-
Bug
-
Resolution: Unresolved
-
Major
-
6.18.0
Description of problem:
When provisioning using image and cloud-init, the userdata definition is too big (> 2K). We either need to use UserDataSecretRef to pass large definitions as we can't reduce the userdata under 2K.
How reproducible:
Always
Is this issue a regression from an earlier version: No
Steps to Reproduce:
1. Define an OCP-V compute resource
2. Define an image under the OCP-V CR and the OS of your choosing with userdata flag set.
3. Create a host under OCP-V, select image based provisioning
4. Save the host
Actual behavior:
Host is not created, and an exception is logged about userdata being too large
Expected behavior:
The host is created successfully
Additional information:
For a lengthy explanation about all the problems with our cloud-init templates, see SAT-41746.
To fix the problem at hand, the following information is important:
- KubeVirt (and GCE) impose a strict 2K limit on textual cloud-init configurations
- To subscribe a system to Satellite after provisioning, we need to provide the CA certificate the system should trust and that certificate alone is bigger than 2K
- While cloud-init can fetch the certificate over HTTP, that would be insecure (as the CA is yet unknown) while placing it in the cloud-init config directly is secure (as it's transferred over a secured channel)
- Instead of passing the cloud-init configuration in the userData field as text, we can provide a reference to a Kubernetes Secret in UserDataSecretRef (See the CloudInitNoCloudSource spec and Cloud-init UserData as k8s Secret), which would allow us to provide the template with an arbitrary size.