From 6525c94065b46ec04bb5ebd4ccc566dadb8a3c0a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Doktor?= Date: Wed, 6 Mar 2024 11:04:50 +0100 Subject: [PATCH] ci.ocp: Add a workaround to optionally enable skip_mount_home MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit the latest upstream kata-containers requires the skip_mount_home to be enabled, which is default on OCP 4.14+ but disabled on OCP 4.13-. Let's use a "WORKAROUND_9206_CRIO" (called by kata-containers GH issue) variable to allow users to enable this treatement when needed. Related to: #9206 Signed-off-by: Lukáš Doktor --- .../deployments/workaround-9206-crio-ds.yaml | 28 +++++++++++++++++++ .../deployments/workaround-9206-crio.yaml | 18 ++++++++++++ ci/openshift-ci/cluster/install_kata.sh | 11 ++++++++ 3 files changed, 57 insertions(+) create mode 100644 ci/openshift-ci/cluster/deployments/workaround-9206-crio-ds.yaml create mode 100644 ci/openshift-ci/cluster/deployments/workaround-9206-crio.yaml diff --git a/ci/openshift-ci/cluster/deployments/workaround-9206-crio-ds.yaml b/ci/openshift-ci/cluster/deployments/workaround-9206-crio-ds.yaml new file mode 100644 index 0000000000..0a5cf8a5ee --- /dev/null +++ b/ci/openshift-ci/cluster/deployments/workaround-9206-crio-ds.yaml @@ -0,0 +1,28 @@ +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: workaround-9206-crio-ds +spec: + selector: + matchLabels: + app: workaround-9206-crio-ds + template: + metadata: + labels: + app: workaround-9206-crio-ds + spec: + containers: + - name: workaround-9206-crio-ds + image: alpine + volumeMounts: + - name: host-dir + mountPath: /tmp/config + securityContext: + runAsUser: 0 + privileged: true + command: ["/bin/sh", "-c", "while [ ! -f '/tmp/config/10-workaround-9206-crio' ]; do sleep 1; done; echo 'Config file present'; sleep infinity"] + volumes: + - name: host-dir + hostPath: + path: /etc/crio/crio.conf.d/ diff --git a/ci/openshift-ci/cluster/deployments/workaround-9206-crio.yaml b/ci/openshift-ci/cluster/deployments/workaround-9206-crio.yaml new file mode 100644 index 0000000000..18313a0b5e --- /dev/null +++ b/ci/openshift-ci/cluster/deployments/workaround-9206-crio.yaml @@ -0,0 +1,18 @@ +--- +apiVersion: machineconfiguration.openshift.io/v1 +kind: MachineConfig +metadata: + labels: + machineconfiguration.openshift.io/role: worker + name: 10-workaround-9206-crio +spec: + config: + ignition: + version: 2.2.0 + storage: + files: + - contents: + source: data:text/plain;charset=utf-8;base64,W2NyaW9dCnN0b3JhZ2Vfb3B0aW9uID0gWwoJIm92ZXJsYXkuc2tpcF9tb3VudF9ob21lPXRydWUiLApdCg== + filesystem: root + mode: 0644 + path: /etc/crio/crio.conf.d/10-workaround-9206-crio diff --git a/ci/openshift-ci/cluster/install_kata.sh b/ci/openshift-ci/cluster/install_kata.sh index eaca843a63..ef719f7482 100755 --- a/ci/openshift-ci/cluster/install_kata.sh +++ b/ci/openshift-ci/cluster/install_kata.sh @@ -27,6 +27,10 @@ KATA_WITH_SYSTEM_QEMU=${KATA_WITH_SYSTEM_QEMU:-no} # KATA_WITH_HOST_KERNEL=${KATA_WITH_HOST_KERNEL:-no} +# Enable workaround for OCP 4.13 https://github.com/kata-containers/kata-containers/pull/9206 +# +WORKAROUND_9206_CRIO=${WORKAROUND_9206_CRIO:-no} + # Leverage kata-deploy to install Kata Containers in the cluster. # apply_kata_deploy() { @@ -224,6 +228,13 @@ if [ ${SELINUX_PERMISSIVE} == "yes" ]; then wait_for_reboot fi +if [[ "$WORKAROUND_9206_CRIO" == "yes" ]]; then + info "Applying workaround to enable skip_mount_home in crio on OCP 4.13" + oc apply -f "${deployments_dir}/workaround-9206-crio.yaml" + oc apply -f "${deployments_dir}/workaround-9206-crio-ds.yaml" + wait_for_app_pods_message workaround-9206-crio-ds "$num_nodes" "Config file present" 1200 || echo "Failed to apply the workaround, proceeding anyway..." +fi + # FIXME: Remove when https://github.com/kata-containers/kata-containers/pull/8417 is resolved # Selinux context is currently not handled by kata-deploy oc apply -f ${deployments_dir}/relabel_selinux.yaml