Switch to CentOS stream9 builder #2087
Conversation
kubevirt-bot
added
release-note
|
/hold |
kubevirt-bot
added
the
do-not-merge/hold
maya-r
force-pushed
the
centos-builder-again
branch
from
7188138
to
fed3448
Compare
|
/hold cancel |
kubevirt-bot
removed
the
do-not-merge/hold
|
/hold |
kubevirt-bot
added
the
do-not-merge/hold
|
If this is ready can you take the hold off? |
|
So #1983 is for updating the output containers to use centos stream 9? I am not sure if we can separate the two. The builder image builds the binaries which eventually end up in the target containers. So we would have binaries build on centos 9 being deposited into fedora 33 containers. I am fine with a short period of this being out of sync, but is #1983 ready as well? |
|
If you don't switch at the same time the builder and the base container images, you could end up having a mismatch with the dynamic libraries and symbols. It already happen with a too old fedora package for libnbd (see this comment). This could happen even more likely if the 2 environments have 2 different OSes. |
Signed-off-by: Maya Rashish <mrashish@redhat.com>
maya-r
force-pushed
the
centos-builder-again
branch
from
fed3448
to
b74bc9b
Compare
|
/hold cancel |
kubevirt-bot
removed
the
do-not-merge/hold
|
Yeah, unfortunately our current workflow requires there to be a small window of mismatch between builder and base image. |
|
@awels both PRs are as ready as they can be - the second one needs to update BUILDER_IMAGE to the checksum that will be generated once this PR is merged. |
The builder is built including the changes in kubevirt#2087 Signed-off-by: Maya Rashish <mrashish@redhat.com>
This comment was marked as off-topic.
This comment was marked as off-topic.
|
Oops, this is the wrong PR |
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: mhenriks The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
kubevirt-bot
added
the
approved
|
/retest |
|
/test pull-containerized-data-importer-e2e-k8s-1.21-hpp |
|
/retest-required |
Signed-off-by: Maya Rashish <mrashish@redhat.com>
Signed-off-by: Maya Rashish <mrashish@redhat.com>
Signed-off-by: Maya Rashish <mrashish@redhat.com>
Signed-off-by: Maya Rashish <mrashish@redhat.com>
Signed-off-by: Maya Rashish <mrashish@redhat.com>
* Retire ember LVM code, unused (Rationale: avoid having to change more things for changing the base image) Signed-off-by: Maya Rashish <mrashish@redhat.com> * Remove unreferenced files from WORKSPACE Signed-off-by: Maya Rashish <mrashish@redhat.com> * Switch to centos:stream9 as a base image. It has a significantly longer support cycle than Fedora releases, and supposedly offers vulnerability scans. Add a tinyCore.vdi to the repo instead of generating it. The centos qemu-img has read-only VDI support, so we can't generate it. Generate it using my system and add to the file-host. Signed-off-by: Maya Rashish <mrashish@redhat.com> * Use full names for pulls from dockerhub CentOS doesn't like short tags Signed-off-by: Maya Rashish <mrashish@redhat.com> * Avoid specifying checksum for CentOS images. They expire faster than we can update checksums, this is unfortunate but perhaps they will soon publish images at a lower rate allowing us to keep up. Signed-off-by: Maya Rashish <mrashish@redhat.com> * Bump number of open file limit to avoid bazel crashes Signed-off-by: Maya Rashish <mrashish@redhat.com> * Update builder to include #2087, builder based on centos stream9 Signed-off-by: Maya Rashish <mrashish@redhat.com> * Update checksums that seem wrong Signed-off-by: Maya Rashish <mrashish@redhat.com> * Update ovirt links: old ones were removed Signed-off-by: Maya Rashish <mrashish@redhat.com> * Remove unused RPMs Noticed due to: duplicated checksum but no problem in testsuite, lack of aarch64 equivalent. Signed-off-by: Maya Rashish <mrashish@redhat.com> * Put nbdkit-vddk-plugin back for amd64. Signed-off-by: Maya Rashish <mrashish@redhat.com> * Use quay.io instead of dockerhub. Signed-off-by: Maya Rashish <mrashish@redhat.com> * Install util-linux-core for /usr/sbin/blockdev Needed after #2174 Signed-off-by: Maya Rashish <mrashish@redhat.com> * Update nbdkit/libnbd/nginx/ovirt versions to the latest The previous version we were using can't be fetched any more Signed-off-by: Maya Rashish <mrashish@redhat.com> * Generate our own CentOS stream9 image using RPMs Now updating the dependencies can be done by running `make rpm-deps` and committing the change, like kubevirt. This creates a small complication that we need to run update-ca-trust to trust root CAs. Do this on the pod, using the entrypoint to do so. Use a single image with all the dependencies for the test tools, we don't benefit from making them minimal and it saved some trouble in the conversion. Signed-off-by: Maya Rashish <mrashish@redhat.com> * Fixup imageio test container Run update-ca-trust and update-crypto-policies before running ovirt-imageio, to stop error messages. Signed-off-by: Maya Rashish <mrashish@redhat.com>
What this PR does / why we need it:
Had some trouble building the centos builder on CI.
@mhenriks reverted it to be able to make some changes - let's re-introduce this change.
Special notes for your reviewer:
Release note: