See https://github.com/openshift/os/pull/898 A recent PR in the MCO openshift/machine-config-operator#3243 tipped things over the edge and we now see failures a lot more often. For example, in https://bugzilla.redhat.com/show_bug.cgi?id=2104978
*** Bug 2108488 has been marked as a duplicate of this bug. ***
[core@cosa-devsh ~]$ rpm-ostree status State: idle Deployments: ● b5f3cb5e22deb72c001194feee40a7c0607313da03c6322effc2a55c5e3bedf5 Version: 412.86.202207200219-0 (2022-07-20T02:22:48Z) [core@cosa-devsh ~]$ systemctl cat rpm-ostreed # /usr/lib/systemd/system/rpm-ostreed.service [Unit] Description=rpm-ostree System Management Daemon Documentation=man:rpm-ostree(1) ConditionPathExists=/ostree RequiresMountsFor=/boot [Service] Type=dbus BusName=org.projectatomic.rpmostree1 # To use the read-only sysroot bits MountFlags=slave # We have no business accessing /var/roothome or /var/home. In general # the ostree design clearly avoids touching those, but since systemd offers # us easy tools to toggle on protection, let's use them. In the future # it'd be nice to do something like using DynamicUser=yes for the main service, # and have a system rpm-ostreed-transaction.service that runs privileged # but as a subprocess. ProtectHome=true # Explicitly list paths here which we should never access. The initial # entry here ensures that the skopeo process we fork won't interact with # application containers. InaccessiblePaths=/var/lib/containers NotifyAccess=main ExecStart=/usr/bin/rpm-ostree start-daemon ExecReload=/usr/bin/rpm-ostree reload # /usr/lib/systemd/system/rpm-ostreed.service.d/startlimit.conf [Unit] # Work around for lack of https://github.com/coreos/rpm-ostree/pull/3523/commit> # on older RHEL StartLimitBurst=1000
OCP registry.ci.openshift.org/ocp/release:4.12.0-0.nightly-2022-07-21-044416 run RHCOS 412.86.202207200219-0 from comment 3
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.12.0 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:7399