The correct workflow for building RHEL6 images includes not using
the rhel-registration scripts in this element, but rather the 00-rhsm
script. This patch updates the return value from 1 to 0 for the case
when the REG_METHOD is left unset. This will allow the RHEL6 images
to build without needing to set REG_METHOD. This patch also improves
the note about RHEL6 image building.
This patch is the result of the discussion in the comments of [1].
[1] Iff7b9fc30d5a36231598a977a9edcd55229766c5
Change-Id: I2f35b8d7d8749d44d88f06e9e2c3116ff93b88fe
Closes-Bug: 1404364
When using the rhel element, it can be uesful to disable registration.
For instance, if using an internal mirror repository that does not
require registration/authentication.
Change-Id: I42fa34e7f146137e5b1b9c5d7785702311e1dca1
Copy all of TMP_MOUNT_PATH into the ramdisk so that
ramdisk-install.d actions are respected.
Includes a workaround for a bug in Dracut that caused the copy
to fail.
Also moves init instead of copying it so we don't conflict with
the Dracut init.
Change-Id: Ia8d7b210369fe7eb7ab239cbdb7f96841104a35d
Closes-Bug: 1403121
These scripts are littered with references to passwords and keys,
so rather than try to disable tracing in every one of those places
I propose we simply turn it off for the scripts. This will likely
need to be revisited after the global tracing discussion is
resolved anyway.
Change-Id: I805015300bf01b2f8eec9f70ccfdf533dd9386b3
Related-Bug: 1298205
The latest update to package-install captures both stderr and stdout
from pkg-map, unfortunately, pkg-map has a 'missing-ok' option
which causes it to print an error message on stderr.
The result is that package-install tries to look for packages named
"Missing", "package", "name", etc.
Change-Id: I86b3b71a64b29d533b42fd0cae020e8ecf22cac2
Closes-bug: 1402085
The element was prepending the work directory forcibly, which will have
problems when the image name has an absolute path, which is allowed.
Change-Id: I0cb7b96e24daab8ee73611936af72074c70ac1aa
Closes-Bug: #1400405
Ubuntu has recently release their "Snappy Ubuntu Core" which is a
minimal base-layer for running docker applications. Seems like the sort
of thing someone might want to use for tasks.
Change-Id: I6cb724451d1862121dee4ccf1f599ab8938f0b7f
VMs on Rackspace Cloud need nova-agent installed to get networking
information set up properly. Add a nova-agent element so that dib can
be used to create images to use on Rackspace cloud.
Change-Id: I075a50e9a2d7ae7641905b66bbbc627ad708b5ea
There are times when a much more stripped down base image is desired
over the distro cloud images. For instance, Infra would like some base
images that do not have cloud-init or really much of anything else. This
is easy to accomplish with debootstrap and rinse.
Change-Id: I44ff22457165afb048fdaea469210ae47d83dd3f
Instead of doing the work in the image of parsing through the element's
package-install declarations, we can squash it on hostside, where we
have both YAML and JSON available to us, and then emit a single
pre-processed file into the target to be used later.
Change-Id: I3f182aa3aae0a79b2f3ea4e66c1878ad12878b0a
Depending on bootloader and configuration, ramdisks may receive
a ip= kernel parameter that is used for manual network bring up
in the ramdisk. This parameter contains the address of the boot
server. In the absence of ip=, we want the ramdisk to DHCP and
proceed as normal. However, in this case need to know the address
of the boot server. This falls back to a 'boot_server' parameter
for this address if it is not provided via kernel cmdline.
Change-Id: Id1ed15ba125d91fa0a13d8e19d1385082ee5d9e9
Closes-bug: #1401289
Related-bug: #1401298
The docker build folks obsess about image size and speed a bit. Grab a
few of their optimizations from their debootstrap build process and
apply them to ours.
Change-Id: Ic3d3565423b0ae090896d99fd3bf1145eca6303d
The username and password combination is considered insecure to store in
the metadata passed to the stack as they can easily be obtained and
possibly used in an unathorized manner by logging into one of the
registration systems. The use of an activation key is more desirable
as it can only be used in conjunction with subscription-manager to
register a RHEL system.
This patch deprecates the username and password support from the script
that registers RHEL with either Satellite or RH Customer Portal during
boot-time. This patch also adds a warning if the username and password
combination is used in the stack metadata. The documentation and examples
have also been updated to warn operators of the deprecation of username
and password.
This patch does not affect the username and password support for
registration activities while building images with diskimage-builder.
Change-Id: I05b7a18e910d31ad2273042409f8657ad9dee36a
Previously the REG_REPOS value was a space delimited list of repo
names, but the spaces were incompatible with passing through json.
If you pass a list in json through the heat parameter, the output
is the string representation of a python list of unicode vaules.
This patch changes the rhel-registration scripts to process the
REG_REPOS value as a comma delimited list which is more easily
passed through json. Both scripts have been updated to remain
consistent.
Change-Id: I21b3fd115e53aa3b0fa4af9bbfb1f08b6fe163ab
Allows specifying the path to a yum repo configuration file to be used
during the image build process. The repo configuration file is removed
at the end of the build. This is useful in that it allows using any
arbitrary repo configuration during an image build.
Change-Id: I7d5c67d74a0bb4722ffc60aacfd9fa7e80fb59d5
Using lsb_release to figure out what distro and release an image is
is redundant, as the same information is available in DIB_ vars.
Further, it causes errors when creating new rhel7/centos7 images
like this: http://paste.openstack.org/show/144729/
Change-Id: I213ee581b8abfe119ffe3b783e6a3236e58e3e47
The file extention claims rst format, but it's plain text
as such, the online documentation doesn't render properly
Change-Id: I24accb45ab8c7803a25f2642ce1b2d479d5a6e9c
This patch adds support to register with the hosted customer portal
using activation keys. If an activation key is present in either
the REG_ACTIVATION_KEY or rh_registration.activation_key, it will
use that value instead of username and password credentials when
registering with Satellite or the hosted Customer Portal. This
patch also enforces that an org must be set in either the REG_ORG
or rh_registration.org to use the activation key.
Change-Id: If40dd78ba793d508afb1a5ab345470ee5929afb0
We have a new package-installs file format. Migrating existing
package-installs files to the new format.
Change-Id: I57d4a007efee9624e60c41357cefa627d8c7373f
We currently support package-installs definitions which has some
limitations and oddities. This new format requires only one definition
which does not reside in our run-parts directories and follows a
consistent naming scheme (package-installs.yaml).
Change-Id: Ie51a7c4fdc15634ae8e069728e5e07cc1dc36095
Fedora sets requiretty globally by default. This makes sense for
interactive machines with lots of password typing, but is pretty
attrocious for machines that might need users who remotely sudo to do
things. Just remove the setting.
Change-Id: Ic32bd92061a73f854683cc0d2d8919071dabe8cf
We immediately remove this, but the -grub2 causes a later attempt to
remove it again which fails. Don't install it in the first place.
Change-Id: I31d64abc9596707bdb8a0505d0dcbf7b82e1b82d
sudo is not needed, since in-chroot elements are run in the context
of the root user. Furthermore, sudo in pre-install is problematic as
sudo may not have been installed yet (imagine a debootstrap build)
Change-Id: Ib5c7e176a90fe3b8fa9c3cd702d3d815df54f472
ironic-discoverd [1] is a StackForge project for conducting hardware properties
discovery via booting a special discovery ramdisk and interrogating hardware
from within it. It aims to be one of the official means of hardware properties
discovery for Ironic in Kilo release [2].
The ramdisk collects hardware information from the machine
it's booted on and posts it to the URL provided via
kernel argument 'discoverd_callback_url'.
[1] https://pypi.python.org/pypi/ironic-discoverd
[2] https://review.openstack.org/#/c/135605/
Co-Authored-By: Lucas Alvares Gomes <lucasagomes@gmail.com>
Change-Id: Ic81fe8b3bd0884971bb522b48658c7ee538a31f2
Using only a local filesystem mirror could lead opaque errors.
Print a warning message in this situations.
Change-Id: I5f77151ea928868f4c441e8a1bb2eb0966b21832
Closes-Bug: #1297948
An app using pkg-map (like package-installs) might want to distinguish
between a hard error (invalid pkg-map file) and a soft error (no
mapping found). Currently this is not possible because we only return
with error values of 1.
Also printing error messages to stderror so we can still make use of
stdout data during a soft error.
Change-Id: I8bef56d3a74e8530afb8c58ac50ca3e9f7700639
We check python files with dib-lint rather than flake8 which have
conflicting opinions. This means weve been (forcibly) writing non pep8
python.
Also fixing pep8 issues so tests pass.
Change-Id: Idc9db40334f6e15738a7802c06697270df68741c
This patch updates the 00-rhel-registration script to not
not fail a stack when metadata isn't found.
Change-Id: Ie305fed79e4baadf1a03c4a3d06a23cf36e92f77
This patch writes a warning out to stderr to notify element authors
that may be using map-packages to migrate to pkg-map. This patch
also prints out a warning during image-create that lists the specific
elements that are not using pkg-map.
Change-Id: I7e2a7611dd5650815736ce998aa94a7833193d06
The source-repositories element puts source in place in the generated image
for later installation. It is possible for two elements to define the same
source to later install, and as long as the remote location and reference to be
installed is identical, we should not error.
Change-Id: Ic7dfb1961486c59d2005b5c1e7587267ea42e999
This allows extra arguments to be passed to the debootstrap
command when creating an image using the debian element.
Change-Id: I87eb856365ff6a17f051e2e56587235648328d57
Co-Authored-By: Ghe Rivero <ghe.rivero@gmail.com>
It was depending only on deploy-baremetal. Changing it to 'deploy' could
be used with both baremetal and ironic deployments
Change-Id: Ia2600080b488f7d259a9baf111767e82b6cc933d
These are already listed in the respective deploy-* elements, and
if we include them here then they get added to every ramdisk built
with dracut. That causes issues for elements that don't need
something like tgtd because it won't be installed and the
binary deps script will fail.
Change-Id: Ibdcf7d200d4f7136396b63404cd966f7557043e0
This element creates kernel and ramdisk files based on Fedora,
example:
disk-image-create -a i386 -o test fedora ironic-agent disable-selinux
Change-Id: Ifa133d1680b81cb87d32a405aa7d7b40fe91f835
We don't actually need a real value for the root kernel param, and
requiring one causes problems for things like the discovery ramdisk
that don't pass in a disk= parameter. Dracut seems to be happy to
take /dev/zero as the value, so we can just always use that.
Change-Id: Ia724f0214c26aa18c6f8f41f2c48d7f25b52ee6c
This patch writes a warning out to stderr to notify element authors
that may be using map-services to migrate to svc-map.
Change-Id: Ic80db16c607958d025e89b3a4058a9cbb568938e
The URL we were using to download lsb_release from no longer works,
install from package so this is not affected by disappearing URL's
in future.
This was originally installed from a URL because the package dependencies
caused a 87M increase in the size of the base image. For fedora the
increase is now 27M which is a little more tolerable.
Change-Id: I6e56a4a81786b33c5c6b92df2bd8236cd3f19670
This patch documents the 00-rhsm script as <= RHEL6 as it doesn't
work with the latest release of Satellite. The Red Hat Network
(RHN) method of registration is being phased out in favor of Red
Hat Customer Portal and Satellite 6. The subscription-manager
command line tool is the preferred method of registration.
The registration of RHEL is required to enable repositories for
software installation during image creation time.
This element provides functionality for registering RHEL images
during the image build process with diskimage-builder's
disk-image-create script. The RHEL image will register itself
with either the hosted Red Hat Customer Portal or Satellite to
enable software installation from official repositories. After
the end of the image creation process, the image will unregister
itself so an entitlement will not be decremented from the account.
Boot-time registration is supported through metadata. Please see
the configuration in the README for more information.
Change-Id: Ia9ef377cc4ed9595633888bfb248a1224e04b542
Adds new disk-image-create --install-type option which
can be used to enable alternate install types. The
default install type is 'source'.
The motivation is to eliminate elements like
enable-package-installs which require coupling and also
don't work with elements in multiple element repositories.
This patch does not prevent you from using the previous
DIB_INSTALLTYPE_ variables to customize the install type,
rather it just changes the default so you don't have to
set it so often when using things like packages.
Change-Id: Icee98440fc2251728f2dca30e7c4789a0fd89b93
I would like to recommend to use + instead of \; in the find
command. As this will ensure the removal of all selected
directories in a single invocation.
Hence improve the speed of deletion.
Change-Id: I409fe11aae217afb6f790491591005c679264ed4
Our package-installs script fails when installing a package which does
not have a pkg-map but a pkg-map file exist for the element.
Change-Id: I3dab802e23bccfc916efcc1c70c6ce6c4a9ccf67
A similar change was needed in the normal ramdisk element as part
of ae928057bd to avoid running
cleanup immediately after the ramdisk build completes.
Change-Id: Ia96e2d8011b88ed96cc6727914c5a5d2dea59757
Current iso element uses 'search --file' to find the
grub root. This is a wrong approach as it may find
some other partition containing /vmlinuz. Instead modify
it to search for grub root by the label of ISO image.
Closes-Bug: 1384826
Change-Id: Id4217be3420597bed2f80a96788928259ec91582
After bootstraping a Debian image, the repository keys
are installed to verify the packages signatures, but the
Release signature file is missing. Updating the repo,
will retrieve a new InRelease file (inline signed).
Change-Id: I14f0d22cc9c72be9b07f3708270359bc8cff112d
Instead of hard-coding a list of binaries to include in the dracut
ramdisk, use the existing binary-deps.d functionality to provide a
list. This will allow other ramdisks (such as discovery) to add
the binaries they need.
Change-Id: Ib7ffa15e08db1cc45e93a8f2a5c01369772c93ff
Busybox should be installed and managed from the ramdisk element,
since that is common to all elements that need busybox. In
addition, we do not want busybox installed when building Dracut
ramdisks, so it can't be in the deploy-* elements.
Change-Id: I2656d20b466138f7f6dfcf558ba90c6909151d3c
This commit adds a new element named 'iso' to build a bootable
ISO image for the kernel/ramdisk emitted by the 'baremetal' or
'ramdisk' element.
Change-Id: I89d175a29e2d0bc64b47fe527f0d0f6875f6849a
During internal testing we are getting the following error from
merge-svc-map-files
File "/tmp/image.K2MYCphY/hooks/extra-data.d/10-merge-svc-map-files", line 54, in main
with open(data_path, 'r') as dataFile:
IOError: [Errno 21] Is a directory: '...diskimage-builder/elements/svc-map'
Somehow IMAGE_ELEMENT contains a extra white space that manifests itself
as an element without a name. It is very hard to find where this is coming from so
instead this patch makes merge-svc-map-files more robost to this situation
Change-Id: Id1500ead8a77d691408617dcdc4e095bc5775be8
The element builds dracut from source on Ubuntu because the
Ubuntu dracut package is broken and very old, so it can't be
installed properly and causes a number of other issues that
are fixed by using a newer version of Dracut.
This initial version should work in virtualized environments.
Further validation of its suitability for real baremetal
deployments will need to be done in the future, but this should
be sufficient to enable that work.
Regarding Dracut specifically, in order to limit the changes
needed in the existing scripts this element continues to use a
cut down version of the /init script that we were building for the
existing ramdisk. However, instead of running it as pid 0 it is
run as a Dracut pre-mount hook. This allows Dracut to set up all
of the hardware and system bits, while falling early enough in the
Dracut sequence to complete the deployment before Dracut would try
to boot off the hard disk.
bp tripleo-juno-dracut-ramdisks
Change-Id: I144c8993fe040169f440bd4f7a428fdbe3d745cf
This reverts commit 4bf38a829a.
This variable is pointless since we can always replace it with
/lib/systemd.
Commit I459f7514ab35082d31607968252a9005fa25de2a will fix the issue
in tripleo-image-elements.
Change-Id: I524badb6836a0d04a5f6e6a5b5d95920fd923ef6
We are autodetecting and configuring devices in dhcp-all-interfaces
so having one configured in /etc/network/interfaces by default
is redundant and slows boot down.
Change-Id: Ic4e8a0668c793d21ed2dd96908649c9a77264f67
Closes-Bug: #1239480
After being deprecated two releases ago, finally remove any reference
for the support of first-boot.d
Change-Id: I08d67404ef48cad61db3b18fb86e970abfa5d2b6
In our official image builds we are only allowed to use resources
that are "blessed" by the build system. This means that external
things like git repos and tar files are not allowed. Currently,
even in offline mode source-repositories expects those things to
be available in the cache, so we need a way to disable it entirely.
This change adds an environment variable NO_SOURCE_REPOSITORIES
that does so. It can be set in an environment.d script so elements
that might rely on a source repository will know it's not available.
The 02-lsb script in redhat-common is one such example and is
updated to handle this case.
Change-Id: I0de63bee6ad79733d6711478c707a9b41593e85f
This is the final released image; it is the same one deployed in many
cloud provers such as HP and AWS. It is also safe from all known
vulnerabilities up to its release
Change-Id: Ib8ba561662d2a98da55eb292b850dc019226dd59
Each distro had its own copy of the file, but they were all the
same and it's actually installed in redhat-common so it belongs
there.
Change-Id: Iad15f39fd28d1c4e20d30dcb2eb0ae6f2fa2b015
When uploading images to multiple clouds it is possible that the same
image will be needed in multiple formats to accomodate hypervisors
across clouds. Update disk-image-create's -t flag to take a list of
desired output image formats so that a single disk-image-create can
output all of the desired image formats.
Change-Id: If121b2342ae888855ba435aa3189f039e985b812
