Commit graph

1587 commits

Author SHA1 Message Date
Shivanand Tendulker
f0315b4ed4 Fix to load only signed kernel in UEFI secure boot
This fix prevents loading of unsigned ubuntu kernel in UEFI secure
boot environment when image is created using 'iso' element.

'iso' element uses 'linux' and 'initrd' modules of grub2 to load
kernel and initrd respectively. The grub2 implementation of Ubuntu
can load unsigned kernel when these modules are used.

Ubuntu has Grub2 modules 'linuxefi' and 'initrdefi' which exits
boot process if unsigned kernel is used in UEFI secure boot mode.
The 'iso' element should use these modules in grub.cfg to prevent
loading of unsigned kernel when node is booted in the UEFI secure
boot environment.

'linuxefi' and 'initrdefi' works seamlessly when node is booted in
normal UEFI boot mode (non-secure).

Fedora do not have this issue. This fix has been tested in Fedora
environment. It works fine.

Closes-Bug: 1443114
Change-Id: If256ba1f7d7c149482d0f37fabcdfa8ed22e3f91
2015-04-13 13:20:12 +00:00
Shivanand Tendulker
06e3d7c767 Add element ubuntu-signed to provide signed kernel
ubuntu-signed element would install 'linux-signed-image-generic' that
provides signed kernel that can be used for deploy in UEFI secure boot mode.

Package 'linux-signed-image-generic' ships signed kernel with extension
'.efi.signed' (Ex. '/boot/vmlinuz-3.13.0-49-generic.efi.signed').

The kernel modules directory for signed kernel and unsigned kernel is same.
It is without 'efi.signed' extension to its name. This is different from normal
practice of directory naming in '/lib/modules' (Ex. For signed kernel
'vmlinuz-3.13.0-49-generic.efi.signed', modules directory is
'/lib/modules/3.13.0-49-generic').
This needed some changes in '/lib/ramdisk-functions' and 'ramdisk' element to
copy kernel modules.

The signed kernel package contains both signed and unsigned kernel. The
unsiged kernel is without extension '.efi.signed' (Ex.
'/boot/vmlinuz-3.13.0-49-generic'). This required change into
'/lib/img-functions' and 'baremetal' element to pick up signed kernel version
when this element is used.

Closes-Bug: 1443076
Change-Id: I60061cbea847b47fa752b9463cfd387e8e7f0635
2015-04-12 11:36:17 -07:00
Jenkins
65ad6377a6 Merge "No markdown docs for elements" 2015-04-09 13:59:32 +00:00
Jenkins
703313fb18 Merge "Correctly handle raw type ordering" 2015-04-08 21:28:02 +00:00
Jenkins
866298ceb9 Merge "Export image properties" 2015-04-08 21:11:02 +00:00
Gregory Haynes
8111fc40aa Improved apt-sources README
Cleaning up the apt-sources README to be easier to consume. Also
removing some tripleo references from the README.

Change-Id: I6937fd5cd51288b36890dde214701bcef1d61381
2015-04-07 23:05:38 +00:00
Jenkins
7917e7416b Merge "Create a user guide" 2015-04-05 00:32:40 +00:00
Gregory Haynes
cc308464c6 No markdown docs for elements
Sphinx does not support markdown, therefore all our element docs should
not be in this format.

Change-Id: I6fceb5c2c218e94a463f13d6d9050aea485e6c31
2015-04-02 23:55:19 +00:00
Jenkins
2888318eab Merge "Report status of boot loader installation to Ironic" 2015-04-02 13:07:40 +00:00
Jenkins
a15ab7d732 Merge "Reorder tox environments" 2015-04-01 23:20:25 +00:00
Jenkins
5f0f296f58 Merge "Refactor deploy ramdisk to allow use of targetcli" 2015-04-01 21:20:59 +00:00
Jenkins
6446b2eebf Merge "Split dib-init-system into its own element" 2015-04-01 20:35:04 +00:00
Gregory Haynes
d9bcde8a4d Export image properties
Some elements (such as the manifests element) want to use these
variables. We currently do not consistently export them (IMAGE_NAME is
only exported if you actually specify a name).

Change-Id: I43d17ddcdd7d0ff3cbb4c530caeebb8da915f4ef
2015-04-01 20:33:17 +00:00
Gregory Haynes
7347577784 Correctly handle raw type ordering
We need to run raw outputting last, and were incorrectly detecting that
image type.

Change-Id: Idfbe46c34e783046b940d3eb28c846a0cf9ac0a6
2015-04-01 20:28:44 +00:00
Gregory Haynes
360033027f Create a user guide
Our docs are very developer focused. Lets create a separate user guide
to help new users get started.

Change-Id: I8a03920e6d3306dd0405177875ea55ccb4b40fea
2015-04-01 19:51:08 +00:00
Jenkins
88309de96b Merge "Handle non-cloud-init installs" 2015-04-01 04:01:39 +00:00
Jenkins
de0c663a1c Merge "Use find instead of ls" 2015-03-31 20:18:15 +00:00
Jenkins
4070d6b81c Merge "Short circuit qemu-img convert for raw images" 2015-03-31 20:17:39 +00:00
Jenkins
64d2b3647e Merge "Run udevadm settle after kpartx -l" 2015-03-31 20:17:03 +00:00
Jenkins
60bafe6d93 Merge "Fedora: install redhat-rpm-config" 2015-03-31 19:55:41 +00:00
Ramakrishnan G
9fb2d14cf1 Report status of boot loader installation to Ironic
This commit changes the 80-deploy-ironic script of
deploy-ironic element to report back the status of
boot loader install (when boot_option == "local")
using a newly introduced vendorpassthru.

Closes-Bug: 1422723
Change-Id: I9c1d8643be7cb9e273d65ddd791715a5c271fd93
2015-03-31 16:41:24 +00:00
Jenkins
d0190658f6 Merge "Run svc-map tests" 2015-03-31 12:46:03 +00:00
Pino Toscano
516e3ae7d6 Use find instead of ls
The listing of *-$INSTALL_TYPE-install files currently uses ls, which
errors out when the glob matches no files, thus using true to not fail
it.
Instead, use find to collect the file list, so there is no need to
ignore the command errors.

Change-Id: Ic6888106858df320a1c90a84f1b9ec74d436b9e6
2015-03-31 13:24:29 +02:00
Ben Nemec
7f974d4b85 Reorder tox environments
If py34 is run after py2x, it results in a "db type could not be
determined" error.  The only current way to avoid that is to run
py34 first.

Change-Id: Id81e127e71ecd04a2ed16ab899d6fbf0d15bfee3
2015-03-30 20:57:34 +00:00
Gregory Haynes
4fbad49972 Add py34 to tox
We gate on py34, so we shoudl add it to our tox config.

Change-Id: I0d21cdd47841af8d05df7b36b2302f13bda3367b
2015-03-29 04:28:11 +00:00
Gregory Haynes
89dd01e4a0 Run svc-map tests
We currently do not run these tests and they also fail.

Change-Id: I60c8cbd9495b52fb8b4c848549822a05f921664f
2015-03-29 04:11:41 +00:00
Gregory Haynes
2d79e9d395 Short circuit qemu-img convert for raw images
We currently use qemu-img convert with a raw source and dest when
building raw images. We can just mv the file for increased speed.

Change-Id: I3da095cb9ecad7224a121a434a9fb204132bf6df
2015-03-25 22:50:42 +00:00
Monty Taylor
12165f7b25 Split dib-init-system into its own element
Other elements need this and don't necessarily need base.

Change-Id: I3a12611d7d891a1fb0476f4095be522210b60cba
2015-03-25 13:28:38 -04:00
Monty Taylor
05356cbc09 Handle non-cloud-init installs
Not all operating-system elements install cloud-init, but the base
element assumes its existence. Create the directory if it does not
exist.

Change-Id: I4bda8dc5d200825ea0c8163a4e5c44050a45083f
2015-03-25 13:28:12 -04:00
Pino Toscano
626ca9ad47 Run udevadm settle after kpartx -l
it may happen that if the system where disk-image-create runs is busy,
then the kpartx -l run may leave a stale autodelete loop device.

This is because kpartx -l first adds a new loop device, then does the
listing and removes the loop device. The latter may not end before the
end of the kpartx run, leaving a loop device marked as autodelete.
Such kind of loop device will automatically delete itself, so the
 rm -r $WORKING
after
 sudo umount -f $WORKING/mnt
in the EXIT trap will fail because $WORKING does not exist anymore.

To prevent this situation, just ask udev to finish its operations,
properly removing the (temporary) loop device.

Change-Id: I12246f3dbe6b5669e698767682a5a142f803823b
2015-03-23 10:38:21 +01:00
Jenkins
100959de8d Merge "Add no_timer_check to vm grub cmdline" 2015-03-20 13:05:03 +00:00
Jenkins
b30513f0a2 Merge "openSUSE update" 2015-03-20 09:34:15 +00:00
Jenkins
defae1a7fd Merge "Cleanup/restify components.rst" 2015-03-20 09:34:06 +00:00
Jenkins
0a82b3ebcc Merge "Flagging ubuntu-minimal as untested" 2015-03-20 09:00:16 +00:00
Jenkins
e0e0159ef7 Merge "CentOS 6 Element" 2015-03-19 19:42:40 +00:00
Ben Nemec
c98a17222f Refactor deploy ramdisk to allow use of targetcli
RHEL 7 does not ship tgtadm or tgtd so they cannot be used in the
deploy ramdisk.  This change separates the tgt-specific parts of
the ramdisk into their own element, and adds a new one that supports
targetcli instead.

For now, the tgt implementation can only be used with traditional
busybox ramdisks and the targetcli one can only be used with dracut.
This is because dracut is primarily used for RHEL right now so it
makes sense to keep the dependencies simple.  If there is a future
desire to mix and match the implementations that could be done, but
it would require users to explicitly select between tgt and
targetcli.

Change-Id: I4f99c91016287e08d836095c2f2261de8b45abdc
Co-Authored-By: James Slagle <jslagle@redhat.com>
2015-03-18 11:42:00 -05:00
Ben Nemec
6377c723aa Allow elements to add drivers to dracut
It is reasonable that elements may need to include additional
kernel modules in a dracut ramdisk.  This is done with the
--add-drivers option to dracut, but previously the value passed
was hard-coded.

This change allows an element to put a file containing its desired
drivers in a dracut-drivers.d directory, and the list there will
be added to the list of drivers added.  This functions in
essentially the same way as the binary-deps.d directory that
already exists for including additional executables in a ramdisk.

Change-Id: Ie892b908d36c175a469f7cde7dd803ad4b1942b6
2015-03-18 11:40:20 -05:00
Dan Prince
ec0123554f Fedora: install redhat-rpm-config
This is required on Fedora 21 in order to build some
packages via source. Includes files like:

 /usr/lib/rpm/redhat/redhat-hardened-cc1

Specifically this fixed MySQL driver compilation issues on Fedora 21
for source builds.

Change-Id: I459f2203fa145049dda185da952813118193d573
2015-03-18 08:25:18 -04:00
Jenkins
a341ca84e7 Merge "redhat-common: Fix MariaDB-Galera-server case" 2015-03-18 02:32:34 +00:00
James Polley
27d03777dd Cleanup/restify components.rst
Rework the list as a definition list.

Mark literal code snippets as literal code snippets.

Fix heading typo.

Change-Id: Ie3d393a49914779f12f3075ff2ac2df5ecf78321
2015-03-18 02:12:32 +00:00
Jenkins
dd5a917571 Merge "Allow disabling apt-get clean" 2015-03-17 18:20:11 +00:00
Jenkins
a1c1470017 Merge "Convert leftover unconditional set -x to DIB_DEBUG_TRACE" 2015-03-17 16:58:34 +00:00
Jenkins
b2fc2cc358 Merge "Ironic: Deploy ramdisk to find the right root device" 2015-03-17 15:44:30 +00:00
Yanis Guenane
6b8421e0f9 redhat-common: Fix MariaDB-Galera-server case
Official MariaDB repositories offer the package : MariaDB-Galera-server.
This package has been now ported within Fedora (and also RDO), the
package is now called mariadb-galera-server. Yum install being case
sensitive hence this change.

Change-Id: Icd03877f17d01708b3916578991e42eef30a69e4
2015-03-17 10:56:01 +01:00
Jenkins
85a4d42879 Merge "Fix incorrect package name dmidecoded to dmidecode" 2015-03-16 16:28:04 +00:00
Spencer Krum
514181ce7f Flagging ubuntu-minimal as untested
Change-Id: I5f4973b9b81d97552d02ab3e64314bce827542f4
2015-03-14 12:52:21 -07:00
Jenkins
e94b90a2ab Merge "ironic-agent: exclude content of /tmp from initramfs" 2015-03-13 20:17:47 +00:00
Lucas Alvares Gomes
b95cbb14b1 Ironic: Deploy ramdisk to find the right root device
As part of the blueprint root-device-hints Ironic will pass some to the
deploy ramdisk some hints about which disk device it should pick to be
root device (the one where the image will be deployed on).

Before the deploy ramdisk would pick the first device it finds, but as the
machine could have more than one SATA, SCSI or IDE disk controllers the
order in which their corresponding device nodes are added is arbitrary
causing devices like /dev/sda and /dev/sdb switching around on each
boot time.

Plus, as people are adding support to build RAID arrays in Ironic we need
a way to tell it to use the just created device to be the root device.

The list of hints that could be passed to the deploy ramdisk so it finds
the right disk is:

* wwn (STRING): unique storage identifier
* serial (STRING): disk serial number
* model (STRING): device identifier
* vendor (STRING): device vendor
* size (INT): The size of the disk in GB

If not hints are passed, the deploy ramdisk will continue to do what it
did before to find the disk.

Change-Id: I8425f593e1a610af5a3697988702603ff218f2de
2015-03-13 14:09:40 +00:00
Jenkins
e70ffdd15e Merge "Ironic: uefi localboot support" 2015-03-13 02:00:30 +00:00
Jenkins
c680bab025 Merge "Fix check for installtype" 2015-03-13 01:55:59 +00:00