[release-4.18] snc: Add logic to create /Users top level directory for OCP

[openshift-cherrypick-robot]

This is an automated cherry-pick of #1047

/assign praveenkumar

Summary by Sourcery

Add logic to create /Users directory for OpenShift Container Platform (OCP) in single-node cluster setup

New Features:

• Create a custom RHCOS image with /Users directory and symlink for improved Mac compatibility

Enhancements:

• Modify the single-node cluster setup script to dynamically create /Users directory using a custom machine config

Chores:

• Remove previously used 99_master-create-users-symlink.yaml file

[sourcery-ai]

Reviewer's Guide by Sourcery

This pull request adds logic to create a /Users top-level directory and symlink it to /var/Users for OCP. This is achieved by building a custom RHCOS image and updating the MachineConfig for the master nodes. The pull request also removes the now-obsolete 99_master-create-users-symlink.yaml file.

Sequence diagram for creating /Users directory

sequenceDiagram
    participant SNC Script
    participant Podman
    participant OCP Registry
    participant OCP API
    participant Master Node

    SNC Script->>Podman: Build Containerfile from RHCOS Image
    Podman->>Podman: ln -sf var/Users /Users && mkdir /var/Users
    Podman->>OCP Registry: Push Custom Image
    SNC Script->>OCP API: Apply MachineConfig with custom image URL
    OCP API->>Master Node: Update MachineConfig
    Master Node->>Master Node: Create /Users directory and symlink

Loading

File-Level Changes

Change	Details	Files
Adds logic to create a /Users top-level directory and symlink it to /var/Users for OCP.	Adds a section to the snc.sh script to create a custom OS image with the /Users directory and symlink. Builds a container image based on the RHCOS image with the required directory structure. Pushes the container image to the OpenShift image registry. Creates a MachineConfig object to update the OS image URL for the master nodes. Waits for the MachineConfigPool to be updated. Removes the 99_master-create-users-symlink.yaml file.	snc.sh 99_master-create-users-symlink.yaml

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!
• Generate a plan of action for an issue: Comment @sourcery-ai plan on
  an issue to generate a plan of action for it.

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign praveenkumar for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

Hi @openshift-cherrypick-robot. Thanks for your PR.

I'm waiting for a crc-org member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[sourcery-ai]

Hey @openshift-cherrypick-robot - I've reviewed your changes and found some issues that need to be addressed.

Blocking issues:

• Hardcoded password found for kubeadmin user. (link)

Overall Comments:

• Consider extracting the custom-os image creation logic into a separate function for better readability.
• The added sleep 60 might be insufficient in some environments; consider using a more robust method to ensure the MachineConfig is applied before proceeding.

Here's what I looked at during the review

• 🟡 General issues: 1 issue found
• 🔴 Security: 1 blocking issue
• 🟢 Testing: all looks good
• 🟢 Complexity: all looks good
• 🟢 Documentation: all looks good

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[sourcery-ai]

suggestion (performance): Consider introducing a delay in the while loop to avoid busy looping.

Adding a short sleep (e.g., 'sleep 5') inside the loop could prevent high CPU usage during the waiting period if the machine config pool takes time to update.

Suggested change

	while retry ${OC} get mcp master -ojsonpath='{.status.conditions[?(@.type!="Updated")].status}' | grep True; do
	echo "Machine config still in updating/degrading state"
	done
	while retry ${OC} get mcp master -ojsonpath='{.status.conditions[?(@.type!="Updated")].status}' | grep True; do
	echo "Machine config still in updating/degrading state"
	sleep 5
	done

[sourcery-ai]

🚨 issue (security): Hardcoded password found for kubeadmin user.

The password for the kubeadmin user is being read directly from a file and used in a command. This is a security risk as the password could be exposed.

[praveenkumar]

/ok-to-test

[openshift-ci]

@openshift-cherrypick-robot: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-snc	66c3288	link	true	/test e2e-snc

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.