Bug 1956485: bump RHCOS 4.6 boot images

[miabbott]

This boot image bump for RHCOS 4.6 fixes the following BZs:

1956491 - CVE-2021-3114 ignition: golang: crypto/elliptic: incorrect operations on the P-224 curve
1960750 - RHCOS PXE deployment script coreos-livepxe-rootfs randomly fails to download and verify the image with bonding LACP active-active

Additionally, this includes the AMI published to the ap-northeast-3
(Osaka) region.

46.82.202106161040-0 amd64
46.82.202106162140-0 ppc64le
46.82.202106161139-0 s390x

[openshift-ci]

@miabbott: This pull request references Bugzilla bug 1956485, which is invalid:

• expected dependent Bugzilla bug 1956480 to target a release in 4.7.0, 4.7.z, but it targets "4.8.0" instead

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

Details

In response to this:

Bug 1956485: bump RHCOS 4.6 boot images

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[miabbott]

/bugzilla refresh

[openshift-ci]

@miabbott: This pull request references Bugzilla bug 1956485, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker.

6 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target release (4.6.z) matches configured target release for branch (4.6.z)
• bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)
• dependent bug Bugzilla bug 1956483 is in the state VERIFIED, which is one of the valid states (VERIFIED, RELEASE_PENDING, CLOSED (ERRATA), CLOSED (CURRENTRELEASE))
• dependent Bugzilla bug 1956483 targets the "4.7.z" release, which is one of the valid target releases: 4.7.0, 4.7.z
• bug has dependents

Requesting review from QA contact:
/cc @mike-nguyen

Details

In response to this:

/bugzilla refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[miabbott]

/assign @dustymabe

[miabbott]

/retest

[miabbott]

@staebler the verify-codegen job is failing because I have an entry for ap-northeast-3 in the JSON. Should we /hold this PR until the changes to support any AWS region are backported to 4.6?

[dustymabe]

/lgtm

I assume this was generated with a tool I'm not supposed to go through and check each ID/checksum.

[dustymabe]

kind of cool (interesting) this size stayed the exact same.

[dustymabe]

/assign @wking

[miabbott]

/retest

[thegreyd]

/retest

[miabbott]

@staebler the verify-codegen job is failing because I have an entry for ap-northeast-3 in the JSON. Should we /hold this PR until the changes to support any AWS region are backported to 4.6?

@staebler could you weigh in on this?

[patrickdillon]

@staebler the verify-codegen job is failing because I have an entry for ap-northeast-3 in the JSON. Should we /hold this PR until the changes to support any AWS region are backported to 4.6?

It looks like you are just missing some generated code. You can amend your commit with the code generated from go generate ./pkg/rhcos/ami.go and it should pass. You can test locally with ./hack/verify-codegen.sh

[miabbott]

/restest

[miabbott]

/retest

[patrickdillon]

/approve

[miabbott]

@dustymabe need another /lgtm on this

[dustymabe]

/lgtm

[miabbott]

Trying to grab some likely folks from https://github.com/openshift/installer/blob/release-4.6/OWNERS_ALIASES#L4-L10 (which kind of seems out-of-date IMO)

/assign @sdodson
/assign @wking

[sdodson]

/approve

[sdodson]

/retest-required

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dustymabe, patrickdillon, sdodson

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [sdodson]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

@miabbott: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Rerun command
ci/prow/e2e-aws-workers-rhel7	51eb47c	link	/test e2e-aws-workers-rhel7

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[sdodson]

/override ci/prow/e2e-vsphere-upi
The installation completed.

[openshift-ci]

@sdodson: Overrode contexts on behalf of sdodson: ci/prow/e2e-vsphere-upi

Details

In response to this:

/override ci/prow/e2e-vsphere-upi
The installation completed.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[miabbott]

e2e-vsphere-upi has been majority red over the last 60 runs of the job. This PR hasn't affected that test.

One thing that jumps out immediately is that we are hitting the Docker rate limit all over the place:

error: tag latest failed: Internal error occurred: docker.io/library/busybox:latest: toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit

I found some references to how this has been changed for some tests but not all for 4.6 - https://bugzilla.redhat.com/show_bug.cgi?id=1963999#c5 -> openshift/origin#25721 (comment)

e2e-aws-workers-rhel7 has also been majority red/yellow over the last 60 runs of the job.

I found a BZ for the failure it is hitting which claims it was fixed - https://bugzilla.redhat.com/show_bug.cgi?id=1940392

...but seems like it is another style of failure here?

Filed a new BZ - https://bugzilla.redhat.com/show_bug.cgi?id=1982795

[sdodson]

There's a PR out there to fix the docker hub pull limits. I'll see if I can push that forward.

[sdodson]

openshift/origin#26256 is the effort to switch from docker hub but it's massive and having a difficult time finding someone willing to review.

[openshift-ci]

@miabbott: All pull requests linked via external trackers have merged:

• openshift/installer#5011

Bugzilla bug 1956485 has been moved to the MODIFIED state.

Details

In response to this:

Bug 1956485: bump RHCOS 4.6 boot images

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.