Description of problem:

Following documentation to enable IPSEC (Full), observed node rollover (MCP) . Noted that nodes seem to accept the latest MCP rollout, daemon pod parses IPSEC/libreswan installation, reports success. IPSEC pods cannot schedule correctly, pluto/libreswan not running. Libreswan RPM not located on host afterwards.

Version-Release number of selected component (if applicable):

4.18.22

How reproducible:

Once cluster - twice in a row, different z-streams of 4.18.

Steps to Reproduce:

• Unclear replicator steps - one cluster impacted repeatedly, unable to configure IPSEC (customer env)

Actual results:

Node returns to READY, but IPSEC/libreswan not installed.

Expected results:

Libreswan installation should succeed, node should become ready with IPSEC 

Additional data:

• Each time this has been attempted, the MCP rollout has been stalled by webhooks and PDB drains - this is a separate issue but does contribute to delayed parsing of machine-config content across all nodes. 

See first comment for logs and reporting. 

Linked customer cases:

04389859 (proactive planning case - has latest MG)

04354482 (previous attempt - failure/rollback - has sosreport/mg/inspects)

04283486 (previous attempt - failure/rollback - has must-gather)