snc: Add logic to create /User top level directory for OCP

Since OCP now moved to use bootc where top level directory is immutable
and `chattr -i /` doesn't work as it worked before so only option is to
create a custom-os image and deploy that as part of day-2 operation.

More details : #1041 (comment)

Author: praveenkumar

snc.sh

@@ -241,6 +241,39 @@ retry ${OC} delete mc chronyd-mask
 # Wait for the cluster again to become stable because of all the patches/changes
 wait_till_cluster_stable
 
+# This section is used to create a custom-os image which have `/Users`
+# For more details check https://github.com/crc-org/snc/issues/1041#issuecomment-2785928976
+# This should be performed before removing pull secret
+# Unsetting KUBECONFIG is required because it has default `system:admin` user which doesn't able to create
+# token to login to registry and kubeadmin user is required for that.
+unset KUBECONFIG
+RHCOS_IMAGE=$(${OC} adm release info -a ${OPENSHIFT_PULL_SECRET_PATH} ${OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE} --image-for=rhel-coreos)
+cat << EOF > ${INSTALL_DIR}/Containerfile
+FROM scratch
+RUN ln -sf var/Users /Users && mkdir /var/Users
+EOF
+podman build --from ${RHCOS_IMAGE} --authfile ${OPENSHIFT_PULL_SECRET_PATH} -t default-route-openshift-image-registry.apps-crc.testing/openshift-machine-config-operator/rhcos:latest --file ${INSTALL_DIR}/Containerfile .
+retry ${OC} login -u kubeadmin -p $(cat ${INSTALL_DIR}/auth/kubeadmin-password) --insecure-skip-tls-verify=true api.${SNC_PRODUCT_NAME}.${BASE_DOMAIN}:6443
+retry ${OC} registry login -a ${INSTALL_DIR}/reg.json
+podman push --authfile ${INSTALL_DIR}/reg.json --tls-verify=false default-route-openshift-image-registry.apps-crc.testing/openshift-machine-config-operator/rhcos:latest
+cat << EOF > ${INSTALL_DIR}/custom-os-mc.yaml
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+metadata:
+  labels:
+    machineconfiguration.openshift.io/role: master
+  name: custom-image
+spec:
+  osImageURL: image-registry.openshift-image-registry.svc:5000/openshift-machine-config-operator/rhcos:latest
+EOF
+retry ${OC} apply -f ${INSTALL_DIR}/custom-os-mc.yaml
+sleep 60
+# Wait till machine config pool is updated correctly
+while retry ${OC} get mcp master -ojsonpath='{.status.conditions[?(@.type!="Updated")].status}' | grep True; do
+    echo "Machine config still in updating/degrading state"
+done
+
+export KUBECONFIG=${INSTALL_DIR}/auth/kubeconfig
 mc_before_removing_pullsecret=$(retry ${OC} get mc --sort-by=.metadata.creationTimestamp --no-headers -oname)
 # Replace pull secret with a null json string '{}'
 retry ${OC} replace -f pull-secret.yaml
@@ -273,3 +306,5 @@ ${SSH} core@api.${SNC_PRODUCT_NAME}.${BASE_DOMAIN} -- 'sudo crictl rmi --prune'
 
 # Remove the baremetal_runtimecfg container which is temp created
 ${SSH} core@api.${SNC_PRODUCT_NAME}.${BASE_DOMAIN} -- "sudo podman rm baremetal_runtimecfg"
+
+