Skip to content

fix os_images_info_input_hash to ensure that os-images-info is updated after os_images_info_input_hash upgrade

Thomas Morin requested to merge fix-os_images_info_input_hash into main

os_images_info_input_hash, which controls whether or not the os-images-info ConfigMap needs to be re-run on an upgrade, was computed in a wrong way. This hash is meant to take as input all the data given to the create-os-images-info script, in particular the output of the generate-os-images named template.

The issue is that the strings used to compute os_images_info_input_hash are passed into toJson | sha256sum before having been interpreted, so what is hashed is the following string:

- '{{ .Chart.Version }}'
- |2-
      os_images:
        ubuntu-jammy-plain-rke2-1-28-9:
          sylva_dib_image: true
          uri: '{{ .Values.sylva_base_oci_registry }}/sylva-elements/diskimage-builder/ubuntu-jammy-plain-rke2-1-28-9:{{
            .Values.sylva_diskimagebuilder_version }}'
- '{{ .Values._internal.default_os_images_info_configmap }}'
...
- .cluster.local: true
  .cluster.local.: true
  .svc: true
  '{{ printf ".%s" .Values.cluster_domain }}': true
  10.0.0.0/8: true
  127.0.0.1: true
  172.16.0.0/12: true
  172.20.129.142: true
  192.168.0.0/16: true
  localhost: true
- true

... without any substitution of the {{ ... }} things by the interpreter. This is due to the fact that we do not control in which order items of _internal are interpreted.

So if on an upgrade sylva_diskimagebuilder_version changes (or .Chart.Version), the hash will not change, and the resulting compute map will still have information for the previous sylva_diskimagebuilder_version, and no OS image update will happen on the cluster.

This MR fixes that by ensuring that proper interpretation happens before hashing.

Doing that involved quite a bit of changes and was the opportunity for cleanups:

  • (1) the named templates in _os-images.tpl were partly working with uninterpreted data -- this data was interpreted later when rendered into final resources, so this was ok -- but to simplify the computation of the os-images-info hash, it was good to fix that
  • (2) the name used for the os-images-info ConfigMap was dynamic following this hash -- this was done in 9f5ed698 / !1433 (merged) -- and made the code around this pretty complex, but now that we constraint Kustomization reconciliation during updates thanks to the global root-dependency-<n> dependency, this isn't necessary -- this MR simplifies that
  • (3) given (2), we don't need to compute the hash in _internal

(this MR is a resubmission of !2396 (merged) which had mistakenly been merged and then reverted in !2400 (merged))

Closes #1316 (closed)

Edited by Thomas Morin

Merge request reports