From fb5a22332b7653acc9316aaedc203da8a60cfd2c Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Thu, 2 Sep 2021 13:07:33 -0400 Subject: [PATCH] update: Always use `podman pull+cp` A while ago we switched to using `oc image extract` in order to reduce the I/O writes done to the host, but it turned out that doesn't yet work in disconnected environments that need ImageContentSourcePolicy. Now, in https://bugzilla.redhat.com/show_bug.cgi?id=2000195 we discovered that the podman fallback broke due to `user.*` extended attributes in the content (which will be removed soon hopefully). But still, a good part of the value proposition of OpenShift is that we work *consistently* across platforms. Having two ways to apply OS updates is not worth the maintenance overhead. Eventually this flow will be more native to rpm-ostree, xref https://github.com/coreos/fedora-coreos-tracker/issues/812 and https://github.com/ostreedev/ostree-rs-ext/#module-container-encapsulate-ostree-commits-in-ocidocker-images --- pkg/daemon/update.go | 25 +++++-------------------- 1 file changed, 5 insertions(+), 20 deletions(-) diff --git a/pkg/daemon/update.go b/pkg/daemon/update.go index e8832c54dc..b905920c23 100644 --- a/pkg/daemon/update.go +++ b/pkg/daemon/update.go @@ -288,10 +288,6 @@ func podmanCopy(imgURL, osImageContentDir string) (err error) { // Note that since we do this in the MCD container, cluster proxy configuration must also be injected // into the container. See the MCD daemonset. func ExtractOSImage(imgURL string) (osImageContentDir string, err error) { - var registryConfig []string - if _, err := os.Stat(kubeletAuthFile); err == nil { - registryConfig = append(registryConfig, "--registry-config", kubeletAuthFile) - } if err = os.MkdirAll(osImageContentBaseDir, 0755); err != nil { err = fmt.Errorf("error creating directory %s: %v", osImageContentBaseDir, err) return @@ -301,24 +297,13 @@ func ExtractOSImage(imgURL string) (osImageContentDir string, err error) { return } - if err = os.MkdirAll(osImageContentDir, 0755); err != nil { - err = fmt.Errorf("error creating directory %s: %v", osImageContentDir, err) + // In 4.8 we were running `oc image extract` but that doesn't work yet + // in disconnected, so right now in order to avoid two ways to do it + // with potentially different bugs, let's always use podman. + // xref https://bugzilla.redhat.com/show_bug.cgi?id=2000195 + if err = podmanCopy(imgURL, osImageContentDir); err != nil { return } - - // Extract the image - args := []string{"image", "extract", "--path", "/:" + osImageContentDir} - args = append(args, registryConfig...) - args = append(args, imgURL) - if _, err = pivotutils.RunExtBackground(cmdRetriesCount, "oc", args...); err != nil { - // Workaround fixes for the environment where oc image extract fails. - // See https://bugzilla.redhat.com/show_bug.cgi?id=1862979 - glog.Infof("Falling back to using podman cp to fetch OS image content") - if err = podmanCopy(imgURL, osImageContentDir); err != nil { - return - } - } - return }