Child process exited with code 1 during RHOCP cluster upgrade

Modified on Wed, 26 Jun at 2:11 PM

Customers running OpenShift may have installed OpenShift 4 Machine Config for Gremlin Chaos Engineering Platform  (gremlin-ocp4-mc)


This machine operator was necessary for older versions of OpenShift (4.1 - 4.6)

The Gremlin machine operator is no longer required and should be removed from all nodes within the cluster.


$ oc get mc/96-worker-gremlin-semodule > /tmp/96-worker-gremlin-semodule_backup.yaml. --->  it will create backup of mc in /tmp directory

$ oc delete mc/96-worker-gremlin-semodule


    For OpenShift, whenever hostPID=true, custom SELinux policies are ignored in favor of using the spc_t process label. In short, when hostPID=true, Gremlin does not need any custom SELinux policies.


    Earlier versions of Gremlin allowed for some functionality to work when hostPID=false, and we even would install with this set to false by default in favor of using the least amount of privileges possible. Over time, the need for always setting hostPID=true became obvious for us to accomplish all of the container targeting features reliably (especially with the removal of runc). 


    Today, we consider hostPID=true a requirement for container attacks on any platform and as a result no longer have a need for custom SELinux profiles on OpenShift.

RedHat has a KB article about this as well. Gremlin customers should just remove this machine operator before upgrading their RHOCP clusters 

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons

Feedback sent

We appreciate your effort and will try to fix the article