PRODENG-3471: fix Windows MCR install for FIPS channels#633
Draft
james-nesbitt wants to merge 1 commit into
Draft
PRODENG-3471: fix Windows MCR install for FIPS channels#633james-nesbitt wants to merge 1 commit into
james-nesbitt wants to merge 1 commit into
Conversation
For FIPS channels (e.g. stable-29.2.1/fips) the Windows MCR installer repo publishes versioned artifacts (docker-29.2.1+fips.zip) but does NOT publish docker-latest+fips.zip. Launchpad was hardcoding DOCKER_VERSION=latest, causing install.ps1 to construct a non-existent URL and exit 1 on all Windows nodes. Linux nodes are unaffected. Add windowsInstallerVersion(channel string) as a package-private helper in pkg/configurer/windows.go, alongside the existing isExitCode3010 helper. Returns 'latest' for all non-FIPS channels (preserving current behaviour) and extracts the version from the channel string for FIPS: stable-29.2.1/fips → 29.2.1 test-29.4.1-rc3/fips → 29.4.1-rc3 stable-29.2 → latest (unchanged) InstallMCR uses this instead of the hardcoded 'latest'. Signed-off-by: James Nesbitt <jnesbitt@mirantis.com>
james-nesbitt
force-pushed
the
PRODENG-3471-windows-fips-mcr-version
branch
from
b0e8cc5 to
b4dcd13
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Jira: https://mirantis.jira.com/browse/PRODENG-3471
Problem
For FIPS channels (e.g.
stable-29.2.1/fips) the Windows MCR installer repo publishes versioned artifacts (docker-29.2.1+fips.zip) but does not publishdocker-latest+fips.zip. Launchpad hardcodesDOCKER_VERSION=latest, causinginstall.ps1to construct a non-existent URL and exit 1 on all Windows nodes. Linux nodes are unaffected (they use the package manager, not this URL).Fix
MCRConfig.WindowsInstallerVersion()returns"latest"for all non-FIPS channels (preserving existing behaviour) and extracts the version from the channel string for FIPS channels:stable-29.2.1/fips→29.2.1test-29.4.1-rc3/fips→29.4.1-rc3stable-29.2→latest(unchanged)InstallMCRinwindows.gouses this instead of the hardcoded"latest".Changes
pkg/product/common/config/mcr_config.go—WindowsInstallerVersion()methodpkg/product/common/config/mcr_config_test.go— 8 table-driven test casespkg/configurer/windows.go— useWindowsInstallerVersion()instead of"latest"Note on design
The method name and the FIPS-only guard are a design choice made before the MCR publishing question was fully explored. The approach may change based on the MCR team's response.