diff --git a/templates/common/_base/units/crio.service.yaml b/templates/common/_base/units/crio.service.yaml index 13d11f6f5f..30f557ee12 100644 --- a/templates/common/_base/units/crio.service.yaml +++ b/templates/common/_base/units/crio.service.yaml @@ -1,5 +1,10 @@ name: crio.service dropins: + - name: 05-mco-ordering.conf + contents: | + [Unit] + After=kubelet-dependencies.target + Requires=kubelet-dependencies.target - name: 10-mco-default-madv.conf contents: | [Service] diff --git a/templates/common/_base/units/firstboot-osupdate.target b/templates/common/_base/units/firstboot-osupdate.target new file mode 100644 index 0000000000..691670cd40 --- /dev/null +++ b/templates/common/_base/units/firstboot-osupdate.target @@ -0,0 +1,11 @@ +name: firstboot-osupdate.target +enabled: true +contents: | + [Unit] + Description=The firstboot OS update has completed + Documentation=https://github.com/openshift/machine-config-operator/ + Requires=basic.target + + [Install] + WantedBy=default.target + diff --git a/templates/common/_base/units/kubelet-auto-node-size.service.yaml b/templates/common/_base/units/kubelet-auto-node-size.service.yaml index 96485f4390..4c5dd79072 100644 --- a/templates/common/_base/units/kubelet-auto-node-size.service.yaml +++ b/templates/common/_base/units/kubelet-auto-node-size.service.yaml @@ -4,8 +4,9 @@ contents: | [Unit] Description=Dynamically sets the system reserved for the kubelet Wants=network-online.target - After=network-online.target ignition-firstboot-complete.service - Before=kubelet.service crio.service + After=network-online.target firstboot-osupdate.target + Before=kubelet-dependencies.target + [Service] # Need oneshot to delay kubelet Type=oneshot @@ -13,4 +14,4 @@ contents: | EnvironmentFile=/etc/node-sizing-enabled.env ExecStart=/bin/bash /usr/local/sbin/dynamic-system-reserved-calc.sh ${NODE_SIZING_ENABLED} ${SYSTEM_RESERVED_MEMORY} ${SYSTEM_RESERVED_CPU} ${SYSTEM_RESERVED_ES} [Install] - RequiredBy=kubelet.service + RequiredBy=kubelet-dependencies.target diff --git a/templates/common/_base/units/kubelet-dependencies.target.yaml b/templates/common/_base/units/kubelet-dependencies.target.yaml new file mode 100644 index 0000000000..dcfe2f7dbb --- /dev/null +++ b/templates/common/_base/units/kubelet-dependencies.target.yaml @@ -0,0 +1,8 @@ +name: kubelet-dependencies.target +contents: | + [Unit] + Description=Dependencies necessary to run kubelet + Documentation=https://github.com/openshift/machine-config-operator/ + Requires=basic.target network-online.target + Wants=NetworkManager-wait-online.service crio-wipe.service + Wants=rpc-statd.service diff --git a/templates/common/_base/units/machine-config-daemon-firstboot.service.yaml b/templates/common/_base/units/machine-config-daemon-firstboot.service.yaml index a4d017e5b3..7ef8a4a81b 100644 --- a/templates/common/_base/units/machine-config-daemon-firstboot.service.yaml +++ b/templates/common/_base/units/machine-config-daemon-firstboot.service.yaml @@ -8,7 +8,7 @@ contents: | # Removal of this file signals firstboot completion ConditionPathExists=/etc/ignition-machine-config-encapsulated.json After=machine-config-daemon-pull.service - Before=crio.service kubelet.service + Before=kubelet-dependencies.target [Service] Type=oneshot @@ -23,5 +23,4 @@ contents: | {{end -}} [Install] - WantedBy=multi-user.target - RequiredBy=crio.service kubelet.service + RequiredBy=firstboot-osupdate.target diff --git a/templates/common/_base/units/machine-config-daemon-pull.service.yaml b/templates/common/_base/units/machine-config-daemon-pull.service.yaml index 51b834c4df..3af85da534 100644 --- a/templates/common/_base/units/machine-config-daemon-pull.service.yaml +++ b/templates/common/_base/units/machine-config-daemon-pull.service.yaml @@ -9,8 +9,8 @@ contents: | # machine-config-daemon-firstboot.service ConditionPathExists=/etc/ignition-machine-config-encapsulated.json # Run after crio-wipe so the pulled MCD image is protected against a corrupted storage from a forced shutdown - Wants=network-online.target crio-wipe.service - After=network-online.target crio-wipe.service + Wants=crio-wipe.service NetworkManager-wait-online.service + After=crio-wipe.service NetworkManager-wait-online.service network.service [Service] Type=oneshot diff --git a/templates/common/_base/units/mtu-migration.service.yaml b/templates/common/_base/units/mtu-migration.service.yaml index 4913064e6e..1ea26b1f8a 100644 --- a/templates/common/_base/units/mtu-migration.service.yaml +++ b/templates/common/_base/units/mtu-migration.service.yaml @@ -7,7 +7,7 @@ contents: | Requires=openvswitch.service ovs-configuration.service Wants=NetworkManager-wait-online.service After=NetworkManager-wait-online.service openvswitch.service network.service ovs-configuration.service - Before=network-online.target kubelet.service crio.service node-valid-hostname.service + Before=kubelet-dependencies.target node-valid-hostname.service [Service] # Need oneshot to delay kubelet @@ -27,6 +27,6 @@ contents: | StandardError=journal+console [Install] - WantedBy=network-online.target + WantedBy=kubelet-dependencies.target {{ end }}{{ end }} \ No newline at end of file diff --git a/templates/common/_base/units/node-valid-hostname.service.yaml b/templates/common/_base/units/node-valid-hostname.service.yaml index e50099758c..13bb8f6142 100644 --- a/templates/common/_base/units/node-valid-hostname.service.yaml +++ b/templates/common/_base/units/node-valid-hostname.service.yaml @@ -3,7 +3,7 @@ enabled: true contents: | [Unit] Description=Wait for a non-localhost hostname - Before=network-online.target + Before=kubelet-dependencies.target [Service] Type=oneshot @@ -15,7 +15,6 @@ contents: | TimeoutSec=300 [Install] - WantedBy=multi-user.target - # Ensure that network-online.target will not complete until the node has a non-localhost hostname. - RequiredBy=network-online.target + # TODO: Change this to RequiredBy after we fix https://github.com/openshift/machine-config-operator/pull/3865#issuecomment-1746963115 + WantedBy=kubelet-dependencies.target diff --git a/templates/common/_base/units/nodeip-configuration.service.yaml b/templates/common/_base/units/nodeip-configuration.service.yaml index 0817a5f2c6..665fe5bf59 100644 --- a/templates/common/_base/units/nodeip-configuration.service.yaml +++ b/templates/common/_base/units/nodeip-configuration.service.yaml @@ -5,9 +5,9 @@ enabled: {{if eq .Infra.Status.PlatformStatus.Type "None"}}true{{else}}false{{en contents: | [Unit] Description=Writes IP address configuration so that kubelet and crio services select a valid node IP - Wants=NetworkManager-wait-online.service crio-wipe.service - After=NetworkManager-wait-online.service ignition-firstboot-complete.service crio-wipe.service - Before=kubelet.service crio.service ovs-configuration.service + Wants=NetworkManager-wait-online.service + After=NetworkManager-wait-online.service firstboot-osupdate.target + Before=kubelet-dependencies.target ovs-configuration.service [Service] # Need oneshot to delay kubelet @@ -44,4 +44,4 @@ contents: | EnvironmentFile=-/etc/default/nodeip-configuration [Install] - RequiredBy=kubelet.service + RequiredBy=kubelet-dependencies.target diff --git a/templates/common/_base/units/ovs-configuration.service.yaml b/templates/common/_base/units/ovs-configuration.service.yaml index bf55a1dd2a..bd57158925 100644 --- a/templates/common/_base/units/ovs-configuration.service.yaml +++ b/templates/common/_base/units/ovs-configuration.service.yaml @@ -3,13 +3,12 @@ enabled: {{if eq .NetworkType "OVNKubernetes" "OpenShiftSDN"}}true{{else}}false{ contents: | [Unit] Description=Configures OVS with proper host networking configuration - # Removal of this file signals firstboot completion - ConditionPathExists=!/etc/ignition-machine-config-encapsulated.json # This service is used to move a physical NIC into OVS and reconfigure OVS to use the host IP Requires=openvswitch.service Wants=NetworkManager-wait-online.service + After=firstboot-osupdate.target After=NetworkManager-wait-online.service openvswitch.service network.service nodeip-configuration.service - Before=network-online.target kubelet.service crio.service node-valid-hostname.service + Before=kubelet-dependencies.target node-valid-hostname.service [Service] # Need oneshot to delay kubelet @@ -19,4 +18,4 @@ contents: | StandardError=journal+console [Install] - WantedBy=network-online.target + RequiredBy=kubelet-dependencies.target diff --git a/templates/common/alibabacloud/units/alibaba-kubelet-nodename.service.yaml b/templates/common/alibabacloud/units/alibaba-kubelet-nodename.service.yaml index b5af3df6d2..3326cccc0b 100644 --- a/templates/common/alibabacloud/units/alibaba-kubelet-nodename.service.yaml +++ b/templates/common/alibabacloud/units/alibaba-kubelet-nodename.service.yaml @@ -5,8 +5,7 @@ contents: | Description=Fetch the region and isntance id from Alibaba Metadata # Wait for NetworkManager to report it's online After=NetworkManager-wait-online.service - # Run before kubelet - Before=kubelet.service + Before=kubelet-dependencies.target [Service] ExecStart=/usr/local/bin/alibaba-kubelet-nodename diff --git a/templates/common/aws/units/aws-kubelet-nodename.service.yaml b/templates/common/aws/units/aws-kubelet-nodename.service.yaml index d606682c17..2056a9fa5b 100644 --- a/templates/common/aws/units/aws-kubelet-nodename.service.yaml +++ b/templates/common/aws/units/aws-kubelet-nodename.service.yaml @@ -14,7 +14,7 @@ contents: | # Wait for NetworkManager to report it's online After=NetworkManager-wait-online.service # Run before kubelet - Before=kubelet.service + Before=kubelet-dependencies.target [Service] # Mark afterburn environment file optional, due to it is possible that afterburn service was not executed diff --git a/templates/common/aws/units/aws-kubelet-providerid.service.yaml b/templates/common/aws/units/aws-kubelet-providerid.service.yaml index 32a12a5ec8..499b8b70f1 100644 --- a/templates/common/aws/units/aws-kubelet-providerid.service.yaml +++ b/templates/common/aws/units/aws-kubelet-providerid.service.yaml @@ -14,7 +14,7 @@ contents: | # Wait for NetworkManager to report it's online After=NetworkManager-wait-online.service # Run before kubelet - Before=kubelet.service + Before=kubelet-dependencies.target [Service] # Mark afterburn environment file optional, due to it is possible that afterburn service was not executed diff --git a/templates/common/gcp/units/gcp-hostname.service.yaml b/templates/common/gcp/units/gcp-hostname.service.yaml index 16cd07fb98..8b0d7f71c4 100644 --- a/templates/common/gcp/units/gcp-hostname.service.yaml +++ b/templates/common/gcp/units/gcp-hostname.service.yaml @@ -3,10 +3,8 @@ enabled: true contents: | [Unit] Description=Set GCP Transient Hostname - # Removal of this file signals firstboot completion - ConditionPathExists=!/etc/ignition-machine-config-encapsulated.json - # Block services relying on networking being up. - Before=network-online.target + # We don't need to do this on the firstboot + After=firstboot-osupdate.target # Wait for NetworkManager to report it's online After=NetworkManager-wait-online.service # Run before hostname checks @@ -18,5 +16,4 @@ contents: | ExecStart=/usr/local/bin/mco-hostname --gcp [Install] - WantedBy=multi-user.target - WantedBy=network-online.target + RequiredBy=kubelet-dependencies.target diff --git a/templates/common/on-prem/units/nodeip-configuration.service.yaml b/templates/common/on-prem/units/nodeip-configuration.service.yaml index 3b880ecc71..3e5388e871 100644 --- a/templates/common/on-prem/units/nodeip-configuration.service.yaml +++ b/templates/common/on-prem/units/nodeip-configuration.service.yaml @@ -6,9 +6,9 @@ contents: | # This only applies to VIP managing environments where the kubelet and crio IP # address picking logic is flawed and may end up selecting an address from a # different subnet or a deprecated address - Wants=NetworkManager-wait-online.service crio-wipe.service - After=NetworkManager-wait-online.service ignition-firstboot-complete.service crio-wipe.service - Before=kubelet.service crio.service ovs-configuration.service + Wants=NetworkManager-wait-online.service + After=NetworkManager-wait-online.service firstboot-osupdate.target + Before=kubelet-dependencies.target ovs-configuration.service [Service] # Need oneshot to delay kubelet @@ -47,4 +47,4 @@ contents: | ExecStartPost=+/usr/local/bin/configure-ip-forwarding.sh [Install] - WantedBy=multi-user.target + RequiredBy=kubelet-dependencies.target diff --git a/templates/common/openstack/units/openstack-kubelet-nodename.service.yaml b/templates/common/openstack/units/openstack-kubelet-nodename.service.yaml index 5c404a0287..e0388067ca 100644 --- a/templates/common/openstack/units/openstack-kubelet-nodename.service.yaml +++ b/templates/common/openstack/units/openstack-kubelet-nodename.service.yaml @@ -6,7 +6,7 @@ contents: | # Wait for NetworkManager to report it's online After=NetworkManager-wait-online.service # Run before kubelet - Before=kubelet.service + Before=kubelet-dependencies.target [Service] ExecStart=/usr/local/bin/openstack-kubelet-nodename diff --git a/templates/common/vsphere/units/nodeip-configuration-vsphere-upi.service.yaml b/templates/common/vsphere/units/nodeip-configuration-vsphere-upi.service.yaml index 00ad8c6f47..e36a585813 100644 --- a/templates/common/vsphere/units/nodeip-configuration-vsphere-upi.service.yaml +++ b/templates/common/vsphere/units/nodeip-configuration-vsphere-upi.service.yaml @@ -16,9 +16,9 @@ enabled: {{if eq (len (onPremPlatformAPIServerInternalIPs .)) 0}}true{{else}}fal contents: | [Unit] Description=Writes IP address configuration so that kubelet and crio services select a valid node IP - Wants=NetworkManager-wait-online.service crio-wipe.service - After=NetworkManager-wait-online.service ignition-firstboot-complete.service crio-wipe.service - Before=kubelet.service crio.service ovs-configuration.service + Wants=NetworkManager-wait-online.service + After=NetworkManager-wait-online.service firstboot-osupdate.target + Before=kubelet-dependencies.target ovs-configuration.service [Service] # Need oneshot to delay kubelet @@ -54,4 +54,4 @@ contents: | EnvironmentFile=-/etc/default/nodeip-configuration [Install] - RequiredBy=kubelet.service + RequiredBy=kubelet-dependencies.target diff --git a/templates/common/vsphere/units/vsphere-hostname.service.yaml b/templates/common/vsphere/units/vsphere-hostname.service.yaml index ad7cb9395a..000683d71b 100644 --- a/templates/common/vsphere/units/vsphere-hostname.service.yaml +++ b/templates/common/vsphere/units/vsphere-hostname.service.yaml @@ -8,7 +8,7 @@ contents: | ConditionVirtualization=vmware - Before=kubelet.service + Before=kubelet-dependencies.target Before=node-valid-hostname.service Before=NetworkManager.service diff --git a/templates/master/00-master/alibabacloud/units/openshift-alibabacloud-routes.path.yaml b/templates/master/00-master/alibabacloud/units/openshift-alibabacloud-routes.path.yaml index 0346572ebc..5a6d1be83c 100644 --- a/templates/master/00-master/alibabacloud/units/openshift-alibabacloud-routes.path.yaml +++ b/templates/master/00-master/alibabacloud/units/openshift-alibabacloud-routes.path.yaml @@ -3,12 +3,12 @@ enabled: true contents: | [Unit] Description=Watch for downfile changes - Before=kubelet.service - ConditionPathExists=!/etc/ignition-machine-config-encapsulated.json + Before=kubelet-dependencies.service + After=firstboot-osupdate.target [Path] PathChanged=/run/cloud-routes/ MakeDirectory=true [Install] - RequiredBy=kubelet.service + RequiredBy=kubelet-dependencies.service diff --git a/templates/master/00-master/azure/units/openshift-azure-routes.path.yaml b/templates/master/00-master/azure/units/openshift-azure-routes.path.yaml index d43cc99f54..ea860469ad 100644 --- a/templates/master/00-master/azure/units/openshift-azure-routes.path.yaml +++ b/templates/master/00-master/azure/units/openshift-azure-routes.path.yaml @@ -3,12 +3,11 @@ enabled: true contents: | [Unit] Description=Watch for downfile changes - Before=kubelet.service - ConditionPathExists=!/etc/ignition-machine-config-encapsulated.json + Before=kubelet-dependencies.target [Path] PathChanged=/run/cloud-routes/ MakeDirectory=true [Install] - RequiredBy=kubelet.service + RequiredBy=kubelet-dependencies.target diff --git a/templates/master/00-master/azure/units/openshift-azure-routes.service.yaml b/templates/master/00-master/azure/units/openshift-azure-routes.service.yaml index 4cc32d7eb0..648b7224dc 100644 --- a/templates/master/00-master/azure/units/openshift-azure-routes.service.yaml +++ b/templates/master/00-master/azure/units/openshift-azure-routes.service.yaml @@ -3,7 +3,9 @@ enabled: false contents: | [Unit] Description=Work around Azure load balancer hairpin - + # We don't need to do this on the firstboot + After=firstboot-osupdate.target + [Service] Type=simple ExecStart=/bin/bash /opt/libexec/openshift-azure-routes.sh start diff --git a/templates/master/01-master-kubelet/_base/units/kubelet.service.yaml b/templates/master/01-master-kubelet/_base/units/kubelet.service.yaml index b2d19265bd..aeae85eb3f 100644 --- a/templates/master/01-master-kubelet/_base/units/kubelet.service.yaml +++ b/templates/master/01-master-kubelet/_base/units/kubelet.service.yaml @@ -3,9 +3,8 @@ enabled: true contents: | [Unit] Description=Kubernetes Kubelet - Wants=rpc-statd.service network-online.target - Requires=crio.service kubelet-auto-node-size.service - After=network-online.target crio.service kubelet-auto-node-size.service + Requires=crio.service kubelet-dependencies.target + After=kubelet-dependencies.target After=ostree-finalize-staged.service [Service] diff --git a/templates/master/01-master-kubelet/alibabacloud/units/kubelet.service.yaml b/templates/master/01-master-kubelet/alibabacloud/units/kubelet.service.yaml index 176fa59db0..c5395c1211 100644 --- a/templates/master/01-master-kubelet/alibabacloud/units/kubelet.service.yaml +++ b/templates/master/01-master-kubelet/alibabacloud/units/kubelet.service.yaml @@ -3,9 +3,8 @@ enabled: true contents: | [Unit] Description=Kubernetes Kubelet - Wants=rpc-statd.service network-online.target - Requires=crio.service kubelet-auto-node-size.service - After=network-online.target crio.service kubelet-auto-node-size.service + Requires=crio.service kubelet-dependencies.target + After=kubelet-dependencies.target After=ostree-finalize-staged.service [Service] diff --git a/templates/master/01-master-kubelet/on-prem/units/kubelet.service.yaml b/templates/master/01-master-kubelet/on-prem/units/kubelet.service.yaml index 4380f1bc14..9651b623ad 100644 --- a/templates/master/01-master-kubelet/on-prem/units/kubelet.service.yaml +++ b/templates/master/01-master-kubelet/on-prem/units/kubelet.service.yaml @@ -3,9 +3,8 @@ enabled: true contents: | [Unit] Description=Kubernetes Kubelet - Wants=rpc-statd.service network-online.target - Requires=crio.service kubelet-auto-node-size.service - After=network-online.target crio.service kubelet-auto-node-size.service + Requires=crio.service kubelet-dependencies.target + After=kubelet-dependencies.target After=ostree-finalize-staged.service [Service] diff --git a/templates/worker/01-worker-kubelet/_base/units/kubelet.service.yaml b/templates/worker/01-worker-kubelet/_base/units/kubelet.service.yaml index 4a807df93d..e1fb230f71 100644 --- a/templates/worker/01-worker-kubelet/_base/units/kubelet.service.yaml +++ b/templates/worker/01-worker-kubelet/_base/units/kubelet.service.yaml @@ -3,9 +3,8 @@ enabled: true contents: | [Unit] Description=Kubernetes Kubelet - Wants=rpc-statd.service network-online.target - Requires=crio.service kubelet-auto-node-size.service - After=network-online.target crio.service kubelet-auto-node-size.service + Requires=crio.service kubelet-dependencies.target + After=kubelet-dependencies.target After=ostree-finalize-staged.service [Service] diff --git a/templates/worker/01-worker-kubelet/alibabacloud/units/kubelet.service.yaml b/templates/worker/01-worker-kubelet/alibabacloud/units/kubelet.service.yaml index 8b8c60f7f0..2f638cac0f 100644 --- a/templates/worker/01-worker-kubelet/alibabacloud/units/kubelet.service.yaml +++ b/templates/worker/01-worker-kubelet/alibabacloud/units/kubelet.service.yaml @@ -3,9 +3,8 @@ enabled: true contents: | [Unit] Description=Kubernetes Kubelet - Wants=rpc-statd.service network-online.target - Requires=crio.service kubelet-auto-node-size.service - After=network-online.target crio.service kubelet-auto-node-size.service + Requires=crio.service kubelet-dependencies.target + After=kubelet-dependencies.target After=ostree-finalize-staged.service [Service] diff --git a/templates/worker/01-worker-kubelet/on-prem/units/kubelet.service.yaml b/templates/worker/01-worker-kubelet/on-prem/units/kubelet.service.yaml index f1bc2680c3..eb8cde3e4d 100644 --- a/templates/worker/01-worker-kubelet/on-prem/units/kubelet.service.yaml +++ b/templates/worker/01-worker-kubelet/on-prem/units/kubelet.service.yaml @@ -3,9 +3,8 @@ enabled: true contents: | [Unit] Description=Kubernetes Kubelet - Wants=rpc-statd.service network-online.target - Requires=crio.service kubelet-auto-node-size.service - After=network-online.target crio.service kubelet-auto-node-size.service + Requires=crio.service kubelet-dependencies.target + After=kubelet-dependencies.target After=ostree-finalize-staged.service [Service]