Remember that RHCOS inherits FCOS which is Fedora (also OKD is OpenShift-on-FCOS) so one approach is to follow https://fedoraproject.org/wiki/Packaging:DefaultServices (Then we can cherry-pick that in FCOS -> RHCOS in https://github.com/coreos/fedora-coreos-config/blob/testing-devel/overlay.d/05core/usr/lib/systemd/system-preset/40-coreos.preset or another file) That way all this would work in OKD as well as e.g. Fedora IoT, etc.
(In reply to Colin Walters from comment #5) > Remember that RHCOS inherits FCOS which is Fedora (also OKD is > OpenShift-on-FCOS) so one approach is to follow > https://fedoraproject.org/wiki/Packaging:DefaultServices > (Then we can cherry-pick that in FCOS -> RHCOS in > https://github.com/coreos/fedora-coreos-config/blob/testing-devel/overlay.d/ > 05core/usr/lib/systemd/system-preset/40-coreos.preset or another file) > > That way all this would work in OKD as well as e.g. Fedora IoT, etc. Colin, I'm super in favour of taking this approach, but this is slightly more complicated (and it'd require more time than we actually have for OCP 4.8). Right now, as things are, Sandboxed Containers Product Manager is not totally sure we'll be supported on OKD. I can, in parallel, kick this off on Fedora side, no problem, then have it through the process of Fedora -> Fedora CoreOS -> Red Hat CoreOS. However, on a non OpenShift environment, we're slightly more comfortable to tell people to run `systemctl enable --now kata-osbuilder-generate.service`. The main question I have for you, Colin, is whether going through this process is mandatory for us, or if I can kickstart the process upstream and keep the bits moving downstream till an agreement is made upstream. What do you think?
Created attachment 1765634 [details] [PATCH 0001] Add an easy way to distribute our specific preset.
Created attachment 1765635 [details] [PATCH 0002] Add kata-osbuilder-generate.service to the presets
It's now being treated as https://github.com/openshift/os/pull/524
Mentioned PR has been merged.
Verified on 4.8.0-0.nightly-2021-04-22-061234 running RHCOS 48.84.202104220217-0. $ oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.8.0-0.nightly-2021-04-22-061234 True False 24m Cluster version is 4.8.0-0.nightly-2021-04-22-061234 $ oc get nodes NAME STATUS ROLES AGE VERSION ci-ln-92bm8r2-f76d1-gs5fk-master-0 Ready master 42m v1.21.0-rc.0+3ced7a9 ci-ln-92bm8r2-f76d1-gs5fk-master-1 Ready master 41m v1.21.0-rc.0+3ced7a9 ci-ln-92bm8r2-f76d1-gs5fk-master-2 Ready master 42m v1.21.0-rc.0+3ced7a9 ci-ln-92bm8r2-f76d1-gs5fk-worker-b-mwkll Ready worker 35m v1.21.0-rc.0+3ced7a9 ci-ln-92bm8r2-f76d1-gs5fk-worker-c-m56bz Ready worker 35m v1.21.0-rc.0+3ced7a9 ci-ln-92bm8r2-f76d1-gs5fk-worker-d-r6vzg Ready worker 35m v1.21.0-rc.0+3ced7a9 $ oc debug node/ci-ln-92bm8r2-f76d1-gs5fk-worker-b-mwkll Starting pod/ci-ln-92bm8r2-f76d1-gs5fk-worker-b-mwkll-debug ... To use host binaries, run `chroot /host` If you don't see a command prompt, try pressing enter. sh-4.2# chroot /host sh-4.4# cd /usr/lib/systemd/system-preset/ sh-4.4# cat 45-rhcos-extensions.preset # Preset files for extensions # https://bugzilla.redhat.com/show_bug.cgi?id=1941342 # enable sandboxed-containers specific services enable kata-osbuilder-generate.service sh-4.4# exit exit sh-4.2# exit exit Removing debug pod ... $ oc debug node/ci-ln-92bm8r2-f76d1-gs5fk-worker-b-mwkll -- chroot /host rpm-ostree status Starting pod/ci-ln-92bm8r2-f76d1-gs5fk-worker-b-mwkll-debug ... To use host binaries, run `chroot /host` State: idle Deployments: * pivot://quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:61227d143899680daefb2475fc58c8e044fa4d80bf6b6f3af76c2d87567b37c4 CustomOrigin: Managed by machine-config-operator Version: 48.84.202104220217-0 (2021-04-22T02:20:53Z) ostree://328a44d7c259ca1e3ed31ae020f09d922f460be998657a92f684f6760443077b Version: 48.83.202103221318-0 (2021-03-22T13:22:02Z) Removing debug pod ...
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.8.2 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:2438
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 500 days