OCPBUGS-63472: detect manual network config and set --copy-network installer arg

cmd/openshift-install/internal_integration_test.go

@@ -133,17 +133,18 @@ func runIntegrationTest(t *testing.T, testFolder string) {
 		},
 
 		Cmds: map[string]func(*testscript.TestScript, bool, []string){
-			"isocmp":                  tshelpers.IsoCmp,
-			"ignitionImgContains":     tshelpers.IgnitionImgContains,
-			"configImgContains":       tshelpers.ConfigImgContains,
-			"initrdImgContains":       tshelpers.InitrdImgContains,
-			"unconfiguredIgnContains": tshelpers.UnconfiguredIgnContains,
-			"unconfiguredIgnCmp":      tshelpers.UnconfiguredIgnCmp,
-			"expandFile":              tshelpers.ExpandFile,
-			"isoContains":             tshelpers.IsoContains,
-			"isoIgnitionContains":     tshelpers.IsoIgnitionContains,
-			"isoSizeMin":              tshelpers.IsoSizeMin,
-			"isoSizeMax":              tshelpers.IsoSizeMax,
+			"isocmp":                     tshelpers.IsoCmp,
+			"ignitionImgContains":        tshelpers.IgnitionImgContains,
+			"configImgContains":          tshelpers.ConfigImgContains,
+			"initrdImgContains":          tshelpers.InitrdImgContains,
+			"unconfiguredIgnContains":    tshelpers.UnconfiguredIgnContains,
+			"unconfiguredIgnCmp":         tshelpers.UnconfiguredIgnCmp,
+			"expandFile":                 tshelpers.ExpandFile,
+			"isoContains":                tshelpers.IsoContains,
+			"isoIgnitionContains":        tshelpers.IsoIgnitionContains,
+			"isoIgnitionSystemdContains": tshelpers.IsoIgnitionSystemdContains,
+			"isoSizeMin":                 tshelpers.IsoSizeMin,
+			"isoSizeMax":                 tshelpers.IsoSizeMax,
 		},
 	})
 }

cmd/openshift-install/testdata/agent/image/assets/default_assets.txt

@@ -9,6 +9,34 @@ initrdImgContains agent.x86_64.iso /agent-files/agent-tui
 initrdImgContains agent.x86_64.iso /agent-files/libnmstate.so.*
 initrdImgContains agent.x86_64.iso /usr/lib/dracut/hooks/pre-pivot/99-agent-copy-files.sh
 
+# Verify all systemd units from getDefaultEnabledServices() are present in the ignition config
+isoIgnitionSystemdContains agent.x86_64.iso agent-extract-tui.service
+isoIgnitionSystemdContains agent.x86_64.iso agent-import-cluster.service
+isoIgnitionSystemdContains agent.x86_64.iso agent-interactive-console-serial@.service
+isoIgnitionSystemdContains agent.x86_64.iso agent-interactive-console.service
+isoIgnitionSystemdContains agent.x86_64.iso agent-register-cluster.service
+isoIgnitionSystemdContains agent.x86_64.iso agent-register-infraenv.service
+isoIgnitionSystemdContains agent.x86_64.iso agent-set-host-copy-network-arg.service
+isoIgnitionSystemdContains agent.x86_64.iso agent-ui.service
+isoIgnitionSystemdContains agent.x86_64.iso agent.service
+isoIgnitionSystemdContains agent.x86_64.iso assisted-service-db.service
+isoIgnitionSystemdContains agent.x86_64.iso assisted-service-pod.service
+isoIgnitionSystemdContains agent.x86_64.iso assisted-service.service
+isoIgnitionSystemdContains agent.x86_64.iso install-status.service
+isoIgnitionSystemdContains agent.x86_64.iso iscsiadm.service
+isoIgnitionSystemdContains agent.x86_64.iso iscsistart.service
+# multipathd.service is listed in getDefaultEnabledServices() but has no unit file
+# in data/data/agent/systemd/units/, so AddSystemdUnits never adds it to the ignition
+# config. It relies on RHCOS presets to be enabled and cannot be verified this way.
+# isoIgnitionSystemdContains agent.x86_64.iso multipathd.service
+isoIgnitionSystemdContains agent.x86_64.iso node-zero.service
+isoIgnitionSystemdContains agent.x86_64.iso oci-eval-user-data.service
+isoIgnitionSystemdContains agent.x86_64.iso selinux.service
+isoIgnitionSystemdContains agent.x86_64.iso set-hostname.service
+
+# Verify that the script for persisting manual network config is included
+isoIgnitionContains agent.x86_64.iso /usr/local/bin/agent-set-host-copy-network-arg.sh
+
 -- install-config.yaml --
 apiVersion: v1
 baseDomain: test.metalkube.org

data/data/agent/files/usr/local/bin/agent-set-host-copy-network-arg.sh

@@ -0,0 +1,83 @@
+#!/bin/bash
+set -euo pipefail
+
+# shellcheck disable=SC1091
+source "common.sh"
+
+NM_CONNECTIONS_DIR="/etc/NetworkManager/system-connections"
+
+# Check for manually-created keyfiles, excluding those auto-generated by nm-initrd-generator.
+# nm-initrd-generator creates keyfiles for DHCP during boot; these should not trigger
+# --copy-network since they were not manually configured by the user.
+# We additionally filter by the presence of a [connection] section to ensure we only
+# act on valid NM keyfiles. NetworkManager may leave stray files (e.g. empty temp files)
+# in the directory that lack the nm-initrd-generator marker but are not valid connections.
+manual_keyfiles=$(find "$NM_CONNECTIONS_DIR" -maxdepth 1 -type f -print0 2>/dev/null | \
+    xargs -r -0 grep -lZ "^\\[connection\\]" 2>/dev/null | \
+    xargs -r -0 grep -LZ "org.freedesktop.NetworkManager.origin=nm-initrd-generator" 2>/dev/null | \
+    tr '\0' '\n' || true)
+
+if [ -z "$manual_keyfiles" ]; then
+    echo "No manually-created network keyfiles found in $NM_CONNECTIONS_DIR, skipping"
+    exit 0
+fi
+
+echo "Found manually-created network keyfiles in $NM_CONNECTIONS_DIR, will set --copy-network for this host"
+echo "$manual_keyfiles"
+
+# Query INFRA_ENV_ID dynamically from the API on all nodes - this avoids relying on
+# rendezvous-host.env which only has INFRA_ENV_ID on the rendezvous node.
+# Retry indefinitely until the API is available and the infra-env is registered.
+INFRA_ENV_ID=""
+until [ -n "$INFRA_ENV_ID" ] && [ "$INFRA_ENV_ID" != "null" ]; do
+    INFRA_ENV_ID=$(curl_assisted_service "/infra-envs" GET 2>/dev/null | jq -r '.[0].id' 2>/dev/null) || true
+    if [ -z "$INFRA_ENV_ID" ] || [ "$INFRA_ENV_ID" = "null" ]; then
+        echo "Waiting for assisted-service and infra-env to be available..."
+        sleep 5
+    fi
+done
+echo "Got INFRA_ENV_ID: $INFRA_ENV_ID"
+
+# Get local MAC addresses (lowercase, skip loopback). These are used to match
+# this host against the inventory reported by the agent to assisted-service,
+# since assisted-service identifies hosts by their interface MAC addresses.
+local_macs=$(ip link show | awk '/link\/ether/{print tolower($2)}')
+if [ -z "$local_macs" ]; then
+    echo "ERROR: No ethernet interfaces found, cannot identify host in assisted-service"
+    exit 1
+fi
+
+# Poll until this host appears in assisted-service (agent.service has registered it,
+# but it may take a moment before the host is visible in the API)
+host_id=""
+until [ -n "$host_id" ]; do
+    for mac in $local_macs; do
+        host_id=$(curl_assisted_service "/infra-envs/${INFRA_ENV_ID}/hosts" GET 2>/dev/null | \
+            jq -r --arg mac "$mac" '
+                .[] |
+                select(.inventory != null and .inventory != "") |
+                select(
+                    .inventory | fromjson | .interfaces // [] |
+                    map(.mac_address | ascii_downcase) |
+                    index($mac) != null
+                ) |
+                .id
+            ' 2>/dev/null | head -1) || true
+        [ -n "$host_id" ] && break
+    done
+
+    if [ -z "$host_id" ]; then
+        echo "Host not yet found in assisted-service, retrying..."
+        sleep 5
+    fi
+done
+
+echo "Setting --copy-network installer arg for host ${host_id}"
+http_code=$(curl_assisted_service "/infra-envs/${INFRA_ENV_ID}/hosts/${host_id}/installer-args" PATCH \
+    --data '{"args":["--copy-network"]}' \
+    -o /dev/null -w "%{http_code}")
+if [[ "$http_code" != "201" ]]; then
+    echo "ERROR: Failed to set --copy-network for host ${host_id}, HTTP status: ${http_code}"
+    exit 1
+fi
+echo "Successfully set --copy-network for host ${host_id}"

data/data/agent/systemd/units/agent-set-host-copy-network-arg.service

@@ -0,0 +1,13 @@
+[Unit]
+Description=Set --copy-network installer arg if manual network config was detected
+After=agent.service
+Before=start-cluster-installation.service agent-add-node.service
+
+[Service]
+Type=oneshot
+RemainAfterExit=true
+EnvironmentFile=/etc/assisted/rendezvous-host.env
+ExecStart=/usr/local/bin/agent-set-host-copy-network-arg.sh
+
+[Install]
+WantedBy=multi-user.target

docs/user/agent/agent-services.md

@@ -21,6 +21,7 @@ step is required because the agent-tui and nmstate libraries are too big to fit
 * agent-register-infraenv - reads the ZTP manifests located at /etc/assisted/manifests and registers the infraenv
 * install-status - determines the current install status and writes it out to /etc/issue.d/
 * apply-host-config - applies root device hints and roles specified in agent-config.yaml
+* agent-set-host-copy-network-arg - detects manually-created NetworkManager keyfiles in /etc/NetworkManager/system-connections and sets the --copy-network installer arg for the current host via the assisted-service REST-API, ensuring that network configuration created via the agent-tui persists into the installed OS
 * start-cluster-installation - calls assisted-service REST-API to start cluster installation when all hosts are in ready state and have passed validations
 * iscsistart - calls the iscsistart utility which allows an iSCSI session to be started for booting off an iSCSI target
 * iscsiadm - calls the iscsiadm utility that will start iscsid to manage the iSCSI session needed to install the final rhcos image