Skip to content

OCPBUGS-24003: mcd_config_drift not working properly #5632

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dkhater-redhat wants to merge 1 commit into
base: main
Choose a base branch
from
Open

OCPBUGS-24003: mcd_config_drift not working properly #5632

dkhater-redhat wants to merge 1 commit into from
+39 −1

Conversation

@dkhater-redhat
Copy link
Contributor

@dkhater-redhat dkhater-redhat commented Feb 6, 2026
edited
Loading

- What I did
Modified startConfigDriftMonitor() to initialize the mcd_config_drift metric based on the node's current state instead of unconditionally resetting it to 0. When the MCD pod restarts, the function now checks if the node is degraded due to config drift (by examining the state and reason annotations) and sets the metric accordingly.
- How to verify it

  1. Trigger config drift on a node by manually modifying a file managed by MachineConfig
  2. Verify mcd_config_drift metric is set and node is Degraded
  3. Delete the MCD pod running on that node: oc delete pod -n openshift-machine-config-operator
  4. After the pod restarts, verify the mcd_config_drift metric is still set (not reset to 0)
  5. Fix the config drift by restoring the file to its expected state
  6. Verify the metric clears to 0 once drift is resolved
    - Description for the changelog

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Feb 6, 2026

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dkhater-redhat

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Feb 6, 2026
@dkhater-redhat
Copy link
Contributor Author

dkhater-redhat commented Feb 6, 2026

/retitle OCPBUGS-24003: mcd_config_drift not working properly

@openshift-ci openshift-ci bot changed the title fixes config drift metric persistence OCPBUGS-24003: mcd_config_drift not working properly Feb 6, 2026
@openshift-ci-robot openshift-ci-robot added jira/severity-moderate Referenced Jira bug's severity is moderate for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. labels Feb 6, 2026
@openshift-ci-robot
Copy link
Contributor

openshift-ci-robot commented Feb 6, 2026

@dkhater-redhat: This pull request references Jira Issue OCPBUGS-24003, which is valid.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target version (4.22.0) matches configured target version for branch (4.22.0)
  • bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @sergiordlr

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

- What I did
Modified startConfigDriftMonitor() to initialize the mcd_config_drift metric based on the node's current state instead of unconditionally resetting it to 0. When the MCD pod restarts, the function now checks if the node is degraded due to config drift (by examining the state and reason annotations) and sets the metric accordingly.
- How to verify it

  1. Trigger config drift on a node by manually modifying a file managed by MachineConfig
  2. Verify mcd_config_drift metric is set and node is Degraded
  3. Delete the MCD pod running on that node: oc delete pod -n openshift-machine-config-operator
  4. After the pod restarts, verify the mcd_config_drift metric is still set (not reset to 0)
  5. Fix the config drift by restoring the file to its expected state
  6. Verify the metric clears to 0 once drift is resolved
    - Description for the changelog

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci openshift-ci bot requested a review from sergiordlr February 6, 2026 15:35
@dkhater-redhat dkhater-redhat force-pushed the fix-config-drift-metric-persistence branch from f0e680e to ebcb209 Compare February 9, 2026 17:21
@dkhater-redhat
Copy link
Contributor Author

dkhater-redhat commented Feb 9, 2026

/retest-required

@ptalgulk01
Copy link

ptalgulk01 commented Feb 10, 2026

Pre-merge verified:

Environment setup:
Platform: AWS
Version: 4.22.0-0-2026-02-10-053440-test-ci-ln-s9kynkk-latest

Verification Steps:

Verified using Claude

  • Before editing the kubelet.config
  $ oc get node ip-10-0-111-17.us-east-2.compute.internal -o jsonpath='{.metadata.annotations.machineconfiguration\.openshift\.io/state}' && echo                                                                                                             
  Done                                                                                                                                                                                                                                                        
                                                                                                                                                                                                                                                              
  $ oc exec -n openshift-machine-config-operator machine-config-daemon-zptsj -- curl -s localhost:8797/metrics 2>&1 | grep mcd_config_drift                                                                                                                   
  # HELP mcd_config_drift timestamp for config drift                                                                                                                                                                                                          
  # TYPE mcd_config_drift gauge                                                                                                                                                                                                                               
  mcd_config_drift 0
  • Edit the kubelet.config in one of worker node to create a config drift
$ oc debug node/ip-10-0-111-17.us-east-2.compute.internal -- chroot /host bash -c "echo '# CONFIG DRIFT TEST PR5574' >> /etc/kubernetes/kubelet.conf"                                                                                                       
  Starting pod/ip-10-0-111-17us-east-2computeinternal-debug-j5h49 ...                                                                                                                                                                                         
  To use host binaries, run `chroot /host`                                                                                                                                                                                                                    
                                                                                                                                                                                                                                                              
  Removing debug pod ...
  • Check the MCP is degrade and config drift been produced
  $ oc get node ip-10-0-111-17.us-east-2.compute.internal -o jsonpath='{.metadata.annotations.machineconfiguration\.openshift\.io/state}' && echo                                                                                                             
  Degraded                                                                                                                                                                                                                                                    
                                                                                                                                                                                                                                                              
  $ oc get node ip-10-0-111-17.us-east-2.compute.internal -o jsonpath='{.metadata.annotations.machineconfiguration\.openshift\.io/reason}' && echo                                                                                                            
  unexpected on-disk state validating against rendered-worker-e1837bca6cfe3c85710be5b9c17ab418: content mismatch for file "/etc/kubernetes/kubelet.conf"                                                                                                      
                                                                                                                                                                                                                                                              
  $ oc exec -n openshift-machine-config-operator machine-config-daemon-zptsj -- curl -s localhost:8797/metrics 2>&1 | grep mcd_config_drift                                                                                                                   
  # HELP mcd_config_drift timestamp for config drift                                                                                                                                                                                                          
  # TYPE mcd_config_drift gauge                                                                                                                                                                                                                               
  mcd_config_drift 1.770359684748165e+09
  • Restart MCD Pod Restarting the pod should NOT reset the metric to 0.
  $ oc delete pod -n openshift-machine-config-operator machine-config-daemon-zptsj                                                                                                                                                                            
  pod "machine-config-daemon-zptsj" deleted

Wait for new pod to start

 $ oc get pod -n openshift-machine-config-operator -l k8s-app=machine-config-daemon -o wide | grep "ip-10-0-111-17"                                                                                                                                          
 machine-config-daemon-fnr4l   2/2     Running   0          46s   10.0.111.17    ip-10-0-111-17.us-east-2.compute.internal    <none>           <none>

Check if the drift metric persisted across the pod restart:

  $ oc exec -n openshift-machine-config-operator machine-config-daemon-fnr4l -- curl -s localhost:8797/metrics 2>&1 | grep mcd_config_drift                                                                                                                   
  # HELP mcd_config_drift timestamp for config drift                                                                                                                                                                                                          
  # TYPE mcd_config_drift gauge                                                                                                                                                                                                                               
  mcd_config_drift 1.770360083354085e+09                                                                                                                                                                                                                      
                                                                                                                                                                                                                                                              
  $ oc get node ip-10-0-111-17.us-east-2.compute.internal -o jsonpath='{.metadata.annotations.machineconfiguration\.openshift\.io/state}' && echo                                                                                                             
  Degraded
  • Cleanup & Restoration
 $ oc debug node/ip-10-0-111-17.us-east-2.compute.internal -- chroot /host bash -c "sed -i '/# CONFIG DRIFT TEST PR5574/d' /etc/kubernetes/kubelet.conf"                                                                                                     
 Starting pod/ip-10-0-111-17us-east-2computeinternal-debug-dtrjk ...                                                                                                                                                                                         
 To use host binaries, run `chroot /host`                                                                                                                                                                                                                    
                                                                                                                                                                                                                                                             
 Removing debug pod ...

Wait for MCD to reconcile

  $ oc get node ip-10-0-111-17.us-east-2.compute.internal -o jsonpath='{.metadata.annotations.machineconfiguration\.openshift\.io/state}' && echo                                                                                                             
  Done                                                                                                                                                                                                                                                        
                                                                                                                                                                                                                                                              
  $ oc exec -n openshift-machine-config-operator machine-config-daemon-fnr4l -- curl -s localhost:8797/metrics 2>&1 | grep "^mcd_config_drift"                                                                                                                
  mcd_config_drift 0                                                                                                                                                                                                                                          
                                                                                                                                                                                                                                                              
  $ oc get mcp                                                                                                                                                                                                                                                
  NAME     CONFIG                                             UPDATED   UPDATING   DEGRADED   MACHINECOUNT   READYMACHINECOUNT   UPDATEDMACHINECOUNT   DEGRADEDMACHINECOUNT   AGE                                                                             
  master   rendered-master-e02d034a46e6941f939b1a435209c52f   True      False      False      3              3                   3                     0                      94m                                                                             
  worker   rendered-worker-e1837bca6cfe3c85710be5b9c17ab418   True      False      False      3              3                   3                     0                      94m

/label qe-approved
/verified by @ptalgulk01

@openshift-ci openshift-ci bot added the qe-approved Signifies that QE has signed off on this PR label Feb 10, 2026
@openshift-ci-robot openshift-ci-robot added the verified Signifies that the PR passed pre-merge verification criteria label Feb 10, 2026
@openshift-ci-robot
Copy link
Contributor

openshift-ci-robot commented Feb 10, 2026

@ptalgulk01: This PR has been marked as verified by @ptalgulk01.

Details

In response to this:

Pre-merge verified:

Environment setup:
Platform: AWS
Version: 4.22.0-0-2026-02-10-053440-test-ci-ln-s9kynkk-latest

Verification Steps:

Verified using Claude

  • Before editing the kubelet.config
 $ oc get node ip-10-0-111-17.us-east-2.compute.internal -o jsonpath='{.metadata.annotations.machineconfiguration\.openshift\.io/state}' && echo                                                                                                             
 Done                                                                                                                                                                                                                                                        
                                                                                                                                                                                                                                                             
 $ oc exec -n openshift-machine-config-operator machine-config-daemon-zptsj -- curl -s localhost:8797/metrics 2>&1 | grep mcd_config_drift                                                                                                                   
 # HELP mcd_config_drift timestamp for config drift                                                                                                                                                                                                          
 # TYPE mcd_config_drift gauge                                                                                                                                                                                                                               
 mcd_config_drift 0
  • Edit the kubelet.config in one of worker node to create a config drift
$ oc debug node/ip-10-0-111-17.us-east-2.compute.internal -- chroot /host bash -c "echo '# CONFIG DRIFT TEST PR5574' >> /etc/kubernetes/kubelet.conf"                                                                                                       
 Starting pod/ip-10-0-111-17us-east-2computeinternal-debug-j5h49 ...                                                                                                                                                                                         
 To use host binaries, run `chroot /host`                                                                                                                                                                                                                    
                                                                                                                                                                                                                                                             
 Removing debug pod ...
  • Check the MCP is degrade and config drift been produced
 $ oc get node ip-10-0-111-17.us-east-2.compute.internal -o jsonpath='{.metadata.annotations.machineconfiguration\.openshift\.io/state}' && echo                                                                                                             
 Degraded                                                                                                                                                                                                                                                    
                                                                                                                                                                                                                                                             
 $ oc get node ip-10-0-111-17.us-east-2.compute.internal -o jsonpath='{.metadata.annotations.machineconfiguration\.openshift\.io/reason}' && echo                                                                                                            
 unexpected on-disk state validating against rendered-worker-e1837bca6cfe3c85710be5b9c17ab418: content mismatch for file "/etc/kubernetes/kubelet.conf"                                                                                                      
                                                                                                                                                                                                                                                             
 $ oc exec -n openshift-machine-config-operator machine-config-daemon-zptsj -- curl -s localhost:8797/metrics 2>&1 | grep mcd_config_drift                                                                                                                   
 # HELP mcd_config_drift timestamp for config drift                                                                                                                                                                                                          
 # TYPE mcd_config_drift gauge                                                                                                                                                                                                                               
 mcd_config_drift 1.770359684748165e+09
  • Restart MCD Pod Restarting the pod should NOT reset the metric to 0.
 $ oc delete pod -n openshift-machine-config-operator machine-config-daemon-zptsj                                                                                                                                                                            
 pod "machine-config-daemon-zptsj" deleted

Wait for new pod to start

 $ oc get pod -n openshift-machine-config-operator -l k8s-app=machine-config-daemon -o wide | grep "ip-10-0-111-17"                                                                                                                                          
 machine-config-daemon-fnr4l   2/2     Running   0          46s   10.0.111.17    ip-10-0-111-17.us-east-2.compute.internal    <none>           <none>

Check if the drift metric persisted across the pod restart:

 $ oc exec -n openshift-machine-config-operator machine-config-daemon-fnr4l -- curl -s localhost:8797/metrics 2>&1 | grep mcd_config_drift                                                                                                                   
 # HELP mcd_config_drift timestamp for config drift                                                                                                                                                                                                          
 # TYPE mcd_config_drift gauge                                                                                                                                                                                                                               
 mcd_config_drift 1.770360083354085e+09                                                                                                                                                                                                                      
                                                                                                                                                                                                                                                             
 $ oc get node ip-10-0-111-17.us-east-2.compute.internal -o jsonpath='{.metadata.annotations.machineconfiguration\.openshift\.io/state}' && echo                                                                                                             
 Degraded
  • Cleanup & Restoration
 $ oc debug node/ip-10-0-111-17.us-east-2.compute.internal -- chroot /host bash -c "sed -i '/# CONFIG DRIFT TEST PR5574/d' /etc/kubernetes/kubelet.conf"                                                                                                     
 Starting pod/ip-10-0-111-17us-east-2computeinternal-debug-dtrjk ...                                                                                                                                                                                         
 To use host binaries, run `chroot /host`                                                                                                                                                                                                                    
                                                                                                                                                                                                                                                             
 Removing debug pod ...

Wait for MCD to reconcile

 $ oc get node ip-10-0-111-17.us-east-2.compute.internal -o jsonpath='{.metadata.annotations.machineconfiguration\.openshift\.io/state}' && echo                                                                                                             
 Done                                                                                                                                                                                                                                                        
                                                                                                                                                                                                                                                             
 $ oc exec -n openshift-machine-config-operator machine-config-daemon-fnr4l -- curl -s localhost:8797/metrics 2>&1 | grep "^mcd_config_drift"                                                                                                                
 mcd_config_drift 0                                                                                                                                                                                                                                          
                                                                                                                                                                                                                                                             
 $ oc get mcp                                                                                                                                                                                                                                                
 NAME     CONFIG                                             UPDATED   UPDATING   DEGRADED   MACHINECOUNT   READYMACHINECOUNT   UPDATEDMACHINECOUNT   DEGRADEDMACHINECOUNT   AGE                                                                             
 master   rendered-master-e02d034a46e6941f939b1a435209c52f   True      False      False      3              3                   3                     0                      94m                                                                             
 worker   rendered-worker-e1837bca6cfe3c85710be5b9c17ab418   True      False      False      3              3                   3                     0                      94m

/label qe-approved
/verified by @ptalgulk01

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

pablintino
pablintino reviewed Feb 10, 2026
View reviewed changes
@dkhater-redhat
Copy link
Contributor Author

dkhater-redhat commented Feb 10, 2026

/test verify

@dkhater-redhat dkhater-redhat force-pushed the fix-config-drift-metric-persistence branch from ebcb209 to a0d71bf Compare February 10, 2026 18:34
@openshift-ci-robot openshift-ci-robot removed the verified Signifies that the PR passed pre-merge verification criteria label Feb 10, 2026
@dkhater-redhat
Copy link
Contributor Author

dkhater-redhat commented Feb 11, 2026

/retest-required

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Feb 11, 2026

@dkhater-redhat: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-gcp-op-ocl a0d71bf link false /test e2e-gcp-op-ocl
ci/prow/e2e-hypershift a0d71bf link true /test e2e-hypershift

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cheesesashimi cheesesashimi Awaiting requested review from cheesesashimi

@yuqi-zhang yuqi-zhang Awaiting requested review from yuqi-zhang

@sergiordlr sergiordlr Awaiting requested review from sergiordlr

1 more reviewer

@pablintino pablintino pablintino left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. jira/severity-moderate Referenced Jira bug's severity is moderate for the branch this PR is targeting. jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. qe-approved Signifies that QE has signed off on this PR

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@dkhater-redhat @openshift-ci-robot @ptalgulk01 @pablintino