-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
4.22
Description of problem:
Version-Release number of selected component (if applicable):
How reproducible:
Steps to Reproduce:
I'll give the instructions of the exact workflow sregidor@redhat.com and I tested.
1.Deploy a fresh 4.22 TP cluster
2.Enable all the available extensions in worker nodes (it should be reproducible if only ipsec is enabled) and wait for them to be installed. It should succeed.
3.Migrate the worker MCP to rhel-10 by setting the .spec.osImageStream.name field to rhel-10 in the worker MCP.
4. Wait for the MCP to fail. The first MCD to run the update should start outputting errors during the rpm-ostree rebase.
Actual results:
The MCP worker pool never finishes the upgrade process as the first MCD fails the rebase.
Expected results:
The worker MCP finishes the rollout of rhel-10 with all the extensions enabled.
Additional info:
I've linked a must-gather with logs of the issue. Check the MachineConfigDaemon pod logs of the worker node to see the error (quay-io-openshift-release-dev-ocp-v4-0-art-dev-sha256-6537051f122e05fb882bbf0c93bd6e64dd18519a084ebbf0e27f6adc9fd1ee9c/namespaces/openshift-machine-config-operator/pods/machine-config-daemon-cxkfg/machine-config-daemon/machine-config-daemon/logs/current.log):
2025-12-22T17:00:24.558377060Z I1222 17:00:24.558305 6608 image_manager_helper.go:126] Linking rpm-ostree authfile to /etc/mco/internal-registry-pull-secret.json2025-12-22T17:00:24.558377060Z I1222 17:00:24.558357 6608 rpm-ostree.go:201] Executing rebase to quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:885c2b0e8f8ff5d32bd0a2e130542abb715f4554140114f89d054e2abe471dc02025-12-22T17:00:24.558377060Z I1222 17:00:24.558367 6608 update.go:2716] Running: rpm-ostree rebase --experimental ostree-unverified-registry:quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:885c2b0e8f8ff5d32bd0a2e130542abb715f4554140114f89d054e2abe471dc02025-12-22T17:00:24.598891221Z Pulling manifest: ostree-unverified-registry:quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:885c2b0e8f8ff5d32bd0a2e130542abb715f4554140114f89d054e2abe471dc02025-12-22T17:00:26.825298424Z Checking out tree 2872eee...done2025-12-22T17:00:26.925488374Z Enabled rpm-md repositories: coreos-extensions2025-12-22T17:00:27.020773451Z Importing rpm-md...done2025-12-22T17:00:27.020818331Z rpm-md repo 'coreos-extensions' (cached); generated: 2025-12-18T00:10:04Z solvables: 2092025-12-22T17:00:27.028183748Z W1222 17:00:27.028132 6608 update.go:2639] Failed to update OS to quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:885c2b0e8f8ff5d32bd0a2e130542abb715f4554140114f89d054e2abe471dc0 (will retry): error running rpm-ostree rebase --experimental ostree-unverified-registry:quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:885c2b0e8f8ff5d32bd0a2e130542abb715f4554140114f89d054e2abe471dc0: error: Packages not found: NetworkManager-libreswan, libreswan2025-12-22T17:00:27.028183748Z : exit status 1
After reviewing the rhel-10 and rhel-9 extension images I've observed that in the rhel-10 two extensions are missing, wasm and ipsec. The first one I've been told it's deprecated so that one is fine, but ipsec is supported. I do not know where in the build chain that extension is getting removed (or not included) from the build.
- blocks
-
MCO-2027 [Dev] Suport extensions in multi-stream
-
- In Progress
-
- links to