Bug 1933075 - machine-config-operator fails when writing zero-length systemd dropins
Summary: machine-config-operator fails when writing zero-length systemd dropins
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Machine Config Operator
Version: 4.6.z
Hardware: Unspecified
OS: Unspecified
urgent
urgent
Target Milestone: ---
: 4.6.z
Assignee: Ben Howard
QA Contact: Michael Nguyen
URL:
Whiteboard: TechnicalReleaseBlocker
Depends On: 1920027
Blocks: 1915235 1933077
TreeView+ depends on / blocked
 
Reported: 2021-02-25 15:55 UTC by Ben Howard
Modified: 2021-03-16 23:22 UTC (History)
20 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1920027
Environment:
Last Closed: 2021-03-16 23:22:18 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift machine-config-operator pull 2435 0 None open Bug 1933075: backport systemd dropin/units zero-length handling 2021-02-25 16:06:16 UTC
Red Hat Product Errata RHBA-2021:0753 0 None None None 2021-03-16 23:22:34 UTC

Comment 3 Lalatendu Mohanty 2021-03-09 15:23:58 UTC 
We're asking the following questions to evaluate whether or not this bug warrants blocking an upgrade edge from either the previous X.Y or X.Y.Z. The ultimate goal is to avoid delivering an update which introduces new risk or reduces cluster functionality in any way. Sample answers are provided to give more context and the UpgradeBlocker flag has been added to this bug. It will be removed if the assessment indicates that this should not block upgrade edges. The expectation is that the assignee answers these questions.

Who is impacted?  If we have to block upgrade edges based on this issue, which edges would need blocking?
  example: Customers upgrading from 4.y.Z to 4.y+1.z running on GCP with thousands of namespaces, approximately 5% of the subscribed fleet
  example: All customers upgrading from 4.y.z to 4.y+1.z fail approximately 10% of the time
What is the impact?  Is it serious enough to warrant blocking edges?
  example: Up to 2 minute disruption in edge routing
  example: Up to 90seconds of API downtime
  example: etcd loses quorum and you have to restore from backup
How involved is remediation (even moderately serious impacts might be acceptable if they are easy to mitigate)?
  example: Issue resolves itself after five minutes
  example: Admin uses oc to fix things
  example: Admin must SSH to hosts, restore from backups, or other non standard admin activities
Is this a regression (if all previous versions were also vulnerable, updating to the new, vulnerable version does not increase exposure)?
  example: No, it’s always been like this we just never noticed
  example: Yes, from 4.y.z to 4.y+1.z Or 4.y.z to 4.y.z+1
Comment 4 Yu Qi Zhang 2021-03-09 15:56:55 UTC 
I believe this is mostly a dependency backport. The code itself shouldn't be impactful for customers. No edge blocking needed.
Comment 5 Lalatendu Mohanty 2021-03-09 16:23:01 UTC 
Thanks, removing the UpgradeBlocker keyword
Comment 6 Michael Nguyen 2021-03-09 22:18:20 UTC 
upgrade from quay.io/openshift-release-dev/ocp-release:4.6.16-x86_64 to registry.ci.openshift.org/ocp/release:4.6.0-0.nightly-2021-03-06-050044 succeeded with no machine config operator degrade issues.
Comment 8 errata-xmlrpc 2021-03-16 23:22:18 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.6.21 bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:0753
Note You need to log in before you can comment on or make changes to this bug.