Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mount static kmod as /usr/local/sbin/modprobe #4037

Merged
merged 3 commits into from
Jun 6, 2024
Merged

Mount static kmod as /usr/local/sbin/modprobe #4037

merged 3 commits into from
Jun 6, 2024

Conversation

vigh-m
Copy link
Contributor

@vigh-m vigh-m commented Jun 6, 2024
edited
Loading

Issue number:

Updates #3968

Description of changes:
This change mounts the static kmod built in #3981 into a customer container.

This time, the mount target is /usr/local/sbin/modprobe

Testing done:

I ran the script here to generate the kubernetes podspec to validate modprobe on 23 containers including:

  • alpine
  • debian
  • fedora
  • ubuntu
  • amazonlinux
  • cilium/cilium

No errors on any of them.

No errors running internal testing for ECS either

Terms of contribution:

By submitting this pull request, I agree that this contribution is dual-licensed under the terms of both the Apache License, version 2.0, and the MIT license.

yeazelm
yeazelm reviewed Jun 6, 2024
View reviewed changes
packages/containerd/containerd-cri-base-json
@@ -102,6 +102,15 @@ oci-defaults = { version = "v1", helpers = ["oci_defaults"] }
"mode=755",
"size=65536k"
]
},
{
"destination": "/usr/local/sbin/modprobe",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Have we confirmed this will be used instead of the provided modprobe for containers that include it? Do we know where this path related in the default PATH for these containers?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The linked script in the description printed the default PATH in the container images. For all of them /usr/local/sbin is the first path in the list.

Copy link
Contributor Author

@vigh-m vigh-m Jun 6, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yup! Along with that, I also validated loading and unloading a kernel module on all the container images + cilium in that script and did not see any unexpected failures.

@vigh-m
Copy link
Contributor Author

vigh-m commented Jun 6, 2024

Added Signed-off and exec option based on comments

@vigh-m
Copy link
Contributor Author

vigh-m commented Jun 6, 2024
edited
Loading

  • Testsys test run
 NAME                                TYPE   	   STATE             PASSED      FAILED      SKIPPED   BUILD ID      LAST UPDATE
 x86-64-aws-ecs-2-conformance        Test   	   passed                 1           0            0   ec021fde      2024-06-06T20:52:09Z
 x86-64-aws-ecs-2-quick              Test   	   passed                 1           0            0   ec021fde      2024-06-06T20:50:01Z
 x86-64-aws-k8s-128-conformance      Test   	   passed               384           0   	7009   ec021fde      2024-06-06T22:07:43Z
 x86-64-aws-k8s-128-quick            Test   	   passed                 5           0   	7388   ec021fde      2024-06-06T17:59:54Z
 x86-64-aws-k8s-128                  Resource      completed                                           ec021fde      2024-06-06T17:57:42Z

@vigh-m vigh-m merged commit 892e31f into bottlerocket-os:develop Jun 6, 2024
32 checks passed
This was referenced Jun 7, 2024
Merged
Closed
Closed
@vigh-m vigh-m deleted the modprobe-mount branch August 5, 2024 17:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yeazelm yeazelm yeazelm left review comments

@bcressey bcressey bcressey approved these changes

@arnaldo2792 arnaldo2792 arnaldo2792 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@vigh-m @bcressey @arnaldo2792 @yeazelm