search

openshift-kni / lifecycle-agent

Local agent for orchestration of SNO Image Based Upgrade
Apache License 2.0
6 stars 28 forks source link

OCPBUGS-33605: Skip retry on unknown manifest and detect digests made up by CRIO ima… #664

Closed jc-rh closed 7 hours ago

jc-rh commented 1 day ago

Background / Context

Image service in CRIO can create phantom digests with this implementation: https://github.com/openshift/cri-o/blob/1bcadab7e200e767394c7d19709eccba3462db9f/internal/storage/image.go#L216-L217 In the case of the bug reported, OCP uses quay.io digest for the same kube-rbac-proxy image while operators uses the multi-arch manifest list digest from registry.redhat.io. After pulling quay.io@sha:A and registry.redhat.io@sha:B, we get 4 digests on the image from a mix match of the repos and the sha values

Issue / Requirement / Reason for change

This becomes issue in a disconnected environment for IBU, as the image mirroring only covers two digests from registry.redhat.io and one from quay.io. The manifest list sha from quay is not part of the single arch OCP release, hence not mirrored. IBU precaching requires all digests captured in the seed to be present.

Solution / Feature Overview

Implementation Details

Other Information

openshift-ci-robot commented 1 day ago

@jc-rh: This pull request references Jira Issue OCPBUGS-33605, which is invalid:

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

In response to [this](https://github.com/openshift-kni/lifecycle-agent/pull/664): >…ge service > > > ># Background / Context >Image service in CRIO can create phantom digests with this implementation: >https://github.com/openshift/cri-o/blob/1bcadab7e200e767394c7d19709eccba3462db9f/internal/storage/image.go#L216-L217 >In the case of the bug reported, OCP uses quay.io digest for the same kube-rbac-proxy image while operators uses the multi-arch manifest list digest from registry.redhat.io. After pulling quay.io@sha:A and registry.redhat.io@sha:B, we get 4 digests on the image from a mix match of the repos and the sha values > > > ># Issue / Requirement / Reason for change >This becomes issue in a disconnected environment for IBU, as the image mirroring only covers two digests from registry.redhat.io and one from quay.io. The manifest list sha from quay is not part of the single arch OCP release, hence not mirrored. IBU precaching requires all digests captured in the seed to be present. > > ># Solution / Feature Overview > >- Double check failed image list at the end of precaching and consider it a success if they exist locally >- Skip retry on the not found case > > > ># Implementation Details > > > ># Other Information > > > > > Instructions for interacting with me using PR comments are available [here](https://prow.ci.openshift.org/command-help?repo=openshift-kni%2Flifecycle-agent). If you have questions or suggestions related to my behavior, please file an issue against the [openshift-eng/jira-lifecycle-plugin](https://github.com/openshift-eng/jira-lifecycle-plugin/issues/new) repository.
openshift-ci-robot commented 1 day ago

@jc-rh: This pull request references Jira Issue OCPBUGS-33605, which is invalid:

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

In response to [this](https://github.com/openshift-kni/lifecycle-agent/pull/664): > > > ># Background / Context >Image service in CRIO can create phantom digests with this implementation: >https://github.com/openshift/cri-o/blob/1bcadab7e200e767394c7d19709eccba3462db9f/internal/storage/image.go#L216-L217 >In the case of the bug reported, OCP uses quay.io digest for the same kube-rbac-proxy image while operators uses the multi-arch manifest list digest from registry.redhat.io. After pulling quay.io@sha:A and registry.redhat.io@sha:B, we get 4 digests on the image from a mix match of the repos and the sha values > > > ># Issue / Requirement / Reason for change >This becomes issue in a disconnected environment for IBU, as the image mirroring only covers two digests from registry.redhat.io and one from quay.io. The manifest list sha from quay is not part of the single arch OCP release, hence not mirrored. IBU precaching requires all digests captured in the seed to be present. > > ># Solution / Feature Overview > >- Double check failed image list at the end of precaching and consider it a success if they exist locally >- Skip retry on the not found case > > > ># Implementation Details > > > ># Other Information > > > > > Instructions for interacting with me using PR comments are available [here](https://prow.ci.openshift.org/command-help?repo=openshift-kni%2Flifecycle-agent). If you have questions or suggestions related to my behavior, please file an issue against the [openshift-eng/jira-lifecycle-plugin](https://github.com/openshift-eng/jira-lifecycle-plugin/issues/new) repository.
openshift-ci[bot] commented 8 hours ago

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: donpenney, javipolo

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/openshift-kni/lifecycle-agent/blob/main/OWNERS)~~ [donpenney] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment
openshift-ci-robot commented 7 hours ago

@jc-rh: Jira Issue OCPBUGS-33605: All pull requests linked via external trackers have merged:

Jira Issue OCPBUGS-33605 has been moved to the MODIFIED state.

In response to [this](https://github.com/openshift-kni/lifecycle-agent/pull/664): > > > ># Background / Context >Image service in CRIO can create phantom digests with this implementation: >https://github.com/openshift/cri-o/blob/1bcadab7e200e767394c7d19709eccba3462db9f/internal/storage/image.go#L216-L217 >In the case of the bug reported, OCP uses quay.io digest for the same kube-rbac-proxy image while operators uses the multi-arch manifest list digest from registry.redhat.io. After pulling quay.io@sha:A and registry.redhat.io@sha:B, we get 4 digests on the image from a mix match of the repos and the sha values > > > ># Issue / Requirement / Reason for change >This becomes issue in a disconnected environment for IBU, as the image mirroring only covers two digests from registry.redhat.io and one from quay.io. The manifest list sha from quay is not part of the single arch OCP release, hence not mirrored. IBU precaching requires all digests captured in the seed to be present. > > ># Solution / Feature Overview > >- Double check failed image list at the end of precaching and consider it a success if they exist locally >- Skip retry on the not found case > > > ># Implementation Details > > > ># Other Information > > > > > Instructions for interacting with me using PR comments are available [here](https://prow.ci.openshift.org/command-help?repo=openshift-kni%2Flifecycle-agent). If you have questions or suggestions related to my behavior, please file an issue against the [openshift-eng/jira-lifecycle-plugin](https://github.com/openshift-eng/jira-lifecycle-plugin/issues/new) repository.
jc-rh commented 7 hours ago

/cherrypick release-4.14

jc-rh commented 7 hours ago

/cherrypick release-4.17

openshift-cherrypick-robot commented 7 hours ago

@jc-rh: new pull request created: #665

In response to [this](https://github.com/openshift-kni/lifecycle-agent/pull/664#issuecomment-2389092220): >/cherrypick release-4.17 Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository.
jc-rh commented 6 hours ago

/cherrypick release-4.14

openshift-cherrypick-robot commented 6 hours ago

@jc-rh: new pull request created: #666

In response to [this](https://github.com/openshift-kni/lifecycle-agent/pull/664#issuecomment-2389121251): >/cherrypick release-4.14 > Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository.