[OCPBUGS-49894] In OCL. Disabling OCL process is not working in clusters with proxy - Red Hat Issue Tracker

Type: Bug
Resolution: Unresolved
Priority: Normal
Fix Version/s: None
Affects Version/s: 4.18
Component/s: Machine Config Operator
Labels:

Severity:
Important
Regression:
No
Story Points:
3
Sprint:
MCO Sprint 266, MCO Sprint 267, MCO Sprint 268, MCO Sprint 269
sprint_count:
4
Release Blocker:
Rejected
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Target Version:

4.19

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Description of problem:

In a cluster using a proxy, when we enable OCL in a MCP and then we disable it, the result is that nodes cannot join the cluster after the reboot.

Version-Release number of selected component (if applicable):

4.18.0-0.nightly-arm64-2025-02-05-055102

How reproducible:

Always

Steps to Reproduce:

    1. Create a MOSC resource to enable OCL in the worker pool
    2. Wait for the osImage to be created and applied to all worker nodes.
    3. Remove the MOSC resource to disable OCL

Actual results:

Nodes are rebooted, and after the reboot they cannot join the cluster and remain in NotReady status

$ oc get nodes
NAME                          STATUS                        ROLES                  AGE     VERSION
ip-10-0-50-26.ec2.internal    Ready                         control-plane,master   3h20m   v1.31.4
ip-10-0-54-149.ec2.internal   NotReady,SchedulingDisabled   worker                 3h11m   v1.31.4
ip-10-0-75-192.ec2.internal   Ready                         worker                 3h11m   v1.31.4
ip-10-0-78-138.ec2.internal   Ready                         control-plane,master   3h20m   v1.31.4
ip-10-0-88-130.ec2.internal   Ready                         control-plane,master   3h20m   v1.31.4


If we access the broken nodes via ssh, we can see that the machine-config-daemon-revert.service service is failing.

[core@ip-10-0-49-2 ~]$ journalctl  -u machine-config-daemon-revert.service
Feb 05 14:53:42 ip-10-0-49-2 systemd[1]: machine-config-daemon-revert.service: Failed to load environment files: No such file or directory
Feb 05 14:53:42 ip-10-0-49-2 systemd[1]: machine-config-daemon-revert.service: Failed to run 'start-pre' task: No such file or directory
Feb 05 14:53:42 ip-10-0-49-2 systemd[1]: machine-config-daemon-revert.service: Failed with result 'resources'.
Feb 05 14:53:42 ip-10-0-49-2 systemd[1]: Failed to start Machine Config Daemon Revert.
[core@ip-10-0-49-2 ~]$ ls /etc/mco/

The reason is that the file /etc/mco/proxy.env file does not exist in the node.

[core@ip-10-0-49-2 ~]$ ls /etc/mco/
internal-registry-pull-secret.json  machineconfig-revert.json

Expected results:

When we remove the MOSC resource, OCL should be disabled and the nodes should stop using the layered image without problems.

Additional info:

We don't see this issue happening in clusters that do not use a proxy configuration.


The issue is causing this job to fail https://qe-private-deck-ci.apps.ci.l2s4.p1.openshiftapps.com/job-history/gs/qe-private-deck/logs/periodic-ci-openshift-openshift-tests-private-release-4.18-arm64-nightly-aws-ipi-longrun-mco-proxy-fips-p1-f28

links to

openshift/machine-config-operator#4833: OCPBUGS-49894: Ensure proxy config exists when reverting from OCL to non-OCL

RHEA-2024:11038 OpenShift Container Platform 4.19.z bug fix update

Assignee:: Zack Zlotnik

Reporter:: Sergio Regidor de la Rosa

QA Contact:: Sergio Regidor de la Rosa

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Created:: 2025/02/05 5:50 PM

Updated:: 2025/04/22 7:04 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates

Hide