StarlingX

starlingx/k8s-cni-sriov container image reports RHEL7.6 as OS

Bug #1843963 reported by Ghada Khalil
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
StarlingX
Fix Released
High
Steven Webster

Bug Description

Brief Description
-----------------
The starlingx/k8s-cni-sriov container image is built with RHEL7.6 as the base OS. This is an issue as starlingx is an open-source project and doesn't have a license to use RHEL. This bug is opened to investigate if this image can be based on an open-source distribution instead.

Starlingx doesn't modify the k8s-cni-sriov image. It's built so that it can be locked down on a specific SHA (to align on the code base that was tested).

The upstream docker file is used by starlingx:
$ cat k8s-cni-sriov.stable_docker_image
BUILDER=docker
LABEL=k8s-cni-sriov
DOCKER_REPO=https://github.com/intel/sriov-cni.git
DOCKER_REF=9e4c973b2ac517c64867e33d61aee152d70dc330

https://github.com/intel/sriov-cni/tree/9e4c973b2ac517c64867e33d61aee152d70dc330

So the build is using this as the Dockerfile:
https://github.com/intel/sriov-cni/blob/9e4c973b2ac517c64867e33d61aee152d70dc330/Dockerfile

This file is what’s defining the base.

A more recent baseline of this repo appears to have the default image build based on alpine, with RHEL7 as a secondary option.

Severity
--------
This is not a functional issue. It's a licensing issue.

Steps to Reproduce
------------------
Query the OS version in the starlingx/k8s-cni-sriov container image

Expected Behavior
------------------
Only opensource licenses are used in components used by starlingx

Actual Behavior
----------------
The above image is based on enterprise source code.

Reproducibility
---------------
Reproducible

System Configuration
--------------------
N/A

Branch/Pull Time/Commit
-----------------------
master 2019-09-13

Last Pass
---------
This has been an issue since the introduction of the starlingx/k8s-cni-sriov container image

Timestamp/Logs
--------------
N/A

Test Activity
-------------
Other

See original description
Ghada Khalil (gkhalil)
description: updated
Changed in starlingx:
assignee: nobody → Steven Webster (swebster-wr)
Revision history for this message
Ghada Khalil (gkhalil) wrote :

Marking as gating / high priority given this is a licensing issue. Given this is an issue in stx.2.0, the fix should be considered for cherry-picking to that release as well. Need assessment from the developer that this is possible with reasonable effort (confirm the new version of the codebase providing an alpine build will be functionally compatible with the stx.2.0 code base)

tags: added: stx.3.0 stx.containers
tags: added: stx.2.0
removed: stx.3.0
Changed in starlingx:
importance: Undecided → High
status: New → Triaged
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to integ (master)

Fix proposed to branch: master
Review: https://review.opendev.org/685498

Changed in starlingx:
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to integ (master)

Reviewed: https://review.opendev.org/685498
Committed: https://git.openstack.org/cgit/starlingx/integ/commit/?id=dac417bd31ed36d455e94db4aabe5916367654d4
Submitter: Zuul
Branch: master

commit dac417bd31ed36d455e94db4aabe5916367654d4
Author: Steven Webster <email address hidden>
Date: Wed Sep 25 15:02:09 2019 -0500

    Uprev SR-IOV CNI and device plugin image base

    Currently, StarlingX uses a version of the SR-IOV CNI and device
    plugin container images that are based on a certain commit reference.
    This is done to ensure reliable and predicable behaviour until the
    images can be locked down on a stable release version.

    It is desirable to move to a later version of these images for
    a couple of reasons (aside from bug fixes, etc):

    1. The SR-IOV CNI image now uses an alpine base, rather than
       a Redhat base.
    2. The SR-IOV device plugin allows a DPDK enabled pod with
       Mellanox NICs to run unprivileged.

    This commit moves the image base forward.

    Testing has been performed with netdevice and DPDK based
    pod applications with various combinations of the following
    devices:

    Mellanox MT27700 Family [ConnectX-4]
    Intel 82599ES 10-Gigabit SFI/SFP+ Network Connection
    Intel Ethernet Controller X710 for 10GbE SFP+

    Change-Id: Ia74e135b3e4b1a00465d4a8fd0b4650efdcfd2c5
    Closes-Bug: 1843963
    Closes-Bug: 1835020
    Signed-off-by: Steven Webster <email address hidden>

Changed in starlingx:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.