must-gather: collect selinux info #2509
Conversation
openshift-ci
bot
added
the
do-not-merge/work-in-progress
|
Important Installation incomplete: to start using Gemini Code Assist, please ask the organization owner(s) to visit the Gemini Code Assist Admin Console and sign the Terms of Services. |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: Tal-or The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
Tal-or
force-pushed
the
mg_fetch_selinux_label
branch
4 times, most recently
from
0ed4ea5 to
8b7af08
Compare
Tal-or
changed the title
openshift-ci
bot
removed
the
do-not-merge/work-in-progress
Tal-or
force-pushed
the
mg_fetch_selinux_label
branch
from
c6c9292 to
84bd461
Compare
ffromani
left a comment
ffromani
left a comment
There was a problem hiding this comment.
ack about the general direction
There were several cases from customers related to issues with selinux lately. We want to minimize asking the customer to provide additional information in this context, so let's collect the selinux data as part of NROP MG. Signed-off-by: Talor Itzhak <titzhak@redhat.com>
Tal-or
force-pushed
the
mg_fetch_selinux_label
branch
from
84bd461 to
0264f99
Compare
add an e2e to validate script collection format and collected data integrety. Signed-off-by: Talor Itzhak <titzhak@redhat.com>
Signed-off-by: Talor Itzhak <titzhak@redhat.com>
Tal-or
force-pushed
the
mg_fetch_selinux_label
branch
from
0264f99 to
72d9e43
Compare
|
|
||
| // Check that the type field contains kubelet_var_lib_t | ||
| contextType := context["type"] | ||
| Expect(contextType).To(Equal("kubelet_var_lib_t"), "kubelet.sock should have kubelet_var_lib_t SELinux context type, got: %s", contextType) |
There was a problem hiding this comment.
this is for 4.18+ (right?), the test like this will run d/s on all versions, and will fail. we can either mark this with a new label and d/s will adapt accordingly and run it only where supported (see https://github.com/openshift-kni/numaresources-operator/blob/main/internal/api/features/_topics.json)
Or if you want to backport for better debugging for older versions, then you need to update this version of the test to handle the old expected type too.
There was a problem hiding this comment.
Good catch I'll update the test accordingly
There was a problem hiding this comment.
@shajmakh Thinking about it again, are must gather test are part of the serial suite where same tests are running against all releases?
If so, and we want this test to run on 4.18+ we need to backport from 4.22->4.18, do we want that?
There was a problem hiding this comment.
these tests runs also in d/s, so yes, we use the same test image for all releases. But also these tests run u/s via prow, so if we want to backport the data collection support to older versions, we need to have the test changes also backported so we can have coverage u/s.
There was a problem hiding this comment.
For now I added skip if version < 4.22, for every backport I'll decrease the minimum version.
|
/test ci-install-e2e-compact |
|
/retest |
We don't want this test to run on older versions because we don't have the selinux data in older MG releases, which means the test is gonna failed. Signed-off-by: Talor Itzhak <titzhak@redhat.com>
Tal-or
force-pushed
the
mg_fetch_selinux_label
branch
from
0f425cd to
c608346
Compare
3 participants
There were several cases from customers related to issues with selinux lately. We want to minimize asking the customer to provide additional information in this context, so let's collect the selinux data as part of NROP MG.
Signed-off-by: Talor Itzhak titzhak@redhat.com