diff --git a/Dockerfile b/Dockerfile index d17cfc0612..3d4b3ec36d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,14 +5,6 @@ WORKDIR /go/src/github.com/openshift/machine-config-operator COPY . . RUN make install DESTDIR=./instroot-rhel9 -# Add a RHEL 8 builder to compile the RHEL 8 compatible binaries -FROM registry.ci.openshift.org/ocp/builder:rhel-8-golang-1.25-openshift-4.22 AS rhel8-builder -ARG TAGS="" -WORKDIR /go/src/github.com/openshift/machine-config-operator -# Copy the RHEL 8 machine-config-daemon binary and rename -COPY . . -RUN make install DESTDIR=./instroot-rhel8 - FROM registry.ci.openshift.org/ocp/4.22:base-rhel9 ARG TAGS="" COPY install /manifests @@ -45,8 +37,6 @@ RUN if [ "${TAGS}" = "fcos" ]; then \ # Do this after package installation to avoid invalidating state for faster # local builds. COPY --from=rhel9-builder /go/src/github.com/openshift/machine-config-operator/instroot-rhel9/usr/bin/* /usr/bin/ -# Copy the RHEL 8 machine-config-daemon binary and rename -COPY --from=rhel8-builder /go/src/github.com/openshift/machine-config-operator/instroot-rhel8/usr/bin/machine-config-daemon /usr/bin/machine-config-daemon.rhel8 COPY templates /etc/mcc/templates ENTRYPOINT ["/usr/bin/machine-config-operator"] LABEL io.openshift.release.operator true diff --git a/Dockerfile.rhel7 b/Dockerfile.rhel7 index 645e135e7f..0915b0dcaf 100644 --- a/Dockerfile.rhel7 +++ b/Dockerfile.rhel7 @@ -6,14 +6,6 @@ WORKDIR /go/src/github.com/openshift/machine-config-operator COPY . . RUN make install DESTDIR=./instroot-rhel9 -# Add a RHEL 8 builder to compile the RHEL 8 compatible binaries -FROM registry.ci.openshift.org/ocp/builder:rhel-8-golang-1.25-openshift-4.22 AS rhel8-builder -ARG TAGS="" -WORKDIR /go/src/github.com/openshift/machine-config-operator -# Copy the RHEL 8 machine-config-daemon binary and rename -COPY . . -RUN make install DESTDIR=./instroot-rhel8 - FROM registry.ci.openshift.org/ocp/4.22:base-rhel9 ARG TAGS="" COPY install /manifests @@ -46,8 +38,6 @@ RUN if [ "${TAGS}" = "fcos" ]; then \ # Do this after package installation to avoid invalidating state for faster # local builds. COPY --from=rhel9-builder /go/src/github.com/openshift/machine-config-operator/instroot-rhel9/usr/bin/* /usr/bin/ -# Copy the RHEL 8 machine-config-daemon binary and rename -COPY --from=rhel8-builder /go/src/github.com/openshift/machine-config-operator/instroot-rhel8/usr/bin/machine-config-daemon /usr/bin/machine-config-daemon.rhel8 COPY templates /etc/mcc/templates ENTRYPOINT ["/usr/bin/machine-config-operator"] LABEL io.openshift.release.operator true diff --git a/pkg/daemon/constants/constants.go b/pkg/daemon/constants/constants.go index abf05de0c9..03411fb0ec 100644 --- a/pkg/daemon/constants/constants.go +++ b/pkg/daemon/constants/constants.go @@ -112,11 +112,8 @@ const ( // SSH Keys for user "core" will only be written at /home/core/.ssh CoreUserSSHPath = "/home/" + CoreUserName + "/.ssh" - // SSH keys in RHCOS 8 will be written to /home/core/.ssh/authorized_keys - RHCOS8SSHKeyPath = CoreUserSSHPath + "/authorized_keys" - // SSH keys in RHCOS 9 / FCOS / SCOS will be written to /home/core/.ssh/authorized_keys.d/ignition - RHCOS9SSHKeyPath = CoreUserSSHPath + "/authorized_keys.d/ignition" + RHCOSDefaultSSHKeyPath = CoreUserSSHPath + "/authorized_keys.d/ignition" // CRIOServiceName is used to specify reloads and restarts of the CRI-O service CRIOServiceName = "crio" diff --git a/pkg/daemon/daemon.go b/pkg/daemon/daemon.go index 9ea69374df..6a444b3426 100644 --- a/pkg/daemon/daemon.go +++ b/pkg/daemon/daemon.go @@ -256,9 +256,7 @@ const ( onceFromRemoteConfig ) -var ( - defaultRebootTimeout = 24 * time.Hour -) +var defaultRebootTimeout = 24 * time.Hour // rebootCommand creates a new transient systemd unit to reboot the system. // With the upstream implementation of kubelet graceful shutdown feature, @@ -267,8 +265,10 @@ var ( // kubelet uses systemd inhibitor locks to delay node shutdown to terminate pods. // https://kubernetes.io/docs/concepts/architecture/nodes/#graceful-node-shutdown func rebootCommand(rationale string, workaroundOCPBUGS51150 bool) *exec.Cmd { - systemdRunArgs := []string{"--unit", "machine-config-daemon-reboot", - "--description", fmt.Sprintf("machine-config-daemon: %s", rationale)} + systemdRunArgs := []string{ + "--unit", "machine-config-daemon-reboot", + "--description", fmt.Sprintf("machine-config-daemon: %s", rationale), + } // we need this until we have https://github.com/ostreedev/ostree/pull/3389 if workaroundOCPBUGS51150 { systemdRunArgs = append(systemdRunArgs, "-p", "Requires=ostree-finalize-staged.service", "-p", "After=ostree-finalize-staged.service") @@ -384,7 +384,8 @@ func (dn *Daemon) ClusterConnect( // we don't need to react in milliseconds. See also updateDelay above. dn.queue = workqueue.NewTypedRateLimitingQueueWithConfig[string](workqueue.NewTypedMaxOfRateLimiter[string]( &workqueue.TypedBucketRateLimiter[string]{Limiter: rate.NewLimiter(rate.Limit(updateDelay), 1)}, - workqueue.NewTypedItemExponentialFailureRateLimiter[string](1*time.Second, maxUpdateBackoff)), + workqueue.NewTypedItemExponentialFailureRateLimiter[string](1*time.Second, maxUpdateBackoff), + ), workqueue.TypedRateLimitingQueueConfig[string]{Name: "machineconfigdaemon"}) nodeInformer.Informer().AddEventHandler(cache.ResourceEventHandlerFuncs{ @@ -457,7 +458,8 @@ func (dn *Daemon) HypershiftConnect( dn.queue = workqueue.NewTypedRateLimitingQueueWithConfig[string](workqueue.NewTypedMaxOfRateLimiter[string]( &workqueue.TypedBucketRateLimiter[string]{Limiter: rate.NewLimiter(rate.Limit(updateDelay), 1)}, - workqueue.NewTypedItemExponentialFailureRateLimiter[string](1*time.Second, maxUpdateBackoff)), + workqueue.NewTypedItemExponentialFailureRateLimiter[string](1*time.Second, maxUpdateBackoff), + ), workqueue.TypedRateLimitingQueueConfig[string]{Name: "machineconfigdaemon"}) dn.enqueueNode = dn.enqueueDefault @@ -540,12 +542,6 @@ func ReexecuteForTargetRoot(target string) error { case sourceMajor == "10" && targetMajor == "9": sourceBinarySuffix = ".rhel9" klog.Info("container is rhel10, target is rhel9") - case sourceMajor == "10" && targetMajor == "8": - sourceBinarySuffix = ".rhel8" - klog.Info("container is rhel10, target is rhel8") - case sourceMajor == "9" && targetMajor == "8": - sourceBinarySuffix = ".rhel8" - klog.Info("container is rhel9, target is rhel8") default: klog.Infof("using appropriate binary for source=rhel-%s target=rhel-%s", sourceMajor, targetMajor) } @@ -1931,7 +1927,6 @@ func (dn *Daemon) generateBootstrappingMCMismatchError(currentConfigOnDisk *onDi } func (dn *Daemon) createBootstrapMachineConfigDiffFile(oldConfig, newConfig *mcfgv1.MachineConfig) { - if _, err := os.Stat(bootstrapConfigDiffPath); err == nil { // If the file already exists, we don't need to write it again return @@ -2004,7 +1999,6 @@ func removeIgnitionArtifacts() error { // when scaling up older bootimages and targeting newer RHEL versions. In this case, // we may want to pin NIC interface names that reference static IP addresses. // More information: -// - RHEL 8→9 transition: https://issues.redhat.com/browse/OCPBUGS-10787 // - RHEL 9→10 transition: https://issues.redhat.com/browse/OCPBUGS-63593 func PersistNetworkInterfaces(osRoot string) error { hostos, err := osrelease.GetHostRunningOSFromRoot(osRoot) @@ -2024,7 +2018,7 @@ func PersistNetworkInterfaces(osRoot string) error { // likely this NIC pinning should actually be driven automatically by // host updates. If you change this, you'll need to change the conditions // below too. - persisting := hostos.IsEL8() || hostos.IsEL9() + persisting := hostos.IsEL9() cleanup := hostos.IsEL10() if !(persisting || cleanup) { return nil @@ -2040,9 +2034,7 @@ func PersistNetworkInterfaces(osRoot string) error { switch { case persisting: - if hostos.IsEL8() { - klog.Info("Persisting NIC names for RHEL8 host system (RHEL8→9 transition)") - } else if hostos.IsEL9() { + if hostos.IsEL9() { klog.Info("Persisting NIC names for RHEL9 host system (RHEL9→10 transition)") } case cleanup: @@ -2107,71 +2099,6 @@ func PersistNetworkInterfaces(osRoot string) error { return nil } -// When we move from RHCOS 8 -> RHCOS 9, the SSH keys do not get written to the -// new location before the node reboots into RHCOS 9 because: -// -// 1. When the upgrade configs are written to the node, it is still running -// RHCOS 8, so the keys are not being written to the new location since the -// location is inferred from the currently booted OS. -// 2. The node reboots into RHCOS 9 to complete the upgrade. -// 3. The "are we on the latest config" functions detect that we are indeed on -// the latest config and so it does not attempt to perform an update. -// -// To work around that check on bootup if the we should use the new SSH key -// path and if the old SSH key path exists, we know that we need to migrate tot -// he new key path by calling dn.updateSSHKeyLocation(). -func (dn *Daemon) isSSHKeyLocationUpdateRequired() (bool, error) { - if !dn.useNewSSHKeyPath() { - // Return early because we're not using the new SSH key path. - return false, nil - } - - oldKeyExists, err := fileExists(constants.RHCOS8SSHKeyPath) - if err != nil { - return false, err - } - - newKeyExists, err := fileExists(constants.RHCOS9SSHKeyPath) - if err != nil { - return false, err - } - - // If the old key exists and the new key does not, we need to update. - return oldKeyExists && !newKeyExists, nil -} - -// Decode the Ignition config and perform the SSH key update. -func (dn *Daemon) updateSSHKeyLocation(cfg *mcfgv1.MachineConfig) error { - klog.Infof("SSH key location update required. Moving SSH keys from %q to %q.", constants.RHCOS8SSHKeyPath, constants.RHCOS9SSHKeyPath) - - ignConfig, err := ctrlcommon.ParseAndConvertConfig(cfg.Spec.Config.Raw) - if err != nil { - return fmt.Errorf("ignition failure when updating SSH key location: %w", err) - } - - if err := dn.updateSSHKeys(ignConfig.Passwd.Users, ignConfig.Passwd.Users); err != nil { - return fmt.Errorf("could not write SSH keys to new location: %w", err) - } - - return nil -} - -// Determines if we need to update the SSH key location and performs the -// necessary update if so. -func (dn *Daemon) updateSSHKeyLocationIfNeeded(cfg *mcfgv1.MachineConfig) error { - sshKeyLocationUpdateRequired, err := dn.isSSHKeyLocationUpdateRequired() - if err != nil { - return fmt.Errorf("unable to determine if SSH key location update is required: %w", err) - } - - if !sshKeyLocationUpdateRequired { - klog.Infof("SSH key location (%q) up-to-date!", constants.RHCOS9SSHKeyPath) - return nil - } - - return dn.updateSSHKeyLocation(cfg) -} - // checkStateOnFirstRun is a core entrypoint for our state machine. // It determines whether we're in our desired state, or if we're // transitioning between states, and whether or not we need to update @@ -2266,13 +2193,6 @@ func (dn *Daemon) checkStateOnFirstRun() error { } - // When upgrading the OS, it is possible that the SSH key location will - // change. We should detect whether that is the case and update before we - // check for any config drift. - if err := dn.updateSSHKeyLocationIfNeeded(state.currentConfig); err != nil { - return err - } - if err := dn.validateOnDiskStateOrImage(state.currentConfig, state.currentImage); err != nil { dn.nodeWriter.Eventf(corev1.EventTypeWarning, "OnDiskStateValidationFailed", err.Error()) // Start the config drift monitor even when there's pre-existing drift diff --git a/pkg/daemon/osrelease/osrelease.go b/pkg/daemon/osrelease/osrelease.go index a967e6c90f..a68c430337 100644 --- a/pkg/daemon/osrelease/osrelease.go +++ b/pkg/daemon/osrelease/osrelease.go @@ -99,11 +99,6 @@ func (os OperatingSystem) IsEL() bool { return os.id == rhcos || os.id == scos || (os.id == rhel && os.variantID == coreos) } -// IsEL8 is true if the OS is RHCOS 8 or SCOS 8 -func (os OperatingSystem) IsEL8() bool { - return os.IsEL() && strings.HasPrefix(os.version, "8.") || os.version == "8" -} - // IsEL9 is true if the OS is RHCOS 9 or SCOS 9 func (os OperatingSystem) IsEL9() bool { return os.IsEL() && strings.HasPrefix(os.version, "9.") || os.version == "9" @@ -199,15 +194,6 @@ func getOSVersion(or osrelease.OSRelease) string { return strings.ReplaceAll(or.VERSION, openshiftVersion, "") } } - // 4.1 and 4.2 bootimages doesn't ship RHEL_VERSION and OPENSHIFT_VERSION - // into /etc/os-release and hence we need to interpret ourself RHEL Version - // from VERSION_ID . See https://issues.redhat.com/browse/OCPBUGS-28974 - if or.VERSION_ID == "4.1" { - return "8.1" - } - if or.VERSION_ID == "4.2" { - return "8.2" - } // Fallback to the VERSION_ID field return or.VERSION_ID diff --git a/pkg/daemon/update.go b/pkg/daemon/update.go index adc8268dd6..dc0ae8d1b4 100644 --- a/pkg/daemon/update.go +++ b/pkg/daemon/update.go @@ -2488,20 +2488,8 @@ func createSSHKeyDir(authKeyDir string) error { return exec.Command("runuser", "-u", constants.CoreUserName, "--", "mkdir", "-m", "0700", "-p", dir).Run() } - // Create the root SSH key directory (/home/core/.ssh) first (if there does not exist one). - if _, err := os.Stat(constants.CoreUserSSHPath); os.IsNotExist(err) { - if err := mkdir(filepath.Dir(constants.RHCOS8SSHKeyPath)); err != nil { - return err - } - } - - // For RHCOS 8, creating /home/core/.ssh is all that is needed. - if authKeyDir == constants.RHCOS8SSHKeyPath { - return nil - } - - // Create the next level of the SSH key directory (/home/core/.ssh/authorized_keys.d) for RHCOS 9 cases. - return mkdir(filepath.Dir(constants.RHCOS9SSHKeyPath)) + // Create the SSH key directory (/home/core/.ssh/authorized_keys.d). + return mkdir(filepath.Dir(constants.RHCOSDefaultSSHKeyPath)) } func (dn *Daemon) atomicallyWriteSSHKey(authKeyPath, keys string) error { @@ -2630,13 +2618,6 @@ func (dn *Daemon) updateKubeConfigPermission() error { return nil } -// Determines if we should use the new SSH key path -// (/home/core/.ssh/authorized_keys.d/ignition) or the old SSH key path -// (/home/core/.ssh/authorized_keys) -func (dn *Daemon) useNewSSHKeyPath() bool { - return dn.os.IsEL9() || dn.os.IsEL10() || dn.os.IsFCOS() || dn.os.IsSCOS() -} - // Update a given PasswdUser's SSHKey func (dn *Daemon) updateSSHKeys(newUsers, oldUsers []ign3types.PasswdUser) error { klog.Info("updating SSH keys") @@ -2664,28 +2645,9 @@ func (dn *Daemon) updateSSHKeys(newUsers, oldUsers []ign3types.PasswdUser) error } } - authKeyPath := constants.RHCOS8SSHKeyPath - if !dn.mock { - // In RHCOS 8.6 or lower, the keys were written to `/home/core/.ssh/authorized_keys`. - // RHCOS 9.0+, FCOS, and SCOS will however expect the keys at `/home/core/.ssh/authorized_keys.d/ignition`. - // Check if the authorized_keys file at the legacy path exists. If it does, remove it. - // It will be recreated at the new fragment path by the atomicallyWriteSSHKey function - // that is called right after. - if dn.useNewSSHKeyPath() { - authKeyPath = constants.RHCOS9SSHKeyPath - - if err := cleanSSHKeyPaths(); err != nil { - return err - } - - if err := removeNonIgnitionKeyPathFragments(); err != nil { - return err - } - } - // Note we write keys only for the core user and so this ignores the user list - return dn.atomicallyWriteSSHKey(authKeyPath, concatSSHKeys) + return dn.atomicallyWriteSSHKey(constants.RHCOSDefaultSSHKeyPath, concatSSHKeys) } return nil @@ -2738,50 +2700,6 @@ func fileExists(path string) (bool, error) { return false, fmt.Errorf("cannot stat file: %w", err) } -// Removes the old SSH key path (/home/core/.ssh/authorized_keys), if found. -func cleanSSHKeyPaths() error { - oldKeyExists, err := fileExists(constants.RHCOS8SSHKeyPath) - if err != nil { - return err - } - - if !oldKeyExists { - return nil - } - - if err := os.RemoveAll(constants.RHCOS8SSHKeyPath); err != nil { - return fmt.Errorf("failed to remove path '%s': %w", constants.RHCOS8SSHKeyPath, err) - } - - return nil -} - -// Ensures authorized_keys.d/ignition is the only fragment that exists within the /home/core/.ssh dir. -func removeNonIgnitionKeyPathFragments() error { - // /home/core/.ssh/authorized_keys.d - authKeyFragmentDirPath := filepath.Dir(constants.RHCOS9SSHKeyPath) - // ignition - authKeyFragmentBasename := filepath.Base(constants.RHCOS9SSHKeyPath) - - keyFragmentsDir, err := ctrlcommon.ReadDir(authKeyFragmentDirPath) - if err == nil { - for _, fragment := range keyFragmentsDir { - if fragment.Name() != authKeyFragmentBasename { - keyPath := filepath.Join(authKeyFragmentDirPath, fragment.Name()) - err := os.RemoveAll(keyPath) - if err != nil { - return fmt.Errorf("failed to remove path '%s': %w", keyPath, err) - } - } - } - } else if !errors.Is(err, fs.ErrNotExist) { - // This shouldn't ever happen - return fmt.Errorf("unexpectedly failed to get info for path '%s': %w", constants.RHCOS9SSHKeyPath, err) - } - - return nil -} - // InplaceUpdateViaNewContainer runs rpm-ostree ex deploy-via-self // via a privileged container. This is needed on firstboot of old // nodes as well as temporarily for 4.11 -> 4.12 upgrades. diff --git a/templates/common/on-prem/files/NetworkManager-resolv-prepender.yaml b/templates/common/on-prem/files/NetworkManager-resolv-prepender.yaml index 098d2b8490..2b734c2a36 100644 --- a/templates/common/on-prem/files/NetworkManager-resolv-prepender.yaml +++ b/templates/common/on-prem/files/NetworkManager-resolv-prepender.yaml @@ -22,7 +22,7 @@ contents: export IP4_DOMAINS IP6_DOMAINS export -f resolv_prepender - # For RHEL8 with NetworkManager >= 1.36 and RHEL9 with NetworkManager >=1.42 we can use simplified logic + # For RHEL9 with NetworkManager >=1.42 we can use simplified logic # of observing only a single "dns-change" event. Older version of NetworkManager require however that we # react on a set of multiple events. Once dns-change event is detected we create a flag file to ignore # subsequent up&co. events as undesired. diff --git a/test/e2e-1of2/mcd_test.go b/test/e2e-1of2/mcd_test.go index 68ab2a2a2c..2ebc49ff90 100644 --- a/test/e2e-1of2/mcd_test.go +++ b/test/e2e-1of2/mcd_test.go @@ -218,7 +218,6 @@ func TestKernelType(t *testing.T) { } delete() require.Nil(t, cs.MachineConfigs().Delete(context.TODO(), oldInfraConfig.Name, metav1.DeleteOptions{})) - }) _, err = cs.MachineConfigs().Create(context.TODO(), oldInfraConfig, metav1.CreateOptions{}) @@ -296,7 +295,6 @@ func TestKernelType(t *testing.T) { } err = helpers.WaitForPoolComplete(t, cs, "infra", oldInfraRenderedConfig) require.Nil(t, err) - } func TestNoReboot(t *testing.T) { @@ -315,33 +313,19 @@ func TestNoReboot(t *testing.T) { } delete() require.Nil(t, cs.MachineConfigs().Delete(context.TODO(), oldInfraConfig.Name, metav1.DeleteOptions{})) - }) _, err := cs.MachineConfigs().Create(context.TODO(), oldInfraConfig, metav1.CreateOptions{}) require.Nil(t, err) - oldInfraRenderedConfig, err := helpers.WaitForRenderedConfig(t, cs, "infra", oldInfraConfig.Name) + oldInfraRenderedConfig, _ := helpers.WaitForRenderedConfig(t, cs, "infra", oldInfraConfig.Name) infraNode := helpers.GetSingleNodeByRole(t, cs, "infra") sshKeyContent := "test adding authorized key without node reboot" - nodeOS := helpers.GetOSReleaseForNode(t, cs, infraNode).OS - - sshPaths := helpers.GetSSHPaths(nodeOS) - - t.Logf("Expecting SSH keys to be in %s", sshPaths.Expected) - - if sshPaths.Expected == constants.RHCOS9SSHKeyPath { - // Write an SSH key to the old location on the node because the update process should remove this file. - t.Logf("Writing SSH key to %s to ensure that it will be removed later", sshPaths.NotExpected) - bashCmd := fmt.Sprintf("printf '%s' > %s", sshKeyContent, filepath.Join("/rootfs", sshPaths.NotExpected)) - helpers.ExecCmdOnNode(t, cs, infraNode, "/bin/bash", "-c", bashCmd) - } - // Delete the expected SSH keys directory to ensure that the directories are // (re)created correctly by the MCD. This targets the upgrade case where that // directory may not previously exist. Note: This will need to be revisited // once Config Drift Monitor is aware of SSH keys. - helpers.ExecCmdOnNode(t, cs, infraNode, "rm", "-rf", filepath.Join("/rootfs", filepath.Dir(sshPaths.Expected))) + helpers.ExecCmdOnNode(t, cs, infraNode, "rm", "-rf", filepath.Join("/rootfs", filepath.Dir(constants.RHCOSDefaultSSHKeyPath))) output := helpers.ExecCmdOnNode(t, cs, infraNode, "cat", "/rootfs/proc/uptime") oldTime := strings.Split(output, " ")[0] @@ -388,23 +372,18 @@ func TestNoReboot(t *testing.T) { assert.Equal(t, infraNode.Annotations[constants.CurrentMachineConfigAnnotationKey], renderedConfig) assert.Equal(t, infraNode.Annotations[constants.MachineConfigDaemonStateAnnotationKey], constants.MachineConfigDaemonStateDone) - helpers.AssertFileOnNode(t, cs, infraNode, sshPaths.Expected) - helpers.AssertFileNotOnNode(t, cs, infraNode, sshPaths.NotExpected) + helpers.AssertFileOnNode(t, cs, infraNode, constants.RHCOSDefaultSSHKeyPath) - foundSSHKey := helpers.ExecCmdOnNode(t, cs, infraNode, "cat", filepath.Join("/rootfs", sshPaths.Expected)) + foundSSHKey := helpers.ExecCmdOnNode(t, cs, infraNode, "cat", filepath.Join("/rootfs", constants.RHCOSDefaultSSHKeyPath)) if !strings.Contains(foundSSHKey, sshKeyContent) { t.Fatalf("updated ssh keys not found in authorized_keys, got %s", foundSSHKey) } t.Logf("Node %s has SSH key", infraNode.Name) - assertExpectedPerms(t, cs, infraNode, "/home/core/.ssh", []string{constants.CoreUserName, constants.CoreGroupName, "700"}) - - if sshPaths.Expected == constants.RHCOS9SSHKeyPath { - // /home/core/.ssh/authorized_keys.d - assertExpectedPerms(t, cs, infraNode, filepath.Dir(constants.RHCOS9SSHKeyPath), []string{constants.CoreUserName, constants.CoreGroupName, "700"}) - } - - assertExpectedPerms(t, cs, infraNode, sshPaths.Expected, []string{constants.CoreUserName, constants.CoreGroupName, "600"}) + // /home/core/.ssh + assertExpectedPerms(t, cs, infraNode, constants.CoreUserSSHPath, []string{constants.CoreUserName, constants.CoreGroupName, "700"}) + // /home/core/.ssh/authorized_keys.d + assertExpectedPerms(t, cs, infraNode, filepath.Dir(constants.RHCOSDefaultSSHKeyPath), []string{constants.CoreUserName, constants.CoreGroupName, "700"}) currentEtcShadowContents := helpers.ExecCmdOnNode(t, cs, infraNode, "grep", "^core:", "/rootfs/etc/shadow") @@ -451,13 +430,12 @@ func TestNoReboot(t *testing.T) { assert.Equal(t, infraNode.Annotations[constants.CurrentMachineConfigAnnotationKey], oldInfraRenderedConfig) assert.Equal(t, infraNode.Annotations[constants.MachineConfigDaemonStateAnnotationKey], constants.MachineConfigDaemonStateDone) - foundSSHKey = helpers.ExecCmdOnNode(t, cs, infraNode, "cat", filepath.Join("/rootfs", sshPaths.Expected)) + foundSSHKey = helpers.ExecCmdOnNode(t, cs, infraNode, "cat", filepath.Join("/rootfs", constants.RHCOSDefaultSSHKeyPath)) if strings.Contains(foundSSHKey, sshKeyContent) { t.Fatalf("Node %s did not rollback successfully", infraNode.Name) } - helpers.AssertFileOnNode(t, cs, infraNode, sshPaths.Expected) - helpers.AssertFileNotOnNode(t, cs, infraNode, sshPaths.NotExpected) + helpers.AssertFileOnNode(t, cs, infraNode, constants.RHCOSDefaultSSHKeyPath) t.Logf("Node %s has successfully rolled back", infraNode.Name) @@ -564,7 +542,6 @@ func TestDontDeleteRPMFiles(t *testing.T) { } delete() require.Nil(t, cs.MachineConfigs().Delete(context.TODO(), oldInfraConfig.Name, metav1.DeleteOptions{})) - }) _, err := cs.MachineConfigs().Create(context.TODO(), oldInfraConfig, metav1.CreateOptions{}) @@ -619,7 +596,6 @@ func TestDontDeleteRPMFiles(t *testing.T) { } err = helpers.WaitForPoolComplete(t, cs, "infra", oldInfraRenderedConfig) require.Nil(t, err) - } func TestIgn3Cfg(t *testing.T) { @@ -652,8 +628,10 @@ func TestIgn3Cfg(t *testing.T) { testIgn3Config.Ignition.Version = "3.2.0" mode := 420 testfiledata := "data:,test-ign3-stuff" - tempFile := ign3types.File{Node: ign3types.Node{Path: "/etc/testfileconfig"}, - FileEmbedded1: ign3types.FileEmbedded1{Contents: ign3types.Resource{Source: &testfiledata}, Mode: &mode}} + tempFile := ign3types.File{ + Node: ign3types.Node{Path: "/etc/testfileconfig"}, + FileEmbedded1: ign3types.FileEmbedded1{Contents: ign3types.Resource{Source: &testfiledata}, Mode: &mode}, + } testIgn3Config.Storage.Files = append(testIgn3Config.Storage.Files, tempFile) overrideName := "override.conf" @@ -726,9 +704,7 @@ func TestIgn3Cfg(t *testing.T) { assert.Equal(t, infraNode.Annotations[constants.CurrentMachineConfigAnnotationKey], renderedConfig) assert.Equal(t, infraNode.Annotations[constants.MachineConfigDaemonStateAnnotationKey], constants.MachineConfigDaemonStateDone) - sshPaths := helpers.GetSSHPaths(helpers.GetOSReleaseForNode(t, cs, infraNode).OS) - - foundSSH := helpers.ExecCmdOnNode(t, cs, infraNode, "grep", "1234_test_ign3", filepath.Join("/rootfs", sshPaths.Expected)) + foundSSH := helpers.ExecCmdOnNode(t, cs, infraNode, "grep", "1234_test_ign3", filepath.Join("/rootfs", constants.RHCOSDefaultSSHKeyPath)) if !strings.Contains(foundSSH, "1234_test_ign3") { t.Fatalf("updated ssh keys not found in authorized_keys, got %s", foundSSH) } @@ -800,7 +776,7 @@ func TestIgn3Cfg(t *testing.T) { // Test case for correct certificate rotation, even if a pool is paused func TestMCDRotatesCerts(t *testing.T) { - var testPool = "master" + testPool := "master" cs := framework.NewClientSet("") @@ -897,34 +873,22 @@ func TestFirstBootHasSSHKeys(t *testing.T) { } isFound := false - isFoundRhcos8KeyPath := false isFoundRhcos9KeyPath := false - if sshKeyFileExistsOnNode(constants.RHCOS8SSHKeyPath) { - assertSSHKeyContents(constants.RHCOS8SSHKeyPath) - isFound = true - isFoundRhcos8KeyPath = true - } - - if sshKeyFileExistsOnNode(constants.RHCOS9SSHKeyPath) { - assertSSHKeyContents(constants.RHCOS9SSHKeyPath) + if sshKeyFileExistsOnNode(constants.RHCOSDefaultSSHKeyPath) { + assertSSHKeyContents(constants.RHCOSDefaultSSHKeyPath) isFound = true isFoundRhcos9KeyPath = true } if isFound { - t.Logf("SSH keys found on node in RHCOS8 location %v / RHCOS9 location %v", isFoundRhcos8KeyPath, isFoundRhcos9KeyPath) + t.Logf("SSH keys found on node in RHCOS9 location %v", isFoundRhcos9KeyPath) } else { - t.Logf("Neither %s or %s exists on the node", constants.RHCOS8SSHKeyPath, constants.RHCOS9SSHKeyPath) + t.Logf("SSH keys path %s does not exists on the node", constants.RHCOSDefaultSSHKeyPath) t.FailNow() } } -func sshKeyFileExistsOnNode(t *testing.T, cs *framework.ClientSet, node corev1.Node, path string) bool { - _, err := helpers.ExecCmdOnNodeWithError(cs, node, "stat", filepath.Join("/rootfs", path)) - return err == nil -} - func createMCToAddFileForRole(name, role, filename, data string) *mcfgv1.MachineConfig { mcadd := helpers.CreateMC(fmt.Sprintf("%s-%s", name, uuid.NewUUID()), role) diff --git a/test/e2e-single-node/sno_mcd_test.go b/test/e2e-single-node/sno_mcd_test.go index 3780079410..0b389e32d3 100644 --- a/test/e2e-single-node/sno_mcd_test.go +++ b/test/e2e-single-node/sno_mcd_test.go @@ -113,7 +113,6 @@ func TestKernelArguments(t *testing.T) { } } t.Logf("Node %s has successfully rolled back", node.Name) - } func TestKernelType(t *testing.T) { @@ -263,23 +262,10 @@ func TestNoReboot(t *testing.T) { sshKeyContent := "test adding authorized key without node reboot" - nodeOS := helpers.GetOSReleaseForNode(t, cs, node).OS - - sshPaths := helpers.GetSSHPaths(nodeOS) - - t.Logf("Expecting SSH keys to be in %s", sshPaths.Expected) - - if sshPaths.Expected == constants.RHCOS9SSHKeyPath { - // Write an SSH key to the old location on the node because the update process should remove this file. - t.Logf("Writing SSH key to %s to ensure that it will be removed later", sshPaths.NotExpected) - bashCmd := fmt.Sprintf("printf '%s' > %s", sshKeyContent, filepath.Join("/rootfs", sshPaths.NotExpected)) - helpers.ExecCmdOnNode(t, cs, node, "/bin/bash", "-c", bashCmd) - } - // Delete the expected SSH keys directory to ensure that the directories are // (re)created correctly by the MCD. This targets the upgrade case where that // directory may not previously exist. - helpers.ExecCmdOnNode(t, cs, node, "rm", "-rf", filepath.Join("/rootfs", filepath.Dir(sshPaths.Expected))) + helpers.ExecCmdOnNode(t, cs, node, "rm", "-rf", filepath.Join("/rootfs", filepath.Dir(constants.RHCOSDefaultSSHKeyPath))) // Adding authorized key for user core testIgnConfig := ctrlcommon.NewIgnConfig() @@ -314,12 +300,11 @@ func TestNoReboot(t *testing.T) { assert.Equal(t, node.Annotations[constants.CurrentMachineConfigAnnotationKey], renderedConfig) assert.Equal(t, node.Annotations[constants.MachineConfigDaemonStateAnnotationKey], constants.MachineConfigDaemonStateDone) - t.Logf("Expecting SSH keys to be in %s", sshPaths.Expected) + t.Logf("Expecting SSH keys to be in %s", constants.RHCOSDefaultSSHKeyPath) - helpers.AssertFileOnNode(t, cs, node, sshPaths.Expected) - helpers.AssertFileNotOnNode(t, cs, node, sshPaths.NotExpected) + helpers.AssertFileOnNode(t, cs, node, constants.RHCOSDefaultSSHKeyPath) - foundSSHKey := helpers.ExecCmdOnNode(t, cs, node, "cat", filepath.Join("/rootfs", sshPaths.Expected)) + foundSSHKey := helpers.ExecCmdOnNode(t, cs, node, "cat", filepath.Join("/rootfs", constants.RHCOSDefaultSSHKeyPath)) if !strings.Contains(foundSSHKey, sshKeyContent) { t.Fatalf("updated ssh keys not found in authorized_keys, got %s", foundSSHKey) } @@ -359,13 +344,12 @@ func TestNoReboot(t *testing.T) { assert.Equal(t, node.Annotations[constants.CurrentMachineConfigAnnotationKey], oldMasterRenderedConfig) assert.Equal(t, node.Annotations[constants.MachineConfigDaemonStateAnnotationKey], constants.MachineConfigDaemonStateDone) - foundSSHKey = helpers.ExecCmdOnNode(t, cs, node, "cat", filepath.Join("/rootfs", sshPaths.Expected)) + foundSSHKey = helpers.ExecCmdOnNode(t, cs, node, "cat", filepath.Join("/rootfs", constants.RHCOSDefaultSSHKeyPath)) if strings.Contains(foundSSHKey, sshKeyContent) { t.Fatalf("Node %s did not rollback successfully", node.Name) } - helpers.AssertFileOnNode(t, cs, node, sshPaths.Expected) - helpers.AssertFileNotOnNode(t, cs, node, sshPaths.NotExpected) + helpers.AssertFileOnNode(t, cs, node, constants.RHCOSDefaultSSHKeyPath) t.Logf("Node %s has successfully rolled back", node.Name) diff --git a/test/helpers/utils.go b/test/helpers/utils.go index d106312d1b..bf69df9f3f 100644 --- a/test/helpers/utils.go +++ b/test/helpers/utils.go @@ -772,28 +772,6 @@ func CreateMCP(t *testing.T, cs *framework.ClientSet, mcpName string) func() { } } -type SSHPaths struct { - // The path where SSH keys are expected to be found. - Expected string - // The path where SSH keys are *not* expected to be found. - NotExpected string -} - -// Determines where to expect SSH keys for the core user on a given node based upon the node's OS. -func GetSSHPaths(os osrelease.OperatingSystem) SSHPaths { - if os.IsEL9() || os.IsSCOS() || os.IsFCOS() { - return SSHPaths{ - Expected: constants.RHCOS9SSHKeyPath, - NotExpected: constants.RHCOS8SSHKeyPath, - } - } - - return SSHPaths{ - Expected: constants.RHCOS8SSHKeyPath, - NotExpected: constants.RHCOS9SSHKeyPath, - } -} - // MCPNameToRole converts a mcpName to a node role label func MCPNameToRole(mcpName string) string { return fmt.Sprintf("node-role.kubernetes.io/%s", mcpName) @@ -1695,8 +1673,7 @@ func CollectDebugInfoFromNode(t *testing.T, cs *framework.ClientSet, node *corev "/etc/machine-config-daemon/currentconfig", "/etc/os-release", "/usr/lib/osrelease", - constants.RHCOS8SSHKeyPath, - constants.RHCOS9SSHKeyPath, + constants.RHCOSDefaultSSHKeyPath, "/etc/machine-config-daemon/node-annotation.json.bak", "/etc/ignition-machine-config-encapsulated.json.bak", }