Bug 1781708: templates/container-storage: Add a "this is generated" note

[cgwalters]

It's identical between master/worker, so move it into the
common pool.

Just a cleanup while looking at
#1319

---

templates/container-storage: Add a "this is generated" note

This is a best practice, and particularly in this case
when we're intending to modify a config file, it can't be identical
to the shipped version.

This avoids having libostree replace it with a newer version.

Closes: #1319

[cgwalters]

If my theory is correct, then in this PR what I'll do is add a second commit which adds a dummy comment like # Generated from the Machine Config Operator's containerruntimeconfig - that will mark the file as modified and libostree won't replace it with a new default.

[cgwalters]

/test verify
/test unit
/test images

[cgwalters]

Now with a new 🆕 commit which should fix the bug.
And hopefully CI is fixed now (some errors were unrelated).

[cgwalters]

Just logged into the cluster spun up by that e2e-aws and things are looking good there so far!

walters@toolbox ~/s/g/o/ostree> oc get machineconfigpool
NAME     CONFIG                                             UPDATED   UPDATING   DEGRADED   MACHINECOUNT   READYMACHINECOUNT   UPDATEDMACHINECOUNT   DEGRADEDMACHINECOUNT   AGE
master   rendered-master-5497b82f2b60d6a6e17bd16345e22dc1   True      False      False      3              3                   3                     0                      9m53s
worker   rendered-worker-4fe1fc25bc80ac51a692798946497e92   True      False      False      3              3                   3                     0                      9m53s

[cgwalters]

I just want to say it's pretty awesome that we're fixing a critical bug by adding a comment.

Funny enough, this bug is effectively the inverse of https://src.fedoraproject.org/rpms/selinux-policy/pull-request/2

[vrutkovs]

Clean install works, but gcp-upgrade still fails - not sure why though, I expected this to resolve upgrades as well

[cgwalters]

I think if the current release payload is broken, then upgrades can't pass. Let's retry once, but if it still fails I think we should pull out the /override 🔨 .
/test e2e-gcp-upgrade

[cgwalters]

One mystery here is how we got into a situation where the promoted payload cause this issue.

[kikisdeliveryservice]

Looking here it seems as tho it's failing bc of the storage.conf thing:
https://storage.googleapis.com/origin-ci-test/pr-logs/pull/openshift_machine-config-operator/1320/pull-ci-openshift-machine-config-operator-master-e2e-gcp-upgrade/605/artifacts/e2e-gcp-upgrade/pods/openshift-machine-config-operator_machine-config-daemon-4wfbw_machine-config-daemon.log

If that's that case we can either hold this until that is resolved (since this isn't emergency) or merge it bc it helps solve that (which doesn't seemlike that case?)

[vrutkovs]

IIUC the broken machine-os-content never got promoted to .ci (https://openshift-release.svc.ci.openshift.org/ 4.3.0.0.ci broken for ~5 days), but CI tests compose latest release from latest tags, so it attempts to update from a broken payload to a "fixed" payload. I assumed this would fix it too, not quite sure why it doesn't.

Perhaps its MCD on the host not being updated (this requires a new MCD RPM with this PR)?

[cgwalters]

If that's that case we can either hold this until that is resolved (since this isn't emergency)

The storage.conf conflict is exactly what this PR is addressing. Note this one passed e2e-aws, but other PRs on master aren't.

but CI tests compose latest release from latest tags, so it attempts to update from a broken payload to a "fixed" payload.

Hmm. Oh, wait, so CI runs are also pulling in the latest machine-os-content that's tagged, but before promotion? That seems like a bug if so.

Anyways, I want to more fully outline how this bug occurred. First, libostree has a semantic for config files shared with dpkg/rpm and other OS update systems in general, which is "keep modified config files, replace with latest version otherwise".

We previously tried to replace the file with its default version (i.e. a no-op), and that worked OK because the new version was the same thing.

But the MCD will validate that it's in its expected state, and as soon as we do an OS upgrade to a file with a different default version (which libostree will use because it didn't see it as modified locally), the MCD will fail validation.

Here we're just adding a comment to flag the file as modified and ensure that our version always wins, regardless of what changes in the package.

(Now we should also stop overwriting the package version and merge our changes, but that's a separate bug)

We need to backport this probably as far back as 4.2 or maybe even 4.1 - otherwise it's a time bomb waiting to bite whenever podman is updated in those streams.

(And we go degraded rather than just replacing the file with what we expect to avoid reboot loops which wouldn't occur in this case, but did in the past with multiple components writing to a config file)

[cgwalters]

I think the upgrade is failing because we need this PR backported to older branches too.

So, someone mind validating what I'm saying here and then dropping the /override e2e-gcp-upgrade (and a /lgtm) ?

[kikisdeliveryservice]

So I'm pretty sure this is failing in bootstrap (as always) bc the bootstrap version wouldn't have the changes the PR has it would be upgrading to this version. (ie a cluster comes up without images from this PR and then upgrades to this PR image). It will always fail until the fix is merged and future prs would be upgrading from the version with the fix. Right?

[kikisdeliveryservice]

Ok double checked my e2e understanding and yes: cluster comes up -> upgrades to image with PR's changes -> runs e2e. This PR is still getting stuck in the initial bootstrap (exactly how/where all the other e2e runs were failing before this PR) bc it doesn't have the fix. So talked to Colin and will override.

/lgtm

[openshift-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: cgwalters, kikisdeliveryservice

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [cgwalters,kikisdeliveryservice]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[kikisdeliveryservice]

/override ci/prow/e2e-gcp-upgrade

[openshift-ci-robot]

@kikisdeliveryservice: Overrode contexts on behalf of kikisdeliveryservice: ci/prow/e2e-gcp-upgrade

Details

In response to this:

/override ci/prow/e2e-gcp-upgrade

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[openshift-ci-robot]

@cgwalters: The following test failed, say /retest to rerun them all:

Test name	Commit	Details	Rerun command
ci/prow/e2e-gcp-upgrade	46c4e27	link	/test e2e-gcp-upgrade

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[vrutkovs]

/cherry-pick release-4.3

[openshift-cherrypick-robot]

@vrutkovs: new pull request created: #1322

Details

In response to this:

/cherry-pick release-4.3

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[vrutkovs]

/cherry-pick release-4.2

[openshift-cherrypick-robot]

@vrutkovs: new pull request created: #1323

Details

In response to this:

/cherry-pick release-4.2

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[vrutkovs]

/cherry-pick release-4.1

[openshift-cherrypick-robot]

@vrutkovs: new pull request created: #1324

Details

In response to this:

/cherry-pick release-4.1

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[cgwalters]

/cherrypick release-4.3

[openshift-cherrypick-robot]

@cgwalters: failed to push cherry-picked changes in GitHub: pushing failed, output: "To https://github.com/openshift-cherrypick-robot/machine-config-operator\n ! [rejected] cherry-pick-1320-to-release-4.3 -> cherry-pick-1320-to-release-4.3 (non-fast-forward)\nerror: failed to push some refs to 'https://openshift-cherrypick-robot:[email protected]/openshift-cherrypick-robot/machine-config-operator'\nhint: Updates were rejected because the tip of your current branch is behind\nhint: its remote counterpart. Integrate the remote changes (e.g.\nhint: 'git pull ...') before pushing again.\nhint: See the 'Note about fast-forwards' in 'git push --help' for details.\n", error: exit status 1

Details

In response to this:

/cherrypick release-4.3

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[cgwalters]

Oh nice thanks vrutkovs!

[vrutkovs]

/retitle Bug 1781708: templates/container-storage: Add a "this is generated" note

[openshift-ci-robot]

@cgwalters: Bugzilla bug 1781708 is in an unrecognized state (MODIFIED) and will not be moved to the MODIFIED state.

Details

In response to this:

Bug 1781708: templates/container-storage: Add a "this is generated" note

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[vrutkovs]

/bugzilla refresh

[openshift-ci-robot]

@vrutkovs: All pull requests linked via external trackers have merged. Bugzilla bug 1781708 has been moved to the MODIFIED state.

Details

In response to this:

/bugzilla refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[vrutkovs]

/cherry-pick fcos

[openshift-cherrypick-robot]

@vrutkovs: new pull request created: #1372

Details

In response to this:

/cherry-pick fcos

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.