Assisted Image Service
This service customizes and serves RHCOS images for the Assisted Installer Service.
It downloads a set of RHCOS images on startup based on config and responds to a single API endpoint to allow a user to download a customized image for use with assisted service.
Running the Image Service
Build the image and run it locally using podman
make build run
This will start the service running on port 8080 by default.
It will also bind-mount the data
and certs
local directories into the container root.
Running tests
skipper make test
Configuration
ALLOWED_DOMAINS
- When set, determines how the service responds to requests with Origin
headers
ASSISTED_SERVICE_HOST
- host or host:port to use to query assisted service for image information
ASSISTED_SERVICE_SCHEME
- protocol to use to query assisted service for image information
DATA_DIR
- Path at which to store downloaded RHCOS images.
HTTPS_CERT_FILE
- tls cert file path
HTTPS_KEY_FILE
- tls key file path
HTTP_LISTEN_PORT
- When set, plain http listener is started on that port
IMAGE_SERVICE_BASE_URL
- the base URL to use to query the image service
LISTEN_PORT
- Image Service listen port
LOG_LEVEL
- log level, such as "info" or "debug"; see logrus docs for a complete list
MAX_CONCURRENT_REQUESTS
- caps the number of inflight image downloads to avoid things like open file limits
RHCOS_VERSIONS
/OS_IMAGES
- JSON string indicating the supported versions and their required urls. OS_IMAGES
takes precedence.
Example OS_IMAGES
:
[
{
"openshift_version": "4.6",
"cpu_architecture": "x86_64",
"url": "https://mirror.openshift.com/pub/openshift-v4/x86_64/dependencies/rhcos/4.6/4.6.8/rhcos-4.6.8-x86_64-live.x86_64.iso",
"version": "46.82.202012051820-0"
},
{
"openshift_version": "4.7",
"cpu_architecture": "x86_64",
"url": "https://mirror.openshift.com/pub/openshift-v4/x86_64/dependencies/rhcos/4.7/4.7.33/rhcos-4.7.33-x86_64-live.x86_64.iso",
"version": "47.84.202109241831-0"
},
{
"openshift_version": "4.8",
"cpu_architecture": "x86_64",
"url": "https://mirror.openshift.com/pub/openshift-v4/x86_64/dependencies/rhcos/4.8/4.8.14/rhcos-4.8.14-x86_64-live.x86_64.iso",
"version": "48.84.202109241901-0"
}
]
API
None of these APIs should be considered stable for end-users of assisted
installer. Users should never construct URLs that match these APIs; instead
users should obtain an ISO URL from an InfraEnv resource, as provided by
assisted installer. These APIs represent a contract between
assisted-image-service and assisted installer only.
GET /byid/{image_id}/{version}/{arch}/{filename}
Downloads the RHCOS image for the specified image ID.
URL segments:
image_id
: ID for the image, usually the InfraEnv ID
version
: indicates the version of the RHCOS base image to use (must match an entry in RHCOS_VERSIONS
)
arch
: the base image cpu architecture (must match an entry in RHCOS_VERSIONS
)
filename
: full.iso
to download the ISO including the rootfs, minimal.iso
to download the ISO without the rootfs
GET /bytoken/{token}/{version}/{arch}/{filename}
Downloads the RHCOS image for the specified image ID.
URL segments:
token
: JWT whose payload containes either a sub
field or infra_env_id
field
version
: indicates the version of the RHCOS base image to use (must match an entry in RHCOS_VERSIONS
)
arch
: the base image cpu architecture (must match an entry in RHCOS_VERSIONS
)
filename
: full.iso
to download the ISO including the rootfs, minimal.iso
to download the ISO without the rootfs
GET /byapikey/{api_key}/{version}/{arch}/{filename}
Downloads the RHCOS image for the specified image ID.
URL segments:
api_key
: JWT whose payload containes either a sub
field or infra_env_id
field
version
: indicates the version of the RHCOS base image to use (must match an entry in RHCOS_VERSIONS
)
arch
: the base image cpu architecture (must match an entry in RHCOS_VERSIONS
)
filename
: full.iso
to download the ISO including the rootfs, minimal.iso
to download the ISO without the rootfs
Deprecated API
GET /images/{image_id}
Downloads the RHCOS image for the specified image ID.
Query parameters
version
: indicates the version of the RHCOS base image to use (must match an entry in RHCOS_VERSIONS
)
arch
: the base image cpu architecture (must match an entry in RHCOS_VERSIONS
)
type
: full-iso
to download the ISO including the rootfs, minimal-iso
to download the ISO without the rootfs
api_key
: the api token to pass through to the assisted service calls if local authentication is required
image_token
: the token to pass through to the Image-Token assisted service header if image pre-signed authentication is required
Authorization
: this header is passed directly through to assisted service requests to handle RHSSO authentication
GET /images/{image_id}/pxe-initrd
Downloads the RHCOS initrd with the ignition for the specified image appended.
Query parameters
version
: indicates the version of the RHCOS base image to use (must match an entry in RHCOS_VERSIONS
)
arch
: the base image cpu architecture (must match an entry in RHCOS_VERSIONS
)
api_key
: the api token to pass through to the assisted service calls if local authentication is required
image_token
: the token to pass through to the Image-Token assisted service header if image pre-signed authentication is required
Authorization
: this header is passed directly through to assisted service requests to handle RHSSO authentication
GET /boot-artifacts/{artifact}
Downloads the artifact specified from the ISO.
Query parameters
version
: indicates the version of the RHCOS base image to use (must match an entry in RHCOS_VERSIONS
)
arch
: the base image cpu architecture (must match an entry in RHCOS_VERSIONS
)
GET /health
Returns 503 until the images are downloaded
Returns 200 if the service is ready to respond to requests
GET /live
Returns 200 if the service is running
GET /metrics
Prometheus metrics scraping endpoint
Authentication
Authentication tokens are accepted in various ways to support different deployment models and assisted service authentication backends
The following table shows how each authentication input is translated when making calls to assisted service
Image Service |
Assisted Service |
api_key query parameter |
api_key query parameter |
image_token query parameter |
Image-Token header |
Authorization header |
Authorization header |