Instead of doing the work in the image of parsing through the element's
package-install declarations, we can squash it on hostside, where we
have both YAML and JSON available to us, and then emit a single
pre-processed file into the target to be used later.
Change-Id: I3f182aa3aae0a79b2f3ea4e66c1878ad12878b0a
Depending on bootloader and configuration, ramdisks may receive
a ip= kernel parameter that is used for manual network bring up
in the ramdisk. This parameter contains the address of the boot
server. In the absence of ip=, we want the ramdisk to DHCP and
proceed as normal. However, in this case need to know the address
of the boot server. This falls back to a 'boot_server' parameter
for this address if it is not provided via kernel cmdline.
Change-Id: Id1ed15ba125d91fa0a13d8e19d1385082ee5d9e9
Closes-bug: #1401289
Related-bug: #1401298
The docker build folks obsess about image size and speed a bit. Grab a
few of their optimizations from their debootstrap build process and
apply them to ours.
Change-Id: Ic3d3565423b0ae090896d99fd3bf1145eca6303d
The username and password combination is considered insecure to store in
the metadata passed to the stack as they can easily be obtained and
possibly used in an unathorized manner by logging into one of the
registration systems. The use of an activation key is more desirable
as it can only be used in conjunction with subscription-manager to
register a RHEL system.
This patch deprecates the username and password support from the script
that registers RHEL with either Satellite or RH Customer Portal during
boot-time. This patch also adds a warning if the username and password
combination is used in the stack metadata. The documentation and examples
have also been updated to warn operators of the deprecation of username
and password.
This patch does not affect the username and password support for
registration activities while building images with diskimage-builder.
Change-Id: I05b7a18e910d31ad2273042409f8657ad9dee36a
Previously the REG_REPOS value was a space delimited list of repo
names, but the spaces were incompatible with passing through json.
If you pass a list in json through the heat parameter, the output
is the string representation of a python list of unicode vaules.
This patch changes the rhel-registration scripts to process the
REG_REPOS value as a comma delimited list which is more easily
passed through json. Both scripts have been updated to remain
consistent.
Change-Id: I21b3fd115e53aa3b0fa4af9bbfb1f08b6fe163ab
Allows specifying the path to a yum repo configuration file to be used
during the image build process. The repo configuration file is removed
at the end of the build. This is useful in that it allows using any
arbitrary repo configuration during an image build.
Change-Id: I7d5c67d74a0bb4722ffc60aacfd9fa7e80fb59d5
Using lsb_release to figure out what distro and release an image is
is redundant, as the same information is available in DIB_ vars.
Further, it causes errors when creating new rhel7/centos7 images
like this: http://paste.openstack.org/show/144729/
Change-Id: I213ee581b8abfe119ffe3b783e6a3236e58e3e47
The file extention claims rst format, but it's plain text
as such, the online documentation doesn't render properly
Change-Id: I24accb45ab8c7803a25f2642ce1b2d479d5a6e9c
This patch adds support to register with the hosted customer portal
using activation keys. If an activation key is present in either
the REG_ACTIVATION_KEY or rh_registration.activation_key, it will
use that value instead of username and password credentials when
registering with Satellite or the hosted Customer Portal. This
patch also enforces that an org must be set in either the REG_ORG
or rh_registration.org to use the activation key.
Change-Id: If40dd78ba793d508afb1a5ab345470ee5929afb0
We have a new package-installs file format. Migrating existing
package-installs files to the new format.
Change-Id: I57d4a007efee9624e60c41357cefa627d8c7373f
We currently support package-installs definitions which has some
limitations and oddities. This new format requires only one definition
which does not reside in our run-parts directories and follows a
consistent naming scheme (package-installs.yaml).
Change-Id: Ie51a7c4fdc15634ae8e069728e5e07cc1dc36095
Fedora sets requiretty globally by default. This makes sense for
interactive machines with lots of password typing, but is pretty
attrocious for machines that might need users who remotely sudo to do
things. Just remove the setting.
Change-Id: Ic32bd92061a73f854683cc0d2d8919071dabe8cf
We immediately remove this, but the -grub2 causes a later attempt to
remove it again which fails. Don't install it in the first place.
Change-Id: I31d64abc9596707bdb8a0505d0dcbf7b82e1b82d
sudo is not needed, since in-chroot elements are run in the context
of the root user. Furthermore, sudo in pre-install is problematic as
sudo may not have been installed yet (imagine a debootstrap build)
Change-Id: Ib5c7e176a90fe3b8fa9c3cd702d3d815df54f472
ironic-discoverd [1] is a StackForge project for conducting hardware properties
discovery via booting a special discovery ramdisk and interrogating hardware
from within it. It aims to be one of the official means of hardware properties
discovery for Ironic in Kilo release [2].
The ramdisk collects hardware information from the machine
it's booted on and posts it to the URL provided via
kernel argument 'discoverd_callback_url'.
[1] https://pypi.python.org/pypi/ironic-discoverd
[2] https://review.openstack.org/#/c/135605/
Co-Authored-By: Lucas Alvares Gomes <lucasagomes@gmail.com>
Change-Id: Ic81fe8b3bd0884971bb522b48658c7ee538a31f2
Using only a local filesystem mirror could lead opaque errors.
Print a warning message in this situations.
Change-Id: I5f77151ea928868f4c441e8a1bb2eb0966b21832
Closes-Bug: #1297948
An app using pkg-map (like package-installs) might want to distinguish
between a hard error (invalid pkg-map file) and a soft error (no
mapping found). Currently this is not possible because we only return
with error values of 1.
Also printing error messages to stderror so we can still make use of
stdout data during a soft error.
Change-Id: I8bef56d3a74e8530afb8c58ac50ca3e9f7700639
We check python files with dib-lint rather than flake8 which have
conflicting opinions. This means weve been (forcibly) writing non pep8
python.
Also fixing pep8 issues so tests pass.
Change-Id: Idc9db40334f6e15738a7802c06697270df68741c
This patch updates the 00-rhel-registration script to not
not fail a stack when metadata isn't found.
Change-Id: Ie305fed79e4baadf1a03c4a3d06a23cf36e92f77
This patch writes a warning out to stderr to notify element authors
that may be using map-packages to migrate to pkg-map. This patch
also prints out a warning during image-create that lists the specific
elements that are not using pkg-map.
Change-Id: I7e2a7611dd5650815736ce998aa94a7833193d06
The source-repositories element puts source in place in the generated image
for later installation. It is possible for two elements to define the same
source to later install, and as long as the remote location and reference to be
installed is identical, we should not error.
Change-Id: Ic7dfb1961486c59d2005b5c1e7587267ea42e999
This allows extra arguments to be passed to the debootstrap
command when creating an image using the debian element.
Change-Id: I87eb856365ff6a17f051e2e56587235648328d57
Co-Authored-By: Ghe Rivero <ghe.rivero@gmail.com>
It was depending only on deploy-baremetal. Changing it to 'deploy' could
be used with both baremetal and ironic deployments
Change-Id: Ia2600080b488f7d259a9baf111767e82b6cc933d
These are already listed in the respective deploy-* elements, and
if we include them here then they get added to every ramdisk built
with dracut. That causes issues for elements that don't need
something like tgtd because it won't be installed and the
binary deps script will fail.
Change-Id: Ibdcf7d200d4f7136396b63404cd966f7557043e0
This element creates kernel and ramdisk files based on Fedora,
example:
disk-image-create -a i386 -o test fedora ironic-agent disable-selinux
Change-Id: Ifa133d1680b81cb87d32a405aa7d7b40fe91f835
We don't actually need a real value for the root kernel param, and
requiring one causes problems for things like the discovery ramdisk
that don't pass in a disk= parameter. Dracut seems to be happy to
take /dev/zero as the value, so we can just always use that.
Change-Id: Ia724f0214c26aa18c6f8f41f2c48d7f25b52ee6c
This patch writes a warning out to stderr to notify element authors
that may be using map-services to migrate to svc-map.
Change-Id: Ic80db16c607958d025e89b3a4058a9cbb568938e
The URL we were using to download lsb_release from no longer works,
install from package so this is not affected by disappearing URL's
in future.
This was originally installed from a URL because the package dependencies
caused a 87M increase in the size of the base image. For fedora the
increase is now 27M which is a little more tolerable.
Change-Id: I6e56a4a81786b33c5c6b92df2bd8236cd3f19670
This patch documents the 00-rhsm script as <= RHEL6 as it doesn't
work with the latest release of Satellite. The Red Hat Network
(RHN) method of registration is being phased out in favor of Red
Hat Customer Portal and Satellite 6. The subscription-manager
command line tool is the preferred method of registration.
The registration of RHEL is required to enable repositories for
software installation during image creation time.
This element provides functionality for registering RHEL images
during the image build process with diskimage-builder's
disk-image-create script. The RHEL image will register itself
with either the hosted Red Hat Customer Portal or Satellite to
enable software installation from official repositories. After
the end of the image creation process, the image will unregister
itself so an entitlement will not be decremented from the account.
Boot-time registration is supported through metadata. Please see
the configuration in the README for more information.
Change-Id: Ia9ef377cc4ed9595633888bfb248a1224e04b542
Adds new disk-image-create --install-type option which
can be used to enable alternate install types. The
default install type is 'source'.
The motivation is to eliminate elements like
enable-package-installs which require coupling and also
don't work with elements in multiple element repositories.
This patch does not prevent you from using the previous
DIB_INSTALLTYPE_ variables to customize the install type,
rather it just changes the default so you don't have to
set it so often when using things like packages.
Change-Id: Icee98440fc2251728f2dca30e7c4789a0fd89b93
I would like to recommend to use + instead of \; in the find
command. As this will ensure the removal of all selected
directories in a single invocation.
Hence improve the speed of deletion.
Change-Id: I409fe11aae217afb6f790491591005c679264ed4
Our package-installs script fails when installing a package which does
not have a pkg-map but a pkg-map file exist for the element.
Change-Id: I3dab802e23bccfc916efcc1c70c6ce6c4a9ccf67
A similar change was needed in the normal ramdisk element as part
of ae928057bd to avoid running
cleanup immediately after the ramdisk build completes.
Change-Id: Ia96e2d8011b88ed96cc6727914c5a5d2dea59757
Current iso element uses 'search --file' to find the
grub root. This is a wrong approach as it may find
some other partition containing /vmlinuz. Instead modify
it to search for grub root by the label of ISO image.
Closes-Bug: 1384826
Change-Id: Id4217be3420597bed2f80a96788928259ec91582
After bootstraping a Debian image, the repository keys
are installed to verify the packages signatures, but the
Release signature file is missing. Updating the repo,
will retrieve a new InRelease file (inline signed).
Change-Id: I14f0d22cc9c72be9b07f3708270359bc8cff112d
Instead of hard-coding a list of binaries to include in the dracut
ramdisk, use the existing binary-deps.d functionality to provide a
list. This will allow other ramdisks (such as discovery) to add
the binaries they need.
Change-Id: Ib7ffa15e08db1cc45e93a8f2a5c01369772c93ff
Busybox should be installed and managed from the ramdisk element,
since that is common to all elements that need busybox. In
addition, we do not want busybox installed when building Dracut
ramdisks, so it can't be in the deploy-* elements.
Change-Id: I2656d20b466138f7f6dfcf558ba90c6909151d3c
This commit adds a new element named 'iso' to build a bootable
ISO image for the kernel/ramdisk emitted by the 'baremetal' or
'ramdisk' element.
Change-Id: I89d175a29e2d0bc64b47fe527f0d0f6875f6849a
During internal testing we are getting the following error from
merge-svc-map-files
File "/tmp/image.K2MYCphY/hooks/extra-data.d/10-merge-svc-map-files", line 54, in main
with open(data_path, 'r') as dataFile:
IOError: [Errno 21] Is a directory: '...diskimage-builder/elements/svc-map'
Somehow IMAGE_ELEMENT contains a extra white space that manifests itself
as an element without a name. It is very hard to find where this is coming from so
instead this patch makes merge-svc-map-files more robost to this situation
Change-Id: Id1500ead8a77d691408617dcdc4e095bc5775be8
The element builds dracut from source on Ubuntu because the
Ubuntu dracut package is broken and very old, so it can't be
installed properly and causes a number of other issues that
are fixed by using a newer version of Dracut.
This initial version should work in virtualized environments.
Further validation of its suitability for real baremetal
deployments will need to be done in the future, but this should
be sufficient to enable that work.
Regarding Dracut specifically, in order to limit the changes
needed in the existing scripts this element continues to use a
cut down version of the /init script that we were building for the
existing ramdisk. However, instead of running it as pid 0 it is
run as a Dracut pre-mount hook. This allows Dracut to set up all
of the hardware and system bits, while falling early enough in the
Dracut sequence to complete the deployment before Dracut would try
to boot off the hard disk.
bp tripleo-juno-dracut-ramdisks
Change-Id: I144c8993fe040169f440bd4f7a428fdbe3d745cf
This reverts commit 4bf38a829a.
This variable is pointless since we can always replace it with
/lib/systemd.
Commit I459f7514ab35082d31607968252a9005fa25de2a will fix the issue
in tripleo-image-elements.
Change-Id: I524badb6836a0d04a5f6e6a5b5d95920fd923ef6
We are autodetecting and configuring devices in dhcp-all-interfaces
so having one configured in /etc/network/interfaces by default
is redundant and slows boot down.
Change-Id: Ic4e8a0668c793d21ed2dd96908649c9a77264f67
Closes-Bug: #1239480
After being deprecated two releases ago, finally remove any reference
for the support of first-boot.d
Change-Id: I08d67404ef48cad61db3b18fb86e970abfa5d2b6
In our official image builds we are only allowed to use resources
that are "blessed" by the build system. This means that external
things like git repos and tar files are not allowed. Currently,
even in offline mode source-repositories expects those things to
be available in the cache, so we need a way to disable it entirely.
This change adds an environment variable NO_SOURCE_REPOSITORIES
that does so. It can be set in an environment.d script so elements
that might rely on a source repository will know it's not available.
The 02-lsb script in redhat-common is one such example and is
updated to handle this case.
Change-Id: I0de63bee6ad79733d6711478c707a9b41593e85f
This is the final released image; it is the same one deployed in many
cloud provers such as HP and AWS. It is also safe from all known
vulnerabilities up to its release
Change-Id: Ib8ba561662d2a98da55eb292b850dc019226dd59
Each distro had its own copy of the file, but they were all the
same and it's actually installed in redhat-common so it belongs
there.
Change-Id: Iad15f39fd28d1c4e20d30dcb2eb0ae6f2fa2b015
When uploading images to multiple clouds it is possible that the same
image will be needed in multiple formats to accomodate hypervisors
across clouds. Update disk-image-create's -t flag to take a list of
desired output image formats so that a single disk-image-create can
output all of the desired image formats.
Change-Id: If121b2342ae888855ba435aa3189f039e985b812
The centos7 images come with the base version of cloud-init already
installed.
---
$ virt-inspector CentOS-7-x86_64-GenericCloud-GA-7.0.1406_01.qcow2
...
<application>
<name>cloud-init</name>
<version>0.7.5</version>
<release>10.el7.centos.1</release>
<arch>x86_64</arch>
</application>
...
---
I think this is a hang-over from early rhel7 images that didn't have
it.
Change-Id: Idf488942222d9e6bca4d66f04f5af42e6707944d
instack runs this script on a system where epel has already been
installed, which causes the yum command to fail. Only installing
the epel-release rpm when it isn't already present addresses the
issue.
Change-Id: Ia179d7c7ed69ea5f785b5dcd16394c7663a145cc
rpm-distro element was trying to install bin programs into the
image but it doesn't provide any. Move that logic into the yum
element which provides the install-packages bin.
Change-Id: Id5339fc7ffbef6327fe41f50a3e39ab30b6d0320
disk-image-create processes a DIB_IMAGE_CACHE variable and exports it,
but there are several elements that ignore the value and wrote out
the base location themselves. Use the variable everywhere so that it
will get overridden everywhere.
Change-Id: I00fff354d6c931ad67cf3052d055f0e4604dfdc8
The way redhat-common's extract-image script was creating the base
tarball caused file capabilities to get dropped, which meant that
things like ping in RHEL 7 images was unusable for regular users.
This change adds the necessary options to the tar call to maintain
as many extended attributes as possible.
--acls and --selinux are intentionally omitted, and the selinux
xattrs are filtered out because all of those items cause issues
in our chroot environment. We restore selinux attributes at the
end of the build anyway so that shouldn't be a problem.
bz reference: https://bugzilla.redhat.com/show_bug.cgi?id=1144149
Change-Id: Ibff99ce9bde01bc5ecf95dc3a5d3e2cebe5015b9
EPEL 7 was released September 30. The beta release rpm was removed
from the repo and was replaced with the final release rpm.
Change-Id: I103a2f7abd7563869b9e39ccc1fbb3cfbd9ff6ae
In both of the changed files in this patch, the $DISTRO_NAME usage
is checking against "centos". The valid value for the centos7
element for $DISTRO_NAME is "centos7"[1].
[1] http://git.io/8IvuTw
Change-Id: I0c4a4b2ecf87c7a9283d10071f6feb494a6c716a
A sanity check that cache-url does the right thing when presented
with the appropriate curl return codes. This change brings in the
test code for scripts from tripleo-image-elements, which needs to
be factored out into a place both projects can use it.
I'm stubbing out curl so we don't have a dep on curl in our unit
tests, and because I've seen some strange behavior out of curl in
the gate that caused random failures in this test.
Change-Id: I31e6b06b45415feec7285511d07e65eb78d0d045
The openstack-selinux package contains policy updates for OpenStack.
Updates are accrued in openstack-selinux before they are merged into
the upstream selinux-policy package.
Change-Id: I7c00e5cae17489202fe7aee3e656fca27ab630ba
As some finalise steps can install packages we need to generate the
dpkg manifest after that has occurred.
Change-Id: I2177db2e64d4d9c21deeac7cf017919888a2d524
Per [1], our current root label of cloudimg-root does not work with
XFS because XFS only allows 12 character labels. This change
addresses that by allowing a custom rootfs label to be specified
in the call to disk-image-create. There should be no backwards
compatibility concerns as the default label is unchanged. Any
external elements dealing with the label would need to be updated
to support this new feature, but should continue to work as before
as long as a custom label is not specified.
[1]: https://bugzilla.redhat.com/show_bug.cgi?id=1139584
Change-Id: I596104d1a63b5dc6549e8460a1ae3da00165ef04
Adds a new svc-map element which can be used to install
services based on an in element 'svc-map' YAML config
file format.
This change is intended to decouple elements from DIB
and allow new elements to support multiple distributions
(with various service naming schemes) without having to
constantly maintain DIB's various bin/map-services files.
This patch ensures all of the YAML files are compiled into
a single file without namespaces. The YAML compilation
process occurs during image creation time and errors if
conflicting mappings are found.
Change-Id: Id11433ea342aace71a358936a7ca3151ec11d506
In preparation for enabling Dracut-based ramdisks, this change
factors out functionality that is common to both busybox and Dracut
ramdisks. Said functionality is moved to a ramdisk-base element
which is added as a dependency of the ramdisk element. ramdisk now
only contains the functionality specific to building busybox-based
ramdisks.
bp tripleo-juno-dracut-ramdisks
Change-Id: Iad2907c8be491c88727d87ed5e5a720e5beb66c3
This patch adds a new EPEL element for use with EL-based distros
in accordance with the official docs[1]. This patch also
modifies the rhel7 element to not use the hard-coded repo file.
[1] https://fedoraproject.org/wiki/EPEL
Change-Id: Ib2fa24b2d519837271a0e213a2dc5a012cc31f3c
Update to newer Centos7 images as announced at [1].
Changes included:
* update to GA image
* respect TMP_DIR for image working directory
* use suffix-match rather than prefix-match to build RAW_IMAGE name
to be more robust against weird names
* partition layout work-arounds not needed any-more, all one
partition.
Resulting image booted locally with kvm and virtualbox (after
conversion to vdi)
[1] https://www.redhat.com/archives/rdo-list/2014-August/msg00045.html
Closes-Bug: #1363146
Change-Id: Ie24033468b78587ea87188ee1b843b26895798ff
Adds binaries specified by user to chroot environment
allowing to build images on amd64,i386,armhf,arm64
architectures.
Closes-Bug: #1332458
Change-Id: If6e63a472ee85559b93b5e6b96d9c3ddcf7bcc98
Due to changes in centos7 element to use package-installs the order
of yum-repos in pre-install.d needs to be changed, to make yum repos
available before package-installs is called to install packages.
Change-Id: I47b584506465d90247f30bad515a32323e52180e
When running inside a Docker container, we cannot rely on devices in
/dev/mapper to be automagically created by udev, because we probably
don't have a udev at all. To work around this, run dmsetup mknodes
after every kpartx run.
Change-Id: If7e30579224ce54c5ed26d08974d8293c144719a
15-pip-manifests depends on the variables defined by the manifests
element, so we need to run this one earlier. I would have thought things
were alpha sorted after the numerical sort...but I just ran into this,
so apparently not.
Change-Id: Ifedf544222b5a8eb7630efda609eb6a5b9629de3
When using the yum element, we should reset the changes we've made to
/etc/yum.conf during post-install.d. Otherwise, this build time
configuration is propagated into booted instances.
Change-Id: I1eea586ca0fefe9bc0cf91fedefcbd141a536fa2
deploy-ironic element currently retrieves token over tftp and
expects BOOT_IP_ADDRESS to be set. This commit adds support for
retrieving token file from virtual media if node booted from
virtual media. Also corrects the issue for BOOT_IP_ADDRESS not set
for virtual media boot.
Change-Id: I3d5f1779b9b17842360860c7778baa01db1e1a52
Closes-Bug: #1356339
Add "-e" option to remove packages. This is needed for
elements/package-installs/bin/package-uninstalls which calls
"install-packages -e".
Change-Id: I673942f505d5278e6015324950f6e1455ba50805
Updates additional elements in diskimage-builder to use the declarative
package install support provided by the package-installs element.
package-installs does not yet support the pkg-map functionality, so
elements using pkg-map are not migrated. That support will come in the
near future.
Change-Id: I3d36adad317ba44326eabd95243d45807e2a8a16
While building images in a dual boot host,
/dev/sda is leaking into build's grub config.
It is visible in the logs that the commands
GRUB-INSTALL and GRUB-MKCONFIG probes Host OS environment.
This is avoided by setting grub_disable_os_prober
to true in /default/grub config file.
Change-Id: I7408de7b3bc8a62f8bf103f00a88a596f988353c
Closes-Bug: 1166491
Use the latest available version of the rootfs (instead of a qcow2
image) to simplify rootfs extraction.
Change-Id: Ic3a646b923738464b5217d799758b6980b2deaf2
The previous method only configured serial console for Ubuntu or
Fedora, I noticed this wasn't working when I built RedHat 7.
After reading about how grub-mkconfig works, I realized that we
shouldn't be using sed to modify grub.cfg, and set up the proper
variables in /etc/default/grub
Change-Id: I02b73dc5074cb48a716849cb8a8a9b2f054bea31