Description of problem: AWS Nitro instances need special tuning for NVME devices, see: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nvme-ebs-volumes.html#timeout-nvme-ebs-volumes Version-Release number of selected component (if applicable): 4.9 and 4.10 How reproducible: Always. Steps to Reproduce: 1. echo "cat /sys/module/nvme_core/parameters/io_timeout" | oc debug node/<node_name> Actual results: OS-provided value not equal to 4294967295 Expected results: 4294967295 Additional info: https://github.com/openshift/cluster-node-tuning-operator/pull/283
$ for node in $(oc get nodes --no-headers | cut -f 1 -d ' ' ); do echo $node; echo ""; echo "cat /sys/module/nvme_core/parameters/io_timeout" | oc debug node/$node; done ip-10-0-152-104.us-east-2.compute.internal W1026 13:47:33.683325 129785 warnings.go:70] would violate "latest" version of "baseline" PodSecurity profile: host namespaces (hostNetwork=true, hostPID=true), hostPath volumes (volume "host"), privileged (container "container-00" must not set securityContext.privileged=true) Starting pod/ip-10-0-152-104us-east-2computeinternal-debug ... To use host binaries, run `chroot /host` Pod IP: 10.0.152.104 If you don't see a command prompt, try pressing enter. 4294967295 Removing debug pod ... ip-10-0-159-95.us-east-2.compute.internal W1026 13:47:35.662635 129807 warnings.go:70] would violate "latest" version of "baseline" PodSecurity profile: host namespaces (hostNetwork=true, hostPID=true), hostPath volumes (volume "host"), privileged (container "container-00" must not set securityContext.privileged=true) Starting pod/ip-10-0-159-95us-east-2computeinternal-debug ... To use host binaries, run `chroot /host` Pod IP: 10.0.159.95 If you don't see a command prompt, try pressing enter. 4294967295 Removing debug pod ... ip-10-0-188-186.us-east-2.compute.internal W1026 13:47:45.288153 129848 warnings.go:70] would violate "latest" version of "baseline" PodSecurity profile: host namespaces (hostNetwork=true, hostPID=true), hostPath volumes (volume "host"), privileged (container "container-00" must not set securityContext.privileged=true) Starting pod/ip-10-0-188-186us-east-2computeinternal-debug ... To use host binaries, run `chroot /host` Pod IP: 10.0.188.186 If you don't see a command prompt, try pressing enter. 4294967295 Removing debug pod ... ip-10-0-191-199.us-east-2.compute.internal W1026 13:47:55.608726 129872 warnings.go:70] would violate "latest" version of "baseline" PodSecurity profile: host namespaces (hostNetwork=true, hostPID=true), hostPath volumes (volume "host"), privileged (container "container-00" must not set securityContext.privileged=true) Starting pod/ip-10-0-191-199us-east-2computeinternal-debug ... To use host binaries, run `chroot /host` Pod IP: 10.0.191.199 If you don't see a command prompt, try pressing enter. 4294967295 Removing debug pod ... ip-10-0-206-123.us-east-2.compute.internal W1026 13:48:04.133077 129897 warnings.go:70] would violate "latest" version of "baseline" PodSecurity profile: host namespaces (hostNetwork=true, hostPID=true), hostPath volumes (volume "host"), privileged (container "container-00" must not set securityContext.privileged=true) Starting pod/ip-10-0-206-123us-east-2computeinternal-debug ... To use host binaries, run `chroot /host` Pod IP: 10.0.206.123 If you don't see a command prompt, try pressing enter. 4294967295 Removing debug pod ... ip-10-0-222-13.us-east-2.compute.internal W1026 13:48:12.475668 129927 warnings.go:70] would violate "latest" version of "baseline" PodSecurity profile: host namespaces (hostNetwork=true, hostPID=true), hostPath volumes (volume "host"), privileged (container "container-00" must not set securityContext.privileged=true) Starting pod/ip-10-0-222-13us-east-2computeinternal-debug ... To use host binaries, run `chroot /host` Pod IP: 10.0.222.13 If you don't see a command prompt, try pressing enter. 4294967295 Removing debug pod ... $ oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.10.0-0.ci-2021-10-26-082859 True False 4h6m Cluster version is 4.10.0-0.ci-2021-10-26-082859
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:0056