The debian-minimal element creates /etc/apt/sources.list solely with
the 'main' component. I need to add 'non-free' and 'contribs'. I tried
to pass them via DIB_DEBIAN_COMPONENTS but it is not recognized.
Make debian-minimal to honor DIB_DEBIAN_COMPONENTS. Note that it is
comma separated for 'debootstrap', so replace commas with spaces to fit
the needs of sources.list.
Example usage:
DIB_DEBIAN_COMPONENTS='main,non-free,contrib'
Will debootstrap with the three components then when debian-minimal is
realized pre install a sources.list that has:
deb http://example.org/debian jessie main contrib non-free
Change-Id: I1dca2e8ffd31044a6b441ccb277298601e62f67c
Gentoo provides eclean-dist via the gentoolkit package
eclean-dist isn't needed anyway was /usr/portage is removed anyway
Removed redundant package update in cleanup.
Change-Id: Icf4f9ed549b9a6d923448d927d7c42bcf8d6091b
This action has been reordered so cleanup can occur before copy to blockdev
occurs. Documentation has been added about the ordering of this element in
relation to cleanup actions as well.
Change-Id: I3f9334a3669ee588d7fa7129202c97fa22fdb050
While it does save 1MiB of space, it might also pull python packages
depending on it. E.g. it makes impossible to install python-hardware
on the IPA image for advanced introspection.
Change-Id: Iab80dde63e6de62a5e45dcf404b4f9f633e50ac3
We were getting some subtle issues in fedora-minimal builds that
turned out to be because /var/run was not a symlink to /run.
Upon further investigation, it turns out that yum is creating a
/var/run directory for it's pid file when it starts working in the
empty chroot (which I verified by stracing it)
---
5905 stat("/home/ubuntu/tmp/dib-tmp/image.Ac4VZZsl/mnt/var/run", 0x7ffddffa0330) = -1 ENOENT (No such file or directory)
5905 mkdir("/home/ubuntu/tmp/dib-tmp/image.Ac4VZZsl/mnt/var/run", 0755) = 0
5905 open("/home/ubuntu/tmp/dib-tmp/image.Ac4VZZsl/mnt/var/run/yum.pid", O_WRONLY|O_CREAT|O_EXCL, 0644) = 6
---
Because this happens *before* we install "filesystem" (the package),
we mess up it's symlinking.
To work-around this, pre-install the trio of base packages (setup,
basesystem, filesystem) with rpm from outside the chroot.
Change-Id: I411b6ec9d91d95d3a0f98e76853086af3b70abe8
The Ubuntu Xenial cloud server images set the mode of
/var/lib/apt/lists/partial to 700, so when mounted it's inaccessible to
an unprivileged user, resulting in an error:
find: `/tmp/image.aDQKdkRi/mnt/var/lib/apt/lists/partial': Permission denied
There's no reason an image should come with anything already in
/var/lib/apt/lists/partial, so just avoid trying to descend into that
directory when fixing the apt translations packages.
Change-Id: Id27f0166bfb09d67200f337a5ffff2f2037b7c1c
This is a slight refactor I found useful when debugging. The
udevadmin info query will be visbile in the output of "set -x" which
helps, and is the logs/journal.
We can also reduce some calls by keeping the value and just grepping
with a herefile.
This also does some error checking and bails out if it does not see
what it needs to continue.
Change-Id: I39c4d262f9c5ce53f6b83d95b1363a74834cf2c8
Tucked away in systemd-udev-settle.service is the following comment
# This service can dynamically be pulled-in by legacy services which
# cannot reliably cope with dynamic device configurations, and
# wrongfully expect a populated /dev during bootup.
The info that the growroot script is querying is populated via udev,
particularly the blkid bits of [1]. This creates a race-condition
where sometimes udev has been triggered and the rules have applied and
sometimes not. Obviously in the first case, the root disk is not
grown correctly.
systemd-udev-settle is mostly disabled on distros because it can cause
an increase in boot-time for systems with lots of disks; this is not
our situation so it makes basically no difference.
That said, I will investigate if some systemd people know even better
ways to do this (possibly the service should depend on block .device
targets in systemd, and then filter out and only apply to the root
disk?)
[1] https://github.com/systemd/systemd/blob/master/rules/60-persistent-storage.rules#L66
Change-Id: I453e3afcd953dfc29ab6c42ddc81e940cfa70ee0
A TODO was placed on the partitioning section of the vm element to
replace sfdisk with a saner (and less arcane) way of partitioning. It
suggested parted for replacement. This changeset should reproduce the
same disk label and partition layout as sfdisk, but with less ioctl
errors and version dependency. It will also ensure partition alignment.
Change-Id: I5d8d75131458b73bfb05f80f1bfa7e2970e004b3
We currently install pip from package in the simple-init element.
We should really allow users to select whether to install pip from
git or package.
Change-Id: Ia5e62b9635af90d81227274a1dd8f20474cdbf73
As described in the comment, there is a dnf equivalent of this command
that doesn't require us installing yum-utils (which drags in yum on
dnf-only systems such as f23)
This is a small consequence to this -- due to us not installing
yum-utils some installs will now be completely yum free. This causes
a breakage in ironic-agent 99-remove-extra-packages where we remove
the yum package. There is a long-standing bug/feature where missing
packages in a group of packages do not cause yum/dnf to exit with
failure, but uninstalling a single package will. Because we have made
the systems yum-free, the uninstall of yum can fail in this corner
case.
It has always been like this, so I'm in favour of the "ain't broke"
approach. To work-around this, I have just put yum into the existing
list of packages to be cleaned up. I have added a note to the yum
installer taking note of this behaviour for future reference.
Change-Id: I8bbdc07ccdb89a105b4fc70d5a215077c42fcd03
InfiniBand interface takes more time to bring up then
Ethernet interface. This patch just increase the retries
to 20 times, to make it work for InfiniBand as well.
Change-Id: I5c4842696207885552413ea2d053f2e90bd6803c
Adds a post-install function that enables installed initscripts,
as that is not done by default in gentoo.
Change-Id: I04e8d506ddcbefa8a983dd31ad16df5e13cb26e7
Closes-Bug: 1539276
This checks the profile, if it has hardened in it's name it needs xattr support
unfortunately xattr support cannot yet be relied on everywhere, so it needs to
be disabled for hardened profile builds to correctly pax-mark.
Change-Id: I7fb855249a9e6c9b6497ab5061b4ea3c014f5081
Closes-Bug: 1537177
Due to upstream bug [1] there are uninstallable packages which mean
our functional tests don't work. We will revert this when things are
working upstream.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1303660
Change-Id: I93c2990472e88ab3e5ff14db56b4ff1b4dd965ef
subprocess.check_call() returns a byte-string which needs to be turned
into a unicode string for python3 compatability.
Also some minor refactoring while we're here.
Closes-Bug: 1536462
Change-Id: Icd957bc4d93ccad94b1246ad62e6e02ee14d9ca5
Add missing growroot initscript and pkg-map entries for Gentoo.
growpart was added to Gentoo with [1]
Update the readme to reflect reality too (fedora added with
I5630dc638f85b1e80795826ef36a306632075460)
[1] https://packages.gentoo.org/packages/sys-fs/growpart
Closes-Bug: #1539273
Change-Id: I29056c7297489ec04f37757dbe33976901eceb49
As mentioned in package-installs.yaml, git is a transitive dependency
for pbr in this element. Add pkg-map for the Gentoo package.
Change-Id: I7f2fe1663152ea66b941594e86f1da93ddd21677
Closes-Bug: 1539278
Our dib-lint checking is only considering scripts with #!/bin/bash.
While there's nothing really wrong with some other shebang line like
"#!/usr/bin/env bash" let's keep things consistent.
We can use the same regex match to reduce a few forks in the main
checking.
Also a minor cleanup to the file matching
Change-Id: I609721b2671e704ea26075dad7e5b39a8b858f6b
'locales' package gets installed before '12-debian-locale-gen' is executed
and generates effectively empty /etc/locales.gen in debian, which makes
dpkg-reconfigure call to locales ignore the values set by
debconf-set-selections.
* Remove /etc/locale.gen generated by 'locales' installation to ensure
proper locales generation on debian images
* Remove 'locales-all' package installation from debian element since
it's not needed anymore to build the image and cosnumes additional
~120MB of space
* Remove unused 'package-installs' dependency from debian-minimal
element
Change-Id: Ic39ba2b5ceb5018efb75742547b2babf80827e56
Closes-Bug: #1452400
Add systemd/fedora support to growroot element. This involves
installing the correct packages, shipping the systemd service file and
ensuring it is enabled.
Note the required growfs/resize packages for Ubuntu/Debian are
installed in other places. This is probably a bug in that path, but I
have not addressed that here.
I have tested this with a F23 build with all openstack-infra elements,
uploaded to RAX, and it boots and resizes the main file-system.
Change-Id: I5630dc638f85b1e80795826ef36a306632075460
The undercloud actually has dib run twice on it - once to create
the instack image, and again when we run instack itself. The
first run creates the dib-python symlink, and the second blows up
because the link already exists. Force the link creation so the
script is idempotent.
Change-Id: I78f9e6f5afcf8ebe6d7911a7a434525ba7c737cf
This is to aid with Fedora packaging, since rpmlint complains about
including empty files.
Change-Id: I4ad867cd21304880a571e46805ab56044542400c
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
The bootloader element lacks the mapping for grub-pc and extlinux
This adds it.
Change-Id: Ic7b82903f02faaab143d2bd682876bf4853fd90d
Closes-Bug: 1534387
While the patch looks sane and the change worked locally,
it has broke the ironic-inspector gate. As we're close
to deprecating the DIB ramdisk in favor of IPA, I suggest
reverting it.
This reverts commit 802f14862c.
Change-Id: I0525e545cb2fe8ce184312a2f9bbe3763904f61a
Closes-Bug: #1534648
As you can see in the CI failures for
Ib11b9df84b593ab25232729a570c812f1b4b8774, you can not see what file
is causing the problems when the parser fails. Add a print, but raise
the error as it contains the cause.
Change-Id: I127ff7d57d2d898969195464c6e774d496e872e6
Our bootloader install fails on non-gentoo builds due to missing pkg-map
for grub-pc. This map should really live in the bootloader element, so
move it there and fill it out.
Change-Id: Ib11b9df84b593ab25232729a570c812f1b4b8774
uses upstream's stage4 images, includes all the needed bells and
whistles for openstack on kvm.
Change-Id: Ibca43173c30c2a74a73a2e2d9dd6d6d832c62694
Closes-Bug: 1530911
Hardcoding subscription-manager to use rhel-7-server-rpms causes
users building rhel6 with Satellite6 to fail. This setting cannot
be overridden with environment variables, therefore needs to be
smarter. Setting RHEL_MAJ_VER in the rhel/rhel7 environment fixes.
Change-Id: Ifbd88bc76ef8b38a739272ba6e045a12849d68df
Closes-Bug: 1404364
This patch is fixing a syntax error in the 70-ironic-root-device init
script for the deploy-ironic element.
Change-Id: I767486ca5893605720fba41bee3af72725a26377
Closes-Bug: #1531835
This element allows installation of pip and virtualenv from either
distro packages or git.
Change-Id: Id294f0936c8fef8a3b27a415bfcc93b3f327e104
Depends-On: I731cc8a0f5bfeda8f17a78c33b9f44062323a361
Use dib-python to run package-installs using the provided python
version. Automatically detect the python version for our
package-installs-squash since that runs outside the chroot.
Change-Id: I926022bcf8cbcd81b051026ffd5d6477650045ad
Fedora has changed the location of epel, shorting the link
from 'download.fedoraproject.org' to 'dl.fedoraproject.org'.
This change updates the epel mirror to prevent it from timing
out.
Change-Id: I87090282a2f5f757495daec6ad14123b436b1aa0
This fix uses dmidecode and awk to simply multiply by 1024 when
the value is represented in GB, otherwise it returns the given
value. I should note that I've only observered this occurence
on "some" SuperMicro Hardware
Closes-Bug: #1486689
Change-Id: I352b1891326f72af3a56c7bbe8b7f3c422169404
Install selinux policy packages as part of the base-installs. selinux
is part of the base-system and the kernel boots by default in selinux
mode.
Without both of these, we can get in a situation where later scripts
(particuarly, some of the infra scripts) might install systemd-policy
without a base policy (targeted), leading to a messed up situation
where systemd will halt during boot due to missing policy files.
Change-Id: I6bf156304d1134fb328fba9b12dc364701b13696
Add an environment variable to control the creation of eth0/1
interface enablement scripts.
With a tool such as glean, the presence of these scripts will indicate
the interface is configured and configuration-drive settings will not
be applied. This means in a non-dhcp situation like on Rackspace,
network is broken.
On Fedora, where later systemd provides "predictable network interface
names" [1] eth0 & eth1 ironically aren't predictable so this just
confuses things. You really need cloud-init or glean or something to
bring up your interfaces in a sane fashion.
This maintains the status-quo on centos-minimal, but disables creation
for fedora-minimal.
[1] http://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/
Change-Id: I3f1ffeb6de3b1f952292a144efab9554f7f99a5f
As described in the comment, systemd will create a broken
/etc/resolv.conf link if there is no file in the base-image (as you
can read in the bug, it is debated if this is a bug or a feature).
The solution is to leave a dummy /etc/resolv.conf file in the image.
Whatever network manager you choose (NetworkManager, glean,
cloud-config, etc) will overwrite this anyway.
It's just that some tools, such as dhclient, get confused with the
broken symlink. This affects you if you're using glean to configure
the network in a DHCP situation, for example -- dhclient won't
configure nameservers and everything goes to heck.
Change-Id: I734834d03e7fdb13f9ab2e86f877b07bf4a84ff9
We are incorrectly detecting major/minor device numbers for the growroot
rootfs. This can also be simplified by querying udev for partition
information.
Change-Id: I68059bf11f2563872f6b4d0e23fa09a15de980a8
The detection logic in pkg-map for DIB_DEBUG_TRACE assumes that this
variable being unset means tracing is on, when in fact this means
tracing is off.
Change-Id: I584a634c57bbe03e26a6ee94cef473e634616885
In order to add more flexibility to the vm and bootloader
elements, split the functionality in two different ones, and
make vm depend on bootloader element.
This will allow to construct more elements that depend on
bootloader, and develop both elements independently.
Change-Id: Iad2503b7b8fe53b768a3bc79e4cb839700fbd747
This element enables creation of Ubuntu deploy ramdisk and
user images which could be used to deploy the HP Proliant
Servers with Dynamic Smart Array Controllers. Without this driver
the disk with the Dynamic Smart Array Controller is
not visible to the ramdisk.
Closes bug: #1492803
Change-Id: Ibb3b298cd379cd7333279484df6ae30e9d7f6aaa
Creating an element which we can use in #! lines to refer to either
python2 or python3 depending on what it available.
Change-Id: Ic47e18ad21c33ab9f0d11c04260a33725aeee814
The modprobe utility is required by the rtslib package (iSCSI Linux-IO).
It will also be required for inspection.
Change-Id: I6760c86160d1ceba45aedde62597a711bcb4543d
Vlan support was recently added to glean. However, if the 8021q module
is not loaded, glean will fail to bring up a tagged interfaced defined
in /etc/network/interfaces.d/. Manually attempting to bring up the
interface results in an error[1]. This patch ensures that the 8021q
module is loaded so that tagged interfaces can be brought up at boot.
[1] http://paste.openstack.org/show/480027/
Change-Id: I15d805c07d4b5e1161d831f0393d027e4325137f
Since we are modifing SSH keys, it should be safe to assume
openssh-server should be installed too.
Change-Id: I17ff05642bb2f0868d4c17819cd91b179068399a
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
When build ubuntu iso image, it will install grub-efi-amd64-signed
and grub-efi-amd64 packages. Both of the postinst script will try
to find root device and install grub which will definitely fail in
such a chroot environment.
So the workaround is to skip error and remove postinst script.
And confirm the package be installed successfully at last.
Change-Id: Ie0aecb212b22362046db55b5ad8c64c3211c28e5
Closes-Bug: #1491280
Co-Authored-By: Jane.zhang <jian.zhang8@hpe.com>
As described in the comments, CentOS overrides the "distroverpkg"
variable in yum.conf. This is the package that yum queries to
establish the value of the $releasever variable. On other platforms,
this defaults to "redhat-release" (which "fedora-release" provides) so
everything works. It is only when the base-system "distroverpkg"
refers to a package not in the chroot we hit the issue.
We can avoid this by setting the releasever variable via the
commandline.
Change-Id: I231c3277960992cd479b8aff7838f246397936f2
This patch is a follow up patch fixing some nits left by the review
25d3ee5471.
It does:
* Fix the README file to say that the password *must* be encrypted and
the option values *must* be quoted
* Adds Type=oneshot in the upstart service config file so that upstart
will not try to restart the service over and over.
* Enable setu, sete and setpipefail in the dynamic-login script
Change-Id: Iee5d75daef24469ccf47ca12de6ead37bf9d8d6f
Allow a user to override the username on where .ssh/authorized_keys is
installed.
Change-Id: I030d5a89260aed8b23a35c4cdc2d67629934b076
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
I recently built a ramdisk for IPA and was confused by
the fact that the source-repositories name did not
match the element name. (this is a convention,
confusing when they don't match but certainly not
required).
This patch makes it so you can use DIB_REPOREF_ironic_agent to
customize the IPA ramdisk sources when building ramdisks.
For backwards compat if DIB_REPOREF_agent is set it automatically
sets the new DIB_REPOREF_ironic_agent to that value as well.
Change-Id: I082d989d0d85601f5984dc7c3767b8d66a3d5438
Troubleshooting an image can be quite hard, specially if you can not get
a prompt you can enter commands to find out what went wrong. By default,
the images (specially ramdisks) doesn't have any SSH key or password for
any user. Of course one could use the ``devuser`` element to generate
an image with SSH keys and user/password in the image but that would be
a massive security hole and very it's discouraged to run in production
with a ramdisk like that.
This commit is adding a new element called dynamic-login, which inserts
a helper script into the image to allow operators to inject a SSH key
and/or change the root password dynamically when it boots via parameters
in the kernel command line.
Those parameters are:
sshkey = If the operator append sshkey="$PUBLIC_SSH_KEY" to the kernel
command line on boot, the helper script will append this key to the root
user authorized_keys.
rootpwd = If the operator append rootpwd="$ENCRYPTED_PASSWORD" to the
kernel command line on boot, the helper script will set the root password
to the one specified by this option. Note that this password should be
an encrypted password.
Change-Id: I6b87a1b90163d79745f30dfacd37516051fa0aea
When the kernel gets installed on Fedora, the rpm post scripts call
"/bin/kernel-install" [1] to install it. This is a script provided by
systemd.
However, in [2], Fedora ships a patch to kernel-install that makes a
call-out to /sbin/new-kernel-pkg -- the install script provided by
grubby [3]
Without grubby installed, systemd's kernel-install script goes off and
runs dracut plugins directly [4], which eventually creates the initrd.
For reasons that are not clearly explained, the initrd will end up in
a a "machine-id" sub-directory of /boot (possibly, so you can symlink
it?). It is also called "initrd", even though it's an initramfs, for
historical reasons in dracut I think.
It is at this point that I think 99-ramdisk has been written to move
the generated initrd file back into /boot. Later on, when we build
the image, we run grub-install and it picks up the kernel and the
initrd and installs everything.
grubby's new-kernel-pkg [6] it's very similar -- it uses dracut to
make the initramfs ... but in this case it is put in /boot and is
actually called initramfs.
The subtle change that led me down this path is that dracut has been
modified to have a "Recommends" for grubby for >F22 [7]. After
discussing this change with the author, it turns out it was *always*
intended to use the grubby-based kernel install scripts for Fedora --
our builds have been incorrect in not including the package. The
author got sick of people removing the package and making unbootable
systems, hence the change.
Thus this removes the workarounds in 99-ramdisk and replace it with an
install of the grubby package. grubby's kernel install script will
put the kernel & generated initramfs in /boot, and it will be
installed correctly via the usual grub install later when we build the
disk image.
I have built F22 & F23 fedora-minimal images with this and they boot.
[1] http://pkgs.fedoraproject.org/cgit/kernel.git/tree/kernel.spec#n1832
[2] http://pkgs.fedoraproject.org/cgit/systemd.git/tree/kernel-install-grubby.patch
[3] http://linux.die.net/man/8/new-kernel-pkg
[4] https://github.com/haraldh/dracut/blob/master/50-dracut.install
[5] 81516adcb7
[6] https://github.com/rhinstaller/grubby/blob/master/new-kernel-pkg
[7] 47ff68e78b
Change-Id: I1a6e45d04755515286b3d49f8280c16b527e2f48
This package seems to be broken and isnt useful for recent releases
(where the rootfs can be resized online). Therefore this should be
optional so people can use things like the growroot element.
Change-Id: I6e3c8d095d9fc188094f3b8811f06be0847ef08c
This patch is extending the root device hints to also look at
ID_WWN_WITH_EXTENSION and ID_WWN_VENDOR_EXTENSION from udev.
Prior to this patch the bash ramdisk only cared about ID_WWN but in some
systems in some platforms with a RAID controller, this ID can be same
even if they are different disks (see bug 1516641).
Related-Bug: #1516641
Change-Id: I45b3910d03d164d880b32169b91e94e88812e183
On Debian/Ubuntu installs of RPM, /usr/lib/rpm/macros sets
%_dbpath %(echo $HOME/.rpmdb)
which makes quite a bit of sense, because RPM is not the system
packager and thus RPM is setup to install things into a hierarchy in
the users homedir.
However, this messes things up when building a Fedora chroot on an
Ubuntu platform.
We use RPM & yum from the base-system to bootstrap the Fedora chroot.
While both obey --root flags, they still pick up the %_dbpath macro
and so end up creating the RPM database in <chroot>/home/user/.rpmdb
After we have bootstrapped yum/dnf, we execute further installation
commands from inside the chroot -- where we now have the Fedora
version of /usr/lib/rpm/macros and hence have _dbpath set to
/var/lib/rpm -- except there is no rpm database there.
Should anyone be finding this in the future, the actual issue that
appears is
$ sudo chroot /opt/dib_tmp/image.b6B5S3f6/mnt dnf makecache
Error: Failed to synchronize cache for repo 'fedora' from \
'https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=x86_64': \
Cannot prepare internal mirrorlist: file "repomd.xml" was not found in metalink
Note the issue there is that $releasever is not expanded, because the
rpmdb where this info is kept is not populated.
The trick is to make sure we override this value when using the host
rpm/yum to setup the chroot. The bare rpm calls, which we use to
install the repos, have a --dbpath argument where we can override
this. yum does not however, so we override this in the global
~/.rpmmacros while we are installing the packaging tools and
dependencies into the chroot.
Copious comments are included, because this is super-confusing.
Change-Id: I20801150ea02d1c64f118eb969fb2aec473476f7
This new element installs hpssacli utility (for configuring
RAID) and installs proliantutils python module (which has
ironic-python-agent hardware manager for HP ProLiant hardware).
This module also exposes a new environment variable DIB_HPSSACLI_URL
which allows operator to pass a custom HTTP(S) URL for RPM of hpssacli
utility.
NOTE: This module currently supports only installing from source.
Change-Id: I0494e3db623fdd7ea9182ffba21c0652aaad113c
fedora-minimal fails to build on Ubuntu Trusty due do being unable to
find the initrd (see Id4c04d7ae20068643df34d2fa31068e8a917a52d).
This is a rather obscure problem that comes from the intersection of
several things.
The first thing to note is that the post-install scripts of the
kernel-core package use kernel-install [1]. For whatever reason, this
installs the kernel to /boot/MACHINE-ID/KERNEL-VERSION
MACHINE-ID comes from /etc/machine-id; a UUID that should have been
created by the systemd post-inst scripts with systemd-machine-id-setup
[2].
The chroot environment provided for root.d elements has no kernel
file-systems like /proc or /dev mounted. This is where differences in
the base-system come into play -- on more recent systems that
implement getrandom() systemd does not need /dev/urandom to generate
the machine-id [3]; we get a value and /etc/machine-id is populated.
On older platforms (Trusty), systemd-machine-id-setup fails (unable to
access /dev/urandom) and we end up with a blank /etc/machine-id. This
ends up making kernel-install (the script) fail during yum's
installation of kernel-core, which means the initrd is not installed
correctly.
We end up bailing out in fedora-minimal/install.d/99-ramdisk, where we
try to put the installed ramdisk in /boot for the later grub install
scripts to find.
The solution here is to mount the standard kernel file-systems within
the chroot before we try installing.
[1] http://www.freedesktop.org/software/systemd/man/kernel-install.html
[2] http://www.freedesktop.org/software/systemd/man/systemd-machine-id-setup.html
[3] https://github.com/systemd/systemd/blob/master/src/basic/random-util.c
Change-Id: Ibcce35da928f64e6a719b070bcc833346ee7ee92
Clarify what this script is doing. It currently fails on some
platforms due to earlier errors, see
Ibcce35da928f64e6a719b070bcc833346ee7ee92
Change-Id: Id4c04d7ae20068643df34d2fa31068e8a917a52d
The check suffered from various flaws.
First, due to missing quotes around $initrd, 'wc -l' would always see
1 line no matter how many results the find returned.
Second, echo adds a line break making 'wc -l' count 1 even for empty
string. We need to add a check for empty string.
Change-Id: Ib2c67960f566dbdc471d9585a4cef1beb1cc38ab
Closes-Bug: #1506692
5af25b5f fixed the hostname of Debian images to "debian" since a lack of
hostname definition set the hostname to "(None)".
It has been done by introducing /etc/cloud/cloud.cfg.d/01_hostname.cfg
with content:
hostname: debian
Review supposed the hostname would be overriden by cloud meta-data. That
might have stand true for Wheezy but it is not the case for Jessie.
cloud-init 0.7.6 ignores cloud metadata whenever "hostname" or "fqdn"
are set in a config file. Roughly:
# no fqdn set, get fqdn from cloud
# get hostname from cfg if available otherwise cloud
fqdn = cloud.get_hostname(fqdn=True)
if "hostname" in cfg:
# hashar: set from config file NOT cloud
hostname = cfg['hostname']
else:
# fallback to cloud
hostname = cloud.get_hostname()
Relevant code is
https://github.com/number5/cloud-init/blob/0.7.6/cloudinit/util.py#L839-L860
Only inject "hostname: debian" for the Wheezy release.
Bug: https://phabricator.wikimedia.org/T117283
Change-Id: I6e2522bd725cbf9651f11c76ecdc72ecbc92f402
Previously all files in /root were ignored when building the
ironic-agent ramdisk. This prevented for example to use the
local-config element to connect to the ramdisk via ssh as root user.
This commit change the exclude rule on /root to only ignore the
/root/.cache directory.
Change-Id: I18d839e8d97636f5f2164ba407f252407d9bc956
Closes-Bug: #1451668
yum-minimal/root.d/08-yum-chroot runs before yum/root.d/50-yum-cache,
and thus if run on a completely fresh system will fail in
08-yum-chroot as the YUM_CACHE directory isn't made.
This is probably hidden by testing & nodepool builds, because it sets
DIB_IMAGE_CACHE. It was hidden from me because locally I have done
builds using the "yum" element previously, which had created the
cache.
Change-Id: I333f5f7e67d198f75a522cc296c118c2e94a5ecb
download.fedoraproject.org uses dns round robin and occasionally
hits a bad server. Using DIB_EPEL_MIRROR when finding the
epel-release package will allow us to avoid it e.g. in ci.
Change-Id: I756223b3e669532476663c05e79c238449b8a0db
Xen paravirtualised disks (supported by most modern kernels) have the
"xvd" prefix (e.g. xvda0). The functions to strip partitions need to
match on Xen PV disks otherwise the device name is discarded.
Change-Id: I5539d2afba3fae30d1ddb49dcbf077113d38bbf7
Closes-Bug: #1498576
Grub fails to install the bootloader due to it being on the root
partition of a block device. This is not actually a problem for us, so
we need to force it to succeed.
Change-Id: I335ef04ca8a8a8a5c242d3444b09bcce0a9f51e7
Without this patch, the devuser element attempts to find public keys by
iterating over the string "rsa dsa". When two keys are grouped together
in quotes, a bash for loop treats it as a single key. You can see the
issue this causes when debug output is turned on:
+ for fmt in '"rsa dsa"'
+ '[' -f '/home/krinkle/.ssh/id_rsa dsa.pub' ']'
This is not a reasonably named key to look for, so this patch removes
the quotes so that the loop will look for id_rsa.pub and id_dsa.pub
separately.
Change-Id: I0b5b1abd14013de85d90e76a95918a8071a5e013
Make sure we reset the yum/dnf cache to /var/cache/${YUM}, not just
/var/cache/yum
This was resulting in the F22 fedora-minimal image being larger than
the base-image. Because F22 fedora-minimal does some installs with
dnf when bootstrapping the chroot before we set "cachedir=" to the
bind-mounted external cache, we have "/var/cache/dnf" created and and
populated with the package meta-data, etc.
When we globally point dnf to /var/cache/yum here, we effectively
orphan the /var/cache/dnf created in those first steps. dnf doesn't
care, but we end up with two copies of all the package metadata, etc
in "/var/cache/dnf" & "/var/cache/yum".
This also cleans up the sed a bit, by just replacing the lines.
Change-Id: Icc98fe30c34cb941aed4b987647ab67ac34af15a
I'm not sure why we try to do an extra install of these, it is done
inside the chroot in _install_repos. Currently it just gets skipped
saying the packages are already installed.
Change-Id: Ic7aa8cbe13e4347b447e84bb9c12483a4e125228
Add basic F22/dnf support to yum-minimal path. We extract common
code, add some comments and reduce duplication.
Change-Id: If4bd5f88e26bd6f2168958f1ec1efff1072de7ba
Evidently the readme file hasn't been updated since rhel7 finished
beta, so this is long overdue.
In addition, since it's not possible to download the base image
file directly, let's stop pretending we can and bail out if the user
didn't set the necessary env vars.
Also updated the README to use the new table format instead of free text
Co-Authored-By: Augustina Ragwitz <aragwitz+lp@pobox.com>
Change-Id: Ie8343ee2ce1715583c28de7f59daed7e58c8ca0f
Move yum-based install into a function, to make way for a second
related function where use dnf later
Change-Id: Iad09f3753ecdfa0c10cb8a0970a3c8e5a2dccab1
Find doesn't like listings disappearing while its trying to find them,
in this case if a PID directory disappears while find is running. Using
-xdev prevents find from going into ./proc and as a side effect /dev
will also be avoided which is mounted on boot so not needed either.
Change-Id: Iaa282e58d81d533ad4445da0a44200dd14bf0850
Closes-bug: #1502142
Reorder the script number of 'elements/dkms/post-install.d/99-dkms'
to 'elements/dkms/post-install.d/97-dkms' to ensure that
it will always get executed before the
'elements/ramdisk/post-install.d/99-build-ramdisk'. This
would make sure that the DKMS module is there in the ramdisk.
Closes bug: #1492904
Change-Id: I2145d0ac29646335f76745a7678d169a62f13d44
Traversing the /proc filesystem causes find to error if it changes
while its being searched.
We have had a lot of ci failures on this find command since it was
added in Ibe40e6b8b884f37e3b5aeab6e7654593bcd63123
Change-Id: Ia8cfc923cce749a69d5108e588db2360238d866c
Closes-Bug: #1501949
Otherwise on rebuilding the agent the following error is produced:
failed to create hard link /home/stack/ironic-agent.vmlinuz
and the vmlinuz file is not updated.
Change-Id: I2015da889c932a854727235b1e34256a28e9eac6
Always no quotes for $() statement.
We don't need quotes to hold blanks in result:
# i=$(echo 1 2 3)
# echo $i
1 2 3
#
These quotes can make something wrong in some case:
# i=$(echo '!')
#
# i="$(echo '!')"
-bash: !: event not found
#
No real problem for current code, only to use a better code style.
Change-Id: I5909636bdc8de3d44a305d033c8c892af446acf3
Signed-off-by: Zhao Lei <zhaolei@cn.fujitsu.com>
When a ubuntu/IPA ramdisk is used to boot a baremetal machine with
ironic agent-ilo driver, it fails at the point of mounting /proc
and /sys. After the vmlinuz(kernel) is started and it tries to
load the partitions on ramdisk. It need the directory of "/sys"
and "/proc" to mount the corresponding filesystems.
In order to fix this issue, the directories of "sys" and "proc"
are retained but the subdirectories or files under them are empty.
With this change, the directories of "/sys" and "/proc" shows
up in the ramdisk and kernel will mount sys and proc filesystems
on them respectively.
Closes-Bug: #1488445
Change-Id: Iad5d62f373b73789118f23db4c932ea6e9a784c3
Signed-off-by: Gary Duan <duanlg@live.cn>
ironic-agent requires expect to be installed for config drive
creation and hence this commit adds it.
Change-Id: Ie1c0f488f416b4c373aa7f38dfd8df1917cd6be2
Depends-On: Ib4dd8c082a50e1dbaf0df91477b062716cb780ff
Closes-Bug: #1486967
fedora-release >= 22 has acquired a dependency on /bin/sh. This comes
from a %posttrans section of the spec file, which is symlinking the
os-release file.
As discussed in [1], the links are setup correctly in the rpm, so the
post-install script isn't doing anything. Thus we can safely ignore
the dependency with --nodeps
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1265873
Change-Id: Icf17c84580a75d42d8e90d5d6e81ae7f5f576c32
Adds support for debian to iso.
Updated README to further clarify what the element does.
Change-Id: I17ac89cfbc84365860c591fab0e4c78123035983
Co-Authored-By: zhangjian <jian.zhang8@hpe.com>
The ironic-agent element is created using the disk-image-create utility
(even being a ramdisk) and outputs a .vmlinuz file for the kernel
(different than the ramdisk-image-create which outputs a .kernel file
for the kernel). This is inconsistent and make scripting against the
diskimage-builder more complicated if one wants to support different
types of ramdisk.
This patch creates a hard link for the .vmlinuz file to a .kernel file
at the end of the process (to keep backward compatibility) and print a
deprecation message.
Depends-On: I81400305f166d62aa4612aab54602abb8178b64c
Change-Id: I476f9ec9ec4206ece0261eaaf2b4182c6bcbd802
Closes-Bug: #1482606
Added support for ramdisk-type elements in tests/test_functions.bash
Elements are distinguished by element-type file in a test element.
Note that ironic-agent ramdisk is built with disk-image-create.
Change-Id: I4759859e7f3c004c2d00e7318729602e6c3c4d95
Largely enhance the documentation so it renders nicely when generated
with Sphinx.
Culpirt: the 'package' type is documented but unhandled in the shell
script.
Change-Id: I9f4f46e770077c147c0a5b1245b779bc3afa4e98
The centos cloud images are both arround a GB in size, and
downloading them causes lot of CI timeouts, downloading the
compressed version saves 700MB of bandwith and should save
a lot of time.
Change-Id: I8dcd1db81fe5c4661945638ef3e6344fdf651243
The ability to specify a distro mirror is part of other
distro elements, centos should have one too.
Change-Id: I4cc9062ff92fbe301f414820798e08c66e9793f7
This exact repository along with others are part of the
centos cloud image. From the looks of it this was required for
a very early cloud image.
Change-Id: Ib928e4ea739bc48f196f81c96ed4fba3177471f0
Completed in Kilo the blueprint ipa-as-default-ramdisk [1] ported all
the Ironic drivers in tree to be able to use the IPA ramdisk for the
deployment.
Now in Liberty the blueprint deprecate-bash-ramdisk is deprecating the
bash ramdisk created using the "deploy-ironic" element in DIB.
This patch is printing a deprecation message when the user uses the
"deploy-ironic" element and as well updating the README file to indicate
that it has been deprecated.
[1] https://blueprints.launchpad.net/ironic/+spec/ipa-as-default-ramdisk
[2] https://blueprints.launchpad.net/ironic/+spec/deprecate-bash-ramdisk
Related-Blueprint: deprecate-bash-ramdisk
Change-Id: I8057f52104225326f45eb3ae6065cd02a27f5ef2
In Id1e430e7d050a0b99ac449e2ea435e06cda1c4e6 I made the mistake of not
actually removing grub in 15-remove-grub.
This restores the removal phase and adds a bunch of comments. It
seems the centos7 and centos (6) images have grub2 installed, but F22
does not; hence the check.
For anyone interested in the history; it seems the whole idea of
removing grub and re-installing it in the finalise stage is to do with
Ubuntu grub scripts failing in the chroot. It is not clear this does,
or has ever, affected rpm based systems; but that's how it is, so
leave well enough alone.
The whole reasoning behind the rpm download & re-install is actually
explained in If095adc4abb52a19a3aa0b1caebfb3e4d8f605ef, but over time
the comments got lost as code moved around. I've restored in here
some detailed explaination of why we don't just re-install the package
"normally". I've also added a note to the pre-install of various
things that are related to this step. Again I think there are some
questions around this that we can investigate in another change.
Change-Id: I1acd19da8567ab93b5003caf67673cc70efea5fa
Currently they are used for inspection, but may be also used for
other purposes, as they're accessed from IPA generic hardware layer.
Change-Id: I32c6a711d466131b9445023812a2a260ed2e01f3
Switch to using svc-map element for systemd based agent.
This allows both .deb and .rpm installs to share the
element for systemd based installs. There are not any
plans to package a .rpm package for upstart or sysv, so
these are left as is.
Change-Id: Idca7ad97355cae785162989774a7e6dea6fdc5b5
Closes-Bug: #1490584
Fixing the ironic-agent pkg-map by adding missing commas. Validated
updated form passes json linting. Also includes a listing for curl.
Change-Id: I1983f7a581be3a5aaa771b19c6609cf12b61a7bb
Closes-Bug: #1488969
Appears that growroot was running before /dev is mounted so the script
is unable to introspect the filesystem partition info. Run this after
all local filesystems are mounted to fix this issue.
Change-Id: Ia7c41ba6ef79788fdbf198998622eeaa20dd4245
We can resize the rootfs without the initrd based approach. Create a
growroot element which performs rootfs resizing as part of system init.
Change-Id: Ibeb846b0170d141fb72323a441d14b65b93ae0a1
There is a bug where the init scripts element incorrectly munges the
install path making it useless. Also removing the dep on rsync since
this occurs from inside the chroot.
Change-Id: I8f2717d36d7d2ff4b195ec21e91afeaf30a1d803
This patch is reducing the size of the ramdisk image generated by the
ironic-agent element. It does remove extra packages (graphical stuff,
dev stuff, miscs, docs, etc...) and purges directories that are not
needed for a ramdisk (like /boot since it boots using an external
kernel)
Currently it was tested generating a Fedora 22 image and reduced the
size of the final image from 464 MB to 211MB compacted (54% decrease).
I was able to boot a VM with 1.3 GiB of ram instead of the previous 3 GiB
needed.
Change-Id: Id6333ca5d99716ccad75ea1964896acf371fa72a
The default value was set in the centos7 element, but not
exported, which caused issues in rpm-distro. Also changed
a test in rpm-distro to only check for DIB_RELEASE > 22
if it's fedora.
Closes-Bug: #1477172
Change-Id: Ib6f4227411c2e8f1965c3b78bc318512c59a7876
The script for ironic-agent utilizes curl, however an extremely
minimal system may not have it, and as such we should list it as
a package that must be installed to support the element.
Change-Id: Id118f84e2d5e6adf0ae3d653864565368b0d76bf
As described in the comments, sfdisk was rewritten for util-linux 2.26
(as shipped in F22) and now interprets arguments a sectors, rather
than cylinders.
The current partitioning line is "1 - - *" (start/size/type/bootable)
which means you start getting:
---
/usr/sbin/grub2-install: warning: this msdos-style partition label has
no post-MBR gap; embedding won't be possible.
/usr/sbin/grub2-install: warning: Embedding is not possible. GRUB can
only be installed in this setup by using blocklists. However,
blocklists are UNRELIABLE and their use is discoura ged..
/usr/sbin/grub2-install: error: will not proceed with blocklists.
---
when building images, because the start is interpreted by the new
sfdisk as sector 1 and it crams the partition right next to the MBR.
Specifying "-" for the size is undefined in the man page; even reading
the source it's not totally clear what "-" for the size does [2]. In
any case, the alignment is wrong in sectors or cylinders; we want to
be a multiple of 4KiB for best performance.
The intent here is to create one single, Linux, bootable, partition
taking up the whole disk starting at 1MiB, so "2048 + L *" makes this
clear.
We use the -uS argument to ensure both versions treat this start-value
as a sector offset (newer sfdisk essentially ignores the argument).
As described in the comments, bugs in the older sfdisk necessitate
usage of "--force".
Although we could choose more or less, it seems most common to align
to a 1MiB boundary (i.e. starting at sector 2048). libguestfs has
some disucssion around --alignment and where it sets it's default to
this [3]. The 2.26-era sfdisk also defaults to putting partitions
here. 1MiB should be enough for GPT schemes in the future as well.
[1] https://github.com/karelzak/util-linux/blob/master/libfdisk/src/script.c#L1050
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1249893
[3] http://libguestfs.org/virt-resize.1.html
Change-Id: I2c2966f98d1d5ad4ebb433ea148b3b26c65dc1b5
Using the default release for the Debian test-element leaves
us at the mercy of packaging problems in Debian unstable. Since
we only care if the image itself builds, use the safe choice of
Debian stable.
Change-Id: I4dd58171489aa07d60db7e4e353ccde6aa534da7
Splits the install.d into source-install and package-install in
order to allow building from a distro packaged version of
ironic-python-agent.
Change-Id: I17513c29efd8c199e07ac1ef20ea5d7456585413
Adds support for Ubuntu and Debian to ironic-python-agent. This will
enable building ramdisk with Ubuntu and Debian as base OS.
Updated README to further clarify what the element does.
Change-Id: I194f85b051974d8ccb197a0993a67761046cfe98
interfaces are not configured at all because specific interface files
are created but not sourced. This will result in the VMs running with
the loopback interface only
This is a regression, the problem was already fixed in the past, see commit
b822581d88
Change-Id: I846642772ab582d7567e5182c860cfa0fe882a15
The resize module is problematic for using grub on very large root
partitions. It is also extremely slow on large partitions, and users are
likely better off creating new partitions in the empty space.
Change-Id: Ic050c74aa71165b43c8908c4d6c7c0ea99ddafa3
Story: 2000175
Using "yum --downloadonly" breaks the abstraction of
"install-packages" because it downloads to the yum cache. It also
acts funny if the package is already there.
Add an argument to "-d" which is the directory to download to. dnf
has "download" built in, and for the old case use yumdownloader which
acts about the same. Ensure it is installed, since it comes in
yum-utils.
Also a slight cleanup of the getopt parsing so it's easier to have the
required argument for -d
Thus we can remove most of the stuff in 15-remove-grub. The check for
centos6 and it's lack of grub2 is clarified. All the stuff about
having to remove the package, purging the cache etc so yum gets the
right thing is no longer relevant. The long section of commented out
code at the end is also removed for clarity.
I tested this with an F21, F22 & centos (6) build
Change-Id: Id1e430e7d050a0b99ac449e2ea435e06cda1c4e6
Docker can export root filesystems, which is what we want out of root
elements. Make a very simple passthrough element that will grab a docker
image and export it into a root filesystem.
Change-Id: Ie1e2d5dd5a61558f100e02c953b18d697a8fe8a2
There is a common pattern of if init_system == foo then install init
script foo-service-init into /etc/init... Lets encode this pattern by
allowing elements to put files into init-scripts/init-system directories
and then copying the appropriate files for them.
Change-Id: I541db18a0a8c5e0755a0af5732f4e15a5e5cf984
When building an image having the elements debian and vm, cloud-init
fails with:
ci-info: !!!!!!!!Net device info failed!!!!!!!!
Looking at the source code, it executes ifconfig to gather informations
but the `debian` elements does not provide it. There is also no DHCP
client available which is rather painful.
Install isc-dhcp-client to provide a DHCP client.
Install net-tools to provide ifconfig, required by cloud-init.
Ref: https://phabricator.wikimedia.org/T105152
Change-Id: I76dfd4f87a5c9f08e7c572fb4f5ebeeb34f5f66a
Remove hardcoded refrences for ethernet interfaces from ironic-agent
and sets a dependency on dhcp-all-interfaces to ensure it works for
all interfaces for all other operating systems.
Change-Id: I7ae6d1c5bd9911ef3db45187c0010cf0973badf1
Closes-Bug: #1471802
The fix for static links to the latest image has been rolled out.
Update documentation accordingly.
Change-Id: Ic92d0e1d584ca2bf1d82f411102079cb4455bddb
The init scripts have now been moved in to glean itself, so just consume
them directly.
Change-Id: Ib85128579c62020df23d73404c0563894038d2dd
Depends-On: I2ed25ce434023bfc8b6a88a08c0c06c1cef63982
Glean now supports setting a hostname, lets ask it to do this.
Change-Id: Iea8d210b4b5add8fed4038cf81ce28d1d7c7c1c4
Depends-on: Ia9155bc565ad79af44d88acc06759be2bf4e5f20
This element installs oat-client on the image, that's necessary for
trusted boot feature in Ironic to work. This element only works on Fedora.
Intel TXT will measure BIOS, Option Rom and Kernel/Ramdisk during trusted
boot, the oat-client will securely fetch the hash values from TPM.
Change-Id: I0f1221b5708e9a5792df62ee6e73034f8bf1577c
Passing a source-repositories ref of "*" should signal fetching all
heads similar to when a non-cached ref is requested. Reuse the same
fallback logic, but skip unnecessary checks since "*" is not a real
refname. Also expand the fallback to update tags, and to --purge
local refs that no longer exist on the remote for additional safety.
Change-Id: I4562c9689a8d235ebe09b2f7178aa5890dbc85f1
Some minor workarounds for Fedora >= 22 where dnf is the default
package manager. The changes are documented on the Fedora release
notes https://fedoraproject.org/wiki/Changes/ReplaceYumWithDNF
Change-Id: I7d7d6f5d294980dcb217d6190a1efd9e0bbea9a6
Add a YUM variable that defaults to dnf for Fedora 22 and greater. At
this stage the yum element can do double-duty with dnf -- it's mostly
the same. If we find it starts getting too unwieldy we can separate
this later.
Modify the install-packages for yum to use this variable when set, but
default back to "yum" to retain the status-quo.
Change-Id: Ibff71465b392d9f66b6f93955ff9223575d6165c
Installing Python to a ramdisk takes quite a long time because of
the way dracut checks for dependencies of every single file
installed. We could avoid that, but then we might miss a required
library file.
This change alters the installation method to speed up
the process. First, it creates a list of files that are needed and
then installs them all at once using inst_multiple instead of calling
inst on each file separately. This doesn't make a huge difference,
but in my testing it is marginally faster.
Second, and more significantly, we don't need the *.pyo and *.pyc
files as those are simply an optimization to speed up module
loading. Because the deploy ramdisk is a short-lived operation,
we probably lose more time transferring those extra files to the
target system than we save in improved load times.
In my testing, these two changes netted about a 20% improvement
in build times, and about 13% decrease in image size.
Change-Id: Ibc2b778c28fc9fb7177380dffe8dbce5722d0733
On some systems, it can take longer than 10 seconds for the root
disk to be detected. Because enterprise hardware. Increase the
wait time to 60 seconds so we don't incorrectly fail due to a
missing root device.
Change-Id: I4f67ef0295af8f2ae783fe3aea347b41987c6a66
This reverts commit 7a4c396948.
Note this time it sets it to F21, not F22, and gets rid of the
duplicate definition that doesn't get exported.
Change-Id: I240ad25d7a73c379559517a2a8399ae8c098314b
Changed simple-init to utilize a PATH variable in order to allow
for glean to be executed in the event the operating system places
glean in /usr/bin, such as what occurs on CentOS 7.
Change-Id: Ibf95fcd7ca368595e8fb3473f25eb0a919726e39
Now that we are changing fedora to default to f22, lets gate on f21
still working.
Depends-On: Icbd08fb5aa69446ad65ff72af631902c4e1fa12b
Change-Id: I8b7b957fafc028aa2970803bd23ea644114f9b7f
We are using which to find the location of setfiles. Our script is set
-e though, and we need to also be able to handle the case where setfiles
does not exist (like on centos-minimal).
Change-Id: If53c7a80efc081b95b143c28be64d39b12bfb469
The default release for fedora is actually 21 for us, and we are unable
to build 22 right now.
This reverts commit 379d6a2650.
Change-Id: Iffcc505f1e115cb6bc662b57a78878e498ce338e
Wrong package in the list, dracut-modules-growpart is wrong,
needed dracut-modules-growroot for proper resize to work
Change-Id: Iea8789ea3d44d182197a4713244b551f2cd4dd55
Closes-Bug: 1461601
This patch is adds a new grub2 element that installs the
grub2 bootloader on the image so it can work with Ironic's
local boot support.
This patch also modifies the iso element which was installing
same grub2. It removes the grub2 installation from iso element
and makes it dependent on grub2 element.
Co-Authored-By: Ramakrishnan G <rameshg87@gmail.com>
Change-Id: I37bcf2c525708d1e2e0f95cf5874a279f76861f7
This commit adds support for providing custom kernel
cmdline args while building deploy ISO. This is useful
for adding kernel cmdline like 'console=ttyS1' in
environment (assuming all bare metals have been configured
to output to COM2 in BIOS).
Closes-Bug: 1451634
Change-Id: I20b04d9d104cfe46df0439c3f567a721a27e186a
This commit addresses follow-up comments on
I1ffb832ebab009b2d77a46e6c8fc758dd9632359. The change
is to delete get-pip.py immediately after installing pip.
Change-Id: I2768da2365b08304b8e7fcf55c91101b05ec33ea
Add current version of Ironic API for consistensy with IPA and Ironic
API settings, and for compatibility in the future.
Change-Id: I13c7a26b6cfb47a14aa49ee78441a1d97d7b42d0
In the case of using portal registration with an activation key, the
rhel-common element is still executing a `subscription-manager attach`
command. This should not happen if an activation key is provided. This
is because an activation key already provides the subscriptions to
attach.
This patch fixes this behavior.
Change-Id: I5a8425d1778362bb7a0dadc91a46308f16b2a526
Closes-Bug: #1456648
It's useful to be able to pass in multiple yum repo configuration files
via $DIB_YUM_REPO_CONF, not just a single one.
Change-Id: I43722229a2df58be55bdb2b50c253e957b18e6fe
When something goes wrong, you usually can't boot the image. nova
console-log is usually available though.
Change-Id: Ie4525d0c3ee8b59f035544592b30f0635aba1811
Hard coded path fails on Distros (such as el6) with setfiles bin
in different places, for example, rhel6 has this in /sbin/setfiles
Change-Id: I7aff9cdadd9aed9cfc806a1010acbf36b7b6d0e7
dib-run-parts filters the acceptable characters in script names,
and "." is not allowed (see $allowed_regex there), so
01-clean-old-kernels.sh is never executed.
Rename it to drop its .sh extension, so it is executed for real.
Change-Id: Ieb633b31214f1accf03b92a2b06590fdf2127b6b
Weve had some regressions recently with the changes in the debian
element. Lets tests that we can build debian images.
Change-Id: I048e7a32ecb4088ec1b1e3b1efdf146187b093db
Adding a test function which allows us to use elements to perform
element-specific tests. In order for this to work sanely, also adding
some configuration to our break system so we can assert on negative
tests.
Also adding a test for apt-sources to verify this code actually works.
Change-Id: I378a74255010eca192f5766b653f8a42404be5ea
We should make use of the CentOS-7-x86_64-GenericCloud.qcow2 symlink from
http://cloud.centos.org/centos/7/images/ instead of having a hard coded cloud
image. Specific cloud images can still be downloaded by overriding
$DIB_RELEASE.
More importantly, using the symlink will keep us automatically up to date with
the latest CentOS 7 cloud image. The image in use by the hard coded value
occassionally exhibits "No space left on device" errors after the cloud-init
filesystem resize. More info about this issue is at:
http://xfs.org/index.php/XFS_FAQ#Q:_Why_do_I_receive_No_space_left_on_device_after_xfs_growfs.3F
The newer cloud image (with a newer kernel) does not exhibit this issue.
Change-Id: I3e19f6269ceba937fcd630bab265d132bd525519
Check for the current distribution using $DISTRO_NAME instead of
`lsb_release`.
Also, remove the existency check, as $DISTRO_NAME is supposed to be
provided by distribution elements.
Change-Id: I2276c63e9ac43576da528a70235129800c093b3e
Cloud-init and simple-init are not meant to play together. Lets disable
cloud-init if simple-init is installed.
Also guarding cloud-init-datasources against running in an environment
where cloud-init is not installed.
Change-Id: I5bfa9a3e83d3259db2436404034ad58c780de1c9
Diskimage-builder currently writes cloud-init config file which adds a
host entry mapping the hostname and FQDN to 127.0.0.1 into every image
built. This is probably useful for some use cases but not for all, so we
now allow customizing the manage_etc_hosts value via
DIB_CLOUD_INIT_ETC_HOSTS variable and also not writing the config at all
if that variable is explicitly set to an empty string (currently the
default is 'localhost' but in the future the default will be empty
string).
Particular description of the problem this causes in TripleO follows:
We get hosts files like this:
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
127.0.0.1 ov-rl5i5saoc6h-1-hj5tzsbrdv4c-controller-dy6nuyarqy5z.novalocal ov-rl5i5saoc6h-1-hj5tzsbrdv4c-controller-dy6nuyarqy5z
# HEAT_HOSTS_START - Do not edit manually within this section!
192.0.2.17 ov-rl5i5saoc6h-0-wfzcsrqo34p6-controller-m3hy26lhxavl ov-rl5i5saoc6h-0-wfzcsrqo34p6-controller-m3hy26lhxavl.novalocal
192.0.2.15 ov-rl5i5saoc6h-1-hj5tzsbrdv4c-controller-dy6nuyarqy5z ov-rl5i5saoc6h-1-hj5tzsbrdv4c-controller-dy6nuyarqy5z.novalocal
192.0.2.16 ov-rl5i5saoc6h-2-a6v7saxnivm5-controller-7jboskte34r7 ov-rl5i5saoc6h-2-a6v7saxnivm5-controller-7jboskte34r7.novalocal
# HEAT_HOSTS_END
The duplicate hostname/FQDN entry for 127.0.0.1 and 192.0.2.15 confuses
Corosync, which then fails to start a cluster when using hostnames in
the config file instead of IPs.
Change-Id: Ia8582883f737548e2911d3f36a1943e5b236281b
Partial-Bug: #1447497
vconfig is actually deprecated in favor of the ip command, and is not
available on some newer distros (RHEL 7 at least). I'm not honestly sure
why it needs to be installed in all images anyway. I traced the origins
of installing the vlan package here all the way back to the first dib
git import from some other repo...so, I don't see any obvious reason why
it needs to be installed.
Change-Id: I272667cf29f5e41c217a26f70937b2842a04f748
subprocess.CalledProcessError in Python 2.6 does not have the 'out'
parameter for __init__, so pass only two of them and manually set
'output' in that case.
Fixes/improves commit 7f410aaff2.
Change-Id: I279bdf433b1272a9c3af4d66a2a52c78a7ac5de2
Instead of manually creating epel.repo files, make use of the epel
element, which will properly install epel-release.
Change-Id: Iea7b389bc1ade716c622fd39d5e7dcf119dcb447
This commit address last comments on
I5e8a706989bad13051eb47db0b1e762e6c672318. It adds
the date for a comment was added and removes redundant
wait period for initialization.
Change-Id: Idff38835969c094175f68be78c407ae975473b57
This commit fixes errors while trying to create a
DIB ramdisk with ironic-agent element when built
behind proxy. It fixes the issue by making it install
latest versions of pip and setuptools which has the
fixes for them.
Change-Id: I1ffb832ebab009b2d77a46e6c8fc758dd9632359
Closes-Bug: 1449852
rhel7 and centos7 images are both only available on x86_64 arch.
if $ARCH is misconfigured, some strange error will happen during the build.
For example, DIB will try to install EPEL i386 on the 64bit root system.
For the record, tripleo-incubator $NODE_ARCH default value is i386. The
problem will happend as soon as the default value is used with one of
these root elements.
This commit ensure the $ARCH is set to amd64 as soon as the centos7 or
rhel7 root element are used.
Change-Id: Ie41fa2da48eac6bf89b96cfa137c0f572dae6734
In Kilo, we added added an iscsi extension in
ironic-python-agent which requires tgtd and tgtadm.
This commit adds scsi-target-utils to the ramdisk for
this.
Also the git protocol for retrieving the source code is
changed to http. Git protocol doesn't go through a proxy,
but http can.
Closes-Bug: 1449854
Change-Id: I8cf274913a16404941770d0c6115bd6feec1ccb8
Starting from syslinux 5.00, isolinux.bin is dependent on
ldlinux.c32 to boot for BIOS machine. syslinux > 5.00 is
delivered with Fedora 21 cloud image which breaks the boot
from ISO if ldlinux.c32 doesn't exist.
Change-Id: If722f36aeaabc759d93ef6ae3f49b21bb840a92d
Closes-Bug: 1449882
These are ubuntu-isms that do not exist on debian mirrors and cause
builds to break if they're based on a stable debian release.
Change-Id: I08c2826eba4aabd0be69955220624b2f179a15ee
Closes-bug: #1450198
Set the pbr option 'warnerrors' to make build_sphinx turns warnings into
error. Fix all warnings.
`tox -edocs` will thus abort whenever someone introduce a new error.
Change-Id: Id6d09768a241866e1fdc1a1e2bf90336f5c5087d
debootstrap is not debian or ubuntu specific. We can make a debootstrap
element that knows how to do all of the things, and then a
debian-minimal and ubuntu-minimal image that use it. Finally, make
the debian element simply be a collection of the extra things we do to
make it look like a cloud-init based cloud image.
Change-Id: Iaf46c8e61bf1cac9a096cbfd75d6d6a9111b701e
glean is now moved into the openstack-infra repos, so the reference to
the originally temporary home can be discarded.
Change-Id: Ie89fff85e264a36d9bab15801314d5195b45031c
In some cases, like linux-image-* on debian, we need to only install
packages for a specific target architecture.
Change-Id: Ic0009d0c1e121d6f3f1f21345c544e2d98f080f9
This change uses blkid to identify the fs type during redhat-common
extract-image. The image is mounted with -o nouuid for redhat/rhel
images that have XFS filesystems.
This is required when building images from the same base image
as the host VM to avoid "Filesystem has duplicate UUID" mount
failures.
Change-Id: I066289fbb27733a5a555242a0e2c363d58dd27d0
Closes-Bug: 1443706
Now that we have a generic yum-minimal element, just use it in centos
instead of rinse. Adding base as an element-provides of yum-minimal
because this element conflicts with the base element.
Co-Authored-By: Gregory Haynes <greg@greghaynes.net>
Change-Id: I15275d821781171c118f21aa0c0bca55f65a65b3
The loopback handling in the Linux kernel limits the filenames of
files associated to loopback devices, see also linux/loop.h.
This is reflected also on userspace, as kpartx will silently do nothing
(exiting with 0) when requesting to remove a filename longer than 64
characters, as that name will obviously not match the truncated
filename. The result of this is that, when extracting qcow2 images for
the first time, if the qcow2 filename is long enough then the loopback
device will not be removed, remaining as stale in the host.
As a workaround, use a temporary file name when convering a qcow2 image
to raw, instead of using the base name of the qcow2 file.
While this still will not fix the issue when manually using a long
temporary directory (e.g. TMP_DIR=/very/long/etc...), at least should
avoid it in other cases.
Change-Id: Ibf46cd313a9d89412c0e1068fa0993be6c5a29db
This commit changes Ironic deploy ramdisk to find out
the virtual media device by using labels instead of
looking at the model of block device. This helps in
finding out the device irrespective of the hardware.
Corresponding Ironic change is
If5b78d9af7048f2631d050ee5ce01ab7a67e2354.
Closes-Bug: #1429340
Change-Id: I5e8a706989bad13051eb47db0b1e762e6c672318
Commit b4a1f1c190 wrongly changed the format of the available
images. There was a missconfiguration on the buildservice which produces
the images so no static links were available. That's fixed now so use
the correct names again.
Change-Id: Iac4cbc8672da67f5a89ac2f1be8bb9530215ea19
The centos-minimal approach of using rinse does not, it turns out, work
on centos. That's a bummer. It's also rather heavyweight. Instead, with
minor machinations, we can just use yum itself pointed at a chroot.
Also adding fedora-minimal element which creates a fedora image using
the new yum-minimal approach.
Co-Authored-By: Gregory Haynes <greg@greghaynes.net>
Change-Id: I026fd9d323e786dae5bb67824c6501067e1ceaa3
If you don't want cloud-init, you may need to get a few things
from config-drive because you may be operating on a cloud with no DHCP.
In that case, simply reading some values from config-drive and writing
out either DHCP or static network info, in addition to grabbing ssh keys
is helpful. Both Infra and bifrost want this for their images.
Co-Authored-By: Gregory Haynes <greg@greghaynes.net>
Change-Id: I2746ed256b9783eab058b803130d3ccac484eaeb
We support building elements without depending on the base element.
Breaking install-types out into its own element while making base depend
on it so elements can depend in it without base.
Change-Id: I104543d5482c76f60902e9fc32d91e196eeab51a
Turns out that updating packages last causes some pretty
non-intuitive behaviour if you are trying to pin a package
to a specific version. Lets just update the base RPMs first...
subsequent installations should install the most updated version
anyways (unless they are pinned).
Also moves the package-installs script from the 00 step to 01 so
we can do the update first.
Co-Authored-By: Ben Nemec <bnemec@redhat.com>
Change-Id: I962046cc6048e852e6582fbc579f88bb73e23fdd
This fix prevents loading of unsigned ubuntu kernel in UEFI secure
boot environment when image is created using 'iso' element.
'iso' element uses 'linux' and 'initrd' modules of grub2 to load
kernel and initrd respectively. The grub2 implementation of Ubuntu
can load unsigned kernel when these modules are used.
Ubuntu has Grub2 modules 'linuxefi' and 'initrdefi' which exits
boot process if unsigned kernel is used in UEFI secure boot mode.
The 'iso' element should use these modules in grub.cfg to prevent
loading of unsigned kernel when node is booted in the UEFI secure
boot environment.
'linuxefi' and 'initrdefi' works seamlessly when node is booted in
normal UEFI boot mode (non-secure).
Fedora do not have this issue. This fix has been tested in Fedora
environment. It works fine.
Closes-Bug: 1443114
Change-Id: If256ba1f7d7c149482d0f37fabcdfa8ed22e3f91
ubuntu-signed element would install 'linux-signed-image-generic' that
provides signed kernel that can be used for deploy in UEFI secure boot mode.
Package 'linux-signed-image-generic' ships signed kernel with extension
'.efi.signed' (Ex. '/boot/vmlinuz-3.13.0-49-generic.efi.signed').
The kernel modules directory for signed kernel and unsigned kernel is same.
It is without 'efi.signed' extension to its name. This is different from normal
practice of directory naming in '/lib/modules' (Ex. For signed kernel
'vmlinuz-3.13.0-49-generic.efi.signed', modules directory is
'/lib/modules/3.13.0-49-generic').
This needed some changes in '/lib/ramdisk-functions' and 'ramdisk' element to
copy kernel modules.
The signed kernel package contains both signed and unsigned kernel. The
unsiged kernel is without extension '.efi.signed' (Ex.
'/boot/vmlinuz-3.13.0-49-generic'). This required change into
'/lib/img-functions' and 'baremetal' element to pick up signed kernel version
when this element is used.
Closes-Bug: 1443076
Change-Id: I60061cbea847b47fa752b9463cfd387e8e7f0635
The targetcli element was triggering a bunch of errors from dracut
when we installed all of Python. It turns out this is because there
were filenames with spaces in the find output and the loop didn't
handle that properly. This switches to a while loop that can
handle odd filenames.
Change-Id: Iacbf16f26f2bc9991840250dc8ae7990db54d811
Currently, calling the troubleshoot function in a ramdisk script
doesn't work as expected on dracut ramdisks. This adds an alternate
troubleshoot implementation that will behave as intended.
I did not make it conditional on a kernel param as was done in the
original because dracut can behave strangely if you allow it to
continue after an error. Always dropping to a shell immediately
should be less confusing.
Change-Id: I98000f4ac6d7890b1f44fe4d10394ac0ea332fcb
Do not rely on environment changes (like exporting REG_HALT_UNREGISTER)
to persist between different hooks run. This helps when the hooks are
run in different new environments every time.
Instead, in 99-unregister redo the same checks on REG_METHOD as done in
00-rhel-registration, still respecting REG_HALT_UNREGISTER in case the
user does not want to unregister the image generated.
Change-Id: Id594dcd72334f38a2fa96da21206da77a83d7a1a
Closes-Bug: #1434431
Cleaning up the apt-sources README to be easier to consume. Also
removing some tripleo references from the README.
Change-Id: I6937fd5cd51288b36890dde214701bcef1d61381
We don't want to trace the RHEL registration scripts because that
is likely to log things like passwords and activation keys. To
still allow for debugging failed runs, add sanitized logging of
the arguments passed to the registration commands, since that is
the part of the process where problems are most likely to manifest.
Change-Id: I0f661e9c152f43b814fda61211bd56ba93e3b9dc
The default locale set by cloud-init is now generated to prevent the
warning printed when the user is logged in.
Closes-Bug: 1440728
Change-Id: I2faff6c9d3ab8bb5f66d58e77bcf37f186bf501d
Make sure that the target directory for 50targetcli exists already, in
case there is no dracut installed at extra-data.d run time.
Change-Id: I85ade9e85e823b7564a5839c8b6181548a15ad41
This commit changes the 80-deploy-ironic script of
deploy-ironic element to report back the status of
boot loader install (when boot_option == "local")
using a newly introduced vendorpassthru.
Closes-Bug: 1422723
Change-Id: I9c1d8643be7cb9e273d65ddd791715a5c271fd93
Copy all of the necessary parts for a Fedora based dhclient to work. This
includes a number of network scripts. Also grab the ip command supplied by
the iproute package, the busybox "ip addr" command was missing the valid_lft
and preferred_lft options.
This will allow the dhcp to work in the ramdisk instead of getting passed the
PXE net config.
Related-Bug: #1417026
Change-Id: I8feee9a740855dab7b47162c5727bf91db77fcc6
The listing of *-$INSTALL_TYPE-install files currently uses ls, which
errors out when the glob matches no files, thus using true to not fail
it.
Instead, use find to collect the file list, so there is no need to
ignore the command errors.
Change-Id: Ic6888106858df320a1c90a84f1b9ec74d436b9e6
The wrong APT config name is used to disable download of translations.
It's Acquire::Languages, not APT::Acquire::Languages.
Change-Id: Ie0c12d444bab19b4486845944ef51031e9133470
Closes-bug: #1436523
Not all operating-system elements install cloud-init, but the base
element assumes its existence. Create the directory if it does not
exist.
Change-Id: I4bda8dc5d200825ea0c8163a4e5c44050a45083f
it may happen that if the system where disk-image-create runs is busy,
then the kpartx -l run may leave a stale autodelete loop device.
This is because kpartx -l first adds a new loop device, then does the
listing and removes the loop device. The latter may not end before the
end of the kpartx run, leaving a loop device marked as autodelete.
Such kind of loop device will automatically delete itself, so the
rm -r $WORKING
after
sudo umount -f $WORKING/mnt
in the EXIT trap will fail because $WORKING does not exist anymore.
To prevent this situation, just ask udev to finish its operations,
properly removing the (temporary) loop device.
Change-Id: I12246f3dbe6b5669e698767682a5a142f803823b
RHEL 7 does not ship tgtadm or tgtd so they cannot be used in the
deploy ramdisk. This change separates the tgt-specific parts of
the ramdisk into their own element, and adds a new one that supports
targetcli instead.
For now, the tgt implementation can only be used with traditional
busybox ramdisks and the targetcli one can only be used with dracut.
This is because dracut is primarily used for RHEL right now so it
makes sense to keep the dependencies simple. If there is a future
desire to mix and match the implementations that could be done, but
it would require users to explicitly select between tgt and
targetcli.
Change-Id: I4f99c91016287e08d836095c2f2261de8b45abdc
Co-Authored-By: James Slagle <jslagle@redhat.com>
It is reasonable that elements may need to include additional
kernel modules in a dracut ramdisk. This is done with the
--add-drivers option to dracut, but previously the value passed
was hard-coded.
This change allows an element to put a file containing its desired
drivers in a dracut-drivers.d directory, and the list there will
be added to the list of drivers added. This functions in
essentially the same way as the binary-deps.d directory that
already exists for including additional executables in a ramdisk.
Change-Id: Ie892b908d36c175a469f7cde7dd803ad4b1942b6
This is required on Fedora 21 in order to build some
packages via source. Includes files like:
/usr/lib/rpm/redhat/redhat-hardened-cc1
Specifically this fixed MySQL driver compilation issues on Fedora 21
for source builds.
Change-Id: I459f2203fa145049dda185da952813118193d573
Official MariaDB repositories offer the package : MariaDB-Galera-server.
This package has been now ported within Fedora (and also RDO), the
package is now called mariadb-galera-server. Yum install being case
sensitive hence this change.
Change-Id: Icd03877f17d01708b3916578991e42eef30a69e4
As part of the blueprint root-device-hints Ironic will pass some to the
deploy ramdisk some hints about which disk device it should pick to be
root device (the one where the image will be deployed on).
Before the deploy ramdisk would pick the first device it finds, but as the
machine could have more than one SATA, SCSI or IDE disk controllers the
order in which their corresponding device nodes are added is arbitrary
causing devices like /dev/sda and /dev/sdb switching around on each
boot time.
Plus, as people are adding support to build RAID arrays in Ironic we need
a way to tell it to use the just created device to be the root device.
The list of hints that could be passed to the deploy ramdisk so it finds
the right disk is:
* wwn (STRING): unique storage identifier
* serial (STRING): disk serial number
* model (STRING): device identifier
* vendor (STRING): device vendor
* size (INT): The size of the disk in GB
If not hints are passed, the deploy ramdisk will continue to do what it
did before to find the disk.
Change-Id: I8425f593e1a610af5a3697988702603ff218f2de
This commit adds support for uefi localboot in
deploy-ironic element. The change is to mount the efi
system partition (created by Ironic) in /boot/efi.
The corresponding Ironic change is
I00ac31da325676ea4ea1ac4185f5ac3a52c5809a
Implements: blueprint local-boot-support-with-partition-images
Change-Id: Idf7ac5987e14e1d31311834196ca7283deec15c6
Commit 36b59c001c introduces
DIB_DEBUG_TRACE, to be checked in element scripts for enabling tracing.
In the aforementioned conversion, few scripts were left with
unconditional "set -x" calls: remove them, changing the default value
for unset DIB_DEBUG_TRACE from 0 to 1, to retain their older behaviour
(as it was done in 36b59c001c too).
Change-Id: I3d1a9290021bf63de7d4e7752e809852e784ac8b
Previously, this code was not checking for the proper environment
variable for an element's installtype. There was a line replacing '-'
with '_' as is required, but that value was not actually used when
searching for the environment variable.
Change-Id: I0bbd56969188389db81844d9276269464870f776
/tmp does not contain anything useful anyway, and excluding its content
makes the initramfs smaller too.
Change-Id: Ia72867e0cdebacf668ac1a1f551a965da0d69694
This adds support to UEFI secure boot by copying signed shim and
grub bootloaders into ramdisk image.
Closes-Bug: 1419707
Change-Id: I1193cd3a9011855a6804966a31c7c0e28da90ada
The newest stable Fedora splits out kernel modules into
a separate package. By default this is not installed in
the Fedora cloud image... and it contains some things we
need for Ironic (iscsi_tcp module) among other things that
might be very useful.
Change-Id: I3374ea278fecfeb6552e4664717ef3646d382c17
Closes-bug: #1429504
The other distro elements set DIB_RELEASE which allows the other
elements to know what distro release is being built during the
extra-data or environment.d phases.
Change-Id: I00bf13410ded5b678ebc66ff191891ed3cc80f4f