Remove the interactive disconnected workflow type. The appliance
embeds registries.conf and CA certificates directly in the system ignition
for bootstrap, eliminating the need for a separate workflow type.
Key changes:
Command-line interface:
- Remove --interactive flag from unconfigured-ignition command
- Remove ContextWrapper and workflow context management
Workflow handling:
- Simplify to always use AgentWorkflowTypeInstall for unconfigured ignition
- Remove AgentWorkflowTypeInstallInteractiveDisconnected constant
- Remove workflow type switching logic in UnconfiguredIgnition
- Remove workflow dependency from UnconfiguredIgnition asset
Mirror configuration:
- Remove RegistriesConf and CaBundle dependencies from UnconfiguredIgnition
- Remove addMirrorData() call (appliance provides this)
- Remove early returns for interactive workflow in mirror assets
Testing:
- Remove interactive-disconnected-workflow test case
- Remove with-mirror-configs test case from unconfigured ignition tests
- Update default dependencies in test helpers
Rationale:
The OVE appliance provides a more robust solution for disconnected
installations by embedding all necessary configuration (registries,
certificates, UI) directly in the appliance image. This approach:
- Eliminates workflow type complexity
- Decouples installer and appliance repositories
- Simplifies the codebase by removing conditional logic
- Aligns with the architecture where MCO manages post-bootstrap config
After first node reboot, the Machine Config Operator manages registry
configuration and trust bundles via IDMS/IDMT resources.
Commit message text generated by: Claude AI <noreply@anthropic.com>
The testscript framework needs environment variables explicitly passed
through to the test environment. This adds passthrough for proxy variables
(HTTP_PROXY, HTTPS_PROXY, NO_PROXY and lowercase variants) that may be set
by the sandbox or CI environment.
Without these, integration tests running behind a proxy would fail with
network DNS resolution failures when attempting to download resources.
Assisted-by: Claude Code
The integration test setup was not passing through the XDG_CACHE_HOME
environment variable to the test environment, causing tests to fall
back to $HOME/.cache for caching downloaded files. This caused test
failures in environments where $HOME/.cache is not writable but
XDG_CACHE_HOME points to a writable location.
This change ensures that if XDG_CACHE_HOME is set in the test runner's
environment, it is passed through to the integration test environment,
allowing tests to respect the XDG Base Directory specification.
Assisted-by: Claude Code
Remove vCenter credentials from agent installer validation tests to
prevent network connection attempts during unit tests. The tests now
validate that credential fields are required when any credential field
is specified, in addition to their original validation logic.
This change reduces test execution time from 60-180 seconds to under
1 second while maintaining test validity. The tests still verify the
same validation errors they were designed to check, plus additional
credential validation.
Also updated test domains from test.vcenter.com to vcenter.test for
consistency with RFC 2606 reserved test domains.
Assisted-by: Claude Code
PowerVC is an OpenStack based cloud provider with some significant
differences. Since we can use the OpenStack provider for most of the
work, we will create a thin provider which will only handle the
differences.
Changes in the apimachinery and client-go packages broke our unit
tests after upgrade. client-go stopped serializing the empty
preferences: {} field for the kubeconfig. apimachinery, with
c58e197ee8
caused much more extensive breakage by changing the format with
which errors are returned, and our unit tests hard code the
expected error messages.
For the most part, I used claude to fix these issues, and here
is the summary it created:
Changes Made
Root Cause: The k8s apimachinery package (errors.go:93-96) now uses json.Marshal()
to format BadValue in error messages instead of Go's native format. Error Format Changes:
Arrays: []string{"a", "b"} → ["a","b"] (JSON format, no spaces)
Nil values: []string(nil) → null
Structs: aws.Subnet{ID:"x", Roles:...} → {"id":"x"} (JSON with lowercase keys)
Custom types: gcp.OSImage{Name:"x", Project:"y"} → {"name":"x","project":"y"}
Previously when agent-tui filled this in as a template, an IPv6
rendezvous IP was not handled correctly.
Also, the Rendezvous IP needs to be canonicalized when the installer
fills in the template.
added support for arbiter installs to ABI flow, we currently do not
support installing TechPreview featureSet with agent based install, this
includes adding that capability for overriding featureSet to be passed
to the assisted service.
Signed-off-by: ehila <ehila@redhat.com>
For the agent-based installer OVE UI, the password files should also
be created at boot via the 'agent create certificates' command. The
kubeadmin-password and hash will be stored in the tls dir so that
assisted-service does not regenerate them each time the call to
GenerateInstallConfig is invoked.
Update Kubeconfig with API or API-Int LB IP based on whether the
cluster is public or private respectively. This updated Kubeconfig
can be used to reach API server from the install host when
cutsom-DNS is enabled and there is no external DNS yet.
* gather: allow unconditional gather in CI
In CI, we want to collect an installer log bundle so we can examine
bootstrap logs that aren't retrievable from anywhere else. This is
especially important for problems that might happen during early
install.
* Update cmd/openshift-install/create.go
Co-authored-by: Patrick Dillon <pdd@redhat.com>
---------
Co-authored-by: Patrick Dillon <pdd@redhat.com>
Waiting for the etcd bootstrap member to be removed from the etcd cluster has a timeout of five
minutes, unless the overall timeout is reached first. This was apparently sufficient for most cases
when the check was only in effect for single-node clusters, but it occasionally times out on HA
clusters. Enforcing a timeout for this step alone is fragile. It is important to guarantee that the
bootstrap resources are not torn before the etcd bootstrap member has been removed from the etcd
cluster. The time spent waiting for it to happen will fluctuate based on how long it takes for the
etcd operator to observe that it is safe to proceed without losing quorum.
Removed custom agent wait-for install-complete code.
Moved installer WaitForInstallComplete function from
cmd/openshift-install/main to cmd/openshift-install/command so
that the function can be made public.
Modified agent.newWaitForInstallCompleted() to use the common
WaitForInstallComplete function.
The benefit of moving agent over to the common
WaitForInstallComplete function is that the common function has a
step to wait for operators to be in a stable state before calling
the cluster installation complete.
If proxy is defined in install-config, add the RendezvousIP to the
noproxy field in the generated manifests to ensure the Rendezvous
host can be accessed.
This is an additional fix beyond https://github.com/openshift/installer/pull/9083
as it was found that when just setting the IP in 10-default-env.conf it did not
get passed to the assisted-installer when it was started.
