4633da7750
When your booting a Linux system using dracut, i.e. with any redhat style distribution, dracut's internal code looks to validate the kernel hmac signature in before proceeding to userspace. It does this by looking at the /boot/ folder file for the kernel hmac file. And it normally does this with the root filesystem. Except if the kernel is not on the root filesystem and is instead on a /boot filesystem, this breaks horribly. This is compounded because DIB enables the operator to restructure the OS image/layout to fit their needs. In order for this to be navigated, as dracut is written, we need to pass a "boot=" argument to the kernel. So now we attempt to purge any prior boot entry in the disk image content, which is good because any filesystem operations invalidate it, and then we attempt to identify the boot filesystem, and save a boot kernel command line parameter so the resulting image can boot properly if FIPS was enabled in the prior image. Regex developed with https://sed.js.org utilizing stdin: VAR="quiet boot=UUID=173c759f-1302-48a3-9d51-a17784c21e03 text" VAR="quiet boot=PARTUUID=173c759f-1302-48a3-9d51-a17784c21e03" VAR="quiet boot=PARTUUID=173c759f-1302-48a3-9d51-a17784c21e03 reboot=meow" VAR="quiet boot=UUID=/dev/sda1 text" VAR="quiet boot=/dev/sda1" VAR="quiet boot=/dev/sda1 reboot=meow" VAR="quiet after_boot=1 reboot=meow boot=/dev/sda1" VAR="quiet after_boot=1 reboot=meow" Which resulted in stdout: VAR="quiet text" VAR="quiet" VAR="quiet reboot=meow" VAR="quiet text" VAR="quiet" VAR="quiet reboot=meow" VAR="quiet after_boot=1 reboot=meow" VAR="quiet after_boot=1 reboot=meow" Change-Id: I9034c21e84deda2ba2c0ec0d1d6d6595ed10bed4 |
||
---|---|---|
.zuul.d | ||
bin | ||
diskimage_builder | ||
doc | ||
playbooks | ||
releasenotes | ||
roles | ||
tests | ||
.gitignore | ||
.gitreview | ||
.stestr.conf | ||
bindep.txt | ||
LICENSE | ||
lower-constraints.txt | ||
pylint.cfg | ||
README.rst | ||
requirements.txt | ||
setup.cfg | ||
setup.py | ||
test-requirements.txt | ||
tox.ini |
Image building tools for OpenStack ================================== ``diskimage-builder`` is a flexible suite of components for building a wide-range of disk images, filesystem images and ramdisk images for use with OpenStack. This repository has the core functionality for building such images, both virtual and bare metal. Images are composed using `elements`; while fundamental elements are provided here, individual projects have the flexibility to customise the image build with their own elements. For example:: $ DIB_RELEASE=bionic disk-image-create -o ubuntu-bionic.qcow2 vm ubuntu will create a bootable Ubuntu Bionic based ``qcow2`` image. ``diskimage-builder`` is useful to anyone looking to produce customised images for deployment into clouds. These tools are the components of `TripleO <https://wiki.openstack.org/wiki/TripleO>`__ that are responsible for building disk images. They are also used extensively to build images for testing OpenStack itself, particularly with `nodepool <https://docs.openstack.org/infra/system-config/nodepool.html>`__. Platforms supported include Ubuntu, CentOS, RHEL and Fedora. Full documentation, the source of which is in ``doc/source/``, is published at: * https://docs.openstack.org/diskimage-builder/latest/ Copyright ========= Copyright 2012 Hewlett-Packard Development Company, L.P. Copyright (c) 2012 NTT DOCOMO, INC. All Rights Reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.