pkg/daemon: implement OS version validation #60
Conversation
openshift-ci-robot
added
the
size/L
|
I'm going to hold this for now. It works fine though I haven't reprovisioned my cluster in a while, and the installer and m-c-o move at the speed of light... /hold |
openshift-ci-robot
added
the
do-not-merge/hold
pkg/daemon/rpm-ostree.go
Outdated
|
|
||
| // just make it a hard error if we somehow don't have any deployments | ||
| if len(rosState.Deployments) == 0 { | ||
| return nil, fmt.Errorf("Not currently booted in a deployment") |
There was a problem hiding this comment.
since this is entirely the same error as the one at the end of the function, and the one at the end of the function will be hit if the length is zero and this isn't here, do we need this if statement at all?
There was a problem hiding this comment.
Oh yeah, I meant to drop this but forgot!
pkg/daemon/update.go
Outdated
| @@ -400,6 +403,11 @@ func getFileOwnership(file ignv2_2types.File) (int, int, error) { | |||
| return uid, gid, nil | |||
| } | |||
|
|
|||
| func (dn *Daemon) updateOS(oldConfig, newConfig *mcfgv1.MachineConfig) error { | |||
| glog.Infof("Updating OS to %s", newConfig.Spec.OSImageURL) | |||
| return runPivot(newConfig.Spec.OSImageURL) | |||
There was a problem hiding this comment.
is pivot idempotent? this is going to get run times when there is not an actual os update, because everything gets refreshed if anything is different (eg if we add a file, we will run pivot with our currently booted os image url even though it's not different)
There was a problem hiding this comment.
Yes, it's idempotent (see https://github.com/ashcrow/pivot/pull/14), but I should add a check here as well so we don't waste time running it.
pkg/daemon/update.go
Outdated
| @@ -400,6 +403,11 @@ func getFileOwnership(file ignv2_2types.File) (int, int, error) { | |||
| return uid, gid, nil | |||
| } | |||
|
|
|||
| func (dn *Daemon) updateOS(oldConfig, newConfig *mcfgv1.MachineConfig) error { | |||
There was a problem hiding this comment.
even though this isn't exported, it's probably worth adding a comment describing it's functionality to keep it in line with the other functions that perform parts of an update.
| ) | ||
|
|
||
| // Subset of `rpm-ostree status --json` | ||
| // https://github.com/projectatomic/rpm-ostree/blob/bce966a9812df141d38e3290f845171ec745aa4e/src/daemon/rpmostreed-deployment-utils.c#L227 |
|
@jlebon can you run |
| if dn.checkFiles(desiredConfig.Spec.Config.Storage.Files) && | ||
| dn.checkUnits(desiredConfig.Spec.Config.Systemd.Units) { | ||
| dn.checkUnits(desiredConfig.Spec.Config.Systemd.Units) && | ||
| isDesiredOS { |
There was a problem hiding this comment.
nit: My brain does not like how this if statement is structured, but it's not problematic.
pkg/daemon/daemon.go
Outdated
| return true, nil | ||
| } | ||
|
|
||
| // error is nil, as we successfully decided that validate is false | ||
| return false, nil | ||
| } | ||
|
|
||
| func (dn *Daemon) checkOS(osImageURL string) (bool, error) { |
There was a problem hiding this comment.
nit: It would be helpful to document what the non-error return signifies.
jlebon
force-pushed
the
pr/rpm-ostree
branch
from
bae10d0 to
c59c08a
Compare
|
Alrighty, comments addressed! Tested on top of the latest everything. Dropping hold. |
openshift-ci-robot
removed
the
do-not-merge/hold
|
I will note the daemon cannot yet go through with rebooting the node due to some missing role bindings: Though let's keep that separate. |
|
I filed #66 so we remember it. |
|
Oh one more thing. Once this merges, the MCD in a fresh cluster will error out because the If we're not ready for that yet, we could work around this for now by considered a MC with |
|
@jlebon everything regarding the MachineConfig generation for masters and worker, is controller by this repo. |
|
Also #66 (comment) |
It's not that simple though. This is dependent on the installer moving over from using the RHCOS AMI/qcow2 directly to using the OS container image and pivot. |
OK, I pushed another commit for now which does this! ⬆️ |
|
/lgtm |
jlebon
force-pushed
the
pr/rpm-ostree
branch
from
b35665b to
3eb24cd
Compare
|
Sorry for the race condition there. I just updated that last commit to use backticks to avoid escaping the double quotes. |
|
@jlebon not a problem 👍 |
|
/lgtm |
|
looks like we need a person with approver on the repo at large to |
|
Opened #73 as I think it may make sense to let us modify MCD manifest files. |
I opened openshift/installer#267 to raise visibility on this. |
|
/lgtm |
|
Hmm, I think it might be blocking on the fact that we're adding a new |
jlebon
force-pushed
the
pr/rpm-ostree
branch
from
3eb24cd to
bb96f5d
Compare
|
/lgtm |
|
seems like |
Teach the MCD to check the current OS version and upgrade the host. This essentially implements the 'OSImageURL` part of the `MachineConfig` spec. Since we're in a chroot anyway, I just took the easy path of exec'ing `rpm-ostree` and `pivot` directly. Which is good, because right now only `pivot` knows how to upgrade RHCOS from an oscontainer image pull spec.
One subtle thing that might be hard to appreciate in the previous patch is that we're running `pivot` from inside the container, which in turn runs `podman` to access the contents of the oscontainer. For podman to work right, we need `hostPID`. Also need `hostNetwork` for the `rpm-ostree` client to talk to the daemon over D-Bus. Another way to see this: make the MCD feel even more like it's running directly on the host. (Though ideally, if `rpm-ostree` learns to pull content from the oscontainer itself, this would get easier).
Until the installer learns to pivot ➰ and we have an accurate starting `OSImageURL` entry.
jlebon
force-pushed
the
pr/rpm-ostree
branch
from
bb96f5d to
a5dc94b
Compare
openshift-ci-robot
added
approved
|
OK, updated to just keep those helper functions under |
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: ashcrow, jlebon The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
update readme with details on config fields, behavior, troubleshooting
Teach the MCD to check the current OS version and upgrade the host. This
essentially implements the
OSImageURLpart of theMachineConfigspec.
Since we're in a chroot anyway, I just took the easy path of exec'ing
rpm-ostreeandpivotdirectly. Which is good, because right now onlypivotknows how to upgrade RHCOS from an oscontainer image pull spec.