search

plus3it / spel

STIG-Partitioned Enterprise Linux (spel)
Other
91 stars 61 forks source link

Latest spel-minimal-rhel-7 image doesn't have kernel version that manifest claims #621

Closed brandonrace closed 11 months ago

brandonrace commented 11 months ago

Expected behavior

Based on what is in the manifest for spel-minimal-rhel-7-hvm I would expect the kernel to be kernel-3.10.0-1160.95.1.el7.x86_64

Actual behavior

When I spin up an instance from the image ami-086ab02f77de8e5bd spel-minimal-rhel-7-hvm-2023.07.1.x86_64-gp2 , the kernel version is kernel-3.10.0-1160.92.1.el7.x86_64

Steps to reproduce behavior

Launch an instance from ami-086ab02f77de8e5bd spel-minimal-rhel-7-hvm-2023.07.1.x86_64-gp2 , run "rpm -qa | grep kernel"

Context/Specifications

Things like:

Suggestions for fix

Install the kernel packages on the image mentioned in the manifest

Relevant references

ferricoxide commented 11 months ago

Worth noting that the manifest files are generated against the AMIs created in the commercial regions, not the GovCloud regions. While our general process is to build commercial and GovCloud AMIs on the same day, there can be technical problems that prevent this (as appears to be the case for July's AMIs). Similarly, because the RHEL AMIs for commercial and AMIs for GovCloud are built against different instantiations of the RHUI repositories, differences between regions' AMIs can result if there are differences between the repositories.

Just launched an EC2 from ami-086ab02f77de8e5bd. Can confirm that the Kernel RPM is listed on inital-boot is as reported:

sh-4.2$ rpm -q kernel
kernel-3.10.0-1160.92.1.el7.x86_64

Comparing the build dates, it looks like the July AMIs were actually built about 22 hours apart:

us-gov-west-1:

$ aws ec2 describe-images --filters 'Name=name,Values=spel-minimal-rhel-7-hvm-2023.07.*' --query 'Images[].[ImageId,CreationDate]' --output text
ami-086ab02f77de8e5bd   2023-07-18T16:20:55.000Z

us-east-1:

$ aws ec2 describe-images --filters 'Name=name,Values=spel-minimal-rhel-7-hvm-2023.07.1.x86_64-gp2' --query 'Images[].[ImageId,CreationDate]' --output text
ami-0ad6c65e232c41794   2023-07-19T14:46:17.000Z

While the commercial and GovCloud RHUI repositories' contents can have minor deltas (when it's been observed, it's generally been the GovCloud RHUI repository tending to be behind the commercial RHUI repository), it's generally rare. However, given the 20-hour time-delta in the AMIs' creations, it would appear that somewhere in that 20-hour window, the commercial RHUI repository got ahead of the GovCloud RHUI repository.

When it comes to reported defects, we generally only publish new AMIs for a given month if the defect is functionality-breaking. The defect reported in this issue wouldn't generally be considered functionality-breaking (indeed, if your provisioning-process includes a yum update action, you would have the .95 kernel). Combined with the fact that we're due to generate August's AMIs, this issue will be a WONTFIX.