Bug 1877448

Summary:	Allow installing OS extensions on FCOS
Product:	OpenShift Container Platform	Reporter:	Vadim Rutkovsky <vrutkovs>
Component:	Machine Config Operator	Assignee:	Antonio Murdaca <amurdaca>
Status:	CLOSED ERRATA	QA Contact:	Micah Abbott <miabbott>
Severity:	medium	Docs Contact:
Priority:	unspecified
Version:	4.6	CC:	miabbott
Target Milestone:	---
Target Release:	4.6.0
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:		Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2020-10-27 16:38:53 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Vadim Rutkovsky 2020-09-09 16:21:44 UTC

Currently MCO applies OS extensions on RHCOS nodes only. In OKD we'd like to allow installing any package on FCOS nodes too

Comment 4 Micah Abbott 2020-10-01 15:45:22 UTC

Verified with 4.6.0-0.okd-2020-10-01-092556

```
$ oc get clusterversion                                                                                                                                                                                                                                           
NAME      VERSION                         AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.6.0-0.okd-2020-10-01-092556   True        False         117s    Cluster version is 4.6.0-0.okd-2020-10-01-092556

$ oc get nodes                                                                                     
NAME                                         STATUS   ROLES    AGE   VERSION                                                                                   
ip-10-0-137-226.us-east-2.compute.internal   Ready    master   29m   v1.19.0-rc.2+beb741b-1062                  
ip-10-0-150-113.us-east-2.compute.internal   Ready    worker   12m   v1.19.0-rc.2+beb741b-1062                  
ip-10-0-174-33.us-east-2.compute.internal    Ready    master   29m   v1.19.0-rc.2+beb741b-1062                  
ip-10-0-185-82.us-east-2.compute.internal    Ready    worker   16m   v1.19.0-rc.2+beb741b-1062                  
ip-10-0-198-181.us-east-2.compute.internal   Ready    worker   15m   v1.19.0-rc.2+beb741b-1062
ip-10-0-230-16.us-east-2.compute.internal    Ready    master   33m   v1.19.0-rc.2+beb741b-1062

$ cat machineConfigs/extensions.yaml                                                                
apiVersion: machineconfiguration.openshift.io/v1              
kind: MachineConfig                             
metadata:                                                                                                                                                      
  labels:
    machineconfiguration.openshift.io/role: worker                                                                                                             
  name: 90-worker-extensions                                  
spec:                                           
  config:                                                                                                                                                      
    ignition:
      version: 3.1.0
  extensions:
    - usbguard

$ oc apply -f machineConfigs/extensions.yaml                                                        
machineconfig.machineconfiguration.openshift.io/90-worker-extensions created

$ oc get mc
NAME                                               GENERATEDBYCONTROLLER                      IGNITIONVERSION   AGE
00-master                                          522f0fa36cc7b952c6e98e120c58c66e6d795544   3.1.0             34m
00-worker                                          522f0fa36cc7b952c6e98e120c58c66e6d795544   3.1.0             34m
01-master-container-runtime                        522f0fa36cc7b952c6e98e120c58c66e6d795544   3.1.0             34m
01-master-kubelet                                  522f0fa36cc7b952c6e98e120c58c66e6d795544   3.1.0             34m
01-worker-container-runtime                        522f0fa36cc7b952c6e98e120c58c66e6d795544   3.1.0             34m
01-worker-kubelet                                  522f0fa36cc7b952c6e98e120c58c66e6d795544   3.1.0             34m
90-worker-extensions                                                                          3.1.0             8m15s
99-master-disable-mitigations                                                                 3.1.0             47m
99-master-generated-registries                     522f0fa36cc7b952c6e98e120c58c66e6d795544   3.1.0             34m
99-master-okd-extensions                                                                      3.1.0             47m
99-master-ssh                                                                                 3.1.0             47m
99-worker-disable-mitigations                                                                 3.1.0             47m
99-worker-generated-registries                     522f0fa36cc7b952c6e98e120c58c66e6d795544   3.1.0             34m
99-worker-okd-extensions                                                                      3.1.0             47m
99-worker-ssh                                                                                 3.1.0             47m
rendered-master-3d2cf2e9d7e5f1e69fbdf0fadf7bc6a6   522f0fa36cc7b952c6e98e120c58c66e6d795544   3.1.0             34m
rendered-worker-4b584955d33a070f05fd74d9c17cff5e   522f0fa36cc7b952c6e98e120c58c66e6d795544   3.1.0             8m10s
rendered-worker-d96c08402d7c5f492bb4563475b73c7d   522f0fa36cc7b952c6e98e120c58c66e6d795544   3.1.0             34m

$ oc debug node/ip-10-0-198-181.us-east-2.compute.internal
Starting pod/ip-10-0-198-181us-east-2computeinternal-debug ...
To use host binaries, run `chroot /host`
Pod IP: 10.0.198.181
If you don't see a command prompt, try pressing enter.
sh-4.4# chroot /host
sh-5.0# rpm-ostree status
State: idle
Deployments:
* pivot://registry.svc.ci.openshift.org/origin/4.6-2020-10-01-092556@sha256:10362d0ff3bfcfdc8dbe20a5b5e084551a78236e0ddcf9444333d4bdacad809a
              CustomOrigin: Managed by machine-config-operator
                 Timestamp: 2020-09-30T05:20:01Z
           LayeredPackages: NetworkManager-ovs glusterfs glusterfs-fuse open-vm-tools usbguard

  pivot://registry.svc.ci.openshift.org/origin/4.6-2020-10-01-092556@sha256:10362d0ff3bfcfdc8dbe20a5b5e084551a78236e0ddcf9444333d4bdacad809a
              CustomOrigin: Managed by machine-config-operator
                 Timestamp: 2020-09-30T05:20:01Z
           LayeredPackages: NetworkManager-ovs glusterfs glusterfs-fuse open-vm-tools
sh-5.0# exit
exit
sh-4.4# exit
exit

Removing debug pod ...
```

Comment 6 errata-xmlrpc 2020-10-27 16:38:53 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4196