Description of problem: The upgrade from 4.5->4.6 fails if there are multiple MCs with a passwd section attempting to add sshkeys. This is because in spec 2, we simply merged the entire passwd section causing there to be duplicate entries for users. In spec 3 this is not allowed, so upon upgrading from 4.5->4.6 the new MCD fails when it tries to reconcile the changes, degrading the cluster and blocking the upgrade. Reproducibility: 100% (create a new MC with a passwd section adding a sshkey, before upgrading to 4.6) Fix: apply a de-duplication, like we do for files and units.
Verified on 4.6.0-0.nightly-2020-09-24-074159 $ oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.5.12 True False 10m Cluster version is 4.5.12 $ cat ssh.yaml apiVersion: machineconfiguration.openshift.io/v1 kind: MachineConfig metadata: labels: machineconfiguration.openshift.io/role: worker name: 99-worker-ssh-new-keys spec: config: ignition: version: 2.2.0 passwd: users: - name: core sshAuthorizedKeys: - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0IH07pnGYTIHMm9+Ps3EmIYQxlGT1A6Ph778C7WJII8DGWHNi6LTm6N4IYm8DRNxLMUCenJQXuVAWkrWD6i6TQ2KZP/YF2H3E5Vp9QGaSbCqH5SyzUd6iBtFDp7HvGjIeBaZHmmoEEoHS9pbLaB7mR+FyfIi9Jzy2OBc7x1wWTzAGb2yWL6+mXv9+OOAuBQ1LY6gtQXGfytm3FPe/bqpIgOoez5qdyBn6UZHXIjpurXWh/4SCGbWNqFitgq3bee1g9na0JhQhVL0WGxcqSGdX5G36K32tdH0SstjCMGIAzmXa8dhsJcKQI6GqGBwSovbbalYmLOTsvhtskXGExqVB mnguyen - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMfELk/C9nhNugH+SlddUNCmBUbYrJg0p97/qOPh3kRI mnguyen $ oc create -f ssh.yaml machineconfig.machineconfiguration.openshift.io/99-worker-ssh-new-keys created $ oc get mc NAME GENERATEDBYCONTROLLER IGNITIONVERSION AGE 00-master 08aad1925d6e29266390ecb6f4e6730d60e44aaf 2.2.0 32m 00-worker 08aad1925d6e29266390ecb6f4e6730d60e44aaf 2.2.0 32m 01-master-container-runtime 08aad1925d6e29266390ecb6f4e6730d60e44aaf 2.2.0 32m 01-master-kubelet 08aad1925d6e29266390ecb6f4e6730d60e44aaf 2.2.0 32m 01-worker-container-runtime 08aad1925d6e29266390ecb6f4e6730d60e44aaf 2.2.0 32m 01-worker-kubelet 08aad1925d6e29266390ecb6f4e6730d60e44aaf 2.2.0 32m 99-master-c6e5564d-4939-438c-8d11-d85c0f358ba2-registries 08aad1925d6e29266390ecb6f4e6730d60e44aaf 2.2.0 32m 99-master-ssh 2.2.0 38m 99-worker-1e97ff1e-2c1f-40b9-aad2-3b34e0aad42a-registries 08aad1925d6e29266390ecb6f4e6730d60e44aaf 2.2.0 32m 99-worker-ssh 2.2.0 38m 99-worker-ssh-new-keys 2.2.0 7s rendered-master-0712deb798e2b9124b4718493c4d023b 08aad1925d6e29266390ecb6f4e6730d60e44aaf 2.2.0 32m rendered-worker-e3da71ca8b038343750215cb64b1f6de 08aad1925d6e29266390ecb6f4e6730d60e44aaf 2.2.0 2s rendered-worker-e56ae1a39cd3cd3347148f23851dc4c2 08aad1925d6e29266390ecb6f4e6730d60e44aaf 2.2.0 32m $ oc get mcp NAME CONFIG UPDATED UPDATING DEGRADED MACHINECOUNT READYMACHINECOUNT UPDATEDMACHINECOUNT DEGRADEDMACHINECOUNT AGE master rendered-master-0712deb798e2b9124b4718493c4d023b True False False 3 3 3 0 32m worker rendered-worker-e56ae1a39cd3cd3347148f23851dc4c2 False True False 3 0 0 0 32m $ watch oc get mcp $ oc get node NAME STATUS ROLES AGE VERSION ip-10-0-137-150.us-west-2.compute.internal Ready master 91m v1.18.3+47c0e71 ip-10-0-141-169.us-west-2.compute.internal Ready worker 77m v1.18.3+47c0e71 ip-10-0-169-181.us-west-2.compute.internal Ready master 95m v1.18.3+47c0e71 ip-10-0-173-230.us-west-2.compute.internal Ready worker 79m v1.18.3+47c0e71 ip-10-0-211-59.us-west-2.compute.internal Ready worker 79m v1.18.3+47c0e71 ip-10-0-217-147.us-west-2.compute.internal Ready master 91m v1.18.3+47c0e71 $ oc debug node/ip-10-0-211-59.us-west-2.compute.internal Starting pod/ip-10-0-211-59us-west-2computeinternal-debug ... To use host binaries, run `chroot /host` If you don't see a command prompt, try pressing enter. sh-4.2# chroot /host sh-4.4# cat /home/core/.ssh/* ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCbXCby9r69mn+lGn7/mjZRkr+ShGWmVcXT4pbwA8IJBkjJg/EtXFuL1VjP5QbbWvjakQ1ZpMEYkL4V1Gm1etzkoDuMV+VhvvL8uW59XezLH1My9RQ5vtXY7GpB3t4qbTX2AQ5abAlTAoRgOxr5mKT62m3uUpU6HBWkcqwhNGRNPQOhUBybbpxMyakJ/TyS5F7GOajsCWdhx3ErldXrtUgbArPwR16Nh0lA3jO81QJnKzbkcaVlCNd8A3to0Dx1g5cel2HDK37Ri6xYZssh1qGN+fecc7Gf4lqvp1gGMtKMyZw8t54/cJrSeVhzi+mq8aeTIaOAwpoa8C4H80HE35wog1tsS0WALlPdNZ8IyPZRfhH3iG12X0WttB5x2hHngQaYzSWzs1TvEGwrci1Y8EFE1xXG6ArAPG5Iy79tmXlOZM/R/D1K6oVRrVB6T4fWKtHFHJExlRI6HWT+Qxye96RPWxEdKEhWzOLRrBiWPSXYCtT4SCbBirP4C/htnDNcMGlT/HIETVf0R+ixjnsqeYYQn15cXvWSSDQ4LTnW9vBrDLsWVFV8hJ4outZ67Ztf/tBuGKfUFzLkTCFhWJER1bbH7Zhxn5xCplI4REr2+PKnhRaPCrz6W2TRO94pACkJG3M4eP3OyCbVfC1N1c0+MPwwJ0R7TAllli94t5jQthu8xw== ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0IH07pnGYTIHMm9+Ps3EmIYQxlGT1A6Ph778C7WJII8DGWHNi6LTm6N4IYm8DRNxLMUCenJQXuVAWkrWD6i6TQ2KZP/YF2H3E5Vp9QGaSbCqH5SyzUd6iBtFDp7HvGjIeBaZHmmoEEoHS9pbLaB7mR+FyfIi9Jzy2OBc7x1wWTzAGb2yWL6+mXv9+OOAuBQ1LY6gtQXGfytm3FPe/bqpIgOoez5qdyBn6UZHXIjpurXWh/4SCGbWNqFitgq3bee1g9na0JhQhVL0WGxcqSGdX5G36K32tdH0SstjCMGIAzmXa8dhsJcKQI6GqGBwSovbbalYmLOTsvhtskXGExqVB mnguyen ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMfELk/C9nhNugH+SlddUNCmBUbYrJg0p97/qOPh3kRI mnguyen cat: /home/core/.ssh/authorized_keys.d: Is a directory sh-4.4# cat /home/core/.ssh/authorized_keys.d/* ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCbXCby9r69mn+lGn7/mjZRkr+ShGWmVcXT4pbwA8IJBkjJg/EtXFuL1VjP5QbbWvjakQ1ZpMEYkL4V1Gm1etzkoDuMV+VhvvL8uW59XezLH1My9RQ5vtXY7GpB3t4qbTX2AQ5abAlTAoRgOxr5mKT62m3uUpU6HBWkcqwhNGRNPQOhUBybbpxMyakJ/TyS5F7GOajsCWdhx3ErldXrtUgbArPwR16Nh0lA3jO81QJnKzbkcaVlCNd8A3to0Dx1g5cel2HDK37Ri6xYZssh1qGN+fecc7Gf4lqvp1gGMtKMyZw8t54/cJrSeVhzi+mq8aeTIaOAwpoa8C4H80HE35wog1tsS0WALlPdNZ8IyPZRfhH3iG12X0WttB5x2hHngQaYzSWzs1TvEGwrci1Y8EFE1xXG6ArAPG5Iy79tmXlOZM/R/D1K6oVRrVB6T4fWKtHFHJExlRI6HWT+Qxye96RPWxEdKEhWzOLRrBiWPSXYCtT4SCbBirP4C/htnDNcMGlT/HIETVf0R+ixjnsqeYYQn15cXvWSSDQ4LTnW9vBrDLsWVFV8hJ4outZ67Ztf/tBuGKfUFzLkTCFhWJER1bbH7Zhxn5xCplI4REr2+PKnhRaPCrz6W2TRO94pACkJG3M4eP3OyCbVfC1N1c0+MPwwJ0R7TAllli94t5jQthu8xw== sh-4.4# exit exit sh-4.2# exit exit Removing debug pod ... $ oc get mc NAME GENERATEDBYCONTROLLER IGNITIONVERSION AGE 00-master 08aad1925d6e29266390ecb6f4e6730d60e44aaf 2.2.0 94m 00-worker 08aad1925d6e29266390ecb6f4e6730d60e44aaf 2.2.0 94m 01-master-container-runtime 08aad1925d6e29266390ecb6f4e6730d60e44aaf 2.2.0 94m 01-master-kubelet 08aad1925d6e29266390ecb6f4e6730d60e44aaf 2.2.0 94m 01-worker-container-runtime 08aad1925d6e29266390ecb6f4e6730d60e44aaf 2.2.0 94m 01-worker-kubelet 08aad1925d6e29266390ecb6f4e6730d60e44aaf 2.2.0 94m 99-master-c6e5564d-4939-438c-8d11-d85c0f358ba2-registries 08aad1925d6e29266390ecb6f4e6730d60e44aaf 2.2.0 94m 99-master-ssh 2.2.0 100m 99-worker-1e97ff1e-2c1f-40b9-aad2-3b34e0aad42a-registries 08aad1925d6e29266390ecb6f4e6730d60e44aaf 2.2.0 94m 99-worker-ssh 2.2.0 100m 99-worker-ssh-new-keys 2.2.0 62m rendered-master-0712deb798e2b9124b4718493c4d023b 08aad1925d6e29266390ecb6f4e6730d60e44aaf 2.2.0 94m rendered-worker-e3da71ca8b038343750215cb64b1f6de 08aad1925d6e29266390ecb6f4e6730d60e44aaf 2.2.0 62m rendered-worker-e56ae1a39cd3cd3347148f23851dc4c2 08aad1925d6e29266390ecb6f4e6730d60e44aaf 2.2.0 94m $ oc get mc/rendered-worker-e3da71ca8b038343750215cb64b1f6de -o yaml apiVersion: machineconfiguration.openshift.io/v1 kind: MachineConfig metadata: annotations: machineconfiguration.openshift.io/generated-by-controller-version: 08aad1925d6e29266390ecb6f4e6730d60e44aaf creationTimestamp: "2020-09-24T12:57:54Z" generation: 1 managedFields: - apiVersion: machineconfiguration.openshift.io/v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:machineconfiguration.openshift.io/generated-by-controller-version: {} f:ownerReferences: .: {} k:{"uid":"1e97ff1e-2c1f-40b9-aad2-3b34e0aad42a"}: .: {} f:apiVersion: {} f:blockOwnerDeletion: {} f:controller: {} f:kind: {} f:name: {} f:uid: {} f:spec: .: {} f:config: .: {} f:ignition: .: {} f:version: {} f:passwd: .: {} f:users: {} f:storage: .: {} f:files: {} f:systemd: .: {} f:units: {} f:fips: {} f:kernelArguments: {} f:kernelType: {} f:osImageURL: {} manager: machine-config-controller operation: Update time: "2020-09-24T12:57:54Z" name: rendered-worker-e3da71ca8b038343750215cb64b1f6de ownerReferences: - apiVersion: machineconfiguration.openshift.io/v1 blockOwnerDeletion: true controller: true kind: MachineConfigPool name: worker uid: 1e97ff1e-2c1f-40b9-aad2-3b34e0aad42a resourceVersion: "27323" selfLink: /apis/machineconfiguration.openshift.io/v1/machineconfigs/rendered-worker-e3da71ca8b038343750215cb64b1f6de uid: 7d3dbde7-8b59-4ee5-ae7a-f377f7892a68 spec: config: ignition: version: 2.2.0 passwd: users: - name: core sshAuthorizedKeys: - | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCbXCby9r69mn+lGn7/mjZRkr+ShGWmVcXT4pbwA8IJBkjJg/EtXFuL1VjP5QbbWvjakQ1ZpMEYkL4V1Gm1etzkoDuMV+VhvvL8uW59XezLH1My9RQ5vtXY7GpB3t4qbTX2AQ5abAlTAoRgOxr5mKT62m3uUpU6HBWkcqwhNGRNPQOhUBybbpxMyakJ/TyS5F7GOajsCWdhx3ErldXrtUgbArPwR16Nh0lA3jO81QJnKzbkcaVlCNd8A3to0Dx1g5cel2HDK37Ri6xYZssh1qGN+fecc7Gf4lqvp1gGMtKMyZw8t54/cJrSeVhzi+mq8aeTIaOAwpoa8C4H80HE35wog1tsS0WALlPdNZ8IyPZRfhH3iG12X0WttB5x2hHngQaYzSWzs1TvEGwrci1Y8EFE1xXG6ArAPG5Iy79tmXlOZM/R/D1K6oVRrVB6T4fWKtHFHJExlRI6HWT+Qxye96RPWxEdKEhWzOLRrBiWPSXYCtT4SCbBirP4C/htnDNcMGlT/HIETVf0R+ixjnsqeYYQn15cXvWSSDQ4LTnW9vBrDLsWVFV8hJ4outZ67Ztf/tBuGKfUFzLkTCFhWJER1bbH7Zhxn5xCplI4REr2+PKnhRaPCrz6W2TRO94pACkJG3M4eP3OyCbVfC1N1c0+MPwwJ0R7TAllli94t5jQthu8xw== - name: core sshAuthorizedKeys: - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0IH07pnGYTIHMm9+Ps3EmIYQxlGT1A6Ph778C7WJII8DGWHNi6LTm6N4IYm8DRNxLMUCenJQXuVAWkrWD6i6TQ2KZP/YF2H3E5Vp9QGaSbCqH5SyzUd6iBtFDp7HvGjIeBaZHmmoEEoHS9pbLaB7mR+FyfIi9Jzy2OBc7x1wWTzAGb2yWL6+mXv9+OOAuBQ1LY6gtQXGfytm3FPe/bqpIgOoez5qdyBn6UZHXIjpurXWh/4SCGbWNqFitgq3bee1g9na0JhQhVL0WGxcqSGdX5G36K32tdH0SstjCMGIAzmXa8dhsJcKQI6GqGBwSovbbalYmLOTsvhtskXGExqVB mnguyen - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMfELk/C9nhNugH+SlddUNCmBUbYrJg0p97/qOPh3kRI mnguyen storage: files: - contents: source: data:, filesystem: root mode: 384 path: /etc/pki/ca-trust/source/anchors/openshift-config-user-ca-bundle.crt - contents: source: data:,r%20%2Fetc%2Fkubernetes%2Fcni%2Fnet.d%2F80-openshift-network.conf%0Ar%20%2Fetc%2Fkubernetes%2Fcni%2Fnet.d%2F10-ovn-kubernetes.conf%0Ad%20%2Frun%2Fmultus%2Fcni%2Fnet.d%2F%200755%20root%20root%20-%20-%0AD%20%2Fvar%2Flib%2Fcni%2Fnetworks%2Fopenshift-sdn%2F%200755%20root%20root%20-%20-%0A filesystem: root mode: 420 path: /etc/tmpfiles.d/cleanup-cni.conf - contents: source: data:, filesystem: root mode: 420 path: /etc/kubernetes/static-pod-resources/configmaps/cloud-config/ca-bundle.pem - contents: source: data:,%23%20This%20file%20is%20generated%20by%20the%20Machine%20Config%20Operator's%20containerruntimeconfig%20controller.%0A%23%0A%23%20storage.conf%20is%20the%20configuration%20file%20for%20all%20tools%0A%23%20that%20share%20the%20containers%2Fstorage%20libraries%0A%23%20See%20man%205%20containers-storage.conf%20for%20more%20information%0A%23%20The%20%22container%20storage%22%20table%20contains%20all%20of%20the%20server%20options.%0A%5Bstorage%5D%0A%0A%23%20Default%20Storage%20Driver%0Adriver%20%3D%20%22overlay%22%0A%0A%23%20Temporary%20storage%20location%0Arunroot%20%3D%20%22%2Fvar%2Frun%2Fcontainers%2Fstorage%22%0A%0A%23%20Primary%20Read%2FWrite%20location%20of%20container%20storage%0Agraphroot%20%3D%20%22%2Fvar%2Flib%2Fcontainers%2Fstorage%22%0A%0A%5Bstorage.options%5D%0A%23%20Storage%20options%20to%20be%20passed%20to%20underlying%20storage%20drivers%0A%0A%23%20AdditionalImageStores%20is%20used%20to%20pass%20paths%20to%20additional%20Read%2FOnly%20image%20stores%0A%23%20Must%20be%20comma%20separated%20list.%0Aadditionalimagestores%20%3D%20%5B%0A%5D%0A%0A%23%20Size%20is%20used%20to%20set%20a%20maximum%20size%20of%20the%20container%20image.%20%20Only%20supported%20by%0A%23%20certain%20container%20storage%20drivers.%0Asize%20%3D%20%22%22%0A%0A%23%20OverrideKernelCheck%20tells%20the%20driver%20to%20ignore%20kernel%20checks%20based%20on%20kernel%20version%0Aoverride_kernel_check%20%3D%20%22true%22%0A%0A%23%20Remap-UIDs%2FGIDs%20is%20the%20mapping%20from%20UIDs%2FGIDs%20as%20they%20should%20appear%20inside%20of%0A%23%20a%20container%2C%20to%20UIDs%2FGIDs%20as%20they%20should%20appear%20outside%20of%20the%20container%2C%20and%0A%23%20the%20length%20of%20the%20range%20of%20UIDs%2FGIDs.%20%20Additional%20mapped%20sets%20can%20be%20listed%0A%23%20and%20will%20be%20heeded%20by%20libraries%2C%20but%20there%20are%20limits%20to%20the%20number%20of%0A%23%20mappings%20which%20the%20kernel%20will%20allow%20when%20you%20later%20attempt%20to%20run%20a%0A%23%20container.%0A%23%0A%23%20remap-uids%20%3D%200%3A1668442479%3A65536%0A%23%20remap-gids%20%3D%200%3A1668442479%3A65536%0A%0A%23%20Remap-User%2FGroup%20is%20a%20name%20which%20can%20be%20used%20to%20look%20up%20one%20or%20more%20UID%2FGID%0A%23%20ranges%20in%20the%20%2Fetc%2Fsubuid%20or%20%2Fetc%2Fsubgid%20file.%20%20Mappings%20are%20set%20up%20starting%0A%23%20with%20an%20in-container%20ID%20of%200%20and%20the%20a%20host-level%20ID%20taken%20from%20the%20lowest%0A%23%20range%20that%20matches%20the%20specified%20name%2C%20and%20using%20the%20length%20of%20that%20range.%0A%23%20Additional%20ranges%20are%20then%20assigned%2C%20using%20the%20ranges%20which%20specify%20the%0A%23%20lowest%20host-level%20IDs%20first%2C%20to%20the%20lowest%20not-yet-mapped%20container-level%20ID%2C%0A%23%20until%20all%20of%20the%20entries%20have%20been%20used%20for%20maps.%0A%23%0A%23%20remap-user%20%3D%20%22storage%22%0A%23%20remap-group%20%3D%20%22storage%22%0A%0A%5Bstorage.options.thinpool%5D%0A%23%20Storage%20Options%20for%20thinpool%0A%0A%23%20autoextend_percent%20determines%20the%20amount%20by%20which%20pool%20needs%20to%20be%0A%23%20grown.%20This%20is%20specified%20in%20terms%20of%20%25%20of%20pool%20size.%20So%20a%20value%20of%2020%20means%0A%23%20that%20when%20threshold%20is%20hit%2C%20pool%20will%20be%20grown%20by%2020%25%20of%20existing%0A%23%20pool%20size.%0A%23%20autoextend_percent%20%3D%20%2220%22%0A%0A%23%20autoextend_threshold%20determines%20the%20pool%20extension%20threshold%20in%20terms%0A%23%20of%20percentage%20of%20pool%20size.%20For%20example%2C%20if%20threshold%20is%2060%2C%20that%20means%20when%0A%23%20pool%20is%2060%25%20full%2C%20threshold%20has%20been%20hit.%0A%23%20autoextend_threshold%20%3D%20%2280%22%0A%0A%23%20basesize%20specifies%20the%20size%20to%20use%20when%20creating%20the%20base%20device%2C%20which%0A%23%20limits%20the%20size%20of%20images%20and%20containers.%0A%23%20basesize%20%3D%20%2210G%22%0A%0A%23%20blocksize%20specifies%20a%20custom%20blocksize%20to%20use%20for%20the%20thin%20pool.%0A%23%20blocksize%3D%2264k%22%0A%0A%23%20directlvm_device%20specifies%20a%20custom%20block%20storage%20device%20to%20use%20for%20the%0A%23%20thin%20pool.%20Required%20if%20you%20setup%20devicemapper%0A%23%20directlvm_device%20%3D%20%22%22%0A%0A%23%20directlvm_device_force%20wipes%20device%20even%20if%20device%20already%20has%20a%20filesystem%0A%23%20directlvm_device_force%20%3D%20%22True%22%0A%0A%23%20fs%20specifies%20the%20filesystem%20type%20to%20use%20for%20the%20base%20device.%0A%23%20fs%3D%22xfs%22%0A%0A%23%20log_level%20sets%20the%20log%20level%20of%20devicemapper.%0A%23%200%3A%20LogLevelSuppress%200%20(Default)%0A%23%202%3A%20LogLevelFatal%0A%23%203%3A%20LogLevelErr%0A%23%204%3A%20LogLevelWarn%0A%23%205%3A%20LogLevelNotice%0A%23%206%3A%20LogLevelInfo%0A%23%207%3A%20LogLevelDebug%0A%23%20log_level%20%3D%20%227%22%0A%0A%23%20min_free_space%20specifies%20the%20min%20free%20space%20percent%20in%20a%20thin%20pool%20require%20for%0A%23%20new%20device%20creation%20to%20succeed.%20Valid%20values%20are%20from%200%25%20-%2099%25.%0A%23%20Value%200%25%20disables%0A%23%20min_free_space%20%3D%20%2210%25%22%0A%0A%23%20mkfsarg%20specifies%20extra%20mkfs%20arguments%20to%20be%20used%20when%20creating%20the%20base%0A%23%20device.%0A%23%20mkfsarg%20%3D%20%22%22%0A%0A%23%20mountopt%20specifies%20extra%20mount%20options%20used%20when%20mounting%20the%20thin%20devices.%0A%23%20mountopt%20%3D%20%22%22%0A%0A%23%20use_deferred_removal%20Marking%20device%20for%20deferred%20removal%0A%23%20use_deferred_removal%20%3D%20%22True%22%0A%0A%23%20use_deferred_deletion%20Marking%20device%20for%20deferred%20deletion%0A%23%20use_deferred_deletion%20%3D%20%22True%22%0A%0A%23%20xfs_nospace_max_retries%20specifies%20the%20maximum%20number%20of%20retries%20XFS%20should%0A%23%20attempt%20to%20complete%20IO%20when%20ENOSPC%20(no%20space)%20error%20is%20returned%20by%0A%23%20underlying%20storage%20device.%0A%23%20xfs_nospace_max_retries%20%3D%20%220%22%0A filesystem: root mode: 420 path: /etc/containers/storage.conf - contents: source: data:,%23!%2Fbin%2Fbash%0A%23%0A%23%2090-long-hostname%20is%20a%20wrapper%20around%20%2Fusr%2Flocal%2Fsbin%2Fset-valid-hostname.sh%2C%0A%23%20which%20ensures%20that%20a%20node%20has%20a%20valid%20hostname.%0AIF%3D%241%0ASTATUS%3D%242%0A%0Alog()%20%7B%20logger%20--tag%20%22network-manager%2F%24(basename%20%240)%22%20%22%24%7B%40%7D%22%3B%20%7D%0A%0Aif%20%5B%5B%20!%20%22%24STATUS%22%20%3D~%20(up%7Chostname%7Cdhcp4-change%7Cdhcp6-change)%20%5D%5D%3B%20then%0A%20%20%20%20exit%200%0Afi%0A%0Aif%20%5B%5B%20!%20%22%24(%3C%20%2Fproc%2Fsys%2Fkernel%2Fhostname)%22%20%3D~%20(localhost%7Clocalhost.localdomain)%20%5D%5D%3B%20then%0A%20%20%20%20log%20%22hostname%20is%20already%20set%22%0A%20%20%20%20exit%200%0Afi%0A%0A%23%20source%20the%20script%20since%20NetworkManager%20execution%20rules%20do%0A%23%20allow%20sourcing%20from%20%2Fusr%2Flocal.%20RHCOS%20has%20an%20read-only%20rootfs%0A%23%20which%20limits%20where%20this%20can%20be%20stashed.%0Asource%20%2Fusr%2Flocal%2Fsbin%2Fset-valid-hostname.sh%0Ahost_name%3D%22%24%7BDHCP4_HOST_NAME%3A-%24DHCP6_HOST_NAME%7D%22%0A%0Aif%20%5B%20-n%20%22%24%7Bhost_name%7D%22%20%5D%3B%20then%0A%20%20%20%20set_valid_hostname%20%22%24%7Bhost_name%7D%22%0Afi%0A filesystem: root mode: 493 path: /etc/NetworkManager/dispatcher.d/90-long-hostname - contents: source: data:,%23%20Force-load%20legacy%20iptables%20so%20it%20is%20usable%20from%20pod%20network%20namespaces%0Aip_tables%0A filesystem: root mode: 420 path: /etc/modules-load.d/iptables.conf - contents: source: data:,-----BEGIN%20CERTIFICATE-----%0AMIIDMDCCAhigAwIBAgIIRSOfjauXHxIwDQYJKoZIhvcNAQELBQAwNjESMBAGA1UE%0ACxMJb3BlbnNoaWZ0MSAwHgYDVQQDExdhZG1pbi1rdWJlY29uZmlnLXNpZ25lcjAe%0AFw0yMDA5MjQxMjE0NTRaFw0zMDA5MjIxMjE0NTRaMDYxEjAQBgNVBAsTCW9wZW5z%0AaGlmdDEgMB4GA1UEAxMXYWRtaW4ta3ViZWNvbmZpZy1zaWduZXIwggEiMA0GCSqG%0ASIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZMU%2FyRK9idC%2BNTygiHEd7okPZK0hUEnwE%0ActOG5p83sIIA%2Bs6lPLuMlwafImdbG9AbTG3GRks7nv0QQY4tvch7Quysv3qf83bh%0AhJRydYZbrMODIDXxnDl2nErtAE4MY9X1k04HPdDP3wxqSF4wJUE24cDB0BpAg850%0AVylhykvLiDlmST9rAzGPW8VsC7JbJG9yi3pSMmw8xlM94otQSDpOAzNps2k%2BXm8%2F%0A3avPK%2Fdr3z1J13ZvQdSWKJU%2B%2FZkv6YHKeddsEDteQGSRyQsHHSlRKZIiHrDdy510%0AB%2FJMqzVN8ES%2Bw6k2ZmgITYwc5N6cVBwA3wLQYg6%2FgW88wDssRGRLAgMBAAGjQjBA%0AMA4GA1UdDwEB%2FwQEAwICpDAPBgNVHRMBAf8EBTADAQH%2FMB0GA1UdDgQWBBRWTNjn%0AA8t302VUj1PRksHDFfN0NjANBgkqhkiG9w0BAQsFAAOCAQEAVvfnQ150Ss8zYHAW%0Ah5Dhs5jAF7941nqxpFtK2e9GTuLv%2BpmJSbZUZmIcAJjF2fDvlgnxVRRaxIX3aCmX%0ACvi8uLeN37Hm%2Frluk6qcxiHCE%2FJRB3gKSyt6jiVHJMryJmq5%2FBFFjDRvCmP9ddDR%0ABY2DaIYVeVDYwPKZ8FS3Bp60gUfp7x8LpF6Nkcc7k7CxVrXJEgmBJPgByU1paKmr%0Ak%2FQfZvdpwHF6wpVTeltvQHaV3KJAYtzjyqsM52Fqm%2FnLNmbmbSm%2FnrGN4F71RA2%2B%0Arbyo6NzuQRwG3C%2Biux9NZiP2%2FZ0Xsm%2BXU014IP3Okl6zLQ5iddcRpj4PXKixFQG2%0AkJNlXA%3D%3D%0A-----END%20CERTIFICATE-----%0A-----BEGIN%20CERTIFICATE-----%0AMIIDHjCCAgagAwIBAgIIQKK64TJIN3wwDQYJKoZIhvcNAQELBQAwLTESMBAGA1UE%0ACxMJb3BlbnNoaWZ0MRcwFQYDVQQDEw5rdWJlbGV0LXNpZ25lcjAeFw0yMDA5MjQx%0AMjE0NThaFw0yMDA5MjUxMjE0NThaMC0xEjAQBgNVBAsTCW9wZW5zaGlmdDEXMBUG%0AA1UEAxMOa3ViZWxldC1zaWduZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK%0AAoIBAQC%2Br3R17%2FgPU6SNy%2FIR6ld0G7yDa2wTUDY7GqSlacrFWklgJqCvBRJGuJ%2Fa%0Ab9HEtsRQYHRKDp%2F7JGh%2FUayLBuQumNUUPAllvZ%2BwRcaHGCf1GoVJrmOHkCeJWY4m%0A3xNl8mGpufHeZHDNO214ZSy4wbjvFXCxUL9SeIh6JV3a%2FEZLDryNbpvkyrOZHy0x%0ArcntNPH6e5R1MlqUU5nWChY3113kOGYRXVHrmCzcq6ym6H%2FGmvWLnlK5OIkpn%2Fjj%0AAsfs3OPH%2FSlMTIUSKZA5KIL253HVTsyvYGM%2BDvQnfydvuDmDp1IpMPIVTdxxic7Z%0AYa0d9UgWqXT7OlS7ddr%2BOkvHtNbLAgMBAAGjQjBAMA4GA1UdDwEB%2FwQEAwICpDAP%0ABgNVHRMBAf8EBTADAQH%2FMB0GA1UdDgQWBBTLJpIdBG5MPl1rZNZ4NG6jvvldfTAN%0ABgkqhkiG9w0BAQsFAAOCAQEAqphTZU%2B4u129BdVaR2bdwMV8MrEPme5M4YVMDoXh%0ALNaprW4B26%2B%2BL1RoaHWiek77mZwXaXbPFiuQuPcRlOIsZHWvhPPKevDEdUnqVej2%0AE4iQyrUnUZzSwqomIadZz7M2uEjW8V5vLjSF7SHe6rzdmPeyIY9IzMI%2BwXfd8s%2FU%0AMDqfQw4QKL1fS1e1POEcxByPnPSM9j%2F16InRFZF5L6w9%2BOAl5ovnFa%2BtB2DhIhFo%0AwBKlifEiZb9qMMxZRBMrSr1AK0agIeS9ojCyjlglnyvoGqHq%2Fw1R4LgU2mN%2FLSac%0ANFa0BW%2FrmsLq5rTpxeyNLImiJquj0t8itnVwzktZvubWdw%3D%3D%0A-----END%20CERTIFICATE-----%0A-----BEGIN%20CERTIFICATE-----%0AMIIDNDCCAhygAwIBAgIIY%2BfM1Gc6lRQwDQYJKoZIhvcNAQELBQAwODESMBAGA1UE%0ACxMJb3BlbnNoaWZ0MSIwIAYDVQQDExlrdWJlLWNvbnRyb2wtcGxhbmUtc2lnbmVy%0AMB4XDTIwMDkyNDEyMTQ1OVoXDTIxMDkyNDEyMTQ1OVowODESMBAGA1UECxMJb3Bl%0AbnNoaWZ0MSIwIAYDVQQDExlrdWJlLWNvbnRyb2wtcGxhbmUtc2lnbmVyMIIBIjAN%0ABgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzG7bP0K2m7gmGq%2BWWfZGF%2BLXFoj6%0A00o8Q07vT82DTIDeEVDnaFXoUx5YCveVRj9uT8XBFe6kGNVzVdgJabKXj6YeaUxO%0AyEz%2B3LSD7Sq44oqDNTXUrRDSMvwnjfEYyxZaTqw%2BoNO%2FmTl7BMmbFKD4Tb%2Be9nAq%0AaYSCdjO1k9Dg%2ByquXUGN%2Ba1gKp7hvff%2B2nTKj%2FC6aqAXKwk%2BzrPtLTzKOF97ixsO%0A30slULjqENhvZ0W1wvj1M5sdgcfP5ePgTG3VRD%2FGMgZwlTbDeHKAYnQSXLTocFdN%0A6h%2F%2F3tDHCOQUGvt9wzp13CMD3fTTecjzYdS8qqTTMW1bCzMx2Sx%2FPqUX%2FwIDAQAB%0Ao0IwQDAOBgNVHQ8BAf8EBAMCAqQwDwYDVR0TAQH%2FBAUwAwEB%2FzAdBgNVHQ4EFgQU%0A7m3DSi9UL2mHQmqBe%2BvTPXFPQa8wDQYJKoZIhvcNAQELBQADggEBAAOZmqsCa18m%0ARu3QuUl7Z%2FEbu%2BXIoplfUyyVffahhdqLzeD%2FaiP1wMmxyTuvG6ZAsZSOa373S2F4%0ArWXoHLCxjUoHlbvLF18wFHjkMmeSflKxRpEs44ZRWCupvZqECcBBZFBXIv%2FNE7nN%0A8lQJPZUEZCvIAY9Zbgkg3%2BHTfdG6Q6%2FXpTV18ZTxbBvIh7O3oaVUnWGgydK0UcJx%0A22RGSvUNQFkHvRxoUCQulO%2BpVgPdzjy1V9hgF8FiVl0YRcCylKefv4XGFOzMMQau%0ABmkDaNp0HW48cDxeigG7rzsMttg93V7RoRTtjBlTqHkXgzviebe4Lc0sUOFLch3T%0A3xf6Z2WRzxE%3D%0A-----END%20CERTIFICATE-----%0A-----BEGIN%20CERTIFICATE-----%0AMIIDQjCCAiqgAwIBAgIIEa2Al5HZSi8wDQYJKoZIhvcNAQELBQAwPzESMBAGA1UE%0ACxMJb3BlbnNoaWZ0MSkwJwYDVQQDEyBrdWJlLWFwaXNlcnZlci10by1rdWJlbGV0%0ALXNpZ25lcjAeFw0yMDA5MjQxMjE0NTlaFw0yMTA5MjQxMjE0NTlaMD8xEjAQBgNV%0ABAsTCW9wZW5zaGlmdDEpMCcGA1UEAxMga3ViZS1hcGlzZXJ2ZXItdG8ta3ViZWxl%0AdC1zaWduZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHZp059T%2By%0AJ49j9VnAyXQFwuSuV1km843sNgroAplb8UlUUUaJRk8%2BzSa4UQVC6krLoVckwBmW%0Auzg2rQYqrDGVuX7FTsNPMONCMyLT%2B4n1KKKMAMtu3sUutk5ooDsOAl4qKmelHtCT%0A7ytjMjxBiHQZBG4T5eOrOAMn%2Bsq7%2FTCQEtSfPKWk%2F8oVRyvXA1lW0tbuX5qSiQlw%0Ayawpod%2FK1p3KassaR9lco2xryVg%2FCM8e7y1ELf0oMGBlcvynsn0w7925Q4EkU3js%0Avw%2BT83Wozr0i%2BKXBx3P2KJEbRYoe9MyXWJiqJhU1m4n4LVNjP3uIxAAXkMfHkpoi%0AiFafagFNidLLAgMBAAGjQjBAMA4GA1UdDwEB%2FwQEAwICpDAPBgNVHRMBAf8EBTAD%0AAQH%2FMB0GA1UdDgQWBBQzNeHkatGv1t6FXpoFHwkLsFJlQjANBgkqhkiG9w0BAQsF%0AAAOCAQEAn7zsmegeB7fuJ1CPne5nTJ4rmpNhnQD2kPsY1WUIQS3sQUJf11c1%2FA2E%0AzOQDQQj9aAHvMfEhA%2B%2BK6mlWS9fVHejcIE%2FOJUKegtVICj7LbsLhb7O9nfy%2FVXzM%0A1uCL%2FIF8zCrTxzzLMPR1jcKEXZoKledJmtKXR0VSi4PDICLPoxfIwEvchCZCd2jo%0A89mSbIvVe55bxNehxyazyOsn5oFrHFAueh%2FVEkXOxmfcwivII6ouRAQYOSFox6HE%0AoR%2F3UMQvWVERo0a94n7jufzE6U%2Fcovq6fdOwRuSa5EqY5S7HdvnmxUMDZMGMY6m1%0A85z0c0xjaVQsyJgm4BBxYbfqFUZLCg%3D%3D%0A-----END%20CERTIFICATE-----%0A-----BEGIN%20CERTIFICATE-----%0AMIIDSDCCAjCgAwIBAgIIBOI9S%2FCKzOwwDQYJKoZIhvcNAQELBQAwQjESMBAGA1UE%0ACxMJb3BlbnNoaWZ0MSwwKgYDVQQDEyNrdWJlbGV0LWJvb3RzdHJhcC1rdWJlY29u%0AZmlnLXNpZ25lcjAeFw0yMDA5MjQxMjE0NTRaFw0zMDA5MjIxMjE0NTRaMEIxEjAQ%0ABgNVBAsTCW9wZW5zaGlmdDEsMCoGA1UEAxMja3ViZWxldC1ib290c3RyYXAta3Vi%0AZWNvbmZpZy1zaWduZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQ%0AI7de19aeDbIZc1U7yZ79NrU5q2IGR%2F2RvVgzRMoFwY309uNt1a6AYqG%2F4%2FWT6nWV%0AYhWizSYtMlFTTktACey5lrMPz3h2ger4d27VhLeA2WF4LgYTC2909XVcPkYLMIC3%0AQt8qT5sE0x4jy3qiRrQfFXmK0oVQJoxbdlyLXd2BdX6hynbWbSdSZvGon%2FlxFX1Z%0A6GJ9nScxUpFpFV%2FeydPiNJaiyX9xwoTc6z7XxicAYZeg1fuJmAW0t%2BAN%2BHlQG5LV%0ArpGxERsVLMN8D3jY2zlitoIFhSL7aQmuBnk2anMAXxrj35wWCSb%2FS8gr%2BlC9RUAY%0A3kK0Hm92FP5jtZLHxRzRAgMBAAGjQjBAMA4GA1UdDwEB%2FwQEAwICpDAPBgNVHRMB%0AAf8EBTADAQH%2FMB0GA1UdDgQWBBS33ZioR9uY2JC0Dced2bnQMVSSdzANBgkqhkiG%0A9w0BAQsFAAOCAQEADNxxAHu3nm9dDG5Y%2BwMC5r4Un8wf%2B5QMox8R1g1w28fPGGFH%0ADvg47zJLxIvE3fWUwbYYqF6qmTGfhemwX0DBuxZobXgRggJftVK5nz%2FncIw6GVSW%0AF00BTHYllZV16ApXWNw6RFodaSUGn6U5KZTGf0f0WGGO8WkHyjTOwN77sAsPotWP%0AbluypVhUyqR3qD53JIaUL7iuzBt%2BB3BauEhR6L0DH11XT3HJkvOTyDjbCSv5nduX%0AXF%2FJJSGk5p2n7E7LuT2klT5pHwFCP99O5NidtS0ea2Uhcym%2BVYZhUcuLpkSDN4Wt%0A3LN854Q4QSDnVqiNg6DnENLGxP5EZdguev%2Fpfw%3D%3D%0A-----END%20CERTIFICATE-----%0A filesystem: root mode: 420 path: /etc/kubernetes/kubelet-ca.crt - contents: source: data:,%23%20Turning%20on%20Accounting%20helps%20track%20down%20performance%20issues.%0A%5BManager%5D%0ADefaultCPUAccounting%3Dyes%0ADefaultMemoryAccounting%3Dyes%0ADefaultBlockIOAccounting%3Dyes%0A filesystem: root mode: 420 path: /etc/systemd/system.conf.d/kubelet-cgroups.conf - contents: source: data:,%23%20ignore%20known%20SDN-managed%20devices%0A%5Bdevice%5D%0Amatch-device%3Dinterface-name%3Abr-int%3Binterface-name%3Abr-local%3Binterface-name%3Abr-nexthop%2Cinterface-name%3Aovn-k8s-*%2Cinterface-name%3Ak8s-*%3Binterface-name%3Atun0%3Binterface-name%3Abr0%3Bdriver%3Aveth%0Amanaged%3D0%0A filesystem: root mode: 420 path: /etc/NetworkManager/conf.d/sdn.conf - contents: source: data:,%7B%22auths%22%3A%7B%22registry.svc.ci.openshift.org%22%3A%7B%22auth%22%3A%22dXNlcjpTNEFEVGh2a0NRR3NSa0JlZ183UjhaZ1hId2oyX3M3U1NuVzZCZnF6VWVv%22%7D%2C%22cloud.openshift.com%22%3A%7B%22auth%22%3A%22b3BlbnNoaWZ0LXJlbGVhc2UtZGV2K21uZ3V5ZW5yZWRoYXRjb20xZHp4d293OTZxdG1hajNzaXFocmhlbmVtb3I6QjgyQUZJQUIzQzBKVlNSNFo2R1U2QkgzRzNDV1lBNllWQzVTQ1Q3S0ZPTkNOMU5SR0pEOVQ4NFpPQTgyUFY2NA%3D%3D%22%2C%22email%22%3A%22mnguyen%40redhat.com%22%7D%2C%22quay.io%22%3A%7B%22auth%22%3A%22b3BlbnNoaWZ0LXJlbGVhc2UtZGV2K21uZ3V5ZW5yZWRoYXRjb20xZHp4d293OTZxdG1hajNzaXFocmhlbmVtb3I6QjgyQUZJQUIzQzBKVlNSNFo2R1U2QkgzRzNDV1lBNllWQzVTQ1Q3S0ZPTkNOMU5SR0pEOVQ4NFpPQTgyUFY2NA%3D%3D%22%2C%22email%22%3A%22mnguyen%40redhat.com%22%7D%2C%22registry.connect.redhat.com%22%3A%7B%22auth%22%3A%22NzkxOTg4Nnx1aGMtMUR6eHdvVzk2UXRNYWozc0lRSFJoRW5lTW9yOmV5SmhiR2NpT2lKU1V6VXhNaUo5LmV5SnpkV0lpT2lKbU9XSXlNbUZtTkdRMFltRTBNRFZtWVRReE56RmtOVGRtTnpGaE5qUmtaaUo5LmRHM21MUGhSZHAtYXc3MTBhY2VDZHlrTE4xOWpReU9FckR4dENwUmRJUFBFZXpob3lZR0JpQTlQNlZ3ZUVEWGhFNjRuOFVmYk1Iam9zYVBCMENscmZZSHBmdDVwVDZOdk1Fb0FFaDBuN0tpb0J2TXlvcVFsU3Q1blhUVU53ajdpYk5ndGZoRkxqWE43cE54X1JxTzhCMkxQcjRLQmp3MURFT3FuZ1RER3k2eGFraFA2ZUlmeW4yQnJYLWo0bHlUQ28ydGliZjI2WjRyWW5KNWk2ZE1TQUtnMWVNTzltWW1rTDhFSWE5N2FINXpiQW10M3M5a2JIb0xfaFFMQUxicUpJbkd4Zm1GSnZWN1hRZEs0QWYtR2h4eFZoc0RKbVRXeGpPVnhBNW1ZNnNDX1BsMEx1NG5sTHVlc3pWZWtSREk1VWN0NzR2dEJfNnpmb1RCWXVOVV9ZZnZTSlB6TXp5SGhvNF9VZkJ2YzByT0wxLXNtOEZIOGt1Rms3Y25CN0FUcGlOMF95XzBHT3NGTm1lSjBUa1MxVHJVYURZQU1sQlJoSjdIeGVHWWF2SzVLb3p2LTIzQmdsWV9xX08yWEZIUDFKSzNLc3g2US16YTljWUFQbVc2X05PQ19temVrY2RsWVVIVXp2ak02Y0EyWWl3OE9XRjg3Uy0xcWM1ZGNYUzc4MjdfV2RQbVcwOVlCVkhVQ3lBV1YzV1RGLW5UTEhNRjU2WEdlYVRJUWVMdEZHWTBYZ3R6Y2pUc1ZIRDVJZ19BaVdDLXQ3TkRtS0MwQzlLMTNGX0l3VkxNaHk0RFJaSGxDclNHWTViQ0UxME1CQ0tOV2hfbG1Hb2hoUXRUaTZPak1rdXVaY1ZkWGxock9UbGFJMTRmcTJTMDMwZnh4SG1RY24wZzE1Znl6dnk4%22%2C%22email%22%3A%22mnguyen%40redhat.com%22%7D%2C%22registry.redhat.io%22%3A%7B%22auth%22%3A%22NzkxOTg4Nnx1aGMtMUR6eHdvVzk2UXRNYWozc0lRSFJoRW5lTW9yOmV5SmhiR2NpT2lKU1V6VXhNaUo5LmV5SnpkV0lpT2lKbU9XSXlNbUZtTkdRMFltRTBNRFZtWVRReE56RmtOVGRtTnpGaE5qUmtaaUo5LmRHM21MUGhSZHAtYXc3MTBhY2VDZHlrTE4xOWpReU9FckR4dENwUmRJUFBFZXpob3lZR0JpQTlQNlZ3ZUVEWGhFNjRuOFVmYk1Iam9zYVBCMENscmZZSHBmdDVwVDZOdk1Fb0FFaDBuN0tpb0J2TXlvcVFsU3Q1blhUVU53ajdpYk5ndGZoRkxqWE43cE54X1JxTzhCMkxQcjRLQmp3MURFT3FuZ1RER3k2eGFraFA2ZUlmeW4yQnJYLWo0bHlUQ28ydGliZjI2WjRyWW5KNWk2ZE1TQUtnMWVNTzltWW1rTDhFSWE5N2FINXpiQW10M3M5a2JIb0xfaFFMQUxicUpJbkd4Zm1GSnZWN1hRZEs0QWYtR2h4eFZoc0RKbVRXeGpPVnhBNW1ZNnNDX1BsMEx1NG5sTHVlc3pWZWtSREk1VWN0NzR2dEJfNnpmb1RCWXVOVV9ZZnZTSlB6TXp5SGhvNF9VZkJ2YzByT0wxLXNtOEZIOGt1Rms3Y25CN0FUcGlOMF95XzBHT3NGTm1lSjBUa1MxVHJVYURZQU1sQlJoSjdIeGVHWWF2SzVLb3p2LTIzQmdsWV9xX08yWEZIUDFKSzNLc3g2US16YTljWUFQbVc2X05PQ19temVrY2RsWVVIVXp2ak02Y0EyWWl3OE9XRjg3Uy0xcWM1ZGNYUzc4MjdfV2RQbVcwOVlCVkhVQ3lBV1YzV1RGLW5UTEhNRjU2WEdlYVRJUWVMdEZHWTBYZ3R6Y2pUc1ZIRDVJZ19BaVdDLXQ3TkRtS0MwQzlLMTNGX0l3VkxNaHk0RFJaSGxDclNHWTViQ0UxME1CQ0tOV2hfbG1Hb2hoUXRUaTZPak1rdXVaY1ZkWGxock9UbGFJMTRmcTJTMDMwZnh4SG1RY24wZzE1Znl6dnk4%22%2C%22email%22%3A%22mnguyen%40redhat.com%22%7D%7D%7D%0A filesystem: root mode: 384 path: /var/lib/kubelet/config.json - contents: source: data:,-----BEGIN%20CERTIFICATE-----%0AMIIDEDCCAfigAwIBAgIIbdcjqdsOvpUwDQYJKoZIhvcNAQELBQAwJjESMBAGA1UE%0ACxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdyb290LWNhMB4XDTIwMDkyNDEyMTQ1NVoX%0ADTMwMDkyMjEyMTQ1NVowJjESMBAGA1UECxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdy%0Ab290LWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5MMheynWo1Fi%0AEEx8ga3Divuvoh4UA23S9ZqTtj%2BHghnpX6DEm2DLE4N8VpmDgorbUZRVWiJiW%2FJq%0AKQLQMSvJs9m%2B3XhdyhSQRX7%2BCNiqmzB4vu4YkrWWdfjMQXJYCJoiAhCIcsJDg%2B1x%0AQjMNNnjIf9kvZ89tlA1AcfLCI8xWVgbgoF2739Ug61zB4orlOTK0ZATh1Yv%2FJT9R%0AAfJTD60BKes9W8zqrnTw1ELh%2BFB296a4jR5RE1Oy4O%2F2kA8nN%2Fnn09xBuSTmdBMb%0AIihlaCJPC3CHqi09eQd6j6NfVdlfoxgmFKoX22zUVP36WfExIGX9lYh%2FdzXbzaDG%0AKTbXDYJQWwIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAqQwDwYDVR0TAQH%2FBAUwAwEB%0A%2FzAdBgNVHQ4EFgQUZ0u3fMTSkvIpe2%2FM%2FjFNYQJEFb0wDQYJKoZIhvcNAQELBQAD%0AggEBADbNZbLxRvmiO7Rab91ayxTDdGSB%2Bv2Ioyl7CEda5kLgS8IIZVJBZraRAEJf%0AnkSkFZCP9wWt8nuhiYFh2I9KzkxzczQC1Ih%2B%2BSLO7efXU9kxPyZKfg%2Fj2oGGI7bZ%0AxoAZK52N0Q638Tya89%2BeWX2c5ar6k3G%2F2r%2FEQBMUqCCAcO6zmiypivyFxcXkn%2F7D%0A0grNOw17dESIVQvPVuDkPBF4ideleoypqwVzNmBLlV%2B4SSilDT7t8uvCnrUvC2wJ%0Abgo896wWsSBsqpaR56S4X6DuR27Q83VNAfFGOk5Tk1xg%2BiFzA%2FZ1HeuwUjmNI3Cx%0A0DNl6C%2BeAdx730fx7UFWdk9iulo%3D%0A-----END%20CERTIFICATE-----%0A-----BEGIN%20CERTIFICATE-----%0AMIIDMDCCAhigAwIBAgIIRSOfjauXHxIwDQYJKoZIhvcNAQELBQAwNjESMBAGA1UE%0ACxMJb3BlbnNoaWZ0MSAwHgYDVQQDExdhZG1pbi1rdWJlY29uZmlnLXNpZ25lcjAe%0AFw0yMDA5MjQxMjE0NTRaFw0zMDA5MjIxMjE0NTRaMDYxEjAQBgNVBAsTCW9wZW5z%0AaGlmdDEgMB4GA1UEAxMXYWRtaW4ta3ViZWNvbmZpZy1zaWduZXIwggEiMA0GCSqG%0ASIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZMU%2FyRK9idC%2BNTygiHEd7okPZK0hUEnwE%0ActOG5p83sIIA%2Bs6lPLuMlwafImdbG9AbTG3GRks7nv0QQY4tvch7Quysv3qf83bh%0AhJRydYZbrMODIDXxnDl2nErtAE4MY9X1k04HPdDP3wxqSF4wJUE24cDB0BpAg850%0AVylhykvLiDlmST9rAzGPW8VsC7JbJG9yi3pSMmw8xlM94otQSDpOAzNps2k%2BXm8%2F%0A3avPK%2Fdr3z1J13ZvQdSWKJU%2B%2FZkv6YHKeddsEDteQGSRyQsHHSlRKZIiHrDdy510%0AB%2FJMqzVN8ES%2Bw6k2ZmgITYwc5N6cVBwA3wLQYg6%2FgW88wDssRGRLAgMBAAGjQjBA%0AMA4GA1UdDwEB%2FwQEAwICpDAPBgNVHRMBAf8EBTADAQH%2FMB0GA1UdDgQWBBRWTNjn%0AA8t302VUj1PRksHDFfN0NjANBgkqhkiG9w0BAQsFAAOCAQEAVvfnQ150Ss8zYHAW%0Ah5Dhs5jAF7941nqxpFtK2e9GTuLv%2BpmJSbZUZmIcAJjF2fDvlgnxVRRaxIX3aCmX%0ACvi8uLeN37Hm%2Frluk6qcxiHCE%2FJRB3gKSyt6jiVHJMryJmq5%2FBFFjDRvCmP9ddDR%0ABY2DaIYVeVDYwPKZ8FS3Bp60gUfp7x8LpF6Nkcc7k7CxVrXJEgmBJPgByU1paKmr%0Ak%2FQfZvdpwHF6wpVTeltvQHaV3KJAYtzjyqsM52Fqm%2FnLNmbmbSm%2FnrGN4F71RA2%2B%0Arbyo6NzuQRwG3C%2Biux9NZiP2%2FZ0Xsm%2BXU014IP3Okl6zLQ5iddcRpj4PXKixFQG2%0AkJNlXA%3D%3D%0A-----END%20CERTIFICATE-----%0A-----BEGIN%20CERTIFICATE-----%0AMIIDHjCCAgagAwIBAgIIQKK64TJIN3wwDQYJKoZIhvcNAQELBQAwLTESMBAGA1UE%0ACxMJb3BlbnNoaWZ0MRcwFQYDVQQDEw5rdWJlbGV0LXNpZ25lcjAeFw0yMDA5MjQx%0AMjE0NThaFw0yMDA5MjUxMjE0NThaMC0xEjAQBgNVBAsTCW9wZW5zaGlmdDEXMBUG%0AA1UEAxMOa3ViZWxldC1zaWduZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK%0AAoIBAQC%2Br3R17%2FgPU6SNy%2FIR6ld0G7yDa2wTUDY7GqSlacrFWklgJqCvBRJGuJ%2Fa%0Ab9HEtsRQYHRKDp%2F7JGh%2FUayLBuQumNUUPAllvZ%2BwRcaHGCf1GoVJrmOHkCeJWY4m%0A3xNl8mGpufHeZHDNO214ZSy4wbjvFXCxUL9SeIh6JV3a%2FEZLDryNbpvkyrOZHy0x%0ArcntNPH6e5R1MlqUU5nWChY3113kOGYRXVHrmCzcq6ym6H%2FGmvWLnlK5OIkpn%2Fjj%0AAsfs3OPH%2FSlMTIUSKZA5KIL253HVTsyvYGM%2BDvQnfydvuDmDp1IpMPIVTdxxic7Z%0AYa0d9UgWqXT7OlS7ddr%2BOkvHtNbLAgMBAAGjQjBAMA4GA1UdDwEB%2FwQEAwICpDAP%0ABgNVHRMBAf8EBTADAQH%2FMB0GA1UdDgQWBBTLJpIdBG5MPl1rZNZ4NG6jvvldfTAN%0ABgkqhkiG9w0BAQsFAAOCAQEAqphTZU%2B4u129BdVaR2bdwMV8MrEPme5M4YVMDoXh%0ALNaprW4B26%2B%2BL1RoaHWiek77mZwXaXbPFiuQuPcRlOIsZHWvhPPKevDEdUnqVej2%0AE4iQyrUnUZzSwqomIadZz7M2uEjW8V5vLjSF7SHe6rzdmPeyIY9IzMI%2BwXfd8s%2FU%0AMDqfQw4QKL1fS1e1POEcxByPnPSM9j%2F16InRFZF5L6w9%2BOAl5ovnFa%2BtB2DhIhFo%0AwBKlifEiZb9qMMxZRBMrSr1AK0agIeS9ojCyjlglnyvoGqHq%2Fw1R4LgU2mN%2FLSac%0ANFa0BW%2FrmsLq5rTpxeyNLImiJquj0t8itnVwzktZvubWdw%3D%3D%0A-----END%20CERTIFICATE-----%0A-----BEGIN%20CERTIFICATE-----%0AMIIDNDCCAhygAwIBAgIIY%2BfM1Gc6lRQwDQYJKoZIhvcNAQELBQAwODESMBAGA1UE%0ACxMJb3BlbnNoaWZ0MSIwIAYDVQQDExlrdWJlLWNvbnRyb2wtcGxhbmUtc2lnbmVy%0AMB4XDTIwMDkyNDEyMTQ1OVoXDTIxMDkyNDEyMTQ1OVowODESMBAGA1UECxMJb3Bl%0AbnNoaWZ0MSIwIAYDVQQDExlrdWJlLWNvbnRyb2wtcGxhbmUtc2lnbmVyMIIBIjAN%0ABgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzG7bP0K2m7gmGq%2BWWfZGF%2BLXFoj6%0A00o8Q07vT82DTIDeEVDnaFXoUx5YCveVRj9uT8XBFe6kGNVzVdgJabKXj6YeaUxO%0AyEz%2B3LSD7Sq44oqDNTXUrRDSMvwnjfEYyxZaTqw%2BoNO%2FmTl7BMmbFKD4Tb%2Be9nAq%0AaYSCdjO1k9Dg%2ByquXUGN%2Ba1gKp7hvff%2B2nTKj%2FC6aqAXKwk%2BzrPtLTzKOF97ixsO%0A30slULjqENhvZ0W1wvj1M5sdgcfP5ePgTG3VRD%2FGMgZwlTbDeHKAYnQSXLTocFdN%0A6h%2F%2F3tDHCOQUGvt9wzp13CMD3fTTecjzYdS8qqTTMW1bCzMx2Sx%2FPqUX%2FwIDAQAB%0Ao0IwQDAOBgNVHQ8BAf8EBAMCAqQwDwYDVR0TAQH%2FBAUwAwEB%2FzAdBgNVHQ4EFgQU%0A7m3DSi9UL2mHQmqBe%2BvTPXFPQa8wDQYJKoZIhvcNAQELBQADggEBAAOZmqsCa18m%0ARu3QuUl7Z%2FEbu%2BXIoplfUyyVffahhdqLzeD%2FaiP1wMmxyTuvG6ZAsZSOa373S2F4%0ArWXoHLCxjUoHlbvLF18wFHjkMmeSflKxRpEs44ZRWCupvZqECcBBZFBXIv%2FNE7nN%0A8lQJPZUEZCvIAY9Zbgkg3%2BHTfdG6Q6%2FXpTV18ZTxbBvIh7O3oaVUnWGgydK0UcJx%0A22RGSvUNQFkHvRxoUCQulO%2BpVgPdzjy1V9hgF8FiVl0YRcCylKefv4XGFOzMMQau%0ABmkDaNp0HW48cDxeigG7rzsMttg93V7RoRTtjBlTqHkXgzviebe4Lc0sUOFLch3T%0A3xf6Z2WRzxE%3D%0A-----END%20CERTIFICATE-----%0A-----BEGIN%20CERTIFICATE-----%0AMIIDQjCCAiqgAwIBAgIIEa2Al5HZSi8wDQYJKoZIhvcNAQELBQAwPzESMBAGA1UE%0ACxMJb3BlbnNoaWZ0MSkwJwYDVQQDEyBrdWJlLWFwaXNlcnZlci10by1rdWJlbGV0%0ALXNpZ25lcjAeFw0yMDA5MjQxMjE0NTlaFw0yMTA5MjQxMjE0NTlaMD8xEjAQBgNV%0ABAsTCW9wZW5zaGlmdDEpMCcGA1UEAxMga3ViZS1hcGlzZXJ2ZXItdG8ta3ViZWxl%0AdC1zaWduZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHZp059T%2By%0AJ49j9VnAyXQFwuSuV1km843sNgroAplb8UlUUUaJRk8%2BzSa4UQVC6krLoVckwBmW%0Auzg2rQYqrDGVuX7FTsNPMONCMyLT%2B4n1KKKMAMtu3sUutk5ooDsOAl4qKmelHtCT%0A7ytjMjxBiHQZBG4T5eOrOAMn%2Bsq7%2FTCQEtSfPKWk%2F8oVRyvXA1lW0tbuX5qSiQlw%0Ayawpod%2FK1p3KassaR9lco2xryVg%2FCM8e7y1ELf0oMGBlcvynsn0w7925Q4EkU3js%0Avw%2BT83Wozr0i%2BKXBx3P2KJEbRYoe9MyXWJiqJhU1m4n4LVNjP3uIxAAXkMfHkpoi%0AiFafagFNidLLAgMBAAGjQjBAMA4GA1UdDwEB%2FwQEAwICpDAPBgNVHRMBAf8EBTAD%0AAQH%2FMB0GA1UdDgQWBBQzNeHkatGv1t6FXpoFHwkLsFJlQjANBgkqhkiG9w0BAQsF%0AAAOCAQEAn7zsmegeB7fuJ1CPne5nTJ4rmpNhnQD2kPsY1WUIQS3sQUJf11c1%2FA2E%0AzOQDQQj9aAHvMfEhA%2B%2BK6mlWS9fVHejcIE%2FOJUKegtVICj7LbsLhb7O9nfy%2FVXzM%0A1uCL%2FIF8zCrTxzzLMPR1jcKEXZoKledJmtKXR0VSi4PDICLPoxfIwEvchCZCd2jo%0A89mSbIvVe55bxNehxyazyOsn5oFrHFAueh%2FVEkXOxmfcwivII6ouRAQYOSFox6HE%0AoR%2F3UMQvWVERo0a94n7jufzE6U%2Fcovq6fdOwRuSa5EqY5S7HdvnmxUMDZMGMY6m1%0A85z0c0xjaVQsyJgm4BBxYbfqFUZLCg%3D%3D%0A-----END%20CERTIFICATE-----%0A-----BEGIN%20CERTIFICATE-----%0AMIIDSDCCAjCgAwIBAgIIBOI9S%2FCKzOwwDQYJKoZIhvcNAQELBQAwQjESMBAGA1UE%0ACxMJb3BlbnNoaWZ0MSwwKgYDVQQDEyNrdWJlbGV0LWJvb3RzdHJhcC1rdWJlY29u%0AZmlnLXNpZ25lcjAeFw0yMDA5MjQxMjE0NTRaFw0zMDA5MjIxMjE0NTRaMEIxEjAQ%0ABgNVBAsTCW9wZW5zaGlmdDEsMCoGA1UEAxMja3ViZWxldC1ib290c3RyYXAta3Vi%0AZWNvbmZpZy1zaWduZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQ%0AI7de19aeDbIZc1U7yZ79NrU5q2IGR%2F2RvVgzRMoFwY309uNt1a6AYqG%2F4%2FWT6nWV%0AYhWizSYtMlFTTktACey5lrMPz3h2ger4d27VhLeA2WF4LgYTC2909XVcPkYLMIC3%0AQt8qT5sE0x4jy3qiRrQfFXmK0oVQJoxbdlyLXd2BdX6hynbWbSdSZvGon%2FlxFX1Z%0A6GJ9nScxUpFpFV%2FeydPiNJaiyX9xwoTc6z7XxicAYZeg1fuJmAW0t%2BAN%2BHlQG5LV%0ArpGxERsVLMN8D3jY2zlitoIFhSL7aQmuBnk2anMAXxrj35wWCSb%2FS8gr%2BlC9RUAY%0A3kK0Hm92FP5jtZLHxRzRAgMBAAGjQjBAMA4GA1UdDwEB%2FwQEAwICpDAPBgNVHRMB%0AAf8EBTADAQH%2FMB0GA1UdDgQWBBS33ZioR9uY2JC0Dced2bnQMVSSdzANBgkqhkiG%0A9w0BAQsFAAOCAQEADNxxAHu3nm9dDG5Y%2BwMC5r4Un8wf%2B5QMox8R1g1w28fPGGFH%0ADvg47zJLxIvE3fWUwbYYqF6qmTGfhemwX0DBuxZobXgRggJftVK5nz%2FncIw6GVSW%0AF00BTHYllZV16ApXWNw6RFodaSUGn6U5KZTGf0f0WGGO8WkHyjTOwN77sAsPotWP%0AbluypVhUyqR3qD53JIaUL7iuzBt%2BB3BauEhR6L0DH11XT3HJkvOTyDjbCSv5nduX%0AXF%2FJJSGk5p2n7E7LuT2klT5pHwFCP99O5NidtS0ea2Uhcym%2BVYZhUcuLpkSDN4Wt%0A3LN854Q4QSDnVqiNg6DnENLGxP5EZdguev%2Fpfw%3D%3D%0A-----END%20CERTIFICATE-----%0A filesystem: root mode: 420 path: /etc/kubernetes/ca.crt - contents: source: data:,net.ipv4.ip_forward%20%3D%201%0Anet.ipv6.conf.all.forwarding%20%3D%201%0A filesystem: root mode: 420 path: /etc/sysctl.d/forward.conf - contents: source: data:,%0Afs.inotify.max_user_watches%20%3D%2065536%0Afs.inotify.max_user_instances%20%3D%208192%0A filesystem: root mode: 420 path: /etc/sysctl.d/inotify.conf - contents: source: data:,%23!%2Fbin%2Fbash%0A%23%20On%20some%20platforms%20the%20hostname%20may%20be%20too%20long%20(%3E63%20chars).%0A%23%20%20-%20On%20firstboot%20the%20hostname%20is%20set%20in%20the%20initramfs%20before%20NetworkManager%0A%23%20%20%20%20And%20it%20may%20be%20truncated%20at%2064%20characters%20(too%20long)%0A%23%20%20-%20On%20reboot%20affect%20nodes%20use%20'localhost'.%0A%23%0A%23%20This%20script%20is%20a%20simple%20workaround%20for%20hostname%20woes%2C%20including%0A%23%20%20-%20NOT%20a%20localhost%20name%0A%23%20%20-%20NOT%20longer%20than%2063%20characters.%20Names%20will%20be%20truncated%20at%20the%0A%23%20%20%20%20first%20dot%2C%20and%20then%20capped%20at%2063%20char%20(which%20ever%20is%20less).%0A%23%20%20-%20Race%20conditions%20between%20truncated%20hostnames%20by%20the%20dhclient%0A%23%20%20%20%20and%20NetworkManager.%0A%23%0A%23%20Finally%2C%20this%20script%20is%20invoked%20via%3A%0A%23%20%20-%20%2Fetc%2FNetworkManager%2Fdispatcher.d%2F90-long-hostnames%0A%23%20%20-%20on%20boot%20via%20node-valid-hostname.service%0A%0Aexport%20PATH%3D%22%2Fusr%2Fbin%3A%2Fusr%2Flocal%2Fbin%3A%2Fsbin%3A%2Fusr%2Flocal%2Fsbin%3A%2Fbin%3A%24%7BPATH%7D%22%0Alog()%20%7B%20logger%20--tag%20%22%24(basename%20%240)%22%20%22%24%7B%40%7D%22%3B%20%7D%0A%0A%23%20wait_localhost%20waits%20until%20the%20host%20gets%20a%20real%20hostname.%0A%23%20This%20will%20wait%20indefinately.%20node-valid-hostname.service%20will%20terminate%0A%23%20this%20after%205m.%0Await_localhost()%20%7B%0A%20%20%20%20log%20%22waiting%20for%20non-localhost%20hostname%20to%20be%20assigned%22%0A%20%20%20%20while%20%5B%5B%20%22%24(%3C%20%2Fproc%2Fsys%2Fkernel%2Fhostname)%22%20%3D~%20(localhost%7Clocalhost.localdomain)%20%5D%5D%3B%0A%20%20%20%20do%0A%20%20%20%20%20%20%20%20sleep%201%0A%20%20%20%20done%0A%20%20%20%20log%20%22node%20identified%20as%20%24(%3C%2Fproc%2Fsys%2Fkernel%2Fhostname)%22%0A%20%20%20%20exit%200%0A%7D%0A%0Aset_valid_hostname()%20%7B%0A%20%20%20%20local%20host_name%3D%24%7B1%7D%0A%20%20%20%20local%20type_arg%3D%22transient%22%0A%0A%20%20%20%20%23%20%2Fetc%2Fhostname%20is%20used%20for%20static%20hostnames%20and%20is%20authorative.%0A%20%20%20%20%23%20This%20will%20check%20to%20make%20sure%20that%20the%20static%20hostname%20is%20the%0A%20%20%20%20%23%20less%20than%20or%20equal%20to%2063%20characters%20in%20length.%0A%20%20%20%20if%20%5B%20-f%20%2Fetc%2Fhostname%20%5D%20%26%26%20%5B%20%22%24(cat%20%2Fetc%2Fhostname%20%7C%20wc%20-m)%22%20-gt%200%20%5D%3B%20then%0A%20%20%20%20%20%20%20%20etc_name%3D%22%24(%3C%20%2Fetc%2Fhostname)%22%0A%20%20%20%20%20%20%20%20type_arg%3D%22static%22%0A%20%20%20%20%20%20%20%20if%20%5B%20%22%24%7Betc_name%7D%22%20!%3D%20%22%24%7Bhost_name%7D%22%20%5D%3B%20then%0A%20%20%20%20%20%20%20%20%20%20%20%20log%20%22%2Fetc%2Fhostname%20is%20set%20to%20%24%7Betc_name%7D%20but%20does%20not%20match%20%24%7Bhost_name%7D%22%0A%20%20%20%20%20%20%20%20%20%20%20%20log%20%22using%20%2Fetc%2Fhostname%20as%20the%20authorative%20name%22%0A%20%20%20%20%20%20%20%20%20%20%20%20host_name%3D%22%24%7Betc_name%7D%22%0A%20%20%20%20%20%20%20%20fi%0A%20%20%20%20fi%0A%0A%20%20%20%20%23%20Only%20mutate%20the%20hostname%20if%20the%20length%20is%20longer%20than%2063%20characters.%20The%0A%20%20%20%20%23%20hostname%20will%20be%20the%20lesser%20of%2063%20characters%20after%20the%20first%20dot%20in%20the%0A%20%20%20%20%23%20FQDN.%0A%20%20%20%20if%20%5B%20%22%24%7B%23host_name%7D%22%20-gt%2063%20%5D%3B%20then%0A%20%20%20%20%20%20%20%20alt_name%3D%24(printf%20%22%24%7Bhost_name%7D%22%20%7C%20cut%20-f1%20-d'.'%20%7C%20cut%20-c%20-63)%0A%20%20%20%20%20%20%20%20log%20%22%24%7Bhost_name%7D%20is%20longer%20than%2063%20characters%2C%20using%20trunacated%20hostname%22%0A%20%20%20%20%20%20%20%20host_name%3D%22%24%7Balt_name%7D%22%0A%20%20%20%20fi%0A%20%20%20%20log%20%22setting%20%24%7Btype_arg%7D%20hostname%20to%20%24%7Bhost_name%7D%22%0A%20%20%20%20%2Fbin%2Fhostnamectl%20%22--%24%7Btype_arg%7D%22%20set-hostname%20%22%24%7Bhost_name%7D%22%0A%20%20%20%20exit%200%0A%7D%0A%0Acli_run()%20%7B%0A%20%20%20%20mode%3D%22%24%7B1%3A%3Fmode%20must%20be%20the%20first%20argument%7D%22%3B%20shift%3B%0A%20%20%20%20case%20%22%24%7Bmode%7D%22%20in%0A%20%20%20%20%20%20%20%20%20%20%20%20wait_localhost)%20wait_localhost%3B%3B%0A%20%20%20%20%20%20%20%20set_valid_hostname)%20hname%3D%22%24%7B1%3A%3Fhostname%20is%20a%20required%20last%20argument%7D%22%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20set_valid_hostname%20%22%24%7Bhname%7D%22%3B%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*)%20log%20%22unknown%20mode%20%24%7Bmode%7D%22%3B%20exit%201%3B%3B%0A%20%20%20%20esac%0A%7D%0A%0A%23%20Allow%20the%20functions%20to%20be%20sourced.%20This%20can%20be%20run%20either%20as%20a%0A%23%20standalone%20command%20or%20in%20systemd%20or%20part%20of%20NetworkManager.%0Aif%20%5B%5B%20%22%24%7BBASH_SOURCE%5B0%5D%7D%22%20%3D%3D%20%22%24%7B0%7D%22%20%5D%5D%3B%20then%0A%20%20%20%20cli_run%20%24%7B%40%7D%0Afi%0A filesystem: root mode: 493 path: /usr/local/sbin/set-valid-hostname.sh - contents: source: data:, filesystem: root mode: 493 path: /etc/kubernetes/kubelet-plugins/volume/exec/.dummy - contents: source: data:,unqualified-search-registries%20%3D%20%5B'registry.access.redhat.com'%2C%20'docker.io'%5D%0A filesystem: root mode: 420 path: /etc/containers/registries.conf - contents: source: data:,%5Bcrio.api%5D%0Astream_address%20%3D%20%22%22%0Astream_port%20%3D%20%2210010%22%0A%0A%5Bcrio.runtime%5D%0Aconmon%20%3D%20%22%2Fusr%2Flibexec%2Fcrio%2Fconmon%22%0Aconmon_cgroup%20%3D%20%22pod%22%0Adefault_env%20%3D%20%5B%0A%20%20%20%20%22NSS_SDB_USE_CACHE%3Dno%22%2C%0A%5D%0Alog_level%20%3D%20%22info%22%0Acgroup_manager%20%3D%20%22systemd%22%0Adefault_capabilities%20%3D%20%5B%0A%20%20%20%20%22CHOWN%22%2C%0A%20%20%20%20%22DAC_OVERRIDE%22%2C%0A%20%20%20%20%22FSETID%22%2C%0A%20%20%20%20%22FOWNER%22%2C%0A%20%20%20%20%22NET_RAW%22%2C%0A%20%20%20%20%22SETGID%22%2C%0A%20%20%20%20%22SETUID%22%2C%0A%20%20%20%20%22SETPCAP%22%2C%0A%20%20%20%20%22NET_BIND_SERVICE%22%2C%0A%20%20%20%20%22SYS_CHROOT%22%2C%0A%20%20%20%20%22KILL%22%2C%0A%5D%0Ahooks_dir%20%3D%20%5B%0A%20%20%20%20%22%2Fetc%2Fcontainers%2Foci%2Fhooks.d%22%2C%0A%5D%0Amanage_ns_lifecycle%20%3D%20true%0A%0A%5Bcrio.image%5D%0Aglobal_auth_file%20%3D%20%22%2Fvar%2Flib%2Fkubelet%2Fconfig.json%22%0Apause_image%20%3D%20%22quay.io%2Fopenshift-release-dev%2Focp-v4.0-art-dev%40sha256%3Acc0eb0534a361cffb7c392bf889ef061fc5390a7b21f6c92710f7a53ac4edd85%22%0Apause_image_auth_file%20%3D%20%22%2Fvar%2Flib%2Fkubelet%2Fconfig.json%22%0Apause_command%20%3D%20%22%2Fusr%2Fbin%2Fpod%22%0A%0A%5Bcrio.network%5D%0Anetwork_dir%20%3D%20%22%2Fetc%2Fkubernetes%2Fcni%2Fnet.d%2F%22%0Aplugin_dirs%20%3D%20%5B%0A%20%20%20%20%22%2Fvar%2Flib%2Fcni%2Fbin%22%2C%0A%20%20%20%20%22%2Fusr%2Flibexec%2Fcni%22%2C%0A%5D%0A%0A%5Bcrio.metrics%5D%0Aenable_metrics%20%3D%20true%0Ametrics_port%20%3D%209537%0A filesystem: root mode: 420 path: /etc/crio/crio.conf.d/00-default - contents: source: data:,%7B%0A%20%20%20%20%22default%22%3A%20%5B%0A%20%20%20%20%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20%22type%22%3A%20%22insecureAcceptAnything%22%0A%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%5D%2C%0A%20%20%20%20%22transports%22%3A%0A%20%20%20%20%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20%22docker-daemon%22%3A%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%22%22%3A%20%5B%7B%22type%22%3A%22insecureAcceptAnything%22%7D%5D%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%20%20%7D%0A%7D filesystem: root mode: 420 path: /etc/containers/policy.json - contents: source: data:, filesystem: root mode: 420 path: /etc/kubernetes/cloud.conf - contents: source: data:,kind%3A%20KubeletConfiguration%0AapiVersion%3A%20kubelet.config.k8s.io%2Fv1beta1%0Aauthentication%3A%0A%20%20x509%3A%0A%20%20%20%20clientCAFile%3A%20%2Fetc%2Fkubernetes%2Fkubelet-ca.crt%0A%20%20anonymous%3A%0A%20%20%20%20enabled%3A%20false%0AcgroupDriver%3A%20systemd%0AcgroupRoot%3A%20%2F%0AclusterDNS%3A%0A%20%20-%20172.30.0.10%0AclusterDomain%3A%20cluster.local%0AcontainerLogMaxSize%3A%2050Mi%0AmaxPods%3A%20250%0AkubeAPIQPS%3A%2050%0AkubeAPIBurst%3A%20100%0ArotateCertificates%3A%20true%0AserializeImagePulls%3A%20false%0AstaticPodPath%3A%20%2Fetc%2Fkubernetes%2Fmanifests%0AsystemCgroups%3A%20%2Fsystem.slice%0AsystemReserved%3A%0A%20%20cpu%3A%20500m%0A%20%20memory%3A%201Gi%0A%20%20ephemeral-storage%3A%201Gi%0AfeatureGates%3A%0A%20%20LegacyNodeRoleBehavior%3A%20false%0A%20%20NodeDisruptionExclusion%3A%20true%0A%20%20RotateKubeletServerCertificate%3A%20true%0A%20%20SCTPSupport%3A%20true%0A%20%20ServiceNodeExclusion%3A%20true%0A%20%20SupportPodPidsLimit%3A%20true%0AserverTLSBootstrap%3A%20true%0A filesystem: root mode: 420 path: /etc/kubernetes/kubelet.conf systemd: units: - dropins: - contents: | [Unit] Description=MCO environment configuration name: 10-mco-default-env.conf name: crio.service - dropins: - contents: | [Unit] Description=MCO environment configuration name: 10-mco-default-env.conf name: kubelet.service - dropins: - contents: | [Unit] Description=MCO environment configuration name: 10-mco-default-env.conf name: machine-config-daemon-host.service - dropins: - contents: | [Unit] Description=MCO environment configuration name: 10-mco-default-env.conf name: pivot.service - contents: | [Unit] Description=Machine Config Daemon Firstboot (4.2 bootimage) # Make sure it runs only on OSTree booted system ConditionPathExists=/run/ostree-booted BindsTo=ignition-firstboot-complete.service ConditionPathExists=/etc/ignition-machine-config-encapsulated.json # Note the opposite of this in machine-config-daemon-firstboot ConditionPathExists=!/sysroot/.coreos-aleph-version.json After=ignition-firstboot-complete.service Before=kubelet.service [Service] # Need oneshot to delay kubelet Type=oneshot ExecStart=/usr/libexec/machine-config-daemon pivot [Install] WantedBy=multi-user.target enabled: true name: machine-config-daemon-firstboot-v42.service - contents: | [Unit] Description=Machine Config Daemon Firstboot # Make sure it runs only on OSTree booted system ConditionPathExists=/run/ostree-booted # Removal of this file signals firstboot completion ConditionPathExists=/etc/ignition-machine-config-encapsulated.json # We only want to run on 4.3 clusters and above; this came from # https://github.com/coreos/coreos-assembler/pull/768 ConditionPathExists=/sysroot/.coreos-aleph-version.json After=ignition-firstboot-complete.service Before=crio.service crio-wipe.service Before=kubelet.service [Service] # Need oneshot to delay kubelet Type=oneshot ExecStart=/usr/libexec/machine-config-daemon firstboot-complete-machineconfig [Install] WantedBy=multi-user.target RequiredBy=crio.service kubelet.service enabled: true name: machine-config-daemon-firstboot.service - contents: | [Unit] Description=Machine Config Daemon Initial # This only applies to ostree (MCD) systems; # see also https://github.com/openshift/machine-config-operator/issues/1046 ConditionPathExists=/run/ostree-booted ConditionPathExists=/etc/pivot/image-pullspec # If pivot exists, defer to it. Note similar code in update.go ConditionPathExists=!/usr/lib/systemd/system/pivot.service After=ignition-firstboot-complete.service Before=kubelet.service [Service] # Need oneshot to delay kubelet Type=oneshot # TODO add --from-etc-pullspec after ratcheting ExecStart=/usr/libexec/machine-config-daemon pivot [Install] WantedBy=multi-user.target enabled: false name: machine-config-daemon-host.service - contents: | [Unit] Description=Ensure the node hostname is valid for the cluster Before=network-online.target [Service] Type=oneshot RemainAfterExit=yes User=root # SystemD prevents direct execution of the script in /usr/local/sbin, # so it is sourced. See the script for functionality. ExecStart=/bin/bash -c "source /usr/local/sbin/set-valid-hostname.sh; wait_localhost; set_valid_hostname `hostname`" # Wait up to 5min for the node to get a real hostname. TimeoutSec=300 [Install] WantedBy=multi-user.target # Ensure that network-online.target will not complete until the node has a real hostname. RequiredBy=network-online.target enabled: true name: node-valid-hostname.service - contents: | [Unit] Description=Kubernetes Kubelet Wants=rpc-statd.service network-online.target crio.service After=network-online.target crio.service [Service] Type=notify ExecStartPre=/bin/mkdir --parents /etc/kubernetes/manifests ExecStartPre=/bin/rm -f /var/lib/kubelet/cpu_manager_state Environment="KUBELET_LOG_LEVEL=4" EnvironmentFile=/etc/os-release EnvironmentFile=-/etc/kubernetes/kubelet-workaround EnvironmentFile=-/etc/kubernetes/kubelet-env ExecStart=/usr/bin/hyperkube \ kubelet \ --config=/etc/kubernetes/kubelet.conf \ --bootstrap-kubeconfig=/etc/kubernetes/kubeconfig \ --kubeconfig=/var/lib/kubelet/kubeconfig \ --container-runtime=remote \ --container-runtime-endpoint=/var/run/crio/crio.sock \ --runtime-cgroups=/system.slice/crio.service \ --node-labels=node-role.kubernetes.io/worker,node.openshift.io/os_id=${ID} \ --minimum-container-ttl-duration=6m0s \ --volume-plugin-dir=/etc/kubernetes/kubelet-plugins/volume/exec \ --cloud-provider=aws \ \ --pod-infra-container-image=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:cc0eb0534a361cffb7c392bf889ef061fc5390a7b21f6c92710f7a53ac4edd85 \ --v=${KUBELET_LOG_LEVEL} Restart=always RestartSec=10 [Install] WantedBy=multi-user.target enabled: true name: kubelet.service fips: false kernelArguments: [] kernelType: default osImageURL: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e59e8b5f129fbe69932a0b0edab4c501a61eeaa4aac83e1b22d86c9d296b587e $ oc adm upgrade --to-image=registry.svc.ci.openshift.org/ocp/release:4.6.0-0.nightly-2020-09-24-074159 --force Updating to release image registry.svc.ci.openshift.org/ocp/release:4.6.0-0.nightly-2020-09-24-074159 $ oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.5.12 True True 16s Working towards registry.svc.ci.openshift.org/ocp/release:4.6.0-0.nightly-2020-09-24-074159: downloading update $ watch oc get clusterversion $ oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.6.0-0.nightly-2020-09-24-074159 True False 4m47s Cluster version is 4.6.0-0.nightly-2020-09-24-074159
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:4196