Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-38809

New nodes scaled using 4.5 base image cannot join the cluster if techpreview is enabled

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Normal Normal
    • 4.19.0
    • 4.17
    • Node / CRI-O
    • Quality / Stability / Reliability
    • False
    • Hide

      None

      Show
      None
    • None
    • Moderate
    • None
    • None
    • None
    • OCP Node Sprint 258 (Blue), OCP Node Sprint 264 (Blue), OCP Node Sprint 265 (Blue)
    • 3
    • Proposed
    • Bug Fix
    • Hide
      * Previously, for a Technology Preview-enabled cluster with Sigstore verification for payload images in `policy.json`, the Podman version in the base image did not support Sigstore configuration, so the new node is not available. With this release, the issue is fixed and the node is available. (link:https://issues.redhat.com/browse/OCPBUGS-38809[OCPBUGS-38809])
      Show
      * Previously, for a Technology Preview-enabled cluster with Sigstore verification for payload images in `policy.json`, the Podman version in the base image did not support Sigstore configuration, so the new node is not available. With this release, the issue is fixed and the node is available. (link: https://issues.redhat.com/browse/OCPBUGS-38809 [ OCPBUGS-38809 ])
    • None
    • None
    • None
    • None

      Description of problem:Description of problem:

      When we enable techpreview and we try to scale up a new node using a 4.5 base image, the node cannot join the cluster

      Version-Release number of selected component (if applicable):

          
    IPI on AWS
$ oc get clusterversion
NAME      VERSION                              AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.17.0-0.nightly-2024-08-19-165854   True        False         5h25m   Cluster version is 4.17.0-0.nightly-2024-08-19-165854

      How reproducible:

      Always

      Steps to Reproduce:

          1. Create a new machineset using a 4.5 base image and a 2.2.0 ignition version
    
    Detailed commands to create this machineset can be found here: [OCP-52822-Create new config resources with 2.2.0 ignition boot image nodes|https://polarion.engineering.redhat.com/polarion/#/project/OSE/workitem?id=OCP-52822]
    
    
    2. Scale up this machineset to create a new worker node

      Actual results:

          The node cannot join the cluster. We can find this message in the machine-config-daemon-pull.service in the failed node
    
    Wed 2024-08-21 13:02:19 UTC ip-10-0-29-231 machine-config-daemon-pull.service[1971]: time="2024-08-21T13:02:19Z" level=warning msg="skip_mount_home option is no longer supported, ignoring option"
Wed 2024-08-21 13:02:20 UTC ip-10-0-29-231 machine-config-daemon-pull.service[1971]: Error: error pulling image "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2a0afcde0e240601cb4a761e95f8311984b02ee76f827527d425670be3a39797": unable to pull quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2a0afcde0e240601cb4a761e95f8311984b02ee76f827527d425670be3a39797: invalid policy in "/etc/containers/policy.json": Unknown policy requirement type "sigstoreSigned"

      Expected results:

          Nodes should join the cluster

      Additional info:

          If techpreview is not enabled, the node can join the cluster without problems
    
    The podman version in a 4.5 base image is:
    
$ podman version
WARN[0000] skip_mount_home option is no longer supported, ignoring option 
Version:            1.9.3
RemoteAPI Version:  1
Go Version:         go1.13.4
OS/Arch:            linux/amd64

              qiwan233 Qi Wang
              sregidor@redhat.com Sergio Regidor de la Rosa
              None
              None
              Min Li Min Li
              None
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated:
                Resolved: