Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

: MULTIARCH-4568: Inject ReleaseArch into openshift-install #1792

Merged
merged 1 commit into from
Jul 8, 2024

Conversation

jeffdyoung
Copy link
Contributor

@jeffdyoung jeffdyoung commented May 31, 2024

In parallel with: openshift/installer#8515

This is necessary so the installer knows if it is using a single arch payload vs a multi arch payload.
ATM customers can't recognize the difference without having to query the container registry.
This is also the first step to enable deploying clusters with ARM control planes and x86 compute nodes (and vice versa)
https://issues.redhat.com/browse/MULTIARCH-4567

@openshift-ci openshift-ci bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label May 31, 2024
@openshift-ci openshift-ci bot requested review from deads2k and soltysh May 31, 2024 13:36
pkg/cli/admin/release/extract_tools.go Outdated Show resolved Hide resolved
Readme: readmeInstallUnix,
InjectReleaseImage: true,
InjectReleaseVersion: true,
InjectReleaseArchitecture: true,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There are various usage patterns of this command, have you had a chance to check all of them;

  • oc adm release info --tools
  • oc adm release --command=installer --command=darwing/arm64
    ...

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes, they will print a warning if the openshift-install doesn't have the right marker, but it will exit 0.

pkg/cli/admin/release/extract_tools.go Show resolved Hide resolved
@@ -1041,6 +1056,8 @@ const (
releaseImageMarker = "!_RELEASE_IMAGE_LOCATION_\x00XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\x00"
// releaseVersionMarker is the placeholder within a binary for the release image version name string.
releaseVersionMarker = "!_RELEASE_VERSION_LOCATION_\x00XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\x00"
// releaseArchitectureMarker is the placeholder within a binary for the list of architectures the release image supports.
releaseArchitectureMarker = "!_RELEASE_ARCHITECTURE_LOCATION_\x00XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\x00"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We are modifying binaries that are already built and that inevitably causes checksum value changes which is not good with respect to sanity checks. I'm against this change as it additionally modifies installer binary with more data and I believe that this is not the correct way to pass information.

But as far as I understand you can't find any alternative solution and I won't block this PR. I can only suggest that please ensure that the checksum values of the modified binary must be same with the data in the sha256sum file.

@ardaguclu
Copy link
Member

ardaguclu commented Jun 3, 2024

I'd like to note that please be aware that with this change, all the new minor version extraction mechanisms for old major version will be affected. For instance, now new 4.14.z installer binary will be embedded with this information and if this funtionality relies on something in newer release payloads, that causes issues.

@jeffdyoung
Copy link
Contributor Author

I'd like to note that please be aware that with this change, all the new minor version extraction mechanisms for old major version will be affected. For instance, now new 4.14.z installer binary will be embedded with this information and if this funtionality relies on something in newer release payloads, that causes issues.

@ardaguclu For binaries that don't have the _RELEASE_ARCHITECTURE_LOCATION_ marker, oc will throw a warning and not inject this information:

$ ./oc adm release extract --command openshift-install quay.io/openshift-release-dev/ocp-release-nightly@sha256:13b7b2a6b1b93ae93e1dbcbe4a319c31ad2b13cfb59618e4a7ec057cd1dae777 --filter-by-os linux/amd64 --command-os=linux/amd64  
warning: Unable to make all expected replacements in openshift-install.  Remaining: release architecture

Maybe there is a way to inspect the binary for this marker before we try to inject the change tho? 🤔

@ardaguclu
Copy link
Member

ardaguclu commented Jun 3, 2024

I'd like to note that please be aware that with this change, all the new minor version extraction mechanisms for old major version will be affected. For instance, now new 4.14.z installer binary will be embedded with this information and if this funtionality relies on something in newer release payloads, that causes issues.

@ardaguclu For binaries that don't have the _RELEASE_ARCHITECTURE_LOCATION_ marker, oc will throw a warning and not inject this information:

$ ./oc adm release extract --command openshift-install quay.io/openshift-release-dev/ocp-release-nightly@sha256:13b7b2a6b1b93ae93e1dbcbe4a319c31ad2b13cfb59618e4a7ec057cd1dae777 --filter-by-os linux/amd64 --command-os=linux/amd64  
warning: Unable to make all expected replacements in openshift-install.  Remaining: release architecture

That means current status of this PR is causing failures for extractions from older release payloads.

Edited: Assuming that there might be places that returns exit code non-zero, when this warning happens.

Maybe there is a way to inspect the binary for this marker before we try to inject the change tho? 🤔

That looks to me a risky operation comparing to the benefit we are trying to get.

@jeffdyoung
Copy link
Contributor Author

I'd like to note that please be aware that with this change, all the new minor version extraction mechanisms for old major version will be affected. For instance, now new 4.14.z installer binary will be embedded with this information and if this funtionality relies on something in newer release payloads, that causes issues.

@ardaguclu For binaries that don't have the _RELEASE_ARCHITECTURE_LOCATION_ marker, oc will throw a warning and not inject this information:

$ ./oc adm release extract --command openshift-install quay.io/openshift-release-dev/ocp-release-nightly@sha256:13b7b2a6b1b93ae93e1dbcbe4a319c31ad2b13cfb59618e4a7ec057cd1dae777 --filter-by-os linux/amd64 --command-os=linux/amd64  
warning: Unable to make all expected replacements in openshift-install.  Remaining: release architecture

That means current status of this PR is causing failures for extractions from older release payloads.

Maybe there is a way to inspect the binary for this marker before we try to inject the change tho? 🤔

That looks to me a risky operation comparing to the benefit we are trying to get.

It throws a warning, but the binary is intact and operational.
Open to other alternatives to solve this.

@ardaguclu
Copy link
Member

I'd like to note that please be aware that with this change, all the new minor version extraction mechanisms for old major version will be affected. For instance, now new 4.14.z installer binary will be embedded with this information and if this funtionality relies on something in newer release payloads, that causes issues.

@ardaguclu For binaries that don't have the _RELEASE_ARCHITECTURE_LOCATION_ marker, oc will throw a warning and not inject this information:

$ ./oc adm release extract --command openshift-install quay.io/openshift-release-dev/ocp-release-nightly@sha256:13b7b2a6b1b93ae93e1dbcbe4a319c31ad2b13cfb59618e4a7ec057cd1dae777 --filter-by-os linux/amd64 --command-os=linux/amd64  
warning: Unable to make all expected replacements in openshift-install.  Remaining: release architecture

That means current status of this PR is causing failures for extractions from older release payloads.

Maybe there is a way to inspect the binary for this marker before we try to inject the change tho? 🤔

That looks to me a risky operation comparing to the benefit we are trying to get.

It throws a warning, but the binary is intact and operational. Open to other alternatives to solve this.

Have you had a chance to check that when this warning is printed, exit code is still zero?. If that is the case, we can move forward.

@jeffdyoung
Copy link
Contributor Author

Details

Might be hard to see in this output, but the return code is 0:

$ ./oc adm release extract --tools registry.ci.openshift.org/ocp-arm64/release-arm64:4.16.0-0.nightly-arm64-2024-06-03-071524 --command-os darwin/amd64 && echo $?
warning: Unable to make all expected replacements in openshift-install.  Remaining: release architecture0

The tar sha matches as well

$ cat sha256sum.txt 
88f249abc813c522d9fd27d0c2d299facf2e387ad32b267df99de7e3f36ec636  openshift-client-mac-4.16.0-0.nightly-arm64-2024-06-03-071524.tar.gz
52d08375bc062f976e22ffea8c082717e8d01d771abd9d8d4a1d5d8830f81d17  openshift-install-mac-4.16.0-0.nightly-arm64-2024-06-03-071524.tar.gz
dee6027130d79d3cb41aa5d52a3796ebdf33404a78ac47682c7486b740b8a0da  release.txt

$ sha256sum openshift-install-mac-4.16.0-0.nightly-arm64-2024-06-03-071524.tar.gz 
52d08375bc062f976e22ffea8c082717e8d01d771abd9d8d4a1d5d8830f81d17  openshift-install-mac-4.16.0-0.nightly-arm64-2024-06-03-071524.tar.gz

@jeffdyoung jeffdyoung changed the title [WIP] MULTIARCH-4568 Inject ReleaseArch into openshift-install MULTIARCH-4568 Inject ReleaseArch into openshift-install Jun 18, 2024
@openshift-ci openshift-ci bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jun 18, 2024
@jeffdyoung
Copy link
Contributor Author

/retest

@jeffdyoung
Copy link
Contributor Author

/retest

1 similar comment
@jeffdyoung
Copy link
Contributor Author

/retest

@ardaguclu
Copy link
Member

I'd like to get some opinions about this patch from the installer as this modifies the installer binary. WDYT? @zaneb
/retest

@zaneb
Copy link
Member

zaneb commented Jun 24, 2024

The installer team will be able to weigh in on openshift/installer#8515. Assuming that is accepted then we'd want this change as well.

@ardaguclu
Copy link
Member

/lgtm
/retest

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Jun 24, 2024
Copy link
Contributor

openshift-ci bot commented Jun 24, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ardaguclu, jeffdyoung

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jun 24, 2024
@r4f4
Copy link

r4f4 commented Jul 8, 2024

/retitle: MULTIARCH-4568: Inject ReleaseArch into openshift-install

@openshift-ci openshift-ci bot changed the title MULTIARCH-4568 Inject ReleaseArch into openshift-install : MULTIARCH-4568: Inject ReleaseArch into openshift-install Jul 8, 2024
@openshift-ci-robot
Copy link

openshift-ci-robot commented Jul 8, 2024

@jeffdyoung: This pull request references MULTIARCH-4568 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.17.0" version, but no target version was set.

In response to this:

In parallel with: openshift/installer#8515

This is necessary so the installer knows if it is using a single arch payload vs a multi arch payload.
ATM customers can't recognize the difference without having to query the container registry.
This is also the first step to enable deploying clusters with ARM control planes and x86 compute nodes (and vice versa)
https://issues.redhat.com/browse/MULTIARCH-4567

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Jul 8, 2024
@openshift-ci-robot
Copy link

/retest-required

Remaining retests: 0 against base HEAD 639f714 and 2 for PR HEAD e77658e in total

Copy link
Contributor

openshift-ci bot commented Jul 8, 2024

@jeffdyoung: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@openshift-merge-bot openshift-merge-bot bot merged commit a2e5b09 into openshift:master Jul 8, 2024
13 checks passed
@openshift-bot
Copy link
Contributor

[ART PR BUILD NOTIFIER]

This PR has been included in build openshift-enterprise-cli-container-v4.17.0-202407090112.p0.ga2e5b09.assembly.stream.el9 for distgit openshift-enterprise-cli.
All builds following this will include this PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. lgtm Indicates that a PR is ready to be merged.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants