Create machine_config_to_ignition #2960
Conversation
openshift-ci
bot
added
do-not-merge/work-in-progress
| type OriginFile struct { | ||
| Packages []string `yaml:"packages"` | ||
| OverrideRemove []string `yaml:"override-remove"` | ||
| } | ||
|
|
||
| func (originFile OriginFile) isEmpty() bool { | ||
| return len(originFile.Packages) == 0 && len(originFile.OverrideRemove) == 0 | ||
| } | ||
|
|
||
| func (originFile OriginFile) toIgnFile(allowCompression bool) (ign3types.File, error) { | ||
| treeFileContents, err := yaml.Marshal(originFile) | ||
| if err != nil { | ||
| return ign3types.File{}, fmt.Errorf("failed to marshal extensions as yaml: %w", err) | ||
| } | ||
| fullYamlContents := append([]byte("# Generated by the MCO\n\n"), treeFileContents...) | ||
| src, gzipped, err := baseutil.MakeDataURL(fullYamlContents, nil, allowCompression) | ||
| if err != nil { | ||
| return ign3types.File{}, fmt.Errorf("could not encode extensions file: %w", err) | ||
| } | ||
| hash := sha256.New() | ||
| hash.Write([]byte(src)) | ||
| sha := hex.EncodeToString(hash.Sum(nil))[0:7] | ||
| file := ign3types.File{ | ||
| Node: ign3types.Node{ | ||
| Path: "/etc/rpm-ostree/origin.d/extensions-" + sha + ".yaml", | ||
| }, | ||
| FileEmbedded1: ign3types.FileEmbedded1{ | ||
| Contents: ign3types.Resource{ | ||
| Source: util.StrToPtr(src), | ||
| }, | ||
| Mode: util.IntToPtr(0644), | ||
| }, | ||
| } | ||
| if gzipped { | ||
| file.Contents.Compression = util.StrToPtr("gzip") | ||
| } | ||
|
|
||
| return file, nil | ||
| } |
There was a problem hiding this comment.
@jmarrero @jlebon this is mostly just copy pasted from @jmarrero 's code, but I did tweak it to allow OverrideRemove.
- Is there somewhere we could move this to that both the MCO and Butane could use? Seems like "create an Ignition file with the first 8 characters of the hash of its contents added to its path" is not a very clean API. Maybe I just need to get over that for now 😂
- Is this correct syntax for override-remove?
There was a problem hiding this comment.
- I'm using github.com/coreos/butane/base/util and github.com/coreos/ignition/v2/config/util, is that okay? On a related note, I wonder if some Ignition helpers should be moved to a lib? Eg the MCO has helpers like https://github.com/openshift/machine-config-operator/blob/master/test/helpers/helpers.go#L155. That helper uses EncodeBytes from github.com/vincent-petithory/dataurl while the Butane code is using baseutil.MakeDataURL. Which is leading to different encodings being used, which I ran into when writing the unit tests
There was a problem hiding this comment.
- The reason I used a SHA with the first characters is trying to mimic how github shows commits. The SHA is not really important the important part is that the filename is unique and reproducible. If the MCO is doing something similar somewhere else or have a better approach it's ok to change it. rpm-ostree does not care about the filename. I am not sure if there is a good place to put shared code or if this is big enough to put in a library of sorts.
There was a problem hiding this comment.
There was a problem hiding this comment.
Re. 2, override-remove is not supported yet in the CoreOS layering flow, but I'm working on it! :)
There was a problem hiding this comment.
related coreos/rpm-ostree#3364
There was a problem hiding this comment.
Chatted with @mkenigs about this too. Generating a Butane fragment and then rendering that seems fine, but personally my vote is to keep those ~30 duplicated lines here for now as we iterate on getting something working and add a TODO we can circle back to. Once we gain more confidence in how everything is connected, we can start looking at optimizing and deduping things.
There was a problem hiding this comment.
Just to xref, #2976 is going to update our butane vendoring, which would unblock the choice to either generate Butane directly, or expose a Go API in butane.
|
/assign @jkyros @yuqi-zhang |
|
|
||
| // MCDContent | ||
| type MCDContent struct { |
There was a problem hiding this comment.
Is factoring this out worth the churn? Also what do we want to call this? There's a chance we may even drop it depending on the outcome of https://issues.redhat.com/browse/MCO-193
There was a problem hiding this comment.
I think I'd vote not to do the churn on this now.
There was a problem hiding this comment.
Dropped that commit but did move that struct to machine_config_to_ignition.go
mkenigs
force-pushed
the
translate-184
branch
from
3cda441 to
3eeb95d
Compare
mkenigs
force-pushed
the
translate-184
branch
2 times, most recently
from
c68ecfc to
513653e
Compare
openshift-ci
bot
added
the
needs-rebase
openshift-ci
bot
added
the
do-not-merge/work-in-progress
openshift-ci
bot
removed
the
needs-rebase
openshift-ci
bot
removed
the
do-not-merge/work-in-progress
|
Not sure if we want to wait for #2976, but I think this should be ready to go into |
openshift-ci
bot
added
the
do-not-merge/work-in-progress
|
Commits from #2976 fix the unit test this is currently breaking due to Ignition version bump |
openshift-ci
bot
added
the
needs-rebase
openshift-ci
bot
removed
the
do-not-merge/work-in-progress
|
Should be good to go now that #2976 is in |
| "gopkg.in/yaml.v3" | ||
| ) | ||
|
|
||
| const MCDContentPath = "/etc/machine-config-daemon/mcd_content.json" |
There was a problem hiding this comment.
This one definitely deserves a comment. It seems strongly related to
MachineConfigEncapsulatedPath = "/etc/ignition-machine-config-encapsulated.json"
In fact, any reason not to make them the same?
There was a problem hiding this comment.
I'm not familiar with how that path is used but it appears to be used to signal completion of firstboot: https://github.com/openshift/machine-config-operator/blob/master/pkg/daemon/daemon.go#L614
Could also potentially deduplicate some code with appendEncapsulated
I was keeping everything separate so we don't break anything but can combine if that makes more sense
There was a problem hiding this comment.
See #868 - the commit message there tries to explain this
Anyways though...I think you're right that because this file is involved in special "firstboot" semantics, perhaps we should use a separate one to be safer.
| const MCDContentPath = "/etc/machine-config-daemon/mcd_content.json" | ||
|
|
||
| type MCDContent struct { | ||
| KernelArguments []string `json:"kernelArguments"` |
There was a problem hiding this comment.
Worth noting that this exists in Ignition 3.3, and then if we agreed on coreos/ignition#1323 ...the need for this would entirely go away.
So...hmm, I am not sure where we are on an update to Ignition spec 3.3. It may actually block on newer bootimages 😢
There was a problem hiding this comment.
Is that worth creating a card or something?
| } | ||
|
|
||
| // KernelType | ||
| if ctrlcommon.CanonicalizeKernelType(mcSpec.KernelType) == ctrlcommon.KernelTypeRealtime { |
There was a problem hiding this comment.
Feels like this one should be a switch or so and we explicitly no-op on the default kernel type? But not a blocker.
There was a problem hiding this comment.
Fixed, should I return err for default?
|
/approve |
openshift-ci
bot
added
the
approved
|
/hold |
openshift-ci
bot
added
the
do-not-merge/hold
|
/hold cancel |
openshift-ci
bot
removed
the
do-not-merge/hold
|
@cgwalters made changes according to your suggestions, can you re-approve? |
|
Also left some responses to your comments above |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: cgwalters, jkyros, mkenigs The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
@mkenigs: The following tests failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
Closes https://issues.redhat.com/browse/MCO-184