-kube-controller-manager-operator rm -fr crc-dnsmasq rm -fr crc-routes-controller -readonly OCP_VERSION=4.13 +readonly OCP_VERSION=4.14 function check_pull_secret() { if [ -z "${OPENSHIFT_PULL_SECRET_PATH-}" ]; then @@ -38,14 +38,14 @@ function check_pull_secret() { check_pull_secret HOST_ARCH=$(uname -m) -MIRROR=${MIRROR:-https://mirror.openshift.com/pub/openshift-v4/$HOST_ARCH/clients/ocp} +MIRROR=${MIRROR:-https://mirror.openshift.com/pub/openshift-v4/$HOST_ARCH/clients/ocp-dev-preview} # If user defined the OPENSHIFT_VERSION environment variable then use it. if test -n "${OPENSHIFT_VERSION-}"; then OPENSHIFT_RELEASE_VERSION=${OPENSHIFT_VERSION} echo "Using release ${OPENSHIFT_RELEASE_VERSION} from OPENSHIFT_VERSION" else - OPENSHIFT_RELEASE_VERSION="$(curl -L "${MIRROR}"/latest-${OCP_VERSION}/release.txt | sed -n 's/^ *Version: *//p')" + OPENSHIFT_RELEASE_VERSION="$(curl -L "${MIRROR}"/candidate-${OCP_VERSION}/release.txt | sed -n 's/^ *Version: *//p')" if test -n "${OPENSHIFT_RELEASE_VERSION}"; then echo "Using release ${OPENSHIFT_RELEASE_VERSION} from the mirror" else diff --git a/snc.sh b/snc.sh index 4064accc..6843188f 100755 --- a/snc.sh +++ b/snc.sh @@ -44,7 +44,7 @@ if test -n "${OPENSHIFT_VERSION-}"; then OPENSHIFT_RELEASE_VERSION=${OPENSHIFT_VERSION} echo "Using release ${OPENSHIFT_RELEASE_VERSION} from OPENSHIFT_VERSION" else - OPENSHIFT_RELEASE_VERSION="$(curl -L "${MIRROR}"/latest-4.13/release.txt | sed -n 's/^ *Version: *//p')" + OPENSHIFT_RELEASE_VERSION="$(curl -L "${MIRROR}"/candidate-4.14/release.txt | sed -n 's/^ *Version: *//p')" if test -n "${OPENSHIFT_RELEASE_VERSION}"; then echo "Using release ${OPENSHIFT_RELEASE_VERSION} from the latest mirror" else From 1025e00f5774844cec4f45d8b5ece1c2f0300cc6 Mon Sep 17 00:00:00 2001 From: Christophe Fergeau Date: Thu, 25 May 2023 11:29:24 +0200 Subject: [PATCH 03/43] microshift: Install weak deps when installing podman podman requires a container runtime, and networking plugins to work. They are only marked as Recommends/Suggests in podman's spec file, so we need to ensure they get installed. commit 14fdeea installs these explicitly, but podman's spec file recommends `crun` and not `runc`, no idea if these are the same or not. Better to rely on what podman .spec file provides rather than hardcoding it. microshift repositories are enabled after podman installation, as they provide a podman build which is only meant to be used in an openshift cluster, which, in particular, requires `runc` at runtime without explicit rpm dependencies. The standard rhel build does not have such a requirement. --- microshift.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/microshift.sh b/microshift.sh index 97010fc2..30a8f1e4 100755 --- a/microshift.sh +++ b/microshift.sh @@ -54,12 +54,11 @@ ssh-keygen -t ecdsa -b 521 -N "" -f id_ecdsa_crc -C "core" # podman package is required to run the ostree-container to serve the rpm-ostree content # createrepo package is required to create localrepo for microshift and it's dependenices # yum-utils package is required for reposync utility to synchronize packages of a remote DNF repository to a local directory -# containernetworking-plugins contains networking plugin like bridge which required by podman -# runc package provide OCI spec for running containers function configure_host { sudo dnf install -y git osbuild-composer composer-cli ostree rpm-ostree \ - cockpit-composer cockpit-machines bash-completion lorax podman \ - yum-utils createrepo runc containernetworking-plugins + cockpit-composer cockpit-machines bash-completion lorax \ + yum-utils createrepo + sudo dnf install -y podman --setopt=install_weak_deps=True sudo systemctl start osbuild-composer.socket sudo systemctl start cockpit.socket sudo firewall-cmd --add-service=cockpit @@ -107,8 +106,9 @@ EOF popd } -enable_repos configure_host + +enable_repos microshift_pkg_dir=$(mktemp -p /tmp -d tmp-rpmXXX) # This directory contains the microshift rpm passed to osbuilder, worker for osbuilder # running as non-priviledged user and this tmp directory have 0700 permission. To allow From 7e315bbea154c7ec81da0b9200756eb1170bcfe5 Mon Sep 17 00:00:00 2001 From: Praveen Kumar Date: Fri, 16 Jun 2023 18:24:07 +0530 Subject: [PATCH 04/43] Remove lvm system device file As of now this file contain the device name and disk ID associated with a physical volume identifier (PVI) and we noticed that device name is different for different hypervisor like for hyperV it is `/dev/sda` and for libvirt it is `/dev/vda` [0]. In this PR we follow `man lvmdevices` which states remove of this file means lvm will not use a devices file. ``` The LVM devices file lists devices that lvm can use. The default file is /etc/lvm/devices/system.devices, and the lvmdevices(8) command is used to add or remove device entries. If the file does not exist, or if lvm.conf includes use_devicesfile=0, then lvm will not use a devices file. ``` With this patch I don't see any degrade in boot time ``` <=== with the patch ===> INFO CRC instance is running with IP 127.0.0.1 INFO CRC VM is running ^C real 0m13.727s user 0m0.142s <=== without the patch ===> INFO CRC instance is running with IP 127.0.0.1 INFO CRC VM is running INFO Updating authorized keys... ^C real 0m14.216s user 0m0.158s ``` [0] https://www.baeldung.com/linux/vda-vs-sda --- createdisk.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/createdisk.sh b/createdisk.sh index 9447e453..16303106 100755 --- a/createdisk.sh +++ b/createdisk.sh @@ -81,6 +81,10 @@ EOF # Copy the sample microshift config and update the base domain with crc base domain ${SSH} core@${VM_IP} -- sudo cp /etc/microshift/config.yaml.default /etc/microshift/config.yaml ${SSH} core@${VM_IP} -- "sudo sed -i 's/#baseDomain: .*/baseDomain: ${SNC_PRODUCT_NAME}.${BASE_DOMAIN}/g' /etc/microshift/config.yaml" + # Remove the lvm system.device file since it have diskID and deviceName which changes + # for different hypervisor and as per `man lvmdevices` if the file does not exist, or if lvm.conf + # includes use_devicesfile=0, then lvm will not use a devices file. + ${SSH} core@${VM_IP} -- "sudo rm -fr /etc/lvm/devices/system.devices" fi remove_pull_secret_from_disk From fe6a6d2ddb68e16942810644173b87b4cc95765a Mon Sep 17 00:00:00 2001 From: Praveen Kumar Date: Mon, 12 Jun 2023 17:07:31 +0530 Subject: [PATCH 05/43] Add route controller resource to bundle This PR adds deployment resource for route controller which use correct image tag, what we cached. Once the bundle is created using this PR, we will also need to make change on crc side. The resource file is located in `/opt/crc` dir. Also if we take this in it will not going to have any effect on created bundle until we implement the logic on crc side and it will be just a unused extra file in the bundle. - https://github.com/crc-org/crc/issues/3502 --- createdisk.sh | 3 +++ route_controller.yaml.in | 22 ++++++++++++++++++++++ 2 files changed, 25 insertions(+) create mode 100644 route_controller.yaml.in diff --git a/createdisk.sh b/createdisk.sh index 16303106..3dec4222 100755 --- a/createdisk.sh +++ b/createdisk.sh @@ -116,6 +116,9 @@ cat crio-wipe.service | ${SSH} core@${VM_IP} "sudo tee -a /etc/systemd/system/cr # Preload routes controller ${SSH} core@${VM_IP} -- "sudo podman pull quay.io/crcont/routes-controller:${image_tag}" +TAG=${image_tag} envsubst < route_controller.yaml.in > $INSTALL_DIR/route_controller.yaml +${SCP} $INSTALL_DIR/route_controller.yaml core@${VM_IP}:/home/core/ +${SSH} core@${VM_IP} -- 'sudo mkdir -p /opt/crc && sudo mv /home/core/route_controller.yaml /opt/crc/' if [ ${BUNDLE_TYPE} != "microshift" ]; then # Add internalIP as node IP for kubelet systemd unit file diff --git a/route_controller.yaml.in b/route_controller.yaml.in new file mode 100644 index 00000000..ffc5cdd2 --- /dev/null +++ b/route_controller.yaml.in @@ -0,0 +1,22 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: routes-controller + name: routes-controller + namespace: openshift-ingress +spec: + replicas: 1 + selector: + matchLabels: + app: routes-controller + template: + metadata: + labels: + app: routes-controller + spec: + containers: + - image: quay.io/crcont/routes-controller:${TAG} + name: routes-controller + imagePullPolicy: IfNotPresent + From dbc64923a163d7c590aa0f4edde88e9cb1866b5e Mon Sep 17 00:00:00 2001 From: Praveen Kumar Date: Fri, 23 Jun 2023 12:40:28 +0530 Subject: [PATCH 06/43] Use hostpath-csi-driver image from registry.io We now have arm64/amd64 images for hostpath-csi-driver and no need to build it on internal brew and putting on `quay.io/crcont`. --- .../csi-driver/kustomization.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kubevirt-hostpath-provisioner-csi/csi-driver/kustomization.yaml b/kubevirt-hostpath-provisioner-csi/csi-driver/kustomization.yaml index 90090565..c5831696 100644 --- a/kubevirt-hostpath-provisioner-csi/csi-driver/kustomization.yaml +++ b/kubevirt-hostpath-provisioner-csi/csi-driver/kustomization.yaml @@ -2,8 +2,8 @@ resources: - csi-kubevirt-hostpath-provisioner.yaml images: - name: quay.io/kubevirt/hostpath-csi-driver - newName: quay.io/crcont/hostpath-csi-driver - newTag: v4.11.0 + newName: registry.redhat.io/container-native-virtualization/hostpath-csi-driver-rhel9 + newTag: v4.13 - name: registry.k8s.io/sig-storage/csi-node-driver-registrar newName: registry.redhat.io/openshift4/ose-csi-node-driver-registrar newTag: latest From 799d66046270892cf40c0dee932a88ec1acace8f Mon Sep 17 00:00:00 2001 From: Praveen Kumar Date: Tue, 27 Jun 2023 18:19:51 +0530 Subject: [PATCH 07/43] Add service account as 'router' for route controller Default service account doesn't have permission to list the routes for all the namespaces and `openshift-ingress` namespace have `router` service account which have those permission. Without this permission all the routes which is created by application is not readable and following error happen ``` E0627 12:47:51.662778 1 reflector.go:138] /remote-source/app/main.go:53: Failed to watch *v1.Service: failed to list *v1.Service: services is forbidden: User "system:serviceaccount:openshift-ingress:default" cannot list resource "services" in API group "" at the cluster scope W0627 12:48:09.285708 1 reflector.go:324] /remote-source/app/main.go:64: failed to list *v1.Route: routes.route.openshift.io is forbidden: User "system:serviceaccount:openshift-ingress:default" cannot list resource "routes" in API group "route.openshift.io" at the cluster scope E0627 12:48:09.286674 1 reflector.go:138] /remote-source/app/main.go:64: Failed to watch *v1.Route: failed to list *v1.Route: routes.route.openshift.io is forbidden: User "system:serviceaccount:openshift-ingress:default" cannot list resource "routes" in API group "route.openshift.io" at the cluster scope W0627 12:48:30.587710 1 reflector.go:324] /remote-source/app/main.go:53: failed to list *v1.Service: services is forbidden: User "system:serviceaccount:openshift-ingress:default" cannot list resource "services" in API group "" at the cluster scope E0627 12:48:30.588814 1 reflector.go:138] /remote-source/app/main.go:53: Failed to watch *v1.Service: failed to list *v1.Service: services is forbidden: User "system:serviceaccount:openshift-ingress:default" cannot list resource "services" in API group "" at the cluster scope ``` It will cause issue for crc not updating the routes to `/etc/hosts` as expected and blocker for current release. This PR fix this issue. --- route_controller.yaml.in | 1 + 1 file changed, 1 insertion(+) diff --git a/route_controller.yaml.in b/route_controller.yaml.in index ffc5cdd2..39beba54 100644 --- a/route_controller.yaml.in +++ b/route_controller.yaml.in @@ -15,6 +15,7 @@ spec: labels: app: routes-controller spec: + serviceAccountName: router containers: - image: quay.io/crcont/routes-controller:${TAG} name: routes-controller From 75556bf98968eb42332fe793f765b2abbadf2bdc Mon Sep 17 00:00:00 2001 From: Praveen Kumar Date: Mon, 3 Jul 2023 15:04:57 +0530 Subject: [PATCH 08/43] Createdisk: update sparsify helper to use for microshift bundle also During microshift bundle creation d90d53d22d51fdf406e265ac964206f46d2badd0 we created `sparsify_lvm` to move fast to have microshift bundle sooner. With this PR we are going to use sparsify helper for microshift bundle and remove the `sparsify_lvm` helper. --- createdisk-library.sh | 27 ++++++++++----------------- createdisk.sh | 3 ++- 2 files changed, 12 insertions(+), 18 deletions(-) diff --git a/createdisk-library.sh b/createdisk-library.sh index 83577eef..d6914720 100755 --- a/createdisk-library.sh +++ b/createdisk-library.sh @@ -46,6 +46,10 @@ function sparsify { export LIBGUESTFS_BACKEND=direct # Check which partition is labeled as `root` partition=$(${VIRT_FILESYSTEMS} -a $baseDir/$srcFile -l --partitions | sort -rk4 -n | sed -n 1p | cut -f1 -d' ') + # check if the base image has the lvm named as `rhel/root` + if ${VIRT_FILESYSTEMS} --lvs -a ${baseDir}/${srcFile} | grep -q "rhel/root"; then + partition="/dev/rhel/root" + fi # https://bugzilla.redhat.com/show_bug.cgi?id=1837765 export LIBGUESTFS_MEMSIZE=2048 @@ -85,8 +89,10 @@ function create_qemu_image { local base=$2 local overlay=$3 + # ${overlay} won't exist in some cases, for example when using microshift if [ -f /var/lib/libvirt/images/${overlay} ]; then sudo cp /var/lib/libvirt/images/${overlay} ${destDir} + elif [ -f /var/lib/libvirt/images/${base} ]; then sudo cp /var/lib/libvirt/images/${base} ${destDir} else sudo cp /var/lib/libvirt/openshift-images/${VM_PREFIX}/${overlay} ${destDir} @@ -94,8 +100,10 @@ function create_qemu_image { fi sudo chown $USER:$USER -R ${destDir} - ${QEMU_IMG} rebase -f qcow2 -F qcow2 -b ${base} ${destDir}/${overlay} - ${QEMU_IMG} commit ${destDir}/${overlay} + if [ -f ${destDir}/${overlay} ]; then + ${QEMU_IMG} rebase -f qcow2 -F qcow2 -b ${base} ${destDir}/${overlay} + ${QEMU_IMG} commit ${destDir}/${overlay} + fi sparsify ${destDir} ${base} ${overlay} @@ -412,21 +420,6 @@ function download_podman() { fi } -# As of now sparsify helper is very specific to OCP/OKD kind of bundle where we get the -# partition for the root label and then mount it with guestfish to cleanup /boot. With -# microshift vm we are using lvm and guestfish error out during mount -# mount /dev/sda3 / -# libguestfs: error: mount: mount exited with status 32: mount: /sysroot: unknown filesystem type 'LVM2_member' -# There might be other way for guestfish to mount lvm but as of now using a seperate helper is easy. -function sparsify_lvm() { - local destDir=$1 - sudo cp /var/lib/libvirt/images/${SNC_PRODUCT_NAME}.qcow2 ${destDir} - sudo chown $USER:$USER -R ${destDir} - export LIBGUESTFS_BACKEND=direct - virt-sparsify --in-place ${destDir}/${SNC_PRODUCT_NAME}.qcow2 - chmod 0644 ${destDir}/${SNC_PRODUCT_NAME}.qcow2 -} - function remove_pull_secret_from_disk() { case "${BUNDLE_TYPE}" in "microshift") diff --git a/createdisk.sh b/createdisk.sh index 3dec4222..41434f32 100755 --- a/createdisk.sh +++ b/createdisk.sh @@ -185,7 +185,8 @@ if [ $BUNDLE_TYPE != "microshift" ]; then create_qemu_image "$libvirtDestDir" "${VM_PREFIX}-base" "${VM_NAME}" mv "${libvirtDestDir}/${VM_NAME}" "${libvirtDestDir}/${SNC_PRODUCT_NAME}.qcow2" else - sparsify_lvm "${libvirtDestDir}" + create_qemu_image "$libvirtDestDir" "${VM_NAME}.qcow2" "microshift" + mv "${libvirtDestDir}/microshift" "${libvirtDestDir}/${SNC_PRODUCT_NAME}.qcow2" fi copy_additional_files "$INSTALL_DIR" "$libvirtDestDir" "${VM_NAME}" if [ "${SNC_GENERATE_LINUX_BUNDLE}" != "0" ]; then From 0d23f23036fb2a6b3be3ca0b444ad0f765ba2170 Mon Sep 17 00:00:00 2001 From: Praveen Kumar Date: Wed, 5 Jul 2023 11:43:31 +0530 Subject: [PATCH 09/43] Add create_bundle_qemu_image helper This helper make sure that qemu image creation happen for all the bundle type and use `create_qemu_image` generic function. It is also helpful in next commit where we only downgrade the kernel version for macOS. --- createdisk-library.sh | 15 +++++++++++++++ createdisk.sh | 8 +------- 2 files changed, 16 insertions(+), 7 deletions(-) diff --git a/createdisk-library.sh b/createdisk-library.sh index d6914720..130e8039 100755 --- a/createdisk-library.sh +++ b/createdisk-library.sh @@ -112,6 +112,20 @@ function create_qemu_image { rm -fr ${destDir}/${base} } +function create_bundle_qemu_image() { + local libvirtDestDir="$1" + local VM_PREFIX="$2" + local VM_NAME="$3" + + if [ "${BUNDLE_TYPE}" != "microshift" ]; then + create_qemu_image "$libvirtDestDir" "${VM_PREFIX}-base" "${VM_NAME}" + mv "${libvirtDestDir}/${VM_NAME}" "${libvirtDestDir}/${SNC_PRODUCT_NAME}.qcow2" + else + create_qemu_image "$libvirtDestDir" "${VM_NAME}.qcow2" "microshift.qcow2" + mv "${libvirtDestDir}/microshift.qcow2" "${libvirtDestDir}/${SNC_PRODUCT_NAME}.qcow2" + fi +} + function update_json_description { local srcDir=$1 local destDir=$2 @@ -431,3 +445,4 @@ function remove_pull_secret_from_disk() { ;; esac } + diff --git a/createdisk.sh b/createdisk.sh index 41434f32..9ca403dc 100755 --- a/createdisk.sh +++ b/createdisk.sh @@ -181,13 +181,7 @@ libvirtDestDir="${destDirPrefix}_libvirt_${destDirSuffix}" rm -fr ${libvirtDestDir} ${libvirtDestDir}.crcbundle mkdir "$libvirtDestDir" -if [ $BUNDLE_TYPE != "microshift" ]; then - create_qemu_image "$libvirtDestDir" "${VM_PREFIX}-base" "${VM_NAME}" - mv "${libvirtDestDir}/${VM_NAME}" "${libvirtDestDir}/${SNC_PRODUCT_NAME}.qcow2" -else - create_qemu_image "$libvirtDestDir" "${VM_NAME}.qcow2" "microshift" - mv "${libvirtDestDir}/microshift" "${libvirtDestDir}/${SNC_PRODUCT_NAME}.qcow2" -fi +create_bundle_qemu_image "$libvirtDestDir" "${VM_PREFIX}" "${VM_NAME}" copy_additional_files "$INSTALL_DIR" "$libvirtDestDir" "${VM_NAME}" if [ "${SNC_GENERATE_LINUX_BUNDLE}" != "0" ]; then create_tarball "$libvirtDestDir" From d8c70afc68fbd3474f9731bec60adcd12709518f Mon Sep 17 00:00:00 2001 From: Praveen Kumar Date: Wed, 28 Jun 2023 17:47:24 +0530 Subject: [PATCH 10/43] Downgrade kernel only for mac 68c6383 moved the kernel changes from an aarch64-only block to a block which is run when the macOS bundle is enabled. However, the kernel downgrade is done before any bundle is generated, so the kernel will be downgraded for all our bundles, linux, macos, windows. This PR fixes this and use https://github.com/crc-org/snc/pull/637 logic to only downgrade the kernel for macOS. --- createdisk.sh | 78 ++++++++++++++++++++++++++------------------------- 1 file changed, 40 insertions(+), 38 deletions(-) diff --git a/createdisk.sh b/createdisk.sh index 9ca403dc..7135cbf8 100755 --- a/createdisk.sh +++ b/createdisk.sh @@ -138,33 +138,6 @@ fi cleanup_vm_image ${VM_NAME} ${VM_IP} -# Only used for macOS bundle generation -if [ "${SNC_GENERATE_MACOS_BUNDLE}" != "0" ]; then - if [ ${BUNDLE_TYPE} != "okd" ]; then - # workaround https://github.com/crc-org/vfkit/issues/11 on macOS 12 - downgrade_rhel9_kernel ${VM_IP} - cleanup_vm_image ${VM_NAME} ${VM_IP} - fi - - # Get the rhcos ostree Hash ID - ostree_hash=$(${SSH} core@${VM_IP} -- "cat /proc/cmdline | grep -oP \"(?<=${BASE_OS}-).*(?=/vmlinuz)\"") - - # Get the rhcos kernel release - kernel_release=$(${SSH} core@${VM_IP} -- 'uname -r') - - # Get the kernel command line arguments - kernel_cmd_line=$(${SSH} core@${VM_IP} -- 'cat /proc/cmdline') - - # Get the vmlinux/initramfs to /tmp/kernel and change permission for initramfs - ${SSH} core@${VM_IP} -- "mkdir /tmp/kernel && sudo cp -r /boot/ostree/${BASE_OS}-${ostree_hash}/*${kernel_release}* /tmp/kernel && sudo chmod 644 /tmp/kernel/initramfs*" - - # SCP the vmlinuz/initramfs from VM to Host in provided folder. - ${SCP} -r core@${VM_IP}:/tmp/kernel/* $INSTALL_DIR - - ${SSH} core@${VM_IP} -- "sudo rm -fr /tmp/kernel" -fi - - podman_version=$(${SSH} core@${VM_IP} -- 'rpm -q --qf %{version} podman') # Shutdown the VM @@ -187,15 +160,6 @@ if [ "${SNC_GENERATE_LINUX_BUNDLE}" != "0" ]; then create_tarball "$libvirtDestDir" fi -# vfkit image generation -# This must be done after the generation of libvirt image as it reuses some of -# the content of $libvirtDestDir -if [ "${SNC_GENERATE_MACOS_BUNDLE}" != "0" ]; then - vfkitDestDir="${destDirPrefix}_vfkit_${destDirSuffix}" - rm -fr ${vfkitDestDir} ${vfkitDestDir}.crcbundle - generate_vfkit_bundle "$libvirtDestDir" "$vfkitDestDir" "$INSTALL_DIR" "$kernel_release" "$kernel_cmd_line" -fi - # HyperV image generation # # This must be done after the generation of libvirt image as it reuses some of @@ -206,5 +170,43 @@ if [ "${SNC_GENERATE_WINDOWS_BUNDLE}" != "0" ]; then generate_hyperv_bundle "$libvirtDestDir" "$hypervDestDir" fi -# Cleanup up vmlinux/initramfs files -rm -fr "$INSTALL_DIR/vmlinuz*" "$INSTALL_DIR/initramfs*" +# vfkit image generation +# This must be done after the generation of libvirt image as it reuses some of +# the content of $libvirtDestDir +if [ "${SNC_GENERATE_MACOS_BUNDLE}" != "0" ]; then + start_vm ${VM_NAME} ${VM_IP} + if [ ${BUNDLE_TYPE} != "okd" ]; then + # workaround https://github.com/crc-org/vfkit/issues/11 on macOS 12 + downgrade_rhel9_kernel ${VM_IP} + cleanup_vm_image ${VM_NAME} ${VM_IP} + fi + + # Get the rhcos ostree Hash ID + ostree_hash=$(${SSH} core@${VM_IP} -- "cat /proc/cmdline | grep -oP \"(?<=${BASE_OS}-).*(?=/vmlinuz)\"") + + # Get the rhcos kernel release + kernel_release=$(${SSH} core@${VM_IP} -- 'uname -r') + + # Get the kernel command line arguments + kernel_cmd_line=$(${SSH} core@${VM_IP} -- 'cat /proc/cmdline') + + # Get the vmlinux/initramfs to /tmp/kernel and change permission for initramfs + ${SSH} core@${VM_IP} -- "mkdir /tmp/kernel && sudo cp -r /boot/ostree/${BASE_OS}-${ostree_hash}/*${kernel_release}* /tmp/kernel && sudo chmod 644 /tmp/kernel/initramfs*" + + # SCP the vmlinuz/initramfs from VM to Host in provided folder. + ${SCP} -r core@${VM_IP}:/tmp/kernel/* $INSTALL_DIR + + ${SSH} core@${VM_IP} -- "sudo rm -fr /tmp/kernel" + shutdown_vm ${VM_NAME} + + vfkitDestDir="${destDirPrefix}_vfkit_${destDirSuffix}" + rm -fr ${vfkitDestDir} ${vfkitDestDir}.crcbundle + + create_bundle_qemu_image "$libvirtDestDir" "${VM_PREFIX}" "${VM_NAME}" + + generate_vfkit_bundle "$libvirtDestDir" "$vfkitDestDir" "$INSTALL_DIR" "$kernel_release" "$kernel_cmd_line" + + # Cleanup up vmlinux/initramfs files + rm -fr "$INSTALL_DIR/vmlinuz*" "$INSTALL_DIR/initramfs*" +fi + From 716cc5c72a746066a8446fe4549c80cd025504fc Mon Sep 17 00:00:00 2001 From: Praveen Kumar Date: Wed, 5 Jul 2023 14:21:04 +0530 Subject: [PATCH 11/43] Drop the use of internal repo to download kernel package for downgrade After upgrading our CI to RHEL-9, We can use https://access.redhat.com/solutions/134403 to downgrade the kernel instead of depending on the internal repo which also affect us to perform generate the macOS bundle on CI. fixes: #753 --- createdisk-library.sh | 3 ++- repos/2015-RH-IT-Root-CA.crt | 25 ------------------------- repos/rhel9-internal.repo | 5 ----- 3 files changed, 2 insertions(+), 31 deletions(-) delete mode 100644 repos/2015-RH-IT-Root-CA.crt delete mode 100644 repos/rhel9-internal.repo diff --git a/createdisk-library.sh b/createdisk-library.sh index 130e8039..8219ff67 100755 --- a/createdisk-library.sh +++ b/createdisk-library.sh @@ -233,9 +233,10 @@ function install_additional_packages() { function downgrade_rhel9_kernel { local vm_ip=$1 local pkgDir=$(mktemp -d tmp-rpmXXX) + kernel_version=$(sudo dnf --quiet repoquery-na --queryformat '%{version}-%{release}.%{arch}' kernel.${ARCH} | grep el9_0 | tail -n 1) mkdir -p ${pkgDir}/packages - yum download --setopt=reposdir=./repos --setopt=sslcacert=./repos/2015-RH-IT-Root-CA.crt --downloadonly --downloaddir ${pkgDir}/packages kernel kernel-modules-extra kernel-core kernel-modules --resolve + sudo yum download --downloadonly --downloaddir ${pkgDir}/packages kernel-${kernel_version} kernel-modules-extra-${kernel_version} kernel-core-${kernel_version} kernel-modules-${kernel_version} --resolve ${SCP} -r ${pkgDir}/packages core@${vm_ip}:/home/core/ ${SSH} core@${vm_ip} -- 'SYSTEMD_OFFLINE=1 sudo -E rpm-ostree override replace --remove=kernel-modules-core /home/core/packages/*.rpm' ${SSH} core@${vm_ip} -- rm -fr /home/core/packages diff --git a/repos/2015-RH-IT-Root-CA.crt b/repos/2015-RH-IT-Root-CA.crt deleted file mode 100644 index f306f00f..00000000 --- a/repos/2015-RH-IT-Root-CA.crt +++ /dev/null @@ -1,25 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIENDCCAxygAwIBAgIJANunI0D662cnMA0GCSqGSIb3DQEBCwUAMIGlMQswCQYD -VQQGEwJVUzEXMBUGA1UECAwOTm9ydGggQ2Fyb2xpbmExEDAOBgNVBAcMB1JhbGVp -Z2gxFjAUBgNVBAoMDVJlZCBIYXQsIEluYy4xEzARBgNVBAsMClJlZCBIYXQgSVQx -GzAZBgNVBAMMElJlZCBIYXQgSVQgUm9vdCBDQTEhMB8GCSqGSIb3DQEJARYSaW5m -b3NlY0ByZWRoYXQuY29tMCAXDTE1MDcwNjE3MzgxMVoYDzIwNTUwNjI2MTczODEx -WjCBpTELMAkGA1UEBhMCVVMxFzAVBgNVBAgMDk5vcnRoIENhcm9saW5hMRAwDgYD -VQQHDAdSYWxlaWdoMRYwFAYDVQQKDA1SZWQgSGF0LCBJbmMuMRMwEQYDVQQLDApS -ZWQgSGF0IElUMRswGQYDVQQDDBJSZWQgSGF0IElUIFJvb3QgQ0ExITAfBgkqhkiG -9w0BCQEWEmluZm9zZWNAcmVkaGF0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP -ADCCAQoCggEBALQt9OJQh6GC5LT1g80qNh0u50BQ4sZ/yZ8aETxt+5lnPVX6MHKz -bfwI6nO1aMG6j9bSw+6UUyPBHP796+FT/pTS+K0wsDV7c9XvHoxJBJJU38cdLkI2 -c/i7lDqTfTcfLL2nyUBd2fQDk1B0fxrskhGIIZ3ifP1Ps4ltTkv8hRSob3VtNqSo -GxkKfvD2PKjTPxDPWYyruy9irLZioMffi3i/gCut0ZWtAyO3MVH5qWF/enKwgPES -X9po+TdCvRB/RUObBaM761EcrLSM1GqHNueSfqnho3AjLQ6dBnPWlo638Zm1VebK -BELyhkLWMSFkKwDmne0jQ02Y4g075vCKvCsCAwEAAaNjMGEwHQYDVR0OBBYEFH7R -4yC+UehIIPeuL8Zqw3PzbgcZMB8GA1UdIwQYMBaAFH7R4yC+UehIIPeuL8Zqw3Pz -bgcZMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB -CwUAA4IBAQBDNvD2Vm9sA5A9AlOJR8+en5Xz9hXcxJB5phxcZQ8jFoG04Vshvd0e -LEnUrMcfFgIZ4njMKTQCM4ZFUPAieyLx4f52HuDopp3e5JyIMfW+KFcNIpKwCsak -oSoKtIUOsUJK7qBVZxcrIyeQV2qcYOeZhtS5wBqIwOAhFwlCET7Ze58QHmS48slj -S9K0JAcps2xdnGu0fkzhSQxY8GPQNFTlr6rYld5+ID/hHeS76gq0YG3q6RLWRkHf -4eTkRjivAlExrFzKcljC4axKQlnOvVAzz+Gm32U0xPBF4ByePVxCJUHw1TsyTmel -RxNEp7yHoXcwn+fXna+t5JWh1gxUZty3 ------END CERTIFICATE----- diff --git a/repos/rhel9-internal.repo b/repos/rhel9-internal.repo deleted file mode 100644 index f05eb81b..00000000 --- a/repos/rhel9-internal.repo +++ /dev/null @@ -1,5 +0,0 @@ -[rhel-9.0-baseos] -name=rhel9 baseos -baseurl=https://rhsm-pulp.corp.redhat.com/content/eus/rhel9/9.0/$basearch/baseos/os/ -enabled=1 -gpgcheck=0 From 207e1aee8218385a92a9af68be3f6ac00223b480 Mon Sep 17 00:00:00 2001 From: Praveen Kumar Date: Wed, 5 Jul 2023 14:30:48 +0530 Subject: [PATCH 12/43] Revert "CI: Don't build mac bundle because kernel downgrade need internal repo access" This reverts commit 4d837753fbed06b0d5742be6195bc4521a160853. Since we are not depend on internal repo to downgrade the kernel version so better to build mac bundles from CI. --- ci.sh | 4 ++-- ci_microshift.sh | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ci.sh b/ci.sh index d2347bf0..e0e7e70b 100755 --- a/ci.sh +++ b/ci.sh @@ -19,7 +19,7 @@ cat > /tmp/ignoretests.txt << EOF EOF ./shellcheck.sh -SNC_GENERATE_MACOS_BUNDLE=0 ./snc.sh +./snc.sh echo "### Extracting openshift-tests binary" mkdir /tmp/os-test @@ -30,7 +30,7 @@ sudo mv /tmp/os-test/openshift-tests /usr/local/bin/ # Run createdisk script export CRC_ZSTD_EXTRA_FLAGS="-10 --long" -SNC_GENERATE_MACOS_BUNDLE=0 ./createdisk.sh crc-tmp-install-data +./createdisk.sh crc-tmp-install-data # Destroy the cluster ./openshift-baremetal-install destroy cluster --dir crc-tmp-install-data diff --git a/ci_microshift.sh b/ci_microshift.sh index 273b7ba4..4d215ff2 100755 --- a/ci_microshift.sh +++ b/ci_microshift.sh @@ -5,12 +5,12 @@ set -exuo pipefail sudo yum install -y make golang ./shellcheck.sh -SNC_GENERATE_MACOS_BUNDLE=0 ./microshift.sh +./microshift.sh # Set the zstd compression level to 10 to have faster # compression while keeping a reasonable bundle size. export CRC_ZSTD_EXTRA_FLAGS="-10" -SNC_GENERATE_MACOS_BUNDLE=0 ./createdisk.sh crc-tmp-install-data +./createdisk.sh crc-tmp-install-data git clone https://github.com/crc-org/crc.git pushd crc From 5a62adcd49f17ad1f7959c76401baa6e67f119a2 Mon Sep 17 00:00:00 2001 From: Christophe Fergeau Date: Tue, 6 Jun 2023 11:58:22 +0200 Subject: [PATCH 13/43] microshift: Drop RH internal 'brew' requirement microshift is officially released in RH repos, and microshift.sh already requires a subscription, so we can use `yum download` instead of `brew download-build`. I've checked that setting `MICROSHIFT_NVR` works for 4.13 releases. --- microshift.sh | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/microshift.sh b/microshift.sh index 30a8f1e4..40c37bc7 100755 --- a/microshift.sh +++ b/microshift.sh @@ -13,12 +13,6 @@ INSTALL_DIR=crc-tmp-install-data SNC_PRODUCT_NAME=${SNC_PRODUCT_NAME:-crc} BASE_DOMAIN=${CRC_BASE_DOMAIN:-testing} MIRROR=${MIRROR:-https://mirror.openshift.com/pub/openshift-v4/$ARCH/clients/ocp} -MICROSHIFT_NVR=${MICROSHIFT_NVR:-} - -if [ ! -n "${MICROSHIFT_NVR}" ]; then - echo "Please specify MICROSHIFT_NVR, which you can get from internal brew (ex. microshift-4.12.5-202302222013.p0.g0165ac4.assembly.4.12.5.el8 )" - exit 1 -fi if ! grep -q -i "release 9" /etc/redhat-release then @@ -73,7 +67,11 @@ function enable_repos { function download_microshift_rpm { local pkgDir=$1 pushd ${pkgDir} - brew download-build --quiet --arch noarch --arch ${ARCH} ${MICROSHIFT_NVR} + if [ -n "${MICROSHIFT_NVR-}" ]; then + sudo yum download --downloadonly microshift-${MICROSHIFT_NVR-} microshift-networking-${MICROSHIFT_NVR-} microshift-release-info-${MICROSHIFT_NVR-} microshift-selinux-${MICROSHIFT_NVR-} microshift-greenboot-${MICROSHIFT_NVR-} + else + sudo yum download --downloadonly microshift microshift-networking microshift-release-info microshift-selinux microshift-greenboot + fi popd } From d9a12cbbdece29483566b9b2436665cf94dd4e42 Mon Sep 17 00:00:00 2001 From: Praveen Kumar Date: Fri, 7 Jul 2023 13:09:49 +0530 Subject: [PATCH 14/43] Add RH internal certificate to access internal registry With 114d1c8290539c6b35b8c29182fc7fda968c7629 we removed the internal cert along with internal repo but this cert is still required for our patch image build purpose where we copy the images from internal registry and without it following error happen. ``` $ skopeo copy --dest-authfile updated_pullsecret.json --all --src-cert-dir=repos/ docker://registry-proxy.engineering.redhat.com/rh-osbs/openshift-crc-cluster-kube-apiserver-operator:v4.14.0-202307041530.p0.g8b64249.assembly.stream docker://quay.io/crcont/openshift-crc-cluster-kube-apiserver-operator:4.14.0-ec.3 time="2023-07-07T03:27:58-04:00" level=fatal msg="initializing source docker://registry-proxy.engineering.redhat.com/rh-osbs/openshift-crc-cluster-kube-apiserver-operator:v4.14.0-202307041530.p0.g8b64249.assembly.stream: pinging container registry registry-proxy.engineering.redhat.com: Get \"https://registry-proxy.engineering.redhat.com/v2/\": x509: certificate signed by unknown authority" ``` --- repos/2015-RH-IT-Root-CA.crt | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 repos/2015-RH-IT-Root-CA.crt diff --git a/repos/2015-RH-IT-Root-CA.crt b/repos/2015-RH-IT-Root-CA.crt new file mode 100644 index 00000000..d58ab4fb --- /dev/null +++ b/repos/2015-RH-IT-Root-CA.crt @@ -0,0 +1,25 @@ +------BEGIN CERTIFICATE----- +-MIIENDCCAxygAwIBAgIJANunI0D662cnMA0GCSqGSIb3DQEBCwUAMIGlMQswCQYD +-VQQGEwJVUzEXMBUGA1UECAwOTm9ydGggQ2Fyb2xpbmExEDAOBgNVBAcMB1JhbGVp +-Z2gxFjAUBgNVBAoMDVJlZCBIYXQsIEluYy4xEzARBgNVBAsMClJlZCBIYXQgSVQx +-GzAZBgNVBAMMElJlZCBIYXQgSVQgUm9vdCBDQTEhMB8GCSqGSIb3DQEJARYSaW5m +-b3NlY0ByZWRoYXQuY29tMCAXDTE1MDcwNjE3MzgxMVoYDzIwNTUwNjI2MTczODEx +-WjCBpTELMAkGA1UEBhMCVVMxFzAVBgNVBAgMDk5vcnRoIENhcm9saW5hMRAwDgYD +-VQQHDAdSYWxlaWdoMRYwFAYDVQQKDA1SZWQgSGF0LCBJbmMuMRMwEQYDVQQLDApS +-ZWQgSGF0IElUMRswGQYDVQQDDBJSZWQgSGF0IElUIFJvb3QgQ0ExITAfBgkqhkiG +-9w0BCQEWEmluZm9zZWNAcmVkaGF0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP +-ADCCAQoCggEBALQt9OJQh6GC5LT1g80qNh0u50BQ4sZ/yZ8aETxt+5lnPVX6MHKz +-bfwI6nO1aMG6j9bSw+6UUyPBHP796+FT/pTS+K0wsDV7c9XvHoxJBJJU38cdLkI2 +-c/i7lDqTfTcfLL2nyUBd2fQDk1B0fxrskhGIIZ3ifP1Ps4ltTkv8hRSob3VtNqSo +-GxkKfvD2PKjTPxDPWYyruy9irLZioMffi3i/gCut0ZWtAyO3MVH5qWF/enKwgPES +-X9po+TdCvRB/RUObBaM761EcrLSM1GqHNueSfqnho3AjLQ6dBnPWlo638Zm1VebK +-BELyhkLWMSFkKwDmne0jQ02Y4g075vCKvCsCAwEAAaNjMGEwHQYDVR0OBBYEFH7R +-4yC+UehIIPeuL8Zqw3PzbgcZMB8GA1UdIwQYMBaAFH7R4yC+UehIIPeuL8Zqw3Pz +-bgcZMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB +-CwUAA4IBAQBDNvD2Vm9sA5A9AlOJR8+en5Xz9hXcxJB5phxcZQ8jFoG04Vshvd0e +-LEnUrMcfFgIZ4njMKTQCM4ZFUPAieyLx4f52HuDopp3e5JyIMfW+KFcNIpKwCsak +-oSoKtIUOsUJK7qBVZxcrIyeQV2qcYOeZhtS5wBqIwOAhFwlCET7Ze58QHmS48slj +-S9K0JAcps2xdnGu0fkzhSQxY8GPQNFTlr6rYld5+ID/hHeS76gq0YG3q6RLWRkHf +-4eTkRjivAlExrFzKcljC4axKQlnOvVAzz+Gm32U0xPBF4ByePVxCJUHw1TsyTmel +-RxNEp7yHoXcwn+fXna+t5JWh1gxUZty3 +------END CERTIFICATE----- From 9edf71b2bfb03ecc250ef2e35f8c3180ccdbb3c3 Mon Sep 17 00:00:00 2001 From: Praveen Kumar Date: Fri, 7 Jul 2023 13:17:06 +0530 Subject: [PATCH 15/43] Rename repos dir to pki Before 114d1c8 it make sense to have directory name as `repos` because it had internal repo to download the kernel rpms but now since this directory only content the internal cert so better to rename it `pki`. --- build-patched-kao-kcmo-images.sh | 6 +++--- {repos => pki}/2015-RH-IT-Root-CA.crt | 0 2 files changed, 3 insertions(+), 3 deletions(-) rename {repos => pki}/2015-RH-IT-Root-CA.crt (100%) diff --git a/build-patched-kao-kcmo-images.sh b/build-patched-kao-kcmo-images.sh index 50e6b232..bc668d15 100755 --- a/build-patched-kao-kcmo-images.sh +++ b/build-patched-kao-kcmo-images.sh @@ -100,7 +100,7 @@ function patch_and_push_image() { rhpkg container-build --target crc-1-rhel-8-candidate popd fi - skopeo copy --dest-authfile ${OPENSHIFT_PULL_SECRET_PATH} --all --src-cert-dir=repos/ docker://registry-proxy.engineering.redhat.com/rh-osbs/openshift-crc-${image_name}:${version}-${release} docker://quay.io/crcont/openshift-crc-${image_name}:${openshift_version} + skopeo copy --dest-authfile ${OPENSHIFT_PULL_SECRET_PATH} --all --src-cert-dir=pki/ docker://registry-proxy.engineering.redhat.com/rh-osbs/openshift-crc-${image_name}:${version}-${release} docker://quay.io/crcont/openshift-crc-${image_name}:${openshift_version} } function create_patched_release_image_for_arch() { @@ -146,8 +146,8 @@ function update_base_image() { rhpkg container-build popd - skopeo copy --dest-authfile ${OPENSHIFT_PULL_SECRET_PATH} --all --src-cert-dir=repos/ docker://registry-proxy.engineering.redhat.com/rh-osbs/${brew_repo}:latest docker://quay.io/crcont/${brew_repo#crc-}:${openshift_version} - skopeo copy --dest-authfile ${OPENSHIFT_PULL_SECRET_PATH} --all --src-cert-dir=repos/ docker://registry-proxy.engineering.redhat.com/rh-osbs/${brew_repo}:latest docker://quay.io/crcont/${brew_repo#crc-}:latest + skopeo copy --dest-authfile ${OPENSHIFT_PULL_SECRET_PATH} --all --src-cert-dir=pki/ docker://registry-proxy.engineering.redhat.com/rh-osbs/${brew_repo}:latest docker://quay.io/crcont/${brew_repo#crc-}:${openshift_version} + skopeo copy --dest-authfile ${OPENSHIFT_PULL_SECRET_PATH} --all --src-cert-dir=pki/ docker://registry-proxy.engineering.redhat.com/rh-osbs/${brew_repo}:latest docker://quay.io/crcont/${brew_repo#crc-}:latest } openshift_version=$(${OC} adm release info -a ${OPENSHIFT_PULL_SECRET_PATH} ${OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE} -ojsonpath='{.config.config.Labels.io\.openshift\.release}') diff --git a/repos/2015-RH-IT-Root-CA.crt b/pki/2015-RH-IT-Root-CA.crt similarity index 100% rename from repos/2015-RH-IT-Root-CA.crt rename to pki/2015-RH-IT-Root-CA.crt From 69af9b5f5cc2a2128cd6603d60419ef69a0748ed Mon Sep 17 00:00:00 2001 From: Praveen Kumar Date: Thu, 6 Jul 2023 18:10:08 +0530 Subject: [PATCH 16/43] Use sudo for virsh commands as part of preflight checks openshift/okd bundles use `qemu+tcp` connection so that doesn't need the 'sudo' to get the details about network, uri and capabilities but for microshift bundle we use same preflight checks and use `qemu:///system` uri which need `sudo` to get those details otherwise the CI fails with following error: ``` + '[' microshift == okd ']' + virsh -c qemu:///system uri error: failed to connect to the hypervisor ``` --- snc-library.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/snc-library.sh b/snc-library.sh index d0034647..cbe8fa18 100755 --- a/snc-library.sh +++ b/snc-library.sh @@ -62,18 +62,18 @@ function run_preflight_checks() { fi # check if we can connect to ${LIBVIRT_URI} - if ! virsh -c ${LIBVIRT_URI} uri >/dev/null; then + if ! sudo virsh -c ${LIBVIRT_URI} uri >/dev/null; then preflight_failure "libvirtd is not listening for ${LIBVIRT_URI}, see https://github.com/openshift/installer/tree/master/docs/dev/libvirt#configure-libvirt-to-accept-tcp-connections" fi - if ! virsh -c ${LIBVIRT_URI} net-info default &> /dev/null; then + if ! sudo virsh -c ${LIBVIRT_URI} net-info default &> /dev/null; then echo "Installing libvirt default network configuration" sudo dnf install -y libvirt-daemon-config-network || exit 1 fi echo "default libvirt network is available" #Check if default libvirt network is Active - if [[ $(virsh -c ${LIBVIRT_URI} net-info default | awk '{print $2}' | sed '3q;d') == "no" ]]; then + if [[ $(sudo virsh -c ${LIBVIRT_URI} net-info default | awk '{print $2}' | sed '3q;d') == "no" ]]; then echo "Default network is not active, starting it" sudo virsh -c ${LIBVIRT_URI} net-start default || exit 1 fi @@ -87,7 +87,7 @@ function run_preflight_checks() { esac # check for availability of a hypervisor using kvm - if ! virsh -c ${LIBVIRT_URI} capabilities | ${XMLLINT} --xpath "/capabilities/guest/arch[@name='${ARCH}']/domain[@type='kvm']" - &>/dev/null; then + if ! sudo virsh -c ${LIBVIRT_URI} capabilities | ${XMLLINT} --xpath "/capabilities/guest/arch[@name='${ARCH}']/domain[@type='kvm']" - &>/dev/null; then preflight_failure "Your ${ARCH} platform does not provide a hardware-accelerated hypervisor, it's strongly recommended to enable it before running SNC. Check virt-host-validate for more detailed diagnostics" return fi From ee4dbc936e98493130b6af57c813893c1359bc8d Mon Sep 17 00:00:00 2001 From: Praveen Kumar Date: Fri, 7 Jul 2023 13:55:23 +0530 Subject: [PATCH 17/43] Fix typo in internal certificate looks like with f1dc4111434e575a02aa68861e5a1669b51ff95e, I put the content of the cert using git diff and it included `-` from begining of each line :(. This PR fixes it. --- pki/2015-RH-IT-Root-CA.crt | 50 +++++++++++++++++++------------------- 1 file changed, 25 insertions(+), 25 deletions(-) diff --git a/pki/2015-RH-IT-Root-CA.crt b/pki/2015-RH-IT-Root-CA.crt index d58ab4fb..f306f00f 100644 --- a/pki/2015-RH-IT-Root-CA.crt +++ b/pki/2015-RH-IT-Root-CA.crt @@ -1,25 +1,25 @@ -------BEGIN CERTIFICATE----- --MIIENDCCAxygAwIBAgIJANunI0D662cnMA0GCSqGSIb3DQEBCwUAMIGlMQswCQYD --VQQGEwJVUzEXMBUGA1UECAwOTm9ydGggQ2Fyb2xpbmExEDAOBgNVBAcMB1JhbGVp --Z2gxFjAUBgNVBAoMDVJlZCBIYXQsIEluYy4xEzARBgNVBAsMClJlZCBIYXQgSVQx --GzAZBgNVBAMMElJlZCBIYXQgSVQgUm9vdCBDQTEhMB8GCSqGSIb3DQEJARYSaW5m --b3NlY0ByZWRoYXQuY29tMCAXDTE1MDcwNjE3MzgxMVoYDzIwNTUwNjI2MTczODEx --WjCBpTELMAkGA1UEBhMCVVMxFzAVBgNVBAgMDk5vcnRoIENhcm9saW5hMRAwDgYD --VQQHDAdSYWxlaWdoMRYwFAYDVQQKDA1SZWQgSGF0LCBJbmMuMRMwEQYDVQQLDApS --ZWQgSGF0IElUMRswGQYDVQQDDBJSZWQgSGF0IElUIFJvb3QgQ0ExITAfBgkqhkiG --9w0BCQEWEmluZm9zZWNAcmVkaGF0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP --ADCCAQoCggEBALQt9OJQh6GC5LT1g80qNh0u50BQ4sZ/yZ8aETxt+5lnPVX6MHKz --bfwI6nO1aMG6j9bSw+6UUyPBHP796+FT/pTS+K0wsDV7c9XvHoxJBJJU38cdLkI2 --c/i7lDqTfTcfLL2nyUBd2fQDk1B0fxrskhGIIZ3ifP1Ps4ltTkv8hRSob3VtNqSo --GxkKfvD2PKjTPxDPWYyruy9irLZioMffi3i/gCut0ZWtAyO3MVH5qWF/enKwgPES --X9po+TdCvRB/RUObBaM761EcrLSM1GqHNueSfqnho3AjLQ6dBnPWlo638Zm1VebK --BELyhkLWMSFkKwDmne0jQ02Y4g075vCKvCsCAwEAAaNjMGEwHQYDVR0OBBYEFH7R --4yC+UehIIPeuL8Zqw3PzbgcZMB8GA1UdIwQYMBaAFH7R4yC+UehIIPeuL8Zqw3Pz --bgcZMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB --CwUAA4IBAQBDNvD2Vm9sA5A9AlOJR8+en5Xz9hXcxJB5phxcZQ8jFoG04Vshvd0e --LEnUrMcfFgIZ4njMKTQCM4ZFUPAieyLx4f52HuDopp3e5JyIMfW+KFcNIpKwCsak --oSoKtIUOsUJK7qBVZxcrIyeQV2qcYOeZhtS5wBqIwOAhFwlCET7Ze58QHmS48slj --S9K0JAcps2xdnGu0fkzhSQxY8GPQNFTlr6rYld5+ID/hHeS76gq0YG3q6RLWRkHf --4eTkRjivAlExrFzKcljC4axKQlnOvVAzz+Gm32U0xPBF4ByePVxCJUHw1TsyTmel --RxNEp7yHoXcwn+fXna+t5JWh1gxUZty3 -------END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIENDCCAxygAwIBAgIJANunI0D662cnMA0GCSqGSIb3DQEBCwUAMIGlMQswCQYD +VQQGEwJVUzEXMBUGA1UECAwOTm9ydGggQ2Fyb2xpbmExEDAOBgNVBAcMB1JhbGVp +Z2gxFjAUBgNVBAoMDVJlZCBIYXQsIEluYy4xEzARBgNVBAsMClJlZCBIYXQgSVQx +GzAZBgNVBAMMElJlZCBIYXQgSVQgUm9vdCBDQTEhMB8GCSqGSIb3DQEJARYSaW5m +b3NlY0ByZWRoYXQuY29tMCAXDTE1MDcwNjE3MzgxMVoYDzIwNTUwNjI2MTczODEx +WjCBpTELMAkGA1UEBhMCVVMxFzAVBgNVBAgMDk5vcnRoIENhcm9saW5hMRAwDgYD +VQQHDAdSYWxlaWdoMRYwFAYDVQQKDA1SZWQgSGF0LCBJbmMuMRMwEQYDVQQLDApS +ZWQgSGF0IElUMRswGQYDVQQDDBJSZWQgSGF0IElUIFJvb3QgQ0ExITAfBgkqhkiG +9w0BCQEWEmluZm9zZWNAcmVkaGF0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBALQt9OJQh6GC5LT1g80qNh0u50BQ4sZ/yZ8aETxt+5lnPVX6MHKz +bfwI6nO1aMG6j9bSw+6UUyPBHP796+FT/pTS+K0wsDV7c9XvHoxJBJJU38cdLkI2 +c/i7lDqTfTcfLL2nyUBd2fQDk1B0fxrskhGIIZ3ifP1Ps4ltTkv8hRSob3VtNqSo +GxkKfvD2PKjTPxDPWYyruy9irLZioMffi3i/gCut0ZWtAyO3MVH5qWF/enKwgPES +X9po+TdCvRB/RUObBaM761EcrLSM1GqHNueSfqnho3AjLQ6dBnPWlo638Zm1VebK +BELyhkLWMSFkKwDmne0jQ02Y4g075vCKvCsCAwEAAaNjMGEwHQYDVR0OBBYEFH7R +4yC+UehIIPeuL8Zqw3PzbgcZMB8GA1UdIwQYMBaAFH7R4yC+UehIIPeuL8Zqw3Pz +bgcZMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB +CwUAA4IBAQBDNvD2Vm9sA5A9AlOJR8+en5Xz9hXcxJB5phxcZQ8jFoG04Vshvd0e +LEnUrMcfFgIZ4njMKTQCM4ZFUPAieyLx4f52HuDopp3e5JyIMfW+KFcNIpKwCsak +oSoKtIUOsUJK7qBVZxcrIyeQV2qcYOeZhtS5wBqIwOAhFwlCET7Ze58QHmS48slj +S9K0JAcps2xdnGu0fkzhSQxY8GPQNFTlr6rYld5+ID/hHeS76gq0YG3q6RLWRkHf +4eTkRjivAlExrFzKcljC4axKQlnOvVAzz+Gm32U0xPBF4ByePVxCJUHw1TsyTmel +RxNEp7yHoXcwn+fXna+t5JWh1gxUZty3 +-----END CERTIFICATE----- From 4d67499252f258f6b535d5331281b8e1bd1e93ca Mon Sep 17 00:00:00 2001 From: Praveen Kumar Date: Thu, 6 Jul 2023 15:00:53 +0530 Subject: [PATCH 18/43] Rename route_controller.yaml.in to routes-controller.yaml.in - This is more consistent with the naming of the container image - This allows to workaround a problem with bundle v4.13.3 which had an invalid route_controller.json file - https://github.com/crc-org/snc/issues/747 --- createdisk.sh | 6 +++--- route_controller.yaml.in => router-controller.yaml.in | 0 2 files changed, 3 insertions(+), 3 deletions(-) rename route_controller.yaml.in => router-controller.yaml.in (100%) diff --git a/createdisk.sh b/createdisk.sh index 7135cbf8..adb6f8da 100755 --- a/createdisk.sh +++ b/createdisk.sh @@ -116,9 +116,9 @@ cat crio-wipe.service | ${SSH} core@${VM_IP} "sudo tee -a /etc/systemd/system/cr # Preload routes controller ${SSH} core@${VM_IP} -- "sudo podman pull quay.io/crcont/routes-controller:${image_tag}" -TAG=${image_tag} envsubst < route_controller.yaml.in > $INSTALL_DIR/route_controller.yaml -${SCP} $INSTALL_DIR/route_controller.yaml core@${VM_IP}:/home/core/ -${SSH} core@${VM_IP} -- 'sudo mkdir -p /opt/crc && sudo mv /home/core/route_controller.yaml /opt/crc/' +TAG=${image_tag} envsubst < routes-controller.yaml.in > $INSTALL_DIR/routes-controller.yaml +${SCP} $INSTALL_DIR/routes-controller.yaml core@${VM_IP}:/home/core/ +${SSH} core@${VM_IP} -- 'sudo mkdir -p /opt/crc && sudo mv /home/core/routes-controller.yaml /opt/crc/' if [ ${BUNDLE_TYPE} != "microshift" ]; then # Add internalIP as node IP for kubelet systemd unit file diff --git a/route_controller.yaml.in b/router-controller.yaml.in similarity index 100% rename from route_controller.yaml.in rename to router-controller.yaml.in From 1466e4a8b3e417a66fcdddc64a5fd954293b784c Mon Sep 17 00:00:00 2001 From: Praveen Kumar Date: Fri, 7 Jul 2023 14:31:27 +0530 Subject: [PATCH 19/43] Rename router-controller.yaml.in to routes-controller.yaml.in With 3edc3ceb4db9f9ba81eb7e5d80467acbc34d4d89 we want to make change the file with `routes-controller.yaml.in` but by mistake file is renamed to `router-controller.yaml.in` and the uses of the file named correctly with `routes-*`. This PR fix that file rename mistake. --- router-controller.yaml.in => routes-controller.yaml.in | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename router-controller.yaml.in => routes-controller.yaml.in (100%) diff --git a/router-controller.yaml.in b/routes-controller.yaml.in similarity index 100% rename from router-controller.yaml.in rename to routes-controller.yaml.in From 96b65210c3ba7902ce4c725eacf2b4f546074d50 Mon Sep 17 00:00:00 2001 From: Praveen Kumar Date: Mon, 10 Jul 2023 13:51:15 +0530 Subject: [PATCH 20/43] Use microshift as default value if VM_PREFIX is not set For microshift bundle creation `VM_PREFIX` is not set and CI have following error. This PR add `$VM_NAME` as default value in case there is no value set. ``` ./createdisk.sh: line 157: VM_PREFIX: unbound variable ``` --- createdisk.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/createdisk.sh b/createdisk.sh index adb6f8da..e7ba4967 100755 --- a/createdisk.sh +++ b/createdisk.sh @@ -154,7 +154,7 @@ libvirtDestDir="${destDirPrefix}_libvirt_${destDirSuffix}" rm -fr ${libvirtDestDir} ${libvirtDestDir}.crcbundle mkdir "$libvirtDestDir" -create_bundle_qemu_image "$libvirtDestDir" "${VM_PREFIX}" "${VM_NAME}" +create_bundle_qemu_image "$libvirtDestDir" "${VM_PREFIX:-$VM_NAME}" "${VM_NAME}" copy_additional_files "$INSTALL_DIR" "$libvirtDestDir" "${VM_NAME}" if [ "${SNC_GENERATE_LINUX_BUNDLE}" != "0" ]; then create_tarball "$libvirtDestDir" @@ -202,7 +202,7 @@ if [ "${SNC_GENERATE_MACOS_BUNDLE}" != "0" ]; then vfkitDestDir="${destDirPrefix}_vfkit_${destDirSuffix}" rm -fr ${vfkitDestDir} ${vfkitDestDir}.crcbundle - create_bundle_qemu_image "$libvirtDestDir" "${VM_PREFIX}" "${VM_NAME}" + create_bundle_qemu_image "$libvirtDestDir" "${VM_PREFIX:-$VM_NAME}" "${VM_NAME}" generate_vfkit_bundle "$libvirtDestDir" "$vfkitDestDir" "$INSTALL_DIR" "$kernel_release" "$kernel_cmd_line" From 3693765329a539326da5b6d29875cfdbca9e9b1e Mon Sep 17 00:00:00 2001 From: Praveen Kumar Date: Wed, 12 Jul 2023 13:46:18 +0530 Subject: [PATCH 21/43] Install-config: Add MachineAPI to enable as part of capability From 4.14 MachineAPI is part of capability and we need to explict enabled it. - https://pkg.go.dev/github.com/openshift/api/config/v1#ClusterVersionCapability --- install-config.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/install-config.yaml b/install-config.yaml index 3a34e1d8..ecd12144 100644 --- a/install-config.yaml +++ b/install-config.yaml @@ -37,4 +37,5 @@ capabilities: - openshift-samples - marketplace - Console + - MachineAPI publish: External From 5d2c993eb17fc65727c57f8e95222556b5faa7f2 Mon Sep 17 00:00:00 2001 From: Praveen Kumar Date: Tue, 11 Jul 2023 17:57:30 +0530 Subject: [PATCH 22/43] ci_microshift: Remove crc domain after bundle creation We need to remove the crc domain which is created as part of bundle creation process otherwise we are not able to test the this bundle with `crc` binary which also want to create same domain and fails with following error ``` level=info msg="Creating CRC VM for MicroShift 4.13.4..." Error creating machine: Error in driver during machine creation: virError(Code=9, Domain=20, Message='operation failed: domain 'crc' already exists with uuid 5ab0edb0-4c93-484f-8563-a91529d467ba') ``` --- ci_microshift.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ci_microshift.sh b/ci_microshift.sh index 4d215ff2..84d12441 100755 --- a/ci_microshift.sh +++ b/ci_microshift.sh @@ -12,6 +12,11 @@ sudo yum install -y make golang export CRC_ZSTD_EXTRA_FLAGS="-10" ./createdisk.sh crc-tmp-install-data +# Delete the crc domain which created by snc so it can created +# for crc test +sudo virsh destroy crc +sudo virsh undefine crc + git clone https://github.com/crc-org/crc.git pushd crc make cross From 121dcd645719365ed94c3c3ff34811ebe2463777 Mon Sep 17 00:00:00 2001 From: Praveen Kumar Date: Wed, 12 Jul 2023 13:10:50 +0530 Subject: [PATCH 23/43] ci_microshift: Just undefine the crc domain During creation of bundle `crc` vm is already in shutdown state so `virsh destroy` commands fails. We only need to undefine the VM. --- ci_microshift.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/ci_microshift.sh b/ci_microshift.sh index 84d12441..26290eca 100755 --- a/ci_microshift.sh +++ b/ci_microshift.sh @@ -14,7 +14,6 @@ export CRC_ZSTD_EXTRA_FLAGS="-10" # Delete the crc domain which created by snc so it can created # for crc test -sudo virsh destroy crc sudo virsh undefine crc git clone https://github.com/crc-org/crc.git From b17c25fc4c5825d92ea166ac47bbcd54fa6f824a Mon Sep 17 00:00:00 2001 From: Praveen Kumar Date: Tue, 18 Jul 2023 16:34:53 +0530 Subject: [PATCH 24/43] Build crc-dnsmasq and crc-route-controller image even KAO image already present Recently there was issue with brew and jobs are stuck to `free` state for a day and after that it succeed but our jenkins jobs fails to wait that long and when we rebuild the job since KAO image already built on the brew it will not fetch the repo and routes and dnsmasq images never built for that specific version of openshift. This PR make sure we always built those images as long as the `From` section from Dockerfile changes. --- build-patched-kao-kcmo-images.sh | 29 +++++++++++++++++------------ 1 file changed, 17 insertions(+), 12 deletions(-) diff --git a/build-patched-kao-kcmo-images.sh b/build-patched-kao-kcmo-images.sh index bc668d15..93753625 100755 --- a/build-patched-kao-kcmo-images.sh +++ b/build-patched-kao-kcmo-images.sh @@ -139,11 +139,14 @@ function update_base_image() { rhpkg clone containers/${brew_repo} pushd ${brew_repo} git checkout --track origin/crc-1-rhel-8 - sed -i "s!^FROM openshift/ose-base.*!FROM $base_image!" Dockerfile - git add Dockerfile - git commit -m "Use OpenShift ${openshift_version} base image" - git push origin - rhpkg container-build + base_image_of_repo=$(grep "^FROM openshift/ose-base" Dockerfile | sed 's/^FROM //') + if [ ${base_image} != ${base_image_of_repo} ]; then + sed -i "s!^FROM openshift/ose-base.*!FROM $base_image!" Dockerfile + git add Dockerfile + git commit -m "Use OpenShift ${openshift_version} base image" + git push origin + rhpkg container-build + fi popd skopeo copy --dest-authfile ${OPENSHIFT_PULL_SECRET_PATH} --all --src-cert-dir=pki/ docker://registry-proxy.engineering.redhat.com/rh-osbs/${brew_repo}:latest docker://quay.io/crcont/${brew_repo#crc-}:${openshift_version} @@ -156,11 +159,13 @@ patch_and_push_image cluster-kube-apiserver-operator patch_and_push_image cluster-kube-controller-manager-operator create_new_release_with_patched_images -# In case there is no change in the openshift component then the base -# image is also not changed so no need to build dnsmasq/route images -if [ -f crc-cluster-kube-apiserver-operator/Dockerfile ]; then - base_image=$(grep "^FROM openshift/ose-base" crc-cluster-kube-apiserver-operator/Dockerfile | sed 's/^FROM //') - - update_base_image crc-dnsmasq "${base_image}" - update_base_image crc-routes-controller "${base_image}" +# In case there is no change in the openshift component then KAO repo is not present locally +# and need to be fetched. +if [ ! -f crc-cluster-kube-apiserver-operator/Dockerfile ]; then + rhpkg clone --branch rhaos-${OCP_VERSION}-rhel-8 containers/crc-cluster-kube-apiserver-operator fi + +base_image=$(grep "^FROM openshift/ose-base" crc-cluster-kube-apiserver-operator/Dockerfile | sed 's/^FROM //') + +update_base_image crc-dnsmasq "${base_image}" +update_base_image crc-routes-controller "${base_image}" From 33b9020e8474ed9a1f06200da8c837eed2fbea54 Mon Sep 17 00:00:00 2001 From: Praveen Kumar Date: Wed, 19 Jul 2023 12:33:02 +0530 Subject: [PATCH 25/43] Enable linger for core user For the podman-env setting we use an SSH connection to start the container. It seems that containers get killed after a timeout. The way it is handled in podman-machine side is to enable lingering for `core` user and this PR is suppose to do same. --- podman_changes.ks | 3 +++ 1 file changed, 3 insertions(+) diff --git a/podman_changes.ks b/podman_changes.ks index 9763afcf..4ec37d48 100644 --- a/podman_changes.ks +++ b/podman_changes.ks @@ -21,3 +21,6 @@ tee /etc/containers/registries.conf.d/999-podman-machine.conf < Date: Tue, 8 Aug 2023 14:41:23 +0530 Subject: [PATCH 26/43] Wait till machine config pool is in updated state Recently we found out that due to mcp is not in updated state, created bundles had issue with machine config like following ``` Marking Degraded due to: machineconfig.machineconfiguration.openshift.io "rendered-master-5e0b4b6fd5ad9c5c64801e18039b9233" not found ``` when the mcp is not updated properly ``` $ oc get mcp NAME CONFIG UPDATED UPDATING DEGRADED MACHINECOUNT READYMACHINECOUNT UPDATEDMACHINECOUNT DEGRADEDMACHINECOUNT AGE master rendered-master-5e0b4b6fd5ad9c5c64801e18039b9233 False True True 1 0 0 1 3d13h worker rendered-worker-e6687df4c217440327c4dc1dcf0f507c True False False 0 0 0 0 3d13h ``` --- snc.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/snc.sh b/snc.sh index 6843188f..f861aa46 100755 --- a/snc.sh +++ b/snc.sh @@ -257,4 +257,8 @@ retry ${OC} delete pod --field-selector=status.phase==Succeeded --all-namespaces mc_name=$(retry ${OC} get mc --sort-by=.metadata.creationTimestamp --no-headers -oname) echo "${mc_name}" | grep rendered-master | head -n -1 | xargs -t ${OC} delete echo "${mc_name}" | grep rendered-worker | head -n -1 | xargs -t ${OC} delete +# Wait till machine config pool is updated correctly +while retry ${OC} get mcp master -ojsonpath='{.status.conditions[?(@.type!="Updated")].status}' | grep True; do + echo "Machine config still in updating/degrading state" +done From 48d550b3d6352a520e7379d3aa9b0baca8941dbb Mon Sep 17 00:00:00 2001 From: Praveen Kumar Date: Thu, 10 Aug 2023 11:21:52 +0530 Subject: [PATCH 27/43] microshift: use yum's downloaddir option instead pushd to directory --- microshift.sh | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/microshift.sh b/microshift.sh index 40c37bc7..c964c741 100755 --- a/microshift.sh +++ b/microshift.sh @@ -66,13 +66,11 @@ function enable_repos { function download_microshift_rpm { local pkgDir=$1 - pushd ${pkgDir} if [ -n "${MICROSHIFT_NVR-}" ]; then - sudo yum download --downloadonly microshift-${MICROSHIFT_NVR-} microshift-networking-${MICROSHIFT_NVR-} microshift-release-info-${MICROSHIFT_NVR-} microshift-selinux-${MICROSHIFT_NVR-} microshift-greenboot-${MICROSHIFT_NVR-} + sudo yum download --downloaddir ${pkgDir} --downloadonly microshift-${MICROSHIFT_NVR-} microshift-networking-${MICROSHIFT_NVR-} microshift-release-info-${MICROSHIFT_NVR-} microshift-selinux-${MICROSHIFT_NVR-} microshift-greenboot-${MICROSHIFT_NVR-} else - sudo yum download --downloadonly microshift microshift-networking microshift-release-info microshift-selinux microshift-greenboot + sudo yum download --downloaddir ${pkgDir} --downloadonly microshift microshift-networking microshift-release-info microshift-selinux microshift-greenboot fi - popd } function create_iso { From bb7bb87a2661d146ed5d635ce49c95b230794da7 Mon Sep 17 00:00:00 2001 From: Praveen Kumar Date: Thu, 10 Aug 2023 11:50:05 +0530 Subject: [PATCH 28/43] microshift: Add logic to create bundle of upcoming release It uses `MICROSHIFT_PRERELEASE` as environment variable to create bundle for upcoming release by getting the microshift-* rpms from mirror.openshift.com --- microshift.sh | 10 ++++++++-- repos/mirror-microshift.repo | 5 +++++ 2 files changed, 13 insertions(+), 2 deletions(-) create mode 100644 repos/mirror-microshift.repo diff --git a/microshift.sh b/microshift.sh index c964c741..29588145 100755 --- a/microshift.sh +++ b/microshift.sh @@ -66,7 +66,9 @@ function enable_repos { function download_microshift_rpm { local pkgDir=$1 - if [ -n "${MICROSHIFT_NVR-}" ]; then + if [ -n "${MICROSHIFT_PRERELEASE-}" ]; then + sudo yum download --setopt=reposdir=./repos --downloadonly --downloaddir ${pkgDir} microshift microshift-networking microshift-release-info microshift-selinux microshift-greenboot + elif [ -n "${MICROSHIFT_NVR-}" ]; then sudo yum download --downloaddir ${pkgDir} --downloadonly microshift-${MICROSHIFT_NVR-} microshift-networking-${MICROSHIFT_NVR-} microshift-release-info-${MICROSHIFT_NVR-} microshift-selinux-${MICROSHIFT_NVR-} microshift-greenboot-${MICROSHIFT_NVR-} else sudo yum download --downloaddir ${pkgDir} --downloadonly microshift microshift-networking microshift-release-info microshift-selinux microshift-greenboot @@ -76,7 +78,11 @@ function download_microshift_rpm { function create_iso { local pkgDir=$1 rm -fr microshift - git clone -b release-4.13 https://github.com/openshift/microshift.git + if [ -n "${MICROSHIFT_PRERELEASE-}" ]; then + git clone -b main https://github.com/openshift/microshift.git + else + git clone -b release-4.13 https://github.com/openshift/microshift.git + fi cp podman_changes.ks microshift/ pushd microshift sed -i '/# customizations/,$d' scripts/image-builder/config/blueprint_v0.0.1.toml diff --git a/repos/mirror-microshift.repo b/repos/mirror-microshift.repo new file mode 100644 index 00000000..e8317f13 --- /dev/null +++ b/repos/mirror-microshift.repo @@ -0,0 +1,5 @@ +[mirror-microshift] +name=microshift repo for mirror +baseurl=https://mirror.openshift.com/pub/openshift-v4/$basearch/microshift/ocp-dev-preview/latest-4.14/elrhel-9/os/ +enabled=1 +gpgcheck=0 From b7d94f3aaf7c97e84d52b69e7f0329e18311cc0a Mon Sep 17 00:00:00 2001 From: Praveen Kumar Date: Thu, 10 Aug 2023 21:11:01 +0530 Subject: [PATCH 29/43] CI: use MICROSHIFT_PRERELEASE for creating pre release bundles of microshift --- ci_microshift.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci_microshift.sh b/ci_microshift.sh index 26290eca..d8917664 100755 --- a/ci_microshift.sh +++ b/ci_microshift.sh @@ -5,7 +5,7 @@ set -exuo pipefail sudo yum install -y make golang ./shellcheck.sh -./microshift.sh +MICROSHIFT_PRERELEASE=yes ./microshift.sh # Set the zstd compression level to 10 to have faster # compression while keeping a reasonable bundle size. From ff0c9c6c94c84daf9f4c1972c7517cd3f7633d7b Mon Sep 17 00:00:00 2001 From: Praveen Kumar Date: Fri, 11 Aug 2023 10:02:48 +0530 Subject: [PATCH 30/43] microshift: update mirror to ocp-dev-preview --- microshift.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/microshift.sh b/microshift.sh index 29588145..878ade85 100755 --- a/microshift.sh +++ b/microshift.sh @@ -12,7 +12,7 @@ BUNDLE_TYPE="microshift" INSTALL_DIR=crc-tmp-install-data SNC_PRODUCT_NAME=${SNC_PRODUCT_NAME:-crc} BASE_DOMAIN=${CRC_BASE_DOMAIN:-testing} -MIRROR=${MIRROR:-https://mirror.openshift.com/pub/openshift-v4/$ARCH/clients/ocp} +MIRROR=${MIRROR:-https://mirror.openshift.com/pub/openshift-v4/$ARCH/clients/ocp-dev-preview} if ! grep -q -i "release 9" /etc/redhat-release then From ce89c139ef2ec25460258fc0a44134cd371760f1 Mon Sep 17 00:00:00 2001 From: Praveen Kumar Date: Mon, 21 Aug 2023 12:56:19 +0530 Subject: [PATCH 31/43] Microshift: use MICROSHIFT_PRERELEASE to determine which mirror url to consume Since we started using MICROSHIFT_PRERELEASE in more places in master branch, this could also be conditional on MICROSHIFT_PRERELEASE being set, and mean one less change to make when switching branches. Based on review suggestion: https://github.com/crc-org/snc/pull/790#discussion_r1295823156 --- microshift.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/microshift.sh b/microshift.sh index 878ade85..9debe769 100755 --- a/microshift.sh +++ b/microshift.sh @@ -12,7 +12,11 @@ BUNDLE_TYPE="microshift" INSTALL_DIR=crc-tmp-install-data SNC_PRODUCT_NAME=${SNC_PRODUCT_NAME:-crc} BASE_DOMAIN=${CRC_BASE_DOMAIN:-testing} -MIRROR=${MIRROR:-https://mirror.openshift.com/pub/openshift-v4/$ARCH/clients/ocp-dev-preview} +if [ -n "${MICROSHIFT_PRERELEASE-}" ]; then + MIRROR=${MIRROR:-https://mirror.openshift.com/pub/openshift-v4/$ARCH/clients/ocp-dev-preview} +else + MIRROR=${MIRROR:-https://mirror.openshift.com/pub/openshift-v4/$ARCH/clients/ocp} +fi if ! grep -q -i "release 9" /etc/redhat-release then From 639bee5b95d2134a3d3a551acfa561b08db62d2c Mon Sep 17 00:00:00 2001 From: Praveen Kumar Date: Mon, 21 Aug 2023 13:02:35 +0530 Subject: [PATCH 32/43] microshift: refactor download_microshift_rpm function As per suggestion: https://github.com/crc-org/snc/pull/787/files#r1295831946 --- microshift.sh | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/microshift.sh b/microshift.sh index 9debe769..2b762644 100755 --- a/microshift.sh +++ b/microshift.sh @@ -70,13 +70,14 @@ function enable_repos { function download_microshift_rpm { local pkgDir=$1 + local extra_opts="" + local nvr_suffix="" if [ -n "${MICROSHIFT_PRERELEASE-}" ]; then - sudo yum download --setopt=reposdir=./repos --downloadonly --downloaddir ${pkgDir} microshift microshift-networking microshift-release-info microshift-selinux microshift-greenboot + extra_opts="--setopt=reposdir=./repos" elif [ -n "${MICROSHIFT_NVR-}" ]; then - sudo yum download --downloaddir ${pkgDir} --downloadonly microshift-${MICROSHIFT_NVR-} microshift-networking-${MICROSHIFT_NVR-} microshift-release-info-${MICROSHIFT_NVR-} microshift-selinux-${MICROSHIFT_NVR-} microshift-greenboot-${MICROSHIFT_NVR-} - else - sudo yum download --downloaddir ${pkgDir} --downloadonly microshift microshift-networking microshift-release-info microshift-selinux microshift-greenboot + nvr_suffix="-${MICROSHIFT_NVR-}" fi + sudo yum download ${extra_opts} --downloaddir ${pkgDir} --downloadonly microshift${nvr_suffix} microshift-networking${nvr_suffix} microshift-release-info${nvr_suffix} microshift-selinux${nvr_suffix} microshift-greenboot${nvr_suffix} } function create_iso { From 1a5768495a7d7945007fc80c2d17531c8821137e Mon Sep 17 00:00:00 2001 From: Praveen Kumar Date: Thu, 24 Aug 2023 09:11:47 +0530 Subject: [PATCH 33/43] gen-bundle-image: Update arm64 bundle image generation condition Only `okd` doesn't have support for arm64 but other preset have so we just need to avoid creating the arm64 bundle support for `okd`. This PR update the `if` condition around it. --- gen-bundle-image.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gen-bundle-image.sh b/gen-bundle-image.sh index dea17f3f..fbff15fa 100755 --- a/gen-bundle-image.sh +++ b/gen-bundle-image.sh @@ -57,7 +57,7 @@ function generate_manifest { local preset=$2 podman manifest rm ${preset}-bundle:${version} || true podman manifest create ${preset}-bundle:${version} - if [[ ${preset} = "podman" ]]; then + if [[ ${preset} != "okd" ]]; then podman manifest add ${preset}-bundle:${version} containers-storage:localhost/${preset}-bundle:darwin-arm64 fi podman manifest add ${preset}-bundle:${version} containers-storage:localhost/${preset}-bundle:darwin-amd64 @@ -69,7 +69,7 @@ function generate_manifest { function sign_bundle_files { local preset=$1 rm -fr *.sig - if [[ ${preset} = "podman" ]]; then + if [[ ${preset} != "okd" ]]; then gpg --batch --default-key crc@crc.dev --pinentry-mode=loopback --passphrase-file ${GPG_SECRET_KEY_PASSPHRASE_PATH} --armor --output ${vfkit_bundle_arm64}.sig --detach-sig ${vfkit_bundle_arm64} fi gpg --batch --default-key crc@crc.dev --pinentry-mode=loopback --passphrase-file ${GPG_SECRET_KEY_PASSPHRASE_PATH} --armor --output ${vfkit_bundle}.sig --detach-sig ${vfkit_bundle} From ad07ba3e837ea1d83e6e29f39ac7e3968636ebd8 Mon Sep 17 00:00:00 2001 From: Praveen Kumar Date: Wed, 23 Aug 2023 17:35:17 +0530 Subject: [PATCH 34/43] gen-bundle-image: refactor to accomodate microshift preset This PR refactor around set_bundle_variables function to make sure image can be generated for microshift bundle also. --- gen-bundle-image.sh | 22 +++++++++------------- 1 file changed, 9 insertions(+), 13 deletions(-) diff --git a/gen-bundle-image.sh b/gen-bundle-image.sh index fbff15fa..3a707b1b 100755 --- a/gen-bundle-image.sh +++ b/gen-bundle-image.sh @@ -8,22 +8,18 @@ function set_bundle_variables { local version=$1 local preset=$2 - if [[ ${preset} = "openshift" ]]; then - vfkit_bundle_arm64=crc_vfkit_${version}_arm64.crcbundle - fi - if [[ ${preset} = "podman" ]]; then - vfkit_bundle_arm64=crc_podman_vfkit_${version}_arm64.crcbundle + local bundlePreset="" + if [ ${preset} != 'openshift' ]; then + bundlePreset="_${preset}" fi - if [[ ${preset} = "openshift" ]]; then - preset="" - else - preset="_${preset}" + if [ ${PRESET} != 'okd' ]; then + vfkit_bundle_arm64=crc${bundlePreset}_vfkit_${version}_arm64.crcbundle fi - vfkit_bundle=crc${preset}_vfkit_${version}_amd64.crcbundle - libvirt_bundle=crc${preset}_libvirt_${version}_amd64.crcbundle - hyperv_bundle=crc${preset}_hyperv_${version}_amd64.crcbundle + vfkit_bundle=crc${bundlePreset}_vfkit_${version}_amd64.crcbundle + libvirt_bundle=crc${bundlePreset}_libvirt_${version}_amd64.crcbundle + hyperv_bundle=crc${bundlePreset}_hyperv_${version}_amd64.crcbundle } function generate_image { @@ -78,7 +74,7 @@ function sign_bundle_files { } if [[ $# -ne 2 ]]; then - echo "You need to provide the bundle version and preset (openshift/podman/okd)" + echo "You need to provide the bundle version and preset (openshift/podman/okd/microshift)" exit 1 fi From 5b8e2d38b3a3637390ee3e62e870f36d8bdcc10f Mon Sep 17 00:00:00 2001 From: Praveen Kumar Date: Fri, 25 Aug 2023 11:40:44 +0530 Subject: [PATCH 35/43] gen-bundle-image: allow to build arm64 image for microshift also It was missed during 491351665a6590bb434fb761372d1915a413ab3d one. --- gen-bundle-image.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gen-bundle-image.sh b/gen-bundle-image.sh index 3a707b1b..5f9d9b81 100755 --- a/gen-bundle-image.sh +++ b/gen-bundle-image.sh @@ -25,7 +25,7 @@ function set_bundle_variables { function generate_image { local preset=$1 - if [ ${preset} = "podman" -o ${preset} = "openshift" ]; then + if [ ${preset} != "okd" ]; then cat < Date: Fri, 25 Aug 2023 14:45:07 +0530 Subject: [PATCH 36/43] snc-library: Fix app route for microshift preset In microshift we don't configure app route different than base domain like we can do in OCP using ingress configuration, so app route for microshift become `apps.crc.testing` but for OCP it is `apps-crc.testing`. This patch make sure it is updated to the bundle metadata correctly. --- snc-library.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/snc-library.sh b/snc-library.sh index cbe8fa18..49b9452f 100755 --- a/snc-library.sh +++ b/snc-library.sh @@ -143,11 +143,13 @@ function create_json_description { | ${JQ} ".clusterInfo.openshiftVersion = \"${OPENSHIFT_RELEASE_VERSION}\"" \ | ${JQ} ".clusterInfo.clusterName = \"${SNC_PRODUCT_NAME}\"" \ | ${JQ} ".clusterInfo.baseDomain = \"${BASE_DOMAIN}\"" \ - | ${JQ} ".clusterInfo.appsDomain = \"apps-${SNC_PRODUCT_NAME}.${BASE_DOMAIN}\"" >${INSTALL_DIR}/crc-bundle-info.json + | ${JQ} ".clusterInfo.appsDomain = \"apps.${SNC_PRODUCT_NAME}.${BASE_DOMAIN}\"" >${INSTALL_DIR}/crc-bundle-info.json if [ ${bundle_type} == "snc" ] || [ ${bundle_type} == "okd" ]; then openshiftInstallerVersion=$(${OPENSHIFT_INSTALL} version) tmp=$(mktemp) - cat ${INSTALL_DIR}/crc-bundle-info.json | ${JQ} ".buildInfo.openshiftInstallerVersion = \"${openshiftInstallerVersion}\"" \ + cat ${INSTALL_DIR}/crc-bundle-info.json \ + | ${JQ} ".buildInfo.openshiftInstallerVersion = \"${openshiftInstallerVersion}\"" \ + | ${JQ} ".clusterInfo.appsDomain = \"apps-${SNC_PRODUCT_NAME}.${BASE_DOMAIN}\"" \ > ${tmp} && mv ${tmp} ${INSTALL_DIR}/crc-bundle-info.json fi } From e7313696a554bc2d82d0080e17aa443fcab58310 Mon Sep 17 00:00:00 2001 From: Praveen Kumar Date: Mon, 18 Sep 2023 14:30:46 +0530 Subject: [PATCH 37/43] build-patched-kao-kcmo-images.sh: Use https instead of git for encryption Looks like internally [0] anonymous operations are changed from `git` to `https` because git protocol miss encryption. [0] https://issues.redhat.com/browse/RHELBLD-10855 should fix ``` git remote add upstream git://pkgs.devel.redhat.com/containers/ose-cluster-kube-apiserver-operator + git fetch upstream rhaos-4.14-rhel-8 --no-tags fatal: unable to connect to pkgs.devel.redhat.com: pkgs.devel.redhat.com[0: x.x.x.x]: errno=No route to host ``` --- build-patched-kao-kcmo-images.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build-patched-kao-kcmo-images.sh b/build-patched-kao-kcmo-images.sh index 93753625..1e192220 100755 --- a/build-patched-kao-kcmo-images.sh +++ b/build-patched-kao-kcmo-images.sh @@ -91,7 +91,7 @@ function patch_and_push_image() { if ! brew buildinfo crc-${image_name}-container-${version}-${release}; then rhpkg clone containers/crc-${image_name} pushd crc-${image_name} - git remote add upstream git://pkgs.devel.redhat.com/containers/ose-${image_name} + git remote add upstream https://pkgs.devel.redhat.com/git/containers/ose-${image_name} # Just fetch the upstream/rhaos-${OCP_VERSION}-rhel-8 instead of all the branches and tags from upstream git fetch upstream rhaos-${OCP_VERSION}-rhel-8 --no-tags git checkout --track origin/rhaos-${OCP_VERSION}-rhel-8 From 47dd3019dff343688462bd6a9923e374905b5651 Mon Sep 17 00:00:00 2001 From: Praveen Kumar Date: Thu, 21 Sep 2023 14:10:51 +0530 Subject: [PATCH 38/43] install-config.yaml: Add image-registry, build and deployment config capability 4.14 add more capability like image-registry, build and deployment as addon which can be added on top of `None`. By default since we are using `None` those capabilities need to be added explicitly to have it part of cluster since we are providing these features before. fixes: #806 --- install-config.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/install-config.yaml b/install-config.yaml index ecd12144..2940a3e0 100644 --- a/install-config.yaml +++ b/install-config.yaml @@ -38,4 +38,7 @@ capabilities: - marketplace - Console - MachineAPI + - ImageRegistry + - DeploymentConfig + - Build publish: External From e2338bd892d93c8759dc7681c9bf2aa39abc157c Mon Sep 17 00:00:00 2001 From: Praveen Kumar Date: Wed, 6 Sep 2023 13:47:46 +0530 Subject: [PATCH 39/43] Use GPT partition table instead msdos This PR adds `clearpart` option `--disklabel` to use `gpt` as default disk label and to allow this we also need to add a partition of `biosboot` so that it will not error out with following error. ``` your bios-based system needs a special partition to boot from a gpt disk label ``` - https://pykickstart.readthedocs.io/en/latest/kickstart-docs.html#clearpart - https://access.redhat.com/solutions/3370891 Note: Upstream PR is merged but only available from 4.15 and microshift team is not interesting to backport it for 4.13/4.14 branch and suggested that crc team keep this modification to respective repo. - https://github.com/openshift/microshift/pull/2331 --- microshift.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/microshift.sh b/microshift.sh index 2b762644..cd8fae14 100755 --- a/microshift.sh +++ b/microshift.sh @@ -101,6 +101,8 @@ version = "*" EOF sed -i 's/redhat/core/g' scripts/image-builder/config/kickstart.ks.template sed -i "/--bootproto=dhcp/a\network --hostname=api.${SNC_PRODUCT_NAME}.${BASE_DOMAIN}" scripts/image-builder/config/kickstart.ks.template + sed -i 's/clearpart --all --initlabel/clearpart --all --disklabel gpt/g' scripts/image-builder/config/kickstart.ks.template + sed -i "/clearpart --all/a\part biosboot --fstype=biosboot --size=1" scripts/image-builder/config/kickstart.ks.template sed -i '$e cat podman_changes.ks' scripts/image-builder/config/kickstart.ks.template scripts/image-builder/cleanup.sh -full # The home dir and files must have read permissions to group From f19c7237d6cdb344a4c17f8c2f4002bcc93c33ca Mon Sep 17 00:00:00 2001 From: Praveen Kumar Date: Fri, 8 Sep 2023 10:54:41 +0530 Subject: [PATCH 40/43] microshift: Boot the ISO in uefi mode If we don't boot the ISO in uefi mode, then the UEFI firmware files won't get installed in the generated qcow2 image. This would prevent this image from booting with UEFI. --- ci_microshift.sh | 2 +- microshift.sh | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/ci_microshift.sh b/ci_microshift.sh index d8917664..95e7123a 100755 --- a/ci_microshift.sh +++ b/ci_microshift.sh @@ -14,7 +14,7 @@ export CRC_ZSTD_EXTRA_FLAGS="-10" # Delete the crc domain which created by snc so it can created # for crc test -sudo virsh undefine crc +sudo virsh undefine crc --nvram git clone https://github.com/crc-org/crc.git pushd crc diff --git a/microshift.sh b/microshift.sh index cd8fae14..b750d9c2 100755 --- a/microshift.sh +++ b/microshift.sh @@ -158,4 +158,5 @@ sudo virt-install \ --cdrom /var/lib/libvirt/images/microshift-installer.iso \ --events on_reboot=restart \ --autoconsole none \ + --boot uefi \ --wait 5 From 440a9f7fb2b09c3d1002f71b60a120dc693a5034 Mon Sep 17 00:00:00 2001 From: Praveen Kumar Date: Fri, 8 Sep 2023 15:50:55 +0530 Subject: [PATCH 41/43] microshift: Install the grub bootloader for legacy support Since we are starting the ISO with `efi` mode then by default there is no bootloader for legacy support, this PR add that so the qcow2 image able to boot for UEFI and legacy both. --- microshift.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/microshift.sh b/microshift.sh index b750d9c2..03e27c99 100755 --- a/microshift.sh +++ b/microshift.sh @@ -103,6 +103,7 @@ EOF sed -i "/--bootproto=dhcp/a\network --hostname=api.${SNC_PRODUCT_NAME}.${BASE_DOMAIN}" scripts/image-builder/config/kickstart.ks.template sed -i 's/clearpart --all --initlabel/clearpart --all --disklabel gpt/g' scripts/image-builder/config/kickstart.ks.template sed -i "/clearpart --all/a\part biosboot --fstype=biosboot --size=1" scripts/image-builder/config/kickstart.ks.template + sed -i '$i\grub2-install --target=i386-pc /dev/vda' scripts/image-builder/config/kickstart.ks.template sed -i '$e cat podman_changes.ks' scripts/image-builder/config/kickstart.ks.template scripts/image-builder/cleanup.sh -full # The home dir and files must have read permissions to group From 6d9edad8b9c9139a300c9efee0c51d18f2160058 Mon Sep 17 00:00:00 2001 From: Praveen Kumar Date: Thu, 2 Nov 2023 13:57:40 +0530 Subject: [PATCH 42/43] Switch candidate-4.14 to latest-4.14 --- build-patched-kao-kcmo-images.sh | 4 ++-- snc.sh | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/build-patched-kao-kcmo-images.sh b/build-patched-kao-kcmo-images.sh index 1e192220..1f242713 100755 --- a/build-patched-kao-kcmo-images.sh +++ b/build-patched-kao-kcmo-images.sh @@ -38,14 +38,14 @@ function check_pull_secret() { check_pull_secret HOST_ARCH=$(uname -m) -MIRROR=${MIRROR:-https://mirror.openshift.com/pub/openshift-v4/$HOST_ARCH/clients/ocp-dev-preview} +MIRROR=${MIRROR:-https://mirror.openshift.com/pub/openshift-v4/$HOST_ARCH/clients/ocp} # If user defined the OPENSHIFT_VERSION environment variable then use it. if test -n "${OPENSHIFT_VERSION-}"; then OPENSHIFT_RELEASE_VERSION=${OPENSHIFT_VERSION} echo "Using release ${OPENSHIFT_RELEASE_VERSION} from OPENSHIFT_VERSION" else - OPENSHIFT_RELEASE_VERSION="$(curl -L "${MIRROR}"/candidate-${OCP_VERSION}/release.txt | sed -n 's/^ *Version: *//p')" + OPENSHIFT_RELEASE_VERSION="$(curl -L "${MIRROR}"/latest-${OCP_VERSION}/release.txt | sed -n 's/^ *Version: *//p')" if test -n "${OPENSHIFT_RELEASE_VERSION}"; then echo "Using release ${OPENSHIFT_RELEASE_VERSION} from the mirror" else diff --git a/snc.sh b/snc.sh index 7576fa05..31ba8ffc 100755 --- a/snc.sh +++ b/snc.sh @@ -44,7 +44,7 @@ if test -n "${OPENSHIFT_VERSION-}"; then OPENSHIFT_RELEASE_VERSION=${OPENSHIFT_VERSION} echo "Using release ${OPENSHIFT_RELEASE_VERSION} from OPENSHIFT_VERSION" else - OPENSHIFT_RELEASE_VERSION="$(curl -L "${MIRROR}"/candidate-4.14/release.txt | sed -n 's/^ *Version: *//p')" + OPENSHIFT_RELEASE_VERSION="$(curl -L "${MIRROR}"/latest-4.14/release.txt | sed -n 's/^ *Version: *//p')" if test -n "${OPENSHIFT_RELEASE_VERSION}"; then echo "Using release ${OPENSHIFT_RELEASE_VERSION} from the latest mirror" else From 1152bdf63f331e6b9cc4fab81fa82b0864b224c9 Mon Sep 17 00:00:00 2001 From: Praveen Kumar Date: Thu, 2 Nov 2023 13:59:17 +0530 Subject: [PATCH 43/43] Update to release-4.14 branch --- microshift.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/microshift.sh b/microshift.sh index 03e27c99..6c0e2b6a 100755 --- a/microshift.sh +++ b/microshift.sh @@ -64,7 +64,7 @@ function configure_host { function enable_repos { sudo subscription-manager repos \ - --enable rhocp-4.13-for-rhel-9-$(uname -i)-rpms \ + --enable rhocp-4.14-for-rhel-9-$(uname -i)-rpms \ --enable fast-datapath-for-rhel-9-$(uname -i)-rpms } @@ -86,7 +86,7 @@ function create_iso { if [ -n "${MICROSHIFT_PRERELEASE-}" ]; then git clone -b main https://github.com/openshift/microshift.git else - git clone -b release-4.13 https://github.com/openshift/microshift.git + git clone -b release-4.14 https://github.com/openshift/microshift.git fi cp podman_changes.ks microshift/ pushd microshift