From 3dd831cf2a6b0bd68b8525481425d6da7f5eaddf Mon Sep 17 00:00:00 2001 From: Michael Burke Date: Mon, 20 Oct 2025 17:03:26 -0400 Subject: [PATCH 1/2] OCDOCS 62865 provide meaningful examples for NDP --- ...machine-config-node-disruption-config.adoc | 4 +- ...achine-config-node-disruption-example.adoc | 46 +++++++++---------- ...achine-config-node-disruption-actions.adoc | 2 +- 3 files changed, 25 insertions(+), 27 deletions(-) diff --git a/modules/machine-config-node-disruption-config.adoc b/modules/machine-config-node-disruption-config.adoc index 9f41fef23d3a..406a002fc34c 100644 --- a/modules/machine-config-node-disruption-config.adoc +++ b/modules/machine-config-node-disruption-config.adoc @@ -58,7 +58,7 @@ spec: - restart: serviceName: crio.service type: Restart - name: test.service + name: sshd.service ---- <1> Specifies the node disruption policy. <2> Specifies a list of machine config file definitions and actions to take to changes on those paths. This list supports a maximum of 50 entries. @@ -117,7 +117,7 @@ status: - restart: serviceName: crio.service type: Restart - name: test.se + name: test.service # ... ---- <1> Specifies the current cluster-validated policies. diff --git a/modules/machine-config-node-disruption-example.adoc b/modules/machine-config-node-disruption-example.adoc index 45ccbca300b4..c8adc9abe950 100644 --- a/modules/machine-config-node-disruption-example.adoc +++ b/modules/machine-config-node-disruption-example.adoc @@ -73,7 +73,27 @@ status: The default node disruption policy does not contain a policy for changes to the `/etc/containers/registries.conf.d` file. This is because both {product-title} and {op-system-base-full} use the `registries.conf.d` file to specify aliases for image short names. It is recommended that you always pull an image by its fully-qualified name. This is particularly important with public registries, because the image might not deploy if the public registry requires authentication. You can create a user-defined policy to use with the `/etc/containers/registries.conf.d` file, if you need to use image short names. -In the following example, when changes are made to the SSH keys, the MCO drains the cluster nodes, reloads the `crio.service`, reloads the systemd configuration, and restarts the `crio-service`. +In the following example, when changes are made to the `registries.conf.d` file, the MCO restarts the `crio-service`. + +.Example node disruption policy for a change to the `registries.conf` file +[source,yaml] +---- +apiVersion: operator.openshift.io/v1 +kind: MachineConfiguration +metadata: + name: cluster + namespace: openshift-machine-config-operator +spec: + nodeDisruptionPolicy: + files: + - path: /etc/containers/registries.conf.d + actions: + - type: Restart + - restart: + serviceName: crio.service +---- + +In the following example, when changes are made to the SSH keys, the MCO reloads the systemd configuration, and restarts the `crio-service`. .Example node disruption policy for an SSH key change [source,yaml] @@ -87,14 +107,10 @@ spec: nodeDisruptionPolicy: sshkey: actions: - - type: Drain - - reload: - serviceName: crio.service - type: Reload - type: DaemonReload - restart: serviceName: crio.service - type: Restart + type: Restart # ... ---- @@ -145,21 +161,3 @@ spec: restart: serviceName: crio.service ---- - -In the following example, when changes are made to the `registries.conf` file, such as by editing an `ImageContentSourcePolicy` (ICSP) object, the MCO does not drain or reboot the nodes and applies the changes with no further action. - -.Example node disruption policy for a registries.conf file change -[source,yaml] ----- -apiVersion: operator.openshift.io/v1 -kind: MachineConfiguration -metadata: - name: cluster -# ... -spec: - nodeDisruptionPolicy: - files: - - actions: - - type: None - path: /etc/containers/registries.conf ----- diff --git a/snippets/machine-config-node-disruption-actions.adoc b/snippets/machine-config-node-disruption-actions.adoc index d7fbecbe35e9..f3f32440238f 100644 --- a/snippets/machine-config-node-disruption-actions.adoc +++ b/snippets/machine-config-node-disruption-actions.adoc @@ -11,7 +11,7 @@ When you make any of these changes, the node disruption policy determines which * *Reload*: For services, the MCO reloads the specified services without restarting the service. * *Restart*: For services, the MCO fully restarts the specified services. * *DaemonReload*: The MCO reloads the systemd manager configuration. -* *Special*: This is an internal MCO-only action and cannot be set by the user. +* *Special*: This is an internal MCO-only action that is set by default for changes to the `/etc/containers/registries.conf` file. When this action is set, the MCO determines if a node cordon and drain is required, based on the changed content in the `registries.conf` file. You can override this default. However, it is not recommended to override this setting. You cannot set this action for another path or service. [NOTE] ==== From 54c490c445bd9b55415ca6d3d8fe7e573003dc74 Mon Sep 17 00:00:00 2001 From: Michael Burke Date: Mon, 22 Dec 2025 08:04:06 -0500 Subject: [PATCH 2/2] Vale fixes --- modules/machine-config-node-disruption-config.adoc | 1 + modules/machine-config-node-disruption-example.adoc | 5 +++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/modules/machine-config-node-disruption-config.adoc b/modules/machine-config-node-disruption-config.adoc index 406a002fc34c..c614453af01c 100644 --- a/modules/machine-config-node-disruption-config.adoc +++ b/modules/machine-config-node-disruption-config.adoc @@ -6,6 +6,7 @@ [id="machine-config-node-disruption-config_{context}"] = Configuring node restart behaviors upon machine config changes +[role="_abstract"] You can create a node disruption policy to define the machine configuration changes that cause a disruption to your cluster, and which changes do not. You can control how your nodes respond to changes in the files in the `/var` or `/etc` directory, the systemd units, the SSH keys, and the `registries.conf` file. diff --git a/modules/machine-config-node-disruption-example.adoc b/modules/machine-config-node-disruption-example.adoc index c8adc9abe950..7e86c3264b6a 100644 --- a/modules/machine-config-node-disruption-example.adoc +++ b/modules/machine-config-node-disruption-example.adoc @@ -2,11 +2,12 @@ // // * machine_configuration/machine-config-node-disruption_machine-configs-configure.adoc -:_mod-docs-content-type: PROCEDURE +:_mod-docs-content-type: REFERENCE [id="machine-config-node-disruption-example_{context}"] = Example node disruption policies -The following example `MachineConfiguration` objects contain a node disruption policy. +[role="_abstract"] +You can use the following example `MachineConfiguration` objects to help you create contain a node disruption policy that can help reduce disruption to the workloads in your cluster. [TIP] ====