Skip to content

NO-ISSUE: Remove workaround for boot image version mismatch#10665

Open
zaneb wants to merge 1 commit into
openshift:mainfrom
zaneb:ssh-restart-removal
Open

NO-ISSUE: Remove workaround for boot image version mismatch#10665
zaneb wants to merge 1 commit into
openshift:mainfrom
zaneb:ssh-restart-removal

Conversation

@zaneb

@zaneb zaneb commented Jun 30, 2026

Copy link
Copy Markdown
Member

Now that boot image versions match node image versions again, we can remove this workaround that was required for ssh when the former was using RHCOS 9.6 and the latter RHCOS 9.8 (OCPBUGS-81470).

Now that boot image versions match node image versions again, we can
remove this workaround that was required for ssh when the former was
using RHCOS 9.6 and the latter RHCOS 9.8 (OCPBUGS-81470).
@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Jun 30, 2026
@openshift-ci-robot

Copy link
Copy Markdown
Contributor

@zaneb: This pull request explicitly references no jira issue.

Details

In response to this:

Now that boot image versions match node image versions again, we can remove this workaround that was required for ssh when the former was using RHCOS 9.6 and the latter RHCOS 9.8 (OCPBUGS-81470).

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@coderabbitai

coderabbitai Bot commented Jun 30, 2026

Copy link
Copy Markdown
📝 Walkthrough

Walkthrough

A bootstrap overlay script was modified to replace the previous sshd service try-restart logic with an SELinux policy reload, executing semodule -R preceded by a log message. This change affects the RHEL 9.6→9.8 SSH daemon upgrade handling path.

Changes

Overlay upgrade handling

Layer / File(s) Summary
Replace sshd restart with SELinux policy reload
data/data/bootstrap/files/usr/local/bin/node-image-overlay.sh
The sshd.service try-restart step is removed and replaced with a logged semodule -R call to reload the SELinux policy.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

🚥 Pre-merge checks | ✅ 15
✅ Passed checks (15 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly matches the change: removing the boot image version mismatch workaround.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names ✅ Passed The PR only adds a shell script; no Ginkgo tests or dynamic test titles are present in the changed file.
Test Structure And Quality ✅ Passed Changed files are plain Go unit tests; no Ginkgo blocks, Eventually/Consistently, or cluster-wait patterns, so the check is not applicable.
Microshift Test Compatibility ✅ Passed Only node-image-overlay.sh changed; no new Ginkgo e2e tests or OpenShift API usage were added.
Single Node Openshift (Sno) Test Compatibility ✅ Passed No new Ginkgo e2e tests were added; the changed Go files are standard unit tests with testing/testify, not ginkgo/e2e.
Topology-Aware Scheduling Compatibility ✅ Passed Only a bootstrap shell script changed; no deployment manifests, controller logic, node selectors, affinity, or replica settings were introduced.
Ote Binary Stdout Contract ✅ Passed The PR only edits a boot-time shell overlay script; no OTE binary entrypoint or process-level init/main code was changed, so the stdout contract isn’t implicated.
Ipv6 And Disconnected Network Test Compatibility ✅ Passed Only node-image-overlay.sh changed; no Ginkgo tests, IPv4-only logic, or external connectivity requirements were added.
No-Weak-Crypto ✅ Passed Touched script only mounts, rsyncs, and reloads SELinux policy; no weak crypto, custom crypto, or secret comparisons found.
Container-Privileges ✅ Passed Patch only removes sshd restart in a shell script; no manifests or privileged/container settings were added.
No-Sensitive-Data-In-Logs ✅ Passed The only added log is a generic SELinux reload message; no passwords, tokens, PII, hostnames, or customer data are logged.
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Comment @coderabbitai help to get the list of available commands.

@openshift-ci

openshift-ci Bot commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign rna-afk for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@zaneb

zaneb commented Jun 30, 2026

Copy link
Copy Markdown
Member Author

/cc @patrickdillon

@openshift-ci

openshift-ci Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

@zaneb: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/okd-scos-images 0e3e7a3 link true /test okd-scos-images

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@tthvo tthvo left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

Bootstrap log-bundle is collected in ci/prow/e2e-aws-ovn so this removal works 👍

@openshift-ci openshift-ci Bot added the lgtm Indicates that a PR is ready to be merged. label Jul 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. lgtm Indicates that a PR is ready to be merged.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants