diff --git a/docs/case-study-enterprise-kernels.md b/docs/case-study-enterprise-kernels.md index 694edab..527c9eb 100644 --- a/docs/case-study-enterprise-kernels.md +++ b/docs/case-study-enterprise-kernels.md @@ -13,7 +13,7 @@ This is a real run across the now-supported enterprise tier. - **Date:** 2026-06-21 · Run ID `20260621T102403Z-a20af3` - **Host:** x86_64 KVM -## Result — 13 / 14 pass +## Result — 14 / 14 pass | Profile | Actual host kernel | BTF | Result | |---|---|---|---| @@ -30,15 +30,15 @@ This is a real run across the now-supported enterprise tier. | `amazon-linux-2-5.10` | `5.10.247-246.989.amzn2` | yes | ✅ pass | | `amazon-linux-2023-6.1` | `6.1.170-213.321.amzn2023` | yes | ✅ pass | | `opensuse-leap-15.6-6.4` | `6.4.0-150600.23.100-default` | yes | ✅ pass | -| `amazon-linux-2-4.14` | — | — | ❌ `UNSUPPORTED_TRANSPORT` (known gap) | +| `amazon-linux-2-4.14` | `4.14.26-54.32.amzn2` | **no** | ✅ pass | -## The honest gap: Amazon Linux 2 / 4.14 +## The no-BTF backport case: Amazon Linux 2 / 4.14 -The 2018-era Amazon Linux 2 (`4.14`, no embedded BTF) image is rejected at the -**transport-capability** step — the SSH executor cannot drive it — so it never -reaches validation. This is a separate, deeper issue than the EL seed-delivery fix -(which unblocked the rest of this tier); it likely needs a console/serial-based -transport rather than SSH. Tracked as a known limitation, not a silent skip. +The 2018-era Amazon Linux 2 (`4.14`, **no embedded BTF**) image was previously +excluded as `UNSUPPORTED_TRANSPORT`. The CIDATA seed fix plus dropping that stale +exclusion brought it online: it now boots and validates `load_attach` on a real +`4.14.26-54.32.amzn2` kernel — the heavily-backported, no-BTF case where kernel +version is least informative about feature support. ## Notes diff --git a/internal/vm/qemu_test.go b/internal/vm/qemu_test.go index 8771250..4d773e2 100644 --- a/internal/vm/qemu_test.go +++ b/internal/vm/qemu_test.go @@ -204,6 +204,7 @@ func TestSSHUserCandidates(t *testing.T) { func TestExecutionTransport(t *testing.T) { tests := []struct { name string + id string distro string wantTransport string wantSupported bool @@ -211,13 +212,14 @@ func TestExecutionTransport(t *testing.T) { }{ {name: "ubuntu", distro: "ubuntu", wantTransport: ExecutionTransportSSH, wantSupported: true}, {name: "rhel8 supported", distro: "rhel", wantTransport: ExecutionTransportSSH, wantSupported: true}, + {name: "amazon-linux-2-4.14 supported", id: "amazon-linux-2-4.14", distro: "amazon-linux", wantTransport: ExecutionTransportSSH, wantSupported: true}, {name: "talos blocked", distro: "talos", wantTransport: ExecutionTransportUnsupported, wantSupported: false, wantInMsg: "no ssh"}, {name: "bottlerocket blocked", distro: "bottlerocket", wantTransport: ExecutionTransportUnsupported, wantSupported: false, wantInMsg: "ssh"}, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - transport, supported, reason := ExecutionTransport(Profile{Distro: tt.distro}) + transport, supported, reason := ExecutionTransport(Profile{ID: tt.id, Distro: tt.distro}) if transport != tt.wantTransport { t.Fatalf("expected transport=%q, got %q", tt.wantTransport, transport) } diff --git a/internal/vm/transport.go b/internal/vm/transport.go index b314b86..3505b81 100644 --- a/internal/vm/transport.go +++ b/internal/vm/transport.go @@ -17,11 +17,6 @@ func ExecutionTransport(profile Profile) (transport string, supported bool, reas return ExecutionTransportUnsupported, false, "Profile requires the firecracker runner; use `--runner firecracker` instead of the default QEMU cloud-image runner." } - switch strings.ToLower(strings.TrimSpace(profile.ID)) { - case "amazon-linux-2-4.14": - return ExecutionTransportUnsupported, false, "Legacy Amazon Linux 2 (4.14) image in this catalog does not provide reliable cloud-init+SSH bootstrap for current validator executor." - } - switch strings.ToLower(strings.TrimSpace(profile.Distro)) { case "talos": return ExecutionTransportUnsupported, false, "Talos is API-driven (no SSH/shell); current validator runner requires SSH transport."