Merge pull request #81321 from mburke5678/mco-node-disruption-ga

mburke5678 · web-flow · commit 658df145822b · 2024-09-13T11:13:14.000-04:00
OCPSTRAT 1026:Admin-defined reboot &amp; drain policies: Phase 2 (GA)
diff --git a/machine_configuration/machine-config-node-disruption.adoc b/machine_configuration/machine-config-node-disruption.adoc
@@ -24,14 +24,19 @@ The MCO does not validate whether a change can be successfully applied by your n
 
 For example, you can configure a node disruption policy so that sudo configurations do not require a node drain and reboot. Or, you can configure your cluster so that updates to `sshd` are applied with only a reload of that one service.
 
-:FeatureName: The node disruption policy feature
-include::snippets/technology-preview.adoc[]
-
 You can control the behavior of the MCO when making the changes to the following Ignition configuration objects:
 
 // I used this wording for the objects to match the previous section in the assembly: file:///home/mburke/openshift-docs/_preview/openshift-enterprise/mco-node-disruption-policy/post_installation_configuration/machine-configuration-tasks.html#what-can-you-change-with-machine-configs.
-* *configuration files*: You add to or update the files in the `/var` or `/etc` directory.
-* *systemd units*: You create and set the status of a systemd service or modify an existing systemd service.
+* *configuration files*: You add to or update the files in the `/var` or `/etc` directory. You can configure a policy for a specific file anywhere in the directory or for a path to a specific directory. For a path, a change or addition to any file in that directory triggers the policy.
++
+[NOTE]
+====
+If a file is included in more than one policy, only the policy with the best match to that file is applied. 
+
+For example, if you have a policy for the `/etc/` directory and a policy for the `/etc/pki/` directory, a change to the `/etc/pki/tls/certs/ca-bundle.crt` file would apply the `etc/pki` policy.
+====
+
+* *systemd units*: You create and set the status of a systemd service or modify a systemd service.
 * *users and groups*: You change SSH keys in the `passwd` section postinstallation.
 * *ICSP*, *ITMS*, *IDMS* objects: You can remove mirroring rules from an `ImageContentSourcePolicy` (ICSP), `ImageTagMirrorSet` (ITMS), and `ImageDigestMirrorSet` (IDMS) object.
 
diff --git a/modules/machine-config-node-disruption-example.adoc b/modules/machine-config-node-disruption-example.adoc
@@ -48,10 +48,26 @@ status:
       - actions:
         - type: Special
         path: /etc/containers/registries.conf
+      - actions:
+        - reload:
+            serviceName: crio.service
+          type: Reload
+        path: /etc/containers/registries.d
+      - actions:
+        - type: None
+        path: /etc/nmstate/openshift
+      - actions:
+        - restart:
+            serviceName: coreos-update-ca-trust.service
+          type: Restart
+        - restart:
+            serviceName: crio.service
+          type: Restart
+        path: /etc/pki/ca-trust/source/anchors/openshift-config-user-ca-bundle.crt
       sshkey:
         actions:
         - type: None
-  readyReplicas: 0
+  observedGeneration: 9
 ----
 
 In the following example, when changes are made to the SSH keys, the MCO drains the cluster nodes, reloads the `crio.service`, reloads the systemd configuration, and restarts the `crio-service`.
@@ -80,7 +96,7 @@ spec:
 # ...
 ----
 
-In the following example, when changes are made to the `/etc/chrony.conf` file, the MCO reloads the `chronyd.service` on the cluster nodes.
+In the following example, when changes are made to the `/etc/chrony.conf` file, the MCO reloads the `chronyd.service` on the cluster nodes. If files are added to or modified in the `/var/run` directory, the MCO applies the changes with no further action.
 
 .Example node disruption policy for a configuration file change
 [source,yaml]
@@ -98,7 +114,10 @@ spec:
       - reload:
           serviceName: chronyd.service
         type: Reload
-      path: /etc/chrony.conf
+        path: /etc/chrony.conf
+    - actions:
+      - type: None
+      path: /var/run
 ----
 
 In the following example, when changes are made to the `auditd.service`	systemd unit, the MCO drains the cluster nodes, reloads the `crio.service`, reloads the systemd manager configuration, and restarts the `crio.service`.
