Closed jleach closed 3 years ago
This file contains the list and the script that generated the initial list (a person still needs to go through and mark template / images for removal).
From your list I kept must-gather
image stream, as its part of the cluster and not a sample. PR is https://github.com/bcgov-c/platform-ops/pull/332 and has been run on KLAB. @jleach can you please review the PR and the IS and Templates available in KLAB to confirm we've got the right items left available?
@sbarre-esit Will do.
@mitovskaol (and Bev, but I don't know her github) What is our rollout plan for this? How much warning to we want to give users? In theory no one is using these images that we are removing from the platform, but probably good to give them a heads up?
Personally, I don’t like these images. They’re bad news or teams to use. Case in point in MongoDB. Looks like its depreciated in 4.6 and I think Karim is using it. Its best they copy images to their tools namespace with an ImageStreamTag and not relay on any images from openshift
. Also, never use any image in prod with the lates
tag unless its manufactured by the team; and even then its not preferred. Stable takes like 1
, 2
, 2-1.1
are best.
On Dec 9, 2020, at 5:13 PM, Steven Barre notifications@github.com wrote:
@mitovskaol https://github.com/mitovskaol (and Bev, but I don't know her github) What is our rollout plan for this? How much warning to we want to give users? In theory no one is using these images that we are removing from the platform, but probably good to give them a heads up?
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/BCDevOps/OpenShift4-RollOut/issues/462#issuecomment-742167510, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAC7N2Y2S2YAYGLDHGWPVETSUAOCRANCNFSM4TU5OGWQ.
@jleach I agree they need to go. I just think we need to make sure all the end users are well aware of the plans before we do it.
@sbarre-esit Here is some text to alert teams:
On Tuesday December 15th at 9AM we will prune many sample templates and images from the OCP4 openshift namespace. We're doing this for a few reasons, including: Dissuade teams for using legacy technology that is not well supported in government (I'm looking at you PHP); reduce clutter and confusion in templates; dissuade teams for relying on templates and images that may be used in a prod setting but get deprecated by Red Hat and cause problem (i.e MongoDB); etc.
NOTE: MongoDB appears to be deprecated as of OCP4.6. If you have used this template export and make a copy in your GitHub repo. If you're using the mongo image either pull from the Red Hat Container Catalogue (see below) or import the image into your tools namespace.
What Images?
Find a comprehensive list of images and templates that will be removed in this GitHub Issue: https://github.com/BCDevOps/OpenShift4-RollOut/issues/462
Where Can I Find Alternatives
Teams will find these images, and more, by going to the Redhat Container Ecosystem: https://catalog.redhat.com/software/containers/explore
ProTip: Where possible use Artifactory as a pull through cache for images.
My Images/Template is On Your List
If you're using an image or template that is on the list, and you don't know what to do, please contact someone from Platform Services to help you stick handle this issue.
CHG0021029 - MCS SILVER - Update Samples Operator to exclude most Templates and ImageStreams scheduled for Dec 15th
Text copied into the notification PR https://github.com/BCDevOps/platform-services-status-page-notifications/pull/112
The scheduled RFC for this work in PROD failed with the following ansible message.
TASK [config-infra : Configure Samples Operator] *******************************************************************************************************
task path: /root/platform-ops/ocp4/roles/config-infra/tasks/samples.yaml:2
<localhost> ESTABLISH LOCAL CONNECTION FOR USER: root
<localhost> EXEC /bin/sh -c 'echo ~root && sleep 0'
<localhost> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp `"&& mkdir "` echo /root/.ansible/tmp/ansible-tmp-1608052943.25-2741-244780950976296 `" && echo ansible-tmp-1608052943.25-2741-244780950976296="` echo /root/.ansible/tmp/ansible-tmp-1608052943.25-2741-244780950976296 `" ) && sleep 0'
<localhost> Attempting python interpreter discovery
<localhost> EXEC /bin/sh -c 'echo PLATFORM; uname; echo FOUND; command -v '"'"'/usr/bin/python'"'"'; command -v '"'"'python3.7'"'"'; command -v '"'"'python3.6'"'"'; command -v '"'"'python3.5'"'"'; command -v '"'"'python2.7'"'"'; command -v '"'"'python2.6'"'"'; command -v '"'"'/usr/libexec/platform-python'"'"'; command -v '"'"'/usr/bin/python3'"'"'; command -v '"'"'python'"'"'; echo ENDFOUND && sleep 0'
<localhost> EXEC /bin/sh -c '/usr/bin/python && sleep 0'
Using module file /usr/lib/python2.7/site-packages/ansible/modules/clustering/k8s/k8s.py
<localhost> PUT /root/.ansible/tmp/ansible-local-27306Wvdrj/tmpHKc1Zh TO /root/.ansible/tmp/ansible-tmp-1608052943.25-2741-244780950976296/AnsiballZ_k8s.py
<localhost> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-tmp-1608052943.25-2741-244780950976296/ /root/.ansible/tmp/ansible-tmp-1608052943.25-2741-244780950976296/AnsiballZ_k8s.py && sleep 0'
<localhost> EXEC /bin/sh -c '/usr/bin/python /root/.ansible/tmp/ansible-tmp-1608052943.25-2741-244780950976296/AnsiballZ_k8s.py && sleep 0'
<localhost> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-tmp-1608052943.25-2741-244780950976296/ > /dev/null 2>&1 && sleep 0'
The full traceback is:
Traceback (most recent call last):
File "/root/.ansible/tmp/ansible-tmp-1608052943.25-2741-244780950976296/AnsiballZ_k8s.py", line 102, in <module>
_ansiballz_main()
File "/root/.ansible/tmp/ansible-tmp-1608052943.25-2741-244780950976296/AnsiballZ_k8s.py", line 94, in _ansiballz_main
invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)
File "/root/.ansible/tmp/ansible-tmp-1608052943.25-2741-244780950976296/AnsiballZ_k8s.py", line 40, in invoke_module
runpy.run_module(mod_name='ansible.modules.clustering.k8s.k8s', init_globals=None, run_name='__main__', alter_sys=True)
File "/usr/lib64/python2.7/runpy.py", line 176, in run_module
fname, loader, pkg_name)
File "/usr/lib64/python2.7/runpy.py", line 82, in _run_module_code
mod_name, mod_fname, mod_loader, pkg_name)
File "/usr/lib64/python2.7/runpy.py", line 72, in _run_code
exec code in run_globals
File "/tmp/ansible_k8s_payload_C2g0fT/ansible_k8s_payload.zip/ansible/modules/clustering/k8s/k8s.py", line 281, in <module>
File "/tmp/ansible_k8s_payload_C2g0fT/ansible_k8s_payload.zip/ansible/modules/clustering/k8s/k8s.py", line 277, in main
File "/tmp/ansible_k8s_payload_C2g0fT/ansible_k8s_payload.zip/ansible/module_utils/k8s/raw.py", line 171, in execute_module
File "/tmp/ansible_k8s_payload_C2g0fT/ansible_k8s_payload.zip/ansible/module_utils/k8s/common.py", line 200, in get_api_client
File "/usr/lib/python2.7/site-packages/openshift/dynamic/client.py", line 71, in __init__
self.__discoverer = discoverer(self, cache_file)
File "/usr/lib/python2.7/site-packages/openshift/dynamic/discovery.py", line 259, in __init__
Discoverer.__init__(self, client, cache_file)
File "/usr/lib/python2.7/site-packages/openshift/dynamic/discovery.py", line 31, in __init__
self.__init_cache()
File "/usr/lib/python2.7/site-packages/openshift/dynamic/discovery.py", line 78, in __init_cache
self._load_server_info()
File "/usr/lib/python2.7/site-packages/openshift/dynamic/discovery.py", line 165, in _load_server_info
self.client.configuration.host)
ValueError: Host value http://localhost should start with https:// when talking to HTTPS endpoint
fatal: [localhost]: FAILED! => changed=false
ansible_facts:
discovered_interpreter_python: /usr/bin/python
module_stderr: |-
Traceback (most recent call last):
File "/root/.ansible/tmp/ansible-tmp-1608052943.25-2741-244780950976296/AnsiballZ_k8s.py", line 102, in <module>
_ansiballz_main()
File "/root/.ansible/tmp/ansible-tmp-1608052943.25-2741-244780950976296/AnsiballZ_k8s.py", line 94, in _ansiballz_main
invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)
File "/root/.ansible/tmp/ansible-tmp-1608052943.25-2741-244780950976296/AnsiballZ_k8s.py", line 40, in invoke_module
runpy.run_module(mod_name='ansible.modules.clustering.k8s.k8s', init_globals=None, run_name='__main__', alter_sys=True)
File "/usr/lib64/python2.7/runpy.py", line 176, in run_module
fname, loader, pkg_name)
File "/usr/lib64/python2.7/runpy.py", line 82, in _run_module_code
mod_name, mod_fname, mod_loader, pkg_name)
File "/usr/lib64/python2.7/runpy.py", line 72, in _run_code
exec code in run_globals
File "/tmp/ansible_k8s_payload_C2g0fT/ansible_k8s_payload.zip/ansible/modules/clustering/k8s/k8s.py", line 281, in <module>
File "/tmp/ansible_k8s_payload_C2g0fT/ansible_k8s_payload.zip/ansible/modules/clustering/k8s/k8s.py", line 277, in main
File "/tmp/ansible_k8s_payload_C2g0fT/ansible_k8s_payload.zip/ansible/module_utils/k8s/raw.py", line 171, in execute_module
File "/tmp/ansible_k8s_payload_C2g0fT/ansible_k8s_payload.zip/ansible/module_utils/k8s/common.py", line 200, in get_api_client
File "/usr/lib/python2.7/site-packages/openshift/dynamic/client.py", line 71, in __init__
self.__discoverer = discoverer(self, cache_file)
File "/usr/lib/python2.7/site-packages/openshift/dynamic/discovery.py", line 259, in __init__
Discoverer.__init__(self, client, cache_file)
File "/usr/lib/python2.7/site-packages/openshift/dynamic/discovery.py", line 31, in __init__
self.__init_cache()
File "/usr/lib/python2.7/site-packages/openshift/dynamic/discovery.py", line 78, in __init_cache
self._load_server_info()
File "/usr/lib/python2.7/site-packages/openshift/dynamic/discovery.py", line 165, in _load_server_info
self.client.configuration.host)
ValueError: Host value http://localhost should start with https:// when talking to HTTPS endpoint
module_stdout: ''
msg: |-
MODULE FAILURE
See stdout/stderr for the exact error
rc: 1
PLAY RECAP *********************************************************************************************************************************************
localhost : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
Playbook run took 0 days, 0 hours, 0 minutes, 0 seconds
The strange thing is that we attempted to re-do the KLAB playbook as well and it couldn't execute either, despite Steven having done this change in KLAB previously.
For now, we'll do a deeper analysis of the "why" for this, since the involved UTIL servers where we run these playbooks for KLAB and SILVER were recently OS-patched, and perhaps a module dependency has a new config requirement.
Blocked for now until some time can be invested into investigating the reason why the playbook involved no longer works in both KLAB and SILVER.
Moved to Sprint Backlog instead. Will attempt to revisit this over the holldays.
Identified and fixed the issue. Root cause still needed, but a recent OS patch on our OCP4 UTIL servers bumped python2-kubernetes from python2-kubernetes-11.0.0-2.el7.noarch to python2-kubernetes-12.0.1-1.el7.noarch . A roll-back of that package fixes the problem.
Re-ran the playbook, executed flawlessly. Will close this off next business day if no meltdown is apparent.
Nothing broke and no screaming, closing this issue.
The following is a list of templates and the associated images; ones mart as
N
in the "ON CLUSTER" column are generated artifacts from the template. Some template names and/or images may be duplicated if as a template may depend on more than one image. This list was generated from theSilver
cluster w/ OCP 4.5. More images may be removed after we've eliminated unnecessary templates.To extract template to remove use:
tail -n +3 images-silver.md| awk -F\| '{ print $2 $3 }' | awk '{$1=$1};1'|grep -E '.*(y)$'| awk '{ print $1 }' | uniq| sort
To extract images to remove use:
tail -n +3 images-silver.md| awk -F\| '{ print $4 $5 $6 }'| awk '{$1=$1};1'| grep -E '.*(y\sY)$'| awk '{ print $1 }'| uniq| sort