METAL-1730: Pass IMAGE_SHARED_DIR to image-customization-controller

[honza]

Set the IMAGE_SHARED_DIR environment variable on the ICC container so it scans the shared image directory for stream-versioned files beyond the base DEPLOY_ISO/INITRD/KERNEL paths. This enables discovery of multi-stream CoreOS images (e.g., ironic-python-agent-rhel-9.iso, ironic-python-agent-rhel-10.iso).

How it works

The coreos.openshift.io/stream label on a BareMetalHost determines
which kernel, initrd, and rootfs files are used during PXE boot. For
example, a BMH labeled coreos.openshift.io/stream: rhel-10 will PXE
boot with ironic-python-agent-rhel-10.kernel,
ironic-python-agent-rhel-10.initramfs, and
ironic-python-agent-rhel-10.rootfs instead of the unqualified defaults.

The per-node coreos.live.rootfs_url kernel parameter set via ICC's
ExtraKernelParams overrides the global one from ironic-image because
dracut's getarg returns the last value for duplicate parameters.

Changes across repos

installer (openshift/installer#10502)
— pkg/asset/machines/baremetal/: Sets the coreos.openshift.io/stream
label on all generated BareMetalHost objects (control-plane, worker,
arbiter) based on the install-config's OSImageStream setting, defaulting
to rhel-9. Configures hostSelector.matchLabels on
BareMetalMachineProviderSpec so MachineSets only claim BMHs with the
matching stream label.

cluster-baremetal-operator (openshift/cluster-baremetal-operator#590)
— provisioning/image_customization.go: Passes three new environment
variables to the ICC container: DEPLOY_KERNEL (path to the kernel file),
IMAGE_SHARED_DIR (path to the shared images directory where
stream-prefixed files are discovered), and IRONIC_ROOTFS_URL (base URL
for the rootfs served by httpd). These enable ICC to discover multi-stream
images and construct per-node kernel/rootfs URLs.

machine-os-images (openshift/machine-os-images#83)
— scripts/copy-metal: Creates stream-prefixed IPA symlinks (e.g.
ironic-python-agent-rhel-9.iso, ironic-python-agent-rhel-10.kernel)
for all available CoreOS versions, allowing ICC to discover images by
stream. Also fixes missing initramfs symlinks in the fixed=true (PXE)
block — without these, a stream-specific kernel would be paired with the
default-stream initrd, causing a version mismatch that crashes immediately
on PXE boot.

image-customization-controller (openshift/image-customization-controller#175)
— pkg/imagehandler/, pkg/imageprovider/rhcos.go: Adds OS stream
selection so ICC can serve different CoreOS base images based on the
coreos.openshift.io/stream label. Images are indexed by (stream,
architecture) and discovered from stream-prefixed filenames. Key changes:

• streamArchSpecificURL() transforms the base rootfs URL into a stream-
  and arch-specific URL
• BuildImage() passes the stream to ServeKernel() and uses the
  stream-specific rootfs URL in ExtraKernelParams
• imageKey() includes the stream in the cache key so that changing a
  BMH's stream label invalidates the cached image

[coderabbitai]

Walkthrough

A new environment variable IMAGE_SHARED_DIR is added to the image customization container configuration with the value "/shared/html/images". The implementation introduces a constant and passes this variable to the container spec, while test cases are updated to expect this variable across all test scenarios.

Changes

Cohort / File(s)	Summary
Image Customization Configuration provisioning/image_customization.go	Introduced constant imageSharedDirEnvVar and added IMAGE_SHARED_DIR environment variable to the image customization container spec.
Image Customization Tests provisioning/image_customization_test.go	Updated all test container instances to expect the new IMAGE_SHARED_DIR environment variable in assertions.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~5 minutes

🚥 Pre-merge checks | ✅ 9 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (9 passed)

Check name	Status	Explanation
Stable And Deterministic Test Names	✅ Passed	Test files contain stable and deterministic test names with no dynamic values, runtime-specific identifiers, or non-deterministic content.
Test Structure And Quality	✅ Passed	The pull request does not include Ginkgo test code, so the custom check is not applicable. The PR makes straightforward maintenance updates to test cases using standard Go testing patterns.
Microshift Test Compatibility	✅ Passed	This PR does not add any new Ginkgo e2e tests. Changes are limited to unit test modifications in image_customization_test.go.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	The pull request does not add any Ginkgo e2e tests. Changed files contain only standard Go unit tests and Kubernetes configuration code.
Topology-Aware Scheduling Compatibility	✅ Passed	PR adds only an environment variable to an existing controller container; no deployment manifests, pod specs, or scheduling constraints are modified.
Ote Binary Stdout Contract	✅ Passed	The pull request only modifies environment variable configuration for the image-customization-controller container by adding the IMAGE_SHARED_DIR environment variable. No stdout-writing operations are introduced at the process level.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	PR does not add new Ginkgo e2e tests; only updates unit test assertions for environment variable configuration.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately and specifically describes the main change: adding the IMAGE_SHARED_DIR environment variable to the image-customization-controller, which aligns with the actual code modifications across both the main implementation and test files.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: honza

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [honza]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci-robot]

@honza: This pull request references METAL-1730 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "5.0.0" version, but no target version was set.

Details

In response to this:

Set the IMAGE_SHARED_DIR environment variable on the ICC container so it scans the shared image directory for stream-versioned files beyond the base DEPLOY_ISO/INITRD/KERNEL paths. This enables discovery of multi-stream CoreOS images (e.g., ironic-python-agent-rhel-9.iso, ironic-python-agent-rhel-10.iso).

How it works

The coreos.openshift.io/stream label on a BareMetalHost determines
which kernel, initrd, and rootfs files are used during PXE boot. For
example, a BMH labeled coreos.openshift.io/stream: rhel-10 will PXE
boot with ironic-python-agent-rhel-10.kernel,
ironic-python-agent-rhel-10.initramfs, and
ironic-python-agent-rhel-10.rootfs instead of the unqualified defaults.

The per-node coreos.live.rootfs_url kernel parameter set via ICC's
ExtraKernelParams overrides the global one from ironic-image because
dracut's getarg returns the last value for duplicate parameters.

Changes across repos

installer (openshift/installer#10502)
— pkg/asset/machines/baremetal/: Sets the coreos.openshift.io/stream
label on all generated BareMetalHost objects (control-plane, worker,
arbiter) based on the install-config's OSImageStream setting, defaulting
to rhel-9. Configures hostSelector.matchLabels on
BareMetalMachineProviderSpec so MachineSets only claim BMHs with the
matching stream label.

cluster-baremetal-operator (openshift/cluster-baremetal-operator#590)
— provisioning/image_customization.go: Passes three new environment
variables to the ICC container: DEPLOY_KERNEL (path to the kernel file),
IMAGE_SHARED_DIR (path to the shared images directory where
stream-prefixed files are discovered), and IRONIC_ROOTFS_URL (base URL
for the rootfs served by httpd). These enable ICC to discover multi-stream
images and construct per-node kernel/rootfs URLs.

machine-os-images (openshift/machine-os-images#83)
— scripts/copy-metal: Creates stream-prefixed IPA symlinks (e.g.
ironic-python-agent-rhel-9.iso, ironic-python-agent-rhel-10.kernel)
for all available CoreOS versions, allowing ICC to discover images by
stream. Also fixes missing initramfs symlinks in the fixed=true (PXE)
block — without these, a stream-specific kernel would be paired with the
default-stream initrd, causing a version mismatch that crashes immediately
on PXE boot.

image-customization-controller (openshift/image-customization-controller#175)
— pkg/imagehandler/, pkg/imageprovider/rhcos.go: Adds OS stream
selection so ICC can serve different CoreOS base images based on the
coreos.openshift.io/stream label. Images are indexed by (stream,
architecture) and discovered from stream-prefixed filenames. Key changes:

• streamArchSpecificURL() transforms the base rootfs URL into a stream-
  and arch-specific URL
• BuildImage() passes the stream to ServeKernel() and uses the
  stream-specific rootfs URL in ExtraKernelParams
• imageKey() includes the stream in the cache key so that changing a
  BMH's stream label invalidates the cached image

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[honza]

/retest-required

[dtantsur]

/lgtm
/retest-required

[sgoveas]

/verified by sgoveas link

[openshift-ci-robot]

@sgoveas: This PR has been marked as verified by sgoveas [link](https://redhat.atlassian.net/browse/METAL-1604?focusedCommentId=17027031).

Details

In response to this:

/verified by sgoveas link

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-merge-bot]

/retest-required

Remaining retests: 0 against base HEAD c81a51f and 2 for PR HEAD 2a6efa8 in total

[openshift-merge-bot]

/retest-required

Remaining retests: 0 against base HEAD 6a7e66f and 1 for PR HEAD 2a6efa8 in total

[honza]

/retest-required

[honza]

/retest-required

[honza]

/retest-required

[honza]

/retest-required

[honza]

/retest-required

[honza]

/test e2e-metal-ipi-serial-ipv4

[openshift-ci]

@honza: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-metal-ipi-serial-ipv4	2a6efa8	link	true	/test e2e-metal-ipi-serial-ipv4

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[honza]

/hold

[honza]

Blocked by openshift/installer#10571