Description of problem: usbguard fails to install due to missing libprotobuf.so on RHCOS system. This could be related to package dependency changed in base RHCOS packages or usbguard started depending on this new lib. This issue was cought my MCO e2e-gcp-op ci run Example e2e-gcp-op job - https://prow.ci.openshift.org/view/gs/origin-ci-test/pr-logs/pull/openshift_machine-config-operator/2025/pull-ci-openshift-machine-config-operator-master-e2e-gcp-op/1318182107079512064 MCD Log: https://gcsweb-ci.apps.ci.l2s4.p1.openshiftapps.com/gcs/origin-ci-test/pr-logs/pull/openshift_machine-config-operator/2025/pull-ci-openshift-machine-config-operator-master-e2e-gcp-op/1318182107079512064/artifacts/e2e-gcp-op/pods/openshift-machine-config-operator_machine-config-daemon-llwtn_machine-config-daemon.log ... E1019 14:47:38.790081 2229 writer.go:135] Marking Degraded due to: error running rpm-ostree update --install usbguard: Checking out tree a527c24...done Enabled rpm-md repositories: coreos-extensions Resolving dependencies...done error: Could not depsolve transaction; 1 problem detected: Problem: conflicting requests - nothing provides libprotobuf.so.15()(64bit) needed by usbguard-0.7.4-4.el8.x86_64 : exit status 1 Expected results: usbguard should successfully install as RHCOS extensions
Setting priority to high since this blocks MCO PR getting merged
The proper fix for this is https://github.com/coreos/rpm-ostree/issues/2055. For now, I'll just add the missing RPMs to https://github.com/openshift/os/blob/master/scripts/download-extensions. Though we really should also have a basic test to confirm that extensions overlay cleanly.
Targeting 4.7 since this was found in the 4.7 images. Sinny: Are you seeing this in previous builds as well?
Not sure, there is no e2e-gcp-op test run in ci since 17 October for 4.6 branch. I will check this on a local cluster and update here.
don't see this issue in 4.6, tested with latest nightly 4.6.0-0.nightly-2020-10-20-101225
The proper version of protobuf landed in 47.82.202010201950-0 and that version of RHCOS was promoted into a nightly 4.7 payload.
Verified on 4.7.0-0.nightly-2020-10-26-124513. usbguard installs successfully. $ oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.7.0-0.nightly-2020-10-26-124513 True False 5h23m Cluster version is 4.7.0-0.nightly-2020-10-26-124513 $ oc get nodes NAME STATUS ROLES AGE VERSION ip-10-0-136-111.us-west-2.compute.internal Ready worker 5h37m v1.19.0+e67f5dc ip-10-0-138-139.us-west-2.compute.internal Ready master 5h43m v1.19.0+e67f5dc ip-10-0-166-15.us-west-2.compute.internal Ready worker 5h37m v1.19.0+e67f5dc ip-10-0-187-209.us-west-2.compute.internal Ready master 5h43m v1.19.0+e67f5dc ip-10-0-218-114.us-west-2.compute.internal Ready worker 5h32m v1.19.0+e67f5dc ip-10-0-219-131.us-west-2.compute.internal Ready master 5h44m v1.19.0+e67f5dc $ oc debug node/ip-10-0-218-114.us-west-2.compute.internal -- chroot /host rpm-ostree status Starting pod/ip-10-0-218-114us-west-2computeinternal-debug ... To use host binaries, run `chroot /host` State: idle Deployments: * pivot://quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:3dc9cdce1901a5f5ca6cbab5e435c48d924eb813a01f5c48e49dd91c1d2e340c CustomOrigin: Managed by machine-config-operator Version: 47.82.202010241242-0 (2020-10-24T12:46:24Z) ostree://6dff002defa66e3f9f53b57da7dc3eef37db39762655c00c13b977d72516649c Version: 47.82.202010211043-0 (2020-10-21T10:47:13Z) Removing debug pod ... $ oc debug node/ip-10-0-218-114.us-west-2.compute.internal -- chroot /host rpm -q protobuf Starting pod/ip-10-0-218-114us-west-2computeinternal-debug ... To use host binaries, run `chroot /host` package protobuf is not installed Removing debug pod ... $ cat << EOF > 80-extensions.yaml > apiVersion: machineconfiguration.openshift.io/v1 > kind: MachineConfig > metadata: > labels: > machineconfiguration.openshift.io/role: worker > name: 80-worker-extensions > spec: > config: > ignition: > version: 3.1.0 > extensions: > - usbguard > EOF $ oc create -f 80-extensions.yaml machineconfig.machineconfiguration.openshift.io/80-worker-extensions created $ oc get machineconfig 80-worker-extensions NAME GENERATEDBYCONTROLLER IGNITIONVERSION AGE 80-worker-extensions 3.1.0 15s $ oc get mcp NAME CONFIG UPDATED UPDATING DEGRADED MACHINECOUNT READYMACHINECOUNT UPDATEDMACHINECOUNT DEGRADEDMACHINECOUNT AGE master rendered-master-107f3aa4ffa04a053e0b320fe1d89688 True False False 3 3 3 0 5h49m worker rendered-worker-c4d33fa1d6014ab23f18932769e390c2 False True False 3 0 0 0 5h49m $ watch oc get mcp $ oc debug node/ip-10-0-218-114.us-west-2.compute.internal -- chroot /host rpm -q usbguard Starting pod/ip-10-0-218-114us-west-2computeinternal-debug ... To use host binaries, run `chroot /host` usbguard-0.7.4-4.el8.x86_64 Removing debug pod ...
(Marking as No Doc Update because this was a transient thing that happened during 4.7 development which never leaked out IIRC.)
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:5633