Using "yum --downloadonly" breaks the abstraction of
"install-packages" because it downloads to the yum cache. It also
acts funny if the package is already there.
Add an argument to "-d" which is the directory to download to. dnf
has "download" built in, and for the old case use yumdownloader which
acts about the same. Ensure it is installed, since it comes in
yum-utils.
Also a slight cleanup of the getopt parsing so it's easier to have the
required argument for -d
Thus we can remove most of the stuff in 15-remove-grub. The check for
centos6 and it's lack of grub2 is clarified. All the stuff about
having to remove the package, purging the cache etc so yum gets the
right thing is no longer relevant. The long section of commented out
code at the end is also removed for clarity.
I tested this with an F21, F22 & centos (6) build
Change-Id: Id1e430e7d050a0b99ac449e2ea435e06cda1c4e6
Docker can export root filesystems, which is what we want out of root
elements. Make a very simple passthrough element that will grab a docker
image and export it into a root filesystem.
Change-Id: Ie1e2d5dd5a61558f100e02c953b18d697a8fe8a2
There is a common pattern of if init_system == foo then install init
script foo-service-init into /etc/init... Lets encode this pattern by
allowing elements to put files into init-scripts/init-system directories
and then copying the appropriate files for them.
Change-Id: I541db18a0a8c5e0755a0af5732f4e15a5e5cf984
When building an image having the elements debian and vm, cloud-init
fails with:
ci-info: !!!!!!!!Net device info failed!!!!!!!!
Looking at the source code, it executes ifconfig to gather informations
but the `debian` elements does not provide it. There is also no DHCP
client available which is rather painful.
Install isc-dhcp-client to provide a DHCP client.
Install net-tools to provide ifconfig, required by cloud-init.
Ref: https://phabricator.wikimedia.org/T105152
Change-Id: I76dfd4f87a5c9f08e7c572fb4f5ebeeb34f5f66a
Remove hardcoded refrences for ethernet interfaces from ironic-agent
and sets a dependency on dhcp-all-interfaces to ensure it works for
all interfaces for all other operating systems.
Change-Id: I7ae6d1c5bd9911ef3db45187c0010cf0973badf1
Closes-Bug: #1471802
The fix for static links to the latest image has been rolled out.
Update documentation accordingly.
Change-Id: Ic92d0e1d584ca2bf1d82f411102079cb4455bddb
The init scripts have now been moved in to glean itself, so just consume
them directly.
Change-Id: Ib85128579c62020df23d73404c0563894038d2dd
Depends-On: I2ed25ce434023bfc8b6a88a08c0c06c1cef63982
Glean now supports setting a hostname, lets ask it to do this.
Change-Id: Iea8d210b4b5add8fed4038cf81ce28d1d7c7c1c4
Depends-on: Ia9155bc565ad79af44d88acc06759be2bf4e5f20
This element installs oat-client on the image, that's necessary for
trusted boot feature in Ironic to work. This element only works on Fedora.
Intel TXT will measure BIOS, Option Rom and Kernel/Ramdisk during trusted
boot, the oat-client will securely fetch the hash values from TPM.
Change-Id: I0f1221b5708e9a5792df62ee6e73034f8bf1577c
Passing a source-repositories ref of "*" should signal fetching all
heads similar to when a non-cached ref is requested. Reuse the same
fallback logic, but skip unnecessary checks since "*" is not a real
refname. Also expand the fallback to update tags, and to --purge
local refs that no longer exist on the remote for additional safety.
Change-Id: I4562c9689a8d235ebe09b2f7178aa5890dbc85f1
Some minor workarounds for Fedora >= 22 where dnf is the default
package manager. The changes are documented on the Fedora release
notes https://fedoraproject.org/wiki/Changes/ReplaceYumWithDNF
Change-Id: I7d7d6f5d294980dcb217d6190a1efd9e0bbea9a6
Add a YUM variable that defaults to dnf for Fedora 22 and greater. At
this stage the yum element can do double-duty with dnf -- it's mostly
the same. If we find it starts getting too unwieldy we can separate
this later.
Modify the install-packages for yum to use this variable when set, but
default back to "yum" to retain the status-quo.
Change-Id: Ibff71465b392d9f66b6f93955ff9223575d6165c
Installing Python to a ramdisk takes quite a long time because of
the way dracut checks for dependencies of every single file
installed. We could avoid that, but then we might miss a required
library file.
This change alters the installation method to speed up
the process. First, it creates a list of files that are needed and
then installs them all at once using inst_multiple instead of calling
inst on each file separately. This doesn't make a huge difference,
but in my testing it is marginally faster.
Second, and more significantly, we don't need the *.pyo and *.pyc
files as those are simply an optimization to speed up module
loading. Because the deploy ramdisk is a short-lived operation,
we probably lose more time transferring those extra files to the
target system than we save in improved load times.
In my testing, these two changes netted about a 20% improvement
in build times, and about 13% decrease in image size.
Change-Id: Ibc2b778c28fc9fb7177380dffe8dbce5722d0733
On some systems, it can take longer than 10 seconds for the root
disk to be detected. Because enterprise hardware. Increase the
wait time to 60 seconds so we don't incorrectly fail due to a
missing root device.
Change-Id: I4f67ef0295af8f2ae783fe3aea347b41987c6a66
This reverts commit 7a4c396948.
Note this time it sets it to F21, not F22, and gets rid of the
duplicate definition that doesn't get exported.
Change-Id: I240ad25d7a73c379559517a2a8399ae8c098314b
Changed simple-init to utilize a PATH variable in order to allow
for glean to be executed in the event the operating system places
glean in /usr/bin, such as what occurs on CentOS 7.
Change-Id: Ibf95fcd7ca368595e8fb3473f25eb0a919726e39
Now that we are changing fedora to default to f22, lets gate on f21
still working.
Depends-On: Icbd08fb5aa69446ad65ff72af631902c4e1fa12b
Change-Id: I8b7b957fafc028aa2970803bd23ea644114f9b7f
We are using which to find the location of setfiles. Our script is set
-e though, and we need to also be able to handle the case where setfiles
does not exist (like on centos-minimal).
Change-Id: If53c7a80efc081b95b143c28be64d39b12bfb469
The default release for fedora is actually 21 for us, and we are unable
to build 22 right now.
This reverts commit 379d6a2650.
Change-Id: Iffcc505f1e115cb6bc662b57a78878e498ce338e
Wrong package in the list, dracut-modules-growpart is wrong,
needed dracut-modules-growroot for proper resize to work
Change-Id: Iea8789ea3d44d182197a4713244b551f2cd4dd55
Closes-Bug: 1461601
This patch is adds a new grub2 element that installs the
grub2 bootloader on the image so it can work with Ironic's
local boot support.
This patch also modifies the iso element which was installing
same grub2. It removes the grub2 installation from iso element
and makes it dependent on grub2 element.
Co-Authored-By: Ramakrishnan G <rameshg87@gmail.com>
Change-Id: I37bcf2c525708d1e2e0f95cf5874a279f76861f7
This commit adds support for providing custom kernel
cmdline args while building deploy ISO. This is useful
for adding kernel cmdline like 'console=ttyS1' in
environment (assuming all bare metals have been configured
to output to COM2 in BIOS).
Closes-Bug: 1451634
Change-Id: I20b04d9d104cfe46df0439c3f567a721a27e186a
This commit addresses follow-up comments on
I1ffb832ebab009b2d77a46e6c8fc758dd9632359. The change
is to delete get-pip.py immediately after installing pip.
Change-Id: I2768da2365b08304b8e7fcf55c91101b05ec33ea
Add current version of Ironic API for consistensy with IPA and Ironic
API settings, and for compatibility in the future.
Change-Id: I13c7a26b6cfb47a14aa49ee78441a1d97d7b42d0
In the case of using portal registration with an activation key, the
rhel-common element is still executing a `subscription-manager attach`
command. This should not happen if an activation key is provided. This
is because an activation key already provides the subscriptions to
attach.
This patch fixes this behavior.
Change-Id: I5a8425d1778362bb7a0dadc91a46308f16b2a526
Closes-Bug: #1456648
It's useful to be able to pass in multiple yum repo configuration files
via $DIB_YUM_REPO_CONF, not just a single one.
Change-Id: I43722229a2df58be55bdb2b50c253e957b18e6fe
When something goes wrong, you usually can't boot the image. nova
console-log is usually available though.
Change-Id: Ie4525d0c3ee8b59f035544592b30f0635aba1811
Hard coded path fails on Distros (such as el6) with setfiles bin
in different places, for example, rhel6 has this in /sbin/setfiles
Change-Id: I7aff9cdadd9aed9cfc806a1010acbf36b7b6d0e7
dib-run-parts filters the acceptable characters in script names,
and "." is not allowed (see $allowed_regex there), so
01-clean-old-kernels.sh is never executed.
Rename it to drop its .sh extension, so it is executed for real.
Change-Id: Ieb633b31214f1accf03b92a2b06590fdf2127b6b
Weve had some regressions recently with the changes in the debian
element. Lets tests that we can build debian images.
Change-Id: I048e7a32ecb4088ec1b1e3b1efdf146187b093db
Adding a test function which allows us to use elements to perform
element-specific tests. In order for this to work sanely, also adding
some configuration to our break system so we can assert on negative
tests.
Also adding a test for apt-sources to verify this code actually works.
Change-Id: I378a74255010eca192f5766b653f8a42404be5ea
We should make use of the CentOS-7-x86_64-GenericCloud.qcow2 symlink from
http://cloud.centos.org/centos/7/images/ instead of having a hard coded cloud
image. Specific cloud images can still be downloaded by overriding
$DIB_RELEASE.
More importantly, using the symlink will keep us automatically up to date with
the latest CentOS 7 cloud image. The image in use by the hard coded value
occassionally exhibits "No space left on device" errors after the cloud-init
filesystem resize. More info about this issue is at:
http://xfs.org/index.php/XFS_FAQ#Q:_Why_do_I_receive_No_space_left_on_device_after_xfs_growfs.3F
The newer cloud image (with a newer kernel) does not exhibit this issue.
Change-Id: I3e19f6269ceba937fcd630bab265d132bd525519
Check for the current distribution using $DISTRO_NAME instead of
`lsb_release`.
Also, remove the existency check, as $DISTRO_NAME is supposed to be
provided by distribution elements.
Change-Id: I2276c63e9ac43576da528a70235129800c093b3e
Cloud-init and simple-init are not meant to play together. Lets disable
cloud-init if simple-init is installed.
Also guarding cloud-init-datasources against running in an environment
where cloud-init is not installed.
Change-Id: I5bfa9a3e83d3259db2436404034ad58c780de1c9
Diskimage-builder currently writes cloud-init config file which adds a
host entry mapping the hostname and FQDN to 127.0.0.1 into every image
built. This is probably useful for some use cases but not for all, so we
now allow customizing the manage_etc_hosts value via
DIB_CLOUD_INIT_ETC_HOSTS variable and also not writing the config at all
if that variable is explicitly set to an empty string (currently the
default is 'localhost' but in the future the default will be empty
string).
Particular description of the problem this causes in TripleO follows:
We get hosts files like this:
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
127.0.0.1 ov-rl5i5saoc6h-1-hj5tzsbrdv4c-controller-dy6nuyarqy5z.novalocal ov-rl5i5saoc6h-1-hj5tzsbrdv4c-controller-dy6nuyarqy5z
# HEAT_HOSTS_START - Do not edit manually within this section!
192.0.2.17 ov-rl5i5saoc6h-0-wfzcsrqo34p6-controller-m3hy26lhxavl ov-rl5i5saoc6h-0-wfzcsrqo34p6-controller-m3hy26lhxavl.novalocal
192.0.2.15 ov-rl5i5saoc6h-1-hj5tzsbrdv4c-controller-dy6nuyarqy5z ov-rl5i5saoc6h-1-hj5tzsbrdv4c-controller-dy6nuyarqy5z.novalocal
192.0.2.16 ov-rl5i5saoc6h-2-a6v7saxnivm5-controller-7jboskte34r7 ov-rl5i5saoc6h-2-a6v7saxnivm5-controller-7jboskte34r7.novalocal
# HEAT_HOSTS_END
The duplicate hostname/FQDN entry for 127.0.0.1 and 192.0.2.15 confuses
Corosync, which then fails to start a cluster when using hostnames in
the config file instead of IPs.
Change-Id: Ia8582883f737548e2911d3f36a1943e5b236281b
Partial-Bug: #1447497
vconfig is actually deprecated in favor of the ip command, and is not
available on some newer distros (RHEL 7 at least). I'm not honestly sure
why it needs to be installed in all images anyway. I traced the origins
of installing the vlan package here all the way back to the first dib
git import from some other repo...so, I don't see any obvious reason why
it needs to be installed.
Change-Id: I272667cf29f5e41c217a26f70937b2842a04f748
subprocess.CalledProcessError in Python 2.6 does not have the 'out'
parameter for __init__, so pass only two of them and manually set
'output' in that case.
Fixes/improves commit 7f410aaff2.
Change-Id: I279bdf433b1272a9c3af4d66a2a52c78a7ac5de2
Instead of manually creating epel.repo files, make use of the epel
element, which will properly install epel-release.
Change-Id: Iea7b389bc1ade716c622fd39d5e7dcf119dcb447
This commit address last comments on
I5e8a706989bad13051eb47db0b1e762e6c672318. It adds
the date for a comment was added and removes redundant
wait period for initialization.
Change-Id: Idff38835969c094175f68be78c407ae975473b57
This commit fixes errors while trying to create a
DIB ramdisk with ironic-agent element when built
behind proxy. It fixes the issue by making it install
latest versions of pip and setuptools which has the
fixes for them.
Change-Id: I1ffb832ebab009b2d77a46e6c8fc758dd9632359
Closes-Bug: 1449852
rhel7 and centos7 images are both only available on x86_64 arch.
if $ARCH is misconfigured, some strange error will happen during the build.
For example, DIB will try to install EPEL i386 on the 64bit root system.
For the record, tripleo-incubator $NODE_ARCH default value is i386. The
problem will happend as soon as the default value is used with one of
these root elements.
This commit ensure the $ARCH is set to amd64 as soon as the centos7 or
rhel7 root element are used.
Change-Id: Ie41fa2da48eac6bf89b96cfa137c0f572dae6734
In Kilo, we added added an iscsi extension in
ironic-python-agent which requires tgtd and tgtadm.
This commit adds scsi-target-utils to the ramdisk for
this.
Also the git protocol for retrieving the source code is
changed to http. Git protocol doesn't go through a proxy,
but http can.
Closes-Bug: 1449854
Change-Id: I8cf274913a16404941770d0c6115bd6feec1ccb8
Starting from syslinux 5.00, isolinux.bin is dependent on
ldlinux.c32 to boot for BIOS machine. syslinux > 5.00 is
delivered with Fedora 21 cloud image which breaks the boot
from ISO if ldlinux.c32 doesn't exist.
Change-Id: If722f36aeaabc759d93ef6ae3f49b21bb840a92d
Closes-Bug: 1449882
These are ubuntu-isms that do not exist on debian mirrors and cause
builds to break if they're based on a stable debian release.
Change-Id: I08c2826eba4aabd0be69955220624b2f179a15ee
Closes-bug: #1450198
Set the pbr option 'warnerrors' to make build_sphinx turns warnings into
error. Fix all warnings.
`tox -edocs` will thus abort whenever someone introduce a new error.
Change-Id: Id6d09768a241866e1fdc1a1e2bf90336f5c5087d
debootstrap is not debian or ubuntu specific. We can make a debootstrap
element that knows how to do all of the things, and then a
debian-minimal and ubuntu-minimal image that use it. Finally, make
the debian element simply be a collection of the extra things we do to
make it look like a cloud-init based cloud image.
Change-Id: Iaf46c8e61bf1cac9a096cbfd75d6d6a9111b701e
glean is now moved into the openstack-infra repos, so the reference to
the originally temporary home can be discarded.
Change-Id: Ie89fff85e264a36d9bab15801314d5195b45031c
In some cases, like linux-image-* on debian, we need to only install
packages for a specific target architecture.
Change-Id: Ic0009d0c1e121d6f3f1f21345c544e2d98f080f9
This change uses blkid to identify the fs type during redhat-common
extract-image. The image is mounted with -o nouuid for redhat/rhel
images that have XFS filesystems.
This is required when building images from the same base image
as the host VM to avoid "Filesystem has duplicate UUID" mount
failures.
Change-Id: I066289fbb27733a5a555242a0e2c363d58dd27d0
Closes-Bug: 1443706
Now that we have a generic yum-minimal element, just use it in centos
instead of rinse. Adding base as an element-provides of yum-minimal
because this element conflicts with the base element.
Co-Authored-By: Gregory Haynes <greg@greghaynes.net>
Change-Id: I15275d821781171c118f21aa0c0bca55f65a65b3
The loopback handling in the Linux kernel limits the filenames of
files associated to loopback devices, see also linux/loop.h.
This is reflected also on userspace, as kpartx will silently do nothing
(exiting with 0) when requesting to remove a filename longer than 64
characters, as that name will obviously not match the truncated
filename. The result of this is that, when extracting qcow2 images for
the first time, if the qcow2 filename is long enough then the loopback
device will not be removed, remaining as stale in the host.
As a workaround, use a temporary file name when convering a qcow2 image
to raw, instead of using the base name of the qcow2 file.
While this still will not fix the issue when manually using a long
temporary directory (e.g. TMP_DIR=/very/long/etc...), at least should
avoid it in other cases.
Change-Id: Ibf46cd313a9d89412c0e1068fa0993be6c5a29db
This commit changes Ironic deploy ramdisk to find out
the virtual media device by using labels instead of
looking at the model of block device. This helps in
finding out the device irrespective of the hardware.
Corresponding Ironic change is
If5b78d9af7048f2631d050ee5ce01ab7a67e2354.
Closes-Bug: #1429340
Change-Id: I5e8a706989bad13051eb47db0b1e762e6c672318
Commit b4a1f1c190 wrongly changed the format of the available
images. There was a missconfiguration on the buildservice which produces
the images so no static links were available. That's fixed now so use
the correct names again.
Change-Id: Iac4cbc8672da67f5a89ac2f1be8bb9530215ea19
The centos-minimal approach of using rinse does not, it turns out, work
on centos. That's a bummer. It's also rather heavyweight. Instead, with
minor machinations, we can just use yum itself pointed at a chroot.
Also adding fedora-minimal element which creates a fedora image using
the new yum-minimal approach.
Co-Authored-By: Gregory Haynes <greg@greghaynes.net>
Change-Id: I026fd9d323e786dae5bb67824c6501067e1ceaa3
If you don't want cloud-init, you may need to get a few things
from config-drive because you may be operating on a cloud with no DHCP.
In that case, simply reading some values from config-drive and writing
out either DHCP or static network info, in addition to grabbing ssh keys
is helpful. Both Infra and bifrost want this for their images.
Co-Authored-By: Gregory Haynes <greg@greghaynes.net>
Change-Id: I2746ed256b9783eab058b803130d3ccac484eaeb
We support building elements without depending on the base element.
Breaking install-types out into its own element while making base depend
on it so elements can depend in it without base.
Change-Id: I104543d5482c76f60902e9fc32d91e196eeab51a
Turns out that updating packages last causes some pretty
non-intuitive behaviour if you are trying to pin a package
to a specific version. Lets just update the base RPMs first...
subsequent installations should install the most updated version
anyways (unless they are pinned).
Also moves the package-installs script from the 00 step to 01 so
we can do the update first.
Co-Authored-By: Ben Nemec <bnemec@redhat.com>
Change-Id: I962046cc6048e852e6582fbc579f88bb73e23fdd
This fix prevents loading of unsigned ubuntu kernel in UEFI secure
boot environment when image is created using 'iso' element.
'iso' element uses 'linux' and 'initrd' modules of grub2 to load
kernel and initrd respectively. The grub2 implementation of Ubuntu
can load unsigned kernel when these modules are used.
Ubuntu has Grub2 modules 'linuxefi' and 'initrdefi' which exits
boot process if unsigned kernel is used in UEFI secure boot mode.
The 'iso' element should use these modules in grub.cfg to prevent
loading of unsigned kernel when node is booted in the UEFI secure
boot environment.
'linuxefi' and 'initrdefi' works seamlessly when node is booted in
normal UEFI boot mode (non-secure).
Fedora do not have this issue. This fix has been tested in Fedora
environment. It works fine.
Closes-Bug: 1443114
Change-Id: If256ba1f7d7c149482d0f37fabcdfa8ed22e3f91
ubuntu-signed element would install 'linux-signed-image-generic' that
provides signed kernel that can be used for deploy in UEFI secure boot mode.
Package 'linux-signed-image-generic' ships signed kernel with extension
'.efi.signed' (Ex. '/boot/vmlinuz-3.13.0-49-generic.efi.signed').
The kernel modules directory for signed kernel and unsigned kernel is same.
It is without 'efi.signed' extension to its name. This is different from normal
practice of directory naming in '/lib/modules' (Ex. For signed kernel
'vmlinuz-3.13.0-49-generic.efi.signed', modules directory is
'/lib/modules/3.13.0-49-generic').
This needed some changes in '/lib/ramdisk-functions' and 'ramdisk' element to
copy kernel modules.
The signed kernel package contains both signed and unsigned kernel. The
unsiged kernel is without extension '.efi.signed' (Ex.
'/boot/vmlinuz-3.13.0-49-generic'). This required change into
'/lib/img-functions' and 'baremetal' element to pick up signed kernel version
when this element is used.
Closes-Bug: 1443076
Change-Id: I60061cbea847b47fa752b9463cfd387e8e7f0635
The targetcli element was triggering a bunch of errors from dracut
when we installed all of Python. It turns out this is because there
were filenames with spaces in the find output and the loop didn't
handle that properly. This switches to a while loop that can
handle odd filenames.
Change-Id: Iacbf16f26f2bc9991840250dc8ae7990db54d811
Currently, calling the troubleshoot function in a ramdisk script
doesn't work as expected on dracut ramdisks. This adds an alternate
troubleshoot implementation that will behave as intended.
I did not make it conditional on a kernel param as was done in the
original because dracut can behave strangely if you allow it to
continue after an error. Always dropping to a shell immediately
should be less confusing.
Change-Id: I98000f4ac6d7890b1f44fe4d10394ac0ea332fcb
Do not rely on environment changes (like exporting REG_HALT_UNREGISTER)
to persist between different hooks run. This helps when the hooks are
run in different new environments every time.
Instead, in 99-unregister redo the same checks on REG_METHOD as done in
00-rhel-registration, still respecting REG_HALT_UNREGISTER in case the
user does not want to unregister the image generated.
Change-Id: Id594dcd72334f38a2fa96da21206da77a83d7a1a
Closes-Bug: #1434431