Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OCPBUGS-947: Rebase openshift/etcd 4.11 onto 3.5.5 #155

Conversation

tjungblu
Copy link

This was rebased with:

git rebase --rebase-merges --fork-point v3.5.3 v3.5.5
git merge openshift/openshift-4.11

same as #144

liggitt and others added 30 commits April 15, 2022 15:33
When clients have no permission to perform whatever operation, then
the applying may fail. We should also move consistent_index forward
in this case, otherwise the consitent_index may smaller than the
snapshot index.
…_353

[3.5] Update consitent_index when applying fails
Update crypto to address CVE-2022-27191.

The CVE fix is added in 0.0.0-20220315160706-3147a52a75dd but this
change updates to latest.
we found a lease leak issue:
if a new member(by member add) is recovered by snapshot, and then
become leader, the lease will never expire afterwards. leader will
log the revoke failure caused by "invalid auth token", since the
token provider is not functional, and drops all generated token
from upper layer, which in this case, is the lease revoking
routine.
[backport 3.5]: server/auth: enable tokenProvider if recoved store enables auth
This PR removes additional clone when building artifacts.

When releasing v3.5.4 this clone was main cause of issues and
confusion about what release script is doing.

release.sh script already clones repo in /tmp/ directory, so clonning
before build is not needed. As precautions for bug in script leaving
/tmp/ clone in bad state  I moved "Verify the latest commit has the
version tag" and added "Verify the clean working tree" to be always run
before build.
[release-3.5] scripts: Avoid additional repo clone
The first bug fix is to resolve the race condition between goroutine
and channel on the same leases to be revoked. It's a classic mistake
in using Golang channel + goroutine. Please refer to
https://go.dev/doc/effective_go#channels

The second bug fix is to resolve the issue that etcd lessor may
continue to schedule checkpoint after stepping down the leader role.
[3.5] Backport two lease related bug fixes to 3.5
The FileReader interface is the wrapper of io.Reader. It provides
the fs.FileInfo as well. The FileBufReader struct is the wrapper of
bufio.Reader, it also provides fs.FileInfo.

Signed-off-by: Benjamin Wang <[email protected]>
…file

Currently the max size of each WAL entry is hard coded as 10MB. If users
set a value > 10MB for the flag --max-request-bytes, then etcd may run
into a situation that it successfully processes a big request, but fails
to decode it when replaying the WAL file on startup.

On the other hand, we can't just remove the limitation, because if a
WAL entry is somehow corrupted, and its recByte is a huge value, then
etcd may run out of memory. So the solution is to restrict the max size
of each WAL entry as a dynamic value, which is the remaining size of
the WAL file.

Signed-off-by: Benjamin Wang <[email protected]>
[3.5] Restrict the max size of each WAL entry to the remaining size of the WAL file
Cherry pick the PR etcd-io#12992
to 3.5, so please refer to the original PR for more detailed info.

Signed-off-by: Benjamin Wang <[email protected]>
[3.5] client/v3: do not overwrite authTokenBundle on dial
Make sure that WithPrefix correctly set the flag, and add test.
Also, add test for WithFromKey.

fixes etcd-io#14056

Signed-off-by: Sahdev Zala <[email protected]>
…-#14182-upstream-release-3.5

Automated cherry pick of etcd-io#14182
The golang buildin package `flag` doesn't support `uint32` data
type, so we need to support it via the `flag.Var`.

Signed-off-by: Benjamin Wang <[email protected]>
…each client can open at a time

Also refer to etcd-io#14169 (comment)

Signed-off-by: Benjamin Wang <[email protected]>
[3.5] Support configuring `MaxConcurrentStreams` for http2
@openshift-ci-robot openshift-ci-robot added the jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. label Oct 10, 2022
@openshift-ci
Copy link

openshift-ci bot commented Oct 10, 2022

@tjungblu: No Bugzilla bug is referenced in the title of this pull request.
To reference a bug, add 'Bug XXX:' to the title of this pull request and request another bug refresh with /bugzilla refresh.

In response to this:

OCPBUGS-947: Rebase openshift/etcd 4.11 onto 3.5.5

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci-robot openshift-ci-robot added the bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. label Oct 10, 2022
@openshift-ci-robot
Copy link

@tjungblu: This pull request references Jira Issue OCPBUGS-947, which is valid. The bug has been moved to the POST state.

6 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target version (4.11.z) matches configured target version for branch (4.11.z)
  • bug is in the state New, which is one of the valid states (NEW, ASSIGNED, POST)
  • dependent bug Jira Issue OCPBUGS-861 is in the state Verified, which is one of the valid states (VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE))
  • dependent Jira Issue OCPBUGS-861 targets the "4.12.0" version, which is one of the valid target versions: 4.12.0
  • bug has dependents

The bug has been updated to refer to the pull request using the external bug tracker.

In response to this:

This was rebased with:

git rebase --rebase-merges --fork-point v3.5.3 v3.5.5
git merge openshift/openshift-4.11

same as #144

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@tjungblu
Copy link
Author

/retest-required

@tjungblu
Copy link
Author

/payload 4.11 nightly blocking

@openshift-ci
Copy link

openshift-ci bot commented Oct 10, 2022

@tjungblu: trigger 7 job(s) of type blocking for the nightly release of OCP 4.11

  • periodic-ci-openshift-release-master-nightly-4.11-e2e-aws-upgrade
  • periodic-ci-openshift-release-master-nightly-4.11-e2e-aws-serial
  • periodic-ci-openshift-release-master-ci-4.11-e2e-azure-ovn-upgrade
  • periodic-ci-openshift-release-master-ci-4.11-upgrade-from-stable-4.10-e2e-gcp-ovn-rt-upgrade
  • periodic-ci-openshift-release-master-nightly-4.11-e2e-metal-ipi-bm
  • periodic-ci-openshift-release-master-nightly-4.11-e2e-metal-ipi-ovn-ipv6
  • periodic-ci-openshift-release-master-nightly-4.11-e2e-metal-ipi-serial-ipv4

See details on https://pr-payload-tests.ci.openshift.org/runs/ci/a141ca40-488f-11ed-9818-9f439b196fe6-0

@tjungblu
Copy link
Author

/retest-required

@dusk125
Copy link

dusk125 commented Oct 10, 2022

/approve

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Oct 10, 2022
@tjungblu
Copy link
Author

/retest-required

1 similar comment
@tjungblu
Copy link
Author

/retest-required

@hasbro17
Copy link

/label backport-risk-assessed
/lgtm
/retest-required

@openshift-ci openshift-ci bot added the backport-risk-assessed Indicates a PR to a release branch has been evaluated and considered safe to accept. label Oct 10, 2022
@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Oct 10, 2022
@openshift-ci
Copy link

openshift-ci bot commented Oct 10, 2022

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dusk125, hasbro17, tjungblu

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci
Copy link

openshift-ci bot commented Oct 10, 2022

@tjungblu: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@tjungblu
Copy link
Author

@geliu2016 do you have some capacity left to CPA here?

@geliu2016
Copy link

/label cherry-pick-approved

@openshift-ci openshift-ci bot added the cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. label Oct 12, 2022
@openshift-merge-robot openshift-merge-robot merged commit 53284bc into openshift:openshift-4.11 Oct 12, 2022
@openshift-ci-robot
Copy link

@tjungblu: All pull requests linked via external trackers have merged:

Jira Issue OCPBUGS-947 has been moved to the MODIFIED state.

In response to this:

This was rebased with:

git rebase --rebase-merges --fork-point v3.5.3 v3.5.5
git merge openshift/openshift-4.11

same as #144

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@tjungblu tjungblu deleted the rebase-3.5.5-forkpoint-4.11 branch October 24, 2022 10:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. backport-risk-assessed Indicates a PR to a release branch has been evaluated and considered safe to accept. bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. lgtm Indicates that a PR is ready to be merged.
Projects
None yet
Development

Successfully merging this pull request may close these issues.