From 954feaf5b5d84d49f71cb59f0d140ba4e7663f70 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Thu, 12 Nov 2020 16:16:05 +0000 Subject: [PATCH] daemon: Remove rollback deployment Came out of concerns from compliance about having bootloader entries that may not have expected parameters. --- pkg/daemon/daemon.go | 4 ++++ pkg/daemon/update.go | 10 ++++++++++ 2 files changed, 14 insertions(+) diff --git a/pkg/daemon/daemon.go b/pkg/daemon/daemon.go index 59ce22ae69..42336a6e25 100644 --- a/pkg/daemon/daemon.go +++ b/pkg/daemon/daemon.go @@ -1022,6 +1022,10 @@ func (dn *Daemon) checkStateOnFirstRun() error { return fmt.Errorf("error detecting previous SSH accesses: %v", err) } + if err := dn.removeRollback(); err != nil { + return errors.Wrapf(err, "Failed to remove rollback") + } + // Bootstrapping state is when we have the node annotations file if state.bootstrapping { targetOSImageURL := state.currentConfig.Spec.OSImageURL diff --git a/pkg/daemon/update.go b/pkg/daemon/update.go index 68b76f78b1..e6f1f69af8 100644 --- a/pkg/daemon/update.go +++ b/pkg/daemon/update.go @@ -512,6 +512,16 @@ func (dn *Daemon) update(oldConfig, newConfig *mcfgv1.MachineConfig) (retErr err return dn.finalizeAndReboot(newConfig) } +// removeRollback removes the rpm-ostree rollback deployment. It +// takes up space, and we don't generally expect administrators to +// use this versus e.g. removing broken configuration. We only +// remove the rollback once the MCD pod has landed on a node, so +// we know kubelet is working. +func (dn *Daemon) removeRollback() error { + _, err := runGetOut("rpm-ostree", "cleanup", "-r") + return err +} + // machineConfigDiff represents an ad-hoc difference between two MachineConfig objects. // At some point this may change into holding just the files/units that changed // and the MCO would just operate on that. For now we're just doing this to get