vsphere: make sure CSRs are approved, run imageregistry patch in a thread #3573
Conversation
openshift-ci-robot
added
the
size/S
|
/test pj-rehearse |
vrutkovs
force-pushed
the
vsphere-csr-approval
branch
3 times, most recently
from
b28d5a6 to
cdfc36b
Compare
| function approve_csrs() { | ||
| while true; do | ||
| sleep 5; | ||
| oc get csr -ojson | jq -r '.items[] | select(.status == {} ) | .metadata.name' | xargs --no-run-if-empty oc adm certificate approve && break |
There was a problem hiding this comment.
Are we looping here because we have seen cases where the CSRs were not available yet? If the CSRs trickle in instead of all coming in at once, then this has the potential to approve some but not all of the CSRs. Should we keep approving CSRs until wait-for install-complete succeeds?
There was a problem hiding this comment.
Yeah, the idea is that by the time bootstrap is destroyed all nodes have created a CSR. Not sure if there is a simple way to run CSR approval loop until install-complete.
Previously xargs was accepting an empty list (probably api didn't return anything?) and proceeded. I haven't seen the case where just a part of nodes have submitted a CSR
There was a problem hiding this comment.
Could we not create a file after wait-for install-complete and break out of the approve_csrs while loop when that file exists?
vrutkovs
force-pushed
the
vsphere-csr-approval
branch
from
cdfc36b to
00d8d88
Compare
| @@ -427,17 +427,34 @@ objects: | |||
| terraform apply -auto-approve -var 'bootstrap_complete=true' -no-color & | |||
| wait "$!" | |||
|
|
|||
| function approve_csrs() { | |||
| while true; do | |||
| if [[ ! -f /tmp/install-complete ]]; then | |||
There was a problem hiding this comment.
Am I reading this wrong or does this wait for the install-complete file to exist before approving the CSRs?
I was expecting something like the following.
function approve_csrs() {
while [[ ! -f /tmp/install-complete ]]; do
sleep 15;
oc get csr -ojson | jq -r '.items[] | select(.status == {} ) | .metadata.name' | xargs --no-run-if-empty oc adm certificate approve
done
}
There was a problem hiding this comment.
Oh, correct, this won't ever finish, as CSR should be approved earlier. Fixed
There was a problem hiding this comment.
What are we gaining by having an if statement that does a continue in one branch and a break in the other rather than moving the check up to the while statement?
vrutkovs
force-pushed
the
vsphere-csr-approval
branch
2 times, most recently
from
f11b255 to
0f6142a
Compare
vrutkovs
force-pushed
the
vsphere-csr-approval
branch
from
0f6142a to
3dc122d
Compare
|
/test pj-rehearse |
|
@vrutkovs: The following tests failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: staebler, vrutkovs The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci-robot
added
the
approved
|
@vrutkovs: Updated the following 2 configmaps:
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
…athering Carries changes from [1] and [2] [1]: openshift#3573 [2]: openshift#3475
This should stuck vsphere tests in installer/origin