[release-4.4] crio: Add explicit paths for configuration settings

[mrunalp]

There is a window during machine set scale up where a 1.14 crio
uses this configuration and it doesn't understand these empty
settings. Restoring the settings back to full paths till
we also update the boot image for machine sets as part of updates.

Signed-off-by: Mrunal Patel [email protected]

Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1829642

- What I did
Restore some crio settings to older values to make them forward compatible with older crio versions.

- How to verify it
Test that cri-o 4.2 can still understand the default rendered 4.4 crio.conf.

- Description for the changelog
Add back explicit path for settings to be forwards compatible with older crio versions.

[openshift-ci-robot]

@mrunalp: No Bugzilla bug is referenced in the title of this pull request.
To reference a bug, add 'Bug XXX:' to the title of this pull request and request another bug refresh with /bugzilla refresh.

Details

In response to this:

[4.4] crio: Add explicit paths for configuratoin settings

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[openshift-ci-robot]

@mrunalp: No Bugzilla bug is referenced in the title of this pull request.
To reference a bug, add 'Bug XXX:' to the title of this pull request and request another bug refresh with /bugzilla refresh.

Details

In response to this:

[release-4.4] Bug 1829642 crio: Add explicit paths for configuratoin settings

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[kikisdeliveryservice]

/bugzilla refresh

[openshift-ci-robot]

@kikisdeliveryservice: No Bugzilla bug is referenced in the title of this pull request.
To reference a bug, add 'Bug XXX:' to the title of this pull request and request another bug refresh with /bugzilla refresh.

Details

In response to this:

/bugzilla refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[openshift-ci-robot]

@mrunalp: This pull request references Bugzilla bug 1829642, which is invalid:

• expected Bugzilla bug 1829642 to depend on a bug targeting a release in 4.5.0, 4.5.z and in one of the following states: VERIFIED, RELEASE_PENDING, CLOSED (ERRATA), but no dependents were found

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

Details

In response to this:

[release-4.4] Bug 1829642: crio: Add explicit paths for configuratoin settings

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[wking]

New round of CI now that #1698 has landed.

[openshift-ci-robot]

@mrunalp: This pull request references Bugzilla bug 1829642, which is invalid:

• expected Bugzilla bug 1829642 to depend on a bug targeting a release in 4.5.0, 4.5.z and in one of the following states: VERIFIED, RELEASE_PENDING, CLOSED (ERRATA), but no dependents were found

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

Details

In response to this:

[release-4.4] Bug 1829642: crio: Add explicit paths for configuration settings

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[kikisdeliveryservice]

Verified that in 4.2:

seccomp_profile = "/etc/crio/seccomp.json"
runtime = "/usr/bin/runc"

https://github.com/openshift/machine-config-operator/blob/release-4.2/templates/worker/01-worker-container-runtime/_base/files/crio.yaml

https://github.com/openshift/machine-config-operator/blob/release-4.2/templates/master/01-master-container-runtime/_base/files/crio.yaml

[kikisdeliveryservice]

/retest

[wking]

Seems like this PR is narrowly reverting some portions of 606bd2b (#1414), which was backported to 4.3 in 8afb65a (#1447). And apparently not backported to 4.2 (possibly because of this issue).

[wking]

Oh, wait. This isn't a revert of 606bd2b (#1414). Before #1414, this line was # seccomp_profile... (commented out). In #1414 it became master's current empty string. With this commit it is becoming an uncommented, nonempty value. So was there a default baked into CRI-O at some point, but no longer? And now we need to provide the old default explicitly here to support CRI-O that are recent enough to have dropped the baked-in-default? But bug 1829642 is about supporting older CRI-O? I'm confused about how these pieces fit together.

[kikisdeliveryservice]

it was commented out further back: 69025e8#diff-5c79cb2bed55d5971e8178e82d18cdc9

via #1216

[wking]

Ah, ok. And looks like #1216 went out in 4.3 and was never backported to 4.2.

[kikisdeliveryservice]

pretty sure that 4.2/1/.12 fails if these are empty so it cant be backported

[umohnani8]

Yeah this is needed, so that cri-o 1.14 can use this config and not fail to start up like it was.

[kikisdeliveryservice]

just adding for safety..

/hold

[ashcrow]

/retest ci/prow/e2e-aws

[sdodson]

It seems like we should include this on master branch until such a time that we're managing the machineset image on updates. There's no assurances that will happen before 4.5 so we may run into 4.2 to 4.3 to 4.4 to 4.5 upgrades with a 4.2 bootimage is still in use during scaleup.
/cherrypick master

[openshift-cherrypick-robot]

@sdodson: once the present PR merges, I will cherry-pick it on top of master in a new PR and assign it to you.

Details

In response to this:

It seems like we should include this on master branch until such a time that we're managing the machineset image on updates. There's no assurances that will happen before 4.5 so we may run into 4.2 to 4.3 to 4.4 to 4.5 upgrades with a 4.2 bootimage is still in use during scaleup.
/cherrypick master

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[openshift-ci-robot]

@ashcrow: The /retest command does not accept any targets.
The following commands are available to trigger jobs:

• /test e2e-aws
• /test e2e-aws-disruptive
• /test e2e-aws-scaleup-rhel7
• /test e2e-gcp-op
• /test e2e-gcp-upgrade
• /test e2e-metal-ipi
• /test e2e-openstack
• /test e2e-ovirt
• /test e2e-vsphere
• /test images
• /test unit
• /test verify

Use /test all to run all jobs.

Details

In response to this:

/retest ci/prow/e2e-aws

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[umohnani8]

/lgtm

[openshift-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: kikisdeliveryservice, mrunalp, umohnani8

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [kikisdeliveryservice]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[umohnani8]

/retest

[umohnani8]

@sdodson this will not cleanly cherry-pick on master since we reworked the ctrcfg controller to use drop-in files instead of modifying crio.conf every time. I can open a PR to master with similar changes.

[umohnani8]

/hold cancel

[umohnani8]

/hold adding it back based on slack discussions

[vikaslaad]

/retest

[runcom]

/skip

[jianzhangbjz]

/retest

[openshift-ci-robot]

@mrunalp: No Bugzilla bug is referenced in the title of this pull request.
To reference a bug, add 'Bug XXX:' to the title of this pull request and request another bug refresh with /bugzilla refresh.

Details

In response to this:

[release-4.4] crio: Add explicit paths for configuration settings

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[kikisdeliveryservice]

/bugzilla refresh

[openshift-ci-robot]

@kikisdeliveryservice: No Bugzilla bug is referenced in the title of this pull request.
To reference a bug, add 'Bug XXX:' to the title of this pull request and request another bug refresh with /bugzilla refresh.

Details

In response to this:

/bugzilla refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[kikisdeliveryservice]

unlinked from https://bugzilla.redhat.com/show_bug.cgi?id=1829642 as we have #1706

[openshift-ci-robot]

@mrunalp: The following test failed, say /retest to rerun all failed tests:

Test name	Commit	Details	Rerun command
ci/prow/e2e-aws	a345a56	link	/test e2e-aws

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[ashcrow]

Closed per #1707 (comment)