Description of problem:
When applying a ctrcfg to an mcp, the node goes into "NotReady" state. This happens because the crio.conf generated after the crd application populates the config fields to it's empty value (0 for int, "" for string etc).
Version-Release number of selected component (if applicable):
CRI-O 1.17 and 1.16
How reproducible: 100% of the time
Steps to Reproduce:
1. Create a "Ctrcfg"
2. Wait for it to roll out onto the nodes
Node goes into "NotReady" state
Roll out should be successful and node should be in "Ready" state.
This change was introduced by https://github.com/openshift/machine-config-operator/commit/69025e8e8c82ed6d188eb0e409e8148da09ac3b2, we are working on reverting this and adding e2e tests for it.
verified with 4.4.0-0.nightly-2020-02-10-165717
1. oc edit machineconfigpool worker
custom-crio: high-pid-limit <-- add this line
2. create a config yaml
custom-crio: high-pid-limit ### <-- this must match the label created in step #1
3. oc create -f config.yaml
4. wait until all worker nodes come up
pruan@fedora-vm ~/workspace/testcases/1794493 $ oc get nodes
NAME STATUS ROLES AGE VERSION
ip-10-0-137-163.us-west-1.compute.internal Ready worker 25h v1.17.1
ip-10-0-138-58.us-west-1.compute.internal Ready master 25h v1.17.1
ip-10-0-139-15.us-west-1.compute.internal Ready worker 25h v1.17.1
ip-10-0-143-23.us-west-1.compute.internal Ready master 25h v1.17.1
ip-10-0-150-105.us-west-1.compute.internal Ready,SchedulingDisabled worker 25h v1.17.1
ip-10-0-159-232.us-west-1.compute.internal Ready master 25h v1.17.1
5. verify the limits defined in the config.yaml is applied to the nodes.
pruan@fedora-vm ~/workspace/testcases/1794493 $ oc debug node/ip-10-0-137-163.us-west-1.compute.internal
Starting pod/ip-10-0-137-163us-west-1computeinternal-debug ...
To use host binaries, run `chroot /host`
Pod IP: 10.0.137.163
If you don't see a command prompt, try pressing enter.
sh-4.2# chroot /host
sh-4.4# cat /etc/crio/crio.conf | grep limit
pids_limit = 2048
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.