Bug 2039241 - Improve image customization server parameter passing during installation
Summary: Improve image customization server parameter passing during installation
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Installer
Version: 4.10
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: 4.10.0
Assignee: Andrea Fasano
QA Contact: Jad Haj Yahya
URL:
Whiteboard:
Depends On: 2039227
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-01-11 10:35 UTC by Andrea Fasano
Modified: 2022-03-10 16:38 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of: 2039227
Environment:
Last Closed: 2022-03-10 16:38:34 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift installer pull 5525 0 None open Bug 2039227: [baremetal] use podman secret for image-customization server 2022-01-11 10:35:58 UTC
Red Hat Product Errata RHSA-2022:0056 0 None None None 2022-03-10 16:38:52 UTC

Description Andrea Fasano 2022-01-11 10:35:58 UTC
+++ This bug was initially created as a clone of Bug #2039227 +++

During the installation process of a baremetal IPI platform an instance of the image-customization is launched in server mode to prepare the required images for the nodes to be installed. 
Use podman secrets instead of env vars as a more robust way to pass some of the required container parameters.

Comment 3 Jad Haj Yahya 2022-01-17 09:02:45 UTC
CI job running 4.10.0-0.nightly-2022-01-13-061145 passed: https://auto-jenkins-csb-kniqe.apps.ocp-c1.prod.psi.redhat.com/job/ocp-baremetal-ipi-deployment/12396/ 

Also checked during installation on bottstrap VM:


sudo podman inspect image-customization |grep -i env -A3
            "Env": [
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
                "TERM=xterm",
                "container=oci",
--
                "--env",
                "DEPLOY_ISO=/shared/html/images/ironic-python-agent.iso",
                "--env",
                "DEPLOY_INITRD=/shared/html/images/ironic-python-agent.initramfs",
                "--env",
                "IRONIC_BASE_URL=http://10.8.1.199",
                "--env",
                "IRONIC_RAMDISK_SSH_KEY=ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFcxB/Eo+1/8CcGpsArU1NkasG3dE1R+MfmtTKqvPY7I kni.eng.rdu2.redhat.com",
                "--env",
                "IRONIC_AGENT_IMAGE=quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d94ebd7162ddc034259b432ddcca2f2bf27a0672a3b82e13db6d03433449a5f2",
                "--env",
                "IP_OPTIONS=ip=dhcp",
                "--env",
                "REGISTRIES_CONF_PATH=/tmp/containers/registries.conf",
                "--entrypoint",
                "[\"/image-customization-server\", \"--nmstate-dir=/tmp/nmstate/\", \"--images-publish-addr=http://0.0.0.0:8084\"]",

and 
sudo podman exec -it image-customization env |grep -i secret

Comment 6 errata-xmlrpc 2022-03-10 16:38:34 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:0056


Note You need to log in before you can comment on or make changes to this bug.