Bug 2039241

Summary: Improve image customization server parameter passing during installation
Product: OpenShift Container Platform Reporter: Andrea Fasano <afasano>
Component: InstallerAssignee: Andrea Fasano <afasano>
Installer sub component: OpenShift on Bare Metal IPI QA Contact: Jad Haj Yahya <jhajyahy>
Status: CLOSED ERRATA Docs Contact:
Severity: high    
Priority: high CC: aos-bugs, augol, jhajyahy, zbitter
Version: 4.10Keywords: Triaged
Target Milestone: ---   
Target Release: 4.10.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: 2039227 Environment:
Last Closed: 2022-03-10 16:38:34 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2039227    
Bug Blocks:    

Description Andrea Fasano 2022-01-11 10:35:58 UTC 
+++ This bug was initially created as a clone of Bug #2039227 +++

During the installation process of a baremetal IPI platform an instance of the image-customization is launched in server mode to prepare the required images for the nodes to be installed. 
Use podman secrets instead of env vars as a more robust way to pass some of the required container parameters.
Comment 3 Jad Haj Yahya 2022-01-17 09:02:45 UTC 
CI job running 4.10.0-0.nightly-2022-01-13-061145 passed: https://auto-jenkins-csb-kniqe.apps.ocp-c1.prod.psi.redhat.com/job/ocp-baremetal-ipi-deployment/12396/ 

Also checked during installation on bottstrap VM:


sudo podman inspect image-customization |grep -i env -A3
            "Env": [
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
                "TERM=xterm",
                "container=oci",
--
                "--env",
                "DEPLOY_ISO=/shared/html/images/ironic-python-agent.iso",
                "--env",
                "DEPLOY_INITRD=/shared/html/images/ironic-python-agent.initramfs",
                "--env",
                "IRONIC_BASE_URL=http://10.8.1.199",
                "--env",
                "IRONIC_RAMDISK_SSH_KEY=ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFcxB/Eo+1/8CcGpsArU1NkasG3dE1R+MfmtTKqvPY7I kni.eng.rdu2.redhat.com",
                "--env",
                "IRONIC_AGENT_IMAGE=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d94ebd7162ddc034259b432ddcca2f2bf27a0672a3b82e13db6d03433449a5f2",
                "--env",
                "IP_OPTIONS=ip=dhcp",
                "--env",
                "REGISTRIES_CONF_PATH=/tmp/containers/registries.conf",
                "--entrypoint",
                "[\"/image-customization-server\", \"--nmstate-dir=/tmp/nmstate/\", \"--images-publish-addr=http://0.0.0.0:8084\"]",

and 
sudo podman exec -it image-customization env |grep -i secret
Comment 6 errata-xmlrpc 2022-03-10 16:38:34 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:0056