This patch proposes a new element which creates a mechanism for the
image to have automatic updates enabled from the first boot. A custom
config file, is expected during build time, which is injected into
the image.
Change-Id: Ib4c7513db4e00d592447fda1b1d0ed2bc649e1cf
Signed-off-by: Charalampos Kominos <hkominos@gmail.com>
Adds support for the block device size to be asserted for the purpose of
writing out new images, which may be critical for operators with hardware
which requires logical blocks which are 4096 bytes long.
Change-Id: I5c16a042eacfbb94a905b93a0eb9fbc73de0a890
Since the public mirrors for centos8 are really not available
anymore since it has gone End of Life, changes the default
invocation for a quick disk image to 9-stream.
Users who wish specific behavior should explicitly express
the version they desire.
Change-Id: I12cb10258ab80bae1c754e86aadcf926cdfae805
The GRUB_TIMEOUT was duplicated in
the /etc/grub/defaults.
Changing the DIB_GRUB_TIMEOUT default to the base
image typical default.
Note: Hold shift if you want to interact
with the grub menu.
Change-Id: If4d5ae467706b98d89f9dd6714ef06a5933ccfb3
Prior to this change, source images could introduce variation in the
the result of the bootloader element results, if the configuration
is changed later which would could re-introduce arguments not desired
which come from the source image.
Since we assert, bsaed upon user supplied input, new console configuration
we now strip the console configuration from /etc/default/grub configuration
before starting to work on putting in place the user's desired end state.
This also ends up helping reduce/remove the possibility of multiple
console elements as some were sourcing from the original source image.
Change-Id: Ia1f9987d989f1d0e1cbda619f7abdf7005b47fbc
A huge problem with latency sensitive baremetal worklaods
is interrupts being triggered spuriously. Unfortunately
when we start with cloud images, often they default to
logging to a serial console which means every write is
an interrupt, which is far from ideal and can result
in packet loss and service degredation quite quickly.
So instead, if the console logging has been disabled,
and no virtual terminal has been defined, we now strip
the console entries from the resulting image.
In testing with Centos9 Stream, with booting a VM, the console
in this scenario jumps to the framebuffer once started, and
after thousands of lines being written to the console, even with
delays, locally I'm at 219 interrupts, with a bulk of the entries
coming from before I interacted with the console (~135 from just
boot).
Change-Id: Id9b19c4d9804b88e6db05a20e26c8264bb357734
By default, we attempt to inject a serial console, which may, or may not
be needed, for example, Centos Stream 9 cloud images already configure
a console setting, and repeating it just might be undesirable and cause
workload performance degredation if the kernel or an application has to
report anything to a console.
This change generally results in original console entries being preserved,
which might actually be a bug and get fixed in a latter patch.
Generally, users of dib *should* likely be specific what they want to do
with their console setting, and without setting the new
DIB_BOOTLOADER_USE_SERIAL_CONSOLE paramter to false, the default will
be adhered to, and any pre-existing serial console entries will *not* be
de-duplicated from the base image. That too is *likely* a bug, but a
harder one to fix.
Change-Id: Icdfb5ed021b1a91e2de3c9a22bb2ff7fe9882bcd
If your using configuration drive, cloud init tries to DHCP by
default anyway, which delays the boot sequence as it seeks out a
network attached metadata source.
So instead, disable the automatic activation so the configuration
drive data source is acutally leverage. Additionally add further
notes to provide guidance to users of DIB.
Change-Id: Ie7c522f23deb3f08ee4ec002e0e2020f382359aa
This patch proposes a new element which installs fail2ban on the final
image. More crucially, a custom jail.local is injected during built
time which is a useful feature for cloud admins.
Change-Id: I47b90bbf3809cd6f90148b848b2afe4233be79d7
Signed-off-by: Charalampos Kominos <hkominos@gmail.com>
When using simple-init, we are making an explicit choice
along the lines of "I want the simple tool to do the simple needful"
which works well, except when cloud-init tries to run because it
is already baked into the source image diskimage-builder started
with.
So what would happen is Glean would execute from simple-init,
and then cloud-init would get launched by default, and cloud-init
in some cases everything is DHCP, so suddenly any static
configuration, such as what might be in an attached configuration
drive, is stomped upon resulting in an unreachable instance if
DHCP is just not available.
If DHCP is available, generally this is not an issue and goes
un-noticed, yet can add a substantial amount of time to the
boot sequence "waiting" for meta-data endpoints which may
not exist.
Change-Id: I380b9638cd28f5771530089c558ef5ab638c0173
All relatively modern cloud-inits are capable of creating default user
as well as granting root privileges for them. Currently
cloud-init creates pretty much the same sudoers file.
So running steps under the new DIB_DEBIAN_CLOUD_INIT_HELPER
does not make sense for last couple of Debian releases.
Change-Id: I3cebd318f1f0313bba00ecf639328978d3ad0f32
Set the grub timeout style to display the menu. By default it set to
'hidden' but can be changed to 'menu' to display the menu and then
wait for the timeout expire before booting the default entry.
Change-Id: I8c58407ef645d528dd77efe866bfe0389cbbbd33
Signed-off-by: Maksim Malchuk <maksim.malchuk@gmail.com>
For quite a while Debian is shipped with systemd-sysv
by default. However, default value of DIB_DEBIAN_ALT_INIT_PACKAGE
is not in sync across elements. We change a default now for
the `debian` element along with removing `apt_get_bp_extra_opts`
that is not defined or used anywhere else.
Change-Id: If5d3f0a21467f926c23bb39a1853be73befa768e
Legacy elements deploy-tgtadm, deploy-targetcli, and deploy-baremetal
have not seen use in ages. Another element seems to date back to this,
deploy-kexec, but appears to see no actual use as the underlying methods
leveraged by these elements were long moved away from. iSCSI based
deployment being the last, and even then it required the
ironic-python-agent.
Change-Id: Ib5b3a7690c35d6859e2e0fdac2326dcd16c051d3
The usage of the DIB_CHECKSUM variable is extended to have an
ability generate the only one checksum file, for example only 'sha256'
(by setting an environment variable DIB_CHECKSUM='sha256'), and to
retain the backward compatibility (DIB_CHECKSUM=1 will generate
both 'sha256' and 'md5' supported at this moment). As an additional
feature we have the simple way to completely deprecate 'md5' later,
and add new methods, for example, 'sha512' etc.
Change-Id: I2dd1c60e3bfd9c823a7382b1390b1d40c52a5c97
Signed-off-by: Maksim Malchuk <maksim.malchuk@gmail.com>
Currently, NetworkManager can't automatically create default
connection profiles for InfiniBand interfaces.
So, as a workaround, we are adding nm-dhcp-ib-interfaces element to
install NetworkManager-system-connections-infiniband.nmconnection
to NetworkManager to create a wildcard InfiniBand connection profile.
The content of NetworkManager-system-connections-infiniband.nmconnection
is generated by running this command:
`nmcli --offline connection add type infiniband connection.multi-connect multiple`
Closes-Bug: #2016965
Change-Id: Ic972b90e4df9c4aa36cfe3c8631db3e4533045f4
The bootloader element now has variable
DIB_BOOTLOADER_VIRTUAL_TERMINAL to customize or suppress the
console=tty0 kernel argument.
This is proposed to allow console=tty0 to be removed entirely as it is
causing significant performance degredation in DPDK environments.
Change-Id: Iba2ee5b8a6b4acdd236a770550dffd29c784ce11
Related: rhbz#2179366
Red Hat changed the repository names/labels for
Satellite Client repository in Satellite 6.11 and
above, See: https://access.redhat.com/solutions/7004377
This change updates the satellite_repo URL's to use the
new labels.
Also adds environment variable REG_SAT_REPO to allow the
user to override the repository label.
Closes-Bug: #2013451
Change-Id: I6c2a93658213644140caf0e4a8c910b1af22cd1c
The "ubuntu" target had a post-install 99-autoremove task that removed
unnecessary dependency packages, but the "ubuntu-minimal" target does not.
This patch moves the 99-autoremove post-install task from the "ubuntu" target
to the "ubuntu-common" target so that both will run an autoremove at the end of
the image build.
For the Octavia amphora image, this saved about 1GB in the image by removing
build only package dependencies.
Closes-Bug: #2012406
Change-Id: I4592e3bd502045fa89203c075d3ea8f632e77177
Adds an element whose purpose is to set the stage
in the resulting image so that a user can generate an
image utilizing DIB which can be used in a FIPS
configuration without doing so with the input image
or after the fact.
Change-Id: Ia8a45584a56f6e06856fc2920c333351935dcd9d
When your booting a Linux system using dracut, i.e. with any
redhat style distribution, dracut's internal code looks to validate
the kernel hmac signature in before proceeding to userspace.
It does this by looking at the /boot/ folder file for the kernel
hmac file.
And it normally does this with the root filesystem. Except if the
kernel is not on the root filesystem and is instead on a /boot
filesystem, this breaks horribly. This is compounded because
DIB enables the operator to restructure the OS image/layout
to fit their needs. In order for this to be navigated, as dracut
is written, we need to pass a "boot=" argument to the kernel.
So now we attempt to purge any prior boot entry in the disk image
content, which is good because any filesystem operations invalidate
it, and then we attempt to identify the boot filesystem, and save a
boot kernel command line parameter so the resulting image can
boot properly if FIPS was enabled in the prior image.
Regex developed with https://sed.js.org utilizing stdin:
VAR="quiet boot=UUID=173c759f-1302-48a3-9d51-a17784c21e03 text"
VAR="quiet boot=PARTUUID=173c759f-1302-48a3-9d51-a17784c21e03"
VAR="quiet boot=PARTUUID=173c759f-1302-48a3-9d51-a17784c21e03 reboot=meow"
VAR="quiet boot=UUID=/dev/sda1 text"
VAR="quiet boot=/dev/sda1"
VAR="quiet boot=/dev/sda1 reboot=meow"
VAR="quiet after_boot=1 reboot=meow boot=/dev/sda1"
VAR="quiet after_boot=1 reboot=meow"
Which resulted in stdout:
VAR="quiet text"
VAR="quiet"
VAR="quiet reboot=meow"
VAR="quiet text"
VAR="quiet"
VAR="quiet reboot=meow"
VAR="quiet after_boot=1 reboot=meow"
VAR="quiet after_boot=1 reboot=meow"
Change-Id: I9034c21e84deda2ba2c0ec0d1d6d6595ed10bed4
The `diskimage-builder` command provides a yaml file based interface
to `disk-image-create` and `ramdisk-image-create`. Every argument to
these scripts has a YAML equivalent. The command has the following
features:
- Environment values can be provided from the calling environment as
well as YAML
- All arguments are validated with jsonschema in the most appropriate
YAML type
- Schema is self-documenting and printed when running with --help
- Multiple YAML files can be specified and each file can have multiple
images defined
- Entries with duplicate image names will be merged into a single
image build, with attributes overwritten, elements appended, and
environment values updated/overwritten. A missing image name implies
the same image name as the previous entry.
- --dry-run and --stop-on-failure flags
A simple YAML defintion would resemble:
- imagename: centos-minimal
checksum: true
install-type: package
elements: [centos, vm]
- imagename: ironic-python-agent
elements:
- ironic-python-agent-ramdisk
- extra-hardware
The TripleO project has managed image build options with YAML files
and it has proved useful having git history and a diff friendly
format, specifically for the following situations:
- Managing differences between distros (centos, rhel)
- Managing changes in major distro releases (centos-8, centos-9-stream)
- Managing the python2 to python3 transition, within and across major
distro releases
Now that the TripleO toolchain is being retired this tool is being
proposed to be used for the image builds of TripleO's successor, as
well as the rest of the community.
Subsequent commits will add documentation and switch some tests to
using `diskimage-builder`.
Change-Id: I95cba3530d1b1c6c52cf547338762e33738f7225
These must have broken when we switched the base nodes to Jammy.
Update to use compatible versions of distros.
We need to squish another gate-breaking change in here to update the
containerfile "podman build" calls to use "--network host". We added
this with Ia885237406bf4c7b9d49b349f374558ae746401f and the only
external user I can find is kayobe, which is setting this anyway.
I honestly haven't 100% root-caused what changed to require this; the
last time our containerfile jobs ran and worked has unfortunately been
purged so I can't compare versions to try and pinpoint something;
i.e. this may be a podman bug or feature. At first I thought it
related to the networking plugin package from the Depends-On (which is
still useful for the right packages) but that didn't help get the
bridge networking working.
Depends-On: https://review.opendev.org/c/zuul/nodepool/+/867590
Change-Id: I23f091654cb212e8bdd908664b262de9bfe98cef
This change extends the block device lvs attributes to allow creating
a volume which represents a thin pool, and to create volumes which are
allocated from this pool.
Change-Id: Ic58f55c36236cc8c6279fbcb708e27dc2982f2d5
openEuler 20.03-LTS-SP2 was out of date in May 2022. 22.03 LTS
is the newest LTS version. It was release in March 2022 and
will be maintained for 2 years. This patch upgrades the LTS
version. It'll be used in Devstack, Kolla-ansible and so on
in CI jobs.
This patch also enables the YUM mirror to speed up the package
download.
Change-Id: Iba38570d96374226b924db3aca305f7571643823
The block device lvm lvs `size` attribute was passed directly to
lvcreate, so using units M, G means base 2. All other block device
size values are parsed with accepted conventions of M, B being base 10
and MiB, GiB being base 2.
lvm lvs `size` attributes are now parsed the same as other size
attributes. This improves consistency and makes it practical to
calculate volume sizes to fill the partition size. This means existing
size values will now create slightly smaller volumes. Previous sizes
can be restored by changing the unit to MiB, GiB, or increasing the
value for a base 10 unit.
The impact on this change should be minimal, the only known uses of lvm
volumes (TripleO, and element block-device-efi-lvm) uses extents
percentage instead of size. The smaller sizes can always be increased
after deployment.
Requested sizes will also be rounded down to align with physical
extents (4MiB). Previously specifying a value which did not align on
4MiB would consume an extra extent which could unexpectedly consume
more than the partition size.
Change-Id: Ia109cc5105071d82cc895d8d9cb85bc47da20a7a
This reverts commit fe0e5324d4248d114660ec35111ae9601e05b95b.
Reason for revert: Python3.6 is still being used on Centos 8 based
platforms.
This is a partial revert, since the py36 job is currently failing, it
will be restored in a follow-up patch.
Change-Id: Idc0373f9a639cd66925543376fb1e2e3398666da
Although we're not on the OpenStack release schedule as such, Zed
cycle is dropping 3.6/3.7 support. This means it seems like as good a
time as any to also update ourselves to this regime. One important
dependency to think about is nodepool, but that is already >3.8 only
so we will be in sync there.
This also changes dib jobs to run using the zed template and adapts
the bindep file to handle Ubuntu Jammy.
[1] https://governance.openstack.org/tc/reference/runtimes/zed.html
Change-Id: Ibdbcf459608711ac64e7fefb1707f6708d68e750
Co-Authored-By: Jay Faulkner <jay@jvf.cc>
Co-Authored-By: Jens Harbott <frickler@offenerstapel.de>
Co-Authored-By: Ian Wienand <iwienand@redhat.com>
This reverts commit 840129097631611fe110bbe01b1707f9db000865.
We are reverting this because some users may want to use predictable
device names and may not even use Debian. However, after some
investigation we have found a couple of bugs in dhcp-all-interfaces on
Debuntu distros. The parent change corrects those bugs. Additionally new
Linux kernels emit "move" events to udev when interfaces are renamed to
their predictable name. Support this "move" in the dhcp-all-interfaces
udev rules. Making these changes appaers to produce functional images
for Debian users using predictable device names. If predictable device
names are not desired turning them off is straightforward and release
notes are updated to give users the info they need to do that outside of
this element.
Change-Id: I125f1a0c78a103b51bda961528c3e66c345bf604
Co-Authored-By: Clark Boylan <clark.boylan@gmail.com>
Signed-off-by: Maksim Malchuk <maksim.malchuk@gmail.com>