Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Attempt 2: Bump GCE containerVM to container-v1-3-v20160517 (Docker 1.11.1) again. #26001

Merged
merged 2 commits into from
May 26, 2016
Merged

Attempt 2: Bump GCE containerVM to container-v1-3-v20160517 (Docker 1.11.1) again. #26001

merged 2 commits into from
May 26, 2016

Conversation

dchen1107
Copy link
Member

@dchen1107 dchen1107 commented May 20, 2016
edited
Loading

Workaround the issue of small root_maxkeys on the debian based container-vm image, and bump our image to the new alpha version for docker 1.11.1 validation.

ref: #23397 #25893

cc/ @vishh @timstclair

timstclair
timstclair reviewed May 20, 2016
View reviewed changes
cmd/kubelet/app/server.go
err = ioutil.WriteFile(path, []byte(fmt.Sprintf("%d", uint32(1000000))), 0644)
if err != nil {
return fmt.Errorf("failed to update %s: %v", path, err)
}
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ideally we would rebuild the image... should we do this in the salt configuration as a temporary measure?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I just don't want to cut another image release since it is time sink at validation stage. We shouldn't put this to image once we finished the validation. I am ok to go with salt, but thought there is no difference since it is a temporary solution.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cc/ @mikedanese for salt configuration

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The difference is we can limit the change in salt to the container VM GCE setup, but here it goes out to everyone.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, this one is goes to everyone. The number I chose (1000000) is actually the default one for other os distro including CoreOS, GCI, etc. If you want, I can read the number and reconfig it if the configured number < the default one?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mikedanese is ok with updating this through salt. I will re-do this then.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I gave up on salt. Here is the block change I made,

{% if grains.cloud is defined
and grains.cloud == 'gce' %}
/proc/sys/kernel/keys/root_maxkeys:
file.managed:
- content: |
- '200000'
- replace: True
- show_diff: True
{% endif %}

But salt think the file has right content, and refuse to update:

[INFO ] Running state [/proc/sys/kernel/keys/root_maxkeys] at time 00:27:59.681909
[INFO ] Executing state file.managed for /proc/sys/kernel/keys/root_maxkeys
[INFO ] File /proc/sys/kernel/keys/root_maxkeys is in the correct state
[INFO ] Completed state [/proc/sys/kernel/keys/root_maxkeys] at time 00:27:59.684949
ID: /proc/sys/kernel/keys/root_maxkeys
Comment: File /proc/sys/kernel/keys/root_maxkeys is in the correct state

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh well... let's just try to remember to remove this once the fix gets in the image.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We have set sysctl's before and we have always done it in code. Why wouldn't you want this in all clouds? I prefer this approach.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1. We need to change this logic to be run only when needed.

@k8s-github-robot k8s-github-robot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. release-note-label-needed labels May 20, 2016
@dchen1107
Copy link
Member Author

Addressed the comments, PTAL?

timstclair
timstclair reviewed May 21, 2016
View reviewed changes
cmd/kubelet/app/server.go
if err != nil {
return fmt.Errorf("failed to update %s: %v", maxkey_path, err)
}
const maxbyte_path = "/proc/sys/kernel/keys/root_maxbytes"
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: no underscore in go constants

@timstclair
Copy link

LGTM

@vishh
Copy link
Contributor

vishh commented May 21, 2016

This PR is fine. But I'd rather see this logic reside in pkg/kubelet/cm where we validate other kernel parameters. The move can happen in a separate PR. We only need to apply if the existing limits are not satisfactory.

@vishh
Copy link
Contributor

vishh commented May 21, 2016

LGTM

@timstclair timstclair added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label May 21, 2016
@dchen1107 dchen1107 mentioned this pull request May 21, 2016
Closed
@k8s-github-robot k8s-github-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label May 21, 2016
@dchen1107 dchen1107 added release-note Denotes a PR that will be considered when it comes time to generate release notes. lgtm "Looks good to me", indicates that a PR is ready to be merged. and removed release-note-label-needed labels May 21, 2016
@dchen1107
Copy link
Member Author

@k8s-bot test this issue: #IGNORE

@k8s-github-robot k8s-github-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed lgtm "Looks good to me", indicates that a PR is ready to be merged. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels May 24, 2016
@dchen1107
Copy link
Member Author

@timstclair Like what we discussed offline, we changed the PR to log the warning instead of crashing kubelet since we run our builds as docker container. Also add the logic only updates the file when the value is smaller than the default one. PTAL. Thanks!

@dchen1107 dchen1107 added this to the v1.3 milestone May 24, 2016
timstclair
timstclair reviewed May 24, 2016
View reviewed changes
cmd/kubelet/app/server.go
const minKeys uint64 = 1000000
key, err := ioutil.ReadFile(maxkeysPath)
if err != nil {
glog.Warningf("Cannot read keys quota in %s", maxkeysPath)
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Log the error as well?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done!

@timstclair
Copy link

A couple nits.

@timstclair
Copy link

Adding LGTM, but please add the err to the log if you get a chance before this goes in (or after)

@timstclair timstclair added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label May 24, 2016
@dchen1107 dchen1107 added the priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. label May 24, 2016
@dchen1107
Copy link
Member Author

We need to start our soaking tests against docker 1.11.1 for 1.3 as early as possible. Bump the priority to p1.

@k8s-github-robot k8s-github-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label May 25, 2016
@dchen1107
Copy link
Member Author

Rebased again! :-)

@k8s-github-robot k8s-github-robot removed lgtm "Looks good to me", indicates that a PR is ready to be merged. needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. labels May 25, 2016
@dchen1107 dchen1107 added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label May 25, 2016
@dchen1107
Copy link
Member Author

@k8s-bot ok to test

@alex-mohr alex-mohr added priority/backlog Higher priority than priority/awaiting-more-evidence. and removed priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. labels May 26, 2016
@alex-mohr
Copy link
Contributor

as buildcop: demoting to p2 because we have some p1 PRs to fix flaky tests and those should merge first. this should still merge before morning if SQ doesn't break horribly.

@k8s-github-robot
Copy link

@k8s-bot test this [submit-queue is verifying that this PR is safe to merge]

@k8s-bot
Copy link

k8s-bot commented May 26, 2016

GCE e2e build/test passed for commit a8ac041.

@k8s-github-robot
Copy link

Automatic merge from submit-queue

@k8s-github-robot k8s-github-robot merged commit 6a1abc1 into kubernetes:master May 26, 2016
@yujuhong
Copy link
Contributor

@dchen1107, FYI, this PR doesn't change the container vm version. The commit probably got lost due to the previous revert/rebase.

@timstclair
Copy link

Oh no!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@timstclair timstclair

Labels
lgtm "Looks good to me", indicates that a PR is ready to be merged. priority/backlog Higher priority than priority/awaiting-more-evidence. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
v1.3
Development

Successfully merging this pull request may close these issues.
9 participants
@dchen1107 @timstclair @vishh @alex-mohr @k8s-github-robot @k8s-bot @yujuhong @mikedanese @googlebot