2061952 – [4.10.z] Ignition fails to enable systemd units with backslash-escaped characters in their names

Bug 2061952 - [4.10.z] Ignition fails to enable systemd units with backslash-escaped characters in their names

Summary: [4.10.z] Ignition fails to enable systemd units with backslash-escaped charac...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	RHCOS
Sub Component:
Version:	4.10
Hardware:	Unspecified
OS:	Unspecified
Priority:	low
Severity:	medium
Target Milestone:	---
Target Release:	4.10.z
Assignee:	Benjamin Gilbert
QA Contact:	Michael Nguyen
Docs Contact:
URL:
Whiteboard:
Depends On:	1952686 2040195 2042439
Blocks:
TreeView+	depends on / blocked

Reported:	2022-03-08 19:02 UTC by Micah Abbott
Modified:	2022-03-16 11:12 UTC (History)
CC List:	13 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:	2040195
Environment:
Last Closed:	2022-03-16 11:12:06 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2022:0811	0	None	None	None	2022-03-16 11:12:24 UTC

Description Micah Abbott 2022-03-08 19:02:57 UTC

+++ This bug was initially created as a clone of Bug #2040195 +++

As the Assisted Installer Team, when testing RHCOS 410.84.202201102308-0 we are observing the following behaviour of a systemd mount unit

* `"enabled":true` in the ignition
* `disabled` and `inactive` in the booted OS

The unit definition itself seems to be correct, as manually starting it via `systemctl start` does not throw any errors and makes the mount to appear correctly.

The part of ignition defining the unit

```
{"units":[{"contents":"\n[Unit]\nAfter=systemd-tmpfiles-setup.service\n[Mount]\nWhere=/etc/NetworkManager/system-connections-merged\nWhat=overlay\nType=overlay\nOptions=lowerdir=/etc/NetworkManager/system-connections,upperdir=/run/nm-system-connections,workdir=/run/nm-system-connections-work\n[Install]\nWantedBy=multi-user.target\n","enabled":true,"name":"etc-NetworkManager-system\\x2dconnections\\x2dmerged.mount"}]}
```

and respective systemd unit inside the OS

```
[root@extraworker-0 NetworkManager]# systemctl status etc-NetworkManager-system\\x2dconnections\\x2dmerged.mount 
● etc-NetworkManager-system\x2dconnections\x2dmerged.mount - /etc/NetworkManager/system-connections-merged
   Loaded: loaded (/etc/systemd/system/etc-NetworkManager-system\x2dconnections\x2dmerged.mount; disabled; vendor preset: disabled)
   Active: inactive (dead)
    Where: /etc/NetworkManager/system-connections-merged
     What: overlay
```

From the journal it can be seen that the unit was parsed and allegedly enabled

```
[root@extraworker-0 NetworkManager]# journalctl  | grep merged | grep -i network
Jan 12 13:45:55 localhost ignition[1049]: INFO     : files: op(7e): [started]  processing unit "etc-NetworkManager-system\\x2dconnections\\x2dmerged.mount"
Jan 12 13:45:55 localhost ignition[1049]: INFO     : files: op(7e): op(7f): [started]  writing unit "etc-NetworkManager-system\\x2dconnections\\x2dmerged.mount" at "/sysroot/etc/systemd/system/etc-NetworkManager-system\\x2dconnections\\x2dmerged.mount"
Jan 12 13:45:55 localhost ignition[1049]: INFO     : files: op(7e): op(7f): [finished] writing unit "etc-NetworkManager-system\\x2dconnections\\x2dmerged.mount" at "/sysroot/etc/systemd/system/etc-NetworkManager-system\\x2dconnections\\x2dmerged.mount"
Jan 12 13:45:55 localhost ignition[1049]: INFO     : files: op(7e): [finished] processing unit "etc-NetworkManager-system\\x2dconnections\\x2dmerged.mount"
Jan 12 13:45:55 localhost ignition[1049]: INFO     : files: op(a3): [started]  setting preset to enabled for "etc-NetworkManager-system\\x2dconnections\\x2dmerged.mount"
Jan 12 13:45:55 localhost ignition[1049]: INFO     : files: op(a3): [finished] setting preset to enabled for "etc-NetworkManager-system\\x2dconnections\\x2dmerged.mount"
Jan 12 13:45:56 extraworker-0 ignition[1049]: INFO     : files: op(7e): [started]  processing unit "etc-NetworkManager-system\\x2dconnections\\x2dmerged.mount"
Jan 12 13:45:56 extraworker-0 ignition[1049]: INFO     : files: op(7e): op(7f): [started]  writing unit "etc-NetworkManager-system\\x2dconnections\\x2dmerged.mount" at "/sysroot/etc/systemd/system/etc-NetworkManager-system\\x2dconnections\\x2dmerged.mount"
Jan 12 13:45:56 extraworker-0 ignition[1049]: INFO     : files: op(7e): op(7f): [finished] writing unit "etc-NetworkManager-system\\x2dconnections\\x2dmerged.mount" at "/sysroot/etc/systemd/system/etc-NetworkManager-system\\x2dconnections\\x2dmerged.mount"
Jan 12 13:45:56 extraworker-0 ignition[1049]: INFO     : files: op(7e): [finished] processing unit "etc-NetworkManager-system\\x2dconnections\\x2dmerged.mount"
Jan 12 13:45:56 extraworker-0 ignition[1049]: INFO     : files: op(a3): [started]  setting preset to enabled for "etc-NetworkManager-system\\x2dconnections\\x2dmerged.mount"
Jan 12 13:45:56 extraworker-0 ignition[1049]: INFO     : files: op(a3): [finished] setting preset to enabled for "etc-NetworkManager-system\\x2dconnections\\x2dmerged.mount"
```

--- Additional comment from Mat Kowalski on 2022-01-13 08:55:22 UTC ---

Ignition file - http://pastebin.test.redhat.com/1021061
Slack thread in #forum-coreos - https://coreos.slack.com/archives/C999USB0D/p1642002024148700

--- Additional comment from Benjamin Gilbert on 2022-01-13 20:22:42 UTC ---

Complete repro:

{
  "ignition": {
    "version": "3.3.0"
  },
  "storage": {
    "directories": [
      {
        "path": "/etc/NetworkManager/system-connections-merged"
      }
    ]
  },
  "systemd": {
    "units": [
      {
        "contents": "[Mount]\nWhere=/etc/NetworkManager/system-connections-merged\nWhat=tmpfs\nType=tmpfs\n[Install]\nWantedBy=multi-user.target\n",
        "enabled": true,
        "name": "etc-NetworkManager-system\\x2dconnections\\x2dmerged.mount"
      }
    ]
  },
  "passwd": {
    "users": [
      {
        "name": "core",
        "sshAuthorizedKeys": [
          "ssh-rsa ..."
        ]
      }
    ]
  }
}

--- Additional comment from Benjamin Gilbert on 2022-01-13 20:31:15 UTC ---

systemd in RHEL 8.4 does not correctly parse singly-escaped unit names in preset files, which are used by Ignition for unit enablement.  This is fixed in RHEL 8.5, and backport to 8.4 was requested in https://bugzilla.redhat.com/show_bug.cgi?id=1952686#c9.

As a workaround, you could rename the mountpoint (and thus the mount unit) to something that doesn't include dashes.

--- Additional comment from Mat Kowalski on 2022-01-14 09:27:43 UTC ---

Thanks a lot! Given that we have implemented a solution not depending on this mountpoint, this has no urgency for our team any more. Feel free to close it as a duplicate of https://bugzilla.redhat.com/show_bug.cgi?id=1952686 or any other way you handle it internally

--- Additional comment from Benjamin Gilbert on 2022-01-14 17:00:25 UTC ---

Great.  Will leave this open as a tracking bug for now.

--- Additional comment from Micah Abbott on 2022-01-20 14:26:48 UTC ---

Updating the DependsOn to point to the 8.4.z backport BZ#2042439

--- Additional comment from Micah Abbott on 2022-03-08 19:02:08 UTC ---

Need to target this as 4.11, so we can track the 8.4.z fix in RHCOS 4.10.z appropriately

I've updated the Depends On field to point to the 8.5 version of the BZ, to indicate that RHCOS 4.11 should have the fix already included when it moves to RHEL 8.6

Comment 1 Micah Abbott 2022-03-08 19:04:45 UTC

The fixed version of `systemd` (systemd-239-45.el8_4.8) was released as part of https://access.redhat.com/errata/RHBA-2022:0776

This version was included in RHCOS 410.84.202203081640-0 and will part of a future OCP 4.10.z release payload

Comment 4 Michael Nguyen 2022-03-12 03:35:13 UTC

Verified on 4.10.0-0.nightly-2022-03-09-162729 which is running RHCOS  410.84.202203081640-0.  systemd included is 410.84.202203081640-0 

$ oc get clusterversion
NAME      VERSION                              AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.10.0-0.nightly-2022-03-09-162729   True        False         7m46s   Cluster version is 4.10.0-0.nightly-2022-03-09-162729
$ oc get nodes
NAME                                       STATUS   ROLES    AGE   VERSION
ci-ln-4m52ftt-72292-n7t7l-master-0         Ready    master   28m   v1.23.3+e419edf
ci-ln-4m52ftt-72292-n7t7l-master-1         Ready    master   28m   v1.23.3+e419edf
ci-ln-4m52ftt-72292-n7t7l-master-2         Ready    master   28m   v1.23.3+e419edf
ci-ln-4m52ftt-72292-n7t7l-worker-a-mg2qm   Ready    worker   19m   v1.23.3+e419edf
ci-ln-4m52ftt-72292-n7t7l-worker-b-x6nhg   Ready    worker   19m   v1.23.3+e419edf
ci-ln-4m52ftt-72292-n7t7l-worker-c-f5t76   Ready    worker   17m   v1.23.3+e419edf
$ oc debug node/ci-ln-4m52ftt-72292-n7t7l-worker-a-mg2qm
Starting pod/ci-ln-4m52ftt-72292-n7t7l-worker-a-mg2qm-debug ...
To use host binaries, run `chroot /host`
If you don't see a command prompt, try pressing enter.
sh-4.2# chroot /host
sh-4.4# rpm-ostree status
State: idle
Deployments:
* pivot://quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:efa1196e49f37fb21576c13f0db51a1b4ad8e1597b45a8e4d15f8812b9d1a624
              CustomOrigin: Managed by machine-config-operator
                   Version: 410.84.202203081640-0 (2022-03-08T16:44:07Z)

  ostree://b1529f891c792557fd28e040870ab4b8220e65c5416427032701d21147815293
                   Version: 410.84.202201251210-0 (2022-01-25T12:13:24Z)
sh-4.4# rpm -q systemd
systemd-239-45.el8_4.8.x86_64
sh-4.4# exit
exit
sh-4.2# exit
exit

Removing debug pod ...

Comment 6 errata-xmlrpc 2022-03-16 11:12:06 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.10.4 bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:0811

Note You need to log in before you can comment on or make changes to this bug.