Make kargs.sh work with systemd service and for Ubuntu #847
Conversation
|
Thanks for your PR,
To skip the vendors CIs, Maintainers can use one of:
|
e0ne
force-pushed
the
ubuntu-kargs
branch
4 times, most recently
from
5ab8f47 to
8d58511
Compare
e0ne
force-pushed
the
ubuntu-kargs
branch
2 times, most recently
from
1d136d7 to
508a194
Compare
e0ne
force-pushed
the
ubuntu-kargs
branch
3 times, most recently
from
aea78cf to
659a0ab
Compare
| } | ||
|
|
||
| // editKernelArg Tries to add the kernel args via ostree or grubby. | ||
| func editKernelArg(helper helper.HostHelpersInterface, mode, karg string) error { |
There was a problem hiding this comment.
Will this logic really work in the systemd mode? How it will behaves?
- Reboot
- systemd service exec
- systemd service edited the grub config
- Host booted
- sriov-daemon pod starts
- sriov-daemon detects that running kernel is missing required args
- host reboot again
- ...
- stable state
Is the sequence above describes the flow properly?
There was a problem hiding this comment.
in systemd mode kernel arg are configured by sriov-service so it doesn't do reboot loop
There was a problem hiding this comment.
@e0ne wont kernel args be applied only after reboot ?
hence two reboots will be required for this case ?
(unless we set kargs in daemon even in systemd mode)
| - /bin/bash | ||
| - -c | ||
| - mkdir -p /host/var/lib/sriov/ && cp /usr/bin/sriov-network-config-daemon /host/var/lib/sriov/sriov-network-config-daemon && chcon -t bin_t /host/var/lib/sriov/sriov-network-config-daemon | true # Allow systemd to run the file, use pipe true to not failed if the system doesn't have selinux or apparmor enabled | ||
| - mkdir -p /host/var/lib/sriov/ && cp /usr/bin/sriov-network-config-daemon /host/var/lib/sriov/sriov-network-config-daemon && chcon -t bin_t /host/var/lib/sriov/sriov-network-config-daemon | true && cp /bindata/scripts/kargs.sh /host/var/lib/sriov/kargs.sh && chcon -t bin_t /host/var/lib/sriov/kargs.sh | true # Allow systemd to run the file, use pipe true to not failed if the system doesn't have selinux or apparmor enabled |
There was a problem hiding this comment.
I think the original command has issue. Should it has || (or) instead of | (pipe)? The same question for the changes you added.
There was a problem hiding this comment.
yes, we need to fix it and we should we need to think how to simplify this line. thanks for pointing me on this!
There was a problem hiding this comment.
just tested again: we need only one | to not fail if chcon execution failed
There was a problem hiding this comment.
Yes, this will work because | will mask errors from the previous command (by default, if set -o pipefail is not set). The || looks cleaner to me, but I'm okay to keep the current implementation.
| args=$(chroot /host/ cat /proc/cmdline) | ||
|
|
||
| IS_OS_UBUNTU=true; [[ "$(chroot /host/ grep -i ubuntu /etc/os-release -c)" == "0" ]] && IS_OS_UBUNTU=false | ||
| if [[ -d "/bindata/scripts" ]];then |
There was a problem hiding this comment.
nit :add comment, its non obvious that in this case we run in from config daemon and the other by system service.
There was a problem hiding this comment.
can you check the comment again. it might have been dropped by a git rebase
There was a problem hiding this comment.
I don't see the comment also
adrianchiris
left a comment
adrianchiris
left a comment
There was a problem hiding this comment.
overall LGTM. some minor nits.
e0ne
force-pushed
the
ubuntu-kargs
branch
3 times, most recently
from
b43840c to
6a5d7e8
Compare
e0ne
force-pushed
the
ubuntu-kargs
branch
3 times, most recently
from
04df2c0 to
c5ffada
Compare
Pull Request Test Coverage Report for Build 19567899770Details
💛 - Coveralls |
e0ne
force-pushed
the
ubuntu-kargs
branch
2 times, most recently
from
ae0761d to
9d4fd60
Compare
| cp /usr/bin/sriov-network-config-daemon /host/var/lib/sriov/sriov-network-config-daemon | ||
| chcon -t bin_t /host/var/lib/sriov/sriov-network-config-daemon || true # Allow systemd to run the file, use pipe true to not failed if the system doesn't have selinux or apparmor enabled | ||
| cp /bindata/scripts/kargs.sh /host/var/lib/sriov/kargs.sh | ||
| chcon -t bin_t /host/var/lib/sriov/kargs.sh | true # Allow systemd to run the file, use pipe true to not failed if the system doesn't have selinux or apparmor enabled |
There was a problem hiding this comment.
nit: mind making congruent to L127?
| chcon -t bin_t /host/var/lib/sriov/kargs.sh | true # Allow systemd to run the file, use pipe true to not failed if the system doesn't have selinux or apparmor enabled | |
| chcon -t bin_t /host/var/lib/sriov/kargs.sh || true # Allow systemd to run the file, use pipe true to not failed if the system doesn't have selinux or apparmor enabled |
|
@SchSeba could you please review this PR? |
| fi | ||
|
|
||
| echo $ret | ||
| echo $ret |
There was a problem hiding this comment.
nit: no new line at the end
| fi | ||
| done | ||
|
|
||
| if [ $found == false ];then |
There was a problem hiding this comment.
what will happen if we have a karg already set with a certain value and we want to change to a different value ?
example:
current grub cmdline args have: ib_core.netns_mode=1 then we want to set (using kargs.sh) ib_core.netns_mode=0
in this case we will end up with both set in grub cmdline IIUC since we compare the full key=val
i think we have the same issue with rpm-ostree as well as we use only append and delete.
imo we need to seach for the key of the karg first, if exists and its value is different then we remove and readd with new value (rpm-ostree has --replace flag)
There was a problem hiding this comment.
This can be addressed as a separate PR though, as we have the same issue with rpm-ostree as well.
There was a problem hiding this comment.
Let's address it in a follow-up PR both for Ubuntu and RHEL-based OSes
There was a problem hiding this comment.
+1 from my side to handle it on a following up PR.
please if you can just open an issue so we don't forget about it
|
Hi @e0ne, I must say I don't follow this change. but inside the script we still have pointers to /hold |
hi @SchSeba. I updated my PR with a fix |
|
Hi guys, what about adding debian support? |
We don't test Debian but I suppose it should work. We'll be glad to review PR with Debian support |
| if _, err := os.Stat(consts.Host); errors.Is(err, os.ErrNotExist) { | ||
| script = systemdScriptsPath | ||
| } | ||
| _, _, err := helper.RunCommand("/bin/bash", script, mode, karg) |
There was a problem hiding this comment.
can we stay with sh here as before? or swtich the other calls to bash but please lets be consistent
There was a problem hiding this comment.
an updated scripts doesn't work with sh beacause it uses bash. do we want ti switch to bash everywhere?
| // general | ||
| hostHelper.EXPECT().Chroot(gomock.Any()).Return(func() error { return nil }, nil).AnyTimes() | ||
| hostHelper.EXPECT().RunCommand("/bin/sh", gomock.Any(), gomock.Any(), gomock.Any()).Return("", "", nil).AnyTimes() | ||
| hostHelper.EXPECT().RunCommand("/bin/bash", gomock.Any(), gomock.Any(), gomock.Any()).Return("", "", nil).AnyTimes() |
There was a problem hiding this comment.
please check the comment below about this
bindata/scripts/kargs.sh
Outdated
| ret=0 | ||
| args=$(chroot /host/ cat /proc/cmdline) | ||
|
|
||
| IS_OS_UBUNTU=true; [[ "$(chroot /host/ grep -i ubuntu /etc/os-release -c)" == "0" ]] && IS_OS_UBUNTU=false |
There was a problem hiding this comment.
question how this one will work when we run on systemd mode?
the /host folder doesn't exist in the host itself only inside the container.
bindata/scripts/kargs.sh
Outdated
| if ${IS_OS_UBUNTU} ; then | ||
| grub_config="/etc/default/grub" | ||
| # Operate on the copy of the file | ||
| cp /host/${grub_config} /tmp/grub |
There was a problem hiding this comment.
question how this one will work when we run on systemd mode?
the /host folder doesn't exist in the host itself only inside the container.
I've tested this patch on Debian by editing Everything works fine, is it really necessary to support Debian within a another request? |
| @@ -1,63 +1,144 @@ | |||
| #!/bin/bash | |||
| # Copyright 2025 sriov-network-device-plugin authors | |||
There was a problem hiding this comment.
I think this copy right is wrong no?
| args=$(chroot /host/ cat /proc/cmdline) | ||
|
|
||
| IS_OS_UBUNTU=true; [[ "$(chroot /host/ grep -i ubuntu /etc/os-release -c)" == "0" ]] && IS_OS_UBUNTU=false | ||
| if [[ -d "/bindata/scripts" ]];then |
There was a problem hiding this comment.
I don't see the comment also
| if ${IS_OS_UBUNTU} ; then | ||
| grub_config="/etc/default/grub" | ||
| # Operate on the copy of the file | ||
| cp ${chroot_path}/${grub_config} /tmp/grub |
There was a problem hiding this comment.
remote the /
${chroot_path}/${grub_config} -> ${chroot_path}${grub_config}
|
|
||
| if [ $ret -ne 0 ];then | ||
| # Update grub only if there were changes | ||
| cp /tmp/grub ${chroot_path}/${grub_config} |
There was a problem hiding this comment.
same here lets remove the /
| if _, err := os.Stat(consts.Host); errors.Is(err, os.ErrNotExist) { | ||
| script = systemdScriptsPath | ||
| } | ||
| _, _, err := helper.RunCommand("/bin/bash", script, mode, karg) |
There was a problem hiding this comment.
can we just pass here if we are in chroot or not (boolean) and just use it in the script? this way we can remove the not clear check if [[ -d "/bindata/scripts" ]];then?
Signed-off-by: Ivan Kolodiazhnyi <[email protected]>
Many customers rely on the Ubuntu operating system, and the ability to automatically update GRUB parameters is essential. Signed-off-by: Aleksey Senin <[email protected]>
8 participants
No description provided.