check if the containers' image is downstream #23185
Conversation
openshift-ci-robot
added
the
size/M
|
/test verify |
1 similar comment
|
/test verify |
bparees
left a comment
bparees
left a comment
There was a problem hiding this comment.
couple nits, otherwise lgtm.
test/extended/operators/images.go
Outdated
| // log for debugging output before we ultimately fail | ||
| e2e.Logf("Pods found with invalid container images not present in release payload: %s", strings.Join(invalidPodContainerImages.List(), "\n")) | ||
| e2e.Logf("Pods found with invalid container image pull policy not equal to IfNotPresent: %s", strings.Join(invalidPodContainerImagePullPolicy.List(), "\n")) | ||
| e2e.Logf("Pods with invaild dowstream images: %s", strings.Join(invalidPodContainerDownstreamImages.List(), "\n")) |
test/extended/operators/images.go
Outdated
| e2e.Failf("Pods found with invalid container image pull policy not equal to IfNotPresent: %s", strings.Join(invalidPodContainerImagePullPolicy.List(), "\n")) | ||
| } | ||
| if len(invalidPodContainerDownstreamImages) > 0 { | ||
| e2e.Failf("Pods with invaild dowstream images: %s", strings.Join(invalidPodContainerDownstreamImages.List(), "\n")) |
|
/approve |
openshift-ci-robot
added
the
approved
jianzhangbjz
force-pushed
the
downstream-olm
branch
from
0bd6063 to
7f31f3d
Compare
|
@bparees Many thanks! I have fixed it and |
| continue | ||
| } | ||
| e2e.Logf("Image relase info:%s", result) | ||
| if !strings.Contains(result, "Red Hat Enterprise Linux Server") { |
There was a problem hiding this comment.
Not supporting RHEL CoreOS based images ?
There was a problem hiding this comment.
Not for now, I guess the release images have not based on the RHCOS yet. Correct me if I'm wrong. What do you think?@vikaslaad
There was a problem hiding this comment.
the images this would be checking are all UBI based and I'd expect them to continue to be.
There was a problem hiding this comment.
Inferring from @smarterclayton - will this continue to be the case if we run OKD CI and with Fedora CoreOS as the base?
There was a problem hiding this comment.
fedora coreos would be the base for the nodes, not the container images which i would expect to continue to be UBI based. I'm not aware of any plans for a fedora equivalent of the UBI.
There was a problem hiding this comment.
@bparees I'm sorry, what're the checkpoints of UBI based images? Do we have any special label when running UBI images?
There was a problem hiding this comment.
we only run ubi images, there are no other images.
There was a problem hiding this comment.
@bparees I guess checking the output of $ cat /etc/redhat-release is enough for identifying the UBI images, what do you think?
There was a problem hiding this comment.
@jianzhangbjz i think it's fine for now, if it becomes a problem we can always revisit it.
test/extended/util/cli.go
Outdated
| } | ||
|
|
||
| // Run command without extra args | ||
| func (c *CLI) RunWithoutGlobalArgs(commands ...string) *CLI { |
There was a problem hiding this comment.
did you have to introduce this because Run appends --config and --namespace after the other args? If so, why not fix Run to append commands after the --config and --namespace instead of introducing a new function?
There was a problem hiding this comment.
The Run function will add the --config=xxx/--namespace=xxx on the end of the command. But, it inappropriate for some commands, for example, oc exec -n openshift-apiserver-operator openshift-apiserver-operator-59487cc4bf-7ws9q -c openshift-apiserver-operator -- cat /etc/redhat-release.
And, I also thought to change the Run function, but as you know, Golang doesn't support the default arguments. I worried the changes will impact other old invoking. So, I create a new one.
Or we can change the Run function to add --config=xxx/--namespace=xxx args at the begining of the commands. What do you suggest?
There was a problem hiding this comment.
i would expect that adding it to the beginning should be fine and if it breaks a test it should be caught in CI as part of your PR.
There was a problem hiding this comment.
Ok, thanks! I will modify the Run function instead of creating a new one.
There was a problem hiding this comment.
@jianzhangbjz An aspect is the ubi base image have enabled some ubi repo by default.
sh-4.2$ yum repolist
repo id repo name status
ubi-7/x86_64 Red Hat Universal Base Image 7 Server (RPMs) 832
ubi-7-optional/x86_64 Red Hat Universal Base Image 7 Server - Optional (RPMs) 18
ubi-7-rhah/x86_64 Red Hat Universal Base Image Atomic Host (RPMs) 3
ubi-7-rhscl/x86_64 Red Hat Software Collections for Red Hat Universal Base Image 7 Server (RPMs)
|
@jianzhangbjz @bparees I'm sorry, I'm lacking context for what this is trying to accomplish, and can't quickly infer it from the code. When would this run, and what is it comparing to determine there's a mismatch between upstream and downstream? (What is the source of truth?) I'm not sure it's relevant but there's a much-delayed effort to ensure consistency between upstream and downstream config: openshift/ci-operator-prowgen#121 |
i don't think it's comparing up/downstream. My assumptoin is that it's just trying to ensure all our images are UBI-rhel based, which today they should be. (and even w/ OKD i'm anticipating this will still be true) |
|
@bparees I guess some images in OKD are based on |
Are you referring to things like the ruby/jenkins/python/mongodb/etc type images? None of our product/infra images should be centos-based. so as long as you scope the pods you're checking to the openshift* type namespaces, it should not be a problem. If you're seeing some failures due to containers using centos images, let's look at them specifically and decide the right approach. |
|
@bparees Got it, thanks! Could you help review this PR and add the |
|
/retest |
|
let's see if we can get passing tests first... (probably failed due to the CI issues, but i don't want to leave this retrying indefinitely if it's fundamentally broken). /retest |
|
failures look unrelated to this pr. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
5 similar comments
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/hold
Ben Parees | OpenShift
…On Sun, Jun 30, 2019, 06:34 OpenShift Bot ***@***.***> wrote:
/retest
Please review the full test history
<https://openshift-gce-devel.appspot.com/pr/23185> for this PR and help
us cut down flakes.
—
You are receiving this because you were assigned.
Reply to this email directly, view it on GitHub
<#23185?email_source=notifications&email_token=ABF6LXRKPDUTW4POWV3CR2DP5CD2PA5CNFSM4HYRCB6KYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODY4JQKQ#issuecomment-507025450>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ABF6LXRP3TSH235OINC2K63P5CD2PANCNFSM4HYRCB6A>
.
|
openshift-ci-robot
added
the
do-not-merge/hold
|
appears to be failing due to https://bugzilla.redhat.com/show_bug.cgi?id=1725478 will unhold when that is resolved, until then this won't be able to merge. |
|
/hold cancel |
openshift-ci-robot
removed
the
do-not-merge/hold
|
/retest Please review the full test history for this PR and help us cut down flakes. |
4 similar comments
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
openshift-ci-robot
added
the
needs-rebase
jianzhangbjz
force-pushed
the
downstream-olm
branch
from
eabe8b7 to
e32900f
Compare
openshift-ci-robot
removed
lgtm
|
Rebase it to solve the conflicts, could you help add the |
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: bparees, jianzhangbjz The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
FYI this test is extremely unstable (for example #24305). I am going to disable it. |
|
@p0lyn0mial for any test you disable please create a BZ to track getting it re-enabled. |
|
@p0lyn0mial also please link to the failing job, not your PR, to illustrate the issue. |
10 participants
For now, we have to check if these images are downstream for each sub-team. I have intended to check the
imagelabels, but I didn't find the related options. So, I added related checks steps in here. I'm not sure if it's appropriate for upstream. @sosiouxme @vikaslaad Could you help take a review? Thanks! cc: @scolange @bandrade @cuipinghuo @chengzhang1016 @dongboyan77 @zihantang-rh @emmajiafan