2108320 – rpm-ostreed: start limit hit easily

Bug 2108320 - rpm-ostreed: start limit hit easily

Summary: rpm-ostreed: start limit hit easily

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	RHCOS
Sub Component:
Version:	4.12
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	---
Target Release:	4.12.0
Assignee:	Colin Walters
QA Contact:	Michael Nguyen
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	2108488 (view as bug list)
Depends On:
Blocks:	2108686
TreeView+	depends on / blocked

Reported:	2022-07-18 20:38 UTC by Colin Walters
Modified:	2023-01-17 19:53 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2023-01-17 19:53:01 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Github	openshift os pull 898	None	open	Greatly raise `StartLimitBurst` for `rpm-ostreed.service`	2022-07-18 20:38:21 UTC
Red Hat Bugzilla	2104978	medium	CLOSED	MCD degrades are not overwrite-able by subsequent errors	2023-05-17 22:47:12 UTC
Red Hat Product Errata	RHSA-2022:7399	None	None	None	2023-01-17 19:53:15 UTC

Description Colin Walters 2022-07-18 20:38:22 UTC

See https://github.com/openshift/os/pull/898

A recent PR in the MCO openshift/machine-config-operator#3243
tipped things over the edge and we now see failures a lot more often.

For example, in https://bugzilla.redhat.com/show_bug.cgi?id=2104978

Comment 1 Sinny Kumari 2022-07-19 13:14:55 UTC

*** Bug 2108488 has been marked as a duplicate of this bug. ***

Comment 3 Michael Nguyen 2022-07-21 13:39:16 UTC

[core@cosa-devsh ~]$ rpm-ostree status
State: idle
Deployments:
● b5f3cb5e22deb72c001194feee40a7c0607313da03c6322effc2a55c5e3bedf5
                   Version: 412.86.202207200219-0 (2022-07-20T02:22:48Z)

[core@cosa-devsh ~]$ systemctl cat rpm-ostreed
# /usr/lib/systemd/system/rpm-ostreed.service
[Unit]
Description=rpm-ostree System Management Daemon
Documentation=man:rpm-ostree(1)
ConditionPathExists=/ostree
RequiresMountsFor=/boot

[Service]
Type=dbus
BusName=org.projectatomic.rpmostree1
# To use the read-only sysroot bits
MountFlags=slave
# We have no business accessing /var/roothome or /var/home.  In general
# the ostree design clearly avoids touching those, but since systemd offers
# us easy tools to toggle on protection, let's use them.  In the future
# it'd be nice to do something like using DynamicUser=yes for the main service,
# and have a system rpm-ostreed-transaction.service that runs privileged
# but as a subprocess.
ProtectHome=true
# Explicitly list paths here which we should never access.  The initial
# entry here ensures that the skopeo process we fork won't interact with
# application containers.
InaccessiblePaths=/var/lib/containers
NotifyAccess=main
ExecStart=/usr/bin/rpm-ostree start-daemon
ExecReload=/usr/bin/rpm-ostree reload

# /usr/lib/systemd/system/rpm-ostreed.service.d/startlimit.conf
[Unit]
# Work around for lack of https://github.com/coreos/rpm-ostree/pull/3523/commit>
# on older RHEL
StartLimitBurst=1000

Comment 4 Michael Nguyen 2022-07-21 13:59:09 UTC

OCP registry.ci.openshift.org/ocp/release:4.12.0-0.nightly-2022-07-21-044416 run RHCOS 412.86.202207200219-0 from comment 3

Comment 7 errata-xmlrpc 2023-01-17 19:53:01 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.12.0 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:7399

Note You need to log in before you can comment on or make changes to this bug.