Add a hidden 'publish' command to CRI-O #5129

fgiudici · 2021-07-26T15:55:02Z

What type of PR is this?

/kind feature

What this PR does / why we need it:

The containerd shimv2 specification provides a 'publish-binary'
argument to allow reporting events from the shim up to the container
engine. The call to the publish binary is in the form:
$PUBLISH_BIN --address $ADDRESS publish --topic $TOPIC --namespace $NS

Usually the publish binary is the container engine itself: containerd
supports the "publish" command and shimv2 implementations use by
default the container engine as the publish binary.
Allow CRI-O to accept the "publish" command as required by the containerd
shimv2 specification, just ignoring the events without reporting errors.

Which issue(s) this PR fixes:

Right now when a kata-containers shimv2 workload is run with CRI-O,
the CRI-O binary is called by the containerd-shimv2 binary for every
sandbox event (e.g., sandbox creation, deletion, ...).
CRI-O returns an error as doesn't support the "publish" format above,
causing the containerd-shim-kata-v2 implementation to report an error
in the logs for each event.
Sample error:
time="2021-07-26T17:23:11.726445138+02:00" level=error msg="post event" error="failed to publish event: exit status 1" name=containerd-shim-v2 pid=9478 sandbox=6714bbfe5d600dc8c24f2c0fcf2e14857eb14cf85605aa213bb92660725335f3 source=containerd-kata-shim-v2

Special notes for your reviewer:

The "--address" global argument and "publish" command added are set to hidden but accepted without returning any error.

Does this PR introduce a user-facing change?

None

openshift-ci · 2021-07-26T15:55:10Z

Hi @fgiudici. Thanks for your PR.

I'm waiting for a cri-o member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

fidencio · 2021-07-26T15:57:19Z

/ok-to-test

fgiudici · 2021-07-26T15:58:02Z

/test ami_fedora

codecov · 2021-07-26T16:01:43Z

Codecov Report

Merging #5129 (ed5eaee) into master (a414fed) will decrease coverage by 0.01%.
The diff coverage is 0.00%.

❗ Current head ed5eaee differs from pull request most recent head 48ce34d. Consider uploading reports for the commit 48ce34d to get more accurate results

@@            Coverage Diff             @@
##           master    #5129      +/-   ##
==========================================
- Coverage   43.91%   43.89%   -0.02%     
==========================================
  Files         110      110              
  Lines       11453    11458       +5     
==========================================
  Hits         5030     5030              
- Misses       5946     5951       +5     
  Partials      477      477

fgiudici · 2021-07-26T16:52:14Z

/test ami_fedora

saschagrunert

LGTM

saschagrunert · 2021-07-27T06:46:34Z

Ah the completions have to be updated: https://github.com/cri-o/cri-o/pull/5129/checks?check_run_id=3163396027

fgiudici · 2021-07-27T06:52:16Z

Ah the completions have to be updated: https://github.com/cri-o/cri-o/pull/5129/checks?check_run_id=3163396027

Oh, right, thanks Sascha!

fgiudici · 2021-07-27T16:38:09Z

/test ami_fedora

fidencio · 2021-07-27T16:50:13Z

LGTM, as long as CI passes.
Thanks @fgiudici!

fgiudici · 2021-07-27T17:27:25Z

/retest

haircommander · 2021-07-27T20:26:11Z

you've still got some completions issues :\

TomSweeneyRedHat · 2021-07-27T23:59:20Z

LGTM
assuming happy tests
3 are not at the moment

fgiudici · 2021-07-28T07:12:07Z

@haircommander , @TomSweeneyRedHat : thanks, sure, I have to fix completion still (Update: DONE!).
I am using this PR to test a new Fedora 34 AMI image for CI, so I am taking this slowly...
retested all to see if the integration test would pass (it did). I expected also the e2e_crun_cgroupv2 would have passed, let's see after I will update with the completion. Thanks!

fgiudici · 2021-07-28T09:41:02Z

/test ami_fedora

fgiudici · 2021-07-28T12:56:56Z

/test ami_fedora

fgiudici · 2021-07-28T13:20:08Z

/test ami_fedora

fgiudici · 2021-07-28T14:01:28Z

/test ami_fedora

saschagrunert

/lgtm

fgiudici · 2021-07-30T12:36:13Z

/override ci/openshift-jenkins/ami_fedora

openshift-ci · 2021-07-30T12:36:15Z

@fgiudici: fgiudici unauthorized: /override is restricted to Repo administrators, approvers in top level OWNERS file.

Details

In response to this:

/override ci/openshift-jenkins/ami_fedora

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

The containerd shimv2 specification provides a 'publish-binary' argument to allow reporting events from the shim up to the container engine. The call to the publish binary is in the form: $PUBLISH_BIN --address $ADDRESS publish --topic $TOPIC --namespace $NS Usually the publish binary is the container engine itself: containerd supports the "publish" command and shimv2 implementations use by default the container engine as the publish binary. Right now when a kata-containers shimv2 workload is run with CRI-O, the CRI-O binary is called by the containerd-shimv2 binary for every sandbox event (e.g., sandbox creation, deletion, ...). CRI-O returns an error as doesn't support the "publish" format above, causing the containerd-shim-kata-v2 implementation to report an error for each event in the logs. Sample error: time="2021-07-26T17:23:11.726445138+02:00" level=error msg="post event" error="failed to publish event: exit status 1" name=containerd-shim-v2 pid=9478 sandbox=6714bbfe5d600dc8c24f2c0fcf2e14857eb14cf85605aa213bb92660725335f3 source=containerd-kata-shim-v2 Allow CRI-O to support the "publish" command as per the containerd shimv2 specification, just ignoring the events without reporting any error. Signed-off-by: Francesco Giudici <[email protected]>

fgiudici · 2021-08-04T11:25:44Z

rebased

fgiudici · 2021-08-04T13:45:03Z

/retest-required

fgiudici · 2021-08-04T15:29:22Z

/test e2e_cgroupv2

fgiudici · 2021-08-04T16:33:05Z

/test integration_cgroupv2

saschagrunert

/lgtm

openshift-ci · 2021-08-05T07:16:20Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: fgiudici, saschagrunert

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

~~OWNERS~~ [saschagrunert]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

haircommander · 2021-08-05T16:04:11Z

/unhold

openshift-bot · 2021-08-05T16:06:01Z

/retest-required

Please review the full test history for this PR and help us cut down flakes.

openshift-bot · 2021-08-05T22:26:19Z

/retest-required

Please review the full test history for this PR and help us cut down flakes.

openshift-bot · 2021-08-05T22:39:18Z

/retest-required

Please review the full test history for this PR and help us cut down flakes.

openshift-bot · 2021-08-05T22:52:19Z

/retest-required

Please review the full test history for this PR and help us cut down flakes.

openshift-bot · 2021-08-05T23:57:19Z

/retest-required

Please review the full test history for this PR and help us cut down flakes.

openshift-bot · 2021-08-06T04:30:11Z

/retest-required

Please review the full test history for this PR and help us cut down flakes.

openshift-bot · 2021-08-06T04:42:09Z

/retest-required

Please review the full test history for this PR and help us cut down flakes.

openshift-ci · 2021-08-06T06:55:20Z

@fgiudici: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Rerun command
ci/openshift-jenkins/ami_fedora	`9826c3f`	link	`/test ami_fedora`
ci/openshift-jenkins/e2e_crun_cgroupv2	`48ce34d`	link	`/test e2e_cgroupv2`

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

fgiudici · 2021-08-06T07:24:16Z

/retest-required

openshift-bot · 2021-08-06T07:42:09Z

/retest-required

Please review the full test history for this PR and help us cut down flakes.

fgiudici requested review from mrunalp and runcom as code owners July 26, 2021 15:55

openshift-ci bot added release-note-none Denotes a PR that doesn't merit a release note. kind/feature Categorizes issue or PR as related to a new feature. dco-signoff: yes Indicates the PR's author has DCO signed all their commits. labels Jul 26, 2021

openshift-ci bot requested review from fidencio and sameo July 26, 2021 15:55

openshift-ci bot added the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label Jul 26, 2021

openshift-ci bot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Jul 26, 2021

saschagrunert approved these changes Jul 27, 2021

View reviewed changes

openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jul 27, 2021

fgiudici force-pushed the shimv2_publish_cmd branch from 9730a67 to 9826c3f Compare July 28, 2021 09:33

fgiudici force-pushed the shimv2_publish_cmd branch from 9826c3f to 657836b Compare July 30, 2021 07:35

openshift-ci bot removed the lgtm Indicates that a PR is ready to be merged. label Jul 30, 2021

saschagrunert approved these changes Jul 30, 2021

View reviewed changes

openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Jul 30, 2021

fgiudici force-pushed the shimv2_publish_cmd branch from 657836b to 48ce34d Compare August 4, 2021 09:58

openshift-ci bot removed the lgtm Indicates that a PR is ready to be merged. label Aug 4, 2021

saschagrunert approved these changes Aug 5, 2021

View reviewed changes

openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Aug 5, 2021

openshift-ci bot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Aug 5, 2021

openshift-ci bot merged commit 126b893 into cri-o:master Aug 6, 2021

fgiudici mentioned this pull request Feb 15, 2022

REQUEST: New membership for @fgiudici #5648

Closed

4 tasks

Add a hidden 'publish' command to CRI-O #5129

Add a hidden 'publish' command to CRI-O #5129

Uh oh!

Conversation

fgiudici commented Jul 26, 2021

What type of PR is this?

What this PR does / why we need it:

Which issue(s) this PR fixes:

Special notes for your reviewer:

Does this PR introduce a user-facing change?

Uh oh!

openshift-ci bot commented Jul 26, 2021

Uh oh!

fidencio commented Jul 26, 2021

Uh oh!

fgiudici commented Jul 26, 2021

Uh oh!

codecov bot commented Jul 26, 2021 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

fgiudici commented Jul 26, 2021

Uh oh!

saschagrunert left a comment

Choose a reason for hiding this comment

Uh oh!

saschagrunert commented Jul 27, 2021

Uh oh!

fgiudici commented Jul 27, 2021

Uh oh!

fgiudici commented Jul 27, 2021

Uh oh!

fidencio commented Jul 27, 2021

Uh oh!

fgiudici commented Jul 27, 2021

Uh oh!

haircommander commented Jul 27, 2021

Uh oh!

TomSweeneyRedHat commented Jul 27, 2021

Uh oh!

fgiudici commented Jul 28, 2021 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

fgiudici commented Jul 28, 2021

Uh oh!

fgiudici commented Jul 28, 2021

Uh oh!

fgiudici commented Jul 28, 2021

Uh oh!

fgiudici commented Jul 28, 2021

Uh oh!

saschagrunert left a comment

Choose a reason for hiding this comment

Uh oh!

fgiudici commented Jul 30, 2021

Uh oh!

openshift-ci bot commented Jul 30, 2021

Uh oh!

fgiudici commented Aug 4, 2021

Uh oh!

fgiudici commented Aug 4, 2021

Uh oh!

fgiudici commented Aug 4, 2021

Uh oh!

fgiudici commented Aug 4, 2021

Uh oh!

saschagrunert left a comment

Choose a reason for hiding this comment

Uh oh!

openshift-ci bot commented Aug 5, 2021

Uh oh!

haircommander commented Aug 5, 2021

Uh oh!

openshift-bot commented Aug 5, 2021

Uh oh!

openshift-bot commented Aug 5, 2021

Uh oh!

openshift-bot commented Aug 5, 2021

Uh oh!

openshift-bot commented Aug 5, 2021

codecov bot commented Jul 26, 2021 •

edited

Loading

fgiudici commented Jul 28, 2021 •

edited

Loading

openshift-ci bot commented Aug 6, 2021 •

edited

Loading