Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-17826

ipsec os extension should be processed before systemd

XMLWordPrintable

    • Quality / Stability / Reliability
    • False
    • Hide

      None

      Show
      None
    • None
    • Moderate
    • No
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      Description of problem:

      Enabling IPSec os extension and ipsec services together results in service not being created by systemd

      Version-Release number of selected component (if applicable):

      4.14.0-0.nightly-2023-08-11-055332

      How reproducible:

      always

      Steps to Reproduce:
      1. apply this MC:

      apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
metadata:
  labels:
    machineconfiguration.openshift.io/role: master
  name: 80-master-ipsec-enable
spec:
  config:
    ignition:
      version: 3.2.0
  extensions:
    - ipsec
  systemd:
    units:
    - name: ipsec.service
      enabled: true

      2. wait for MCP to finish updating

      3. login to one of the nodes and check
      `systemctl --type=service | grep -i ipsec`

       

      Actual results:

      os extension is fine but ipsec.service was not configured by systemd

      Expected results:

        ipsec.service                                                                             loaded active running Internet Key Exchange (IKE) Protocol Daemon for IPsec

      Additional info:

      I believe this is happening because of how MCD apply update

              team-mco Team MCO
              anusaxen Anurag Saxena
              None
              None
              Anurag Saxena Anurag Saxena
              None
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: