Bug 2078531
| Summary: | iPXE artifacts need to be served via HTTP | |||
|---|---|---|---|---|
| Product: | Red Hat Advanced Cluster Management for Kubernetes | Reporter: | Vadim Rutkovsky <vrutkovs> | |
| Component: | Infrastructure Operator | Assignee: | Vadim Rutkovsky <vrutkovs> | |
| Status: | CLOSED ERRATA | QA Contact: | Chad Crum <ccrum> | |
| Severity: | medium | Docs Contact: | Derek <dcadzow> | |
| Priority: | medium | |||
| Version: | rhacm-2.6 | CC: | cbynum, ccrum, mfilanov, ncarboni, trwest, vkolodny, yfirst | |
| Target Milestone: | --- | Flags: | cbynum:
rhacm-2.6+
cbynum: rhacm-2.6.z+ |
|
| Target Release: | rhacm-2.6 | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | ||
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 2089195 (view as bug list) | Environment: | ||
| Last Closed: | 2022-09-06 22:30:54 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 2089195 | |||
|
Description
Vadim Rutkovsky
2022-04-25 14:23:56 UTC
https://github.com/openshift/assisted-service/pull/3705 adds new .spec.iPXEHTTPRoute setting (accepting "enabled/disabled", defaults to disabled) which creates HTTP routes and ensures only required artifacts can be fetched via HTTP. Known issue: existing InfraEnvs won't be updated - links would be displayed as https (artifacts can be fetched via http). Workaround: re-create InfraEnv @vrutkovs I have tested the solution with upstream (latest) and I can see that the port 80 is "listening" but the artifacts cannot be downloaded (getting 503) [kni@provisionhost-0-0 ~]$ nc -v assisted-image-service-assisted-installer.apps.ocp-edge-cluster-0.qe.lab.redhat.com 80 Ncat: Version 7.70 ( https://nmap.org/ncat ) Ncat: Connected to 192.168.123.10:80. cat wget-log --2022-06-02 17:53:17-- http://assisted-service-assisted-installer.apps.ocp-edge-cluster-0.qe.lab.redhat.com/api/assisted-install/v2/infra-envs/14540a1a-ff8b-4a3c-a372-6025f3ed8a37/downloads/files?api_key=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJpbmZyYV9lbnZfaWQiOiIxNDU0MGExYS1mZjhiLTRhM2MtYTM3Mi02MDI1ZjNlZDhhMzcifQ.6W699OHYrZS9z5TUm3P4on2vQBWXfJKN6j0W8jowD4HjuntjMnlqkkHAQIf9VWUDR1ZdnwuzvknEFslFqlNVAA Resolving assisted-service-assisted-installer.apps.ocp-edge-cluster-0.qe.lab.redhat.com (assisted-service-assisted-installer.apps.ocp-edge-cluster-0.qe.lab.redhat.com)... 192.168.123.10 Connecting to assisted-service-assisted-installer.apps.ocp-edge-cluster-0.qe.lab.redhat.com (assisted-service-assisted-installer.apps.ocp-edge-cluster-0.qe.lab.redhat.com)|192.168.123.10|:80... connected. HTTP request sent, awaiting response... 503 Service Unavailable 2022-06-02 17:53:17 ERROR 503: Service Unavailable. After adding `iPXEHTTPRoute: enabled` to the AgentServiceConfig and re-creating an ACI, the http ipxe bootartifact showed up in the infraenv and I was able to download it via http.
This was using latest upstream (aka 2.6 release branch) of assisted service.
oc get infraenv chub-4 -o yaml
bootArtifacts:
ipxeScript: http://assisted-service-assisted-installer.apps.ocp-edge-cluster-assisted-0.qe.lab.redhat.com/api/assisted-install/v2/infra-envs/5e3ddae7-68ce-4658-80bd-7a052aae3577/downloads/files?api_key=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJpbmZyYV9lbnZfaWQiOiI1ZTNkZGFlNy02OGNlLTQ2NTgtODBiZC03YTA1MmFhZTM1NzcifQ.BM94lSQxXPpfVMMhGQ6lW7BYPT2e9DmElL2-fn90q9lzqzFSWEbxbVxbmRq1GB4zdUxmF1NKfAjKrlCwOpV1lQ&file_name=ipxe-script
[kni@provisionhost-0-0 tmp]$ curl 'http://assisted-service-assisted-installer.apps.ocp-edge-cluster-assisted-0.qe.lab.redhat.com/api/assisted-install/v2/infra-envs/5e3ddae7-68ce-4658-80bd-7a052aae3577/downloads/files?api_key=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJpbmZyYV9lbnZfaWQiOiI1ZTNkZGFlNy02OGNlLTQ2NTgtODBiZC03YTA1MmFhZTM1NzcifQ.BM94lSQxXPpfVMMhGQ6lW7BYPT2e9DmElL2-fn90q9lzqzFSWEbxbVxbmRq1GB4zdUxmF1NKfAjKrlCwOpV1lQ&file_name=ipxe-script'
#!ipxe
initrd --name initrd http://assisted-image-service-assisted-installer.apps.ocp-edge-cluster-assisted-0.qe.lab.redhat.com/images/5e3ddae7-68ce-4658-80bd-7a052aae3577/pxe-initrd?api_key=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJpbmZyYV9lbnZfaWQiOiI1ZTNkZGFlNy02OGNlLTQ2NTgtODBiZC03YTA1MmFhZTM1NzcifQ.dA5Dj6IcGUCr_kfAmyWr7axf-bKhTkLQsetKccRUJvGC2jrrt6KPkNkqP76OQBKclUTLv5ei6qOmIbi_y1BxVw&arch=x86_64&version=4.10
kernel http://assisted-image-service-assisted-installer.apps.ocp-edge-cluster-assisted-0.qe.lab.redhat.com/boot-artifacts/kernel?arch=x86_64&version=4.10 initrd=initrd coreos.live.rootfs_url=http://assisted-image-service-assisted-installer.apps.ocp-edge-cluster-assisted-0.qe.lab.redhat.com/boot-artifacts/rootfs?arch=x86_64&version=4.10 random.trust_cpu=on rd.luks.options=discard ignition.firstboot ignition.platform.id=metal console=tty1 console=ttyS1,115200n8 coreos.inst.persistent-kargs="console=tty1 console=ttyS1,115200n8"
boot
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: Red Hat Advanced Cluster Management 2.6.0 security updates and bug fixes), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:6370 The needinfo request[s] on this closed bug have been removed as they have been unresolved for 365 days |