Bug 2039227 - Improve image customization server parameter passing during installation
Summary: Improve image customization server parameter passing during installation
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Bare Metal Hardware Provisioning
Version: 4.10
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: 4.10.0
Assignee: Andrea Fasano
QA Contact: Jad Haj Yahya
URL:
Whiteboard:
Depends On:
Blocks: 2039241
TreeView+ depends on / blocked
 
Reported: 2022-01-11 10:11 UTC by Andrea Fasano
Modified: 2022-03-10 16:38 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of:
: 2039241 (view as bug list)
Environment:
Last Closed: 2022-03-10 16:38:34 UTC
Target Upstream Version:
Embargoed:
afasano: needinfo-

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift image-customization-controller pull 30 0 None open Fetch secret from mounted file when env var is not specified 2022-01-11 10:11:20 UTC
Red Hat Product Errata RHSA-2022:0056 0 None None None 2022-03-10 16:38:52 UTC

Description Andrea Fasano 2022-01-11 10:11:20 UTC 
During the installation process of a baremetal IPI platform an instance of the image-customization is launched in server mode to prepare the required images for the nodes to be installed. 
Use podman secrets instead of env vars as a more robust way to pass some of the required container parameters.
Comment 3 Jad Haj Yahya 2022-01-17 06:13:08 UTC 
Please provide steps to reproduce/verify
Comment 4 Andrea Fasano 2022-01-17 08:20:19 UTC 
This bug requires https://bugzilla.redhat.com/show_bug.cgi?id=2039241 for a complete end-to-end verification, since it uses the new injection
mechanism introduced in this bz from the installer.  Its related CI jobs could be checked to verify that it's properly working 
(otherwise the bootstrap would have been failed).
Comment 5 Jad Haj Yahya 2022-01-17 09:02:10 UTC 
CI job running 4.10.0-0.nightly-2022-01-13-061145 passed: https://auto-jenkins-csb-kniqe.apps.ocp-c1.prod.psi.redhat.com/job/ocp-baremetal-ipi-deployment/12396/ 

Also checked during installation on bottstrap VM:


sudo podman inspect image-customization |grep -i env -A3
            "Env": [
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
                "TERM=xterm",
                "container=oci",
--
                "--env",
                "DEPLOY_ISO=/shared/html/images/ironic-python-agent.iso",
                "--env",
                "DEPLOY_INITRD=/shared/html/images/ironic-python-agent.initramfs",
                "--env",
                "IRONIC_BASE_URL=http://10.8.1.199",
                "--env",
                "IRONIC_RAMDISK_SSH_KEY=ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFcxB/Eo+1/8CcGpsArU1NkasG3dE1R+MfmtTKqvPY7I kni.eng.rdu2.redhat.com",
                "--env",
                "IRONIC_AGENT_IMAGE=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d94ebd7162ddc034259b432ddcca2f2bf27a0672a3b82e13db6d03433449a5f2",
                "--env",
                "IP_OPTIONS=ip=dhcp",
                "--env",
                "REGISTRIES_CONF_PATH=/tmp/containers/registries.conf",
                "--entrypoint",
                "[\"/image-customization-server\", \"--nmstate-dir=/tmp/nmstate/\", \"--images-publish-addr=http://0.0.0.0:8084\"]",

and 
sudo podman exec -it image-customization env |grep -i secret
Comment 8 errata-xmlrpc 2022-03-10 16:38:34 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:0056
Note You need to log in before you can comment on or make changes to this bug.