Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-44465

rpm package not installed via layered coreos image

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Not a Bug
    • Icon: Major Major
    • None
    • 4.18.0
    • RHCOS
    • None
    • None
    • Proposed
    • False
    • Hide

      None

      Show
      None

      Description of problem:

      we applied a layered coreos image via MC, it rolled out successfully according to the MCP status and rpm-ostree shows the right osImageURL on the node. However, the rpm package wasn't there when checking with rpm cmd and systemd service failed complaining missing binary from the package that's supposed to be installed by layered image.

      Here are the steps followed for layered coreos image creation: https://docs.google.com/document/d/1JGH66DjTO-KKhNzelr2H3ZP9Icjzovq90vYiW4hlPa0/edit?tab=t.0#heading=h.ntjl1vtk5i4y

      MCs:

      os-layer-libreswan-master                                                                     3.2.0             7h45m
      os-layer-libreswan-worker                                                                     3.2.0             7h45m

      Logs: must-gather, systemd logs for pluto and rpm-ostreed

      [^must-gather.tar.gz][^systemd.tar.gz]

      sh-5.1# rpm-ostree status
State: idle
Deployments:
* ostree-unverified-registry:quay.io/zshi/ipsec-rhcos-layered-image:4.17
                   Digest: sha256:d276e2be29f6def53c447b72f1b72fcb0b44d13711337f487ab8c35e9c3eb4da
                  Version: 417.94.202411070820-0 (2024-11-11T09:26:08Z)
sh-5.1# rpm -q libreswan
package libreswan is not installed
sh-5.1# ipsec --version
Libreswan 4.12
sh-5.1# systemctl status ipsec
× ipsec.service - Internet Key Exchange (IKE) Protocol Daemon for IPsec
     Loaded: loaded (/usr/lib/systemd/system/ipsec.service; enabled; preset: disabled)
    Drop-In: /etc/systemd/system/ipsec.service.d
             └─01-after-configure-ovs.conf
     Active: failed (Result: exit-code) since Tue 2024-11-12 08:43:39 UTC; 4h 41min ago
       Docs: man:ipsec(8)
             man:pluto(8)
             man:ipsec.conf(5)
    Process: 98726 ExecStartPre=/usr/libexec/ipsec/addconn --config /etc/ipsec.conf --checkconfig (code=exited, status=0/SUCCESS)
    Process: 98727 ExecStartPre=/usr/libexec/ipsec/_stackmanager start (code=exited, status=0/SUCCESS)
    Process: 98942 ExecStartPre=/usr/sbin/ipsec --checknss (code=exited, status=1/FAILURE)
    Process: 98943 ExecStopPost=/bin/bash -c if test "$EXIT_STATUS" != "12"; then /sbin/ip xfrm policy flush; /sbin/ip xfrm state flush; fi (code=exited, status=0/SUCCESS)
    Process: 98946 ExecStopPost=/usr/sbin/ipsec --stopnflog (code=exited, status=0/SUCCESS)
        CPU: 323msNov 12 08:43:39 hrw-418ipsec2-gxt7f-worker-a-8tlq2 systemd[1]: ipsec.service: Scheduled restart job, restart counter is at 5.
Nov 12 08:43:39 hrw-418ipsec2-gxt7f-worker-a-8tlq2 systemd[1]: Stopped Internet Key Exchange (IKE) Protocol Daemon for IPsec.
Nov 12 08:43:39 hrw-418ipsec2-gxt7f-worker-a-8tlq2 systemd[1]: ipsec.service: Start request repeated too quickly.
Nov 12 08:43:39 hrw-418ipsec2-gxt7f-worker-a-8tlq2 systemd[1]: ipsec.service: Failed with result 'exit-code'.
Nov 12 08:43:39 hrw-418ipsec2-gxt7f-worker-a-8tlq2 systemd[1]: Failed to start Internet Key Exchange (IKE) Protocol Daemon for IPsec.    

      Version-Release number of selected component (if applicable):

      How reproducible:

      Steps to Reproduce:

          1.
    2.
    3.

      Actual results:

      Expected results:

      Additional info:

              Unassigned Unassigned
              pepalani@redhat.com Periyasamy Palanisamy
              Michael Nguyen Michael Nguyen
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: