Bug 2039241 - Improve image customization server parameter passing during installation
Summary: Improve image customization server parameter passing during installation
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Installer
Version: 4.10
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: 4.10.0
Assignee: Andrea Fasano
QA Contact: Jad Haj Yahya
Depends On: 2039227
TreeView+ depends on / blocked
Reported: 2022-01-11 10:35 UTC by Andrea Fasano
Modified: 2022-03-10 16:38 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of: 2039227
Last Closed: 2022-03-10 16:38:34 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Github openshift installer pull 5525 0 None open Bug 2039227: [baremetal] use podman secret for image-customization server 2022-01-11 10:35:58 UTC
Red Hat Product Errata RHSA-2022:0056 0 None None None 2022-03-10 16:38:52 UTC

Description Andrea Fasano 2022-01-11 10:35:58 UTC
+++ This bug was initially created as a clone of Bug #2039227 +++

During the installation process of a baremetal IPI platform an instance of the image-customization is launched in server mode to prepare the required images for the nodes to be installed. 
Use podman secrets instead of env vars as a more robust way to pass some of the required container parameters.

Comment 3 Jad Haj Yahya 2022-01-17 09:02:45 UTC
CI job running 4.10.0-0.nightly-2022-01-13-061145 passed: https://auto-jenkins-csb-kniqe.apps.ocp-c1.prod.psi.redhat.com/job/ocp-baremetal-ipi-deployment/12396/ 

Also checked during installation on bottstrap VM:

sudo podman inspect image-customization |grep -i env -A3
            "Env": [
                "IRONIC_RAMDISK_SSH_KEY=ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFcxB/Eo+1/8CcGpsArU1NkasG3dE1R+MfmtTKqvPY7I kni.eng.rdu2.redhat.com",
                "[\"/image-customization-server\", \"--nmstate-dir=/tmp/nmstate/\", \"--images-publish-addr=\"]",

sudo podman exec -it image-customization env |grep -i secret

Comment 6 errata-xmlrpc 2022-03-10 16:38:34 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.