OCP Version at Install Time: OCP 4.7.11 RHCOS Version at Install Time: RHCOS 4.7.7 OCP Version after Upgrade (if applicable): OCP 4.7.22 RHCOS Version after Upgrade (if applicable): hostnamectl Static hostname: cluster2-b5qf6-master-0 Icon name: computer-vm Chassis: vm Machine ID: ae6b95c8e7a442ea9293d8a6d735a99c Boot ID: 39283a8c90e9424b916e75bc69c07eac Virtualization: vmware Operating System: Red Hat Enterprise Linux CoreOS 48.84.202107271439-0 (Ootpa) CPE OS Name: cpe:/o:redhat:enterprise_linux:8::coreos Kernel: Linux 4.18.0-305.10.2.el8_4.x86_64 Architecture: x86-64 Platform: vSphere Architecture: x86_64 What are you trying to do? What is your use case? I want to use machineconfig to modify user core password failed I have also want to create a user with password ans ssh key also failed What happened? What went wrong or what did you expect? I want to modify the core user's password so that I can login into RHCOS in Console I also want to add a new user for RHCOS with password What are the steps to reproduce your issue? Please try to reduce these steps to something that can be reproduced with a single RHCOS node. I create machineconfig as following Modify User Core Password cat << EOF | oc apply -f - --- apiVersion: machineconfiguration.openshift.io/v1 kind: MachineConfig metadata: labels: machineconfiguration.openshift.io/role: master name: 99-master-user-core-passwd spec: config: ignition: version: 3.2.0 passwd: users: - name: core password_hash: $1$h7NYO6BB$DRl3tQwkn67ERQsF5iolR/ sshAuthorizedKeys: - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCuOEwqATRgQqXieMfrx89+VWNa8BlaqstrHN1vzuejiZVKG+ms9hvmakDY6UFSntUFiR80pJ9TyZBEtFFZPPQ8GJkorxVan75yr8aeOy5FKISPc3lWOe4cfzNt86xpUzJ2ucpg/0klTcSrlJydJoe6brOosEHhKKS80g45K+tE9XBNWumJzSA3rlrmaSwZh5w2tWvh+e11tHh5r4lqxFaFUuAJ+EQl0bHx5quoSuw21vfM+HiNjuP50E6GCfquLu9cKM0yWPBvFweh9SJCdVY1IJBmZRn1DV0NAUYMEuNuNyUKGjAwdtO0Ag22qEIdBQYpQLe7Mcmu4C4wyhTlGLp7 root@support extensions: null fips: false kernelArguments: null kernelType: "" osImageURL: "" EOF Create a new User ocp-admin with Password cat << EOF | oc apply -f - --- apiVersion: machineconfiguration.openshift.io/v1 kind: MachineConfig metadata: labels: machineconfiguration.openshift.io/role: master name: 99-master-user-newuser-passwd spec: config: ignition: version: 3.2.0 passwd: users: - name: ocp-admin password_hash: $1$h7NYO6BB$DRl3tQwkn67ERQsF5iolR/ sshAuthorizedKeys: - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCuOEwqATRgQqXieMfrx89+VWNa8BlaqstrHN1vzuejiZVKG+ms9hvmakDY6UFSntUFiR80pJ9TyZBEtFFZPPQ8GJkorxVan75yr8aeOy5FKISPc3lWOe4cfzNt86xpUzJ2ucpg/0klTcSrlJydJoe6brOosEHhKKS80g45K+tE9XBNWumJzSA3rlrmaSwZh5w2tWvh+e11tHh5r4lqxFaFUuAJ+EQl0bHx5quoSuw21vfM+HiNjuP50E6GCfquLu9cKM0yWPBvFweh9SJCdVY1IJBmZRn1DV0NAUYMEuNuNyUKGjAwdtO0Ag22qEIdBQYpQLe7Mcmu4C4wyhTlGLp7 root@support extensions: null fips: false kernelArguments: null kernelType: "" osImageURL: "" EOF You can see the master mcp have beed degraded # oc get mcp NAME CONFIG UPDATED UPDATING DEGRADED MACHINECOUNT READYMACHINECOUNT UPDATEDMACHINECOUNT DEGRADEDMACHINECOUNT AGE master rendered-master-a70e73019b10154783b39fb76cb54ec3 False True True 1 0 0 1 36h worker rendered-worker-ae103ff75e732aa6711a05de119cba6b True False False 0 0 0 0 36h # oc get nodes NAME STATUS ROLES AGE VERSION cluster2-b5qf6-master-0 Ready master,worker 36h v1.21.1+051ac4f
We would need a must-gather and MCO logs from the failing nodes. You mention 4.7.22 as last version but your hostnamectl says it's an 4.8 RHCOS. Which one is correct? This is also most probably for the MCO instead of RHCOS.
password_hash is not supported in any way on OCP4. The MCO failing here is expected behaviour. You also cannot create new users. Only "core" user is supported, and the only supported operation here is modifications to the SSH keys. Is there a reason you are trying unsupported operations?
have any method to let we can use core or other user login into RHCOS console to troubleshooting?
Is just adding ssh key not enough? Currently, your machineconfig failed failed because password_hash has been supplied as well (which is not supported by MC). Try applying the MachineCOnfig with only ssh-key.
Hi Kevin, As we discussed on slack, RHCOS images themselves can handle passwords, but you cannot do so if they are part of a cluster, since the MCO does not allow it. If you would like to add a password in a test environment, I would recommend doing so via the injected ignition directly. Depending on your environment, you would have to do so differently, and only via UPI methods. Effectively, you would have to put your customizations in the stub ignition used to boot the nodes, which normally looks something like: { "ignition": { "config": { "merge": [ { "source": "https://api-int.$cluster.openshift.com:22623/config/worker" } ] }, "security": { "tls": { "certificateAuthorities": [ { "source": "data:text/plain;charset=utf-8;base64,xxxxxxx" } ] } }, "version": "3.2.0" }, } And you would add a "password" section to it. This is not parsed as part of the machineconfigs and thus will not fail. I would recommend against doing this in general, though, and if your use case can be handled via ssh keys, I strongly recommend doing that instead. If the boot fails in the initramfs, it should drop you into emergency shell via console directly without the need of a password.
Closing this as Notabug