When working with the OpenShift assisted or agent installer, you may find yourself needing to access the underlying Red Hat Enterprise Linux CoreOS (RHCOS) components. Specifically, if you are building custom layers or debugging boot issues on ppc64le architecture, you need a way to programmatically identify and download the exact kernel and rootfs associated with a specific OpenShift release.
Some people have been hitting:
Jun 01 1:01:08 my.host.com node-image-pull.sh[6612]: layers already present: 51; layers needed: 2 (164.1 MB)
Jun 01 1:01:19 my.host.com node-image-pull.sh[6612]: error: Importing: Parsing layer blob sha256:xxxx: error: ostree-tar: Failed to handle file: ostree-tar: Failed to import file: Writing content object: min-free-space-percent '3%' would be exceeded, at least 45.4 MB requested: Processing tar: Failed to commit tar: ExitStatus(unix_wait_status(256))
This happens due to the additional node image pulled down during initial boot, and added to the RAM file system as a second layer.
Because RHCOS versions are tied to specific build IDs that aren’t always obvious from the version string alone, you have to “dig” into the image metadata.
Here is the step-by-step process to extract these artifacts.
Prerequisites
- Podman installed on your workstation.
- jq for parsing JSON output.
- A valid Red Hat pull secret.
Step 1: Identify the RHCOS Pull Spec
First, we need to find the current stable image for the target architecture. We can do this by querying the OpenShift mirror and filtering for the rhel-coreos image while excluding extensions and older versions.
# Fetch the pull spec for ppc64le on stable 4.21
RHEL_COREOS_PULLSPEC=$(curl -s
https://mirror.openshift.com/pub/openshift-v4/ppc64le/clients/ocp/stable-4.21/release.txt | grep
rhel-coreos | grep -v coreos-10 | grep -v rhel-coreos-extensions | awk '{print $2}')
echo $RHEL_COREOS_PULLSPEC
Step 2: Pull the Image
Once you have the pull spec, use podman to pull the image to your local machine. You will need to provide the path to your pull secret to authenticate with the registry.
podman pull --authfile=/path/to/your/pull-secret ${RHEL_COREOS_PULLSPEC}
Note the Image ID (SHA) returned after the pull; you’ll need this for the next step.
Step 3: Extract the Machine-OS Build ID
The critical piece of information—the DOWNLOAD_ID—is stored as a label within the container image itself. We can use podman inspect combined with jq to extract the io.openshift.build.versions label.
# Replace <IMAGE_ID> with your actual image SHA
IMAGE_ID="eeff15d6342fd..."
MACHINE_OS=$(podman inspect $IMAGE_ID | jq -r '.[].Labels."io.openshift.build.versions"')
# Parse the string (e.g., machine-os=9.6.20260608-0) to get only the ID
DOWNLOAD_ID="${MACHINE_OS#*=}"
echo "The Build ID is: $DOWNLOAD_ID"
Step 4: Download the OS Artifacts
Now that we have the DOWNLOAD_ID, we can construct the direct URLs to the RHCOS storage buckets. From here, you can download the live kernel, initramfs, and rootfs images needed for your installation process.
# Define the base URL for ppc64le
BASE_URL="https://rhcos.mirror.openshift.com/art/storage/prod/streams/rhel-9.6/builds/${DOWNLOAD_ID}/ppc64leBASE_URL="https://rhcos.mirror.openshift.com/art/storage/prod/streams/rhel-9.6/builds/${DOWNLOAD_ID}/ppc64le"
# Download the artifacts
curl -O ${BASE_URL}/rhcos-${DOWNLOAD_ID}-live-kernel.ppc64le
curl -O ${BASE_URL}/rhcos-${DOWNLOAD_ID}-live-initramfs.ppc64le.img
curl -O ${BASE_URL}/rhcos-${DOWNLOAD_ID}-live-rootfs.ppc64le.img
Summary
By pulling the RHCOS image and inspecting its labels, we can resolve the exact build ID required to fetch the raw boot artifacts. This is essential for anyone customizing the second layer of an assisted installer or performing low-level architecture validation on PowerPC systems.