Bug 1880603 - The MCO is unable to upgrade from 4.5->4.6 if there are multiple passwd sections in multiple user machineconfigs
Summary: The MCO is unable to upgrade from 4.5->4.6 if there are multiple passwd secti...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Machine Config Operator
Version: 4.6
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: 4.6.0
Assignee: Yu Qi Zhang
QA Contact: Michael Nguyen
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-09-18 19:25 UTC by Yu Qi Zhang
Modified: 2020-10-27 16:43 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-10-27 16:42:58 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift machine-config-operator pull 2103 0 None closed Bug 1880603: controller/helpers.go: de-duplicate ign spec 2 passwdUsers 2021-02-10 18:31:34 UTC
Red Hat Product Errata RHBA-2020:4196 0 None None None 2020-10-27 16:43:15 UTC

Description Yu Qi Zhang 2020-09-18 19:25:13 UTC
Description of problem:

The upgrade from 4.5->4.6 fails if there are multiple MCs with a passwd section attempting to add sshkeys. This is because in spec 2, we simply merged the entire passwd section causing there to be duplicate entries for users. In spec 3 this is not allowed, so upon upgrading from 4.5->4.6 the new MCD fails when it tries to reconcile the changes, degrading the cluster and blocking the upgrade.

Reproducibility: 100% (create a new MC with a passwd section adding a sshkey, before upgrading to 4.6)

Fix: apply a de-duplication, like we do for files and units.

Comment 2 Michael Nguyen 2020-09-24 15:13:21 UTC
Verified on 4.6.0-0.nightly-2020-09-24-074159

$ oc get clusterversion
NAME      VERSION   AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.5.12    True        False         10m     Cluster version is 4.5.12

$ cat ssh.yaml 
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
metadata:
  labels:
    machineconfiguration.openshift.io/role: worker
  name: 99-worker-ssh-new-keys
spec:
  config:
    ignition:
      version: 2.2.0
    passwd:
      users:
      - name: core
        sshAuthorizedKeys:
        - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0IH07pnGYTIHMm9+Ps3EmIYQxlGT1A6Ph778C7WJII8DGWHNi6LTm6N4IYm8DRNxLMUCenJQXuVAWkrWD6i6TQ2KZP/YF2H3E5Vp9QGaSbCqH5SyzUd6iBtFDp7HvGjIeBaZHmmoEEoHS9pbLaB7mR+FyfIi9Jzy2OBc7x1wWTzAGb2yWL6+mXv9+OOAuBQ1LY6gtQXGfytm3FPe/bqpIgOoez5qdyBn6UZHXIjpurXWh/4SCGbWNqFitgq3bee1g9na0JhQhVL0WGxcqSGdX5G36K32tdH0SstjCMGIAzmXa8dhsJcKQI6GqGBwSovbbalYmLOTsvhtskXGExqVB mnguyen@mnguyen.fedora
        - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMfELk/C9nhNugH+SlddUNCmBUbYrJg0p97/qOPh3kRI mnguyen@mnguyen.fedora


$ oc create -f ssh.yaml 
machineconfig.machineconfiguration.openshift.io/99-worker-ssh-new-keys created
$ oc get mc
NAME                                                        GENERATEDBYCONTROLLER                      IGNITIONVERSION   AGE
00-master                                                   08aad1925d6e29266390ecb6f4e6730d60e44aaf   2.2.0             32m
00-worker                                                   08aad1925d6e29266390ecb6f4e6730d60e44aaf   2.2.0             32m
01-master-container-runtime                                 08aad1925d6e29266390ecb6f4e6730d60e44aaf   2.2.0             32m
01-master-kubelet                                           08aad1925d6e29266390ecb6f4e6730d60e44aaf   2.2.0             32m
01-worker-container-runtime                                 08aad1925d6e29266390ecb6f4e6730d60e44aaf   2.2.0             32m
01-worker-kubelet                                           08aad1925d6e29266390ecb6f4e6730d60e44aaf   2.2.0             32m
99-master-c6e5564d-4939-438c-8d11-d85c0f358ba2-registries   08aad1925d6e29266390ecb6f4e6730d60e44aaf   2.2.0             32m
99-master-ssh                                                                                          2.2.0             38m
99-worker-1e97ff1e-2c1f-40b9-aad2-3b34e0aad42a-registries   08aad1925d6e29266390ecb6f4e6730d60e44aaf   2.2.0             32m
99-worker-ssh                                                                                          2.2.0             38m
99-worker-ssh-new-keys                                                                                 2.2.0             7s
rendered-master-0712deb798e2b9124b4718493c4d023b            08aad1925d6e29266390ecb6f4e6730d60e44aaf   2.2.0             32m
rendered-worker-e3da71ca8b038343750215cb64b1f6de            08aad1925d6e29266390ecb6f4e6730d60e44aaf   2.2.0             2s
rendered-worker-e56ae1a39cd3cd3347148f23851dc4c2            08aad1925d6e29266390ecb6f4e6730d60e44aaf   2.2.0             32m

$ oc get mcp
NAME     CONFIG                                             UPDATED   UPDATING   DEGRADED   MACHINECOUNT   READYMACHINECOUNT   UPDATEDMACHINECOUNT   DEGRADEDMACHINECOUNT   AGE
master   rendered-master-0712deb798e2b9124b4718493c4d023b   True      False      False      3              3                   3                     0                      32m
worker   rendered-worker-e56ae1a39cd3cd3347148f23851dc4c2   False     True       False      3              0                   0                     0                      32m

$ watch oc get mcp

$ oc get node
NAME                                         STATUS   ROLES    AGE   VERSION
ip-10-0-137-150.us-west-2.compute.internal   Ready    master   91m   v1.18.3+47c0e71
ip-10-0-141-169.us-west-2.compute.internal   Ready    worker   77m   v1.18.3+47c0e71
ip-10-0-169-181.us-west-2.compute.internal   Ready    master   95m   v1.18.3+47c0e71
ip-10-0-173-230.us-west-2.compute.internal   Ready    worker   79m   v1.18.3+47c0e71
ip-10-0-211-59.us-west-2.compute.internal    Ready    worker   79m   v1.18.3+47c0e71
ip-10-0-217-147.us-west-2.compute.internal   Ready    master   91m   v1.18.3+47c0e71
$ oc debug node/ip-10-0-211-59.us-west-2.compute.internal
Starting pod/ip-10-0-211-59us-west-2computeinternal-debug ...
To use host binaries, run `chroot /host`
If you don't see a command prompt, try pressing enter.
sh-4.2# chroot /host
sh-4.4# cat /home/core/.ssh/*
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCbXCby9r69mn+lGn7/mjZRkr+ShGWmVcXT4pbwA8IJBkjJg/EtXFuL1VjP5QbbWvjakQ1ZpMEYkL4V1Gm1etzkoDuMV+VhvvL8uW59XezLH1My9RQ5vtXY7GpB3t4qbTX2AQ5abAlTAoRgOxr5mKT62m3uUpU6HBWkcqwhNGRNPQOhUBybbpxMyakJ/TyS5F7GOajsCWdhx3ErldXrtUgbArPwR16Nh0lA3jO81QJnKzbkcaVlCNd8A3to0Dx1g5cel2HDK37Ri6xYZssh1qGN+fecc7Gf4lqvp1gGMtKMyZw8t54/cJrSeVhzi+mq8aeTIaOAwpoa8C4H80HE35wog1tsS0WALlPdNZ8IyPZRfhH3iG12X0WttB5x2hHngQaYzSWzs1TvEGwrci1Y8EFE1xXG6ArAPG5Iy79tmXlOZM/R/D1K6oVRrVB6T4fWKtHFHJExlRI6HWT+Qxye96RPWxEdKEhWzOLRrBiWPSXYCtT4SCbBirP4C/htnDNcMGlT/HIETVf0R+ixjnsqeYYQn15cXvWSSDQ4LTnW9vBrDLsWVFV8hJ4outZ67Ztf/tBuGKfUFzLkTCFhWJER1bbH7Zhxn5xCplI4REr2+PKnhRaPCrz6W2TRO94pACkJG3M4eP3OyCbVfC1N1c0+MPwwJ0R7TAllli94t5jQthu8xw==

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0IH07pnGYTIHMm9+Ps3EmIYQxlGT1A6Ph778C7WJII8DGWHNi6LTm6N4IYm8DRNxLMUCenJQXuVAWkrWD6i6TQ2KZP/YF2H3E5Vp9QGaSbCqH5SyzUd6iBtFDp7HvGjIeBaZHmmoEEoHS9pbLaB7mR+FyfIi9Jzy2OBc7x1wWTzAGb2yWL6+mXv9+OOAuBQ1LY6gtQXGfytm3FPe/bqpIgOoez5qdyBn6UZHXIjpurXWh/4SCGbWNqFitgq3bee1g9na0JhQhVL0WGxcqSGdX5G36K32tdH0SstjCMGIAzmXa8dhsJcKQI6GqGBwSovbbalYmLOTsvhtskXGExqVB mnguyen@mnguyen.fedora
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMfELk/C9nhNugH+SlddUNCmBUbYrJg0p97/qOPh3kRI mnguyen@mnguyen.fedora
cat: /home/core/.ssh/authorized_keys.d: Is a directory
sh-4.4# cat /home/core/.ssh/authorized_keys.d/*
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCbXCby9r69mn+lGn7/mjZRkr+ShGWmVcXT4pbwA8IJBkjJg/EtXFuL1VjP5QbbWvjakQ1ZpMEYkL4V1Gm1etzkoDuMV+VhvvL8uW59XezLH1My9RQ5vtXY7GpB3t4qbTX2AQ5abAlTAoRgOxr5mKT62m3uUpU6HBWkcqwhNGRNPQOhUBybbpxMyakJ/TyS5F7GOajsCWdhx3ErldXrtUgbArPwR16Nh0lA3jO81QJnKzbkcaVlCNd8A3to0Dx1g5cel2HDK37Ri6xYZssh1qGN+fecc7Gf4lqvp1gGMtKMyZw8t54/cJrSeVhzi+mq8aeTIaOAwpoa8C4H80HE35wog1tsS0WALlPdNZ8IyPZRfhH3iG12X0WttB5x2hHngQaYzSWzs1TvEGwrci1Y8EFE1xXG6ArAPG5Iy79tmXlOZM/R/D1K6oVRrVB6T4fWKtHFHJExlRI6HWT+Qxye96RPWxEdKEhWzOLRrBiWPSXYCtT4SCbBirP4C/htnDNcMGlT/HIETVf0R+ixjnsqeYYQn15cXvWSSDQ4LTnW9vBrDLsWVFV8hJ4outZ67Ztf/tBuGKfUFzLkTCFhWJER1bbH7Zhxn5xCplI4REr2+PKnhRaPCrz6W2TRO94pACkJG3M4eP3OyCbVfC1N1c0+MPwwJ0R7TAllli94t5jQthu8xw==
sh-4.4# exit
exit
sh-4.2# exit
exit

Removing debug pod ...
$ oc get mc
NAME                                                        GENERATEDBYCONTROLLER                      IGNITIONVERSION   AGE
00-master                                                   08aad1925d6e29266390ecb6f4e6730d60e44aaf   2.2.0             94m
00-worker                                                   08aad1925d6e29266390ecb6f4e6730d60e44aaf   2.2.0             94m
01-master-container-runtime                                 08aad1925d6e29266390ecb6f4e6730d60e44aaf   2.2.0             94m
01-master-kubelet                                           08aad1925d6e29266390ecb6f4e6730d60e44aaf   2.2.0             94m
01-worker-container-runtime                                 08aad1925d6e29266390ecb6f4e6730d60e44aaf   2.2.0             94m
01-worker-kubelet                                           08aad1925d6e29266390ecb6f4e6730d60e44aaf   2.2.0             94m
99-master-c6e5564d-4939-438c-8d11-d85c0f358ba2-registries   08aad1925d6e29266390ecb6f4e6730d60e44aaf   2.2.0             94m
99-master-ssh                                                                                          2.2.0             100m
99-worker-1e97ff1e-2c1f-40b9-aad2-3b34e0aad42a-registries   08aad1925d6e29266390ecb6f4e6730d60e44aaf   2.2.0             94m
99-worker-ssh                                                                                          2.2.0             100m
99-worker-ssh-new-keys                                                                                 2.2.0             62m
rendered-master-0712deb798e2b9124b4718493c4d023b            08aad1925d6e29266390ecb6f4e6730d60e44aaf   2.2.0             94m
rendered-worker-e3da71ca8b038343750215cb64b1f6de            08aad1925d6e29266390ecb6f4e6730d60e44aaf   2.2.0             62m
rendered-worker-e56ae1a39cd3cd3347148f23851dc4c2            08aad1925d6e29266390ecb6f4e6730d60e44aaf   2.2.0             94m

$ oc get mc/rendered-worker-e3da71ca8b038343750215cb64b1f6de -o yaml
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
metadata:
  annotations:
    machineconfiguration.openshift.io/generated-by-controller-version: 08aad1925d6e29266390ecb6f4e6730d60e44aaf
  creationTimestamp: "2020-09-24T12:57:54Z"
  generation: 1
  managedFields:
  - apiVersion: machineconfiguration.openshift.io/v1
    fieldsType: FieldsV1
    fieldsV1:
      f:metadata:
        f:annotations:
          .: {}
          f:machineconfiguration.openshift.io/generated-by-controller-version: {}
        f:ownerReferences:
          .: {}
          k:{"uid":"1e97ff1e-2c1f-40b9-aad2-3b34e0aad42a"}:
            .: {}
            f:apiVersion: {}
            f:blockOwnerDeletion: {}
            f:controller: {}
            f:kind: {}
            f:name: {}
            f:uid: {}
      f:spec:
        .: {}
        f:config:
          .: {}
          f:ignition:
            .: {}
            f:version: {}
          f:passwd:
            .: {}
            f:users: {}
          f:storage:
            .: {}
            f:files: {}
          f:systemd:
            .: {}
            f:units: {}
        f:fips: {}
        f:kernelArguments: {}
        f:kernelType: {}
        f:osImageURL: {}
    manager: machine-config-controller
    operation: Update
    time: "2020-09-24T12:57:54Z"
  name: rendered-worker-e3da71ca8b038343750215cb64b1f6de
  ownerReferences:
  - apiVersion: machineconfiguration.openshift.io/v1
    blockOwnerDeletion: true
    controller: true
    kind: MachineConfigPool
    name: worker
    uid: 1e97ff1e-2c1f-40b9-aad2-3b34e0aad42a
  resourceVersion: "27323"
  selfLink: /apis/machineconfiguration.openshift.io/v1/machineconfigs/rendered-worker-e3da71ca8b038343750215cb64b1f6de
  uid: 7d3dbde7-8b59-4ee5-ae7a-f377f7892a68
spec:
  config:
    ignition:
      version: 2.2.0
    passwd:
      users:
      - name: core
        sshAuthorizedKeys:
        - |
          ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCbXCby9r69mn+lGn7/mjZRkr+ShGWmVcXT4pbwA8IJBkjJg/EtXFuL1VjP5QbbWvjakQ1ZpMEYkL4V1Gm1etzkoDuMV+VhvvL8uW59XezLH1My9RQ5vtXY7GpB3t4qbTX2AQ5abAlTAoRgOxr5mKT62m3uUpU6HBWkcqwhNGRNPQOhUBybbpxMyakJ/TyS5F7GOajsCWdhx3ErldXrtUgbArPwR16Nh0lA3jO81QJnKzbkcaVlCNd8A3to0Dx1g5cel2HDK37Ri6xYZssh1qGN+fecc7Gf4lqvp1gGMtKMyZw8t54/cJrSeVhzi+mq8aeTIaOAwpoa8C4H80HE35wog1tsS0WALlPdNZ8IyPZRfhH3iG12X0WttB5x2hHngQaYzSWzs1TvEGwrci1Y8EFE1xXG6ArAPG5Iy79tmXlOZM/R/D1K6oVRrVB6T4fWKtHFHJExlRI6HWT+Qxye96RPWxEdKEhWzOLRrBiWPSXYCtT4SCbBirP4C/htnDNcMGlT/HIETVf0R+ixjnsqeYYQn15cXvWSSDQ4LTnW9vBrDLsWVFV8hJ4outZ67Ztf/tBuGKfUFzLkTCFhWJER1bbH7Zhxn5xCplI4REr2+PKnhRaPCrz6W2TRO94pACkJG3M4eP3OyCbVfC1N1c0+MPwwJ0R7TAllli94t5jQthu8xw==
      - name: core
        sshAuthorizedKeys:
        - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0IH07pnGYTIHMm9+Ps3EmIYQxlGT1A6Ph778C7WJII8DGWHNi6LTm6N4IYm8DRNxLMUCenJQXuVAWkrWD6i6TQ2KZP/YF2H3E5Vp9QGaSbCqH5SyzUd6iBtFDp7HvGjIeBaZHmmoEEoHS9pbLaB7mR+FyfIi9Jzy2OBc7x1wWTzAGb2yWL6+mXv9+OOAuBQ1LY6gtQXGfytm3FPe/bqpIgOoez5qdyBn6UZHXIjpurXWh/4SCGbWNqFitgq3bee1g9na0JhQhVL0WGxcqSGdX5G36K32tdH0SstjCMGIAzmXa8dhsJcKQI6GqGBwSovbbalYmLOTsvhtskXGExqVB
          mnguyen@mnguyen.fedora
        - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMfELk/C9nhNugH+SlddUNCmBUbYrJg0p97/qOPh3kRI
          mnguyen@mnguyen.fedora
    storage:
      files:
      - contents:
          source: data:,
        filesystem: root
        mode: 384
        path: /etc/pki/ca-trust/source/anchors/openshift-config-user-ca-bundle.crt
      - contents:
          source: data:,r%20%2Fetc%2Fkubernetes%2Fcni%2Fnet.d%2F80-openshift-network.conf%0Ar%20%2Fetc%2Fkubernetes%2Fcni%2Fnet.d%2F10-ovn-kubernetes.conf%0Ad%20%2Frun%2Fmultus%2Fcni%2Fnet.d%2F%200755%20root%20root%20-%20-%0AD%20%2Fvar%2Flib%2Fcni%2Fnetworks%2Fopenshift-sdn%2F%200755%20root%20root%20-%20-%0A
        filesystem: root
        mode: 420
        path: /etc/tmpfiles.d/cleanup-cni.conf
      - contents:
          source: data:,
        filesystem: root
        mode: 420
        path: /etc/kubernetes/static-pod-resources/configmaps/cloud-config/ca-bundle.pem
      - contents:
          source: data:,%23%20This%20file%20is%20generated%20by%20the%20Machine%20Config%20Operator's%20containerruntimeconfig%20controller.%0A%23%0A%23%20storage.conf%20is%20the%20configuration%20file%20for%20all%20tools%0A%23%20that%20share%20the%20containers%2Fstorage%20libraries%0A%23%20See%20man%205%20containers-storage.conf%20for%20more%20information%0A%23%20The%20%22container%20storage%22%20table%20contains%20all%20of%20the%20server%20options.%0A%5Bstorage%5D%0A%0A%23%20Default%20Storage%20Driver%0Adriver%20%3D%20%22overlay%22%0A%0A%23%20Temporary%20storage%20location%0Arunroot%20%3D%20%22%2Fvar%2Frun%2Fcontainers%2Fstorage%22%0A%0A%23%20Primary%20Read%2FWrite%20location%20of%20container%20storage%0Agraphroot%20%3D%20%22%2Fvar%2Flib%2Fcontainers%2Fstorage%22%0A%0A%5Bstorage.options%5D%0A%23%20Storage%20options%20to%20be%20passed%20to%20underlying%20storage%20drivers%0A%0A%23%20AdditionalImageStores%20is%20used%20to%20pass%20paths%20to%20additional%20Read%2FOnly%20image%20stores%0A%23%20Must%20be%20comma%20separated%20list.%0Aadditionalimagestores%20%3D%20%5B%0A%5D%0A%0A%23%20Size%20is%20used%20to%20set%20a%20maximum%20size%20of%20the%20container%20image.%20%20Only%20supported%20by%0A%23%20certain%20container%20storage%20drivers.%0Asize%20%3D%20%22%22%0A%0A%23%20OverrideKernelCheck%20tells%20the%20driver%20to%20ignore%20kernel%20checks%20based%20on%20kernel%20version%0Aoverride_kernel_check%20%3D%20%22true%22%0A%0A%23%20Remap-UIDs%2FGIDs%20is%20the%20mapping%20from%20UIDs%2FGIDs%20as%20they%20should%20appear%20inside%20of%0A%23%20a%20container%2C%20to%20UIDs%2FGIDs%20as%20they%20should%20appear%20outside%20of%20the%20container%2C%20and%0A%23%20the%20length%20of%20the%20range%20of%20UIDs%2FGIDs.%20%20Additional%20mapped%20sets%20can%20be%20listed%0A%23%20and%20will%20be%20heeded%20by%20libraries%2C%20but%20there%20are%20limits%20to%20the%20number%20of%0A%23%20mappings%20which%20the%20kernel%20will%20allow%20when%20you%20later%20attempt%20to%20run%20a%0A%23%20container.%0A%23%0A%23%20remap-uids%20%3D%200%3A1668442479%3A65536%0A%23%20remap-gids%20%3D%200%3A1668442479%3A65536%0A%0A%23%20Remap-User%2FGroup%20is%20a%20name%20which%20can%20be%20used%20to%20look%20up%20one%20or%20more%20UID%2FGID%0A%23%20ranges%20in%20the%20%2Fetc%2Fsubuid%20or%20%2Fetc%2Fsubgid%20file.%20%20Mappings%20are%20set%20up%20starting%0A%23%20with%20an%20in-container%20ID%20of%200%20and%20the%20a%20host-level%20ID%20taken%20from%20the%20lowest%0A%23%20range%20that%20matches%20the%20specified%20name%2C%20and%20using%20the%20length%20of%20that%20range.%0A%23%20Additional%20ranges%20are%20then%20assigned%2C%20using%20the%20ranges%20which%20specify%20the%0A%23%20lowest%20host-level%20IDs%20first%2C%20to%20the%20lowest%20not-yet-mapped%20container-level%20ID%2C%0A%23%20until%20all%20of%20the%20entries%20have%20been%20used%20for%20maps.%0A%23%0A%23%20remap-user%20%3D%20%22storage%22%0A%23%20remap-group%20%3D%20%22storage%22%0A%0A%5Bstorage.options.thinpool%5D%0A%23%20Storage%20Options%20for%20thinpool%0A%0A%23%20autoextend_percent%20determines%20the%20amount%20by%20which%20pool%20needs%20to%20be%0A%23%20grown.%20This%20is%20specified%20in%20terms%20of%20%25%20of%20pool%20size.%20So%20a%20value%20of%2020%20means%0A%23%20that%20when%20threshold%20is%20hit%2C%20pool%20will%20be%20grown%20by%2020%25%20of%20existing%0A%23%20pool%20size.%0A%23%20autoextend_percent%20%3D%20%2220%22%0A%0A%23%20autoextend_threshold%20determines%20the%20pool%20extension%20threshold%20in%20terms%0A%23%20of%20percentage%20of%20pool%20size.%20For%20example%2C%20if%20threshold%20is%2060%2C%20that%20means%20when%0A%23%20pool%20is%2060%25%20full%2C%20threshold%20has%20been%20hit.%0A%23%20autoextend_threshold%20%3D%20%2280%22%0A%0A%23%20basesize%20specifies%20the%20size%20to%20use%20when%20creating%20the%20base%20device%2C%20which%0A%23%20limits%20the%20size%20of%20images%20and%20containers.%0A%23%20basesize%20%3D%20%2210G%22%0A%0A%23%20blocksize%20specifies%20a%20custom%20blocksize%20to%20use%20for%20the%20thin%20pool.%0A%23%20blocksize%3D%2264k%22%0A%0A%23%20directlvm_device%20specifies%20a%20custom%20block%20storage%20device%20to%20use%20for%20the%0A%23%20thin%20pool.%20Required%20if%20you%20setup%20devicemapper%0A%23%20directlvm_device%20%3D%20%22%22%0A%0A%23%20directlvm_device_force%20wipes%20device%20even%20if%20device%20already%20has%20a%20filesystem%0A%23%20directlvm_device_force%20%3D%20%22True%22%0A%0A%23%20fs%20specifies%20the%20filesystem%20type%20to%20use%20for%20the%20base%20device.%0A%23%20fs%3D%22xfs%22%0A%0A%23%20log_level%20sets%20the%20log%20level%20of%20devicemapper.%0A%23%200%3A%20LogLevelSuppress%200%20(Default)%0A%23%202%3A%20LogLevelFatal%0A%23%203%3A%20LogLevelErr%0A%23%204%3A%20LogLevelWarn%0A%23%205%3A%20LogLevelNotice%0A%23%206%3A%20LogLevelInfo%0A%23%207%3A%20LogLevelDebug%0A%23%20log_level%20%3D%20%227%22%0A%0A%23%20min_free_space%20specifies%20the%20min%20free%20space%20percent%20in%20a%20thin%20pool%20require%20for%0A%23%20new%20device%20creation%20to%20succeed.%20Valid%20values%20are%20from%200%25%20-%2099%25.%0A%23%20Value%200%25%20disables%0A%23%20min_free_space%20%3D%20%2210%25%22%0A%0A%23%20mkfsarg%20specifies%20extra%20mkfs%20arguments%20to%20be%20used%20when%20creating%20the%20base%0A%23%20device.%0A%23%20mkfsarg%20%3D%20%22%22%0A%0A%23%20mountopt%20specifies%20extra%20mount%20options%20used%20when%20mounting%20the%20thin%20devices.%0A%23%20mountopt%20%3D%20%22%22%0A%0A%23%20use_deferred_removal%20Marking%20device%20for%20deferred%20removal%0A%23%20use_deferred_removal%20%3D%20%22True%22%0A%0A%23%20use_deferred_deletion%20Marking%20device%20for%20deferred%20deletion%0A%23%20use_deferred_deletion%20%3D%20%22True%22%0A%0A%23%20xfs_nospace_max_retries%20specifies%20the%20maximum%20number%20of%20retries%20XFS%20should%0A%23%20attempt%20to%20complete%20IO%20when%20ENOSPC%20(no%20space)%20error%20is%20returned%20by%0A%23%20underlying%20storage%20device.%0A%23%20xfs_nospace_max_retries%20%3D%20%220%22%0A
        filesystem: root
        mode: 420
        path: /etc/containers/storage.conf
      - contents:
          source: data:,%23!%2Fbin%2Fbash%0A%23%0A%23%2090-long-hostname%20is%20a%20wrapper%20around%20%2Fusr%2Flocal%2Fsbin%2Fset-valid-hostname.sh%2C%0A%23%20which%20ensures%20that%20a%20node%20has%20a%20valid%20hostname.%0AIF%3D%241%0ASTATUS%3D%242%0A%0Alog()%20%7B%20logger%20--tag%20%22network-manager%2F%24(basename%20%240)%22%20%22%24%7B%40%7D%22%3B%20%7D%0A%0Aif%20%5B%5B%20!%20%22%24STATUS%22%20%3D~%20(up%7Chostname%7Cdhcp4-change%7Cdhcp6-change)%20%5D%5D%3B%20then%0A%20%20%20%20exit%200%0Afi%0A%0Aif%20%5B%5B%20!%20%22%24(%3C%20%2Fproc%2Fsys%2Fkernel%2Fhostname)%22%20%3D~%20(localhost%7Clocalhost.localdomain)%20%5D%5D%3B%20then%0A%20%20%20%20log%20%22hostname%20is%20already%20set%22%0A%20%20%20%20exit%200%0Afi%0A%0A%23%20source%20the%20script%20since%20NetworkManager%20execution%20rules%20do%0A%23%20allow%20sourcing%20from%20%2Fusr%2Flocal.%20RHCOS%20has%20an%20read-only%20rootfs%0A%23%20which%20limits%20where%20this%20can%20be%20stashed.%0Asource%20%2Fusr%2Flocal%2Fsbin%2Fset-valid-hostname.sh%0Ahost_name%3D%22%24%7BDHCP4_HOST_NAME%3A-%24DHCP6_HOST_NAME%7D%22%0A%0Aif%20%5B%20-n%20%22%24%7Bhost_name%7D%22%20%5D%3B%20then%0A%20%20%20%20set_valid_hostname%20%22%24%7Bhost_name%7D%22%0Afi%0A
        filesystem: root
        mode: 493
        path: /etc/NetworkManager/dispatcher.d/90-long-hostname
      - contents:
          source: data:,%23%20Force-load%20legacy%20iptables%20so%20it%20is%20usable%20from%20pod%20network%20namespaces%0Aip_tables%0A
        filesystem: root
        mode: 420
        path: /etc/modules-load.d/iptables.conf
      - contents:
          source: data:,-----BEGIN%20CERTIFICATE-----%0AMIIDMDCCAhigAwIBAgIIRSOfjauXHxIwDQYJKoZIhvcNAQELBQAwNjESMBAGA1UE%0ACxMJb3BlbnNoaWZ0MSAwHgYDVQQDExdhZG1pbi1rdWJlY29uZmlnLXNpZ25lcjAe%0AFw0yMDA5MjQxMjE0NTRaFw0zMDA5MjIxMjE0NTRaMDYxEjAQBgNVBAsTCW9wZW5z%0AaGlmdDEgMB4GA1UEAxMXYWRtaW4ta3ViZWNvbmZpZy1zaWduZXIwggEiMA0GCSqG%0ASIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZMU%2FyRK9idC%2BNTygiHEd7okPZK0hUEnwE%0ActOG5p83sIIA%2Bs6lPLuMlwafImdbG9AbTG3GRks7nv0QQY4tvch7Quysv3qf83bh%0AhJRydYZbrMODIDXxnDl2nErtAE4MY9X1k04HPdDP3wxqSF4wJUE24cDB0BpAg850%0AVylhykvLiDlmST9rAzGPW8VsC7JbJG9yi3pSMmw8xlM94otQSDpOAzNps2k%2BXm8%2F%0A3avPK%2Fdr3z1J13ZvQdSWKJU%2B%2FZkv6YHKeddsEDteQGSRyQsHHSlRKZIiHrDdy510%0AB%2FJMqzVN8ES%2Bw6k2ZmgITYwc5N6cVBwA3wLQYg6%2FgW88wDssRGRLAgMBAAGjQjBA%0AMA4GA1UdDwEB%2FwQEAwICpDAPBgNVHRMBAf8EBTADAQH%2FMB0GA1UdDgQWBBRWTNjn%0AA8t302VUj1PRksHDFfN0NjANBgkqhkiG9w0BAQsFAAOCAQEAVvfnQ150Ss8zYHAW%0Ah5Dhs5jAF7941nqxpFtK2e9GTuLv%2BpmJSbZUZmIcAJjF2fDvlgnxVRRaxIX3aCmX%0ACvi8uLeN37Hm%2Frluk6qcxiHCE%2FJRB3gKSyt6jiVHJMryJmq5%2FBFFjDRvCmP9ddDR%0ABY2DaIYVeVDYwPKZ8FS3Bp60gUfp7x8LpF6Nkcc7k7CxVrXJEgmBJPgByU1paKmr%0Ak%2FQfZvdpwHF6wpVTeltvQHaV3KJAYtzjyqsM52Fqm%2FnLNmbmbSm%2FnrGN4F71RA2%2B%0Arbyo6NzuQRwG3C%2Biux9NZiP2%2FZ0Xsm%2BXU014IP3Okl6zLQ5iddcRpj4PXKixFQG2%0AkJNlXA%3D%3D%0A-----END%20CERTIFICATE-----%0A-----BEGIN%20CERTIFICATE-----%0AMIIDHjCCAgagAwIBAgIIQKK64TJIN3wwDQYJKoZIhvcNAQELBQAwLTESMBAGA1UE%0ACxMJb3BlbnNoaWZ0MRcwFQYDVQQDEw5rdWJlbGV0LXNpZ25lcjAeFw0yMDA5MjQx%0AMjE0NThaFw0yMDA5MjUxMjE0NThaMC0xEjAQBgNVBAsTCW9wZW5zaGlmdDEXMBUG%0AA1UEAxMOa3ViZWxldC1zaWduZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK%0AAoIBAQC%2Br3R17%2FgPU6SNy%2FIR6ld0G7yDa2wTUDY7GqSlacrFWklgJqCvBRJGuJ%2Fa%0Ab9HEtsRQYHRKDp%2F7JGh%2FUayLBuQumNUUPAllvZ%2BwRcaHGCf1GoVJrmOHkCeJWY4m%0A3xNl8mGpufHeZHDNO214ZSy4wbjvFXCxUL9SeIh6JV3a%2FEZLDryNbpvkyrOZHy0x%0ArcntNPH6e5R1MlqUU5nWChY3113kOGYRXVHrmCzcq6ym6H%2FGmvWLnlK5OIkpn%2Fjj%0AAsfs3OPH%2FSlMTIUSKZA5KIL253HVTsyvYGM%2BDvQnfydvuDmDp1IpMPIVTdxxic7Z%0AYa0d9UgWqXT7OlS7ddr%2BOkvHtNbLAgMBAAGjQjBAMA4GA1UdDwEB%2FwQEAwICpDAP%0ABgNVHRMBAf8EBTADAQH%2FMB0GA1UdDgQWBBTLJpIdBG5MPl1rZNZ4NG6jvvldfTAN%0ABgkqhkiG9w0BAQsFAAOCAQEAqphTZU%2B4u129BdVaR2bdwMV8MrEPme5M4YVMDoXh%0ALNaprW4B26%2B%2BL1RoaHWiek77mZwXaXbPFiuQuPcRlOIsZHWvhPPKevDEdUnqVej2%0AE4iQyrUnUZzSwqomIadZz7M2uEjW8V5vLjSF7SHe6rzdmPeyIY9IzMI%2BwXfd8s%2FU%0AMDqfQw4QKL1fS1e1POEcxByPnPSM9j%2F16InRFZF5L6w9%2BOAl5ovnFa%2BtB2DhIhFo%0AwBKlifEiZb9qMMxZRBMrSr1AK0agIeS9ojCyjlglnyvoGqHq%2Fw1R4LgU2mN%2FLSac%0ANFa0BW%2FrmsLq5rTpxeyNLImiJquj0t8itnVwzktZvubWdw%3D%3D%0A-----END%20CERTIFICATE-----%0A-----BEGIN%20CERTIFICATE-----%0AMIIDNDCCAhygAwIBAgIIY%2BfM1Gc6lRQwDQYJKoZIhvcNAQELBQAwODESMBAGA1UE%0ACxMJb3BlbnNoaWZ0MSIwIAYDVQQDExlrdWJlLWNvbnRyb2wtcGxhbmUtc2lnbmVy%0AMB4XDTIwMDkyNDEyMTQ1OVoXDTIxMDkyNDEyMTQ1OVowODESMBAGA1UECxMJb3Bl%0AbnNoaWZ0MSIwIAYDVQQDExlrdWJlLWNvbnRyb2wtcGxhbmUtc2lnbmVyMIIBIjAN%0ABgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzG7bP0K2m7gmGq%2BWWfZGF%2BLXFoj6%0A00o8Q07vT82DTIDeEVDnaFXoUx5YCveVRj9uT8XBFe6kGNVzVdgJabKXj6YeaUxO%0AyEz%2B3LSD7Sq44oqDNTXUrRDSMvwnjfEYyxZaTqw%2BoNO%2FmTl7BMmbFKD4Tb%2Be9nAq%0AaYSCdjO1k9Dg%2ByquXUGN%2Ba1gKp7hvff%2B2nTKj%2FC6aqAXKwk%2BzrPtLTzKOF97ixsO%0A30slULjqENhvZ0W1wvj1M5sdgcfP5ePgTG3VRD%2FGMgZwlTbDeHKAYnQSXLTocFdN%0A6h%2F%2F3tDHCOQUGvt9wzp13CMD3fTTecjzYdS8qqTTMW1bCzMx2Sx%2FPqUX%2FwIDAQAB%0Ao0IwQDAOBgNVHQ8BAf8EBAMCAqQwDwYDVR0TAQH%2FBAUwAwEB%2FzAdBgNVHQ4EFgQU%0A7m3DSi9UL2mHQmqBe%2BvTPXFPQa8wDQYJKoZIhvcNAQELBQADggEBAAOZmqsCa18m%0ARu3QuUl7Z%2FEbu%2BXIoplfUyyVffahhdqLzeD%2FaiP1wMmxyTuvG6ZAsZSOa373S2F4%0ArWXoHLCxjUoHlbvLF18wFHjkMmeSflKxRpEs44ZRWCupvZqECcBBZFBXIv%2FNE7nN%0A8lQJPZUEZCvIAY9Zbgkg3%2BHTfdG6Q6%2FXpTV18ZTxbBvIh7O3oaVUnWGgydK0UcJx%0A22RGSvUNQFkHvRxoUCQulO%2BpVgPdzjy1V9hgF8FiVl0YRcCylKefv4XGFOzMMQau%0ABmkDaNp0HW48cDxeigG7rzsMttg93V7RoRTtjBlTqHkXgzviebe4Lc0sUOFLch3T%0A3xf6Z2WRzxE%3D%0A-----END%20CERTIFICATE-----%0A-----BEGIN%20CERTIFICATE-----%0AMIIDQjCCAiqgAwIBAgIIEa2Al5HZSi8wDQYJKoZIhvcNAQELBQAwPzESMBAGA1UE%0ACxMJb3BlbnNoaWZ0MSkwJwYDVQQDEyBrdWJlLWFwaXNlcnZlci10by1rdWJlbGV0%0ALXNpZ25lcjAeFw0yMDA5MjQxMjE0NTlaFw0yMTA5MjQxMjE0NTlaMD8xEjAQBgNV%0ABAsTCW9wZW5zaGlmdDEpMCcGA1UEAxMga3ViZS1hcGlzZXJ2ZXItdG8ta3ViZWxl%0AdC1zaWduZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHZp059T%2By%0AJ49j9VnAyXQFwuSuV1km843sNgroAplb8UlUUUaJRk8%2BzSa4UQVC6krLoVckwBmW%0Auzg2rQYqrDGVuX7FTsNPMONCMyLT%2B4n1KKKMAMtu3sUutk5ooDsOAl4qKmelHtCT%0A7ytjMjxBiHQZBG4T5eOrOAMn%2Bsq7%2FTCQEtSfPKWk%2F8oVRyvXA1lW0tbuX5qSiQlw%0Ayawpod%2FK1p3KassaR9lco2xryVg%2FCM8e7y1ELf0oMGBlcvynsn0w7925Q4EkU3js%0Avw%2BT83Wozr0i%2BKXBx3P2KJEbRYoe9MyXWJiqJhU1m4n4LVNjP3uIxAAXkMfHkpoi%0AiFafagFNidLLAgMBAAGjQjBAMA4GA1UdDwEB%2FwQEAwICpDAPBgNVHRMBAf8EBTAD%0AAQH%2FMB0GA1UdDgQWBBQzNeHkatGv1t6FXpoFHwkLsFJlQjANBgkqhkiG9w0BAQsF%0AAAOCAQEAn7zsmegeB7fuJ1CPne5nTJ4rmpNhnQD2kPsY1WUIQS3sQUJf11c1%2FA2E%0AzOQDQQj9aAHvMfEhA%2B%2BK6mlWS9fVHejcIE%2FOJUKegtVICj7LbsLhb7O9nfy%2FVXzM%0A1uCL%2FIF8zCrTxzzLMPR1jcKEXZoKledJmtKXR0VSi4PDICLPoxfIwEvchCZCd2jo%0A89mSbIvVe55bxNehxyazyOsn5oFrHFAueh%2FVEkXOxmfcwivII6ouRAQYOSFox6HE%0AoR%2F3UMQvWVERo0a94n7jufzE6U%2Fcovq6fdOwRuSa5EqY5S7HdvnmxUMDZMGMY6m1%0A85z0c0xjaVQsyJgm4BBxYbfqFUZLCg%3D%3D%0A-----END%20CERTIFICATE-----%0A-----BEGIN%20CERTIFICATE-----%0AMIIDSDCCAjCgAwIBAgIIBOI9S%2FCKzOwwDQYJKoZIhvcNAQELBQAwQjESMBAGA1UE%0ACxMJb3BlbnNoaWZ0MSwwKgYDVQQDEyNrdWJlbGV0LWJvb3RzdHJhcC1rdWJlY29u%0AZmlnLXNpZ25lcjAeFw0yMDA5MjQxMjE0NTRaFw0zMDA5MjIxMjE0NTRaMEIxEjAQ%0ABgNVBAsTCW9wZW5zaGlmdDEsMCoGA1UEAxMja3ViZWxldC1ib290c3RyYXAta3Vi%0AZWNvbmZpZy1zaWduZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQ%0AI7de19aeDbIZc1U7yZ79NrU5q2IGR%2F2RvVgzRMoFwY309uNt1a6AYqG%2F4%2FWT6nWV%0AYhWizSYtMlFTTktACey5lrMPz3h2ger4d27VhLeA2WF4LgYTC2909XVcPkYLMIC3%0AQt8qT5sE0x4jy3qiRrQfFXmK0oVQJoxbdlyLXd2BdX6hynbWbSdSZvGon%2FlxFX1Z%0A6GJ9nScxUpFpFV%2FeydPiNJaiyX9xwoTc6z7XxicAYZeg1fuJmAW0t%2BAN%2BHlQG5LV%0ArpGxERsVLMN8D3jY2zlitoIFhSL7aQmuBnk2anMAXxrj35wWCSb%2FS8gr%2BlC9RUAY%0A3kK0Hm92FP5jtZLHxRzRAgMBAAGjQjBAMA4GA1UdDwEB%2FwQEAwICpDAPBgNVHRMB%0AAf8EBTADAQH%2FMB0GA1UdDgQWBBS33ZioR9uY2JC0Dced2bnQMVSSdzANBgkqhkiG%0A9w0BAQsFAAOCAQEADNxxAHu3nm9dDG5Y%2BwMC5r4Un8wf%2B5QMox8R1g1w28fPGGFH%0ADvg47zJLxIvE3fWUwbYYqF6qmTGfhemwX0DBuxZobXgRggJftVK5nz%2FncIw6GVSW%0AF00BTHYllZV16ApXWNw6RFodaSUGn6U5KZTGf0f0WGGO8WkHyjTOwN77sAsPotWP%0AbluypVhUyqR3qD53JIaUL7iuzBt%2BB3BauEhR6L0DH11XT3HJkvOTyDjbCSv5nduX%0AXF%2FJJSGk5p2n7E7LuT2klT5pHwFCP99O5NidtS0ea2Uhcym%2BVYZhUcuLpkSDN4Wt%0A3LN854Q4QSDnVqiNg6DnENLGxP5EZdguev%2Fpfw%3D%3D%0A-----END%20CERTIFICATE-----%0A
        filesystem: root
        mode: 420
        path: /etc/kubernetes/kubelet-ca.crt
      - contents:
          source: data:,%23%20Turning%20on%20Accounting%20helps%20track%20down%20performance%20issues.%0A%5BManager%5D%0ADefaultCPUAccounting%3Dyes%0ADefaultMemoryAccounting%3Dyes%0ADefaultBlockIOAccounting%3Dyes%0A
        filesystem: root
        mode: 420
        path: /etc/systemd/system.conf.d/kubelet-cgroups.conf
      - contents:
          source: data:,%23%20ignore%20known%20SDN-managed%20devices%0A%5Bdevice%5D%0Amatch-device%3Dinterface-name%3Abr-int%3Binterface-name%3Abr-local%3Binterface-name%3Abr-nexthop%2Cinterface-name%3Aovn-k8s-*%2Cinterface-name%3Ak8s-*%3Binterface-name%3Atun0%3Binterface-name%3Abr0%3Bdriver%3Aveth%0Amanaged%3D0%0A
        filesystem: root
        mode: 420
        path: /etc/NetworkManager/conf.d/sdn.conf
      - contents:
          source: data:,%7B%22auths%22%3A%7B%22registry.svc.ci.openshift.org%22%3A%7B%22auth%22%3A%22dXNlcjpTNEFEVGh2a0NRR3NSa0JlZ183UjhaZ1hId2oyX3M3U1NuVzZCZnF6VWVv%22%7D%2C%22cloud.openshift.com%22%3A%7B%22auth%22%3A%22b3BlbnNoaWZ0LXJlbGVhc2UtZGV2K21uZ3V5ZW5yZWRoYXRjb20xZHp4d293OTZxdG1hajNzaXFocmhlbmVtb3I6QjgyQUZJQUIzQzBKVlNSNFo2R1U2QkgzRzNDV1lBNllWQzVTQ1Q3S0ZPTkNOMU5SR0pEOVQ4NFpPQTgyUFY2NA%3D%3D%22%2C%22email%22%3A%22mnguyen%40redhat.com%22%7D%2C%22quay.io%22%3A%7B%22auth%22%3A%22b3BlbnNoaWZ0LXJlbGVhc2UtZGV2K21uZ3V5ZW5yZWRoYXRjb20xZHp4d293OTZxdG1hajNzaXFocmhlbmVtb3I6QjgyQUZJQUIzQzBKVlNSNFo2R1U2QkgzRzNDV1lBNllWQzVTQ1Q3S0ZPTkNOMU5SR0pEOVQ4NFpPQTgyUFY2NA%3D%3D%22%2C%22email%22%3A%22mnguyen%40redhat.com%22%7D%2C%22registry.connect.redhat.com%22%3A%7B%22auth%22%3A%22NzkxOTg4Nnx1aGMtMUR6eHdvVzk2UXRNYWozc0lRSFJoRW5lTW9yOmV5SmhiR2NpT2lKU1V6VXhNaUo5LmV5SnpkV0lpT2lKbU9XSXlNbUZtTkdRMFltRTBNRFZtWVRReE56RmtOVGRtTnpGaE5qUmtaaUo5LmRHM21MUGhSZHAtYXc3MTBhY2VDZHlrTE4xOWpReU9FckR4dENwUmRJUFBFZXpob3lZR0JpQTlQNlZ3ZUVEWGhFNjRuOFVmYk1Iam9zYVBCMENscmZZSHBmdDVwVDZOdk1Fb0FFaDBuN0tpb0J2TXlvcVFsU3Q1blhUVU53ajdpYk5ndGZoRkxqWE43cE54X1JxTzhCMkxQcjRLQmp3MURFT3FuZ1RER3k2eGFraFA2ZUlmeW4yQnJYLWo0bHlUQ28ydGliZjI2WjRyWW5KNWk2ZE1TQUtnMWVNTzltWW1rTDhFSWE5N2FINXpiQW10M3M5a2JIb0xfaFFMQUxicUpJbkd4Zm1GSnZWN1hRZEs0QWYtR2h4eFZoc0RKbVRXeGpPVnhBNW1ZNnNDX1BsMEx1NG5sTHVlc3pWZWtSREk1VWN0NzR2dEJfNnpmb1RCWXVOVV9ZZnZTSlB6TXp5SGhvNF9VZkJ2YzByT0wxLXNtOEZIOGt1Rms3Y25CN0FUcGlOMF95XzBHT3NGTm1lSjBUa1MxVHJVYURZQU1sQlJoSjdIeGVHWWF2SzVLb3p2LTIzQmdsWV9xX08yWEZIUDFKSzNLc3g2US16YTljWUFQbVc2X05PQ19temVrY2RsWVVIVXp2ak02Y0EyWWl3OE9XRjg3Uy0xcWM1ZGNYUzc4MjdfV2RQbVcwOVlCVkhVQ3lBV1YzV1RGLW5UTEhNRjU2WEdlYVRJUWVMdEZHWTBYZ3R6Y2pUc1ZIRDVJZ19BaVdDLXQ3TkRtS0MwQzlLMTNGX0l3VkxNaHk0RFJaSGxDclNHWTViQ0UxME1CQ0tOV2hfbG1Hb2hoUXRUaTZPak1rdXVaY1ZkWGxock9UbGFJMTRmcTJTMDMwZnh4SG1RY24wZzE1Znl6dnk4%22%2C%22email%22%3A%22mnguyen%40redhat.com%22%7D%2C%22registry.redhat.io%22%3A%7B%22auth%22%3A%22NzkxOTg4Nnx1aGMtMUR6eHdvVzk2UXRNYWozc0lRSFJoRW5lTW9yOmV5SmhiR2NpT2lKU1V6VXhNaUo5LmV5SnpkV0lpT2lKbU9XSXlNbUZtTkdRMFltRTBNRFZtWVRReE56RmtOVGRtTnpGaE5qUmtaaUo5LmRHM21MUGhSZHAtYXc3MTBhY2VDZHlrTE4xOWpReU9FckR4dENwUmRJUFBFZXpob3lZR0JpQTlQNlZ3ZUVEWGhFNjRuOFVmYk1Iam9zYVBCMENscmZZSHBmdDVwVDZOdk1Fb0FFaDBuN0tpb0J2TXlvcVFsU3Q1blhUVU53ajdpYk5ndGZoRkxqWE43cE54X1JxTzhCMkxQcjRLQmp3MURFT3FuZ1RER3k2eGFraFA2ZUlmeW4yQnJYLWo0bHlUQ28ydGliZjI2WjRyWW5KNWk2ZE1TQUtnMWVNTzltWW1rTDhFSWE5N2FINXpiQW10M3M5a2JIb0xfaFFMQUxicUpJbkd4Zm1GSnZWN1hRZEs0QWYtR2h4eFZoc0RKbVRXeGpPVnhBNW1ZNnNDX1BsMEx1NG5sTHVlc3pWZWtSREk1VWN0NzR2dEJfNnpmb1RCWXVOVV9ZZnZTSlB6TXp5SGhvNF9VZkJ2YzByT0wxLXNtOEZIOGt1Rms3Y25CN0FUcGlOMF95XzBHT3NGTm1lSjBUa1MxVHJVYURZQU1sQlJoSjdIeGVHWWF2SzVLb3p2LTIzQmdsWV9xX08yWEZIUDFKSzNLc3g2US16YTljWUFQbVc2X05PQ19temVrY2RsWVVIVXp2ak02Y0EyWWl3OE9XRjg3Uy0xcWM1ZGNYUzc4MjdfV2RQbVcwOVlCVkhVQ3lBV1YzV1RGLW5UTEhNRjU2WEdlYVRJUWVMdEZHWTBYZ3R6Y2pUc1ZIRDVJZ19BaVdDLXQ3TkRtS0MwQzlLMTNGX0l3VkxNaHk0RFJaSGxDclNHWTViQ0UxME1CQ0tOV2hfbG1Hb2hoUXRUaTZPak1rdXVaY1ZkWGxock9UbGFJMTRmcTJTMDMwZnh4SG1RY24wZzE1Znl6dnk4%22%2C%22email%22%3A%22mnguyen%40redhat.com%22%7D%7D%7D%0A
        filesystem: root
        mode: 384
        path: /var/lib/kubelet/config.json
      - contents:
          source: data:,-----BEGIN%20CERTIFICATE-----%0AMIIDEDCCAfigAwIBAgIIbdcjqdsOvpUwDQYJKoZIhvcNAQELBQAwJjESMBAGA1UE%0ACxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdyb290LWNhMB4XDTIwMDkyNDEyMTQ1NVoX%0ADTMwMDkyMjEyMTQ1NVowJjESMBAGA1UECxMJb3BlbnNoaWZ0MRAwDgYDVQQDEwdy%0Ab290LWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5MMheynWo1Fi%0AEEx8ga3Divuvoh4UA23S9ZqTtj%2BHghnpX6DEm2DLE4N8VpmDgorbUZRVWiJiW%2FJq%0AKQLQMSvJs9m%2B3XhdyhSQRX7%2BCNiqmzB4vu4YkrWWdfjMQXJYCJoiAhCIcsJDg%2B1x%0AQjMNNnjIf9kvZ89tlA1AcfLCI8xWVgbgoF2739Ug61zB4orlOTK0ZATh1Yv%2FJT9R%0AAfJTD60BKes9W8zqrnTw1ELh%2BFB296a4jR5RE1Oy4O%2F2kA8nN%2Fnn09xBuSTmdBMb%0AIihlaCJPC3CHqi09eQd6j6NfVdlfoxgmFKoX22zUVP36WfExIGX9lYh%2FdzXbzaDG%0AKTbXDYJQWwIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAqQwDwYDVR0TAQH%2FBAUwAwEB%0A%2FzAdBgNVHQ4EFgQUZ0u3fMTSkvIpe2%2FM%2FjFNYQJEFb0wDQYJKoZIhvcNAQELBQAD%0AggEBADbNZbLxRvmiO7Rab91ayxTDdGSB%2Bv2Ioyl7CEda5kLgS8IIZVJBZraRAEJf%0AnkSkFZCP9wWt8nuhiYFh2I9KzkxzczQC1Ih%2B%2BSLO7efXU9kxPyZKfg%2Fj2oGGI7bZ%0AxoAZK52N0Q638Tya89%2BeWX2c5ar6k3G%2F2r%2FEQBMUqCCAcO6zmiypivyFxcXkn%2F7D%0A0grNOw17dESIVQvPVuDkPBF4ideleoypqwVzNmBLlV%2B4SSilDT7t8uvCnrUvC2wJ%0Abgo896wWsSBsqpaR56S4X6DuR27Q83VNAfFGOk5Tk1xg%2BiFzA%2FZ1HeuwUjmNI3Cx%0A0DNl6C%2BeAdx730fx7UFWdk9iulo%3D%0A-----END%20CERTIFICATE-----%0A-----BEGIN%20CERTIFICATE-----%0AMIIDMDCCAhigAwIBAgIIRSOfjauXHxIwDQYJKoZIhvcNAQELBQAwNjESMBAGA1UE%0ACxMJb3BlbnNoaWZ0MSAwHgYDVQQDExdhZG1pbi1rdWJlY29uZmlnLXNpZ25lcjAe%0AFw0yMDA5MjQxMjE0NTRaFw0zMDA5MjIxMjE0NTRaMDYxEjAQBgNVBAsTCW9wZW5z%0AaGlmdDEgMB4GA1UEAxMXYWRtaW4ta3ViZWNvbmZpZy1zaWduZXIwggEiMA0GCSqG%0ASIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZMU%2FyRK9idC%2BNTygiHEd7okPZK0hUEnwE%0ActOG5p83sIIA%2Bs6lPLuMlwafImdbG9AbTG3GRks7nv0QQY4tvch7Quysv3qf83bh%0AhJRydYZbrMODIDXxnDl2nErtAE4MY9X1k04HPdDP3wxqSF4wJUE24cDB0BpAg850%0AVylhykvLiDlmST9rAzGPW8VsC7JbJG9yi3pSMmw8xlM94otQSDpOAzNps2k%2BXm8%2F%0A3avPK%2Fdr3z1J13ZvQdSWKJU%2B%2FZkv6YHKeddsEDteQGSRyQsHHSlRKZIiHrDdy510%0AB%2FJMqzVN8ES%2Bw6k2ZmgITYwc5N6cVBwA3wLQYg6%2FgW88wDssRGRLAgMBAAGjQjBA%0AMA4GA1UdDwEB%2FwQEAwICpDAPBgNVHRMBAf8EBTADAQH%2FMB0GA1UdDgQWBBRWTNjn%0AA8t302VUj1PRksHDFfN0NjANBgkqhkiG9w0BAQsFAAOCAQEAVvfnQ150Ss8zYHAW%0Ah5Dhs5jAF7941nqxpFtK2e9GTuLv%2BpmJSbZUZmIcAJjF2fDvlgnxVRRaxIX3aCmX%0ACvi8uLeN37Hm%2Frluk6qcxiHCE%2FJRB3gKSyt6jiVHJMryJmq5%2FBFFjDRvCmP9ddDR%0ABY2DaIYVeVDYwPKZ8FS3Bp60gUfp7x8LpF6Nkcc7k7CxVrXJEgmBJPgByU1paKmr%0Ak%2FQfZvdpwHF6wpVTeltvQHaV3KJAYtzjyqsM52Fqm%2FnLNmbmbSm%2FnrGN4F71RA2%2B%0Arbyo6NzuQRwG3C%2Biux9NZiP2%2FZ0Xsm%2BXU014IP3Okl6zLQ5iddcRpj4PXKixFQG2%0AkJNlXA%3D%3D%0A-----END%20CERTIFICATE-----%0A-----BEGIN%20CERTIFICATE-----%0AMIIDHjCCAgagAwIBAgIIQKK64TJIN3wwDQYJKoZIhvcNAQELBQAwLTESMBAGA1UE%0ACxMJb3BlbnNoaWZ0MRcwFQYDVQQDEw5rdWJlbGV0LXNpZ25lcjAeFw0yMDA5MjQx%0AMjE0NThaFw0yMDA5MjUxMjE0NThaMC0xEjAQBgNVBAsTCW9wZW5zaGlmdDEXMBUG%0AA1UEAxMOa3ViZWxldC1zaWduZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK%0AAoIBAQC%2Br3R17%2FgPU6SNy%2FIR6ld0G7yDa2wTUDY7GqSlacrFWklgJqCvBRJGuJ%2Fa%0Ab9HEtsRQYHRKDp%2F7JGh%2FUayLBuQumNUUPAllvZ%2BwRcaHGCf1GoVJrmOHkCeJWY4m%0A3xNl8mGpufHeZHDNO214ZSy4wbjvFXCxUL9SeIh6JV3a%2FEZLDryNbpvkyrOZHy0x%0ArcntNPH6e5R1MlqUU5nWChY3113kOGYRXVHrmCzcq6ym6H%2FGmvWLnlK5OIkpn%2Fjj%0AAsfs3OPH%2FSlMTIUSKZA5KIL253HVTsyvYGM%2BDvQnfydvuDmDp1IpMPIVTdxxic7Z%0AYa0d9UgWqXT7OlS7ddr%2BOkvHtNbLAgMBAAGjQjBAMA4GA1UdDwEB%2FwQEAwICpDAP%0ABgNVHRMBAf8EBTADAQH%2FMB0GA1UdDgQWBBTLJpIdBG5MPl1rZNZ4NG6jvvldfTAN%0ABgkqhkiG9w0BAQsFAAOCAQEAqphTZU%2B4u129BdVaR2bdwMV8MrEPme5M4YVMDoXh%0ALNaprW4B26%2B%2BL1RoaHWiek77mZwXaXbPFiuQuPcRlOIsZHWvhPPKevDEdUnqVej2%0AE4iQyrUnUZzSwqomIadZz7M2uEjW8V5vLjSF7SHe6rzdmPeyIY9IzMI%2BwXfd8s%2FU%0AMDqfQw4QKL1fS1e1POEcxByPnPSM9j%2F16InRFZF5L6w9%2BOAl5ovnFa%2BtB2DhIhFo%0AwBKlifEiZb9qMMxZRBMrSr1AK0agIeS9ojCyjlglnyvoGqHq%2Fw1R4LgU2mN%2FLSac%0ANFa0BW%2FrmsLq5rTpxeyNLImiJquj0t8itnVwzktZvubWdw%3D%3D%0A-----END%20CERTIFICATE-----%0A-----BEGIN%20CERTIFICATE-----%0AMIIDNDCCAhygAwIBAgIIY%2BfM1Gc6lRQwDQYJKoZIhvcNAQELBQAwODESMBAGA1UE%0ACxMJb3BlbnNoaWZ0MSIwIAYDVQQDExlrdWJlLWNvbnRyb2wtcGxhbmUtc2lnbmVy%0AMB4XDTIwMDkyNDEyMTQ1OVoXDTIxMDkyNDEyMTQ1OVowODESMBAGA1UECxMJb3Bl%0AbnNoaWZ0MSIwIAYDVQQDExlrdWJlLWNvbnRyb2wtcGxhbmUtc2lnbmVyMIIBIjAN%0ABgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzG7bP0K2m7gmGq%2BWWfZGF%2BLXFoj6%0A00o8Q07vT82DTIDeEVDnaFXoUx5YCveVRj9uT8XBFe6kGNVzVdgJabKXj6YeaUxO%0AyEz%2B3LSD7Sq44oqDNTXUrRDSMvwnjfEYyxZaTqw%2BoNO%2FmTl7BMmbFKD4Tb%2Be9nAq%0AaYSCdjO1k9Dg%2ByquXUGN%2Ba1gKp7hvff%2B2nTKj%2FC6aqAXKwk%2BzrPtLTzKOF97ixsO%0A30slULjqENhvZ0W1wvj1M5sdgcfP5ePgTG3VRD%2FGMgZwlTbDeHKAYnQSXLTocFdN%0A6h%2F%2F3tDHCOQUGvt9wzp13CMD3fTTecjzYdS8qqTTMW1bCzMx2Sx%2FPqUX%2FwIDAQAB%0Ao0IwQDAOBgNVHQ8BAf8EBAMCAqQwDwYDVR0TAQH%2FBAUwAwEB%2FzAdBgNVHQ4EFgQU%0A7m3DSi9UL2mHQmqBe%2BvTPXFPQa8wDQYJKoZIhvcNAQELBQADggEBAAOZmqsCa18m%0ARu3QuUl7Z%2FEbu%2BXIoplfUyyVffahhdqLzeD%2FaiP1wMmxyTuvG6ZAsZSOa373S2F4%0ArWXoHLCxjUoHlbvLF18wFHjkMmeSflKxRpEs44ZRWCupvZqECcBBZFBXIv%2FNE7nN%0A8lQJPZUEZCvIAY9Zbgkg3%2BHTfdG6Q6%2FXpTV18ZTxbBvIh7O3oaVUnWGgydK0UcJx%0A22RGSvUNQFkHvRxoUCQulO%2BpVgPdzjy1V9hgF8FiVl0YRcCylKefv4XGFOzMMQau%0ABmkDaNp0HW48cDxeigG7rzsMttg93V7RoRTtjBlTqHkXgzviebe4Lc0sUOFLch3T%0A3xf6Z2WRzxE%3D%0A-----END%20CERTIFICATE-----%0A-----BEGIN%20CERTIFICATE-----%0AMIIDQjCCAiqgAwIBAgIIEa2Al5HZSi8wDQYJKoZIhvcNAQELBQAwPzESMBAGA1UE%0ACxMJb3BlbnNoaWZ0MSkwJwYDVQQDEyBrdWJlLWFwaXNlcnZlci10by1rdWJlbGV0%0ALXNpZ25lcjAeFw0yMDA5MjQxMjE0NTlaFw0yMTA5MjQxMjE0NTlaMD8xEjAQBgNV%0ABAsTCW9wZW5zaGlmdDEpMCcGA1UEAxMga3ViZS1hcGlzZXJ2ZXItdG8ta3ViZWxl%0AdC1zaWduZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHZp059T%2By%0AJ49j9VnAyXQFwuSuV1km843sNgroAplb8UlUUUaJRk8%2BzSa4UQVC6krLoVckwBmW%0Auzg2rQYqrDGVuX7FTsNPMONCMyLT%2B4n1KKKMAMtu3sUutk5ooDsOAl4qKmelHtCT%0A7ytjMjxBiHQZBG4T5eOrOAMn%2Bsq7%2FTCQEtSfPKWk%2F8oVRyvXA1lW0tbuX5qSiQlw%0Ayawpod%2FK1p3KassaR9lco2xryVg%2FCM8e7y1ELf0oMGBlcvynsn0w7925Q4EkU3js%0Avw%2BT83Wozr0i%2BKXBx3P2KJEbRYoe9MyXWJiqJhU1m4n4LVNjP3uIxAAXkMfHkpoi%0AiFafagFNidLLAgMBAAGjQjBAMA4GA1UdDwEB%2FwQEAwICpDAPBgNVHRMBAf8EBTAD%0AAQH%2FMB0GA1UdDgQWBBQzNeHkatGv1t6FXpoFHwkLsFJlQjANBgkqhkiG9w0BAQsF%0AAAOCAQEAn7zsmegeB7fuJ1CPne5nTJ4rmpNhnQD2kPsY1WUIQS3sQUJf11c1%2FA2E%0AzOQDQQj9aAHvMfEhA%2B%2BK6mlWS9fVHejcIE%2FOJUKegtVICj7LbsLhb7O9nfy%2FVXzM%0A1uCL%2FIF8zCrTxzzLMPR1jcKEXZoKledJmtKXR0VSi4PDICLPoxfIwEvchCZCd2jo%0A89mSbIvVe55bxNehxyazyOsn5oFrHFAueh%2FVEkXOxmfcwivII6ouRAQYOSFox6HE%0AoR%2F3UMQvWVERo0a94n7jufzE6U%2Fcovq6fdOwRuSa5EqY5S7HdvnmxUMDZMGMY6m1%0A85z0c0xjaVQsyJgm4BBxYbfqFUZLCg%3D%3D%0A-----END%20CERTIFICATE-----%0A-----BEGIN%20CERTIFICATE-----%0AMIIDSDCCAjCgAwIBAgIIBOI9S%2FCKzOwwDQYJKoZIhvcNAQELBQAwQjESMBAGA1UE%0ACxMJb3BlbnNoaWZ0MSwwKgYDVQQDEyNrdWJlbGV0LWJvb3RzdHJhcC1rdWJlY29u%0AZmlnLXNpZ25lcjAeFw0yMDA5MjQxMjE0NTRaFw0zMDA5MjIxMjE0NTRaMEIxEjAQ%0ABgNVBAsTCW9wZW5zaGlmdDEsMCoGA1UEAxMja3ViZWxldC1ib290c3RyYXAta3Vi%0AZWNvbmZpZy1zaWduZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQ%0AI7de19aeDbIZc1U7yZ79NrU5q2IGR%2F2RvVgzRMoFwY309uNt1a6AYqG%2F4%2FWT6nWV%0AYhWizSYtMlFTTktACey5lrMPz3h2ger4d27VhLeA2WF4LgYTC2909XVcPkYLMIC3%0AQt8qT5sE0x4jy3qiRrQfFXmK0oVQJoxbdlyLXd2BdX6hynbWbSdSZvGon%2FlxFX1Z%0A6GJ9nScxUpFpFV%2FeydPiNJaiyX9xwoTc6z7XxicAYZeg1fuJmAW0t%2BAN%2BHlQG5LV%0ArpGxERsVLMN8D3jY2zlitoIFhSL7aQmuBnk2anMAXxrj35wWCSb%2FS8gr%2BlC9RUAY%0A3kK0Hm92FP5jtZLHxRzRAgMBAAGjQjBAMA4GA1UdDwEB%2FwQEAwICpDAPBgNVHRMB%0AAf8EBTADAQH%2FMB0GA1UdDgQWBBS33ZioR9uY2JC0Dced2bnQMVSSdzANBgkqhkiG%0A9w0BAQsFAAOCAQEADNxxAHu3nm9dDG5Y%2BwMC5r4Un8wf%2B5QMox8R1g1w28fPGGFH%0ADvg47zJLxIvE3fWUwbYYqF6qmTGfhemwX0DBuxZobXgRggJftVK5nz%2FncIw6GVSW%0AF00BTHYllZV16ApXWNw6RFodaSUGn6U5KZTGf0f0WGGO8WkHyjTOwN77sAsPotWP%0AbluypVhUyqR3qD53JIaUL7iuzBt%2BB3BauEhR6L0DH11XT3HJkvOTyDjbCSv5nduX%0AXF%2FJJSGk5p2n7E7LuT2klT5pHwFCP99O5NidtS0ea2Uhcym%2BVYZhUcuLpkSDN4Wt%0A3LN854Q4QSDnVqiNg6DnENLGxP5EZdguev%2Fpfw%3D%3D%0A-----END%20CERTIFICATE-----%0A
        filesystem: root
        mode: 420
        path: /etc/kubernetes/ca.crt
      - contents:
          source: data:,net.ipv4.ip_forward%20%3D%201%0Anet.ipv6.conf.all.forwarding%20%3D%201%0A
        filesystem: root
        mode: 420
        path: /etc/sysctl.d/forward.conf
      - contents:
          source: data:,%0Afs.inotify.max_user_watches%20%3D%2065536%0Afs.inotify.max_user_instances%20%3D%208192%0A
        filesystem: root
        mode: 420
        path: /etc/sysctl.d/inotify.conf
      - contents:
          source: data:,%23!%2Fbin%2Fbash%0A%23%20On%20some%20platforms%20the%20hostname%20may%20be%20too%20long%20(%3E63%20chars).%0A%23%20%20-%20On%20firstboot%20the%20hostname%20is%20set%20in%20the%20initramfs%20before%20NetworkManager%0A%23%20%20%20%20And%20it%20may%20be%20truncated%20at%2064%20characters%20(too%20long)%0A%23%20%20-%20On%20reboot%20affect%20nodes%20use%20'localhost'.%0A%23%0A%23%20This%20script%20is%20a%20simple%20workaround%20for%20hostname%20woes%2C%20including%0A%23%20%20-%20NOT%20a%20localhost%20name%0A%23%20%20-%20NOT%20longer%20than%2063%20characters.%20Names%20will%20be%20truncated%20at%20the%0A%23%20%20%20%20first%20dot%2C%20and%20then%20capped%20at%2063%20char%20(which%20ever%20is%20less).%0A%23%20%20-%20Race%20conditions%20between%20truncated%20hostnames%20by%20the%20dhclient%0A%23%20%20%20%20and%20NetworkManager.%0A%23%0A%23%20Finally%2C%20this%20script%20is%20invoked%20via%3A%0A%23%20%20-%20%2Fetc%2FNetworkManager%2Fdispatcher.d%2F90-long-hostnames%0A%23%20%20-%20on%20boot%20via%20node-valid-hostname.service%0A%0Aexport%20PATH%3D%22%2Fusr%2Fbin%3A%2Fusr%2Flocal%2Fbin%3A%2Fsbin%3A%2Fusr%2Flocal%2Fsbin%3A%2Fbin%3A%24%7BPATH%7D%22%0Alog()%20%7B%20logger%20--tag%20%22%24(basename%20%240)%22%20%22%24%7B%40%7D%22%3B%20%7D%0A%0A%23%20wait_localhost%20waits%20until%20the%20host%20gets%20a%20real%20hostname.%0A%23%20This%20will%20wait%20indefinately.%20node-valid-hostname.service%20will%20terminate%0A%23%20this%20after%205m.%0Await_localhost()%20%7B%0A%20%20%20%20log%20%22waiting%20for%20non-localhost%20hostname%20to%20be%20assigned%22%0A%20%20%20%20while%20%5B%5B%20%22%24(%3C%20%2Fproc%2Fsys%2Fkernel%2Fhostname)%22%20%3D~%20(localhost%7Clocalhost.localdomain)%20%5D%5D%3B%0A%20%20%20%20do%0A%20%20%20%20%20%20%20%20sleep%201%0A%20%20%20%20done%0A%20%20%20%20log%20%22node%20identified%20as%20%24(%3C%2Fproc%2Fsys%2Fkernel%2Fhostname)%22%0A%20%20%20%20exit%200%0A%7D%0A%0Aset_valid_hostname()%20%7B%0A%20%20%20%20local%20host_name%3D%24%7B1%7D%0A%20%20%20%20local%20type_arg%3D%22transient%22%0A%0A%20%20%20%20%23%20%2Fetc%2Fhostname%20is%20used%20for%20static%20hostnames%20and%20is%20authorative.%0A%20%20%20%20%23%20This%20will%20check%20to%20make%20sure%20that%20the%20static%20hostname%20is%20the%0A%20%20%20%20%23%20less%20than%20or%20equal%20to%2063%20characters%20in%20length.%0A%20%20%20%20if%20%5B%20-f%20%2Fetc%2Fhostname%20%5D%20%26%26%20%5B%20%22%24(cat%20%2Fetc%2Fhostname%20%7C%20wc%20-m)%22%20-gt%200%20%5D%3B%20then%0A%20%20%20%20%20%20%20%20etc_name%3D%22%24(%3C%20%2Fetc%2Fhostname)%22%0A%20%20%20%20%20%20%20%20type_arg%3D%22static%22%0A%20%20%20%20%20%20%20%20if%20%5B%20%22%24%7Betc_name%7D%22%20!%3D%20%22%24%7Bhost_name%7D%22%20%5D%3B%20then%0A%20%20%20%20%20%20%20%20%20%20%20%20log%20%22%2Fetc%2Fhostname%20is%20set%20to%20%24%7Betc_name%7D%20but%20does%20not%20match%20%24%7Bhost_name%7D%22%0A%20%20%20%20%20%20%20%20%20%20%20%20log%20%22using%20%2Fetc%2Fhostname%20as%20the%20authorative%20name%22%0A%20%20%20%20%20%20%20%20%20%20%20%20host_name%3D%22%24%7Betc_name%7D%22%0A%20%20%20%20%20%20%20%20fi%0A%20%20%20%20fi%0A%0A%20%20%20%20%23%20Only%20mutate%20the%20hostname%20if%20the%20length%20is%20longer%20than%2063%20characters.%20The%0A%20%20%20%20%23%20hostname%20will%20be%20the%20lesser%20of%2063%20characters%20after%20the%20first%20dot%20in%20the%0A%20%20%20%20%23%20FQDN.%0A%20%20%20%20if%20%5B%20%22%24%7B%23host_name%7D%22%20-gt%2063%20%5D%3B%20then%0A%20%20%20%20%20%20%20%20alt_name%3D%24(printf%20%22%24%7Bhost_name%7D%22%20%7C%20cut%20-f1%20-d'.'%20%7C%20cut%20-c%20-63)%0A%20%20%20%20%20%20%20%20log%20%22%24%7Bhost_name%7D%20is%20longer%20than%2063%20characters%2C%20using%20trunacated%20hostname%22%0A%20%20%20%20%20%20%20%20host_name%3D%22%24%7Balt_name%7D%22%0A%20%20%20%20fi%0A%20%20%20%20log%20%22setting%20%24%7Btype_arg%7D%20hostname%20to%20%24%7Bhost_name%7D%22%0A%20%20%20%20%2Fbin%2Fhostnamectl%20%22--%24%7Btype_arg%7D%22%20set-hostname%20%22%24%7Bhost_name%7D%22%0A%20%20%20%20exit%200%0A%7D%0A%0Acli_run()%20%7B%0A%20%20%20%20mode%3D%22%24%7B1%3A%3Fmode%20must%20be%20the%20first%20argument%7D%22%3B%20shift%3B%0A%20%20%20%20case%20%22%24%7Bmode%7D%22%20in%0A%20%20%20%20%20%20%20%20%20%20%20%20wait_localhost)%20wait_localhost%3B%3B%0A%20%20%20%20%20%20%20%20set_valid_hostname)%20hname%3D%22%24%7B1%3A%3Fhostname%20is%20a%20required%20last%20argument%7D%22%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20set_valid_hostname%20%22%24%7Bhname%7D%22%3B%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*)%20log%20%22unknown%20mode%20%24%7Bmode%7D%22%3B%20exit%201%3B%3B%0A%20%20%20%20esac%0A%7D%0A%0A%23%20Allow%20the%20functions%20to%20be%20sourced.%20This%20can%20be%20run%20either%20as%20a%0A%23%20standalone%20command%20or%20in%20systemd%20or%20part%20of%20NetworkManager.%0Aif%20%5B%5B%20%22%24%7BBASH_SOURCE%5B0%5D%7D%22%20%3D%3D%20%22%24%7B0%7D%22%20%5D%5D%3B%20then%0A%20%20%20%20cli_run%20%24%7B%40%7D%0Afi%0A
        filesystem: root
        mode: 493
        path: /usr/local/sbin/set-valid-hostname.sh
      - contents:
          source: data:,
        filesystem: root
        mode: 493
        path: /etc/kubernetes/kubelet-plugins/volume/exec/.dummy
      - contents:
          source: data:,unqualified-search-registries%20%3D%20%5B'registry.access.redhat.com'%2C%20'docker.io'%5D%0A
        filesystem: root
        mode: 420
        path: /etc/containers/registries.conf
      - contents:
          source: data:,%5Bcrio.api%5D%0Astream_address%20%3D%20%22%22%0Astream_port%20%3D%20%2210010%22%0A%0A%5Bcrio.runtime%5D%0Aconmon%20%3D%20%22%2Fusr%2Flibexec%2Fcrio%2Fconmon%22%0Aconmon_cgroup%20%3D%20%22pod%22%0Adefault_env%20%3D%20%5B%0A%20%20%20%20%22NSS_SDB_USE_CACHE%3Dno%22%2C%0A%5D%0Alog_level%20%3D%20%22info%22%0Acgroup_manager%20%3D%20%22systemd%22%0Adefault_capabilities%20%3D%20%5B%0A%20%20%20%20%22CHOWN%22%2C%0A%20%20%20%20%22DAC_OVERRIDE%22%2C%0A%20%20%20%20%22FSETID%22%2C%0A%20%20%20%20%22FOWNER%22%2C%0A%20%20%20%20%22NET_RAW%22%2C%0A%20%20%20%20%22SETGID%22%2C%0A%20%20%20%20%22SETUID%22%2C%0A%20%20%20%20%22SETPCAP%22%2C%0A%20%20%20%20%22NET_BIND_SERVICE%22%2C%0A%20%20%20%20%22SYS_CHROOT%22%2C%0A%20%20%20%20%22KILL%22%2C%0A%5D%0Ahooks_dir%20%3D%20%5B%0A%20%20%20%20%22%2Fetc%2Fcontainers%2Foci%2Fhooks.d%22%2C%0A%5D%0Amanage_ns_lifecycle%20%3D%20true%0A%0A%5Bcrio.image%5D%0Aglobal_auth_file%20%3D%20%22%2Fvar%2Flib%2Fkubelet%2Fconfig.json%22%0Apause_image%20%3D%20%22quay.io%2Fopenshift-release-dev%2Focp-v4.0-art-dev%40sha256%3Acc0eb0534a361cffb7c392bf889ef061fc5390a7b21f6c92710f7a53ac4edd85%22%0Apause_image_auth_file%20%3D%20%22%2Fvar%2Flib%2Fkubelet%2Fconfig.json%22%0Apause_command%20%3D%20%22%2Fusr%2Fbin%2Fpod%22%0A%0A%5Bcrio.network%5D%0Anetwork_dir%20%3D%20%22%2Fetc%2Fkubernetes%2Fcni%2Fnet.d%2F%22%0Aplugin_dirs%20%3D%20%5B%0A%20%20%20%20%22%2Fvar%2Flib%2Fcni%2Fbin%22%2C%0A%20%20%20%20%22%2Fusr%2Flibexec%2Fcni%22%2C%0A%5D%0A%0A%5Bcrio.metrics%5D%0Aenable_metrics%20%3D%20true%0Ametrics_port%20%3D%209537%0A
        filesystem: root
        mode: 420
        path: /etc/crio/crio.conf.d/00-default
      - contents:
          source: data:,%7B%0A%20%20%20%20%22default%22%3A%20%5B%0A%20%20%20%20%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20%22type%22%3A%20%22insecureAcceptAnything%22%0A%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%5D%2C%0A%20%20%20%20%22transports%22%3A%0A%20%20%20%20%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20%22docker-daemon%22%3A%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%22%22%3A%20%5B%7B%22type%22%3A%22insecureAcceptAnything%22%7D%5D%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%20%20%7D%0A%7D
        filesystem: root
        mode: 420
        path: /etc/containers/policy.json
      - contents:
          source: data:,
        filesystem: root
        mode: 420
        path: /etc/kubernetes/cloud.conf
      - contents:
          source: data:,kind%3A%20KubeletConfiguration%0AapiVersion%3A%20kubelet.config.k8s.io%2Fv1beta1%0Aauthentication%3A%0A%20%20x509%3A%0A%20%20%20%20clientCAFile%3A%20%2Fetc%2Fkubernetes%2Fkubelet-ca.crt%0A%20%20anonymous%3A%0A%20%20%20%20enabled%3A%20false%0AcgroupDriver%3A%20systemd%0AcgroupRoot%3A%20%2F%0AclusterDNS%3A%0A%20%20-%20172.30.0.10%0AclusterDomain%3A%20cluster.local%0AcontainerLogMaxSize%3A%2050Mi%0AmaxPods%3A%20250%0AkubeAPIQPS%3A%2050%0AkubeAPIBurst%3A%20100%0ArotateCertificates%3A%20true%0AserializeImagePulls%3A%20false%0AstaticPodPath%3A%20%2Fetc%2Fkubernetes%2Fmanifests%0AsystemCgroups%3A%20%2Fsystem.slice%0AsystemReserved%3A%0A%20%20cpu%3A%20500m%0A%20%20memory%3A%201Gi%0A%20%20ephemeral-storage%3A%201Gi%0AfeatureGates%3A%0A%20%20LegacyNodeRoleBehavior%3A%20false%0A%20%20NodeDisruptionExclusion%3A%20true%0A%20%20RotateKubeletServerCertificate%3A%20true%0A%20%20SCTPSupport%3A%20true%0A%20%20ServiceNodeExclusion%3A%20true%0A%20%20SupportPodPidsLimit%3A%20true%0AserverTLSBootstrap%3A%20true%0A
        filesystem: root
        mode: 420
        path: /etc/kubernetes/kubelet.conf
    systemd:
      units:
      - dropins:
        - contents: |
            [Unit]
            Description=MCO environment configuration
          name: 10-mco-default-env.conf
        name: crio.service
      - dropins:
        - contents: |
            [Unit]
            Description=MCO environment configuration
          name: 10-mco-default-env.conf
        name: kubelet.service
      - dropins:
        - contents: |
            [Unit]
            Description=MCO environment configuration
          name: 10-mco-default-env.conf
        name: machine-config-daemon-host.service
      - dropins:
        - contents: |
            [Unit]
            Description=MCO environment configuration
          name: 10-mco-default-env.conf
        name: pivot.service
      - contents: |
          [Unit]
          Description=Machine Config Daemon Firstboot (4.2 bootimage)
          # Make sure it runs only on OSTree booted system
          ConditionPathExists=/run/ostree-booted
          BindsTo=ignition-firstboot-complete.service
          ConditionPathExists=/etc/ignition-machine-config-encapsulated.json
          # Note the opposite of this in machine-config-daemon-firstboot
          ConditionPathExists=!/sysroot/.coreos-aleph-version.json
          After=ignition-firstboot-complete.service
          Before=kubelet.service

          [Service]
          # Need oneshot to delay kubelet
          Type=oneshot
          ExecStart=/usr/libexec/machine-config-daemon pivot

          [Install]
          WantedBy=multi-user.target
        enabled: true
        name: machine-config-daemon-firstboot-v42.service
      - contents: |
          [Unit]
          Description=Machine Config Daemon Firstboot
          # Make sure it runs only on OSTree booted system
          ConditionPathExists=/run/ostree-booted
          # Removal of this file signals firstboot completion
          ConditionPathExists=/etc/ignition-machine-config-encapsulated.json
          # We only want to run on 4.3 clusters and above; this came from
          # https://github.com/coreos/coreos-assembler/pull/768
          ConditionPathExists=/sysroot/.coreos-aleph-version.json
          After=ignition-firstboot-complete.service
          Before=crio.service crio-wipe.service
          Before=kubelet.service

          [Service]
          # Need oneshot to delay kubelet
          Type=oneshot
          ExecStart=/usr/libexec/machine-config-daemon firstboot-complete-machineconfig

          [Install]
          WantedBy=multi-user.target
          RequiredBy=crio.service kubelet.service
        enabled: true
        name: machine-config-daemon-firstboot.service
      - contents: |
          [Unit]
          Description=Machine Config Daemon Initial
          # This only applies to ostree (MCD) systems;
          # see also https://github.com/openshift/machine-config-operator/issues/1046
          ConditionPathExists=/run/ostree-booted
          ConditionPathExists=/etc/pivot/image-pullspec
          # If pivot exists, defer to it.  Note similar code in update.go
          ConditionPathExists=!/usr/lib/systemd/system/pivot.service
          After=ignition-firstboot-complete.service
          Before=kubelet.service

          [Service]
          # Need oneshot to delay kubelet
          Type=oneshot
          # TODO add --from-etc-pullspec after ratcheting
          ExecStart=/usr/libexec/machine-config-daemon pivot

          [Install]
          WantedBy=multi-user.target
        enabled: false
        name: machine-config-daemon-host.service
      - contents: |
          [Unit]
          Description=Ensure the node hostname is valid for the cluster
          Before=network-online.target

          [Service]
          Type=oneshot
          RemainAfterExit=yes
          User=root

          # SystemD prevents direct execution of the script in /usr/local/sbin,
          # so it is sourced. See the script for functionality.
          ExecStart=/bin/bash -c "source /usr/local/sbin/set-valid-hostname.sh; wait_localhost; set_valid_hostname `hostname`"

          # Wait up to 5min for the node to get a real hostname.
          TimeoutSec=300

          [Install]
          WantedBy=multi-user.target
          # Ensure that network-online.target will not complete until the node has a real hostname.
          RequiredBy=network-online.target
        enabled: true
        name: node-valid-hostname.service
      - contents: |
          [Unit]
          Description=Kubernetes Kubelet
          Wants=rpc-statd.service network-online.target crio.service
          After=network-online.target crio.service

          [Service]
          Type=notify
          ExecStartPre=/bin/mkdir --parents /etc/kubernetes/manifests
          ExecStartPre=/bin/rm -f /var/lib/kubelet/cpu_manager_state
          Environment="KUBELET_LOG_LEVEL=4"
          EnvironmentFile=/etc/os-release
          EnvironmentFile=-/etc/kubernetes/kubelet-workaround
          EnvironmentFile=-/etc/kubernetes/kubelet-env

          ExecStart=/usr/bin/hyperkube \
              kubelet \
                --config=/etc/kubernetes/kubelet.conf \
                --bootstrap-kubeconfig=/etc/kubernetes/kubeconfig \
                --kubeconfig=/var/lib/kubelet/kubeconfig \
                --container-runtime=remote \
                --container-runtime-endpoint=/var/run/crio/crio.sock \
                --runtime-cgroups=/system.slice/crio.service \
                --node-labels=node-role.kubernetes.io/worker,node.openshift.io/os_id=${ID} \
                --minimum-container-ttl-duration=6m0s \
                --volume-plugin-dir=/etc/kubernetes/kubelet-plugins/volume/exec \
                --cloud-provider=aws \
                 \
                --pod-infra-container-image=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:cc0eb0534a361cffb7c392bf889ef061fc5390a7b21f6c92710f7a53ac4edd85 \
                --v=${KUBELET_LOG_LEVEL}

          Restart=always
          RestartSec=10

          [Install]
          WantedBy=multi-user.target
        enabled: true
        name: kubelet.service
  fips: false
  kernelArguments: []
  kernelType: default
  osImageURL: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e59e8b5f129fbe69932a0b0edab4c501a61eeaa4aac83e1b22d86c9d296b587e

$ oc adm upgrade --to-image=registry.svc.ci.openshift.org/ocp/release:4.6.0-0.nightly-2020-09-24-074159 --force
Updating to release image registry.svc.ci.openshift.org/ocp/release:4.6.0-0.nightly-2020-09-24-074159

$ oc get clusterversion
NAME      VERSION   AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.5.12    True        True          16s     Working towards registry.svc.ci.openshift.org/ocp/release:4.6.0-0.nightly-2020-09-24-074159: downloading update

$ watch oc get clusterversion

$ oc get clusterversion
NAME      VERSION                             AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.6.0-0.nightly-2020-09-24-074159   True        False         4m47s   Cluster version is 4.6.0-0.nightly-2020-09-24-074159

Comment 5 errata-xmlrpc 2020-10-27 16:42:58 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4196


Note You need to log in before you can comment on or make changes to this bug.