-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
rhcos: Embed full build metadata in binary #1423
rhcos: Embed full build metadata in binary #1423
Conversation
Some discussion in the previous PR #1402 (comment) |
f46097e
to
310c782
Compare
73b02bd
to
3756253
Compare
pkg/rhcos/builds.go
Outdated
} else { | ||
build = rhcosBuildID | ||
} | ||
url := fmt.Sprintf("%s/%s/%s/meta.json", baseURL, rhcosBuildChannel, build) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd rather just stick with our existing OPENSHIFT_INSTALL_OS_IMAGE_OVERRIDE
for overrides. Coupled with the bundled metadata for the pinned RHCOS that this PR is adding, that would mean we could drop this JSON request entirely. Different override approaches have been floated before in #1168 and #1402 though, so there's clearly some workflow where "supply the override AMI (or QCOW2 image URI, etc.)" is not seen as sufficient. Can you point me at that place, so I can float an approach that uses OPENSHIFT_INSTALL_OS_IMAGE_OVERRIDE
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think anyone who wants to test something related to RHCOS will find it far easier to supply a version number rather than parsing the version number and getting the AMI or extracting the qcow2 manually. I can very much say this is the case for me.
Further, I expect us to at some point have CI that overrides this. "Test this release payload with updated rhcos bootimage" is a valid thing to want to do for the same reason we want to override release payloads.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Really we need both. The existing image override is useful to test an unofficial bootimage.
In fact just now I used both - tested with the latest rhcos from our buildsystem, hit an issue, did a local build with a test fix, then used the local override to point to file:///
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think anyone who wants to test something related to RHCOS will find it far easier to supply a version number rather than parsing the version number and getting the AMI or extracting the qcow2 manually.
How many people need this, though?
Further, I expect us to at some point have CI that overrides this. "Test this release payload with updated rhcos bootimage" is a valid thing to want to do for the same reason we want to override release payloads.
Sure, but my preferred approach for this is "override the release image" (via #1286).
Really we need both. The existing image override is useful to test an unofficial bootimage.
It can be used for testing official boot images too, right? The only issue is whether this lookup needs to be built into the installer, or if you can use external tool like this script.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure, but my preferred approach for this is "override the release image" (via #1286).
You know I agree 💯 % with that - particularly because if e.g. say one is overriding the image thinking to test a kernel change to e.g. a NIC driver for a new cloud platform, it will be a surprise probably for most people that that change gets overwritten quickly by machine-os-content
- which you need a custom release payload to change. (And we need to make changing both ergonomic, but that's another issue)
But my real argument here is:
The only issue is whether this lookup needs to be built into the installer
The code's already there though! It's just missing a few config knobs.
How many people need this, though?
It's not just the number of people - it's also that I don't want lots of places parsing that release schema - while we're unlikely to change it soon, again the installer already has the code, so let's just make it more useful.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The code's already there though! It's just missing a few config knobs.
But this is our chance to get rid of it, and "more knobs" feels like doubling down on a known dead-end approach :p.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
But this is our chance to get rid of it, and "more knobs" feels like doubling down on a known dead-end approach :p.
I don't think we're going to deploy the dependencies necessary in #1286 anytime soon.
Also, this code would be useful for us to deal with the Ignition 3 change.
c351b9a
to
3756253
Compare
(Sorry, had a force push accident here...reset now) |
e245bc9
to
4cc5fdd
Compare
OK updated now 🆕 to address comments. |
/retest |
4cc5fdd
to
70730cd
Compare
/retest |
pkg/rhcos/builds.go
Outdated
// rhcosBuildChannel is a name for a stream of builds | ||
var rhcosBuildChannel string | ||
|
||
func fetchRHCOSBuild(ctx context.Context) (metadata, error) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this needs to be rewired as the overrides were dropped.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I kept most of the code to handle multiple just dropped the override environment variables. What do you want exactly? Delete everything except support for reading the pinned JSON?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Delete everything except support for reading the pinned JSON?
We still need a way to override for CI, but that override does not need any build fetching, so this signature looks fine to me.
I've floated a fixup in 009285da2df880, adding support to the script for earlier Pythons, like my RHEL 7.5 CSB's 3.4.9. I'm also including the base URI from which the metadata was sourced, which can be used later in Go for constructing the bootimage URIs (libvirt QCOW2, etc.), so we don't have to code the likely source into the Go. I'll go back later tonight and adjust the Go to match. Thoughts? |
Ok, I've floated cabafdc54 as well, which adds |
And now I've floated 14cfc9965 which:
|
/retest |
Please no. This is too much python with too many options for what I'm comfortable supporting in the installer repo.
This needs to be a follow up. |
Dropped from my squash commit with 14cfc9965 -> b1daba1cc. I've left my expanded Python script alone for now, but am fine trimming it back down if we decide to only focus on updating |
/retest |
New squash, trimming the Python back down to just updating |
Updated the PR topic now that there are no longer new env vars; probably update the commit message too when squashing. |
Pushed 551acf1da -> e726a2b6c, fixing a bug in |
This way we avoid needing a service available at least for AWS installs. The AMIs now get hardcoded into the binary. `hack/update-rhcos-bootimage.py` is a small script which accepts a URL to build metadata and updates our cached version with just the subset of keys we care about (or potentially care about); e.g. not the pkgdiff. From Trevor: Drop the HTTP stuff in favor of just the local asset or `OPENSHIFT_INSTALL_OS_IMAGE_OVERRIDE`. The codecs business works around the lack of byte-stream support in json.load before Python 3.6 [1]. [1]: https://docs.python.org/3/library/json.html#json.load Co-authored-by: Trevor King <[email protected]>
24cf48e
to
e080f04
Compare
Done, thanks! |
/retest |
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: cgwalters, wking The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/retest |
Crashlooping (etcd certs) is being tracked in rhbz#1694169 with a patch in coreos/kubecsr#25. Cinder failure seems to have been a one-off flake: /retest |
/retest Please review the full test history for this PR and help us cut down flakes. |
This way we avoid needing a service available at least for AWS
installs. The AMIs now get hardcoded into the binary.
Further, in order to make it easier for developers to test
alternative builds of RHCOS, add an override environment variable
just like is available for the release payload.