Red Hat Summit Red Hat SummitSupportoConsoleSviluppatoriInizia una provaContatti

Questo contenuto non è disponibile nella lingua selezionata.

Chapter 5. Updated boot images

The Machine Config Operator (MCO) uses a boot image to start a Red Hat Enterprise Linux CoreOS (RHCOS) node. By default, OpenShift Container Platform does not manage the boot image.

This means that the boot image in your cluster is not updated along with your cluster. For example, if your cluster was originally created with OpenShift Container Platform 4.12, the boot image that the cluster uses to create nodes is the same 4.12 version, even if your cluster is at a later version. If the cluster is later upgraded to 4.13 or later, new nodes continue to scale with the same 4.12 image.

This process could cause the following issues:

  • Extra time to start nodes
  • Certificate expiration issues
  • Version skew issues

To avoid these issues, you can configure your cluster to update the boot image whenever you update your cluster. By modifying the MachineConfiguration object, you can enable this feature. Currently, the ability to update the boot image is available for only Google Cloud Platform (GCP) and Amazon Web Services (AWS) clusters. It is not supported for clusters managed by the Cluster CAPI Operator.

If you are not using the default user data secret, named worker-user-data, in your machine set, or you have modified the worker-user-data secret, you should not use managed boot image updates. This is because the Machine Config Operator (MCO) updates the machine set to use a managed version of the secret. By using the managed boot images feature, you are giving up the capability to customize the secret stored in the machine set object.

To view the current boot image used in your cluster, examine a machine set.

Note

The location and format of the boot image within the machine set differs, based on the platform. However, the boot image is always listed in the spec.template.spec.providerSpec. parameter.

Example GCP machine set with the boot image reference

apiVersion: machine.openshift.io/v1beta1
kind: MachineSet
metadata:
  name: ci-ln-hmy310k-72292-5f87z-worker-a
  namespace: openshift-machine-api
spec:
# ...
  template:
# ...
    spec:
# ...
      providerSpec:
# ...
        value:
          disks:
          - autoDelete: true
            boot: true
            image: projects/rhcos-cloud/global/images/rhcos-412-85-202203181601-0-gcp-x86-64
1 

# ...
Copy to Clipboard Toggle word wrap

1
This boot image is the same as the originally-installed OpenShift Container Platform version, in this example OpenShift Container Platform 4.12, regardless of the current version of the cluster. The way that the boot image is represented in the machine set depends on the platform, as the structure of the providerSpec field differs from platform to platform.

Example AWS machine set with the boot image reference

apiVersion: machine.openshift.io/v1beta1
kind: MachineSet
metadata:
  name: ci-ln-hmy310k-72292-5f87z-worker-a
  namespace: openshift-machine-api
spec:
# ...
  template:
# ...
    spec:
# ...
      providerSpec:
         value:
          ami:
            id: ami-0e8fd9094e487d1ff
# ...
Copy to Clipboard Toggle word wrap

If you configure your cluster to update your boot images, the boot image referenced in your machine sets matches the current version of the cluster.

5.1. Configuring updated boot images
Copia collegamento

By default, OpenShift Container Platform does not manage the boot image. You can configure your cluster to update the boot image whenever you update your cluster by modifying the MachineConfiguration object.

Currently, the ability to update the boot image is available for only Google Cloud Platform (GCP) and Amazon Web Services (AWS) clusters. It is not supported for clusters managed by the Cluster CAPI Operator.

Procedure

  1. Edit the MachineConfiguration object, named cluster, to enable the updating of boot images by running the following command: 

    $ oc edit MachineConfiguration cluster
    Copy to Clipboard Toggle word wrap

    • Optional: Configure the boot image update feature for all the machine sets: 

      apiVersion: operator.openshift.io/v1
kind: MachineConfiguration
metadata:
  name: cluster
  namespace: openshift-machine-config-operator
spec:
# ...
  managedBootImages:
      1 
      
    machineManagers:
    - resource: machinesets
      apiGroup: machine.openshift.io
      selection:
        mode: All
      2
      Copy to Clipboard Toggle word wrap
      1
      Activates the boot image update feature.
      2
      Specifies that all the machine sets in the cluster are to be updated.

    • Optional: Configure the boot image update feature for specific machine sets: 

      apiVersion: operator.openshift.io/v1
kind: MachineConfiguration
metadata:
  name: cluster
  namespace: openshift-machine-config-operator
spec:
# ...
  managedBootImages:
      1 
      
    machineManagers:
    - resource: machinesets
      apiGroup: machine.openshift.io
      selection:
        mode: Partial
        partial:
          machineResourceSelector:
            matchLabels:
              update-boot-image: "true"
      2
      Copy to Clipboard Toggle word wrap
      1
      Activates the boot image update feature.
      2
      Specifies that any machine set with this label is to be updated.
      Tip

      If an appropriate label is not present on the machine set, add a key-value pair by running a command similar to following: 

      $ oc label machineset.machine ci-ln-hmy310k-72292-5f87z-worker-a update-boot-image=true -n openshift-machine-api
      Copy to Clipboard Toggle word wrap

Verification

  1. View the current state of the boot image updates by viewing the machine configuration object: 

    $ oc get machineconfiguration cluster -n openshift-machine-api -o yaml
    Copy to Clipboard Toggle word wrap

    Example machine set with the boot image reference

    kind: MachineConfiguration
metadata:
  name: cluster
# ...
status:
  conditions:
  - lastTransitionTime: "2024-09-09T13:51:37Z"
    1 
    
    message: Reconciled 1 of 2 MAPI MachineSets | Reconciled 0 of 0 CAPI MachineSets
      | Reconciled 0 of 0 CAPI MachineDeployments
    reason: BootImageUpdateConfigurationAdded
    status: "True"
    type: BootImageUpdateProgressing
  - lastTransitionTime: "2024-09-09T13:51:37Z"
    2 
    
    message: 0 Degraded MAPI MachineSets | 0 Degraded CAPI MachineSets | 0 CAPI MachineDeployments
    reason: BootImageUpdateConfigurationAdded
    status: "False"
    type: BootImageUpdateDegraded
    Copy to Clipboard Toggle word wrap

    1
    Status of the boot image update. Cluster CAPI Operator machine sets and machine deployments are not currently supported for boot image updates.
    2
    Indicates if any boot image updates failed. If any of the updates fail, the Machine Config Operator is degraded. In this case, manual intervention might be required.

  2. Get the boot image version by running the following command: 

    $ oc get machinesets <machineset_name> -n openshift-machine-api -o yaml
    Copy to Clipboard Toggle word wrap

    Example machine set with the boot image reference

    apiVersion: machine.openshift.io/v1beta1
kind: MachineSet
metadata:
  labels:
    machine.openshift.io/cluster-api-cluster: ci-ln-77hmkpt-72292-d4pxp
    update-boot-image: "true"
  name: ci-ln-77hmkpt-72292-d4pxp-worker-a
  namespace: openshift-machine-api
spec:
# ...
  template:
# ...
    spec:
# ...
      providerSpec:
# ...
        value:
          disks:
          - autoDelete: true
            boot: true
            image: projects/rhcos-cloud/global/images/<boot_image>
    1 
    
# ...
    Copy to Clipboard Toggle word wrap

    1
    This boot image is the same as the current OpenShift Container Platform version. The location and format of the boot image within the machine set differs, based on the platform. However, the boot image is always listed in the spec.template.spec.providerSpec. parameter.

5.2. Disabling updated boot images
Copia collegamento

To disable the updated boot image feature, edit the MachineConfiguration object so that the machineManagers field is an empty array.

Note

If you are updating a Google Cloud Platform (GCP) or Amazon Web Services (AWS) cluster from OpenShift Container Platform 4.18 to 4.19, and you have not configured the managedBootImages parameter, the update is blocked with a This cluster is GCP or AWS but lacks a boot image configuration. message. The update is blocked intentionally on GCP or AWS clusters in order to alert you that the default updated boot image behavior is changing between version 4.18 and 4.19 to enable updated boot images by default on those platforms .

To allow the update, perform one of the following tasks:

  • If you want to allow the feature to be enabled, acknowledge that you are aware of the change in default behavior by patching the admin-acks config map by using the following command: 

    $ oc -n openshift-config patch cm admin-acks --patch '{"data":{"ack-4.18-boot-image-opt-out-in-4.19":"true"}}' --type=merge
    Copy to Clipboard Toggle word wrap
  • If you do not want the updated boot image feature enabled, explicitly disable the feature by using the following procedure.

It is important to note that if you use boot images from the AWS Marketplace or the GCP Marketplace, enabling the updated boot image feature overwrites those images with a standard Red Hat Enterprise Linux CoreOS (RHCOS) image. You should explicitly disable this feature and not patch the admin-acks config map. If you accidentally enable the updated boot image feature, you can disable it by using the following procedure. Then, replace the marketplace boot images by modifying the compute machine sets, as described in Modifying a compute machine set.

If you disable this feature after some nodes have been created with the new boot image version, any existing nodes retain their current boot image. Turning off this feature does not rollback the nodes or machine sets to the originally-installed boot image. The machine sets retain the boot image version that was present when the feature was enabled and is not updated again when the cluster is upgraded to a new OpenShift Container Platform version in the future.

Procedure

  1. Disable updated boot images by editing the MachineConfiguration object: 

    $ oc edit MachineConfiguration cluster
    Copy to Clipboard Toggle word wrap

  2. Make the machineManagers parameter an empty array: 

    apiVersion: operator.openshift.io/v1
kind: MachineConfiguration
metadata:
  name: cluster
  namespace: openshift-machine-config-operator
spec:
# ...
  managedBootImages:
    1 
    
    machineManagers: []
    Copy to Clipboard Toggle word wrap
    1
    Remove the parameters listed under machineManagers and add the [] characters to disable boot image updates.
Torna in cima
Red Hat logoGithubredditYoutubeTwitter

Formazione

Prova, acquista e vendi

Community

Informazioni sulla documentazione di Red Hat

Aiutiamo gli utenti Red Hat a innovarsi e raggiungere i propri obiettivi con i nostri prodotti e servizi grazie a contenuti di cui possono fidarsi. Esplora i nostri ultimi aggiornamenti.

Rendiamo l’open source più inclusivo

Red Hat si impegna a sostituire il linguaggio problematico nel codice, nella documentazione e nelle proprietà web. Per maggiori dettagli, visita il Blog di Red Hat.

Informazioni su Red Hat

Forniamo soluzioni consolidate che rendono più semplice per le aziende lavorare su piattaforme e ambienti diversi, dal datacenter centrale all'edge della rete.

Theme

© 2025 Red Hat