MCO-2163: use machine-config-osimagestream to avoid hard-coding image tag names

[cheesesashimi]

This makes use of the new machine-config-osimagestream binary helper that was added to the MCO. The intent is to use this binary to look up the OS image pullspec for the default OS ImageStream.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 6bd10167-b300-4578-9b45-9b4625899c79

📥 Commits

Reviewing files that changed from the base of the PR and between 39538df and 2c71d2a.

📒 Files selected for processing (1)

• data/data/bootstrap/files/usr/local/bin/node-image-pull.sh.template

---

Walkthrough

Changes modify CoreOS image resolution in the bootstrap process. The shell script now extracts and executes a binary from the machine-config-operator image to compute the pullspec and adds explicit cleanup/trapping. Supporting Go code updates the template data structure from StreamTag to an OSImageStream typed field and sets the default SCOS OS image stream to "centos-10".

Changes

Cohort / File(s)	Summary
Bootstrap Shell Script data/data/bootstrap/files/usr/local/bin/node-image-pull.sh.template	Replaced direct image stream tag query with a multi-step flow: repeatedly resolve machine-config-operator image via image_for, create a temp dir, extract the machine-config-osimagestream binary from the MCO image using podman create/cp, invoke that binary to compute COREOS_IMAGE via get os-image-pullspec, add retries and explicit cleanup (container/image removal, tempdir) registered via an EXIT trap.
Ignition Bootstrap Refactor pkg/asset/ignition/bootstrap/common.go	Updated imports to use rhcosAsset for the RHCOS image asset, replaced bootstrapTemplateData.StreamTag string with OSImageStream types.OSImageStream, and derive OSImageStream from installConfig.Config.OSImageStream with fallback to rhcos.DefaultOSImageStream; removed earlier StreamTag computation.
RHCOS Defaults pkg/rhcos/stream_scos.go	Changed DefaultOSImageStream constant from empty "" to "centos-10" for SCOS code paths.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~22 minutes

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[pablintino]

Well, we don't want the default OS image, we need to return the OS image install-config points too.
We need to pass it by using

installer/pkg/asset/ignition/bootstrap/common.go

Line 79 in bb827bf

type bootstrapTemplateData struct {

We can use this PR to remove the StreamTag field we won't use anymore.

[cheesesashimi]

I removed the StreamTag field and tried to just use the OSImageStream field. Unless this field is explicitly set in the install-config, it will be empty. I pushed up a change that detects this case and sets it to rhcos.DefaultOSImageStream.

This made me think about what should be the source of truth for what the default OSImageStream is: Should it be the OSImageStream code in the MCO repo? Or should it be the installer code?

We can likely defer that decision for now because the way that both the installer and MCO code is written, it shouldn't matter much. Nevertheless, it is something we should think about.

[pablintino]

Can't we rely on the defaults? (Just asking not a blocking question or ask for change)

[cheesesashimi]

In #10406, I don't think we can rely on the defaults since machine-config-osimagestream will be running containerized. However, I think we can rely on the defaults here. I need to look at https://github.com/containers/image to see if there is a SetDefaultValues() function someplace for types.SystemContext. If not, then I'll put these values into the machine-config-osimagestream entrypoint as the default values.

[patrickdillon]

What's bad about hardcoding the images? Is it because there are potentially more streams than rhcos9 & rhcos10, and we don't want to teach the installer about all of those?

[openshift-ci-robot]

@cheesesashimi: This pull request references MCO-2163 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.22.0" version, but no target version was set.

Details

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci-robot]

@cheesesashimi: This pull request references MCO-2163 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.22.0" version, but no target version was set.

Details

In response to this:

This makes use of the new machine-config-osimagestream binary helper that was added to the MCO. The intent is to use this binary to look up the OS image pullspec for the default OS ImageStream.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[cheesesashimi]

/jira-refresh

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

pkg/rhcos/stream_scos.go (1)

7-8: Don't widen types.OSImageStream with a SCOS-only literal

types.OSImageStream is documented and validated as rhel-9/rhel-10, but this default introduces "centos-10" under the same type. pkg/asset/ignition/bootstrap/common.go:402-430 now forwards that value into template data, so future code can no longer rely on the type’s declared value set. Prefer a separate internal string/enum for the MCO helper stream name instead of reusing the install-config type.

As per coding guidelines, "Focus on major issues impacting performance, readability, maintainability and security. Avoid nitpicks and avoid verbosity."

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/rhcos/stream_scos.go` around lines 7 - 8, DefaultOSImageStream currently
broadens the allowed values of types.OSImageStream by assigning a SCOS-only
literal ("centos-10"); instead create a separate internal constant (e.g.,
scosMCOStreamName string or a dedicated type) for the SCOS/MCO helper stream and
revert DefaultOSImageStream to only valid types.OSImageStream values, then
update callers that currently consume DefaultOSImageStream (the code path that
forwards the stream into template data) to use the new internal constant for
SCOS-specific logic instead of the types.OSImageStream-typed constant.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@data/data/bootstrap/files/usr/local/bin/node-image-pull.sh.template`:
- Around line 13-20: The extraction can leave a dangling container named
mco-osimagestream if podman cp fails, so make the process idempotent: generate a
unique container name (e.g., CONTAINER_NAME variable instead of the fixed
mco-osimagestream), register cleanup with trap to remove the container and
TEMP_DIR on exit (successful or error) and run podman rm in the trap so cleanup
always happens even when set -e aborts; update the extraction block that uses
podman create, podman cp and podman rm (and the similar block at lines 37-38) to
use the new CONTAINER_NAME and the trap-based cleanup.

---

Nitpick comments:
In `@pkg/rhcos/stream_scos.go`:
- Around line 7-8: DefaultOSImageStream currently broadens the allowed values of
types.OSImageStream by assigning a SCOS-only literal ("centos-10"); instead
create a separate internal constant (e.g., scosMCOStreamName string or a
dedicated type) for the SCOS/MCO helper stream and revert DefaultOSImageStream
to only valid types.OSImageStream values, then update callers that currently
consume DefaultOSImageStream (the code path that forwards the stream into
template data) to use the new internal constant for SCOS-specific logic instead
of the types.OSImageStream-typed constant.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 3c472bbc-f9be-4878-b286-c618bb3ef4a9

📥 Commits

Reviewing files that changed from the base of the PR and between 4acb8b9 and 39538df.

📒 Files selected for processing (3)

• data/data/bootstrap/files/usr/local/bin/node-image-pull.sh.template
• pkg/asset/ignition/bootstrap/common.go
• pkg/rhcos/stream_scos.go

[jlebon]

Hmm, but note this adds another image we have to pull down here before we get to pivot. So I expect this to slightly affect bootstrapping time.

I guess this is pretty far along now, but wouldn't a cleaner design here be to put the machine-config-osimagestream helper stuff in the CVO? It already has an image command (which is what image_for uses) that's very similar to what we need here. E.g. a new command like osimage --stream {{ .OSImageStream }} which returns the pullspec of the right OS image.

[cheesesashimi]

Yeah, I agree that the CVO would be a better long-term place for this to live. The bigger problem that we'll need to solve is that there is some common code for working with OSImageStreams that would need to live in both the CVO and the MCO. And ideally, we'd be able to find a home for that code.

[jlebon]

Nothing a little golang package import can't solve I would think? :)

[jlebon]

We need to be memory-conscious here because we could also be running live, which means that all that content is living in RAM. E.g. SNO has strict memory requirements.

So probably we want to just podman rmi the MCO image entirely here once we've extracted out the binary.

[cheesesashimi]

This is a really good point, thanks!

[jlebon]

Looks sane to me overall!

[jlebon]

Nothing a little golang package import can't solve I would think? :)

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: jlebon
Once this PR has been reviewed and has the lgtm label, please assign zaneb for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[cheesesashimi]

/retest-required

[openshift-ci]

@cheesesashimi: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-aws-ovn	2c71d2a	link	true	/test e2e-aws-ovn

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.