Skip to content

[release-4.6] OCPBUGS-16255: Dockerfile changes to build both rhel7 and rhel8 binaries #563

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
openshift-merge-robot merged 1 commit into from
Jul 25, 2023
Merged

[release-4.6] OCPBUGS-16255: Dockerfile changes to build both rhel7 and rhel8 binaries #563

openshift-merge-robot merged 1 commit into from
Jul 25, 2023

Conversation

@jcaamano
Copy link
Contributor

@jcaamano jcaamano commented Jul 24, 2023

Since the shim (openshift-sdn) gets copied to the host OS and executed in the host mount namespace by CRIO/Multus it needs to be runtime compatible with the host OS. Running a RHEL8-built shim on a RHEL7 system doesn't work due to different shared library dependencies between the two OS versions.

This wasn't a problem before because CGO_ENABLED=0 which essentially statically linked everything into the binary. But since we actually need CGO_ENABLED=1 (which ART forces on "official" builds anyway) to ensure we use OpenSSL's crypto for FIPS compliance, we run into the OS version problem with our binaries since they are really always built with CGO_ENABLED=1 anyway.

So... build two separate versions of openshift-sdn and osdn-host-local (which is invoked by openshift-sdn shim) in different layers, and copy the shims into a special location where our container startup scripts can find it.

Signed-off-by: Jaime Caamaño Ruiz jcaamano@redhat.com
(cherry picked from commit 8fe1a62) (cherry picked from commit b3fd83d) (cherry picked from commit 26d4955)

@openshift-ci-robot openshift-ci-robot added jira/severity-critical Referenced Jira bug's severity is critical for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. labels Jul 24, 2023
@openshift-ci-robot
Copy link
Contributor

openshift-ci-robot commented Jul 24, 2023

@jcaamano: This pull request references Jira Issue OCPBUGS-16255, which is invalid:

  • expected Jira Issue OCPBUGS-16255 to depend on a bug targeting a version in 4.7.0, 4.7.z and in one of the following states: VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), but no dependents were found

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

Since the shim (openshift-sdn) gets copied to the host OS and executed in the host mount namespace by CRIO/Multus it needs to be runtime compatible with the host OS. Running a RHEL8-built shim on a RHEL7 system doesn't work due to different shared library dependencies between the two OS versions.

This wasn't a problem before because CGO_ENABLED=0 which essentially statically linked everything into the binary. But since we actually need CGO_ENABLED=1 (which ART forces on "official" builds anyway) to ensure we use OpenSSL's crypto for FIPS compliance, we run into the OS version problem with our binaries since they are really always built with CGO_ENABLED=1 anyway.

So... build two separate versions of openshift-sdn and osdn-host-local (which is invoked by openshift-sdn shim) in different layers, and copy the shims into a special location where our container startup scripts can find it.

Signed-off-by: Jaime Caamaño Ruiz jcaamano@redhat.com
(cherry picked from commit 8fe1a62) (cherry picked from commit b3fd83d) (cherry picked from commit 26d4955)

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci openshift-ci bot requested review from abhat and dcbw July 24, 2023 09:30
@jcaamano
Copy link
Contributor Author

jcaamano commented Jul 24, 2023

/retest-required

@jcaamano
Copy link
Contributor Author

jcaamano commented Jul 24, 2023

/jira refresh

@openshift-ci-robot
Copy link
Contributor

openshift-ci-robot commented Jul 24, 2023

@jcaamano: This pull request references Jira Issue OCPBUGS-16255, which is invalid:

  • expected dependent Jira Issue OCPBUGS-16254 to be in one of the following states: VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), but it is New instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

Details

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@jcaamano
Dockerfile changes to build both rhel7 and rhel8 binaries
4771082 
Since the shim (openshift-sdn) gets copied to the host OS and
executed in the host mount namespace by CRIO/Multus it needs
to be runtime compatible with the host OS. Running a RHEL8-built
shim on a RHEL7 system doesn't work due to different shared library
dependencies between the two OS versions.

This wasn't a problem before because CGO_ENABLED=0 which essentially
statically linked everything into the binary. But since we actually
need CGO_ENABLED=1 (which ART forces on "official" builds anyway)
to ensure we use OpenSSL's crypto for FIPS compliance, we run into
the OS version problem with our binaries since they are really
always built with CGO_ENABLED=1 anyway.

So... build two separate versions of openshift-sdn and
osdn-host-local (which is invoked by openshift-sdn shim) in
different layers, and copy the shims into a special location where
our container startup scripts can find it.

Signed-off-by: Jaime Caamaño Ruiz <jcaamano@redhat.com>
(cherry picked from commit 8fe1a62)
(cherry picked from commit b3fd83d)
(cherry picked from commit 26d4955)
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jul 25, 2023

@jcaamano: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@jcaamano
Copy link
Contributor Author

jcaamano commented Jul 25, 2023

/override ci/prow/e2e-aws

Need 4.6 backport of openshift/origin#27422

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jul 25, 2023

@jcaamano: jcaamano unauthorized: /override is restricted to Repo administrators, approvers in top level OWNERS file, and the following github teams:openshift: openshift-release-oversight.

Details

In response to this:

/override ci/prow/e2e-aws

Need 4.6 backport of openshift/origin#27422

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@dcbw
Copy link
Contributor

dcbw commented Jul 25, 2023

/lgtm
/approve

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Jul 25, 2023
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jul 25, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dcbw, jcaamano

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jul 25, 2023
@mrunalp mrunalp added the backport-risk-assessed Indicates a PR to a release branch has been evaluated and considered safe to accept. label Jul 25, 2023
@mrunalp mrunalp added the cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. label Jul 25, 2023
@mrunalp mrunalp added jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. and removed jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. labels Jul 25, 2023
@openshift-merge-robot openshift-merge-robot merged commit f7b89d7 into openshift:release-4.6 Jul 25, 2023
@openshift-ci-robot
Copy link
Contributor

openshift-ci-robot commented Jul 25, 2023

@jcaamano: Jira Issue OCPBUGS-16255: All pull requests linked via external trackers have merged:

Jira Issue OCPBUGS-16255 has been moved to the MODIFIED state.

Details

In response to this:

Since the shim (openshift-sdn) gets copied to the host OS and executed in the host mount namespace by CRIO/Multus it needs to be runtime compatible with the host OS. Running a RHEL8-built shim on a RHEL7 system doesn't work due to different shared library dependencies between the two OS versions.

This wasn't a problem before because CGO_ENABLED=0 which essentially statically linked everything into the binary. But since we actually need CGO_ENABLED=1 (which ART forces on "official" builds anyway) to ensure we use OpenSSL's crypto for FIPS compliance, we run into the OS version problem with our binaries since they are really always built with CGO_ENABLED=1 anyway.

So... build two separate versions of openshift-sdn and osdn-host-local (which is invoked by openshift-sdn shim) in different layers, and copy the shims into a special location where our container startup scripts can find it.

Signed-off-by: Jaime Caamaño Ruiz jcaamano@redhat.com
(cherry picked from commit 8fe1a62) (cherry picked from commit b3fd83d) (cherry picked from commit 26d4955)

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@abhat abhat Awaiting requested review from abhat

@dcbw dcbw Awaiting requested review from dcbw

Assignees

@mffiedler mffiedler

@rbbratta rbbratta

@dcbw dcbw

@weliang1 weliang1

@anuragthehatter anuragthehatter

@huiran0826 huiran0826

@asood-rh asood-rh

@jechen0648 jechen0648

@yingwang-0320 yingwang-0320

@qiowang721 qiowang721

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. backport-risk-assessed Indicates a PR to a release branch has been evaluated and considered safe to accept. cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. jira/severity-critical Referenced Jira bug's severity is critical for the branch this PR is targeting. jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. lgtm Indicates that a PR is ready to be merged.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.