Skip to content

Commit

Permalink
daemon: ensure pinned image updates are a reload action
Browse files Browse the repository at this point in the history
Signed-off-by: Sam Batschelet <[email protected]>
  • Loading branch information
hexfusion committed Jan 30, 2024
1 parent 60fae0e commit e8301a2
Showing 1 changed file with 17 additions and 9 deletions.
26 changes: 17 additions & 9 deletions pkg/daemon/update.go
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,9 @@ const (
// ImageRegistryDrainOverrideConfigmap is the name of the Configmap a user can apply to force all
// image registry changes to not drain
ImageRegistryDrainOverrideConfigmap = "image-registry-override-drain"

// pinnedImagePathRegex is the regex MCO expects will contain pinned image updates.
pinnedImagePathRegex = `crio\.conf\.d\/[0-9]{2}-pinned-images$`
)

func getNodeRef(node *corev1.Node) *corev1.ObjectReference {
Expand Down Expand Up @@ -413,35 +416,40 @@ func (dn *CoreOSDaemon) applyOSChanges(mcDiff machineConfigDiff, oldConfig, newC
return nil
}

func calculatePostConfigChangeActionFromFileDiffs(diffFileSet []string) (actions []string) {
func calculatePostConfigChangeActionFromFileDiffs(diffFileSet []string) ([]string, error) {
filesPostConfigChangeActionNone := []string{
caBundleFilePath,
imageRegistryAuthFile,
"/var/lib/kubelet/config.json",
}
filesPostConfigChangeActionReloadCrio := []string{
regexPostConfigActionReloadCrio := []string{
constants.ContainerRegistryConfPath,
GPGNoRebootPath,
"/etc/containers/policy.json",
pinnedImagePathRegex,
}
filesPostConfigChangeActionRestartCrio := []string{
"/etc/pki/ca-trust/source/anchors/openshift-config-user-ca-bundle.crt",
}

actions = []string{postConfigChangeActionNone}
actions := []string{postConfigChangeActionNone}
for _, path := range diffFileSet {
if ctrlcommon.InSlice(path, filesPostConfigChangeActionNone) {
continue
} else if ctrlcommon.InSlice(path, filesPostConfigChangeActionReloadCrio) {
actionReloadCrio, err := ctrlcommon.InSliceRegex(path, regexPostConfigActionReloadCrio)
if err != nil {
return nil, err
}
if actionReloadCrio {
actions = []string{postConfigChangeActionReloadCrio}
} else if ctrlcommon.InSlice(path, filesPostConfigChangeActionNone) {
continue
} else if ctrlcommon.InSlice(path, filesPostConfigChangeActionRestartCrio) {
actions = []string{postConfigChangeActionRestartCrio}
} else {
actions = []string{postConfigChangeActionReboot}
return
return actions, nil
}
}
return
return actions, nil
}

func calculatePostConfigChangeAction(diff *machineConfigDiff, diffFileSet []string) ([]string, error) {
Expand All @@ -462,7 +470,7 @@ func calculatePostConfigChangeAction(diff *machineConfigDiff, diffFileSet []stri
}

// We don't actually have to consider ssh keys changes, which is the only section of passwd that is allowed to change
return calculatePostConfigChangeActionFromFileDiffs(diffFileSet), nil
return calculatePostConfigChangeActionFromFileDiffs(diffFileSet)
}

// This is another update function implementation for the special case of
Expand Down

0 comments on commit e8301a2

Please sign in to comment.