Add platform-specific console configuration metadata #1181

These tests have never run successfully on s390x. Skip them for now and investigate wether or not they can be adapted for s390x. Signed-off-by: Jan Schintag <jan.schintag@de.ibm.com>

SELinux denials are causing some issues and we need to have them looked at. See coreos/fedora-coreos-tracker#1097

Job URL: https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/job/bump-lockfile/5/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile

Since we're re-enabling `branched` we need these to apply there too.

Can not reproduce `coreos.boot-mirror.luks` failed issue locally with rawhide after running 20 times, remove from denylist to see if it happens. See coreos/fedora-coreos-tracker#1092

We're going to rebase RHCOS 4.11, which picks up a new NM, and the new case is actually the same. BTW, minor rant here: We really need to stop defaulting to writing conditionals that do `if is_fcos() {} else if is_rhcos() {}` because about 70% of the time, this is actually trying to test "RHEL 8" versus "Fedora". And in this case, what we want to dispatch on is the RHEL8 minor version. Or even the NetworkManager version. Anyways for now, because we haven't updated the `redhat-release-coreos` package because doing so is painful, dispatch on the OCP version.

Job URL: https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/job/bump-lockfile/9/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile

Job URL: https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/job/bump-lockfile/13/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile

These are still a problem.

A new version of dracut hasn't been cut yet so the fix hasn't landed in our rawhide stream.

See coreos/fedora-coreos-tracker#1104.

Aborts firstboot when system has several filesystems labeled `boot` Fix for coreos/fedora-coreos-tracker#976 Signed-off-by: Nikita Dubrovskii <nikita@linux.ibm.com>

Signed-off-by: Nikita Dubrovskii <nikita@linux.ibm.com>

There is no registry.fedoraproject.org/fedora-toolbox:37 in the registry. Let's snooze the test for a month and hopefully it will exist by then. See coreos/fedora-coreos-tracker#1103

Job URL: https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/job/bump-lockfile/15/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile

EFI does not work for Powerpc and s390x. It reports error when mounting /boot/efi eg:"(mount: /boot/efi: mount point does not exist)"

From `overlay.d/README.md`: Contains systemd service and script for remaining on iptables-nft after the migration to nft. Split out because (1) it will roll out to next first, and (2) it can more easily be deleted after the barrier release. For more details, see: coreos/fedora-coreos-tracker#676 #1324

This is prep for enabling iptables-nft in `next`. Because tests are shared between streams, this is a bit awkward. The way this does it is: - Make the iptables-legacy test exclusive and attach a Butane config that sets the legacy symlinks. On next, this will verify that this config can be used to boot into legacy. On !next, this will verify that the config can safely be used even before migration. - Add an iptables non-exclusive test. On next, this will verify that the default backend is nft. On !next, it will verify that it is legacy. Once the migration is over on all streams, the latter check will be removed, so it'll purely check for nft.

These are manual upgrade tests that verify various upgrade paths for iptables-nft. It's manual in that you have to update the `OCIARCHIVE_URL` to point to a URL of an ociarchive of a build with `35coreos-iptables`. Long-term, I'd like to add external tests support directly in upgrade tests so that we could have access to the artifacts vis e.g. `KOLA_EXT_DATA` or a mount. But for now, this will do. To run the tests, first update `OCIARCHIVE_URL`, and then: ``` kola run -E /path/to/tests/manual/iptables-nft-migration ext.iptables-nft-migration.* ```

This will unblock lockfile bumps while we investigate the issue.

Job URL: https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/job/bump-lockfile/22/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile

Fedora has a recent enough `find` command to be able to use the `-type f,d` option but that is not yet supported by `find` on RHEL. We can not use `-type f -type d` instead as this filters on entries being both a file and a directory which never happens. Thus we must explicitely duplicate the entire filters and actions and use `-o` to OR them. This reworks the tests using that option to be compatible on both FCOS and RHCOS. We can drop this change once RHCOS moves to RHEL 9. This also includes `/usr` in the file-directory-permissions test and tries to figure out which package the offending files/dires come from. Fixes: dac1f68

This issue is back again. See coreos/fedora-coreos-tracker#1092 (comment)

Job URL: https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/job/bump-lockfile/23/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile

Job URL: https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/job/bump-lockfile/25/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile

Job URL: https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/job/bump-lockfile/27/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile

Job URL: https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/job/bump-lockfile/29/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile

This should be fixed now. See https://bugzilla.redhat.com/show_bug.cgi?id=2033016#c20 Closes coreos/fedora-coreos-tracker#1049

These are still failing and being investigated.

Upstream in NM they changed it so that entries in a keyfile don't get written out if they were empty strings [1]. Let's update our definitions accordingly. [1] https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/27c33d15efdf974a085590aa4077ab76862c1854

We merged an update to the test that checks for iptables-nft on next/next-devel but we haven't switched to iptables-nft there yet because we are coupling that with the rebase to F36. I imagine what we'll do is modify the test to be conditional on Fedora 36 rather than the stream but we have to wait to make that change until we actually switch rawhide/branched over as well, which will most likely happen after coreos/rpm-ostree#3439 lands.

Triggered by remove-graduated-overrides GitHub Action.

Job URL: https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/job/bump-lockfile/34/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile

When we get a promotion PR in the next/testing/stable branches, compare the new code with a checkout of the commit hash from the PR title and annotate the differences. For manifest.yaml, compare with the base branch instead, since the branch we're promoting from will have a different config.

As discussed in coreos/fedora-coreos-tracker#1055, the rootfs_url karg is preferred over initrd concatenation due to its lower memory footprint and generally better performance. We originally chose to disallow its use with TFTP to reduce the feature matrix, but that forces users without HTTP servers to fall back to concatenation. Enable TFTP so rootfs_url can be used in all environments.

Don't make the test stream-based, but rather releasever-based. Handle RHCOS correctly, which has long already switched to iptables-nft. While we're here, add a bunch of query functions to the commonlib. There are some tests in which we could use these in a follow-up.

It's the default behaviour now: coreos/coreos-assembler#2665

Job URL: https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/job/bump-lockfile/41/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile

This service will detect when systemd-journald has been leaked from the initramfs and kill it so the system can recover. This is a workaround for coreos/fedora-coreos-tracker#1108

Job URL: https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/job/bump-lockfile/45/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile

The underlying issue seems to have been resolved in a recent selinux-policy update. Closes coreos/fedora-coreos-tracker#1097

In 8d8ad1d we switched the test to be based on the Fedora major rather than the stream so let's now snooze on the streams that are Fedora 36+ already.

These are still problems and need to be extended.

The fix landed in RHEL8.6+ and there is no need for a workaround. Add check to remove workaround if `RHEL_VERSION` > `8.5`. See: - https://bugzilla.redhat.com/show_bug.cgi?id=2008101 - Fixed RPM version: device-mapper-multipath-0.8.4-18.el8

Job URL: https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/job/bump-lockfile/49/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile

RHEL8.6 includes NetworkManager-1.36.0-1.el8.x86_64, update scripts according to F36. See #1533

#1550 does not work when openshift/os#713 merged, because it will use generic redhat-release package instead of redhat-release-coreos. Need to check RHEL specific version using `VERSION_ID`(for example VERSION_ID=8.6), and clarify rhel or fedora using `ID=rhel`, as this will be executed before override according to https://github.com/openshift/os/blob/master/manifest.yaml#L128-L150

Job URL: https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/job/bump-lockfile/51/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile

`nm-initrd-generator` will take into account the `BOOTIF=` kernel argument. Let's account for that in our `propagate_initramfs_networking()` code so don't propagate networking config if `BOOTIF` is the only networking config. Fixes coreos/fedora-coreos-tracker#1048

- More info: coreos/coreos-assembler/issues/2725 - Skip: - ext.config.shared.kdump.crash - coreos.boot-mirror.luks/detach-primary - coreos.boot-mirror/detach-primary Signed-off-by: Renata Ravanelli <rravanel@redhat.com>

I missed this in 7bb4d6e.

Since coreos/rpm-ostree#3406 has now landed in rpm-ostree 2022.3 and later we can remove this denial and hopefully never see the test failure again. Closes coreos/fedora-coreos-tracker#942

Job URL: https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/job/bump-lockfile/56/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile

Job URL: https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/job/bump-lockfile/60/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile

This is supported by rpm-ostree now.

Add a new conditional include which migrates streams on Fedora 36 and higher to iptables-nft. This is magnitudes simpler than the current alternative rollout procedure detailed in: coreos/fedora-coreos-tracker#676

Add a new `prod` variable and use a conditional include to include the new OSTree layer. (So then on e.g. `stable`, `prod` would be `true`.)

This is already specified by all top-level manifests, and AFAIK nothing else directly includes `fedora-coreos.yaml`.

Now that rpm-ostree supports templating more fields, we can drain the manifest even more and keep all the common templatable cruft in `fedora-coreos.yaml`.

A new version of dracut (with the service fix) landed in F37/rawhide.

I've heard that denylisting a subtest doesn't work. We have to deny the main test.

This is now fixed. Closes coreos/fedora-coreos-tracker#1046

These all are for rawhide/branched.

This will allow us to share the package inclusion rather than carrying it in manifest.yaml on various branches.

Until we actually use cosa for this, we should match its input repos. Currently that means enabling the continuous repo. This should give us a more recent rpm-ostree which has support for `releasever` as a number.

This allows us to get the latest kernel-5.16.12-200.fc35. Moving to a kernel newer than 5.16.11 picks up the fix fo CVE-2022-0847. We're able to do this because the Fedora kernel maintainers agreed to again pick up a revert that allows us to not regress on some AWS instance types (coreos/fedora-coreos-tracker#1066). Closes coreos/fedora-coreos-tracker#1118

For `clang-format`, which is used as of coreos/rpm-ostree#3475

I thought this one might have gone away but it seems to only present itself on aarch64.

Builds on coreos/rpm-ostree#3402 Relates to coreos/coreos-assembler#2685 Basically, source of truth for the CMD moves from being hardcoded in cosa hackiliy to being part of the ostree commit, which means it survives a full round trip of ostree → container → ostree → container

This adds more context for the options for the podman.dns test.

I've seen this timeout recently. It could take some extra time to grab the container from the registry so let's bump the timeout from the default of 1 minute for a non-exclusive test to 3 minutes.

The test lets us know when the workaround was used so we can keep an eye on how often the problem occurs. It's happening often enough that it's not super useful. Let's snooze it for 10 days.

Job URL: https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/job/bump-lockfile/67/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile

I was going to do a PR to add this to openshift/os too, but actually let's just share it more directly instead!

This is the first kernel with the most recent revert that allows us to not regress on some AWS instance types [1]. Because it is newer than 5.16.11 it also allows for us to pick up the fix to CVE-2022-0847 [2]. [1] coreos/fedora-coreos-tracker#1066 [2] coreos/fedora-coreos-tracker#1118

Job URL: https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/job/bump-lockfile/70/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile

Job URL: https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/job/bump-lockfile/74/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile

Triggered by remove-graduated-overrides GitHub Action.

Job URL: https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/job/bump-lockfile/78/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile

This test seems to be passing now. Closes coreos/fedora-coreos-tracker#1104

These tests are still failing and are still being investigated. See: - coreos/fedora-coreos-tracker#1059 - coreos/fedora-coreos-tracker#1092 - coreos/fedora-coreos-tracker#1105

The toolbox container for F37 now exists in the registry so the test passes. Closes coreos/fedora-coreos-tracker#1103

Job URL: https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/job/bump-lockfile/82/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile

We're no longer seeing a test failure there. It appears the following kernel transition fixed the issue: ``` kernel 5.17.0-0.rc5.20220225git53ab78cd6d5a.106.fc37.x86_64 → 5.17.0-0.rc6.109.fc37.x86_64 ``` Closes coreos/fedora-coreos-tracker#1092

systemd-network-generator fails to run because of SELinux. The existing bug for this problem [1] has been open for months. Let's mask the service and move on. We do want the generator to run in the future for things like creating udev rules [2] but it's not 100% necessary for now. We're making this change now because we're about to switch `next` over to Fedora 36 where we can't just freeze on an older version of systemd and we don't want to mask the tests any longer because we want the test coverage. [1] https://bugzilla.redhat.com/show_bug.cgi?id=2037047 [2] systemd/systemd#21766

Job URL: https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/job/bump-lockfile/84/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile

It's easy for some streams to not be able to package layer the vim package because of the vim RPMs that are already installed in FCOS. This can happen often on streams that aren't stable Fedora releases. Let's just limit this part of the test to streams that are usually based on Fedora stable versions.

Stick with hardware version 13 for now, but switch the OS ID from RHEL 7 to 64-bit Fedora. For coreos/coreos-assembler#2762.

This is currently getting pulled in by systemd, but won't anymore in f36. Let's keep shipping it though since users might be relying on it to manage permissions.

Fixes coreos/ignition#1092

…itly In order to continue to support CNI networks in podman, which is what any existing Fedora <= 35 system is using, we need to continue to ship containernetworking-plugins. It was dropped in [1]. Traditional yum based systems won't uninstall the package on an upgrade, but OSTrees are "baked fresh" every time and won't retain it because it's no longer a dependency. We need to name it explicitly if we want upgrading FCOS users to be able to start their containers. Additionally, since both `containernetworking-plugins` and `netavark` provide `container-network-stack` if we want them both installed we need to name them both in our manifests. [1] https://src.fedoraproject.org/rpms/podman/c/06c601234feac4f5da7b6e1d92430d62f556f3b9

Job URL: https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/job/bump-lockfile/88/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile

supported by NetworkManager. Append rd.net.timeout.dhcp and rd.net.dhcp.retry to kernel parameter when boot, get total dhcp timeout is `rd.net.timeout.dhcp * rd.net.dhcp.retry` seconds. See: - https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/559 - https://bugzilla.redhat.com/show_bug.cgi?id=1879094#c10 - https://bugzilla.redhat.com/show_bug.cgi?id=1877740

Job URL: https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/job/bump-lockfile/89/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile

Triggered by remove-graduated-overrides GitHub Action.

This is still happening reliably. Snooze and keep following up upstream.

Job URL: https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/job/bump-lockfile/93/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile

… to debug kernels It appears that on debug kernels the "/dev/disk/by-label/$label" device *can* not appear at all (some sort of race condition) and thus calling `realpath` on it will fail. Let's just make the call to `realpath` not be fatal so we can workaround this issue that has been around in the kernel for some time. Closes coreos/fedora-coreos-tracker#1092

This is already in the OS as a dependency of moby-engine, but Typhoon is now also relying on this and likely other people deploying Kubernetes on top of FCOS. Unlike cri-o, the versioning of containerd wrt CRI is less tight, which makes baking it into the host easier. Things may change here in the future, and it's likely we will recommend cri-o as an alternative runtime for k8s eventually. But for now, let's at least be more explicit that we're shipping containerd. For more information, see: coreos/fedora-coreos-tracker#767 poseidon/typhoon#899 (comment)

…ition" Issue: coreos/fedora-coreos-tracker#1105 This reverts commit bd7a5c7.

Job URL: https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/job/bump-lockfile/97/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile

The associated script only exists in the initrd. But also, we only need the symlink in the initrd anyway. Fixes 6d7b9ad ("overlay.d: add udev rule for creating stable symlink to boot disk"). Fixes openshift/os#755.

Job URL: https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/job/bump-lockfile/101/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile

The fwupd package is not needed on s390x and causes problems in RHCOS. openshift/os#752 Signed-off-by: Jan Schintag <jan.schintag@de.ibm.com>

appendFirstbootKernelArgs is currently not working on s390x. See: coreos/coreos-assembler#2776 Signed-off-by: Jan Schintag <jan.schintag@de.ibm.com>

Add a description for the kola arguments. Switch the s390x issue for the RFE link. Signed-off-by: Jan Schintag <jan.schintag@de.ibm.com>

Tweak the section talking about how this repo works to reflect the latest state.

We've seen it take 10 minutes to pass this test because the container pull/build can take a long time depending on remote servers. Let's bump the timeout to try to handle slow remote servers.

Triggered by remove-graduated-overrides GitHub Action.

The PR title might be prefixed with a branch name.

Job URL: https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/job/bump-lockfile/108/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile

We've seen it take 10 minutes to pass this test because the container pull/build can take a long time depending on remote servers. Let's bump the timeout to try to handle slow remote servers.

Job URL: https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/job/bump-lockfile/113/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile

Job URL: https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/job/bump-lockfile/117/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile

Triggered by remove-graduated-overrides GitHub Action.

Job URL: https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/job/bump-lockfile/120/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile

Job URL: https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/job/bump-lockfile/124/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile

Job URL: https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/job/bump-lockfile/126/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile

Job URL: https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/job/bump-lockfile/128/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile

A new version of dracut (with the service fix) landed in F36.

Job URL: https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/job/bump-lockfile/132/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile

The fix has landed upstream and we're just waiting for a new rpm build in Fedora. For now let's keep snoozing.

Removed libvarlink-util package for next stream as an initial step to fully drop it

Fixes coreos/fedora-coreos-tracker#1125 This change displays all Ignition warnings on the console. Also, renamed the existing Ignition service to make it more generalized for handling status information about the Ignition run.

Job URL: https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/job/bump-lockfile/136/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile

…for only F35

The way we check the systemd unit status is racy. Instead, wait up to 30 seconds for the service to become active. Instead of grepping the journal, check that a file it should have touched was actually touched. Closes: #1637

Snooze the ext.config.files.dracut-executable test because a new package came in that is causing it to fail. We'll investigate over in coreos/fedora-coreos-tracker#1155.

Job URL: https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/job/bump-lockfile/140/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile

Job URL: https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/job/bump-lockfile/143/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile

Job URL: https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/job/bump-lockfile/146/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile

Job URL: https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/job/bump-lockfile/150/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile

Job URL: https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/job/bump-lockfile/154/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile

In Ignition, we've two config validation checks, the one after fetching a config and the second after merging configs. Sometimes, a warning goes away after merging, however, it's possible that a warning appears in case merging creates a contradiction between two fields. So this workflow eventually sends duplicate warnings in journal entries. Hence, we need to avoid displaying duplicate Ignition warnings on the console. Also, Ignition warnings are highlighted with yelllow.

Triggered by remove-graduated-overrides GitHub Action.

Job URL: https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/job/bump-lockfile/158/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile

The 95nvmf Dracut module has always shipped a non-executable script, but we didn't notice until the rawhide nvme package caused that module to start installing itself. Fix the executable bit until the upstream Dracut fix can propagate. Fixes coreos/fedora-coreos-tracker#1155.

Job URL: https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/job/bump-lockfile/165/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile

Follow up to #1621 (review) This adds kola test coverage for displaying Ignition warnings on the console.

Job URL: https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/job/bump-lockfile/171/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile

The fix still hasn't made it all the way to Fedora 35.

When a user tries to boot a live system with an appended rootfs without enough RAM, the kernel will unpack the initramfs and rootfs until it runs out of memory, and then continue booting with a partial OS image. This causes random confusing boot errors, such as a service failing because its binary is missing, or the rootfs squashfs failing to mount with some error that looks like filesystem corruption. Make this failure less confusing by having timeout.sh try to write a small file, and if that fails, tell the user that they need more RAM. Suppress reporting of unit failures in this case, since the unit logs will just muddy the issue. This works reliably when the rootfs image can't be unpacked, i.e. when the system has a moderate amount of RAM. It doesn't work reliably when we're so low on RAM that the initramfs image can't be unpacked (because the compressed initramfs and rootfs images have used up our RAM); in that case we might be missing important binaries/libraries and boot can fail at any point. It would be possible to construct a more robust detection mechanism, e.g. by running a statically-linked program that's unpacked first. But this can't be completely robust (/sbin/init might not have been unpacked, so we might not boot at all) and doesn't seem worth it for now. This code will also trigger if we run out of RAM in the coreos.live.rootfs_url case, which is nice but less important, since that case produces a clear error during rootfs fetch. Closes coreos/fedora-coreos-tracker#1055.

The reboot and consequently the timeout masked valuable debug information. The reboot also caused some cascading errors due to the fact that the system would try and run as if all required dependencies were satisfied during the first boot. Closes coreos/fedora-coreos-tracker#928.

The WALinuxAgent-udev rpm now installs the udev rules into the initramfs [1] so we can drop this glue code. This reverts commit 8c07b73. [1] https://src.fedoraproject.org/rpms/WALinuxAgent/c/521b67bc8575f53a30b4b2c4e63292e67483a4e1?branch=rawhide

Job URL: https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/job/bump-lockfile/181/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile

Job URL: https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/job/bump-lockfile/183/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile

It's no longer failing so we can drop the denial. xref: coreos/fedora-coreos-tracker#1105 (comment)

Job URL: https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/job/bump-lockfile/188/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile

The fixed systemd unit for the multipathd.socket is now present in RHEL 8.6, RHEL 8.5.z, and RHEL 8.4.z EUS, so let's stop applying the workaround on RHCOS systems. See: https://bugzilla.redhat.com/show_bug.cgi?id=2008101 See: https://bugzilla.redhat.com/show_bug.cgi?id=2054877 See: https://bugzilla.redhat.com/show_bug.cgi?id=2054876

For coreos/ignition#1350.

This fixes the journald issues we've been seeing because it includes the upstream fix from systemd/systemd#22861 Fixes coreos/fedora-coreos-tracker#1108

This is no longer needed because the fix from upstream [1] has made it into systemd-249.12-3.fc35. See [2] This reverts commit a456f26. [1] systemd/systemd#22861 [2] coreos/fedora-coreos-tracker#1108

Job URL: https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/job/bump-lockfile/198/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile

Job URL: https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/job/bump-lockfile/200/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile

Job URL: https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/job/bump-lockfile/204/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile

This is used in coreos-livepxe-rootfs.sh [1], although I'm sure there are probably more places too. [1] https://github.com/coreos/fedora-coreos-config/blob/testing-devel/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-livepxe-rootfs.sh

Job URL: https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/job/bump-lockfile/206/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile

Up until this point people have had to reboot once after setting up kdump so that if a crash happens the crash kernel doesn't get started with the ignition.firstboot kernel argument. If we add `ignition.firstboot` to the list of arguments in `KDUMP_COMMANDLINE_REMOVE=` in `/etc/sysconfig/kdump` then we can set it up on first boot without issues. Here we also switch the kdump.crash test to set up kdump via Ignition to prove out the change works as desired.

The kdump.crash test on the rawhide stream for aarch64 has started taking just longer than 10 minutes. Let's extend the timeout so those tests don't timeout and fail the entire run. Also added comments for the test's kola.json arguments.

In our documentation [1] we recommend setting it to 300M as a starting baseline. Let's update from 256M to 300M here. [1] https://docs.fedoraproject.org/en-US/fedora-coreos/debugging-kernel-crashes/

The irqpoll` karg that gets added when the crash kernel is started causes issues on AWS aarch64 instances. Let's workaround by removing that from `KDUMP_COMMANDLINE_APPEND` in `/etc/sysconfig/kdump` for now. See coreos/fedora-coreos-tracker#1187

This move the `arch-include` statments to `conditional-include`, which allows us to use `!=`. In this case what we were really trying to target was s390x IIUC.

Instead of writing to journal, we just check a file the service should have touched and test that it exists. Closes: coreos/fedora-coreos-tracker#1190

Job URL: https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/job/bump-lockfile/212/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile

Reimplement tests from mantle/kola/tests/ignition/resource.go: - coreos.ignition.resource.remote - coreos.ignition.resource.s3 - coreos.ignition.resource.s3.versioned (merged into .remote test, since it's only separate for historical reasons)

We were testing versioned resource fetch via HTTPS but not via s3://.

The previous bucket is in a deprecated AWS account.

We had a couple hardcoded checks that weren't caught. Fixes: 275f85c ("tests/kola/ignition: move S3 test fixtures to a new bucket")

Signed-off-by: Jan Schintag <jan.schintag@de.ibm.com>

Now that we have waited an amount of time let's drop libvarlink-util altogether. Closes coreos/fedora-coreos-tracker#1130

Job URL: https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/job/bump-lockfile/214/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile

Make it clearer that the purpose of the test is to check authenticated S3 access.

kola calls the platform "gce" for historical reasons.

Job URL: https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/job/bump-lockfile/220/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile

Triggered by remove-graduated-overrides GitHub Action.

The output of `chronyc sources` on GCP contains the resolved IP address, even though the config we write uses the hostname. GCP documents[1] the IP address of the metadata server as 169.254.169.254 so we can just hardcode it here like we do for AWS. [1] https://cloud.google.com/compute/docs/internal-dns

Job URL: https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/job/bump-lockfile/222/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile

Also seeded the architecture specific lockfiles from `next-devel`.

Now that everything has switched over to Fedora 36 let's drop the podman v4 conditional include and merge it over into the main fedora-coreos-base.yaml manifest file.

This service was used for people who wanted to stay on iptables-legacy. Now that there has been a barrier release it is no longer needed. Also move the iptables-nft enablement into fedora-coreos-base and delete related tests.

This has landed in all Fedora/RHEL that we care about now so we can drop the workaround and the test.

…path service fix We are now on Fedora 36 and don't need to check versions any longer.

…ator No longer a problem in F36. See coreos/fedora-coreos-tracker#1059 (comment)

We are on Fedora 36+ now.

Seems more appropriate to be under the selinux category since we're just checking the selinux contexts of a file there.

They both test systemd-resolved so let's just combine them. - kola/networking/resolv/resolv - kola/networking/resolv/systemd-resolved-service now become: - kola/networking/resolv/systemd-resolved

Not needed any longer now that we are on Fedora 35+ everywhere.

Now that Fedora 36 is out let's use containers based on Fedora 36.

Has fixes for selinux UX. See coreos/fedora-coreos-tracker#701

Job URL: https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/job/bump-lockfile/225/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile

Job URL: https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/job/bump-lockfile/226/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile

When running Git in a containerized job, we need to tell it that repos not owned by the current user are safe.

Let's make sure the kdump service was started without issue before continuing. I saw this fail in a test on s390x (kdumpctl has issues there).

This seems to make the test no longer fail. We still need to investigate the root cause. See coreos/fedora-coreos-tracker#1195

The srpms subcommand was reporting all SRPMs attached to the specified Bodhi update, even if some of those didn't have any binary RPMs included in our lockfiles. This was causing add-override.yml to put spurious SRPM names in its commit titles. Report only SRPMs that are relevant to us.

Job URL: https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/job/bump-lockfile/231/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile

Job URL: https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/job/bump-lockfile/234/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile

Test the new ARN support in Ignition 2.14.0. S3 access points can't be accessed anonymously, so even the public objects need to be tested from inside an EC2 instance.

Have ext.config.ignition.resource.remote use the new noInstanceCreds flag to disable instance credentials in EC2 and GCE instances, so the test fetches resources anonymously. Move the checks for authenticated access of public objects into the authenticated-* tests.

Ignition 2.14.0 adds ignition-delete-config.service, which deletes Ignition configs from VMware and VirtualBox on first boot. Add coreos-ignition-delete-config.service to do the same thing on existing machines on upgrade, using a stamp file in /var/lib to avoid multiple runs. Add a drop-in for ignition-delete-config.service that creates a stamp file in /run, and then chain from that stamp to the long-term stamp in /var/lib, ensuring that we don't delete configs twice on newly- provisioned machines. The upstream service can't create the stamp directly in /var/lib because it runs before /var is mounted. Prevent coreos-ignition-delete-config.service from running if ignition-delete-config.service is masked, ensuring that the mask operation documented upstream prevents the config from ever being deleted, as intended. We can remove this after the next barrier release in FCOS and barrier equivalent in RHCOS.

Test for: coreos/fedora-coreos-tracker#392

Job URL: https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/job/bump-lockfile/237/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile

Fixes an issue in ceph. Closes coreos/fedora-coreos-tracker#1167

The update for ostree-2022.3-2.fc36 [1] was obsoleted in bodhi. [1] https://bodhi.fedoraproject.org/updates/FEDORA-2022-893b870b9b

Some commands are designed to output parseable data on stdout. Let's consistently use stderr for informational output.

Job URL: https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/job/bump-lockfile/238/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile

Job URL: https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/job/bump-lockfile/239/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile

Job URL: https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/job/bump-lockfile/241/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile

Triggered by remove-graduated-overrides GitHub Action.

Job URL: https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/job/bump-lockfile/242/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile

History goes in cycles. One of the key original raison d'être of ostree was having people consume git main/master of projects. But... because RPM doesn't make it easy to revert things, we really end up going only at the same speed as the rest of Fedora sadly. Anyways, we've talked about this a few times in FCOS; xref coreos/fedora-coreos-tracker#910 This adds a container image that is built *as* a container layering on top of the base image, using the recently landed coreos/rpm-ostree#3605 My plan is to add build automation (in the pipeline? or OCP Prow?) that sticks this at e.g. `quay.io/coreos-assembler/fcos:35-continous`.

Triggered by remove-graduated-overrides GitHub Action.

It turns out kdump has a tool that can be used to estimate the appropriate size for the crashkernel reserved memory known as `kdumpctl estimate`. On FCOS/RHCOS here are the numbers I saw for the architectures in our universe: - 161M aarch64 FCOS - 448M aarch64 RHCOS - 134M ppc64le FCOS - 384M ppc64le RHCOS - 192M s390x FCOS - 160M s390x RHCOS - 157M x86_64 FCOS - 165M x86_64 RHCOS Bump the crashkernel here to 500M to handle our worst case and also add a check to make sure that if we ever are under the minimum recommended size we'll get notified.

Job URL: https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/job/bump-lockfile/244/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile

Triggered by remove-graduated-overrides GitHub Action.

Right now, `next-devel` and `branched` are inactive. But to reduce churn, the `remove-graduated-overrides` GitHub Action is left running on those branches since it's harmless. However, the repos on inactive branches might not be valid, causing workflow failures. But anyway, there are no active overrides on these branches, so we can work around this by exiting earlier. I think a more appropriate fix for this is to query whether `next-devel` is open or closed (though we'd need something similar for `branched` too), but we do also want this optimization anyway.

see coreos/fedora-coreos-tracker#1209

Job URL: https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/job/bump-lockfile/245/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile

Job URL: https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/job/bump-lockfile/246/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile

Job URL: https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/job/bump-lockfile/248/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile

As mentioned in coreos/fedora-coreos-tracker#1209, due to upstream changes, our current mechanism for testing if RANDOM_TRUST_CPU is enabled is no longer valid. Lets instead check the kernel config file to get the same information. fixes: coreos/fedora-coreos-tracker#1209

…hide" This reverts commit 13b9560. coreos/fedora-coreos-tracker#1209 has been fixed by #1764. We can once again enable this test on rawhide.

Job URL: https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/job/bump-lockfile/249/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile

Job URL: https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/job/bump-lockfile/250/ Job definition: https://github.com/coreos/fedora-coreos-pipeline/blob/main/jobs/bump-lockfile.Jenkinsfile

We're seeing a weird failure there. Let's denylist it for now while it is investigated. See coreos/fedora-coreos-tracker#1215

Upstream NM started adding a readme-ifcfg-rh.txt file to explain and encourage people to use keyfiles instead. This file doesn't do anything, but breaks our logic that tries to determine if the user provided networking config to the machine. This file was added upstream in https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/96d7362

Add a check to the no-default-initramfs-net-propagation test to make sure there aren't any unknown files in /etc/sysconfig/network-scripts/. This will allow us to drop the a corresponding test from mantle/kola [1]. [1] https://github.com/coreos/coreos-assembler/blob/5ee768b7ea069c08a7fa0b5b36dbb03bc9cd19ee/mantle/kola/tests/coretest/core.go#L251-L264

cosa create_disk.sh and gf-set-platform will read this. create_disk.sh will also save a JSON version for the relevant architecture to /boot/coreos/platforms.json for coreos-installer.

Add platform-specific console configuration metadata #1181

Add platform-specific console configuration metadata #1181

Commits on Feb 9, 2022

Commits on Feb 10, 2022

Commits on Feb 11, 2022

Commits on Feb 13, 2022

Commits on Feb 14, 2022

Commits on Feb 16, 2022

Commits on Feb 17, 2022

Commits on Feb 18, 2022

Commits on Feb 19, 2022

Commits on Feb 20, 2022

Commits on Feb 21, 2022

Commits on Feb 22, 2022

Commits on Feb 24, 2022

Commits on Feb 25, 2022

Commits on Feb 27, 2022

Commits on Feb 28, 2022

Commits on Mar 1, 2022

Commits on Mar 2, 2022

Commits on Mar 3, 2022

Commits on Mar 4, 2022

Commits on Mar 6, 2022

Commits on Mar 7, 2022

Commits on Mar 8, 2022

Commits on Mar 9, 2022

Commits on Mar 11, 2022

Commits on Mar 13, 2022

Commits on Mar 15, 2022

Commits on Mar 16, 2022

Commits on Mar 17, 2022

Commits on Mar 18, 2022

Commits on Mar 19, 2022

Commits on Mar 20, 2022

Commits on Mar 21, 2022

Commits on Mar 22, 2022

Commits on Mar 23, 2022

Commits on Mar 24, 2022

Commits on Mar 25, 2022

Commits on Mar 26, 2022

Commits on Mar 27, 2022

Commits on Mar 28, 2022

Commits on Mar 29, 2022

Commits on Mar 31, 2022

Commits on Apr 1, 2022

Commits on Apr 2, 2022

Commits on Apr 3, 2022

Commits on Apr 4, 2022

Commits on Apr 5, 2022

Commits on Apr 6, 2022

Commits on Apr 7, 2022

Commits on Apr 8, 2022

Commits on Apr 9, 2022

Commits on Apr 10, 2022

Commits on Apr 11, 2022

Commits on Apr 13, 2022

Commits on Apr 14, 2022

Commits on Apr 15, 2022

Commits on Apr 18, 2022

Commits on Apr 20, 2022

Commits on Apr 21, 2022

Commits on Apr 22, 2022

Commits on Apr 23, 2022

Commits on Apr 24, 2022

Commits on Apr 26, 2022

Commits on Apr 27, 2022

Commits on Apr 28, 2022

Commits on Apr 29, 2022

Commits on Apr 30, 2022

Commits on May 2, 2022

Commits on May 3, 2022

Commits on May 4, 2022

Commits on May 5, 2022

Commits on May 6, 2022

Commits on May 7, 2022

Commits on May 8, 2022

Commits on May 9, 2022

Commits on May 11, 2022

Commits on May 12, 2022

Commits on May 13, 2022