Bug 1877448 - Allow installing OS extensions on FCOS
Summary: Allow installing OS extensions on FCOS
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Machine Config Operator
Version: 4.6
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: ---
: 4.6.0
Assignee: Antonio Murdaca
QA Contact: Micah Abbott
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-09-09 16:21 UTC by Vadim Rutkovsky
Modified: 2020-10-27 16:39 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-10-27 16:38:53 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift machine-config-operator pull 2060 0 None closed Bug 1877448: pkg/daemon/update: allow installing os-extensions on FCOS 2020-10-13 03:49:15 UTC
Red Hat Product Errata RHBA-2020:4196 0 None None None 2020-10-27 16:39:12 UTC

Description Vadim Rutkovsky 2020-09-09 16:21:44 UTC 
Currently MCO applies OS extensions on RHCOS nodes only. In OKD we'd like to allow installing any package on FCOS nodes too
Comment 4 Micah Abbott 2020-10-01 15:45:22 UTC 
Verified with 4.6.0-0.okd-2020-10-01-092556

```
$ oc get clusterversion                                                                                                                                                                                                                                           
NAME      VERSION                         AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.6.0-0.okd-2020-10-01-092556   True        False         117s    Cluster version is 4.6.0-0.okd-2020-10-01-092556

$ oc get nodes                                                                                     
NAME                                         STATUS   ROLES    AGE   VERSION                                                                                   
ip-10-0-137-226.us-east-2.compute.internal   Ready    master   29m   v1.19.0-rc.2+beb741b-1062                  
ip-10-0-150-113.us-east-2.compute.internal   Ready    worker   12m   v1.19.0-rc.2+beb741b-1062                  
ip-10-0-174-33.us-east-2.compute.internal    Ready    master   29m   v1.19.0-rc.2+beb741b-1062                  
ip-10-0-185-82.us-east-2.compute.internal    Ready    worker   16m   v1.19.0-rc.2+beb741b-1062                  
ip-10-0-198-181.us-east-2.compute.internal   Ready    worker   15m   v1.19.0-rc.2+beb741b-1062
ip-10-0-230-16.us-east-2.compute.internal    Ready    master   33m   v1.19.0-rc.2+beb741b-1062

$ cat machineConfigs/extensions.yaml                                                                
apiVersion: machineconfiguration.openshift.io/v1              
kind: MachineConfig                             
metadata:                                                                                                                                                      
  labels:
    machineconfiguration.openshift.io/role: worker                                                                                                             
  name: 90-worker-extensions                                  
spec:                                           
  config:                                                                                                                                                      
    ignition:
      version: 3.1.0
  extensions:
    - usbguard

$ oc apply -f machineConfigs/extensions.yaml                                                        
machineconfig.machineconfiguration.openshift.io/90-worker-extensions created

$ oc get mc
NAME                                               GENERATEDBYCONTROLLER                      IGNITIONVERSION   AGE
00-master                                          522f0fa36cc7b952c6e98e120c58c66e6d795544   3.1.0             34m
00-worker                                          522f0fa36cc7b952c6e98e120c58c66e6d795544   3.1.0             34m
01-master-container-runtime                        522f0fa36cc7b952c6e98e120c58c66e6d795544   3.1.0             34m
01-master-kubelet                                  522f0fa36cc7b952c6e98e120c58c66e6d795544   3.1.0             34m
01-worker-container-runtime                        522f0fa36cc7b952c6e98e120c58c66e6d795544   3.1.0             34m
01-worker-kubelet                                  522f0fa36cc7b952c6e98e120c58c66e6d795544   3.1.0             34m
90-worker-extensions                                                                          3.1.0             8m15s
99-master-disable-mitigations                                                                 3.1.0             47m
99-master-generated-registries                     522f0fa36cc7b952c6e98e120c58c66e6d795544   3.1.0             34m
99-master-okd-extensions                                                                      3.1.0             47m
99-master-ssh                                                                                 3.1.0             47m
99-worker-disable-mitigations                                                                 3.1.0             47m
99-worker-generated-registries                     522f0fa36cc7b952c6e98e120c58c66e6d795544   3.1.0             34m
99-worker-okd-extensions                                                                      3.1.0             47m
99-worker-ssh                                                                                 3.1.0             47m
rendered-master-3d2cf2e9d7e5f1e69fbdf0fadf7bc6a6   522f0fa36cc7b952c6e98e120c58c66e6d795544   3.1.0             34m
rendered-worker-4b584955d33a070f05fd74d9c17cff5e   522f0fa36cc7b952c6e98e120c58c66e6d795544   3.1.0             8m10s
rendered-worker-d96c08402d7c5f492bb4563475b73c7d   522f0fa36cc7b952c6e98e120c58c66e6d795544   3.1.0             34m

$ oc debug node/ip-10-0-198-181.us-east-2.compute.internal
Starting pod/ip-10-0-198-181us-east-2computeinternal-debug ...
To use host binaries, run `chroot /host`
Pod IP: 10.0.198.181
If you don't see a command prompt, try pressing enter.
sh-4.4# chroot /host
sh-5.0# rpm-ostree status
State: idle
Deployments:
* pivot://registry.svc.ci.openshift.org/origin/4.6-2020-10-01-092556@sha256:10362d0ff3bfcfdc8dbe20a5b5e084551a78236e0ddcf9444333d4bdacad809a
              CustomOrigin: Managed by machine-config-operator
                 Timestamp: 2020-09-30T05:20:01Z
           LayeredPackages: NetworkManager-ovs glusterfs glusterfs-fuse open-vm-tools usbguard

  pivot://registry.svc.ci.openshift.org/origin/4.6-2020-10-01-092556@sha256:10362d0ff3bfcfdc8dbe20a5b5e084551a78236e0ddcf9444333d4bdacad809a
              CustomOrigin: Managed by machine-config-operator
                 Timestamp: 2020-09-30T05:20:01Z
           LayeredPackages: NetworkManager-ovs glusterfs glusterfs-fuse open-vm-tools
sh-5.0# exit
exit
sh-4.4# exit
exit

Removing debug pod ...
```
Comment 6 errata-xmlrpc 2020-10-27 16:38:53 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4196
Note You need to log in before you can comment on or make changes to this bug.