Bug 1780396
Summary: | Etcd-snapshot-backup exec format error | |||
---|---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Tom Dale <tdale> | |
Component: | Multi-Arch | Assignee: | Prashanth Sundararaman <psundara> | |
Status: | CLOSED ERRATA | QA Contact: | Barry Donahue <bdonahue> | |
Severity: | low | Docs Contact: | ||
Priority: | low | |||
Version: | 4.4 | CC: | aghadge, alklein, cfillekes, chanphil, christian.lapolt, dbenoit, erich, hannsj_uhl, Holger.Wolf, krmoser, nbziouec, psundara, rcgingra, sbatsche, skolicha, tdale, walters | |
Target Milestone: | --- | |||
Target Release: | 4.4.0 | |||
Hardware: | s390x | |||
OS: | Linux | |||
Whiteboard: | ||||
Fixed In Version: | Doc Type: | If docs needed, set a value | ||
Doc Text: | Story Points: | --- | ||
Clone Of: | ||||
: | 1797035 1797038 (view as bug list) | Environment: | ||
Last Closed: | 2020-05-04 11:18:37 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1765215, 1797035 |
Description
Tom Dale
2019-12-05 21:03:16 UTC
The MCO generates the snapshot script which downloads etcdctl binary from upstream. It downloads the x86 version and is not arch specific: https://github.com/openshift/machine-config-operator/blob/master/templates/master/00-master/_base/files/usr-local-bin-openshift-recovery-tools-sh.yaml#L28 Unfortunately for s390x, there is no etcdctl binary available in storage.googleapis.com. only x86 and ppc64le versions are available s390x needs to be added as a supported release for the etcd binaries and etcdctl to be released similar to ppc64le. I will work on getting that added upstream This is a MCO bug - we even ship etcd with the MCO, so the fix should be...hm, something like: diff --git a/templates/master/00-master/_base/files/usr-local-bin-openshift-recovery-tools-sh.yaml b/templates/master/00-master/_base/files/usr-local-bin-openshift-recovery-tools-sh.yaml index bd399c07..8e86db51 100644 --- a/templates/master/00-master/_base/files/usr-local-bin-openshift-recovery-tools-sh.yaml +++ b/templates/master/00-master/_base/files/usr-local-bin-openshift-recovery-tools-sh.yaml @@ -21,15 +21,14 @@ contents: # download and test etcdctl from upstream release assets dl_etcdctl() { - GOOGLE_URL=https://storage.googleapis.com/etcd - DOWNLOAD_URL=${GOOGLE_URL} - - echo "Downloading etcdctl binary.." - curl -s -L ${DOWNLOAD_URL}/${ETCD_VERSION}/etcd-${ETCD_VERSION}-linux-amd64.tar.gz -o $ASSET_DIR/tmp/etcd-${ETCD_VERSION}-linux-amd64.tar.gz \ - && tar -xzf $ASSET_DIR/tmp/etcd-${ETCD_VERSION}-linux-amd64.tar.gz -C $ASSET_DIR/shared --strip-components=1 \ - && mv $ASSET_DIR/shared/etcdctl $ASSET_DIR/bin \ - && rm $ASSET_DIR/shared/etcd \ - && $ASSET_DIR/bin/etcdctl version + local etcdimg="{{.Images.etcdKey}}" + podman pull "${etcdimg}" + local etcdctr=$(podman create ${etcdimg}) + local etcdmnt=$(podman mount "${etcdctr}") + cp ${etcdmnt}/bin/etcdctl $ASSET_DIR/bin + umount "${etcdmnt}" + podman rm "${etcdctr}" + podman rmi "${etcdimg}" } #backup etcd client certs Really of course we want to run the *containerized* etcd tools, and in fact the whole recovery stuff should be containerized. I agree with Colin, DR scripts are currently being ported to golang and will be part of the cluster-etcd-operator image. The reason we have not grabbed etcdctl from the etcd image has been the extra step involved to authenticate podman with PullSecret. But this bug and air-gapped clusters are a good reason to take that approach. Colin's diff works....except that the `podman rmi ${etcdimg}` is not allowing the image to be deleted, probably because it's part of the deployment? Otherwise, i was able to create the backup. Thanks Colin! > The reason we have not grabbed etcdctl from the etcd image has been the extra step involved to authenticate podman with PullSecret.
That's just `podman --authfile=/var/lib/kubelet/config.json` right?
(And yes...it is confusing that podman and kubelet have separate default auth files)
(In reply to Colin Walters from comment #9) > > The reason we have not grabbed etcdctl from the etcd image has been the extra step involved to authenticate podman with PullSecret. > > That's just `podman --authfile=/var/lib/kubelet/config.json` right? > > (And yes...it is confusing that podman and kubelet have separate default > auth files) That's one of the related questions i had - in the PR i didn't pull the image because it was already present. Is that a correct assumption or are there some cases where the image might need to be pulled ? *** Bug 1808496 has been marked as a duplicate of this bug. *** Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:0581 *** Bug 1809576 has been marked as a duplicate of this bug. *** |