2040195 – Ignition fails to enable systemd units with backslash-escaped characters in their names

Bug 2040195 - Ignition fails to enable systemd units with backslash-escaped characters in their names

Summary: Ignition fails to enable systemd units with backslash-escaped characters in t...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	RHCOS
Sub Component:
Version:	4.10
Hardware:	Unspecified
OS:	Unspecified
Priority:	low
Severity:	medium
Target Milestone:	---
Target Release:	4.11.0
Assignee:	Benjamin Gilbert
QA Contact:	HuijingHei
Docs Contact:
URL:
Whiteboard:
Depends On:	1952686
Blocks:	2061952
TreeView+	depends on / blocked

Reported:	2022-01-13 08:54 UTC by Mat Kowalski
Modified:	2022-08-10 10:42 UTC (History)
CC List:	12 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Clones:	2061952 (view as bug list)
Environment:
Last Closed:	2022-08-10 10:42:08 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	openshift os issues 665	0	None	open	swap not being enabled when configured via Ignition	2022-01-13 20:31:14 UTC
Github	systemd systemd pull 12053	0	None	Merged	shared/install: Preserve escape characters for escaped unit names	2022-01-13 20:31:14 UTC
Red Hat Bugzilla	2030289	1	unspecified	CLOSED	SNO with static IPv6 address is unreachable when booting from the internal drive for the first time	2022-10-03 20:33:53 UTC
Red Hat Issue Tracker	MGMT-8894	0	None	None	None	2022-01-13 08:54:16 UTC
Red Hat Product Errata	RHSA-2022:5069	0	None	None	None	2022-08-10 10:42:38 UTC

Description Mat Kowalski 2022-01-13 08:54:16 UTC

As the Assisted Installer Team, when testing RHCOS 410.84.202201102308-0 we are observing the following behaviour of a systemd mount unit

* `"enabled":true` in the ignition
* `disabled` and `inactive` in the booted OS

The unit definition itself seems to be correct, as manually starting it via `systemctl start` does not throw any errors and makes the mount to appear correctly.

The part of ignition defining the unit

```
{"units":[{"contents":"\n[Unit]\nAfter=systemd-tmpfiles-setup.service\n[Mount]\nWhere=/etc/NetworkManager/system-connections-merged\nWhat=overlay\nType=overlay\nOptions=lowerdir=/etc/NetworkManager/system-connections,upperdir=/run/nm-system-connections,workdir=/run/nm-system-connections-work\n[Install]\nWantedBy=multi-user.target\n","enabled":true,"name":"etc-NetworkManager-system\\x2dconnections\\x2dmerged.mount"}]}
```

and respective systemd unit inside the OS

```
[root@extraworker-0 NetworkManager]# systemctl status etc-NetworkManager-system\\x2dconnections\\x2dmerged.mount 
● etc-NetworkManager-system\x2dconnections\x2dmerged.mount - /etc/NetworkManager/system-connections-merged
   Loaded: loaded (/etc/systemd/system/etc-NetworkManager-system\x2dconnections\x2dmerged.mount; disabled; vendor preset: disabled)
   Active: inactive (dead)
    Where: /etc/NetworkManager/system-connections-merged
     What: overlay
```

From the journal it can be seen that the unit was parsed and allegedly enabled

```
[root@extraworker-0 NetworkManager]# journalctl  | grep merged | grep -i network
Jan 12 13:45:55 localhost ignition[1049]: INFO     : files: op(7e): [started]  processing unit "etc-NetworkManager-system\\x2dconnections\\x2dmerged.mount"
Jan 12 13:45:55 localhost ignition[1049]: INFO     : files: op(7e): op(7f): [started]  writing unit "etc-NetworkManager-system\\x2dconnections\\x2dmerged.mount" at "/sysroot/etc/systemd/system/etc-NetworkManager-system\\x2dconnections\\x2dmerged.mount"
Jan 12 13:45:55 localhost ignition[1049]: INFO     : files: op(7e): op(7f): [finished] writing unit "etc-NetworkManager-system\\x2dconnections\\x2dmerged.mount" at "/sysroot/etc/systemd/system/etc-NetworkManager-system\\x2dconnections\\x2dmerged.mount"
Jan 12 13:45:55 localhost ignition[1049]: INFO     : files: op(7e): [finished] processing unit "etc-NetworkManager-system\\x2dconnections\\x2dmerged.mount"
Jan 12 13:45:55 localhost ignition[1049]: INFO     : files: op(a3): [started]  setting preset to enabled for "etc-NetworkManager-system\\x2dconnections\\x2dmerged.mount"
Jan 12 13:45:55 localhost ignition[1049]: INFO     : files: op(a3): [finished] setting preset to enabled for "etc-NetworkManager-system\\x2dconnections\\x2dmerged.mount"
Jan 12 13:45:56 extraworker-0 ignition[1049]: INFO     : files: op(7e): [started]  processing unit "etc-NetworkManager-system\\x2dconnections\\x2dmerged.mount"
Jan 12 13:45:56 extraworker-0 ignition[1049]: INFO     : files: op(7e): op(7f): [started]  writing unit "etc-NetworkManager-system\\x2dconnections\\x2dmerged.mount" at "/sysroot/etc/systemd/system/etc-NetworkManager-system\\x2dconnections\\x2dmerged.mount"
Jan 12 13:45:56 extraworker-0 ignition[1049]: INFO     : files: op(7e): op(7f): [finished] writing unit "etc-NetworkManager-system\\x2dconnections\\x2dmerged.mount" at "/sysroot/etc/systemd/system/etc-NetworkManager-system\\x2dconnections\\x2dmerged.mount"
Jan 12 13:45:56 extraworker-0 ignition[1049]: INFO     : files: op(7e): [finished] processing unit "etc-NetworkManager-system\\x2dconnections\\x2dmerged.mount"
Jan 12 13:45:56 extraworker-0 ignition[1049]: INFO     : files: op(a3): [started]  setting preset to enabled for "etc-NetworkManager-system\\x2dconnections\\x2dmerged.mount"
Jan 12 13:45:56 extraworker-0 ignition[1049]: INFO     : files: op(a3): [finished] setting preset to enabled for "etc-NetworkManager-system\\x2dconnections\\x2dmerged.mount"
```

Comment 2 Benjamin Gilbert 2022-01-13 20:22:42 UTC

Complete repro:

{
  "ignition": {
    "version": "3.3.0"
  },
  "storage": {
    "directories": [
      {
        "path": "/etc/NetworkManager/system-connections-merged"
      }
    ]
  },
  "systemd": {
    "units": [
      {
        "contents": "[Mount]\nWhere=/etc/NetworkManager/system-connections-merged\nWhat=tmpfs\nType=tmpfs\n[Install]\nWantedBy=multi-user.target\n",
        "enabled": true,
        "name": "etc-NetworkManager-system\\x2dconnections\\x2dmerged.mount"
      }
    ]
  },
  "passwd": {
    "users": [
      {
        "name": "core",
        "sshAuthorizedKeys": [
          "ssh-rsa ..."
        ]
      }
    ]
  }
}

Comment 3 Benjamin Gilbert 2022-01-13 20:31:15 UTC

systemd in RHEL 8.4 does not correctly parse singly-escaped unit names in preset files, which are used by Ignition for unit enablement.  This is fixed in RHEL 8.5, and backport to 8.4 was requested in https://bugzilla.redhat.com/show_bug.cgi?id=1952686#c9.

As a workaround, you could rename the mountpoint (and thus the mount unit) to something that doesn't include dashes.

Comment 4 Mat Kowalski 2022-01-14 09:27:43 UTC

Thanks a lot! Given that we have implemented a solution not depending on this mountpoint, this has no urgency for our team any more. Feel free to close it as a duplicate of https://bugzilla.redhat.com/show_bug.cgi?id=1952686 or any other way you handle it internally

Comment 5 Benjamin Gilbert 2022-01-14 17:00:25 UTC

Great.  Will leave this open as a tracking bug for now.

Comment 7 Micah Abbott 2022-03-08 19:02:08 UTC

Need to target this as 4.11, so we can track the 8.4.z fix in RHCOS 4.10.z appropriately

I've updated the Depends On field to point to the 8.5 version of the BZ, to indicate that RHCOS 4.11 should have the fix already included when it moves to RHEL 8.6

Comment 9 Timothée Ravier 2022-07-19 16:04:41 UTC

RHCOS has moved to RHEL 8.6 in 4.11 and the fix has landed in 8.4 thus in 4.10 too now.

Comment 10 HuijingHei 2022-07-20 08:01:29 UTC

Verify passed with 411.86.202207150124-0

$ cosa run --qemu-image rhcos-411.86.202207150124-0-qemu.x86_64.qcow2 -B fedora-coreos-config/tests/kola/root-reprovision/swap-before-root/config.bu --memory 4096
2022-07-20T07:47:17Z platform/conf: warnings parsing config: warning at $.storage.disks.0.partitions.1.label, line 13 col 18: incorrect partition number; a new partition will be created using reserved label
Red Hat Enterprise Linux CoreOS 411.86.202207150124-0
  Part of OpenShift 4.11, RHCOS is a Kubernetes native operating system
  managed by the Machine Config Operator (`clusteroperator/machine-config`).

WARNING: Direct SSH access to machines is not recommended; instead,
make configuration changes via `machineconfig` objects:
  https://docs.openshift.com/container-platform/4.11/architecture/architecture-rhcos.html

---
[core@cosa-devsh ~]$ rpm -q systemd
systemd-239-58.el8.x86_64
[core@cosa-devsh ~]$ rpm-ostree status
State: idle
Deployments:
● 402f4bed4f73ad9f5be12efa5398d434bd6ddc568552c9456b1a36c173c8a06a
                   Version: 411.86.202207150124-0 (2022-07-15T01:27:45Z)
[core@cosa-devsh ~]$ systemctl status dev-disk-by\\x2dpartlabel-swap.swap
● dev-disk-by\x2dpartlabel-swap.swap - /dev/disk/by-partlabel/swap
   Loaded: loaded (/etc/systemd/system/dev-disk-by\x2dpartlabel-swap.swap; enabled; vendor preset: enabled)
   Active: active since Wed 2022-07-20 07:49:52 UTC; 2min 35s ago
     What: /dev/disk/by-partlabel/swap
    Tasks: 0 (limit: 24504)
   Memory: 64.0K
   CGroup: /system.slice/dev-disk-by\x2dpartlabel-swap.swap

Jul 20 07:49:52 localhost systemd[1]: Activated swap /dev/disk/by-partlabel/swap.

Comment 14 errata-xmlrpc 2022-08-10 10:42:08 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: OpenShift Container Platform 4.11.0 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:5069

Note You need to log in before you can comment on or make changes to this bug.