Bug 2216974
| Summary: | [RFE] Allow the usage of userdata + finish scripts on image based provisioning | ||
|---|---|---|---|
| Product: | Red Hat Satellite | Reporter: | Joniel Pasqualetto <jpasqual> |
| Component: | Provisioning | Assignee: | satellite6-bugs <satellite6-bugs> |
| Status: | CLOSED MIGRATED | QA Contact: | Satellite QE Team <sat-qe-bz-list> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 6.12.4 | CC: | ahumbe, mhulan, rlavi, satellite6-bugs, shwsingh, sshtein, steven.w-ctr.mercurio, thadzhie |
| Target Milestone: | Unspecified | Keywords: | FutureFeature, MigratedToJIRA |
| Target Release: | Unused | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2024-06-06 16:23:00 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Joniel Pasqualetto
2023-06-23 13:28:17 UTC
In my environment we are NOT allowed to install or run cloud-init due to security not allowing it which is the same for DHCP. In this case there seems to be NO way for Sat6 after provisioning to change the hostname or IP which is all I would use userdata for as the rest is post script. What COULD work is for Sat6 to NIT need userdata at all and use the VMware OS customization script to set the IP and hostname just like I do when I create a VM from a template which is the template that Sat6 would be using. Sat6 could even have a tab for customization scripts so Sat6 could create and manage them so it would know exactly what is there to be able to use it. The really ONLY issue I have is the inability to change the IP as even the hostname I could alter in a post script but Sat6 has to be able to get to the VM first. One possible "FIX" also would be if userdata could just do the hostname and IP change then render and push the finish script to a file in /root/ and then set that file to run at boot with the first step in the post script being to remove the setting to run the script at boot. Also part of that could be adding a snippet that sets a desired file name to run at boot with another snippet to remove the setting to run that file at boot and a snippet to render then deploy a script as a file with a given file name that gets marked as executable. This would be a HUGE help as sometimes you want to do a full update then reboot before proceeding and you may need to reboot more than once for a full deployment. The main thing though is just getting the userdata script to cat out the post into a file and either run it or make it run at boot and reboot after userdata has changed the IP (and hostname if possible as well) of the system. Another possabile fix also is to have Sat6 render the post script to a file and put that file on the www space in sat6 then the userdata script changes the hostname/IP, wget's the script to /root/, marks it as exe or runs it with "/usr/bin/bash /root/<script name>" Steven, I assume your image would have then built-in the logic to download such file from Satellite's web server and execute it, correct? I think you could pretty much do that today, the provisioning template (e.g. userdata) can be rendered on-demand for the machine that is in build mode. It authenticates using the provisioning token (which would always differ, so not practical in case of images) or by IP of the request origin. In other words, your image can ask for https://satellite.example.com/unattended/userdata, if the Host IP matches and it's in the build mode, it should get the rendered version of the template. Hello The idea of this RFE is to allow Satellite to run a finish script (like we do when not using userdata). One of the premises from the customer that lead me to create this is that they don't want (or for some reason can't) modify the base image being used as template. Not being able to modify the image, implies that there is no logic inside the image to download a script to run. If that was the case (the ability to modify the base image), it would be easier to simply use cloud-init, which will do exactly this. What is being asked is the ability to provision with an image and: 1. inform a userdata template (not cloud-init, think about using "UserData open-vm-tools" ), which will configure networking 2. run a finish script via ssh (think about "Kickstart default finish") initiated by Satellite, connecting to the new created VM to finish customization Comment from Steven: Can not log in like I used to "as red Hat customer" to BZ but to answer question: YES I can NOT mod the image and should NOT have to and we do NOT and will/can NOT use cloud int. What should happen is simple. VMware works with the Sat6 server to provision the VM and use the customization setup that I use if I manually create the VM that allows me to set the network data then Sat6 is given the root login data and is allowed to ssh in as root to run a post script. We typically are NOT allowed to run DHCP by security but I am looking into testing is a separate space using Sat6 as the DHCP server and ONLY editing the image to have MAC LOCKED DHCP (DHCP server in Sat6 or capsule has no DHCP range so only responds to known given MAC addresses) be the default with the express intention that the Sat6 post script comes in and alters that to make it static IP. YES I can NOT mod the image and should NOT have to. Also we do NOT and will/can NOT use cloud int. What should happen is simple. VMware works with the Sat6 server to provision the VM and use the customization setup that I use if I manually create the VM that allows me to set the network data then Sat6 is given the root login data and is allowed to ssh in as root to run a post script. We typically are NOT allowed to run DHCP by security but I am looking into testing is a separate space using Sat6 as the DHCP server and ONLY editing the image to have MAC LOCKED DHCP (DHCP server in Sat6 or capsule has no DHCP range so only responds to known given MAC addresses) be the default with the express intention that the Sat6 post script comes in and alters that to make it static IP. So the ideal flow in this case would be to allow using the combination of open-vm-tools and finish template. Today we only allow open-vm-tools + cloud-init (both user data templates are in a single chain). That way, the open-vm-tools would configure the networking, then Satellite connects through SSH. Meanwhile, for the scenario described in comment 2 a comment 5 should be the solution. This BZ has been automatically migrated to the issues.redhat.com Red Hat Issue Tracker. All future work related to this report will be managed there. Due to differences in account names between systems, some fields were not replicated. Be sure to add yourself to Jira issue's "Watchers" field to continue receiving updates and add others to the "Need Info From" field to continue requesting information. To find the migrated issue, look in the "Links" section for a direct link to the new issue location. The issue key will have an icon of 2 footprints next to it, and begin with "SAT-" followed by an integer. You can also find this issue by visiting https://issues.redhat.com/issues/?jql= and searching the "Bugzilla Bug" field for this BZ's number, e.g. a search like: "Bugzilla Bug" = 1234567 In the event you have trouble locating or viewing this issue, you can file an issue by sending mail to rh-issues. You can also visit https://access.redhat.com/articles/7032570 for general account information. ALL, The new Jira link for this is here: https://issues.redhat.com/browse/SAT-18645 |