Bug 1880603
| Summary: | The MCO is unable to upgrade from 4.5->4.6 if there are multiple passwd sections in multiple user machineconfigs | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Yu Qi Zhang <jerzhang> |
| Component: | Machine Config Operator | Assignee: | Yu Qi Zhang <jerzhang> |
| Status: | CLOSED ERRATA | QA Contact: | Michael Nguyen <mnguyen> |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | 4.6 | CC: | bgilbert, brad.williams, rioliu, yanyang |
| Target Milestone: | --- | ||
| Target Release: | 4.6.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-10-27 16:42:58 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Yu Qi Zhang
2020-09-18 19:25:13 UTC
Verified on 4.6.0-0.nightly-2020-09-24-074159
$ oc get clusterversion
NAME VERSION AVAILABLE PROGRESSING SINCE STATUS
version 4.5.12 True False 10m Cluster version is 4.5.12
$ cat ssh.yaml
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
metadata:
labels:
machineconfiguration.openshift.io/role: worker
name: 99-worker-ssh-new-keys
spec:
config:
ignition:
version: 2.2.0
passwd:
users:
- name: core
sshAuthorizedKeys:
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0IH07pnGYTIHMm9+Ps3EmIYQxlGT1A6Ph778C7WJII8DGWHNi6LTm6N4IYm8DRNxLMUCenJQXuVAWkrWD6i6TQ2KZP/YF2H3E5Vp9QGaSbCqH5SyzUd6iBtFDp7HvGjIeBaZHmmoEEoHS9pbLaB7mR+FyfIi9Jzy2OBc7x1wWTzAGb2yWL6+mXv9+OOAuBQ1LY6gtQXGfytm3FPe/bqpIgOoez5qdyBn6UZHXIjpurXWh/4SCGbWNqFitgq3bee1g9na0JhQhVL0WGxcqSGdX5G36K32tdH0SstjCMGIAzmXa8dhsJcKQI6GqGBwSovbbalYmLOTsvhtskXGExqVB mnguyen
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMfELk/C9nhNugH+SlddUNCmBUbYrJg0p97/qOPh3kRI mnguyen
$ oc create -f ssh.yaml
machineconfig.machineconfiguration.openshift.io/99-worker-ssh-new-keys created
$ oc get mc
NAME GENERATEDBYCONTROLLER IGNITIONVERSION AGE
00-master 08aad1925d6e29266390ecb6f4e6730d60e44aaf 2.2.0 32m
00-worker 08aad1925d6e29266390ecb6f4e6730d60e44aaf 2.2.0 32m
01-master-container-runtime 08aad1925d6e29266390ecb6f4e6730d60e44aaf 2.2.0 32m
01-master-kubelet 08aad1925d6e29266390ecb6f4e6730d60e44aaf 2.2.0 32m
01-worker-container-runtime 08aad1925d6e29266390ecb6f4e6730d60e44aaf 2.2.0 32m
01-worker-kubelet 08aad1925d6e29266390ecb6f4e6730d60e44aaf 2.2.0 32m
99-master-c6e5564d-4939-438c-8d11-d85c0f358ba2-registries 08aad1925d6e29266390ecb6f4e6730d60e44aaf 2.2.0 32m
99-master-ssh 2.2.0 38m
99-worker-1e97ff1e-2c1f-40b9-aad2-3b34e0aad42a-registries 08aad1925d6e29266390ecb6f4e6730d60e44aaf 2.2.0 32m
99-worker-ssh 2.2.0 38m
99-worker-ssh-new-keys 2.2.0 7s
rendered-master-0712deb798e2b9124b4718493c4d023b 08aad1925d6e29266390ecb6f4e6730d60e44aaf 2.2.0 32m
rendered-worker-e3da71ca8b038343750215cb64b1f6de 08aad1925d6e29266390ecb6f4e6730d60e44aaf 2.2.0 2s
rendered-worker-e56ae1a39cd3cd3347148f23851dc4c2 08aad1925d6e29266390ecb6f4e6730d60e44aaf 2.2.0 32m
$ oc get mcp
NAME CONFIG UPDATED UPDATING DEGRADED MACHINECOUNT READYMACHINECOUNT UPDATEDMACHINECOUNT DEGRADEDMACHINECOUNT AGE
master rendered-master-0712deb798e2b9124b4718493c4d023b True False False 3 3 3 0 32m
worker rendered-worker-e56ae1a39cd3cd3347148f23851dc4c2 False True False 3 0 0 0 32m
$ watch oc get mcp
$ oc get node
NAME STATUS ROLES AGE VERSION
ip-10-0-137-150.us-west-2.compute.internal Ready master 91m v1.18.3+47c0e71
ip-10-0-141-169.us-west-2.compute.internal Ready worker 77m v1.18.3+47c0e71
ip-10-0-169-181.us-west-2.compute.internal Ready master 95m v1.18.3+47c0e71
ip-10-0-173-230.us-west-2.compute.internal Ready worker 79m v1.18.3+47c0e71
ip-10-0-211-59.us-west-2.compute.internal Ready worker 79m v1.18.3+47c0e71
ip-10-0-217-147.us-west-2.compute.internal Ready master 91m v1.18.3+47c0e71
$ oc debug node/ip-10-0-211-59.us-west-2.compute.internal
Starting pod/ip-10-0-211-59us-west-2computeinternal-debug ...
To use host binaries, run `chroot /host`
If you don't see a command prompt, try pressing enter.
sh-4.2# chroot /host
sh-4.4# cat /home/core/.ssh/*
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCbXCby9r69mn+lGn7/mjZRkr+ShGWmVcXT4pbwA8IJBkjJg/EtXFuL1VjP5QbbWvjakQ1ZpMEYkL4V1Gm1etzkoDuMV+VhvvL8uW59XezLH1My9RQ5vtXY7GpB3t4qbTX2AQ5abAlTAoRgOxr5mKT62m3uUpU6HBWkcqwhNGRNPQOhUBybbpxMyakJ/TyS5F7GOajsCWdhx3ErldXrtUgbArPwR16Nh0lA3jO81QJnKzbkcaVlCNd8A3to0Dx1g5cel2HDK37Ri6xYZssh1qGN+fecc7Gf4lqvp1gGMtKMyZw8t54/cJrSeVhzi+mq8aeTIaOAwpoa8C4H80HE35wog1tsS0WALlPdNZ8IyPZRfhH3iG12X0WttB5x2hHngQaYzSWzs1TvEGwrci1Y8EFE1xXG6ArAPG5Iy79tmXlOZM/R/D1K6oVRrVB6T4fWKtHFHJExlRI6HWT+Qxye96RPWxEdKEhWzOLRrBiWPSXYCtT4SCbBirP4C/htnDNcMGlT/HIETVf0R+ixjnsqeYYQn15cXvWSSDQ4LTnW9vBrDLsWVFV8hJ4outZ67Ztf/tBuGKfUFzLkTCFhWJER1bbH7Zhxn5xCplI4REr2+PKnhRaPCrz6W2TRO94pACkJG3M4eP3OyCbVfC1N1c0+MPwwJ0R7TAllli94t5jQthu8xw==
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0IH07pnGYTIHMm9+Ps3EmIYQxlGT1A6Ph778C7WJII8DGWHNi6LTm6N4IYm8DRNxLMUCenJQXuVAWkrWD6i6TQ2KZP/YF2H3E5Vp9QGaSbCqH5SyzUd6iBtFDp7HvGjIeBaZHmmoEEoHS9pbLaB7mR+FyfIi9Jzy2OBc7x1wWTzAGb2yWL6+mXv9+OOAuBQ1LY6gtQXGfytm3FPe/bqpIgOoez5qdyBn6UZHXIjpurXWh/4SCGbWNqFitgq3bee1g9na0JhQhVL0WGxcqSGdX5G36K32tdH0SstjCMGIAzmXa8dhsJcKQI6GqGBwSovbbalYmLOTsvhtskXGExqVB mnguyen
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMfELk/C9nhNugH+SlddUNCmBUbYrJg0p97/qOPh3kRI mnguyen
cat: /home/core/.ssh/authorized_keys.d: Is a directory
sh-4.4# cat /home/core/.ssh/authorized_keys.d/*
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCbXCby9r69mn+lGn7/mjZRkr+ShGWmVcXT4pbwA8IJBkjJg/EtXFuL1VjP5QbbWvjakQ1ZpMEYkL4V1Gm1etzkoDuMV+VhvvL8uW59XezLH1My9RQ5vtXY7GpB3t4qbTX2AQ5abAlTAoRgOxr5mKT62m3uUpU6HBWkcqwhNGRNPQOhUBybbpxMyakJ/TyS5F7GOajsCWdhx3ErldXrtUgbArPwR16Nh0lA3jO81QJnKzbkcaVlCNd8A3to0Dx1g5cel2HDK37Ri6xYZssh1qGN+fecc7Gf4lqvp1gGMtKMyZw8t54/cJrSeVhzi+mq8aeTIaOAwpoa8C4H80HE35wog1tsS0WALlPdNZ8IyPZRfhH3iG12X0WttB5x2hHngQaYzSWzs1TvEGwrci1Y8EFE1xXG6ArAPG5Iy79tmXlOZM/R/D1K6oVRrVB6T4fWKtHFHJExlRI6HWT+Qxye96RPWxEdKEhWzOLRrBiWPSXYCtT4SCbBirP4C/htnDNcMGlT/HIETVf0R+ixjnsqeYYQn15cXvWSSDQ4LTnW9vBrDLsWVFV8hJ4outZ67Ztf/tBuGKfUFzLkTCFhWJER1bbH7Zhxn5xCplI4REr2+PKnhRaPCrz6W2TRO94pACkJG3M4eP3OyCbVfC1N1c0+MPwwJ0R7TAllli94t5jQthu8xw==
sh-4.4# exit
exit
sh-4.2# exit
exit
Removing debug pod ...
$ oc get mc
NAME GENERATEDBYCONTROLLER IGNITIONVERSION AGE
00-master 08aad1925d6e29266390ecb6f4e6730d60e44aaf 2.2.0 94m
00-worker 08aad1925d6e29266390ecb6f4e6730d60e44aaf 2.2.0 94m
01-master-container-runtime 08aad1925d6e29266390ecb6f4e6730d60e44aaf 2.2.0 94m
01-master-kubelet 08aad1925d6e29266390ecb6f4e6730d60e44aaf 2.2.0 94m
01-worker-container-runtime 08aad1925d6e29266390ecb6f4e6730d60e44aaf 2.2.0 94m
01-worker-kubelet 08aad1925d6e29266390ecb6f4e6730d60e44aaf 2.2.0 94m
99-master-c6e5564d-4939-438c-8d11-d85c0f358ba2-registries 08aad1925d6e29266390ecb6f4e6730d60e44aaf 2.2.0 94m
99-master-ssh 2.2.0 100m
99-worker-1e97ff1e-2c1f-40b9-aad2-3b34e0aad42a-registries 08aad1925d6e29266390ecb6f4e6730d60e44aaf 2.2.0 94m
99-worker-ssh 2.2.0 100m
99-worker-ssh-new-keys 2.2.0 62m
rendered-master-0712deb798e2b9124b4718493c4d023b 08aad1925d6e29266390ecb6f4e6730d60e44aaf 2.2.0 94m
rendered-worker-e3da71ca8b038343750215cb64b1f6de 08aad1925d6e29266390ecb6f4e6730d60e44aaf 2.2.0 62m
rendered-worker-e56ae1a39cd3cd3347148f23851dc4c2 08aad1925d6e29266390ecb6f4e6730d60e44aaf 2.2.0 94m
$ oc get mc/rendered-worker-e3da71ca8b038343750215cb64b1f6de -o yaml
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
metadata:
annotations:
machineconfiguration.openshift.io/generated-by-controller-version: 08aad1925d6e29266390ecb6f4e6730d60e44aaf
creationTimestamp: "2020-09-24T12:57:54Z"
generation: 1
managedFields:
- apiVersion: machineconfiguration.openshift.io/v1
fieldsType: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.: {}
f:machineconfiguration.openshift.io/generated-by-controller-version: {}
f:ownerReferences:
.: {}
k:{"uid":"1e97ff1e-2c1f-40b9-aad2-3b34e0aad42a"}:
.: {}
f:apiVersion: {}
f:blockOwnerDeletion: {}
f:controller: {}
f:kind: {}
f:name: {}
f:uid: {}
f:spec:
.: {}
f:config:
.: {}
f:ignition:
.: {}
f:version: {}
f:passwd:
.: {}
f:users: {}
f:storage:
.: {}
f:files: {}
f:systemd:
.: {}
f:units: {}
f:fips: {}
f:kernelArguments: {}
f:kernelType: {}
f:osImageURL: {}
manager: machine-config-controller
operation: Update
time: "2020-09-24T12:57:54Z"
name: rendered-worker-e3da71ca8b038343750215cb64b1f6de
ownerReferences:
- apiVersion: machineconfiguration.openshift.io/v1
blockOwnerDeletion: true
controller: true
kind: MachineConfigPool
name: worker
uid: 1e97ff1e-2c1f-40b9-aad2-3b34e0aad42a
resourceVersion: "27323"
selfLink: /apis/machineconfiguration.openshift.io/v1/machineconfigs/rendered-worker-e3da71ca8b038343750215cb64b1f6de
uid: 7d3dbde7-8b59-4ee5-ae7a-f377f7892a68
spec:
config:
ignition:
version: 2.2.0
passwd:
users:
- name: core
sshAuthorizedKeys:
- |
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCbXCby9r69mn+lGn7/mjZRkr+ShGWmVcXT4pbwA8IJBkjJg/EtXFuL1VjP5QbbWvjakQ1ZpMEYkL4V1Gm1etzkoDuMV+VhvvL8uW59XezLH1My9RQ5vtXY7GpB3t4qbTX2AQ5abAlTAoRgOxr5mKT62m3uUpU6HBWkcqwhNGRNPQOhUBybbpxMyakJ/TyS5F7GOajsCWdhx3ErldXrtUgbArPwR16Nh0lA3jO81QJnKzbkcaVlCNd8A3to0Dx1g5cel2HDK37Ri6xYZssh1qGN+fecc7Gf4lqvp1gGMtKMyZw8t54/cJrSeVhzi+mq8aeTIaOAwpoa8C4H80HE35wog1tsS0WALlPdNZ8IyPZRfhH3iG12X0WttB5x2hHngQaYzSWzs1TvEGwrci1Y8EFE1xXG6ArAPG5Iy79tmXlOZM/R/D1K6oVRrVB6T4fWKtHFHJExlRI6HWT+Qxye96RPWxEdKEhWzOLRrBiWPSXYCtT4SCbBirP4C/htnDNcMGlT/HIETVf0R+ixjnsqeYYQn15cXvWSSDQ4LTnW9vBrDLsWVFV8hJ4outZ67Ztf/tBuGKfUFzLkTCFhWJER1bbH7Zhxn5xCplI4REr2+PKnhRaPCrz6W2TRO94pACkJG3M4eP3OyCbVfC1N1c0+MPwwJ0R7TAllli94t5jQthu8xw==
- name: core
sshAuthorizedKeys:
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0IH07pnGYTIHMm9+Ps3EmIYQxlGT1A6Ph778C7WJII8DGWHNi6LTm6N4IYm8DRNxLMUCenJQXuVAWkrWD6i6TQ2KZP/YF2H3E5Vp9QGaSbCqH5SyzUd6iBtFDp7HvGjIeBaZHmmoEEoHS9pbLaB7mR+FyfIi9Jzy2OBc7x1wWTzAGb2yWL6+mXv9+OOAuBQ1LY6gtQXGfytm3FPe/bqpIgOoez5qdyBn6UZHXIjpurXWh/4SCGbWNqFitgq3bee1g9na0JhQhVL0WGxcqSGdX5G36K32tdH0SstjCMGIAzmXa8dhsJcKQI6GqGBwSovbbalYmLOTsvhtskXGExqVB
mnguyen
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMfELk/C9nhNugH+SlddUNCmBUbYrJg0p97/qOPh3kRI
mnguyen
storage:
files:
- contents:
source: data:,
filesystem: root
mode: 384
path: /etc/pki/ca-trust/source/anchors/openshift-config-user-ca-bundle.crt
- contents:
source: data:,r%20%2Fetc%2Fkubernetes%2Fcni%2Fnet.d%2F80-openshift-network.conf%0Ar%20%2Fetc%2Fkubernetes%2Fcni%2Fnet.d%2F10-ovn-kubernetes.conf%0Ad%20%2Frun%2Fmultus%2Fcni%2Fnet.d%2F%200755%20root%20root%20-%20-%0AD%20%2Fvar%2Flib%2Fcni%2Fnetworks%2Fopenshift-sdn%2F%200755%20root%20root%20-%20-%0A
filesystem: root
mode: 420
path: /etc/tmpfiles.d/cleanup-cni.conf
- contents:
source: data:,
filesystem: root
mode: 420
path: /etc/kubernetes/static-pod-resources/configmaps/cloud-config/ca-bundle.pem
- contents:
source: data:,%23%20This%20file%20is%20generated%20by%20the%20Machine%20Config%20Operator's%20containerruntimeconfig%20controller.%0A%23%0A%23%20storage.conf%20is%20the%20configuration%20file%20for%20all%20tools%0A%23%20that%20share%20the%20containers%2Fstorage%20libraries%0A%23%20See%20man%205%20containers-storage.conf%20for%20more%20information%0A%23%20The%20%22container%20storage%22%20table%20contains%20all%20of%20the%20server%20options.%0A%5Bstorage%5D%0A%0A%23%20Default%20Storage%20Driver%0Adriver%20%3D%20%22overlay%22%0A%0A%23%20Temporary%20storage%20location%0Arunroot%20%3D%20%22%2Fvar%2Frun%2Fcontainers%2Fstorage%22%0A%0A%23%20Primary%20Read%2FWrite%20location%20of%20container%20storage%0Agraphroot%20%3D%20%22%2Fvar%2Flib%2Fcontainers%2Fstorage%22%0A%0A%5Bstorage.options%5D%0A%23%20Storage%20options%20to%20be%20passed%20to%20underlying%20storage%20drivers%0A%0A%23%20AdditionalImageStores%20is%20used%20to%20pass%20paths%20to%20additional%20Read%2FOnly%20image%20stores%0A%23%20Must%20be%20comma%20separated%20list.%0Aadditionalimagestores%20%3D%20%5B%0A%5D%0A%0A%23%20Size%20is%20used%20to%20set%20a%20maximum%20size%20of%20the%20container%20image.%20%20Only%20supported%20by%0A%23%20certain%20container%20storage%20drivers.%0Asize%20%3D%20%22%22%0A%0A%23%20OverrideKernelCheck%20tells%20the%20driver%20to%20ignore%20kernel%20checks%20based%20on%20kernel%20version%0Aoverride_kernel_check%20%3D%20%22true%22%0A%0A%23%20Remap-UIDs%2FGIDs%20is%20the%20mapping%20from%20UIDs%2FGIDs%20as%20they%20should%20appear%20inside%20of%0A%23%20a%20container%2C%20to%20UIDs%2FGIDs%20as%20they%20should%20appear%20outside%20of%20the%20container%2C%20and%0A%23%20the%20length%20of%20the%20range%20of%20UIDs%2FGIDs.%20%20Additional%20mapped%20sets%20can%20be%20listed%0A%23%20and%20will%20be%20heeded%20by%20libraries%2C%20but%20there%20are%20limits%20to%20the%20number%20of%0A%23%20mappings%20which%20the%20kernel%20will%20allow%20when%20you%20later%20attempt%20to%20run%20a%0A%23%20container.%0A%23%0A%23%20remap-uids%20%3D%200%3A1668442479%3A65536%0A%23%20remap-gids%20%3D%200%3A1668442479%3A65536%0A%0A%23%20Remap-User%2FGroup%20is%20a%20name%20which%20can%20be%20used%20to%20look%20up%20one%20or%20more%20UID%2FGID%0A%23%20ranges%20in%20the%20%2Fetc%2Fsubuid%20or%20%2Fetc%2Fsubgid%20file.%20%20Mappings%20are%20set%20up%20starting%0A%23%20with%20an%20in-container%20ID%20of%200%20and%20the%20a%20host-level%20ID%20taken%20from%20the%20lowest%0A%23%20range%20that%20matches%20the%20specified%20name%2C%20and%20using%20the%20length%20of%20that%20range.%0A%23%20Additional%20ranges%20are%20then%20assigned%2C%20using%20the%20ranges%20which%20specify%20the%0A%23%20lowest%20host-level%20IDs%20first%2C%20to%20the%20lowest%20not-yet-mapped%20container-level%20ID%2C%0A%23%20until%20all%20of%20the%20entries%20have%20been%20used%20for%20maps.%0A%23%0A%23%20remap-user%20%3D%20%22storage%22%0A%23%20remap-group%20%3D%20%22storage%22%0A%0A%5Bstorage.options.thinpool%5D%0A%23%20Storage%20Options%20for%20thinpool%0A%0A%23%20autoextend_percent%20determines%20the%20amount%20by%20which%20pool%20needs%20to%20be%0A%23%20grown.%20This%20is%20specified%20in%20terms%20of%20%25%20of%20pool%20size.%20So%20a%20value%20of%2020%20means%0A%23%20that%20when%20threshold%20is%20hit%2C%20pool%20will%20be%20grown%20by%2020%25%20of%20existing%0A%23%20pool%20size.%0A%23%20autoextend_percent%20%3D%20%2220%22%0A%0A%23%20autoextend_threshold%20determines%20the%20pool%20extension%20threshold%20in%20terms%0A%23%20of%20percentage%20of%20pool%20size.%20For%20example%2C%20if%20threshold%20is%2060%2C%20that%20means%20when%0A%23%20pool%20is%2060%25%20full%2C%20threshold%20has%20been%20hit.%0A%23%20autoextend_threshold%20%3D%20%2280%22%0A%0A%23%20basesize%20specifies%20the%20size%20to%20use%20when%20creating%20the%20base%20device%2C%20which%0A%23%20limits%20the%20size%20of%20images%20and%20containers.%0A%23%20basesize%20%3D%20%2210G%22%0A%0A%23%20blocksize%20specifies%20a%20custom%20blocksize%20to%20use%20for%20the%20thin%20pool.%0A%23%20blocksize%3D%2264k%22%0A%0A%23%20directlvm_device%20specifies%20a%20custom%20block%20storage%20device%20to%20use%20for%20the%0A%23%20thin%20pool.%20Required%20if%20you%20setup%20devicemapper%0A%23%20directlvm_device%20%3D%20%22%22%0A%0A%23%20directlvm_device_force%20wipes%20device%20even%20if%20device%20already%20has%20a%20filesystem%0A%23%20directlvm_device_force%20%3D%20%22True%22%0A%0A%23%20fs%20specifies%20the%20filesystem%20type%20to%20use%20for%20the%20base%20device.%0A%23%20fs%3D%22xfs%22%0A%0A%23%20log_level%20sets%20the%20log%20level%20of%20devicemapper.%0A%23%200%3A%20LogLevelSuppress%200%20(Default)%0A%23%202%3A%20LogLevelFatal%0A%23%203%3A%20LogLevelErr%0A%23%204%3A%20LogLevelWarn%0A%23%205%3A%20LogLevelNotice%0A%23%206%3A%20LogLevelInfo%0A%23%207%3A%20LogLevelDebug%0A%23%20log_level%20%3D%20%227%22%0A%0A%23%20min_free_space%20specifies%20the%20min%20free%20space%20percent%20in%20a%20thin%20pool%20require%20for%0A%23%20new%20device%20creation%20to%20succeed.%20Valid%20values%20are%20from%200%25%20-%2099%25.%0A%23%20Value%200%25%20disables%0A%23%20min_free_space%20%3D%20%2210%25%22%0A%0A%23%20mkfsarg%20specifies%20extra%20mkfs%20arguments%20to%20be%20used%20when%20creating%20the%20base%0A%23%20device.%0A%23%20mkfsarg%20%3D%20%22%22%0A%0A%23%20mountopt%20specifies%20extra%20mount%20options%20used%20when%20mounting%20the%20thin%20devices.%0A%23%20mountopt%20%3D%20%22%22%0A%0A%23%20use_deferred_removal%20Marking%20device%20for%20deferred%20removal%0A%23%20use_deferred_removal%20%3D%20%22True%22%0A%0A%23%20use_deferred_deletion%20Marking%20device%20for%20deferred%20deletion%0A%23%20use_deferred_deletion%20%3D%20%22True%22%0A%0A%23%20xfs_nospace_max_retries%20specifies%20the%20maximum%20number%20of%20retries%20XFS%20should%0A%23%20attempt%20to%20complete%20IO%20when%20ENOSPC%20(no%20space)%20error%20is%20returned%20by%0A%23%20underlying%20storage%20device.%0A%23%20xfs_nospace_max_retries%20%3D%20%220%22%0A
filesystem: root
mode: 420
path: /etc/containers/storage.conf
- contents:
source: data:,%23!%2Fbin%2Fbash%0A%23%0A%23%2090-long-hostname%20is%20a%20wrapper%20around%20%2Fusr%2Flocal%2Fsbin%2Fset-valid-hostname.sh%2C%0A%23%20which%20ensures%20that%20a%20node%20has%20a%20valid%20hostname.%0AIF%3D%241%0ASTATUS%3D%242%0A%0Alog()%20%7B%20logger%20--tag%20%22network-manager%2F%24(basename%20%240)%22%20%22%24%7B%40%7D%22%3B%20%7D%0A%0Aif%20%5B%5B%20!%20%22%24STATUS%22%20%3D~%20(up%7Chostname%7Cdhcp4-change%7Cdhcp6-change)%20%5D%5D%3B%20then%0A%20%20%20%20exit%200%0Afi%0A%0Aif%20%5B%5B%20!%20%22%24(%3C%20%2Fproc%2Fsys%2Fkernel%2Fhostname)%22%20%3D~%20(localhost%7Clocalhost.localdomain)%20%5D%5D%3B%20then%0A%20%20%20%20log%20%22hostname%20is%20already%20set%22%0A%20%20%20%20exit%200%0Afi%0A%0A%23%20source%20the%20script%20since%20NetworkManager%20execution%20rules%20do%0A%23%20allow%20sourcing%20from%20%2Fusr%2Flocal.%20RHCOS%20has%20an%20read-only%20rootfs%0A%23%20which%20limits%20where%20this%20can%20be%20stashed.%0Asource%20%2Fusr%2Flocal%2Fsbin%2Fset-valid-hostname.sh%0Ahost_name%3D%22%24%7BDHCP4_HOST_NAME%3A-%24DHCP6_HOST_NAME%7D%22%0A%0Aif%20%5B%20-n%20%22%24%7Bhost_name%7D%22%20%5D%3B%20then%0A%20%20%20%20set_valid_hostname%20%22%24%7Bhost_name%7D%22%0Afi%0A
filesystem: root
mode: 493
path: /etc/NetworkManager/dispatcher.d/90-long-hostname
- contents:
source: data:,%23%20Force-load%20legacy%20iptables%20so%20it%20is%20usable%20from%20pod%20network%20namespaces%0Aip_tables%0A
filesystem: root
mode: 420
path: /etc/modules-load.d/iptables.conf
- contents:
source: data:,-----BEGIN%20CERTIFICATE-----%0AMIIDMDCCAhigAwIBAgIIRSOfjauXHxIwDQYJKoZIhvcNAQELBQAwNjESMBAGA1UE%0ACxMJb3BlbnNoaWZ0MSAwHgYDVQQDExdhZG1pbi1rdWJlY29uZmlnLXNpZ25lcjAe%0AFw0yMDA5MjQxMjE0NTRaFw0zMDA5MjIxMjE0NTRaMDYxEjAQBgNVBAsTCW9wZW5z%0AaGlmdDEgMB4GA1UEAxMXYWRtaW4ta3ViZWNvbmZpZy1zaWduZXIwggEiMA0GCSqG%0ASIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZMU%2FyRK9idC%2BNTygiHEd7okPZK0hUEnwE%0ActOG5p83sIIA%2Bs6lPLuMlwafImdbG9AbTG3GRks7nv0QQY4tvch7Quysv3qf83bh%0AhJRydYZbrMODIDXxnDl2nErtAE4MY9X1k04HPdDP3wxqSF4wJUE24cDB0BpAg850%0AVylhykvLiDlmST9rAzGPW8VsC7JbJG9yi3pSMmw8xlM94otQSDpOAzNps2k%2BXm8%2F%0A3avPK%2Fdr3z1J13ZvQdSWKJU%2B%2FZkv6YHKeddsEDteQGSRyQsHHSlRKZIiHrDdy510%0AB%2FJMqzVN8ES%2Bw6k2ZmgITYwc5N6cVBwA3wLQYg6%2FgW88wDssRGRLAgMBAAGjQjBA%0AMA4GA1UdDwEB%2FwQEAwICpDAPBgNVHRMBAf8EBTADAQH%2FMB0GA1UdDgQWBBRWTNjn%0AA8t302VUj1PRksHDFfN0NjANBgkqhkiG9w0BAQsFAAOCAQEAVvfnQ150Ss8zYHAW%0Ah5Dhs5jAF7941nqxpFtK2e9GTuLv%2BpmJSbZUZmIcAJjF2fDvlgnxVRRaxIX3aCmX%0ACvi8uLeN37Hm%2Frluk6qcxiHCE%2FJRB3gKSyt6jiVHJMryJmq5%2FBFFjDRvCmP9ddDR%0ABY2DaIYVeVDYwPKZ8FS3Bp60gUfp7x8LpF6Nkcc7k7CxVrXJEgmBJPgByU1paKmr%0Ak%2FQfZvdpwHF6wpVTeltvQHaV3KJAYtzjyqsM52Fqm%2FnLNmbmbSm%2FnrGN4F71RA2%2B%0Arbyo6NzuQRwG3C%2Biux9NZiP2%2FZ0Xsm%2BXU014IP3Okl6zLQ5iddcRpj4PXKixFQG2%0AkJNlXA%3D%3D%0A-----END%20CERTIFICATE-----%0A-----BEGIN%20CERTIFICATE-----%0AMIIDHjCCAgagAwIBAgIIQKK64TJIN3wwDQYJKoZIhvcNAQELBQAwLTESMBAGA1UE%0ACxMJb3BlbnNoaWZ0MRcwFQYDVQQDEw5rdWJlbGV0LXNpZ25lcjAeFw0yMDA5MjQx%0AMjE0NThaFw0yMDA5MjUxMjE0NThaMC0xEjAQBgNVBAsTCW9wZW5zaGlmdDEXMBUG%0AA1UEAxMOa3ViZWxldC1zaWduZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK%0AAoIBAQC%2Br3R17%2FgPU6SNy%2FIR6ld0G7yDa2wTUDY7GqSlacrFWklgJqCvBRJGuJ%2Fa%0Ab9HEtsRQYHRKDp%2F7JGh%2FUayLBuQumNUUPAllvZ%2BwRcaHGCf1GoVJrmOHkCeJWY4m%0A3xNl8mGpufHeZHDNO214ZSy4wbjvFXCxUL9SeIh6JV3a%2FEZLDryNbpvkyrOZHy0x%0ArcntNPH6e5R1MlqUU5nWChY3113kOGYRXVHrmCzcq6ym6H%2FGmvWLnlK5OIkpn%2Fjj%0AAsfs3OPH%2FSlMTIUSKZA5KIL253HVTsyvYGM%2BDvQnfydvuDmDp1IpMPIVTdxxic7Z%0AYa0d9UgWqXT7OlS7ddr%2BOkvHtNbLAgMBAAGjQjBAMA4GA1UdDwEB%2FwQEAwICpDAP%0ABgNVHRMBAf8EBTADAQH%2FMB0GA1UdDgQWBBTLJpIdBG5MPl1rZNZ4NG6jvvldfTAN%0ABgkqhkiG9w0BAQsFAAOCAQEAqphTZU%2B4u129BdVaR2bdwMV8MrEPme5M4YVMDoXh%0ALNaprW4B26%2B%2BL1RoaHWiek77mZwXaXbPFiuQuPcRlOIsZHWvhPPKevDEdUnqVej2%0AE4iQyrUnUZzSwqomIadZz7M2uEjW8V5vLjSF7SHe6rzdmPeyIY9IzMI%2BwXfd8s%2FU%0AMDqfQw4QKL1fS1e1POEcxByPnPSM9j%2F16InRFZF5L6w9%2BOAl5ovnFa%2BtB2DhIhFo%0AwBKlifEiZb9qMMxZRBMrSr1AK0agIeS9ojCyjlglnyvoGqHq%2Fw1R4LgU2mN%2FLSac%0ANFa0BW%2FrmsLq5rTpxeyNLImiJquj0t8itnVwzktZvubWdw%3D%3D%0A-----END%20CERTIFICATE-----%0A-----BEGIN%20CERTIFICATE-----%0AMIIDNDCCAhygAwIBAgIIY%2BfM1Gc6lRQwDQYJKoZIhvcNAQELBQAwODESMBAGA1UE%0ACxMJb3BlbnNoaWZ0MSIwIAYDVQQDExlrdWJlLWNvbnRyb2wtcGxhbmUtc2lnbmVy%0AMB4XDTIwMDkyNDEyMTQ1OVoXDTIxMDkyNDEyMTQ1OVowODESMBAGA1UECxMJb3Bl%0AbnNoaWZ0MSIwIAYDVQQDExlrdWJlLWNvbnRyb2wtcGxhbmUtc2lnbmVyMIIBIjAN%0ABgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzG7bP0K2m7gmGq%2BWWfZGF%2BLXFoj6%0A00o8Q07vT82DTIDeEVDnaFXoUx5YCveVRj9uT8XBFe6kGNVzVdgJabKXj6YeaUxO%0AyEz%2B3LSD7Sq44oqDNTXUrRDSMvwnjfEYyxZaTqw%2BoNO%2FmTl7BMmbFKD4Tb%2Be9nAq%0AaYSCdjO1k9Dg%2ByquXUGN%2Ba1gKp7hvff%2B2nTKj%2FC6aqAXKwk%2BzrPtLTzKOF97ixsO%0A30slULjqENhvZ0W1wvj1M5sdgcfP5ePgTG3VRD%2FGMgZwlTbDeHKAYnQSXLTocFdN%0A6h%2F%2F3tDHCOQUGvt9wzp13CMD3fTTecjzYdS8qqTTMW1bCzMx2Sx%2FPqUX%2FwIDAQAB%0Ao0IwQDAOBgNVHQ8BAf8EBAMCAqQwDwYDVR0TAQH%2FBAUwAwEB%2FzAdBgNVHQ4EFgQU%0A7m3DSi9UL2mHQmqBe%2BvTPXFPQa8wDQYJKoZIhvcNAQELBQADggEBAAOZmqsCa18m%0ARu3QuUl7Z%2FEbu%2BXIoplfUyyVffahhdqLzeD%2FaiP1wMmxyTuvG6ZAsZSOa373S2F4%0ArWXoHLCxjUoHlbvLF18wFHjkMmeSflKxRpEs44ZRWCupvZqECcBBZFBXIv%2FNE7nN%0A8lQJPZUEZCvIAY9Zbgkg3%2BHTfdG6Q6%2FXpTV18ZTxbBvIh7O3oaVUnWGgydK0UcJx%0A22RGSvUNQFkHvRxoUCQulO%2BpVgPdzjy1V9hgF8FiVl0YRcCylKefv4XGFOzMMQau%0ABmkDaNp0HW48cDxeigG7rzsMttg93V7RoRTtjBlTqHkXgzviebe4Lc0sUOFLch3T%0A3xf6Z2WRzxE%3D%0A-----END%20CERTIFICATE-----%0A-----BEGIN%20CERTIFICATE-----%0AMIIDQjCCAiqgAwIBAgIIEa2Al5HZSi8wDQYJKoZIhvcNAQELBQAwPzESMBAGA1UE%0ACxMJb3BlbnNoaWZ0MSkwJwYDVQQDEyBrdWJlLWFwaXNlcnZlci10by1rdWJlbGV0%0ALXNpZ25lcjAeFw0yMDA5MjQxMjE0NTlaFw0yMTA5MjQxMjE0NTlaMD8xEjAQBgNV%0ABAsTCW9wZW5zaGlmdDEpMCcGA1UEAxMga3ViZS1hcGlzZXJ2ZXItdG8ta3ViZWxl%0AdC1zaWduZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHZp059T%2By%0AJ49j9VnAyXQFwuSuV1km843sNgroAplb8UlUUUaJRk8%2BzSa4UQVC6krLoVckwBmW%0Auzg2rQYqrDGVuX7FTsNPMONCMyLT%2B4n1KKKMAMtu3sUutk5ooDsOAl4qKmelHtCT%0A7ytjMjxBiHQZBG4T5eOrOAMn%2Bsq7%2FTCQEtSfPKWk%2F8oVRyvXA1lW0tbuX5qSiQlw%0Ayawpod%2FK1p3KassaR9lco2xryVg%2FCM8e7y1ELf0oMGBlcvynsn0w7925Q4EkU3js%0Avw%2BT83Wozr0i%2BKXBx3P2KJEbRYoe9MyXWJiqJhU1m4n4LVNjP3uIxAAXkMfHkpoi%0AiFafagFNidLLAgMBAAGjQjBAMA4GA1UdDwEB%2FwQEAwICpDAPBgNVHRMBAf8EBTAD%0AAQH%2FMB0GA1UdDgQWBBQzNeHkatGv1t6FXpoFHwkLsFJlQjANBgkqhkiG9w0BAQsF%0AAAOCAQEAn7zsmegeB7fuJ1CPne5nTJ4rmpNhnQD2kPsY1WUIQS3sQUJf11c1%2FA2E%0AzOQDQQj9aAHvMfEhA%2B%2BK6mlWS9fVHejcIE%2FOJUKegtVICj7LbsLhb7O9nfy%2FVXzM%0A1uCL%2FIF8zCrTxzzLMPR1jcKEXZoKledJmtKXR0VSi4PDICLPoxfIwEvchCZCd2jo%0A89mSbIvVe55bxNehxyazyOsn5oFrHFAueh%2FVEkXOxmfcwivII6ouRAQYOSFox6HE%0AoR%2F3UMQvWVERo0a94n7jufzE6U%2Fcovq6fdOwRuSa5EqY5S7HdvnmxUMDZMGMY6m1%0A85z0c0xjaVQsyJgm4BBxYbfqFUZLCg%3D%3D%0A-----END%20CERTIFICATE-----%0A-----BEGIN%20CERTIFICATE-----%0AMIIDSDCCAjCgAwIBAgIIBOI9S%2FCKzOwwDQYJKoZIhvcNAQELBQAwQjESMBAGA1UE%0ACxMJb3BlbnNoaWZ0MSwwKgYDVQQDEyNrdWJlbGV0LWJvb3RzdHJhcC1rdWJlY29u%0AZmlnLXNpZ25lcjAeFw0yMDA5MjQxMjE0NTRaFw0zMDA5MjIxMjE0NTRaMEIxEjAQ%0ABgNVBAsTCW9wZW5zaGlmdDEsMCoGA1UEAxMja3ViZWxldC1ib290c3RyYXAta3Vi%0AZWNvbmZpZy1zaWduZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQ%0AI7de19aeDbIZc1U7yZ79NrU5q2IGR%2F2RvVgzRMoFwY309uNt1a6AYqG%2F4%2FWT6nWV%0AYhWizSYtMlFTTktACey5lrMPz3h2ger4d27VhLeA2WF4LgYTC2909XVcPkYLMIC3%0AQt8qT5sE0x4jy3qiRrQfFXmK0oVQJoxbdlyLXd2BdX6hynbWbSdSZvGon%2FlxFX1Z%0A6GJ9nScxUpFpFV%2FeydPiNJaiyX9xwoTc6z7XxicAYZeg1fuJmAW0t%2BAN%2BHlQG5LV%0ArpGxERsVLMN8D3jY2zlitoIFhSL7aQmuBnk2anMAXxrj35wWCSb%2FS8gr%2BlC9RUAY%0A3kK0Hm92FP5jtZLHxRzRAgMBAAGjQjBAMA4GA1UdDwEB%2FwQEAwICpDAPBgNVHRMB%0AAf8EBTADAQH%2FMB0GA1UdDgQWBBS33ZioR9uY2JC0Dced2bnQMVSSdzANBgkqhkiG%0A9w0BAQsFAAOCAQEADNxxAHu3nm9dDG5Y%2BwMC5r4Un8wf%2B5QMox8R1g1w28fPGGFH%0ADvg47zJLxIvE3fWUwbYYqF6qmTGfhemwX0DBuxZobXgRggJftVK5nz%2FncIw6GVSW%0AF00BTHYllZV16ApXWNw6RFodaSUGn6U5KZTGf0f0WGGO8WkHyjTOwN77sAsPotWP%0AbluypVhUyqR3qD53JIaUL7iuzBt%2BB3BauEhR6L0DH11XT3HJkvOTyDjbCSv5nduX%0AXF%2FJJSGk5p2n7E7LuT2klT5pHwFCP99O5NidtS0ea2Uhcym%2BVYZhUcuLpkSDN4Wt%0A3LN854Q4QSDnVqiNg6DnENLGxP5EZdguev%2Fpfw%3D%3D%0A-----END%20CERTIFICATE-----%0A
filesystem: root
mode: 420
path: /etc/kubernetes/kubelet-ca.crt
- contents:
source: data:,%23%20Turning%20on%20Accounting%20helps%20track%20down%20performance%20issues.%0A%5BManager%5D%0ADefaultCPUAccounting%3Dyes%0ADefaultMemoryAccounting%3Dyes%0ADefaultBlockIOAccounting%3Dyes%0A
filesystem: root
mode: 420
path: /etc/systemd/system.conf.d/kubelet-cgroups.conf
- contents:
source: data:,%23%20ignore%20known%20SDN-managed%20devices%0A%5Bdevice%5D%0Amatch-device%3Dinterface-name%3Abr-int%3Binterface-name%3Abr-local%3Binterface-name%3Abr-nexthop%2Cinterface-name%3Aovn-k8s-*%2Cinterface-name%3Ak8s-*%3Binterface-name%3Atun0%3Binterface-name%3Abr0%3Bdriver%3Aveth%0Amanaged%3D0%0A
filesystem: root
mode: 420
path: /etc/NetworkManager/conf.d/sdn.conf
- contents:
source: data:,%7B%22auths%22%3A%7B%22registry.svc.ci.openshift.org%22%3A%7B%22auth%22%3A%22dXNlcjpTNEFEVGh2a0NRR3NSa0JlZ183UjhaZ1hId2oyX3M3U1NuVzZCZnF6VWVv%22%7D%2C%22cloud.openshift.com%22%3A%7B%22auth%22%3A%22b3BlbnNoaWZ0LXJlbGVhc2UtZGV2K21uZ3V5ZW5yZWRoYXRjb20xZHp4d293OTZxdG1hajNzaXFocmhlbmVtb3I6QjgyQUZJQUIzQzBKVlNSNFo2R1U2QkgzRzNDV1lBNllWQzVTQ1Q3S0ZPTkNOMU5SR0pEOVQ4NFpPQTgyUFY2NA%3D%3D%22%2C%22email%22%3A%22mnguyen%40redhat.com%22%7D%2C%22quay.io%22%3A%7B%22auth%22%3A%22b3BlbnNoaWZ0LXJlbGVhc2UtZGV2K21uZ3V5ZW5yZWRoYXRjb20xZHp4d293OTZxdG1hajNzaXFocmhlbmVtb3I6QjgyQUZJQUIzQzBKVlNSNFo2R1U2QkgzRzNDV1lBNllWQzVTQ1Q3S0ZPTkNOMU5SR0pEOVQ4NFpPQTgyUFY2NA%3D%3D%22%2C%22email%22%3A%22mnguyen%40redhat.com%22%7D%2C%22registry.connect.redhat.com%22%3A%7B%22auth%22%3A%22NzkxOTg4Nnx1aGMtMUR6eHdvVzk2UXRNYWozc0lRSFJoRW5lTW9yOmV5SmhiR2NpT2lKU1V6VXhNaUo5LmV5SnpkV0lpT2lKbU9XSXlNbUZtTkdRMFltRTBNRFZtWVRReE56RmtOVGRtTnpGaE5qUmtaaUo5LmRHM21MUGhSZHAtYXc3MTBhY2VDZHlrTE4xOWpReU9FckR4dENwUmRJUFBFZXpob3lZR0JpQTlQNlZ3ZUVEWGhFNjRuOFVmYk1Iam9zYVBCMENscmZZSHBmdDVwVDZOdk1Fb0FFaDBuN0tpb0J2TXlvcVFsU3Q1blhUVU53ajdpYk5ndGZoRkxqWE43cE54X1JxTzhCMkxQcjRLQmp3MURFT3FuZ1RER3k2eGFraFA2ZUlmeW4yQnJYLWo0bHlUQ28ydGliZjI2WjRyWW5KNWk2ZE1TQUtnMWVNTzltWW1rTDhFSWE5N2FINXpiQW10M3M5a2JIb0xfaFFMQUxicUpJbkd4Zm1GSnZWN1hRZEs0QWYtR2h4eFZoc0RKbVRXeGpPVnhBNW1ZNnNDX1BsMEx1NG5sTHVlc3pWZWtSREk1VWN0NzR2dEJfNnpmb1RCWXVOVV9ZZnZTSlB6TXp5SGhvNF9VZkJ2YzByT0wxLXNtOEZIOGt1Rms3Y25CN0FUcGlOMF95XzBHT3NGTm1lSjBUa1MxVHJVYURZQU1sQlJoSjdIeGVHWWF2SzVLb3p2LTIzQmdsWV9xX08yWEZIUDFKSzNLc3g2US16YTljWUFQbVc2X05PQ19temVrY2RsWVVIVXp2ak02Y0EyWWl3OE9XRjg3Uy0xcWM1ZGNYUzc4MjdfV2RQbVcwOVlCVkhVQ3lBV1YzV1RGLW5UTEhNRjU2WEdlYVRJUWVMdEZHWTBYZ3R6Y2pUc1ZIRDVJZ19BaVdDLXQ3TkRtS0MwQzlLMTNGX0l3VkxNaHk0RFJaSGxDclNHWTViQ0UxME1CQ0tOV2hfbG1Hb2hoUXRUaTZPak1rdXVaY1ZkWGxock9UbGFJMTRmcTJTMDMwZnh4SG1RY24wZzE1Znl6dnk4%22%2C%22email%22%3A%22mnguyen%40redhat.com%22%7D%2C%22registry.redhat.io%22%3A%7B%22auth%22%3A%22NzkxOTg4Nnx1aGMtMUR6eHdvVzk2UXRNYWozc0lRSFJoRW5lTW9yOmV5SmhiR2NpT2lKU1V6VXhNaUo5LmV5SnpkV0lpT2lKbU9XSXlNbUZtTkdRMFltRTBNRFZtWVRReE56RmtOVGRtTnpGaE5qUmtaaUo5LmRHM21MUGhSZHAtYXc3MTBhY2VDZHlrTE4xOWpReU9FckR4dENwUmRJUFBFZXpob3lZR0JpQTlQNlZ3ZUVEWGhFNjRuOFVmYk1Iam9zYVBCMENscmZZSHBmdDVwVDZOdk1Fb0FFaDBuN0tpb0J2TXlvcVFsU3Q1blhUVU53ajdpYk5ndGZoRkxqWE43cE54X1JxTzhCMkxQcjRLQmp3MURFT3FuZ1RER3k2eGFraFA2ZUlmeW4yQnJYLWo0bHlUQ28ydGliZjI2WjRyWW5KNWk2ZE1TQUtnMWVNTzltWW1rTDhFSWE5N2FINXpiQW10M3M5a2JIb0xfaFFMQUxicUpJbkd4Zm1GSnZWN1hRZEs0QWYtR2h4eFZoc0RKbVRXeGpPVnhBNW1ZNnNDX1BsMEx1NG5sTHVlc3pWZWtSREk1VWN0NzR2dEJfNnpmb1RCWXVOVV9ZZnZTSlB6TXp5SGhvNF9VZkJ2YzByT0wxLXNtOEZIOGt1Rms3Y25CN0FUcGlOMF95XzBHT3NGTm1lSjBUa1MxVHJVYURZQU1sQlJoSjdIeGVHWWF2SzVLb3p2LTIzQmdsWV9xX08yWEZIUDFKSzNLc3g2US16YTljWUFQbVc2X05PQ19temVrY2RsWVVIVXp2ak02Y0EyWWl3OE9XRjg3Uy0xcWM1ZGNYUzc4MjdfV2RQbVcwOVlCVkhVQ3lBV1YzV1RGLW5UTEhNRjU2WEdlYVRJUWVMdEZHWTBYZ3R6Y2pUc1ZIRDVJZ19BaVdDLXQ3TkRtS0MwQzlLMTNGX0l3VkxNaHk0RFJaSGxDclNHWTViQ0UxME1CQ0tOV2hfbG1Hb2hoUXRUaTZPak1rdXVaY1ZkWGxock9UbGFJMTRmcTJTMDMwZnh4SG1RY24wZzE1Znl6dnk4%22%2C%22email%22%3A%22mnguyen%40redhat.com%22%7D%7D%7D%0A
filesystem: root
mode: 384
path: /var/lib/kubelet/config.json
- contents:
source: data:,-----BEGIN%20CERTIFICATE-----%0AMIIDEDCCAfigAwIBAgIIbdcjqdsOvpUwDQYJKoZIhvcNAQELBQAwJjESMBAGA1UE%0ACxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdyb290LWNhMB4XDTIwMDkyNDEyMTQ1NVoX%0ADTMwMDkyMjEyMTQ1NVowJjESMBAGA1UECxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdy%0Ab290LWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5MMheynWo1Fi%0AEEx8ga3Divuvoh4UA23S9ZqTtj%2BHghnpX6DEm2DLE4N8VpmDgorbUZRVWiJiW%2FJq%0AKQLQMSvJs9m%2B3XhdyhSQRX7%2BCNiqmzB4vu4YkrWWdfjMQXJYCJoiAhCIcsJDg%2B1x%0AQjMNNnjIf9kvZ89tlA1AcfLCI8xWVgbgoF2739Ug61zB4orlOTK0ZATh1Yv%2FJT9R%0AAfJTD60BKes9W8zqrnTw1ELh%2BFB296a4jR5RE1Oy4O%2F2kA8nN%2Fnn09xBuSTmdBMb%0AIihlaCJPC3CHqi09eQd6j6NfVdlfoxgmFKoX22zUVP36WfExIGX9lYh%2FdzXbzaDG%0AKTbXDYJQWwIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAqQwDwYDVR0TAQH%2FBAUwAwEB%0A%2FzAdBgNVHQ4EFgQUZ0u3fMTSkvIpe2%2FM%2FjFNYQJEFb0wDQYJKoZIhvcNAQELBQAD%0AggEBADbNZbLxRvmiO7Rab91ayxTDdGSB%2Bv2Ioyl7CEda5kLgS8IIZVJBZraRAEJf%0AnkSkFZCP9wWt8nuhiYFh2I9KzkxzczQC1Ih%2B%2BSLO7efXU9kxPyZKfg%2Fj2oGGI7bZ%0AxoAZK52N0Q638Tya89%2BeWX2c5ar6k3G%2F2r%2FEQBMUqCCAcO6zmiypivyFxcXkn%2F7D%0A0grNOw17dESIVQvPVuDkPBF4ideleoypqwVzNmBLlV%2B4SSilDT7t8uvCnrUvC2wJ%0Abgo896wWsSBsqpaR56S4X6DuR27Q83VNAfFGOk5Tk1xg%2BiFzA%2FZ1HeuwUjmNI3Cx%0A0DNl6C%2BeAdx730fx7UFWdk9iulo%3D%0A-----END%20CERTIFICATE-----%0A-----BEGIN%20CERTIFICATE-----%0AMIIDMDCCAhigAwIBAgIIRSOfjauXHxIwDQYJKoZIhvcNAQELBQAwNjESMBAGA1UE%0ACxMJb3BlbnNoaWZ0MSAwHgYDVQQDExdhZG1pbi1rdWJlY29uZmlnLXNpZ25lcjAe%0AFw0yMDA5MjQxMjE0NTRaFw0zMDA5MjIxMjE0NTRaMDYxEjAQBgNVBAsTCW9wZW5z%0AaGlmdDEgMB4GA1UEAxMXYWRtaW4ta3ViZWNvbmZpZy1zaWduZXIwggEiMA0GCSqG%0ASIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZMU%2FyRK9idC%2BNTygiHEd7okPZK0hUEnwE%0ActOG5p83sIIA%2Bs6lPLuMlwafImdbG9AbTG3GRks7nv0QQY4tvch7Quysv3qf83bh%0AhJRydYZbrMODIDXxnDl2nErtAE4MY9X1k04HPdDP3wxqSF4wJUE24cDB0BpAg850%0AVylhykvLiDlmST9rAzGPW8VsC7JbJG9yi3pSMmw8xlM94otQSDpOAzNps2k%2BXm8%2F%0A3avPK%2Fdr3z1J13ZvQdSWKJU%2B%2FZkv6YHKeddsEDteQGSRyQsHHSlRKZIiHrDdy510%0AB%2FJMqzVN8ES%2Bw6k2ZmgITYwc5N6cVBwA3wLQYg6%2FgW88wDssRGRLAgMBAAGjQjBA%0AMA4GA1UdDwEB%2FwQEAwICpDAPBgNVHRMBAf8EBTADAQH%2FMB0GA1UdDgQWBBRWTNjn%0AA8t302VUj1PRksHDFfN0NjANBgkqhkiG9w0BAQsFAAOCAQEAVvfnQ150Ss8zYHAW%0Ah5Dhs5jAF7941nqxpFtK2e9GTuLv%2BpmJSbZUZmIcAJjF2fDvlgnxVRRaxIX3aCmX%0ACvi8uLeN37Hm%2Frluk6qcxiHCE%2FJRB3gKSyt6jiVHJMryJmq5%2FBFFjDRvCmP9ddDR%0ABY2DaIYVeVDYwPKZ8FS3Bp60gUfp7x8LpF6Nkcc7k7CxVrXJEgmBJPgByU1paKmr%0Ak%2FQfZvdpwHF6wpVTeltvQHaV3KJAYtzjyqsM52Fqm%2FnLNmbmbSm%2FnrGN4F71RA2%2B%0Arbyo6NzuQRwG3C%2Biux9NZiP2%2FZ0Xsm%2BXU014IP3Okl6zLQ5iddcRpj4PXKixFQG2%0AkJNlXA%3D%3D%0A-----END%20CERTIFICATE-----%0A-----BEGIN%20CERTIFICATE-----%0AMIIDHjCCAgagAwIBAgIIQKK64TJIN3wwDQYJKoZIhvcNAQELBQAwLTESMBAGA1UE%0ACxMJb3BlbnNoaWZ0MRcwFQYDVQQDEw5rdWJlbGV0LXNpZ25lcjAeFw0yMDA5MjQx%0AMjE0NThaFw0yMDA5MjUxMjE0NThaMC0xEjAQBgNVBAsTCW9wZW5zaGlmdDEXMBUG%0AA1UEAxMOa3ViZWxldC1zaWduZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK%0AAoIBAQC%2Br3R17%2FgPU6SNy%2FIR6ld0G7yDa2wTUDY7GqSlacrFWklgJqCvBRJGuJ%2Fa%0Ab9HEtsRQYHRKDp%2F7JGh%2FUayLBuQumNUUPAllvZ%2BwRcaHGCf1GoVJrmOHkCeJWY4m%0A3xNl8mGpufHeZHDNO214ZSy4wbjvFXCxUL9SeIh6JV3a%2FEZLDryNbpvkyrOZHy0x%0ArcntNPH6e5R1MlqUU5nWChY3113kOGYRXVHrmCzcq6ym6H%2FGmvWLnlK5OIkpn%2Fjj%0AAsfs3OPH%2FSlMTIUSKZA5KIL253HVTsyvYGM%2BDvQnfydvuDmDp1IpMPIVTdxxic7Z%0AYa0d9UgWqXT7OlS7ddr%2BOkvHtNbLAgMBAAGjQjBAMA4GA1UdDwEB%2FwQEAwICpDAP%0ABgNVHRMBAf8EBTADAQH%2FMB0GA1UdDgQWBBTLJpIdBG5MPl1rZNZ4NG6jvvldfTAN%0ABgkqhkiG9w0BAQsFAAOCAQEAqphTZU%2B4u129BdVaR2bdwMV8MrEPme5M4YVMDoXh%0ALNaprW4B26%2B%2BL1RoaHWiek77mZwXaXbPFiuQuPcRlOIsZHWvhPPKevDEdUnqVej2%0AE4iQyrUnUZzSwqomIadZz7M2uEjW8V5vLjSF7SHe6rzdmPeyIY9IzMI%2BwXfd8s%2FU%0AMDqfQw4QKL1fS1e1POEcxByPnPSM9j%2F16InRFZF5L6w9%2BOAl5ovnFa%2BtB2DhIhFo%0AwBKlifEiZb9qMMxZRBMrSr1AK0agIeS9ojCyjlglnyvoGqHq%2Fw1R4LgU2mN%2FLSac%0ANFa0BW%2FrmsLq5rTpxeyNLImiJquj0t8itnVwzktZvubWdw%3D%3D%0A-----END%20CERTIFICATE-----%0A-----BEGIN%20CERTIFICATE-----%0AMIIDNDCCAhygAwIBAgIIY%2BfM1Gc6lRQwDQYJKoZIhvcNAQELBQAwODESMBAGA1UE%0ACxMJb3BlbnNoaWZ0MSIwIAYDVQQDExlrdWJlLWNvbnRyb2wtcGxhbmUtc2lnbmVy%0AMB4XDTIwMDkyNDEyMTQ1OVoXDTIxMDkyNDEyMTQ1OVowODESMBAGA1UECxMJb3Bl%0AbnNoaWZ0MSIwIAYDVQQDExlrdWJlLWNvbnRyb2wtcGxhbmUtc2lnbmVyMIIBIjAN%0ABgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzG7bP0K2m7gmGq%2BWWfZGF%2BLXFoj6%0A00o8Q07vT82DTIDeEVDnaFXoUx5YCveVRj9uT8XBFe6kGNVzVdgJabKXj6YeaUxO%0AyEz%2B3LSD7Sq44oqDNTXUrRDSMvwnjfEYyxZaTqw%2BoNO%2FmTl7BMmbFKD4Tb%2Be9nAq%0AaYSCdjO1k9Dg%2ByquXUGN%2Ba1gKp7hvff%2B2nTKj%2FC6aqAXKwk%2BzrPtLTzKOF97ixsO%0A30slULjqENhvZ0W1wvj1M5sdgcfP5ePgTG3VRD%2FGMgZwlTbDeHKAYnQSXLTocFdN%0A6h%2F%2F3tDHCOQUGvt9wzp13CMD3fTTecjzYdS8qqTTMW1bCzMx2Sx%2FPqUX%2FwIDAQAB%0Ao0IwQDAOBgNVHQ8BAf8EBAMCAqQwDwYDVR0TAQH%2FBAUwAwEB%2FzAdBgNVHQ4EFgQU%0A7m3DSi9UL2mHQmqBe%2BvTPXFPQa8wDQYJKoZIhvcNAQELBQADggEBAAOZmqsCa18m%0ARu3QuUl7Z%2FEbu%2BXIoplfUyyVffahhdqLzeD%2FaiP1wMmxyTuvG6ZAsZSOa373S2F4%0ArWXoHLCxjUoHlbvLF18wFHjkMmeSflKxRpEs44ZRWCupvZqECcBBZFBXIv%2FNE7nN%0A8lQJPZUEZCvIAY9Zbgkg3%2BHTfdG6Q6%2FXpTV18ZTxbBvIh7O3oaVUnWGgydK0UcJx%0A22RGSvUNQFkHvRxoUCQulO%2BpVgPdzjy1V9hgF8FiVl0YRcCylKefv4XGFOzMMQau%0ABmkDaNp0HW48cDxeigG7rzsMttg93V7RoRTtjBlTqHkXgzviebe4Lc0sUOFLch3T%0A3xf6Z2WRzxE%3D%0A-----END%20CERTIFICATE-----%0A-----BEGIN%20CERTIFICATE-----%0AMIIDQjCCAiqgAwIBAgIIEa2Al5HZSi8wDQYJKoZIhvcNAQELBQAwPzESMBAGA1UE%0ACxMJb3BlbnNoaWZ0MSkwJwYDVQQDEyBrdWJlLWFwaXNlcnZlci10by1rdWJlbGV0%0ALXNpZ25lcjAeFw0yMDA5MjQxMjE0NTlaFw0yMTA5MjQxMjE0NTlaMD8xEjAQBgNV%0ABAsTCW9wZW5zaGlmdDEpMCcGA1UEAxMga3ViZS1hcGlzZXJ2ZXItdG8ta3ViZWxl%0AdC1zaWduZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHZp059T%2By%0AJ49j9VnAyXQFwuSuV1km843sNgroAplb8UlUUUaJRk8%2BzSa4UQVC6krLoVckwBmW%0Auzg2rQYqrDGVuX7FTsNPMONCMyLT%2B4n1KKKMAMtu3sUutk5ooDsOAl4qKmelHtCT%0A7ytjMjxBiHQZBG4T5eOrOAMn%2Bsq7%2FTCQEtSfPKWk%2F8oVRyvXA1lW0tbuX5qSiQlw%0Ayawpod%2FK1p3KassaR9lco2xryVg%2FCM8e7y1ELf0oMGBlcvynsn0w7925Q4EkU3js%0Avw%2BT83Wozr0i%2BKXBx3P2KJEbRYoe9MyXWJiqJhU1m4n4LVNjP3uIxAAXkMfHkpoi%0AiFafagFNidLLAgMBAAGjQjBAMA4GA1UdDwEB%2FwQEAwICpDAPBgNVHRMBAf8EBTAD%0AAQH%2FMB0GA1UdDgQWBBQzNeHkatGv1t6FXpoFHwkLsFJlQjANBgkqhkiG9w0BAQsF%0AAAOCAQEAn7zsmegeB7fuJ1CPne5nTJ4rmpNhnQD2kPsY1WUIQS3sQUJf11c1%2FA2E%0AzOQDQQj9aAHvMfEhA%2B%2BK6mlWS9fVHejcIE%2FOJUKegtVICj7LbsLhb7O9nfy%2FVXzM%0A1uCL%2FIF8zCrTxzzLMPR1jcKEXZoKledJmtKXR0VSi4PDICLPoxfIwEvchCZCd2jo%0A89mSbIvVe55bxNehxyazyOsn5oFrHFAueh%2FVEkXOxmfcwivII6ouRAQYOSFox6HE%0AoR%2F3UMQvWVERo0a94n7jufzE6U%2Fcovq6fdOwRuSa5EqY5S7HdvnmxUMDZMGMY6m1%0A85z0c0xjaVQsyJgm4BBxYbfqFUZLCg%3D%3D%0A-----END%20CERTIFICATE-----%0A-----BEGIN%20CERTIFICATE-----%0AMIIDSDCCAjCgAwIBAgIIBOI9S%2FCKzOwwDQYJKoZIhvcNAQELBQAwQjESMBAGA1UE%0ACxMJb3BlbnNoaWZ0MSwwKgYDVQQDEyNrdWJlbGV0LWJvb3RzdHJhcC1rdWJlY29u%0AZmlnLXNpZ25lcjAeFw0yMDA5MjQxMjE0NTRaFw0zMDA5MjIxMjE0NTRaMEIxEjAQ%0ABgNVBAsTCW9wZW5zaGlmdDEsMCoGA1UEAxMja3ViZWxldC1ib290c3RyYXAta3Vi%0AZWNvbmZpZy1zaWduZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQ%0AI7de19aeDbIZc1U7yZ79NrU5q2IGR%2F2RvVgzRMoFwY309uNt1a6AYqG%2F4%2FWT6nWV%0AYhWizSYtMlFTTktACey5lrMPz3h2ger4d27VhLeA2WF4LgYTC2909XVcPkYLMIC3%0AQt8qT5sE0x4jy3qiRrQfFXmK0oVQJoxbdlyLXd2BdX6hynbWbSdSZvGon%2FlxFX1Z%0A6GJ9nScxUpFpFV%2FeydPiNJaiyX9xwoTc6z7XxicAYZeg1fuJmAW0t%2BAN%2BHlQG5LV%0ArpGxERsVLMN8D3jY2zlitoIFhSL7aQmuBnk2anMAXxrj35wWCSb%2FS8gr%2BlC9RUAY%0A3kK0Hm92FP5jtZLHxRzRAgMBAAGjQjBAMA4GA1UdDwEB%2FwQEAwICpDAPBgNVHRMB%0AAf8EBTADAQH%2FMB0GA1UdDgQWBBS33ZioR9uY2JC0Dced2bnQMVSSdzANBgkqhkiG%0A9w0BAQsFAAOCAQEADNxxAHu3nm9dDG5Y%2BwMC5r4Un8wf%2B5QMox8R1g1w28fPGGFH%0ADvg47zJLxIvE3fWUwbYYqF6qmTGfhemwX0DBuxZobXgRggJftVK5nz%2FncIw6GVSW%0AF00BTHYllZV16ApXWNw6RFodaSUGn6U5KZTGf0f0WGGO8WkHyjTOwN77sAsPotWP%0AbluypVhUyqR3qD53JIaUL7iuzBt%2BB3BauEhR6L0DH11XT3HJkvOTyDjbCSv5nduX%0AXF%2FJJSGk5p2n7E7LuT2klT5pHwFCP99O5NidtS0ea2Uhcym%2BVYZhUcuLpkSDN4Wt%0A3LN854Q4QSDnVqiNg6DnENLGxP5EZdguev%2Fpfw%3D%3D%0A-----END%20CERTIFICATE-----%0A
filesystem: root
mode: 420
path: /etc/kubernetes/ca.crt
- contents:
source: data:,net.ipv4.ip_forward%20%3D%201%0Anet.ipv6.conf.all.forwarding%20%3D%201%0A
filesystem: root
mode: 420
path: /etc/sysctl.d/forward.conf
- contents:
source: data:,%0Afs.inotify.max_user_watches%20%3D%2065536%0Afs.inotify.max_user_instances%20%3D%208192%0A
filesystem: root
mode: 420
path: /etc/sysctl.d/inotify.conf
- contents:
source: data:,%23!%2Fbin%2Fbash%0A%23%20On%20some%20platforms%20the%20hostname%20may%20be%20too%20long%20(%3E63%20chars).%0A%23%20%20-%20On%20firstboot%20the%20hostname%20is%20set%20in%20the%20initramfs%20before%20NetworkManager%0A%23%20%20%20%20And%20it%20may%20be%20truncated%20at%2064%20characters%20(too%20long)%0A%23%20%20-%20On%20reboot%20affect%20nodes%20use%20'localhost'.%0A%23%0A%23%20This%20script%20is%20a%20simple%20workaround%20for%20hostname%20woes%2C%20including%0A%23%20%20-%20NOT%20a%20localhost%20name%0A%23%20%20-%20NOT%20longer%20than%2063%20characters.%20Names%20will%20be%20truncated%20at%20the%0A%23%20%20%20%20first%20dot%2C%20and%20then%20capped%20at%2063%20char%20(which%20ever%20is%20less).%0A%23%20%20-%20Race%20conditions%20between%20truncated%20hostnames%20by%20the%20dhclient%0A%23%20%20%20%20and%20NetworkManager.%0A%23%0A%23%20Finally%2C%20this%20script%20is%20invoked%20via%3A%0A%23%20%20-%20%2Fetc%2FNetworkManager%2Fdispatcher.d%2F90-long-hostnames%0A%23%20%20-%20on%20boot%20via%20node-valid-hostname.service%0A%0Aexport%20PATH%3D%22%2Fusr%2Fbin%3A%2Fusr%2Flocal%2Fbin%3A%2Fsbin%3A%2Fusr%2Flocal%2Fsbin%3A%2Fbin%3A%24%7BPATH%7D%22%0Alog()%20%7B%20logger%20--tag%20%22%24(basename%20%240)%22%20%22%24%7B%40%7D%22%3B%20%7D%0A%0A%23%20wait_localhost%20waits%20until%20the%20host%20gets%20a%20real%20hostname.%0A%23%20This%20will%20wait%20indefinately.%20node-valid-hostname.service%20will%20terminate%0A%23%20this%20after%205m.%0Await_localhost()%20%7B%0A%20%20%20%20log%20%22waiting%20for%20non-localhost%20hostname%20to%20be%20assigned%22%0A%20%20%20%20while%20%5B%5B%20%22%24(%3C%20%2Fproc%2Fsys%2Fkernel%2Fhostname)%22%20%3D~%20(localhost%7Clocalhost.localdomain)%20%5D%5D%3B%0A%20%20%20%20do%0A%20%20%20%20%20%20%20%20sleep%201%0A%20%20%20%20done%0A%20%20%20%20log%20%22node%20identified%20as%20%24(%3C%2Fproc%2Fsys%2Fkernel%2Fhostname)%22%0A%20%20%20%20exit%200%0A%7D%0A%0Aset_valid_hostname()%20%7B%0A%20%20%20%20local%20host_name%3D%24%7B1%7D%0A%20%20%20%20local%20type_arg%3D%22transient%22%0A%0A%20%20%20%20%23%20%2Fetc%2Fhostname%20is%20used%20for%20static%20hostnames%20and%20is%20authorative.%0A%20%20%20%20%23%20This%20will%20check%20to%20make%20sure%20that%20the%20static%20hostname%20is%20the%0A%20%20%20%20%23%20less%20than%20or%20equal%20to%2063%20characters%20in%20length.%0A%20%20%20%20if%20%5B%20-f%20%2Fetc%2Fhostname%20%5D%20%26%26%20%5B%20%22%24(cat%20%2Fetc%2Fhostname%20%7C%20wc%20-m)%22%20-gt%200%20%5D%3B%20then%0A%20%20%20%20%20%20%20%20etc_name%3D%22%24(%3C%20%2Fetc%2Fhostname)%22%0A%20%20%20%20%20%20%20%20type_arg%3D%22static%22%0A%20%20%20%20%20%20%20%20if%20%5B%20%22%24%7Betc_name%7D%22%20!%3D%20%22%24%7Bhost_name%7D%22%20%5D%3B%20then%0A%20%20%20%20%20%20%20%20%20%20%20%20log%20%22%2Fetc%2Fhostname%20is%20set%20to%20%24%7Betc_name%7D%20but%20does%20not%20match%20%24%7Bhost_name%7D%22%0A%20%20%20%20%20%20%20%20%20%20%20%20log%20%22using%20%2Fetc%2Fhostname%20as%20the%20authorative%20name%22%0A%20%20%20%20%20%20%20%20%20%20%20%20host_name%3D%22%24%7Betc_name%7D%22%0A%20%20%20%20%20%20%20%20fi%0A%20%20%20%20fi%0A%0A%20%20%20%20%23%20Only%20mutate%20the%20hostname%20if%20the%20length%20is%20longer%20than%2063%20characters.%20The%0A%20%20%20%20%23%20hostname%20will%20be%20the%20lesser%20of%2063%20characters%20after%20the%20first%20dot%20in%20the%0A%20%20%20%20%23%20FQDN.%0A%20%20%20%20if%20%5B%20%22%24%7B%23host_name%7D%22%20-gt%2063%20%5D%3B%20then%0A%20%20%20%20%20%20%20%20alt_name%3D%24(printf%20%22%24%7Bhost_name%7D%22%20%7C%20cut%20-f1%20-d'.'%20%7C%20cut%20-c%20-63)%0A%20%20%20%20%20%20%20%20log%20%22%24%7Bhost_name%7D%20is%20longer%20than%2063%20characters%2C%20using%20trunacated%20hostname%22%0A%20%20%20%20%20%20%20%20host_name%3D%22%24%7Balt_name%7D%22%0A%20%20%20%20fi%0A%20%20%20%20log%20%22setting%20%24%7Btype_arg%7D%20hostname%20to%20%24%7Bhost_name%7D%22%0A%20%20%20%20%2Fbin%2Fhostnamectl%20%22--%24%7Btype_arg%7D%22%20set-hostname%20%22%24%7Bhost_name%7D%22%0A%20%20%20%20exit%200%0A%7D%0A%0Acli_run()%20%7B%0A%20%20%20%20mode%3D%22%24%7B1%3A%3Fmode%20must%20be%20the%20first%20argument%7D%22%3B%20shift%3B%0A%20%20%20%20case%20%22%24%7Bmode%7D%22%20in%0A%20%20%20%20%20%20%20%20%20%20%20%20wait_localhost)%20wait_localhost%3B%3B%0A%20%20%20%20%20%20%20%20set_valid_hostname)%20hname%3D%22%24%7B1%3A%3Fhostname%20is%20a%20required%20last%20argument%7D%22%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20set_valid_hostname%20%22%24%7Bhname%7D%22%3B%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*)%20log%20%22unknown%20mode%20%24%7Bmode%7D%22%3B%20exit%201%3B%3B%0A%20%20%20%20esac%0A%7D%0A%0A%23%20Allow%20the%20functions%20to%20be%20sourced.%20This%20can%20be%20run%20either%20as%20a%0A%23%20standalone%20command%20or%20in%20systemd%20or%20part%20of%20NetworkManager.%0Aif%20%5B%5B%20%22%24%7BBASH_SOURCE%5B0%5D%7D%22%20%3D%3D%20%22%24%7B0%7D%22%20%5D%5D%3B%20then%0A%20%20%20%20cli_run%20%24%7B%40%7D%0Afi%0A
filesystem: root
mode: 493
path: /usr/local/sbin/set-valid-hostname.sh
- contents:
source: data:,
filesystem: root
mode: 493
path: /etc/kubernetes/kubelet-plugins/volume/exec/.dummy
- contents:
source: data:,unqualified-search-registries%20%3D%20%5B'registry.access.redhat.com'%2C%20'docker.io'%5D%0A
filesystem: root
mode: 420
path: /etc/containers/registries.conf
- contents:
source: data:,%5Bcrio.api%5D%0Astream_address%20%3D%20%22%22%0Astream_port%20%3D%20%2210010%22%0A%0A%5Bcrio.runtime%5D%0Aconmon%20%3D%20%22%2Fusr%2Flibexec%2Fcrio%2Fconmon%22%0Aconmon_cgroup%20%3D%20%22pod%22%0Adefault_env%20%3D%20%5B%0A%20%20%20%20%22NSS_SDB_USE_CACHE%3Dno%22%2C%0A%5D%0Alog_level%20%3D%20%22info%22%0Acgroup_manager%20%3D%20%22systemd%22%0Adefault_capabilities%20%3D%20%5B%0A%20%20%20%20%22CHOWN%22%2C%0A%20%20%20%20%22DAC_OVERRIDE%22%2C%0A%20%20%20%20%22FSETID%22%2C%0A%20%20%20%20%22FOWNER%22%2C%0A%20%20%20%20%22NET_RAW%22%2C%0A%20%20%20%20%22SETGID%22%2C%0A%20%20%20%20%22SETUID%22%2C%0A%20%20%20%20%22SETPCAP%22%2C%0A%20%20%20%20%22NET_BIND_SERVICE%22%2C%0A%20%20%20%20%22SYS_CHROOT%22%2C%0A%20%20%20%20%22KILL%22%2C%0A%5D%0Ahooks_dir%20%3D%20%5B%0A%20%20%20%20%22%2Fetc%2Fcontainers%2Foci%2Fhooks.d%22%2C%0A%5D%0Amanage_ns_lifecycle%20%3D%20true%0A%0A%5Bcrio.image%5D%0Aglobal_auth_file%20%3D%20%22%2Fvar%2Flib%2Fkubelet%2Fconfig.json%22%0Apause_image%20%3D%20%22quay.io%2Fopenshift-release-dev%2Focp-v4.0-art-dev%40sha256%3Acc0eb0534a361cffb7c392bf889ef061fc5390a7b21f6c92710f7a53ac4edd85%22%0Apause_image_auth_file%20%3D%20%22%2Fvar%2Flib%2Fkubelet%2Fconfig.json%22%0Apause_command%20%3D%20%22%2Fusr%2Fbin%2Fpod%22%0A%0A%5Bcrio.network%5D%0Anetwork_dir%20%3D%20%22%2Fetc%2Fkubernetes%2Fcni%2Fnet.d%2F%22%0Aplugin_dirs%20%3D%20%5B%0A%20%20%20%20%22%2Fvar%2Flib%2Fcni%2Fbin%22%2C%0A%20%20%20%20%22%2Fusr%2Flibexec%2Fcni%22%2C%0A%5D%0A%0A%5Bcrio.metrics%5D%0Aenable_metrics%20%3D%20true%0Ametrics_port%20%3D%209537%0A
filesystem: root
mode: 420
path: /etc/crio/crio.conf.d/00-default
- contents:
source: data:,%7B%0A%20%20%20%20%22default%22%3A%20%5B%0A%20%20%20%20%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20%22type%22%3A%20%22insecureAcceptAnything%22%0A%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%5D%2C%0A%20%20%20%20%22transports%22%3A%0A%20%20%20%20%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20%22docker-daemon%22%3A%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%22%22%3A%20%5B%7B%22type%22%3A%22insecureAcceptAnything%22%7D%5D%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%20%20%7D%0A%7D
filesystem: root
mode: 420
path: /etc/containers/policy.json
- contents:
source: data:,
filesystem: root
mode: 420
path: /etc/kubernetes/cloud.conf
- contents:
source: data:,kind%3A%20KubeletConfiguration%0AapiVersion%3A%20kubelet.config.k8s.io%2Fv1beta1%0Aauthentication%3A%0A%20%20x509%3A%0A%20%20%20%20clientCAFile%3A%20%2Fetc%2Fkubernetes%2Fkubelet-ca.crt%0A%20%20anonymous%3A%0A%20%20%20%20enabled%3A%20false%0AcgroupDriver%3A%20systemd%0AcgroupRoot%3A%20%2F%0AclusterDNS%3A%0A%20%20-%20172.30.0.10%0AclusterDomain%3A%20cluster.local%0AcontainerLogMaxSize%3A%2050Mi%0AmaxPods%3A%20250%0AkubeAPIQPS%3A%2050%0AkubeAPIBurst%3A%20100%0ArotateCertificates%3A%20true%0AserializeImagePulls%3A%20false%0AstaticPodPath%3A%20%2Fetc%2Fkubernetes%2Fmanifests%0AsystemCgroups%3A%20%2Fsystem.slice%0AsystemReserved%3A%0A%20%20cpu%3A%20500m%0A%20%20memory%3A%201Gi%0A%20%20ephemeral-storage%3A%201Gi%0AfeatureGates%3A%0A%20%20LegacyNodeRoleBehavior%3A%20false%0A%20%20NodeDisruptionExclusion%3A%20true%0A%20%20RotateKubeletServerCertificate%3A%20true%0A%20%20SCTPSupport%3A%20true%0A%20%20ServiceNodeExclusion%3A%20true%0A%20%20SupportPodPidsLimit%3A%20true%0AserverTLSBootstrap%3A%20true%0A
filesystem: root
mode: 420
path: /etc/kubernetes/kubelet.conf
systemd:
units:
- dropins:
- contents: |
[Unit]
Description=MCO environment configuration
name: 10-mco-default-env.conf
name: crio.service
- dropins:
- contents: |
[Unit]
Description=MCO environment configuration
name: 10-mco-default-env.conf
name: kubelet.service
- dropins:
- contents: |
[Unit]
Description=MCO environment configuration
name: 10-mco-default-env.conf
name: machine-config-daemon-host.service
- dropins:
- contents: |
[Unit]
Description=MCO environment configuration
name: 10-mco-default-env.conf
name: pivot.service
- contents: |
[Unit]
Description=Machine Config Daemon Firstboot (4.2 bootimage)
# Make sure it runs only on OSTree booted system
ConditionPathExists=/run/ostree-booted
BindsTo=ignition-firstboot-complete.service
ConditionPathExists=/etc/ignition-machine-config-encapsulated.json
# Note the opposite of this in machine-config-daemon-firstboot
ConditionPathExists=!/sysroot/.coreos-aleph-version.json
After=ignition-firstboot-complete.service
Before=kubelet.service
[Service]
# Need oneshot to delay kubelet
Type=oneshot
ExecStart=/usr/libexec/machine-config-daemon pivot
[Install]
WantedBy=multi-user.target
enabled: true
name: machine-config-daemon-firstboot-v42.service
- contents: |
[Unit]
Description=Machine Config Daemon Firstboot
# Make sure it runs only on OSTree booted system
ConditionPathExists=/run/ostree-booted
# Removal of this file signals firstboot completion
ConditionPathExists=/etc/ignition-machine-config-encapsulated.json
# We only want to run on 4.3 clusters and above; this came from
# https://github.com/coreos/coreos-assembler/pull/768
ConditionPathExists=/sysroot/.coreos-aleph-version.json
After=ignition-firstboot-complete.service
Before=crio.service crio-wipe.service
Before=kubelet.service
[Service]
# Need oneshot to delay kubelet
Type=oneshot
ExecStart=/usr/libexec/machine-config-daemon firstboot-complete-machineconfig
[Install]
WantedBy=multi-user.target
RequiredBy=crio.service kubelet.service
enabled: true
name: machine-config-daemon-firstboot.service
- contents: |
[Unit]
Description=Machine Config Daemon Initial
# This only applies to ostree (MCD) systems;
# see also https://github.com/openshift/machine-config-operator/issues/1046
ConditionPathExists=/run/ostree-booted
ConditionPathExists=/etc/pivot/image-pullspec
# If pivot exists, defer to it. Note similar code in update.go
ConditionPathExists=!/usr/lib/systemd/system/pivot.service
After=ignition-firstboot-complete.service
Before=kubelet.service
[Service]
# Need oneshot to delay kubelet
Type=oneshot
# TODO add --from-etc-pullspec after ratcheting
ExecStart=/usr/libexec/machine-config-daemon pivot
[Install]
WantedBy=multi-user.target
enabled: false
name: machine-config-daemon-host.service
- contents: |
[Unit]
Description=Ensure the node hostname is valid for the cluster
Before=network-online.target
[Service]
Type=oneshot
RemainAfterExit=yes
User=root
# SystemD prevents direct execution of the script in /usr/local/sbin,
# so it is sourced. See the script for functionality.
ExecStart=/bin/bash -c "source /usr/local/sbin/set-valid-hostname.sh; wait_localhost; set_valid_hostname `hostname`"
# Wait up to 5min for the node to get a real hostname.
TimeoutSec=300
[Install]
WantedBy=multi-user.target
# Ensure that network-online.target will not complete until the node has a real hostname.
RequiredBy=network-online.target
enabled: true
name: node-valid-hostname.service
- contents: |
[Unit]
Description=Kubernetes Kubelet
Wants=rpc-statd.service network-online.target crio.service
After=network-online.target crio.service
[Service]
Type=notify
ExecStartPre=/bin/mkdir --parents /etc/kubernetes/manifests
ExecStartPre=/bin/rm -f /var/lib/kubelet/cpu_manager_state
Environment="KUBELET_LOG_LEVEL=4"
EnvironmentFile=/etc/os-release
EnvironmentFile=-/etc/kubernetes/kubelet-workaround
EnvironmentFile=-/etc/kubernetes/kubelet-env
ExecStart=/usr/bin/hyperkube \
kubelet \
--config=/etc/kubernetes/kubelet.conf \
--bootstrap-kubeconfig=/etc/kubernetes/kubeconfig \
--kubeconfig=/var/lib/kubelet/kubeconfig \
--container-runtime=remote \
--container-runtime-endpoint=/var/run/crio/crio.sock \
--runtime-cgroups=/system.slice/crio.service \
--node-labels=node-role.kubernetes.io/worker,node.openshift.io/os_id=${ID} \
--minimum-container-ttl-duration=6m0s \
--volume-plugin-dir=/etc/kubernetes/kubelet-plugins/volume/exec \
--cloud-provider=aws \
\
--pod-infra-container-image=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:cc0eb0534a361cffb7c392bf889ef061fc5390a7b21f6c92710f7a53ac4edd85 \
--v=${KUBELET_LOG_LEVEL}
Restart=always
RestartSec=10
[Install]
WantedBy=multi-user.target
enabled: true
name: kubelet.service
fips: false
kernelArguments: []
kernelType: default
osImageURL: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e59e8b5f129fbe69932a0b0edab4c501a61eeaa4aac83e1b22d86c9d296b587e
$ oc adm upgrade --to-image=registry.svc.ci.openshift.org/ocp/release:4.6.0-0.nightly-2020-09-24-074159 --force
Updating to release image registry.svc.ci.openshift.org/ocp/release:4.6.0-0.nightly-2020-09-24-074159
$ oc get clusterversion
NAME VERSION AVAILABLE PROGRESSING SINCE STATUS
version 4.5.12 True True 16s Working towards registry.svc.ci.openshift.org/ocp/release:4.6.0-0.nightly-2020-09-24-074159: downloading update
$ watch oc get clusterversion
$ oc get clusterversion
NAME VERSION AVAILABLE PROGRESSING SINCE STATUS
version 4.6.0-0.nightly-2020-09-24-074159 True False 4m47s Cluster version is 4.6.0-0.nightly-2020-09-24-074159
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:4196 |