Obtaining package list for RHEL CoreOS or specific OpenShift 4 image

Solution Verified - Updated 12 Nov 2024

---

Environment

• Red Hat OpenShift Container Platform (RHOCP)
  • 4
• Red Hat Enterprise Linux CoreOS (RHCOS)

Issue

• How to know which packages are included in RHEL CoreOS for a given release of OpenShift Container Platform 4?
• How to find which kernel is included in an OpenShift Container Platform 4 update?
• How to list the packages included in a specific image provided by OCP 4?

Resolution

Starting with OpenShift 4.12, the package list for a given RHEL CoreOS release is included in the rhel-coreos image for that release (in OpenShift 4.12, the image is called rhel-coreos-8 instead).

It is also possible to check the packages for any other image for a given release.

Note: To check the RHEL version in which a specific RHCOS is based, refer to RHEL Versions Utilized by RHEL CoreOS.

Package list for any image, including RHEL CoreOS images

Get the image pull spec

First of all, it is need to get the pull spec of the desired image:

• For the RHEL CoreOS packages, get the pull spec with the following command (for OpenShift 4.12 releases, the image is rhel-coreos-8):

  $ oc adm release info --image-for=rhel-coreos 4.13.1
  quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d2aa8899d6ec5cd40bbe7b843027148b768f0a5b8ab091aa46958c4893814306
  

• For other images, get the pull spec in the same way. For example, for the cluster-node-tuning-operator image from OpenShift 4.10.35:

  $ oc adm release info --image-for=cluster-node-tuning-operator 4.10.35
  quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:6f27078a90cb735b853447f75b0f33753c9a1412b76f73bdf86dad3e9cf72500
  

List the packages

To list all the packages in the given image, the following can be done from a RHEL client:

• Create a temporary container based on the given image (like for example the above cluster-node-tuning-operator one) and list the packages with rpm -qa:

  # podman run --rm --authfile ${PATH_TO_AUTH_FILE} -it --entrypoint /bin/rpm quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:6f27078a90cb735b853447f75b0f33753c9a1412b76f73bdf86dad3e9cf72500 -qa
  Trying to pull quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:6f27078a90cb735b853447f75b0f33753c9a1412b76f73bdf86dad3e9cf72500...
  Getting image source signatures
  Copying blob 0aa6f2272b04 done  
  [...]
  Copying config f8421da3a5 done  
  Writing manifest to image destination
  Storing signatures
  [...]
  

• Create a temporary container based on the given image (like for example the above cluster-node-tuning-operator one) and access to it to run different commands:

  # podman run --rm --authfile ${PATH_TO_AUTH_FILE} -it --entrypoint /bin/bash quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:6f27078a90cb735b853447f75b0f33753c9a1412b76f73bdf86dad3e9cf72500
  [...]
  bash-4.4# rpm -qa
  [...]
  bash-4.4# rpm -q bash --changelog
  [...]
  

  Note: the ${PATH_TO_AUTH_FILE} is the path to the file containing the This content is not included.OpenShift pull secret (it is also in /var/lib/kubelet/config.json within the OpenShift 4 nodes). The image will automatically be pulled if it does not already exist locally.

Package list for RHEL CoreOS 4.11 and older releases

For older OpenShift releases, the package list for a given RHEL CoreOS release is included in the `machine-os-content` image for that release. Information about the various components, including the `machine-os-content` image that will be used as part of an OpenShift release, can be obtained from a cluster via the `oc` command.

For example, to find the kernel version included on RHEL CoreOS for OpenShift 4.6.15 the following can be done from a RHEL client:

1. Use oc adm release info --image-for=machine-os-content 4.6.15 to find the pull spec for the machine-os-content image:

    $ oc adm release info --image-for=machine-os-content 4.6.15
    quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:bbef966282f55837526a2c3630bdddf69cf0ac8d7387c6947958d4fb79142576
   

2. Create a temporary container based on the given machine-os-content image and check /pkglist.txt in the container's root filesystem:

    # podman run --rm --authfile ${PATH_TO_AUTH_FILE} -it --entrypoint /bin/cat quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:bbef966282f55837526a2c3630bdddf69cf0ac8d7387c6947958d4fb79142576 /pkglist.txt | grep kernel
    Trying to pull quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:bbef966282f55837526a2c3630bdddf69cf0ac8d7387c6947958d4fb79142576...
    Getting image source signatures
    Copying blob 927653fd3e6b skipped: already exists
    Copying blob 95efbc6c0025 skipped: already exists
    Copying blob 84cd755e865c done
    Copying config 660f28bc77 done
    Writing manifest to image destination
    Storing signatures
    kernel-4.18.0-193.41.1.el8_2.x86_64
    kernel-core-4.18.0-193.41.1.el8_2.x86_64
    kernel-modules-4.18.0-193.41.1.el8_2.x86_64
    kernel-modules-extra-4.18.0-193.41.1.el8_2.x86_64
   

Note: the ${PATH_TO_AUTH_FILE} is the path to the file containing the This content is not included.OpenShift pull secret (it is also in /var/lib/kubelet/config.json within the OpenShift 4 nodes). The image will automatically be pulled if it does not already exist locally.

Root Cause

The package list for a given RHEL CoreOS release is included in the machine-os-content image for that release.
The package list for a given image can be obtained from the image.

Diagnostic Steps

Get the pull spec for an image from specific OpenShift release:

$ oc adm release info --image-for=${IMAGE_NAME} {OCP_RELEASE}

Create and access to a temporary container based on the given image and access to it:

# podman run --rm --authfile ${PATH_TO_AUTH_FILE} -it --entrypoint /bin/bash ${IMAGE_PULL_SPEC}

Note: the ${PATH_TO_AUTH_FILE} is the path to the file containing the This content is not included.OpenShift pull secret. It is in /var/lib/kubelet/config.json within the OpenShift 4 nodes, so the following command can be run from an OpenShift 4 node:

# podman run --rm --authfile /var/lib/kubelet/config.json -it --entrypoint /bin/bash ${IMAGE_PULL_SPEC}

SBR

• Containers
• Shift

Product(s)

• Red Hat OpenShift Container Platform

Components

• RHCOS

Category

• Learn more

Tags

• containers
• ocp_4
• openshift
• packages

---

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.