97c01e48ed
Currently we have all our elements and library files in a top-level directory and install them into <root>/share/diskimage-builder/[elements|lib] (where root is either / or the root of a virtualenv). The problem with this is that editable/development installs (pip -e) do *not* install data_files. Thus we have no canonical location to look for elements -- leading to the various odd things we do such as a whole bunch of guessing at the top of disk-image-create and having a special test-loader in tests/test_elements.py so we can run python unit tests on those elements that have it. data_files is really the wrong thing to use for what are essentially assets of the program. data_files install works well for things like config-files, init.d files or dropping documentation files. By moving the elements under the diskimage_builder package, we always know where they are relative to where we import from. In fact, pkg_resources has an api for this which we wrap in the new diskimage_builder/paths.py helper [1]. We use this helper to find the correct path in the couple of places we need to find the base-elements dir, and for the paths to import the library shell functions. Elements such as svc-map and pkg-map include python unit-tests, which we do not need tests/test_elements.py to special-case load any more. They just get found automatically by the normal subunit loader. I have a follow-on change (I69ca3d26fede0506a6353c077c69f735c8d84d28) to move disk-image-create to a regular python entry-point. Unfortunately, this has to move to work with setuptools. You'd think a symlink under diskimage_builder/[elements|lib] would work, but it doesn't. [1] this API handles stuff like getting files out of .zip archive modules, which we don't do. Essentially for us it's returning __file__. Change-Id: I5e3e3c97f385b1a4ff2031a161a55b231895df5b
19 lines
604 B
ReStructuredText
19 lines
604 B
ReStructuredText
==========
|
|
oat-client
|
|
==========
|
|
This element installs oat-client on the image, that's necessary for
|
|
trusted boot feature in Ironic to work.
|
|
|
|
Intel TXT will measure BIOS, Option Rom and Kernel/Ramdisk during trusted
|
|
boot, the oat-client will securely fetch the hash values from TPM.
|
|
|
|
.. note::
|
|
This element only works on Fedora.
|
|
|
|
Put `fedora-oat.repo` into `/etc/yum.repos.d/`::
|
|
|
|
export DIB_YUM_REPO_CONF=/etc/yum.repos.d/fedora-oat.repo
|
|
|
|
.. note::
|
|
OAT Repo is lack of a GPG signature check on packages, which can be
|
|
tracked on: https://github.com/OpenAttestation/OpenAttestation/issues/26
|