Bug 1104598 - /etc/crictl.yaml owned by wrong package (cri-o not cri-tools)
/etc/crictl.yaml owned by wrong package (cri-o not cri-tools)
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Kubic
Current
Other Other
: P5 - None : Normal (vote)
: ---
Assigned To: Valentin Rothberg
E-mail List
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-08-12 19:54 UTC by Richard Brown
Modified: 2020-04-26 19:16 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Richard Brown 2018-08-12 19:54:01 UTC
/etc/crictl.yaml is consumed by the crictl binary provided by cri-tools

But /etc/crictl.yml is currently packaged as part of cri-o

This seems very wrong to me

And also has very real world issues - as crictl on Kubic is constantly complaining about the deprecated syntax for it's container runtime endpoint, which should be unix:///var/run/crio/crio.sock not the current /var/run/crio/crio.sock

2 Solutions are possible

Option a) get crictl.yaml packaged in cri-tools instead
or 
b) get cri-o packaged in devel:kubic and caught up with the respective cri-tools version to solve this discrepency

Valentin, which do you prefer?
Comment 1 Valentin Rothberg 2018-08-13 05:58:51 UTC
(In reply to Richard Brown from comment #0)
> /etc/crictl.yaml is consumed by the crictl binary provided by cri-tools
> 
> But /etc/crictl.yml is currently packaged as part of cri-o
> 
> This seems very wrong to me

I understand that it seems weird, but that's just how upstream provides those files. However, I agree that we should move the config to cri-tools.

> And also has very real world issues - as crictl on Kubic is constantly
> complaining about the deprecated syntax for it's container runtime endpoint,
> which should be unix:///var/run/crio/crio.sock not the current
> /var/run/crio/crio.sock
> 
> 2 Solutions are possible
> 
> Option a) get crictl.yaml packaged in cri-tools instead
> or 
> b) get cri-o packaged in devel:kubic and caught up with the respective
> cri-tools version to solve this discrepency
> 
> Valentin, which do you prefer?

A mix of both :^)  The `crictl.yaml` should go into cri-tools (with the "unix:" scheme fix) and cri-o should be moved to devel:kubic.

Notice, that I already have a cri-o 1.11.x package but didn't submit it yet as there is a build regression regarding apparmor. I already have a PR open but the upstream e2e flakiness blocks the merge. I will downstream-patch the package for now, so that we can proceed.

Thanks a lot for opening the bug!
Comment 2 Valentin Rothberg 2018-08-13 09:15:14 UTC
Both packages are now updated in Kubic.
Comment 8 Swamp Workflow Management 2019-03-28 21:40:07 UTC
This is an autogenerated message for OBS integration:
This bug (1104598) was mentioned in
https://build.opensuse.org/request/show/689482 Factory / cri-tools
Comment 9 Swamp Workflow Management 2020-04-26 19:16:29 UTC
openSUSE-SU-2020:0554-1: An update that solves 7 vulnerabilities and has 22 fixes is now available.

Category: security (important)
Bug References: 1039663,1042383,1042387,1057277,1059207,1061027,1065972,1069469,1084765,1084766,1085009,1086185,1086412,1095131,1095154,1096773,1097473,1100838,1101010,1104598,1104821,1112980,1118897,1118898,1136403,1144065,1155323,1161056,1161179
CVE References: CVE-2016-5195,CVE-2016-8859,CVE-2017-1002101,CVE-2018-1002105,CVE-2018-16873,CVE-2018-16874,CVE-2019-10214
Sources used:
openSUSE Leap 15.1 (src):    cri-o-1.17.1-lp151.2.2, cri-tools-1.18.0-lp151.2.1, go1.14-1.14-lp151.6.1, kubernetes-1.18.0-lp151.5.1