Apply the Custom Image to the Cluster

Step 3: Apply the Custom Image to the Cluster

With the custom image available in your registry, you can now create a MachineConfig to apply it to your OpenShift nodes. This example targets the master nodes; for a normal environment, it should target the worker nodes.

This MachineConfig does two things:

  1. It points the nodes to the new custom osImageURL.

  2. It creates a configuration file at /etc/tmpfiles.d/rsyslog.conf. This file instructs systemd-tmpfiles to create the /var/lib/rsyslog directory on boot, which is required for rsyslog to function correctly.

    1. Create the MachineConfig manifest.

      # An example of a custom image.
# Use it if you cannot finish the previous part.
# CUSTOM_IMAGE="quay.io/wangzheng422/qimgs:rhcos-4.18-rsyslog-2025.10.17-v01"

tee machine-config-rsyslog.yaml << EOF
---
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
metadata:
  labels:
    machineconfiguration.openshift.io/role: master
  name: 99-master-layered-rhcos
spec:
  config:
    ignition:
      version: 3.4.0
    storage:
      files:
        # This section defines a file to be created on the node.
        # It ensures the rsyslog working directory exists.
        - path: /etc/tmpfiles.d/rsyslog.conf
          mode: 0644
          overwrite: true
          contents:
            # The content is base64 encoded.
            # The original text is: "d /var/lib/rsyslog 0755 root root -"
            # This line instructs systemd-tmpfiles to create the directory.
            source: "data:text/plain;charset=utf-8;base64,ZCAvdmFyL2xpYi9yc3lzbG9nIDA3NTUgcm9vdCByb290IC0K"
        - path: /etc/logrotate.d/rsyslog
          mode: 0644
          overwrite: true
          contents:
            # content of this file
            # /var/log/cron
            # /var/log/maillog
            # /var/log/messages
            # /var/log/secure
            # /var/log/spooler
            # {
            #     missingok
            #     sharedscripts
            #     postrotate
            #         /usr/bin/systemctl -s HUP kill rsyslog.service >/dev/null 2>&1 || true
            #     endscript
            # }
            source: "data:text/plain;charset=utf-8;base64,L3Zhci9sb2cvY3JvbgovdmFyL2xvZy9tYWlsbG9nCi92YXIvbG9nL21lc3NhZ2VzCi92YXIvbG9nL3NlY3VyZQovdmFyL2xvZy9zcG9vbGVyCnsKICAgIG1pc3NpbmdvawogICAgc2hhcmVkc2NyaXB0cwogICAgcG9zdHJvdGF0ZQogICAgICAgIC91c3IvYmluL3N5c3RlbWN0bCAtcyBIVVAga2lsbCByc3lzbG9nLnNlcnZpY2UgPi9kZXYvbnVsbCAyPiYxIHx8IHRydWUKICAgIGVuZHNjcmlwdAp9Cg=="
        - path: /etc/rsyslog.d/remote.conf
          mode: 0644
          overwrite: true
          contents:
            # content of this file
            # if \$programname == 'crio' or \$programname == 'kubenswrapper' then {
            #     stop
            # }
            source: "data:text/plain;charset=utf-8;base64,aWYgJHByb2dyYW1uYW1lID09ICdjcmlvJyBvciAkcHJvZ3JhbW5hbWUgPT0gJ2t1YmVuc3dyYXBwZXInIHRoZW4gewogICAgc3RvcAp9Cg=="
  # Set the osImageURL to your custom-built image
  osImageURL: ${CUSTOM_IMAGE}
EOF

    2. Apply the MachineConfig to the cluster.

      oc apply -f machine-config-rsyslog.yaml

After applying the MachineConfig, the Machine Config Operator (MCO) will detect the change and begin a rolling update of the master nodes to apply the new configuration and reboot from the custom OS image.