Bug 1964591: Remove AI Agent image in case of service failure

This PR adds a handler for a failure scenario of `agent.service` which removes the `assisted-installer-agent` container image. This is a workaround for an issue where symlinks in `/var/lib/containers/` are corrupted. Deleting an image in `OnFailure` directive of the `agent.service` will cause the image to be pulled again the next time the service starts. Given its already configured restart policy, this workflow is already in place. Closes: OCPBUGSM-29583
openshift · May 26, 2021 · 4af1c9a · 4af1c9a
1 parent 443ebb7
commit 4af1c9a
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/internal/ignition/ignition.go b/internal/ignition/ignition.go
@@ -139,7 +139,12 @@ const discoveryIgnitionConfigFormat = `{
     "units": [{
       "name": "agent.service",
       "enabled": true,
-      "contents": "[Service]\nType=simple\nRestart=always\nRestartSec=3\nStartLimitInterval=0\nEnvironment=HTTP_PROXY={{.HTTPProxy}}\nEnvironment=http_proxy={{.HTTPProxy}}\nEnvironment=HTTPS_PROXY={{.HTTPSProxy}}\nEnvironment=https_proxy={{.HTTPSProxy}}\nEnvironment=NO_PROXY={{.NoProxy}}\nEnvironment=no_proxy={{.NoProxy}}{{if .PullSecretToken}}\nEnvironment=PULL_SECRET_TOKEN={{.PullSecretToken}}{{end}}\nTimeoutStartSec={{.AgentTimeoutStartSec}}\nExecStartPre=podman run --privileged --rm -v /usr/local/bin:/hostbin {{.AgentDockerImg}} cp /usr/bin/agent /hostbin\nExecStart=/usr/local/bin/agent --url {{.ServiceBaseURL}} --cluster-id {{.clusterId}} --agent-version {{.AgentDockerImg}} --insecure={{.SkipCertVerification}}  {{if .HostCACertPath}}--cacert {{.HostCACertPath}}{{end}}\n\n[Unit]\nWants=network-online.target\nAfter=network-online.target\n\n[Install]\nWantedBy=multi-user.target"
+      "contents": "[Service]\nType=simple\nRestart=always\nRestartSec=3\nStartLimitInterval=0\nEnvironment=HTTP_PROXY={{.HTTPProxy}}\nEnvironment=http_proxy={{.HTTPProxy}}\nEnvironment=HTTPS_PROXY={{.HTTPSProxy}}\nEnvironment=https_proxy={{.HTTPSProxy}}\nEnvironment=NO_PROXY={{.NoProxy}}\nEnvironment=no_proxy={{.NoProxy}}{{if .PullSecretToken}}\nEnvironment=PULL_SECRET_TOKEN={{.PullSecretToken}}{{end}}\nTimeoutStartSec={{.AgentTimeoutStartSec}}\nExecStartPre=podman run --privileged --rm -v /usr/local/bin:/hostbin {{.AgentDockerImg}} cp /usr/bin/agent /hostbin\nExecStart=/usr/local/bin/agent --url {{.ServiceBaseURL}} --cluster-id {{.clusterId}} --agent-version {{.AgentDockerImg}} --insecure={{.SkipCertVerification}}  {{if .HostCACertPath}}--cacert {{.HostCACertPath}}{{end}}\n\n[Unit]\nWants=network-online.target\nAfter=network-online.target\nOnFailure=agent-image-cleanup.service\n[Install]\nWantedBy=multi-user.target"
+    },
+    {
+      "name": "agent-image-cleanup.service",
+      "enabled": false,
+      "contents": "[Unit]\nDescription=Delete assisted-installer-agent image\n\n[Service]\nExecStart=podman rmi --force {{.AgentDockerImg}}"
     },
     {
         "name": "selinux.service",