Bug 2061952

Summary: [4.10.z] Ignition fails to enable systemd units with backslash-escaped characters in their names
Product: OpenShift Container Platform Reporter: Micah Abbott <miabbott>
Component: RHCOSAssignee: Benjamin Gilbert <bgilbert>
Status: CLOSED ERRATA QA Contact: Michael Nguyen <mnguyen>
Severity: medium Docs Contact:
Priority: low    
Version: 4.10CC: achernet, agurenko, bgilbert, dornelas, dustymabe, jligon, miabbott, mko, mnguyen, mrussell, nshidlin, nstielau, yshnaidm
Target Milestone: ---   
Target Release: 4.10.z   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 2040195 Environment:
Last Closed: 2022-03-16 11:12:06 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1952686, 2040195, 2042439    
Bug Blocks:    

Description Micah Abbott 2022-03-08 19:02:57 UTC 
+++ This bug was initially created as a clone of Bug #2040195 +++

As the Assisted Installer Team, when testing RHCOS 410.84.202201102308-0 we are observing the following behaviour of a systemd mount unit

* `"enabled":true` in the ignition
* `disabled` and `inactive` in the booted OS

The unit definition itself seems to be correct, as manually starting it via `systemctl start` does not throw any errors and makes the mount to appear correctly.

The part of ignition defining the unit

```
{"units":[{"contents":"\n[Unit]\nAfter=systemd-tmpfiles-setup.service\n[Mount]\nWhere=/etc/NetworkManager/system-connections-merged\nWhat=overlay\nType=overlay\nOptions=lowerdir=/etc/NetworkManager/system-connections,upperdir=/run/nm-system-connections,workdir=/run/nm-system-connections-work\n[Install]\nWantedBy=multi-user.target\n","enabled":true,"name":"etc-NetworkManager-system\\x2dconnections\\x2dmerged.mount"}]}
```

and respective systemd unit inside the OS

```
[root@extraworker-0 NetworkManager]# systemctl status etc-NetworkManager-system\\x2dconnections\\x2dmerged.mount 
● etc-NetworkManager-system\x2dconnections\x2dmerged.mount - /etc/NetworkManager/system-connections-merged
   Loaded: loaded (/etc/systemd/system/etc-NetworkManager-system\x2dconnections\x2dmerged.mount; disabled; vendor preset: disabled)
   Active: inactive (dead)
    Where: /etc/NetworkManager/system-connections-merged
     What: overlay
```

From the journal it can be seen that the unit was parsed and allegedly enabled

```
[root@extraworker-0 NetworkManager]# journalctl  | grep merged | grep -i network
Jan 12 13:45:55 localhost ignition[1049]: INFO     : files: op(7e): [started]  processing unit "etc-NetworkManager-system\\x2dconnections\\x2dmerged.mount"
Jan 12 13:45:55 localhost ignition[1049]: INFO     : files: op(7e): op(7f): [started]  writing unit "etc-NetworkManager-system\\x2dconnections\\x2dmerged.mount" at "/sysroot/etc/systemd/system/etc-NetworkManager-system\\x2dconnections\\x2dmerged.mount"
Jan 12 13:45:55 localhost ignition[1049]: INFO     : files: op(7e): op(7f): [finished] writing unit "etc-NetworkManager-system\\x2dconnections\\x2dmerged.mount" at "/sysroot/etc/systemd/system/etc-NetworkManager-system\\x2dconnections\\x2dmerged.mount"
Jan 12 13:45:55 localhost ignition[1049]: INFO     : files: op(7e): [finished] processing unit "etc-NetworkManager-system\\x2dconnections\\x2dmerged.mount"
Jan 12 13:45:55 localhost ignition[1049]: INFO     : files: op(a3): [started]  setting preset to enabled for "etc-NetworkManager-system\\x2dconnections\\x2dmerged.mount"
Jan 12 13:45:55 localhost ignition[1049]: INFO     : files: op(a3): [finished] setting preset to enabled for "etc-NetworkManager-system\\x2dconnections\\x2dmerged.mount"
Jan 12 13:45:56 extraworker-0 ignition[1049]: INFO     : files: op(7e): [started]  processing unit "etc-NetworkManager-system\\x2dconnections\\x2dmerged.mount"
Jan 12 13:45:56 extraworker-0 ignition[1049]: INFO     : files: op(7e): op(7f): [started]  writing unit "etc-NetworkManager-system\\x2dconnections\\x2dmerged.mount" at "/sysroot/etc/systemd/system/etc-NetworkManager-system\\x2dconnections\\x2dmerged.mount"
Jan 12 13:45:56 extraworker-0 ignition[1049]: INFO     : files: op(7e): op(7f): [finished] writing unit "etc-NetworkManager-system\\x2dconnections\\x2dmerged.mount" at "/sysroot/etc/systemd/system/etc-NetworkManager-system\\x2dconnections\\x2dmerged.mount"
Jan 12 13:45:56 extraworker-0 ignition[1049]: INFO     : files: op(7e): [finished] processing unit "etc-NetworkManager-system\\x2dconnections\\x2dmerged.mount"
Jan 12 13:45:56 extraworker-0 ignition[1049]: INFO     : files: op(a3): [started]  setting preset to enabled for "etc-NetworkManager-system\\x2dconnections\\x2dmerged.mount"
Jan 12 13:45:56 extraworker-0 ignition[1049]: INFO     : files: op(a3): [finished] setting preset to enabled for "etc-NetworkManager-system\\x2dconnections\\x2dmerged.mount"
```

--- Additional comment from Mat Kowalski on 2022-01-13 08:55:22 UTC ---

Ignition file - http://pastebin.test.redhat.com/1021061
Slack thread in #forum-coreos - https://coreos.slack.com/archives/C999USB0D/p1642002024148700

--- Additional comment from Benjamin Gilbert on 2022-01-13 20:22:42 UTC ---

Complete repro:

{
  "ignition": {
    "version": "3.3.0"
  },
  "storage": {
    "directories": [
      {
        "path": "/etc/NetworkManager/system-connections-merged"
      }
    ]
  },
  "systemd": {
    "units": [
      {
        "contents": "[Mount]\nWhere=/etc/NetworkManager/system-connections-merged\nWhat=tmpfs\nType=tmpfs\n[Install]\nWantedBy=multi-user.target\n",
        "enabled": true,
        "name": "etc-NetworkManager-system\\x2dconnections\\x2dmerged.mount"
      }
    ]
  },
  "passwd": {
    "users": [
      {
        "name": "core",
        "sshAuthorizedKeys": [
          "ssh-rsa ..."
        ]
      }
    ]
  }
}

--- Additional comment from Benjamin Gilbert on 2022-01-13 20:31:15 UTC ---

systemd in RHEL 8.4 does not correctly parse singly-escaped unit names in preset files, which are used by Ignition for unit enablement.  This is fixed in RHEL 8.5, and backport to 8.4 was requested in https://bugzilla.redhat.com/show_bug.cgi?id=1952686#c9.

As a workaround, you could rename the mountpoint (and thus the mount unit) to something that doesn't include dashes.

--- Additional comment from Mat Kowalski on 2022-01-14 09:27:43 UTC ---

Thanks a lot! Given that we have implemented a solution not depending on this mountpoint, this has no urgency for our team any more. Feel free to close it as a duplicate of https://bugzilla.redhat.com/show_bug.cgi?id=1952686 or any other way you handle it internally

--- Additional comment from Benjamin Gilbert on 2022-01-14 17:00:25 UTC ---

Great.  Will leave this open as a tracking bug for now.

--- Additional comment from Micah Abbott on 2022-01-20 14:26:48 UTC ---

Updating the DependsOn to point to the 8.4.z backport BZ#2042439

--- Additional comment from Micah Abbott on 2022-03-08 19:02:08 UTC ---

Need to target this as 4.11, so we can track the 8.4.z fix in RHCOS 4.10.z appropriately

I've updated the Depends On field to point to the 8.5 version of the BZ, to indicate that RHCOS 4.11 should have the fix already included when it moves to RHEL 8.6
Comment 1 Micah Abbott 2022-03-08 19:04:45 UTC 
The fixed version of `systemd` (systemd-239-45.el8_4.8) was released as part of https://access.redhat.com/errata/RHBA-2022:0776

This version was included in RHCOS 410.84.202203081640-0 and will part of a future OCP 4.10.z release payload
Comment 4 Michael Nguyen 2022-03-12 03:35:13 UTC 
Verified on 4.10.0-0.nightly-2022-03-09-162729 which is running RHCOS  410.84.202203081640-0.  systemd included is 410.84.202203081640-0 

$ oc get clusterversion
NAME      VERSION                              AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.10.0-0.nightly-2022-03-09-162729   True        False         7m46s   Cluster version is 4.10.0-0.nightly-2022-03-09-162729
$ oc get nodes
NAME                                       STATUS   ROLES    AGE   VERSION
ci-ln-4m52ftt-72292-n7t7l-master-0         Ready    master   28m   v1.23.3+e419edf
ci-ln-4m52ftt-72292-n7t7l-master-1         Ready    master   28m   v1.23.3+e419edf
ci-ln-4m52ftt-72292-n7t7l-master-2         Ready    master   28m   v1.23.3+e419edf
ci-ln-4m52ftt-72292-n7t7l-worker-a-mg2qm   Ready    worker   19m   v1.23.3+e419edf
ci-ln-4m52ftt-72292-n7t7l-worker-b-x6nhg   Ready    worker   19m   v1.23.3+e419edf
ci-ln-4m52ftt-72292-n7t7l-worker-c-f5t76   Ready    worker   17m   v1.23.3+e419edf
$ oc debug node/ci-ln-4m52ftt-72292-n7t7l-worker-a-mg2qm
Starting pod/ci-ln-4m52ftt-72292-n7t7l-worker-a-mg2qm-debug ...
To use host binaries, run `chroot /host`
If you don't see a command prompt, try pressing enter.
sh-4.2# chroot /host
sh-4.4# rpm-ostree status
State: idle
Deployments:
* pivot://quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:efa1196e49f37fb21576c13f0db51a1b4ad8e1597b45a8e4d15f8812b9d1a624
              CustomOrigin: Managed by machine-config-operator
                   Version: 410.84.202203081640-0 (2022-03-08T16:44:07Z)

  ostree://b1529f891c792557fd28e040870ab4b8220e65c5416427032701d21147815293
                   Version: 410.84.202201251210-0 (2022-01-25T12:13:24Z)
sh-4.4# rpm -q systemd
systemd-239-45.el8_4.8.x86_64
sh-4.4# exit
exit
sh-4.2# exit
exit

Removing debug pod ...
Comment 6 errata-xmlrpc 2022-03-16 11:12:06 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.10.4 bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:0811