Bug 1889694
Summary: | usbguard fails to install as RHCOS extension due to missing libprotobuf.so.15 | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Sinny Kumari <skumari> |
Component: | RHCOS | Assignee: | Jonathan Lebon <jlebon> |
Status: | CLOSED ERRATA | QA Contact: | Michael Nguyen <mnguyen> |
Severity: | high | Docs Contact: | |
Priority: | medium | ||
Version: | 4.7 | CC: | bbreard, imcleod, jlebon, jligon, miabbott, nstielau, smilner |
Target Milestone: | --- | ||
Target Release: | 4.7.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | No Doc Update | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2021-02-24 15:26:59 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Sinny Kumari
2020-10-20 11:46:45 UTC
Setting priority to high since this blocks MCO PR getting merged The proper fix for this is https://github.com/coreos/rpm-ostree/issues/2055. For now, I'll just add the missing RPMs to https://github.com/openshift/os/blob/master/scripts/download-extensions. Though we really should also have a basic test to confirm that extensions overlay cleanly. Targeting 4.7 since this was found in the 4.7 images. Sinny: Are you seeing this in previous builds as well? Not sure, there is no e2e-gcp-op test run in ci since 17 October for 4.6 branch. I will check this on a local cluster and update here. don't see this issue in 4.6, tested with latest nightly 4.6.0-0.nightly-2020-10-20-101225 The proper version of protobuf landed in 47.82.202010201950-0 and that version of RHCOS was promoted into a nightly 4.7 payload. Verified on 4.7.0-0.nightly-2020-10-26-124513. usbguard installs successfully.
$ oc get clusterversion
NAME VERSION AVAILABLE PROGRESSING SINCE STATUS
version 4.7.0-0.nightly-2020-10-26-124513 True False 5h23m Cluster version is 4.7.0-0.nightly-2020-10-26-124513
$ oc get nodes
NAME STATUS ROLES AGE VERSION
ip-10-0-136-111.us-west-2.compute.internal Ready worker 5h37m v1.19.0+e67f5dc
ip-10-0-138-139.us-west-2.compute.internal Ready master 5h43m v1.19.0+e67f5dc
ip-10-0-166-15.us-west-2.compute.internal Ready worker 5h37m v1.19.0+e67f5dc
ip-10-0-187-209.us-west-2.compute.internal Ready master 5h43m v1.19.0+e67f5dc
ip-10-0-218-114.us-west-2.compute.internal Ready worker 5h32m v1.19.0+e67f5dc
ip-10-0-219-131.us-west-2.compute.internal Ready master 5h44m v1.19.0+e67f5dc
$ oc debug node/ip-10-0-218-114.us-west-2.compute.internal -- chroot /host rpm-ostree status
Starting pod/ip-10-0-218-114us-west-2computeinternal-debug ...
To use host binaries, run `chroot /host`
State: idle
Deployments:
* pivot://quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:3dc9cdce1901a5f5ca6cbab5e435c48d924eb813a01f5c48e49dd91c1d2e340c
CustomOrigin: Managed by machine-config-operator
Version: 47.82.202010241242-0 (2020-10-24T12:46:24Z)
ostree://6dff002defa66e3f9f53b57da7dc3eef37db39762655c00c13b977d72516649c
Version: 47.82.202010211043-0 (2020-10-21T10:47:13Z)
Removing debug pod ...
$ oc debug node/ip-10-0-218-114.us-west-2.compute.internal -- chroot /host rpm -q protobuf
Starting pod/ip-10-0-218-114us-west-2computeinternal-debug ...
To use host binaries, run `chroot /host`
package protobuf is not installed
Removing debug pod ...
$ cat << EOF > 80-extensions.yaml
> apiVersion: machineconfiguration.openshift.io/v1
> kind: MachineConfig
> metadata:
> labels:
> machineconfiguration.openshift.io/role: worker
> name: 80-worker-extensions
> spec:
> config:
> ignition:
> version: 3.1.0
> extensions:
> - usbguard
> EOF
$ oc create -f 80-extensions.yaml
machineconfig.machineconfiguration.openshift.io/80-worker-extensions created
$ oc get machineconfig 80-worker-extensions
NAME GENERATEDBYCONTROLLER IGNITIONVERSION AGE
80-worker-extensions 3.1.0 15s
$ oc get mcp
NAME CONFIG UPDATED UPDATING DEGRADED MACHINECOUNT READYMACHINECOUNT UPDATEDMACHINECOUNT DEGRADEDMACHINECOUNT AGE
master rendered-master-107f3aa4ffa04a053e0b320fe1d89688 True False False 3 3 3 0 5h49m
worker rendered-worker-c4d33fa1d6014ab23f18932769e390c2 False True False 3 0 0 0 5h49m
$ watch oc get mcp
$ oc debug node/ip-10-0-218-114.us-west-2.compute.internal -- chroot /host rpm -q usbguard
Starting pod/ip-10-0-218-114us-west-2computeinternal-debug ...
To use host binaries, run `chroot /host`
usbguard-0.7.4-4.el8.x86_64
Removing debug pod ...
(Marking as No Doc Update because this was a transient thing that happened during 4.7 development which never leaked out IIRC.) Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:5633 |