Skip to content

[Build Image] Manage Kernel consistency through version locking #6771

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
May 27, 2025
Merged

[Build Image] Manage Kernel consistency through version locking #6771

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
439a9e8
Adding Kernel Pinning in parallelcluster.yaml
May 1, 2025
97dbca4
Removing centos usage in ImageBuilder
May 1, 2025
5f8530a
Adding kernel pinning by default in parallelcluster.yaml
May 7, 2025
9dc8493
Add kernel locking for Ubuntu AMI's
May 8, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
72 changes: 64 additions & 8 deletions cli/src/pcluster/resources/imagebuilder/parallelcluster.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -129,7 +129,7 @@ phases:
set -v
OS='{{ build.OperatingSystemName.outputs.stdout }}'

if [ `echo "${!OS}" | grep -E '^(alinux|centos|rhel|rocky)'` ]; then
if [ `echo "${!OS}" | grep -E '^(alinux|rhel|rocky)'` ]; then
PLATFORM='RHEL'
elif [ `echo "${!OS}" | grep -E '^ubuntu'` ]; then
PLATFORM='DEBIAN'
Expand Down Expand Up @@ -167,7 +167,7 @@ phases:
set -v
if [ ${CfnParamUpdateOsAndReboot} == false ]; then
RELEASE='{{ build.OperatingSystemRelease.outputs.stdout }}'
if [ `echo "${!RELEASE}" | grep -Ev '^(amzn|centos|ubuntu|rhel|rocky)'` ]; then
if [ `echo "${!RELEASE}" | grep -Ev '^(amzn|ubuntu|rhel|rocky)'` ]; then
echo "This component does not support '${!RELEASE}'. Failing build."
exit {{ FailExitCode }}
fi
Expand All @@ -182,6 +182,36 @@ phases:
fi
fi

- name: PinKernelVersion
action: ExecuteBash
inputs:
commands:
- |
set -v
OS='{{ build.OperatingSystemName.outputs.stdout }}'
PLATFORM='{{ build.PlatformName.outputs.stdout }}'
KERNEL_VERSION=$(uname -a)
if [[ ${!PLATFORM} == RHEL ]]; then
yum install -y yum-plugin-versionlock
# listing all the packages because wildcard does not work as expected
yum versionlock kernel kernel-core kernel-modules

if [[ ${!OS} == "alinux2" ]] || [[ ${!OS} == "alinux2023" ]] ; then
yum versionlock kernel-abi-whitelists
else
yum versionlock kernel-abi-stablelists
fi

if [[ ${!OS} == "rocky8" ]] || [[ ${!OS} == "rocky9" ]] ; then
yum versionlock rocky-release rocky-repos
elif [[ ${!OS} == "rhel8" ]] || [[ ${!OS} == "rhel9" ]] ; then
yum versionlock redhat-release
fi
else
apt-mark hold linux-aws* linux-base* linux-headers* linux-image*
fi
echo "Kernel version is ${!KERNEL_VERSION}"

# Install prerequisite OS packages
- name: InstallPrerequisite
action: ExecuteBash
Expand All @@ -203,12 +233,6 @@ phases:
fi
yum -y update krb5-libs
yum -y groupinstall development && sudo yum -y install curl wget jq


if [[ ${!OS} =~ ^centos ]]; then
/bin/sed -r -i -e 's/SELINUX=enforcing/SELINUX=permissive/' /etc/selinux/config
grub2-mkconfig -o /boot/grub2/grub.cfg
fi
elif [[ ${!PLATFORM} == DEBIAN ]]; then
if [[ "${CfnParamUpdateOsAndReboot}" == "false" ]]; then
# disable apt-daily.timer to avoid dpkg lock
Expand Down Expand Up @@ -308,6 +332,38 @@ phases:
{{ build.PClusterCookbookVersionName.outputs.stdout }}
overwrite: true

- name: RemoveKernelPin
action: ExecuteBash
inputs:
commands:
- |
set -v
OS='{{ build.OperatingSystemName.outputs.stdout }}'
PLATFORM='{{ build.PlatformName.outputs.stdout }}'
BEFORE_KERNEL_VERSION='{{ build.PinKernelVersion.output.stdout }}'
# Remove kernel version lock
if [[ ${!PLATFORM} == RHEL ]]; then
yum versionlock delete kernel kernel-core kernel-modules

if [[ ${!OS} == "alinux2" ]] || [[ ${!OS} == "alinux2023" ]] ; then
yum versionlock delete kernel-abi-whitelists
else
yum versionlock delete kernel-abi-stablelists
fi

if [[ ${!OS} == "rocky8" ]] || [[ ${!OS} == "rocky9" ]] ; then
yum versionlock delete rocky-release rocky-repos
elif [[ ${!OS} == "rhel8" ]] || [[ ${!OS} == "rhel9" ]] ; then
yum versionlock delete redhat-release
fi
else
apt-mark unhold linux-aws* linux-base* linux-headers* linux-image*
fi
if [[ "$(uname -a)" != ${!BEFORE_KERNEL_VERSION} ]] ; then
echo "Kernel was upgraded from ${!BEFORE_KERNEL_VERSION} to $(uname -a)"
fi
echo "Kernel version unlocked"

- name: KeepSSM
action: ExecuteBash
inputs:
Expand Down
Empty file added cli/src/pcluster/resources/imagebuilder/parallelcluster_validate.yaml
View file
Open in desktop
Empty file.
4 changes: 2 additions & 2 deletions cli/src/pcluster/resources/imagebuilder/update_and_reboot.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ phases:
set -v
OS='{{ build.OperatingSystemName.outputs.stdout }}'

if [ `echo "${!OS}" | grep -E '^(alinux|centos|rhel|rocky)'` ]; then
if [ `echo "${!OS}" | grep -E '^(alinux|rhel|rocky)'` ]; then
PLATFORM='RHEL'
elif [ `echo "${!OS}" | grep -E '^ubuntu'` ]; then
PLATFORM='DEBIAN'
Expand All @@ -83,7 +83,7 @@ phases:
- |
set -v
RELEASE='{{ build.OperatingSystemRelease.outputs.stdout }}'
if [ `echo "${!RELEASE}" | grep -Ev '^(amzn|centos|ubuntu|rhel|rocky)'` ]; then
if [ `echo "${!RELEASE}" | grep -Ev '^(amzn|ubuntu|rhel|rocky)'` ]; then
echo "This component does not support '${!RELEASE}'. Failing build."
exit {{ FailExitCode }}
fi
Expand Down
Loading