-
Story
-
Resolution: Done
-
Major
-
None
-
None
-
BU Product Work
-
3
-
False
-
-
False
-
OCPSTRAT-713 - Add Authentication to internal Components of Agent Installer
-
-
-
3
-
Installer Sprint 257
User Story:
As an ABI user responsible for day-2 operations, I want to be able to:
- Verify the Status of the Authentication Token:
- Quickly and easily check whether the authentication token used for booting up nodes with node.iso is currently valid or has expired.
- Receive Guidance on Expired Tokens:
- If the authentication token has expired, receive clear and actionable instructions on the necessary steps to renew or replace the token. This includes understanding how to generate a new token by running the add-nodes command to create a new node ISO.
-
- Display a status message on the boot-up screen where other status messages are shown. The message could be:
- The auth token is expired. Re-run the add-nodes command to generate a new node ISO and boot it up to continue.
- The auth token is valid up to AGENT_AUTH_TOKEN_EXPIRY
- Display a status message on the boot-up screen where other status messages are shown. The message could be:
so that I can
- effectively manage the authentication aspect of booting up nodes using node.iso, ensuring that all operations run smoothly and securely. This will provide a clear path for corrective actions in the event of authentication issues.
Additional Details:
A new systemd service will be introduced to check and display the status of the authentication token—whether it is valid or expired. This service will run immediately after the agent-interactive-console systemd service. If the authentication token is expired, cluster installation or adding new nodes will be halted until a new node ISO is generated.
Acceptance Criteria:
Description of criteria:
- A new systemd service
- Point 1
- Point 2
- Point 3
(optional) Out of Scope:
Detail about what is specifically not being delivered in the story
Engineering Details:
- (optional) https://github/com/link.to.enhancement/
- (optional) https://issues.redhat.com/link.to.spike
- Engineering detail 1
- Engineering detail 2
This requires/does not require a design proposal.
This requires/does not require a feature gate.