Commit Graph

1853 Commits

Author SHA1 Message Date
Shivanand Tendulker
f0315b4ed4 Fix to load only signed kernel in UEFI secure boot
This fix prevents loading of unsigned ubuntu kernel in UEFI secure
boot environment when image is created using 'iso' element.

'iso' element uses 'linux' and 'initrd' modules of grub2 to load
kernel and initrd respectively. The grub2 implementation of Ubuntu
can load unsigned kernel when these modules are used.

Ubuntu has Grub2 modules 'linuxefi' and 'initrdefi' which exits
boot process if unsigned kernel is used in UEFI secure boot mode.
The 'iso' element should use these modules in grub.cfg to prevent
loading of unsigned kernel when node is booted in the UEFI secure
boot environment.

'linuxefi' and 'initrdefi' works seamlessly when node is booted in
normal UEFI boot mode (non-secure).

Fedora do not have this issue. This fix has been tested in Fedora
environment. It works fine.

Closes-Bug: 1443114
Change-Id: If256ba1f7d7c149482d0f37fabcdfa8ed22e3f91
2015-04-13 13:20:12 +00:00
Shivanand Tendulker
06e3d7c767 Add element ubuntu-signed to provide signed kernel
ubuntu-signed element would install 'linux-signed-image-generic' that
provides signed kernel that can be used for deploy in UEFI secure boot mode.

Package 'linux-signed-image-generic' ships signed kernel with extension
'.efi.signed' (Ex. '/boot/vmlinuz-3.13.0-49-generic.efi.signed').

The kernel modules directory for signed kernel and unsigned kernel is same.
It is without 'efi.signed' extension to its name. This is different from normal
practice of directory naming in '/lib/modules' (Ex. For signed kernel
'vmlinuz-3.13.0-49-generic.efi.signed', modules directory is
'/lib/modules/3.13.0-49-generic').
This needed some changes in '/lib/ramdisk-functions' and 'ramdisk' element to
copy kernel modules.

The signed kernel package contains both signed and unsigned kernel. The
unsiged kernel is without extension '.efi.signed' (Ex.
'/boot/vmlinuz-3.13.0-49-generic'). This required change into
'/lib/img-functions' and 'baremetal' element to pick up signed kernel version
when this element is used.

Closes-Bug: 1443076
Change-Id: I60061cbea847b47fa752b9463cfd387e8e7f0635
2015-04-12 11:36:17 -07:00
Gregory Haynes
d98e6dcff9 Update install docs to be more user friendly
Our install docs are out of date and not very user friendly. Lets fix
that.

Change-Id: Idaff33096bf32865020b85ee776abd6691ac45ad
2015-04-12 16:08:47 +00:00
Derek Higgins
51ff3bab65 Switch default Fedora image to F21
Fedora 21 was release 4 months ago, we should switch to use it as default
before it goes EOL.

Change-Id: I72686911cc21aeb75d61430878dd36c54edb6904
2015-04-10 16:22:18 +01:00
Jenkins
65ad6377a6 Merge "No markdown docs for elements" 2015-04-09 13:59:32 +00:00
Jenkins
703313fb18 Merge "Correctly handle raw type ordering" 2015-04-08 21:28:02 +00:00
Jenkins
866298ceb9 Merge "Export image properties" 2015-04-08 21:11:02 +00:00
Ben Nemec
9c27fae1e4 Clean up targetcli ramdisk installation
The targetcli element was triggering a bunch of errors from dracut
when we installed all of Python.  It turns out this is because there
were filenames with spaces in the find output and the loop didn't
handle that properly.  This switches to a while loop that can
handle odd filenames.

Change-Id: Iacbf16f26f2bc9991840250dc8ae7990db54d811
2015-04-08 15:26:06 -05:00
Ben Nemec
ffe825113e Make troubleshoot work with dracut ramdisks
Currently, calling the troubleshoot function in a ramdisk script
doesn't work as expected on dracut ramdisks.  This adds an alternate
troubleshoot implementation that will behave as intended.

I did not make it conditional on a kernel param as was done in the
original because dracut can behave strangely if you allow it to
continue after an error.  Always dropping to a shell immediately
should be less confusing.

Change-Id: I98000f4ac6d7890b1f44fe4d10394ac0ea332fcb
2015-04-08 12:54:32 -05:00
Pino Toscano
8d19032a4a Do not export REG_HALT_UNREGISTER between hook scripts
Do not rely on environment changes (like exporting REG_HALT_UNREGISTER)
to persist between different hooks run. This helps when the hooks are
run in different new environments every time.

Instead, in 99-unregister redo the same checks on REG_METHOD as done in
00-rhel-registration, still respecting REG_HALT_UNREGISTER in case the
user does not want to unregister the image generated.

Change-Id: Id594dcd72334f38a2fa96da21206da77a83d7a1a
Closes-Bug: #1434431
2015-04-08 09:28:47 +02:00
Gregory Haynes
031a7b03be Add generic devuser element
The devuser element is useful for configuring a generic utility user for
the built images.

Change-Id: Ifd9dcf3ba88d7abc98b1e44a93f6d9a6b4e764dd
2015-04-08 07:01:24 +00:00
Gregory Haynes
954b9de79b Update cloud-init-datasources README
Updating the README for this element to follow our new environment
variables convention.

Change-Id: I9cf21bd063ea2bfbea7244656af8f3d0e79f20b1
2015-04-08 06:57:44 +00:00
Gregory Haynes
8111fc40aa Improved apt-sources README
Cleaning up the apt-sources README to be easier to consume. Also
removing some tripleo references from the README.

Change-Id: I6937fd5cd51288b36890dde214701bcef1d61381
2015-04-07 23:05:38 +00:00
Ben Nemec
952915f25e Don't trace RHEL Registration scripts
We don't want to trace the RHEL registration scripts because that
is likely to log things like passwords and activation keys.  To
still allow for debugging failed runs, add sanitized logging of
the arguments passed to the registration commands, since that is
the part of the process where problems are most likely to manifest.

Change-Id: I0f661e9c152f43b814fda61211bd56ba93e3b9dc
2015-04-07 10:33:33 -05:00
Haomeng, Wang
cc9870ec11 Try 5 times for rmdir command call after umount
Sometime, we will get "Device or resource busy" during the mount point
deleting, umount return 0, but the resouce is busy for a while, so need
to add sleep interval to wait resource free, then we can delete it.
Change-Id: Idaa219d12e847824960eec8907739add5d619d1a
Closes-Bug: 1332521
2015-04-07 02:01:29 +00:00
Cédric Ollivier
3deb171a7a Generate the default en_US locale
The default locale set by cloud-init is now generated to prevent the
warning printed when the user is logged in.

Closes-Bug: 1440728
Change-Id: I2faff6c9d3ab8bb5f66d58e77bcf37f186bf501d
2015-04-06 15:31:04 +02:00
Jenkins
7917e7416b Merge "Create a user guide" 2015-04-05 00:32:40 +00:00
Gregory Haynes
cc308464c6 No markdown docs for elements
Sphinx does not support markdown, therefore all our element docs should
not be in this format.

Change-Id: I6fceb5c2c218e94a463f13d6d9050aea485e6c31
2015-04-02 23:55:19 +00:00
Jenkins
2888318eab Merge "Report status of boot loader installation to Ironic" 2015-04-02 13:07:40 +00:00
Pino Toscano
f7aefb1498 Create the dracut directory if not existing already
Make sure that the target directory for 50targetcli exists already, in
case there is no dracut installed at extra-data.d run time.

Change-Id: I85ade9e85e823b7564a5839c8b6181548a15ad41
2015-04-02 15:07:33 +02:00
Jenkins
a15ab7d732 Merge "Reorder tox environments" 2015-04-01 23:20:25 +00:00
Jenkins
5f0f296f58 Merge "Refactor deploy ramdisk to allow use of targetcli" 2015-04-01 21:20:59 +00:00
Jenkins
6446b2eebf Merge "Split dib-init-system into its own element" 2015-04-01 20:35:04 +00:00
Gregory Haynes
d9bcde8a4d Export image properties
Some elements (such as the manifests element) want to use these
variables. We currently do not consistently export them (IMAGE_NAME is
only exported if you actually specify a name).

Change-Id: I43d17ddcdd7d0ff3cbb4c530caeebb8da915f4ef
2015-04-01 20:33:17 +00:00
Gregory Haynes
7347577784 Correctly handle raw type ordering
We need to run raw outputting last, and were incorrectly detecting that
image type.

Change-Id: Idfbe46c34e783046b940d3eb28c846a0cf9ac0a6
2015-04-01 20:28:44 +00:00
Gregory Haynes
360033027f Create a user guide
Our docs are very developer focused. Lets create a separate user guide
to help new users get started.

Change-Id: I8a03920e6d3306dd0405177875ea55ccb4b40fea
2015-04-01 19:51:08 +00:00
Jenkins
88309de96b Merge "Handle non-cloud-init installs" 2015-04-01 04:01:39 +00:00
Jenkins
de0c663a1c Merge "Use find instead of ls" 2015-03-31 20:18:15 +00:00
Jenkins
4070d6b81c Merge "Short circuit qemu-img convert for raw images" 2015-03-31 20:17:39 +00:00
Jenkins
64d2b3647e Merge "Run udevadm settle after kpartx -l" 2015-03-31 20:17:03 +00:00
Jenkins
60bafe6d93 Merge "Fedora: install redhat-rpm-config" 2015-03-31 19:55:41 +00:00
Ramakrishnan G
9fb2d14cf1 Report status of boot loader installation to Ironic
This commit changes the 80-deploy-ironic script of
deploy-ironic element to report back the status of
boot loader install (when boot_option == "local")
using a newly introduced vendorpassthru.

Closes-Bug: 1422723
Change-Id: I9c1d8643be7cb9e273d65ddd791715a5c271fd93
2015-03-31 16:41:24 +00:00
Jenkins
d0190658f6 Merge "Run svc-map tests" 2015-03-31 12:46:03 +00:00
Derek Higgins
5671a38e8e Fix dhclient in Fedora ramdisks
Copy all of the necessary parts for a Fedora based dhclient to work. This
includes a number of network scripts. Also grab the ip command supplied by
the iproute package, the busybox "ip addr" command was missing the valid_lft
and preferred_lft options.

This will allow the dhcp to work in the ramdisk instead of getting passed the
PXE net config.

Related-Bug: #1417026
Change-Id: I8feee9a740855dab7b47162c5727bf91db77fcc6
2015-03-31 12:27:40 +01:00
Pino Toscano
516e3ae7d6 Use find instead of ls
The listing of *-$INSTALL_TYPE-install files currently uses ls, which
errors out when the glob matches no files, thus using true to not fail
it.
Instead, use find to collect the file list, so there is no need to
ignore the command errors.

Change-Id: Ic6888106858df320a1c90a84f1b9ec74d436b9e6
2015-03-31 13:24:29 +02:00
Ben Nemec
7f974d4b85 Reorder tox environments
If py34 is run after py2x, it results in a "db type could not be
determined" error.  The only current way to avoid that is to run
py34 first.

Change-Id: Id81e127e71ecd04a2ed16ab899d6fbf0d15bfee3
2015-03-30 20:57:34 +00:00
Gregory Haynes
4fbad49972 Add py34 to tox
We gate on py34, so we shoudl add it to our tox config.

Change-Id: I0d21cdd47841af8d05df7b36b2302f13bda3367b
2015-03-29 04:28:11 +00:00
Gregory Haynes
89dd01e4a0 Run svc-map tests
We currently do not run these tests and they also fail.

Change-Id: I60c8cbd9495b52fb8b4c848549822a05f921664f
2015-03-29 04:11:41 +00:00
Ethan Gafford
199196e399 Open MKFS_OPTS for extension in disk-image-create
At present, MKFS_OPTS is closed for modification. The ability
to extend the set of MKFS_OPTS adds a great deal of power for
knowledgeable end-users. (And in some specific circumstances,
it is vital to success, as in the case of building RHEL/CentOS
6 images from RHEL/CentOS 7 hosts, in which case -O ^64bit is
required in order for the image to boot.)

Change-Id: I714e86a5a413779e63f598fbbb5a79d23cf6d8c3
2015-03-26 14:36:08 -04:00
Gregory Haynes
2d79e9d395 Short circuit qemu-img convert for raw images
We currently use qemu-img convert with a raw source and dest when
building raw images. We can just mv the file for increased speed.

Change-Id: I3da095cb9ecad7224a121a434a9fb204132bf6df
2015-03-25 22:50:42 +00:00
Mathieu Gagné
34a196b8e7 Download of translations not properly disabled in APT
The wrong APT config name is used to disable download of translations.
It's Acquire::Languages, not APT::Acquire::Languages.

Change-Id: Ie0c12d444bab19b4486845944ef51031e9133470
Closes-bug: #1436523
2015-03-25 15:23:45 -04:00
Monty Taylor
12165f7b25 Split dib-init-system into its own element
Other elements need this and don't necessarily need base.

Change-Id: I3a12611d7d891a1fb0476f4095be522210b60cba
2015-03-25 13:28:38 -04:00
Monty Taylor
05356cbc09 Handle non-cloud-init installs
Not all operating-system elements install cloud-init, but the base
element assumes its existence. Create the directory if it does not
exist.

Change-Id: I4bda8dc5d200825ea0c8163a4e5c44050a45083f
2015-03-25 13:28:12 -04:00
Gregory Haynes
f06e3fdb01 Dont try to unmount if were not using tmpfs
I regularly see users report that their build fails because this unmount
line reports an error. Even though we dont bail here because of the ||
true, as a user it is hard to distinguish this from an error.

Change-Id: Ic43f4fb24c53c58329fdf501bba6ba14024ec2aa
2015-03-24 18:30:55 +00:00
Pino Toscano
626ca9ad47 Run udevadm settle after kpartx -l
it may happen that if the system where disk-image-create runs is busy,
then the kpartx -l run may leave a stale autodelete loop device.

This is because kpartx -l first adds a new loop device, then does the
listing and removes the loop device. The latter may not end before the
end of the kpartx run, leaving a loop device marked as autodelete.
Such kind of loop device will automatically delete itself, so the
 rm -r $WORKING
after
 sudo umount -f $WORKING/mnt
in the EXIT trap will fail because $WORKING does not exist anymore.

To prevent this situation, just ask udev to finish its operations,
properly removing the (temporary) loop device.

Change-Id: I12246f3dbe6b5669e698767682a5a142f803823b
2015-03-23 10:38:21 +01:00
Jenkins
100959de8d Merge "Add no_timer_check to vm grub cmdline" 2015-03-20 13:05:03 +00:00
Jenkins
b30513f0a2 Merge "openSUSE update" 2015-03-20 09:34:15 +00:00
Jenkins
defae1a7fd Merge "Cleanup/restify components.rst" 2015-03-20 09:34:06 +00:00
Jenkins
0a82b3ebcc Merge "Flagging ubuntu-minimal as untested" 2015-03-20 09:00:16 +00:00
Jenkins
e0e0159ef7 Merge "CentOS 6 Element" 2015-03-19 19:42:40 +00:00