This adds support to UEFI secure boot by copying signed shim and
grub bootloaders into ramdisk image.
Closes-Bug: 1419707
Change-Id: I1193cd3a9011855a6804966a31c7c0e28da90ada
The newest stable Fedora splits out kernel modules into
a separate package. By default this is not installed in
the Fedora cloud image... and it contains some things we
need for Ironic (iscsi_tcp module) among other things that
might be very useful.
Change-Id: I3374ea278fecfeb6552e4664717ef3646d382c17
Closes-bug: #1429504
The other distro elements set DIB_RELEASE which allows the other
elements to know what distro release is being built during the
extra-data or environment.d phases.
Change-Id: I00bf13410ded5b678ebc66ff191891ed3cc80f4f
This is the centos element, which builds CentOS 6.
There are a couple of modifications to redhat-common because
the version of tar in el6 doesn't support --xattrs-include.
There is a change to both pkg-map and svc-map to add 'centos'
to the 'redhat' family.
Also explicitly have to install cloud-utils growroot and
dracut growpart for proper fsresize at instance launch.
Also sets the DIB_EXTLINUX variable because there is no grub2
for this distro.
Change-Id: Iffd57bce1484c43c2cffcbdb37b602185216e63a
The construction of the combined svc-map-services file uses the host's
/tmp directory to store a work-in-progress file. That file's left behind
after it's done with.
There's a potential race here; together with problems that may arise
if two users attempt to run devtest on the same system.
This patch fixes this by creating the temporary file specifically under
$TMP_MOUNT_PATH.
Change-Id: Iecbdc583e37bed542249c316919c3712c28c7440
This allows them to install packages already specified in .yaml files
for them, which are not installed otherwise since the migration to .yaml
files.
Change-Id: Iac8c7eb55116938616e5299b84487cd52e0cbf6f
openSUSE appears to have redone their fs layout on the repo site
and also changed the naming scheme of their image file.
Change-Id: I75afe54b88ea531d3c1f3b7d85e5435cdacabed2
subprocess.check_output() has been introduced in Python 2.7, so the
script will fail when trying to install stuff in guests with Python 2.6
and older (like RHEL 6 / CentOS 6, for example).
Thus gracefully fallback to subprocess.Popen() when
subprocess.check_output() is not available.
Change-Id: I335148397932177810f095a942b993b249991107
Closes-Bug: #1415240
A recent commit (I29c73355a85112840b57f93b39a9eeda421875e6) updated the
epel element to rely on wget, but wget is not always installed. Since
wget is used in pre-install.d, we must install it in that phase.
Change-Id: Iad2a9c4f0081835a1aa78e6fd2f721f6afd44dc2
Also make the apt-sources element exit with a non-error status code
when the DIB_APT_SOURCES is not set.
This allows including the apt-preferences and apt-sources elements
even if DIB_DPKG_MANIFEST and DIB_APT_SOURCES are not exported.
Change-Id: I8507dd9c69d1371eab38f720dcfdd89aa5345e8b
When there is no pkg-map file for the specified element, list the passed
packages if --missing-ok is specified.
This mirrors what is being done already later, when a pkg-map file
exists but it does not have the mapping for the requested package.
Change-Id: I50287f8e6a5e4335deb3de2252075b8bfdd53ce5
epel-release 7.2 has been superseded by 7.5, so update accordingly.
this time, detect the available epel-release package from the repo
instead of hardcoding version number which will break build each
time the version number gets bumped up.
Change-Id: I29c73355a85112840b57f93b39a9eeda421875e6
Pip now supports retries on failure. If setting multiple pypi mirrors a
fallback will not occure until the failures have finished for the first
mirror. This can cause a substantial delay if mirror fallback occurs a
lot.
Change-Id: Iad37a9015a2d5c861a345a111bd1725b965a42d3
We don't export DIB_RELEASE in the base distro scripts, so many
times it will be an unset variable in 51-bootloader from the vm
element. Currently that script doesn't handle the situation
properly and we get errors like:
line 160: [: =: unary operator expected
This change quotes the references to DIB_RELEASE so that won't
happen anymore.
Change-Id: Ic8f91804334f8862c217f465be80e96d3116f5c8
We have a good pattern of namespacing env vars with DIB_. Add support
for DIB_PYPI_MIRROR_URL* and maintain backwards compat support.
Change-Id: I434c9d1b14cd571b20754c9ad7cd64c936f8399a
As we started using jq it makes sento to use it everywhere when
building a resulting JSON.
Also removes some unneeded code.
Change-Id: Ib1391dc9f4e1463a9a3d0c13909ff60e3c993e82
When setting IPMI credentials is requested, ironic-discoverd
will return ipmi_setup_credentials=true, ipmi_username and ipmi_password
in response. Use ipmitool to set credentials in this case.
Change-Id: I8ace9e817e5ce9dbfb8564feec4a3ce6c0e1b233
There is a wide variety of tracing options through the various shell
scripts. Some use "set -eux", others explicity set xtrace and others
do nothing. There is a "-x" option to bin/disk-image-create but it
doesn't flow down to the many scripts it calls.
This adds a global integer variable set by disk-image-create
DIB_DEBUG_TRACE. All scripts have a stanza added to detect this and
turn on tracing. Any other tracing methods are rolled into this. So
the standard header is
---
if [ "${DIB_DEBUG_TRACE:-0}" -gt 0 ]; then
set -x
fi
set -eu
set -o pipefail
---
Multiple -x options can be specified to dib-create-image, which
increases the value of DIB_DEBUG_TRACE. If script authors feel their
script should only trace at higher levels, they should modify the
"-gt" value. If they feel it should trace by default, they can modify
the default value also.
Changes to pachset 16 : scripts which currently trace themselves by
default have retained this behaviour with DIB_DEBUG_TRACE defaulting
to "1". This was done by running [1] on patch set 15. See the thread
beginning at [2]
dib-lint is also updated to look for the variable being matched.
[1] https://gist.github.com/ianw/71bbda9e6acc74ccd0fd
[2] http://lists.openstack.org/pipermail/openstack-dev/2014-November/051575.html
Change-Id: I6c5a962260741dcf6f89da9a33b96372a719b7b0
Both ccache and linux-image-generic were being installed by
install-packages rather than using a package-installs.yaml.
Change-Id: Ib54c5b51d605278bb9d046a897be989c17c6fb0f
Patch adds support to create PowerPC image with vm element.
It creates 2 partitions, one for PReP boot and other for root and
installs grub-ieee1275.
Change-Id: I4675ef2b82aa69b63e63a1cc7db01b0c0e6f9fff
Closes-Bug: 1418739
If there are no old-style package-installs and the package-installs
element is included we fail because we call install-packages with no
arguments.
Change-Id: I3c78b51d0a2673ecc581f9faded078974dbc27b7
Since the package-installs-squash script relies on the defined
environment variables for figuring out what the values are for an
element's install type and the default install types, sudo -E must be
used to preserve the environment.
Change-Id: Ice5cf0bca65d8078f84daedbef123fc73d5a7b63
Working on host systems without selinux, where the guest image
does have selinux, creates a situation where the instance will
have about a 1 minute delay on first boot because it must relabel.
The previous check for sysfs assumes that the host system has
selinux, which is not needed for the guest setfiles to work.
Change-Id: Ic186a45991b6d80880ad635e9c80985612f53a05
Closes-bug: 1414200
This patch extends the deploy-ironic element to make it install a
bootloader on the disk in case the boot_option parameter passed in the
kernel command line is set to "local".
This parameter is set by Ironic as part of the
blueprint local-boot-support-with-partition-images
Change-Id: I5ebe6f364ae0ac408939399e5f28728b41c4766e
Patch adds support for PowerPC Big-endian and Little-endian local
fedora VM images and using VM images with two partitions, PReP
boot and root partition. Since PowerPC requires PReP boot
partition to be present.
Change-Id: Iba03226e187609df898732c13b1aa5f895b156e3
Closes-Bug: 1413487
ramdisk-image-create assumes the presence of vmlinuz file in OS image.
But ubuntu PPC LE images have only vmlinux file. This patch adds
support for using vmlinux file.
Change-Id: I5dd0b8ceb46b73be57d4c15b39b96f99b524fa3f
Closes-Bug: 1413362
When set to true this cloud-init setting overwrites the /etc/hosts
file at reboot, breaking stuff in TripleO where controllers rely
on resolving each other by name. We still want cloud-init to add in
there a mapping for the local fqdn, so we switched to 'localhost' [1]
1. http://bazaar.launchpad.net/~cloud-init-dev/cloud-init/trunk/view/head:/doc/examples/cloud-config.txt#L470
Change-Id: I85468dece3b67f39841aa826f9b7ca4bf113027a
Closes-Bug: 1411594
This commit adds http_proxy=$http_proxy to use apt-get update through a
http-proxy.
Change-Id: Iee589f6d11b84991512493d22f0e3dbfe60736ec
Closes-Bug: #1412314
The rhel-common element has a script that uses subscription-manager
to register an instance of RHEL with the customer portal or Satellite.
If os-refresh-config runs this script more than once,
subscription-manager returns a non-zero value causing os-refresh-config
to fail. Adding --force to the subscription-manager calls doesn't
properly unregister the image from Satellite and the result is multiple
content host registrations. This patch changes the registration to only
run once.
Change-Id: If372e7f59bbdc77e2b233024c1342f005004f2e5
Previous to the Sattelite 6 release, the katello-agent and it's
dependencies needed the rhel-7-server-rh-common-beta-rpms repo
enabled. Since the the release of Satellite 6, the "beta" can
be safely dropped. This fixes an error where registration to a
satellite instance fails due to a 404 for the beta repo.
Change-Id: Ia9879498c7db0c912bb58ea084d448b8b3915569
The dpkg element was hardcoding ~/.cache/image-create as the cache path,
but elements should use DIB_IMAGE_CACHE as the root for the cache to
allow users to override the path. Replace the hardcoded path with one
that is rooted at $DIB_IMAGE_CACHE.
Change-Id: I76030654e7dfc7b7d4dfa87e082c14e7cee479b9
The correct workflow for building RHEL6 images includes not using
the rhel-registration scripts in this element, but rather the 00-rhsm
script. This patch updates the return value from 1 to 0 for the case
when the REG_METHOD is left unset. This will allow the RHEL6 images
to build without needing to set REG_METHOD. This patch also improves
the note about RHEL6 image building.
This patch is the result of the discussion in the comments of [1].
[1] Iff7b9fc30d5a36231598a977a9edcd55229766c5
Change-Id: I2f35b8d7d8749d44d88f06e9e2c3116ff93b88fe
Closes-Bug: 1404364
When using the rhel element, it can be uesful to disable registration.
For instance, if using an internal mirror repository that does not
require registration/authentication.
Change-Id: I42fa34e7f146137e5b1b9c5d7785702311e1dca1
Copy all of TMP_MOUNT_PATH into the ramdisk so that
ramdisk-install.d actions are respected.
Includes a workaround for a bug in Dracut that caused the copy
to fail.
Also moves init instead of copying it so we don't conflict with
the Dracut init.
Change-Id: Ia8d7b210369fe7eb7ab239cbdb7f96841104a35d
Closes-Bug: 1403121
These scripts are littered with references to passwords and keys,
so rather than try to disable tracing in every one of those places
I propose we simply turn it off for the scripts. This will likely
need to be revisited after the global tracing discussion is
resolved anyway.
Change-Id: I805015300bf01b2f8eec9f70ccfdf533dd9386b3
Related-Bug: 1298205
The latest update to package-install captures both stderr and stdout
from pkg-map, unfortunately, pkg-map has a 'missing-ok' option
which causes it to print an error message on stderr.
The result is that package-install tries to look for packages named
"Missing", "package", "name", etc.
Change-Id: I86b3b71a64b29d533b42fd0cae020e8ecf22cac2
Closes-bug: 1402085
The element was prepending the work directory forcibly, which will have
problems when the image name has an absolute path, which is allowed.
Change-Id: I0cb7b96e24daab8ee73611936af72074c70ac1aa
Closes-Bug: #1400405
Ubuntu has recently release their "Snappy Ubuntu Core" which is a
minimal base-layer for running docker applications. Seems like the sort
of thing someone might want to use for tasks.
Change-Id: I6cb724451d1862121dee4ccf1f599ab8938f0b7f
VMs on Rackspace Cloud need nova-agent installed to get networking
information set up properly. Add a nova-agent element so that dib can
be used to create images to use on Rackspace cloud.
Change-Id: I075a50e9a2d7ae7641905b66bbbc627ad708b5ea
There are times when a much more stripped down base image is desired
over the distro cloud images. For instance, Infra would like some base
images that do not have cloud-init or really much of anything else. This
is easy to accomplish with debootstrap and rinse.
Change-Id: I44ff22457165afb048fdaea469210ae47d83dd3f
Instead of doing the work in the image of parsing through the element's
package-install declarations, we can squash it on hostside, where we
have both YAML and JSON available to us, and then emit a single
pre-processed file into the target to be used later.
Change-Id: I3f182aa3aae0a79b2f3ea4e66c1878ad12878b0a
Depending on bootloader and configuration, ramdisks may receive
a ip= kernel parameter that is used for manual network bring up
in the ramdisk. This parameter contains the address of the boot
server. In the absence of ip=, we want the ramdisk to DHCP and
proceed as normal. However, in this case need to know the address
of the boot server. This falls back to a 'boot_server' parameter
for this address if it is not provided via kernel cmdline.
Change-Id: Id1ed15ba125d91fa0a13d8e19d1385082ee5d9e9
Closes-bug: #1401289
Related-bug: #1401298
The docker build folks obsess about image size and speed a bit. Grab a
few of their optimizations from their debootstrap build process and
apply them to ours.
Change-Id: Ic3d3565423b0ae090896d99fd3bf1145eca6303d
The username and password combination is considered insecure to store in
the metadata passed to the stack as they can easily be obtained and
possibly used in an unathorized manner by logging into one of the
registration systems. The use of an activation key is more desirable
as it can only be used in conjunction with subscription-manager to
register a RHEL system.
This patch deprecates the username and password support from the script
that registers RHEL with either Satellite or RH Customer Portal during
boot-time. This patch also adds a warning if the username and password
combination is used in the stack metadata. The documentation and examples
have also been updated to warn operators of the deprecation of username
and password.
This patch does not affect the username and password support for
registration activities while building images with diskimage-builder.
Change-Id: I05b7a18e910d31ad2273042409f8657ad9dee36a
Previously the REG_REPOS value was a space delimited list of repo
names, but the spaces were incompatible with passing through json.
If you pass a list in json through the heat parameter, the output
is the string representation of a python list of unicode vaules.
This patch changes the rhel-registration scripts to process the
REG_REPOS value as a comma delimited list which is more easily
passed through json. Both scripts have been updated to remain
consistent.
Change-Id: I21b3fd115e53aa3b0fa4af9bbfb1f08b6fe163ab
Allows specifying the path to a yum repo configuration file to be used
during the image build process. The repo configuration file is removed
at the end of the build. This is useful in that it allows using any
arbitrary repo configuration during an image build.
Change-Id: I7d5c67d74a0bb4722ffc60aacfd9fa7e80fb59d5
Using lsb_release to figure out what distro and release an image is
is redundant, as the same information is available in DIB_ vars.
Further, it causes errors when creating new rhel7/centos7 images
like this: http://paste.openstack.org/show/144729/
Change-Id: I213ee581b8abfe119ffe3b783e6a3236e58e3e47
The file extention claims rst format, but it's plain text
as such, the online documentation doesn't render properly
Change-Id: I24accb45ab8c7803a25f2642ce1b2d479d5a6e9c
This patch adds support to register with the hosted customer portal
using activation keys. If an activation key is present in either
the REG_ACTIVATION_KEY or rh_registration.activation_key, it will
use that value instead of username and password credentials when
registering with Satellite or the hosted Customer Portal. This
patch also enforces that an org must be set in either the REG_ORG
or rh_registration.org to use the activation key.
Change-Id: If40dd78ba793d508afb1a5ab345470ee5929afb0
We have a new package-installs file format. Migrating existing
package-installs files to the new format.
Change-Id: I57d4a007efee9624e60c41357cefa627d8c7373f
We currently support package-installs definitions which has some
limitations and oddities. This new format requires only one definition
which does not reside in our run-parts directories and follows a
consistent naming scheme (package-installs.yaml).
Change-Id: Ie51a7c4fdc15634ae8e069728e5e07cc1dc36095
Fedora sets requiretty globally by default. This makes sense for
interactive machines with lots of password typing, but is pretty
attrocious for machines that might need users who remotely sudo to do
things. Just remove the setting.
Change-Id: Ic32bd92061a73f854683cc0d2d8919071dabe8cf
We immediately remove this, but the -grub2 causes a later attempt to
remove it again which fails. Don't install it in the first place.
Change-Id: I31d64abc9596707bdb8a0505d0dcbf7b82e1b82d
sudo is not needed, since in-chroot elements are run in the context
of the root user. Furthermore, sudo in pre-install is problematic as
sudo may not have been installed yet (imagine a debootstrap build)
Change-Id: Ib5c7e176a90fe3b8fa9c3cd702d3d815df54f472
ironic-discoverd [1] is a StackForge project for conducting hardware properties
discovery via booting a special discovery ramdisk and interrogating hardware
from within it. It aims to be one of the official means of hardware properties
discovery for Ironic in Kilo release [2].
The ramdisk collects hardware information from the machine
it's booted on and posts it to the URL provided via
kernel argument 'discoverd_callback_url'.
[1] https://pypi.python.org/pypi/ironic-discoverd
[2] https://review.openstack.org/#/c/135605/
Co-Authored-By: Lucas Alvares Gomes <lucasagomes@gmail.com>
Change-Id: Ic81fe8b3bd0884971bb522b48658c7ee538a31f2
Using only a local filesystem mirror could lead opaque errors.
Print a warning message in this situations.
Change-Id: I5f77151ea928868f4c441e8a1bb2eb0966b21832
Closes-Bug: #1297948
An app using pkg-map (like package-installs) might want to distinguish
between a hard error (invalid pkg-map file) and a soft error (no
mapping found). Currently this is not possible because we only return
with error values of 1.
Also printing error messages to stderror so we can still make use of
stdout data during a soft error.
Change-Id: I8bef56d3a74e8530afb8c58ac50ca3e9f7700639
We check python files with dib-lint rather than flake8 which have
conflicting opinions. This means weve been (forcibly) writing non pep8
python.
Also fixing pep8 issues so tests pass.
Change-Id: Idc9db40334f6e15738a7802c06697270df68741c
This patch updates the 00-rhel-registration script to not
not fail a stack when metadata isn't found.
Change-Id: Ie305fed79e4baadf1a03c4a3d06a23cf36e92f77
This patch writes a warning out to stderr to notify element authors
that may be using map-packages to migrate to pkg-map. This patch
also prints out a warning during image-create that lists the specific
elements that are not using pkg-map.
Change-Id: I7e2a7611dd5650815736ce998aa94a7833193d06
The source-repositories element puts source in place in the generated image
for later installation. It is possible for two elements to define the same
source to later install, and as long as the remote location and reference to be
installed is identical, we should not error.
Change-Id: Ic7dfb1961486c59d2005b5c1e7587267ea42e999
This allows extra arguments to be passed to the debootstrap
command when creating an image using the debian element.
Change-Id: I87eb856365ff6a17f051e2e56587235648328d57
Co-Authored-By: Ghe Rivero <ghe.rivero@gmail.com>
It was depending only on deploy-baremetal. Changing it to 'deploy' could
be used with both baremetal and ironic deployments
Change-Id: Ia2600080b488f7d259a9baf111767e82b6cc933d
These are already listed in the respective deploy-* elements, and
if we include them here then they get added to every ramdisk built
with dracut. That causes issues for elements that don't need
something like tgtd because it won't be installed and the
binary deps script will fail.
Change-Id: Ibdcf7d200d4f7136396b63404cd966f7557043e0
This element creates kernel and ramdisk files based on Fedora,
example:
disk-image-create -a i386 -o test fedora ironic-agent disable-selinux
Change-Id: Ifa133d1680b81cb87d32a405aa7d7b40fe91f835
We don't actually need a real value for the root kernel param, and
requiring one causes problems for things like the discovery ramdisk
that don't pass in a disk= parameter. Dracut seems to be happy to
take /dev/zero as the value, so we can just always use that.
Change-Id: Ia724f0214c26aa18c6f8f41f2c48d7f25b52ee6c
This patch writes a warning out to stderr to notify element authors
that may be using map-services to migrate to svc-map.
Change-Id: Ic80db16c607958d025e89b3a4058a9cbb568938e
The URL we were using to download lsb_release from no longer works,
install from package so this is not affected by disappearing URL's
in future.
This was originally installed from a URL because the package dependencies
caused a 87M increase in the size of the base image. For fedora the
increase is now 27M which is a little more tolerable.
Change-Id: I6e56a4a81786b33c5c6b92df2bd8236cd3f19670
This patch documents the 00-rhsm script as <= RHEL6 as it doesn't
work with the latest release of Satellite. The Red Hat Network
(RHN) method of registration is being phased out in favor of Red
Hat Customer Portal and Satellite 6. The subscription-manager
command line tool is the preferred method of registration.
The registration of RHEL is required to enable repositories for
software installation during image creation time.
This element provides functionality for registering RHEL images
during the image build process with diskimage-builder's
disk-image-create script. The RHEL image will register itself
with either the hosted Red Hat Customer Portal or Satellite to
enable software installation from official repositories. After
the end of the image creation process, the image will unregister
itself so an entitlement will not be decremented from the account.
Boot-time registration is supported through metadata. Please see
the configuration in the README for more information.
Change-Id: Ia9ef377cc4ed9595633888bfb248a1224e04b542
Adds new disk-image-create --install-type option which
can be used to enable alternate install types. The
default install type is 'source'.
The motivation is to eliminate elements like
enable-package-installs which require coupling and also
don't work with elements in multiple element repositories.
This patch does not prevent you from using the previous
DIB_INSTALLTYPE_ variables to customize the install type,
rather it just changes the default so you don't have to
set it so often when using things like packages.
Change-Id: Icee98440fc2251728f2dca30e7c4789a0fd89b93
I would like to recommend to use + instead of \; in the find
command. As this will ensure the removal of all selected
directories in a single invocation.
Hence improve the speed of deletion.
Change-Id: I409fe11aae217afb6f790491591005c679264ed4
Our package-installs script fails when installing a package which does
not have a pkg-map but a pkg-map file exist for the element.
Change-Id: I3dab802e23bccfc916efcc1c70c6ce6c4a9ccf67