Bug 2033953: Afterburn to try config-drive before Nova metadata

[pierreprinetti]

With this change, the afterburn-hostname service uses the 'openstack'
provider, which fetches userdata from the config drive, and only uses
the Nova metadata service as a fallback. This is especially useful in
network topologies where Nova-metadata is not guaranteed to be reachable
(e.g. when using baremetal (Ironic) instances).

[openshift-ci]

@pierreprinetti: This pull request references Bugzilla bug 2033953, which is invalid:

• expected the bug to target the "4.10.0" release, but it targets "---" instead

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

Bug 2033953: Afterburn to try config-drive before Nova metadata

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[pierreprinetti]

/bugzilla refresh

[openshift-ci]

@pierreprinetti: This pull request references Bugzilla bug 2033953, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target release (4.10.0) matches configured target release for branch (4.10.0)
• bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

Requesting review from QA contact:
/cc @eurijon

In response to this:

/bugzilla refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[openshift-ci]

@pierreprinetti: This pull request references Bugzilla bug 2033953, which is valid.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target release (4.10.0) matches configured target release for branch (4.10.0)
• bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

Requesting review from QA contact:
/cc @eurijon

In response to this:

Bug 2033953: Afterburn to try config-drive before Nova metadata

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[pierreprinetti]

/cc mandre

[cgwalters]

This intersects a bit with a whole huge recent saga around hostnames; see https://bugzilla.redhat.com/show_bug.cgi?id=2008521#c40
and coreos/afterburn#509

A lot of confusion and overlap between "ownership" of the hostname. While this isn't new, the presence of this file is perpetuating a difference between FCOS and RHCOS behavior on OpenStack. (I think this is rooted in the uncertain availability of the metadata service across OpenStack deployments)

Another related topic; AIUI the reason for the current design is that availability of the config drive is racy. I don't know if that applies in Ironic or not.

[pierreprinetti]

@cgwalters
My intention here is to only make a tactic adjustment to the way a host fetches userdata: changing the behaviour from "fetch Nova metadata" to "fetch configdrive; if failed, fetch Nova metadata".

I couldn't find Afterburn providers' documentation, but here's the relevant code:

match provider {
        // ...
        "openstack" => openstack::try_config_drive_else_network(),
        "openstack-metadata" => box_result!(OpenstackProviderNetwork::try_new()?),
        // ...

Is this change having a larger blast radius than what I expect?

/retest-required

[cgwalters]

Yes,
/approve
since I think this is probably not going to break anything.

But one other question: what is the role of Ironic in OCP going forward? I thought the move to use the CoreOS "Live ISO" approach for IPI metal meant we wouldn't have this "use openstack on bare metal" stuff in the future.

[pierreprinetti]

We want to offer OpenShift-on-OpenStack users the ability to use managed baremetal nodes within OpenStack. Beyond the value of leveraging tools that the users might already know, I believe one further added value is to support a mixed fleet of virtual and physical servers within a single OCP cluster. Does that make sense?

[mandre]

Thanks @pierreprinetti for the patch.
/lgtm

what is the role of Ironic in OCP going forward? I thought the move to use the CoreOS "Live ISO" approach for IPI metal meant we wouldn't have this "use openstack on bare metal" stuff in the future.

This is about allowing OpenShift on OpenStack deployments to leverage ironic and provision BM worker nodes, it's unrelated to IPI metal.

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[mdbooth]

This intersects a bit with a whole huge recent saga around hostnames; see https://bugzilla.redhat.com/show_bug.cgi?id=2008521#c40 and coreos/afterburn#509

A lot of confusion and overlap between "ownership" of the hostname. While this isn't new, the presence of this file is perpetuating a difference between FCOS and RHCOS behavior on OpenStack. (I think this is rooted in the uncertain availability of the metadata service across OpenStack deployments)

Another related topic; AIUI the reason for the current design is that availability of the config drive is racy. I don't know if that applies in Ironic or not.

The specific reason for the creation of a persistent hostname was a different in kubelet's behaviour when using legacy cloud provider vs external cloud provider. In summary: when using a legacy cloud provider kubelet gets its node name from the cloud provider; when using an external cloud provider kubelet gets its node name from hostname unless you pass it on the command line.

It turns out that in practise hostname is not always identical to the value returned by the cloud provider. It's an upgrade issue if either:

• Hostname changes on an already-provisioned host
• Nodename changes for an already-provisioned kubelet

Consequently we decided to use afterburn to fetch hostname from the cloud provider and pass it to kubelet via the command line option, which means node name remains the same across a legacy->external CCM upgrade, and we don't have to change the hostname.

[mdbooth]

/lgtm

Config drive with fallback to metadata is ideal for getting hostname.

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: cgwalters, mandre, mdbooth, pierreprinetti

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• templates/common/openstack/OWNERS [cgwalters,mandre,mdbooth,pierreprinetti]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[openshift-ci]

@pierreprinetti: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-aws-single-node	60854e7	link	false	/test e2e-aws-single-node
ci/prow/e2e-aws-workers-rhel7	60854e7	link	false	/test e2e-aws-workers-rhel7
ci/prow/e2e-aws-disruptive	60854e7	link	false	/test e2e-aws-disruptive
ci/prow/e2e-aws-upgrade-single-node	60854e7	link	false	/test e2e-aws-upgrade-single-node
ci/prow/e2e-aws-workers-rhel8	60854e7	link	false	/test e2e-aws-workers-rhel8
ci/prow/e2e-vsphere-upgrade	60854e7	link	false	/test e2e-vsphere-upgrade
ci/prow/e2e-ovn-step-registry	60854e7	link	false	/test e2e-ovn-step-registry

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[openshift-ci]

@pierreprinetti: All pull requests linked via external trackers have merged:

• openshift/machine-config-operator#2903

Bugzilla bug 2033953 has been moved to the MODIFIED state.

In response to this:

Bug 2033953: Afterburn to try config-drive before Nova metadata

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[pierreprinetti]

/cherry-pick release-4.9

[openshift-cherrypick-robot]

@pierreprinetti: new pull request created: #2915

In response to this:

/cherry-pick release-4.9

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.