Go to file
Julia Kreger 4633da7750 Correct boot path to cover FIPS usage cases
When your booting a Linux system using dracut, i.e. with any
redhat style distribution, dracut's internal code looks to validate
the kernel hmac signature in before proceeding to userspace.

It does this by looking at the /boot/ folder file for the kernel
hmac file.

And it normally does this with the root filesystem. Except if the
kernel is not on the root filesystem and is instead on a /boot
filesystem, this breaks horribly. This is compounded because
DIB enables the operator to restructure the OS image/layout
to fit their needs. In order for this to be navigated, as dracut
is written, we need to pass a "boot=" argument to the kernel.

So now we attempt to purge any prior boot entry in the disk image
content, which is good because any filesystem operations invalidate
it, and then we attempt to identify the boot filesystem, and save a
boot kernel command line parameter so the resulting image can
boot properly if FIPS was enabled in the prior image.

Regex developed with https://sed.js.org utilizing stdin:

VAR="quiet boot=UUID=173c759f-1302-48a3-9d51-a17784c21e03 text"
VAR="quiet boot=PARTUUID=173c759f-1302-48a3-9d51-a17784c21e03"
VAR="quiet boot=PARTUUID=173c759f-1302-48a3-9d51-a17784c21e03 reboot=meow"
VAR="quiet boot=UUID=/dev/sda1 text"
VAR="quiet boot=/dev/sda1"
VAR="quiet boot=/dev/sda1 reboot=meow"
VAR="quiet after_boot=1 reboot=meow boot=/dev/sda1"
VAR="quiet after_boot=1 reboot=meow"

Which resulted in stdout:

VAR="quiet text"
VAR="quiet"
VAR="quiet reboot=meow"
VAR="quiet text"
VAR="quiet"
VAR="quiet reboot=meow"
VAR="quiet after_boot=1 reboot=meow"
VAR="quiet after_boot=1 reboot=meow"

Change-Id: I9034c21e84deda2ba2c0ec0d1d6d6595ed10bed4
2023-03-15 11:25:21 -07:00
.zuul.d tox jobs: pin to correct nodesets; use host networking for containerfile 2022-12-16 09:52:46 +11:00
bin dib-lint: match text/x-script.python 2021-05-10 14:29:51 +10:00
diskimage_builder Correct boot path to cover FIPS usage cases 2023-03-15 11:25:21 -07:00
doc Support LVM thin provisioning 2022-08-24 10:34:42 +12:00
playbooks Add Jammy functesting to dib 2022-05-04 13:03:50 -07:00
releasenotes Correct boot path to cover FIPS usage cases 2023-03-15 11:25:21 -07:00
roles Upgrade openEuler to 22.03 LTS 2022-08-01 19:22:35 +08:00
tests Fix openSUSE images and bump them to 15.3 2022-01-28 02:18:47 -03:00
.gitignore Migrate from testr to stestr 2021-06-30 18:58:35 +05:30
.gitreview OpenDev Migration Patch 2019-04-19 19:26:30 +00:00
.stestr.conf Migrate from testr to stestr 2021-06-30 18:58:35 +05:30
bindep.txt Remove py 3.6 support and update jobs 2022-06-03 08:43:37 -07:00
LICENSE Fix copyrights for HP work. 2012-11-15 16:20:32 +13:00
lower-constraints.txt Drop lower version requirement for networkx 2021-10-05 12:55:43 +05:30
pylint.cfg Refactor: use lazy logging 2017-05-30 14:39:58 +10:00
README.rst Update readme to clarify an ubuntu bionic image is built 2020-06-07 19:53:46 +02:00
requirements.txt Allow flake8 version 5 2022-08-25 18:31:41 +00:00
setup.cfg Add support for Python 3.10 2022-06-21 11:36:30 +10:00
setup.py Cleanup py27 and docs support 2020-06-05 12:04:30 +02:00
test-requirements.txt Migrate from testr to stestr 2021-06-30 18:58:35 +05:30
tox.ini Clean up tox.ini for tox v4 2023-01-09 08:18:01 -08:00

Image building tools for OpenStack
==================================

``diskimage-builder`` is a flexible suite of components for building a
wide-range of disk images, filesystem images and ramdisk images for
use with OpenStack.

This repository has the core functionality for building such images,
both virtual and bare metal. Images are composed using `elements`;
while fundamental elements are provided here, individual projects have
the flexibility to customise the image build with their own elements.

For example::

  $ DIB_RELEASE=bionic disk-image-create -o ubuntu-bionic.qcow2 vm ubuntu

will create a bootable Ubuntu Bionic based ``qcow2`` image.

``diskimage-builder`` is useful to anyone looking to produce
customised images for deployment into clouds. These tools are the
components of `TripleO <https://wiki.openstack.org/wiki/TripleO>`__
that are responsible for building disk images. They are also used
extensively to build images for testing OpenStack itself, particularly
with `nodepool
<https://docs.openstack.org/infra/system-config/nodepool.html>`__.
Platforms supported include Ubuntu, CentOS, RHEL and Fedora.

Full documentation, the source of which is in ``doc/source/``, is
published at:

* https://docs.openstack.org/diskimage-builder/latest/

Copyright
=========

Copyright 2012 Hewlett-Packard Development Company, L.P.
Copyright (c) 2012 NTT DOCOMO, INC.

All Rights Reserved.

Licensed under the Apache License, Version 2.0 (the "License"); you may
not use this file except in compliance with the License. You may obtain
a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
License for the specific language governing permissions and limitations
under the License.