Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OCPBUGS-33248: daemon: upgrade os image from local container storage if it exists #4347

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

OCPBUGS-33248: daemon: upgrade os image from local container storage if it exists #4347

wants to merge 1 commit into from
+36 −4

Conversation

hexfusion
Copy link
Contributor

@hexfusion hexfusion commented May 3, 2024
edited

This PR add the ability to upgrade an os image if it has already been pulled into local container storage. This functionality is behind PinnedImage feature gate. The advantage to this path is that before this change skopeo by default will make a call to the registry to pull the image during upgrade. That does not work for disconnected clusters.

@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented May 6, 2024

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: hexfusion
Once this PR has been reviewed and has the lgtm label, please assign djoshy for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label May 6, 2024
@hexfusion hexfusion changed the title try upgrading os image from local storage daemon: upgrade os image from local container storage if it exists May 6, 2024
@hexfusion hexfusion marked this pull request as ready for review May 6, 2024 15:14
@openshift-ci openshift-ci bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label May 6, 2024
@hexfusion hexfusion changed the title daemon: upgrade os image from local container storage if it exists OCPBUGS-33248: daemon: upgrade os image from local container storage if it exists May 6, 2024
@openshift-ci-robot openshift-ci-robot added jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. labels May 6, 2024
@openshift-ci-robot
Copy link
Contributor

@hexfusion: This pull request references Jira Issue OCPBUGS-33248, which is invalid:

  • expected the bug to target the "4.16.0" version, but no target version was set

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

In response to this:

This PR add the ability to upgrade an os image if it has already been pulled into local container storage. This functionality is gated behind PinnedImage gates.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci-robot
Copy link
Contributor

@hexfusion: This pull request references Jira Issue OCPBUGS-33248, which is invalid:

  • expected the bug to target the "4.16.0" version, but no target version was set

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@hexfusion
Copy link
Contributor Author

/jira refresh

@openshift-ci-robot openshift-ci-robot added jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. and removed jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. labels May 6, 2024
@openshift-ci-robot
Copy link
Contributor

@hexfusion: This pull request references Jira Issue OCPBUGS-33248, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target version (4.16.0) matches configured target version for branch (4.16.0)
  • bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @siserafin

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci openshift-ci bot requested a review from siserafin May 6, 2024 15:23
@hexfusion hexfusion force-pushed the ostree branch 5 times, most recently from 514f87a to 0d21fd8 Compare May 6, 2024 15:56
@openshift-ci-robot
Copy link
Contributor

@hexfusion: This pull request references Jira Issue OCPBUGS-33248, which is valid.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target version (4.16.0) matches configured target version for branch (4.16.0)
  • bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @siserafin

In response to this:

This PR add the ability to upgrade an os image if it has already been pulled into local container storage. This functionality is gated behind PinnedImage gates. The advantage to this path is that prior to this change skopeo by default will make a call to the registry to pull the image during upgrade. That does not work for disconnected clusters.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@hexfusion
daemon: upgrade os image from local container storage if it exists
65324b1 
Signed-off-by: Sam Batschelet <sbatsche@redhat.com>
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented May 6, 2024

@hexfusion: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-hypershift 65324b1 link true /test e2e-hypershift

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@siserafin
Copy link

siserafin commented May 7, 2024
edited

Verified in a disconnected cluster.

  1. Mirror an os image
  2. Pull the image from the node
  3. Add the firewall rule to block the pulling from registry
    sudo iptables -A OUTPUT -p tcp --dport 443 -j DROP
  4. Trigger the os upgrade
rpm-ostree --experimental rebase ostree-unverified-image:containers-storage:registry.build03.ci.openshift.org/ci-ln-gv2713b/stable@sha256:fda7f7db7bed8d6691acc2dd9870d492995b6bae6354b17edb3537f2637e113a
Pulling manifest: ostree-unverified-image:containers-storage:registry.build03.ci.openshift.org/ci-ln-gv2713b/stable@sha256:fda7f7db7bed8d6691acc2dd9870d492995b6bae6354b17edb3537f2637e113a
Importing: ostree-unverified-image:containers-storage:registry.build03.ci.openshift.org/ci-ln-gv2713b/stable@sha256:fda7f7db7bed8d6691acc2dd9870d492995b6bae6354b17edb3537f2637e113a (digest: sha256:fda7f7db7bed8d6691acc2dd9870d492995b6bae6354b17edb3537f2637e113a)
ostree chunk layers already present: 36
ostree chunk layers needed: 15 (284.5?MB)
⠁ Staging deployment...                                                                                                                                                                                                                                                                                                                                                                               Staging deployment... done
Downgraded:
  container-selinux 3:2.231.0-1.rhaos4.16.el9 -> 3:2.229.0-1.rhaos4.16.el9
  cri-o 1.29.4-6.rhaos4.16.git0e93ae2.el9 -> 1.29.4-5.rhaos4.16.gitec19fc9.el9
  openshift-kubelet 4.16.0-202405062116.p0.g681e46b.assembly.stream.el9 -> 4.16.0-202404251943.p0.gd1ec84a.assembly.stream.el9
Changes queued for next boot. Run "systemctl reboot" to start a reboot

/label qe-approved

@openshift-ci openshift-ci bot added the qe-approved Signifies that QE has signed off on this PR label May 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sinnykumari sinnykumari Awaiting requested review from sinnykumari

@yuqi-zhang yuqi-zhang Awaiting requested review from yuqi-zhang

@siserafin siserafin Awaiting requested review from siserafin

Assignees
No one assigned
Labels
jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. qe-approved Signifies that QE has signed off on this PR
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@hexfusion @openshift-ci-robot @siserafin