Skip to content

snc: Add logic to create /User top level directory for OCP #1047

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Apr 10, 2025
Merged

snc: Add logic to create /User top level directory for OCP #1047

merged 2 commits into from
Apr 10, 2025

Conversation

@praveenkumar
Copy link
Member

@praveenkumar praveenkumar commented Apr 8, 2025
edited by sourcery-ai bot
Loading

Since OCP now moved to use bootc where top level directory is immutable
and chattr -i / doesn't work as it worked before so only option is to
create a custom-os image and deploy that as part of day-2 operation.

More details : #1041 (comment)

Summary by Sourcery

Modify Single Node Cluster (SNC) setup to create a custom OS image with /Users directory for OCP using bootc

New Features:

  • Create a custom RHCOS image with /Users directory to address immutable top-level directory limitations in OCP

Enhancements:

  • Implement a Containerfile-based approach to create a custom OS image with /Users symlink

Deployment:

  • Add logic to build, push, and apply a custom machine config with a new OS image

Chores:

  • Remove existing 99_master-create-users-symlink.yaml configuration

@praveenkumar
Revert "Add logic to make filesystem immuatable for directory sharing…
57ae1ea 
… from host"

This reverts commit a890014. Since OCP
moves to consume bootc images for node this is not working anymore, in
next commit workable solution is added.
@sourcery-ai
Copy link

sourcery-ai bot commented Apr 8, 2025
edited
Loading

Reviewer's Guide by Sourcery

This pull request adds logic to create a custom-os image with the /Users directory and symlink for OCP, addressing the immutability of the top-level directory in bootc. It removes the previous method of creating the /Users directory and symlink via a unit file.

No diagrams generated as the changes look simple and do not need a visual representation.

File-Level Changes

Change Details Files
Addition of logic to create a custom-os image with /Users directory and symlink.
  • Creation of a Containerfile to create the /Users symlink and /var/Users directory.
  • Building a new rhcos image using podman.
  • Pushing the new image to the OpenShift image registry.
  • Creation of a MachineConfig to update the nodes with the new image.
  • Applying the MachineConfig.
  • Waiting for the MachineConfigPool to update.
 snc.sh
Removal of the unit file for creating /Users and symlinking it to /var/Users.
  • Removed the file 99_master-create-users-symlink.yaml.
 snc.sh
99_master-create-users-symlink.yaml
Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it. You can also reply to a
    review comment with @sourcery-ai issue to create an issue from it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time. You can also comment
    @sourcery-ai title on the pull request to (re-)generate the title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time exactly where you
    want it. You can also comment @sourcery-ai summary on the pull request to
    (re-)generate the summary at any time.
  • Generate reviewer's guide: Comment @sourcery-ai guide on the pull
    request to (re-)generate the reviewer's guide at any time.
  • Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
    pull request to resolve all Sourcery comments. Useful if you've already
    addressed all the comments and don't want to see them anymore.
  • Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
    request to dismiss all existing Sourcery reviews. Especially useful if you
    want to start fresh with a new review - don't forget to comment
    @sourcery-ai review to trigger a new review!
  • Generate a plan of action for an issue: Comment @sourcery-ai plan on
    an issue to generate a plan of action for it.

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

@openshift-ci openshift-ci bot requested review from anjannath and gbraad April 8, 2025 10:54
sourcery-ai[bot]
sourcery-ai bot reviewed Apr 8, 2025
View reviewed changes
Copy link

@sourcery-ai sourcery-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @praveenkumar - I've reviewed your changes - here's some feedback:

Overall Comments:

  • Consider adding a rollback mechanism in case the custom-os image deployment fails.
  • The sleep 10 command is not ideal; use a more robust method to ensure the MachineConfig is applied before proceeding.
Here's what I looked at during the review
  • 🟡 General issues: 2 issues found
  • 🟢 Security: all looks good
  • 🟢 Testing: all looks good
  • 🟢 Complexity: all looks good
  • 🟢 Documentation: all looks good
Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

@praveenkumar praveenkumar force-pushed the issue_1041 branch 4 times, most recently from 6aae6c8 to 9891a44 Compare April 9, 2025 01:05
@praveenkumar
Copy link
Member Author

/retest e2e-snc

@openshift-ci
Copy link

openshift-ci bot commented Apr 9, 2025

@praveenkumar: The /retest command does not accept any targets.
The following commands are available to trigger required jobs:

/test e2e-microshift

/test e2e-microshift-arm

/test e2e-snc

/test images

Use /test all to run all jobs.

In response to this:

/retest e2e-snc

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@praveenkumar
Copy link
Member Author

/test e2e-snc

@praveenkumar
snc: Add logic to create /User top level directory for OCP
822a5ad 
Since OCP now moved to use bootc where top level directory is immutable
and `chattr -i /` doesn't work as it worked before so only option is to
create a custom-os image and deploy that as part of day-2 operation.

More details : crc-org#1041 (comment)
@openshift-ci
Copy link

openshift-ci bot commented Apr 9, 2025

@praveenkumar: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-microshift-arm 822a5ad link true /test e2e-microshift-arm

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

anjannath
anjannath reviewed Apr 9, 2025
View reviewed changes
snc.sh
machineconfiguration.openshift.io/role: master
name: custom-image
spec:
osImageURL: image-registry.openshift-image-registry.svc:5000/openshift-machine-config-operator/rhcos:latest
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

how much does the it increase the bundle size? and can we later delete the image after machine config pool is updated?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes that's what I am exploring.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I checked the images if it is stored in bundle after creating the bundle

rhel-coreos                                    sha256:66b5f9d8f1af5acee783db84a25c08338252ff9c276d33e391680168a22f42ee

but it is not available in the bundle.

@openshift-ci openshift-ci bot added the lgtm label Apr 9, 2025
@openshift-ci
Copy link

openshift-ci bot commented Apr 9, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: anjannath

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved label Apr 9, 2025
@praveenkumar
Copy link
Member Author

/cherry-pick release-4.19

@openshift-cherrypick-robot
Copy link

@praveenkumar: once the present PR merges, I will cherry-pick it on top of release-4.19 in a new PR and assign it to you.

In response to this:

/cherry-pick release-4.19

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@praveenkumar
Copy link
Member Author

/cherry-pick release-4.18

@openshift-cherrypick-robot
Copy link

@praveenkumar: once the present PR merges, I will cherry-pick it on top of release-4.18 in a new PR and assign it to you.

In response to this:

/cherry-pick release-4.18

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@praveenkumar praveenkumar merged commit 685f7b7 into crc-org:master Apr 10, 2025
3 of 5 checks passed
@openshift-cherrypick-robot
Copy link

@praveenkumar: new pull request created: #1048

In response to this:

/cherry-pick release-4.19

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@openshift-cherrypick-robot openshift-cherrypick-robot mentioned this pull request Apr 10, 2025
Merged
@openshift-cherrypick-robot
Copy link

@praveenkumar: new pull request created: #1049

In response to this:

/cherry-pick release-4.18

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@openshift-cherrypick-robot openshift-cherrypick-robot mentioned this pull request Apr 10, 2025
Merged
cfergeau
cfergeau reviewed Apr 10, 2025
View reviewed changes
snc.sh
unset KUBECONFIG
RHCOS_IMAGE=$(${OC} adm release info -a ${OPENSHIFT_PULL_SECRET_PATH} ${OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE} --image-for=rhel-coreos)
cat << EOF > ${INSTALL_DIR}/Containerfile
FROM scratch
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you could use ${RHCOS_IMAGE} here, and remove the --from ${RHCOS_IMAGE} arg from podman build.
The shell should be able to expand it to its value.

snc.sh
# Wait for the cluster again to become stable because of all the patches/changes
wait_till_cluster_stable

# This section is used to create a custom-os image which have `/Users`
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

imo this comment is a strong indication that this belongs in a create_custom_os_image helper function.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cfergeau cfergeau cfergeau left review comments

@sourcery-ai sourcery-ai[bot] sourcery-ai[bot] left review comments

@anjannath anjannath anjannath approved these changes

@gbraad gbraad Awaiting requested review from gbraad

Assignees

@anjannath anjannath

Labels

approved lgtm

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@praveenkumar @openshift-cherrypick-robot @cfergeau @anjannath