ova: fix Photon 5 distro-sync failure due to alternatives/chkconfig conflict#1989
Conversation
k8s-ci-robot
added
the
size/XS
|
vsphere-iso.vsphere: timeout waiting for IP address in photon job. /retest |
|
Unknown CLA label state. Rechecking for CLA labels. Send feedback to sig-contributor-experience at kubernetes/community. /check-cla |
k8s-ci-robot
added
the
cncf-cla: yes
…onflict iptables-1.8.13-2.ph5 and ebtables-2.0.11-4.ph5 now require the alternatives package (introduced by Broadcom on April 9, 2026). The Photon 5 minimal installation ships chkconfig which conflicts with the new alternatives package, so it cannot be installed directly. The fix installs alternatives via Ansible with --allowerasing before distro-sync runs. This atomically replaces chkconfig with alternatives, satisfying the iptables/ebtables dependency and allowing distro-sync to complete successfully. Validated with a live vSphere build against the testbed. Ref: vmware/photon#1646 Made-with: Cursor
knabben
force-pushed
the
photon-5-add-alternatives
branch
from
bfd764d to
b495b4e
Compare
knabben
changed the title
The setup role fix covers firstboot.yml, but vmware-photon.yml runs in node.yml (the second playbook) via the providers role. Add the same alternatives --allowerasing step before the cloud-init install so the fix is present even when node.yml is run independently. Suggested-by: bhllamoreaux Made-with: Cursor
k8s-ci-robot
added
size/S
knabben
changed the title
k8s-ci-robot
added
the
do-not-merge/work-in-progress
|
A possible simplification: instead of a separate - name: Perform a tdnf distro-sync
ansible.builtin.command: tdnf distro-sync -y --refresh --allowerasingThat lets tdnf handle the chkconfig→alternatives swap atomically as part of the sync, in one step. It also removes the need for the second change in |
|
/retest |
|
@knabben if you want to remove the |
knabben
changed the title
k8s-ci-robot
removed
the
do-not-merge/work-in-progress
k8s-ci-robot
added
the
lgtm
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: mboersma The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
|
/test pull-ova-all Just to be sure. |
5 participants
Change description
`iptables-1.8.13-2.ph5` and `ebtables-2.0.11-4.ph5` in the Photon 5 package repository now explicitly require the `alternatives` package (introduced by Broadcom on April 9, 2026 — see iptables.spec).
The Photon 5 minimal ISO includes `chkconfig`, which conflicts with `alternatives` (alternatives is its replacement). Simply adding `alternatives` to the kickstart hangs the Photon installer due to the conflict.
Fix: Install `alternatives --allowerasing` (atomically replacing `chkconfig`) via Ansible before any `tdnf` install or `distro-sync` commands run. Applied in two places:
Related issues
Additional context
Root cause chain:
Why not the kickstart? Adding `alternatives` to `ks.json.tmpl` causes the Photon minimal ISO installer to hang (the conflict with `chkconfig` is hit during kickstart package resolution, before the OS boots). The Ansible approach avoids this.
Validated with a live vSphere build against a Nimbus testbed — the `distro-sync` step and cloud-init install both complete successfully and the full `photon-5-kube-v1.34.3` OVA is produced.
The upstream fix (vmware/photon#1646) would be to add `Obsoletes: chkconfig` + `Provides: chkconfig` to `alternatives.spec` so `tdnf` handles the transition automatically — making this workaround unnecessary in a future Photon 5 release.