diff --git a/dib/build.sh b/dib/build.sh new file mode 100755 index 0000000..f76fcb1 --- /dev/null +++ b/dib/build.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +#The path for location of ironic-python-agent-ramdisk in ironic-python-image-builder +#is set using environment variable. +export ELEMENTS_PATH=${ELEMENTS_PATH:-`.`} + +#The command to build image using disk-image-builder. +#Run the command to build the image giving the argument(OS name) +#For example: ./build.sh ubuntu +disk-image-create -o ironic-python-agent.qcow ironic-python-agent-ramdisk $@ diff --git a/dib/ironic-python-agent-ramdisk/README.rst b/dib/ironic-python-agent-ramdisk/README.rst new file mode 100644 index 0000000..10fc583 --- /dev/null +++ b/dib/ironic-python-agent-ramdisk/README.rst @@ -0,0 +1,43 @@ +=========================== +ironic-python-agent-ramdisk +=========================== +Builds a ramdisk with ironic-python-agent. + +More information can be found at: +https://docs.openstack.org/ironic-python-agent/latest/ + +Beyond installing the ironic-python-agent, this element does the following: + +* Installs the ``dhcp-all-interfaces`` so the node, upon booting, attempts to + obtain an IP address on all available network interfaces. +* Disables the ``iptables`` service on SysV and systemd based systems. +* Disables the ``ufw`` service on Upstart based systems. +* Installs packages required for the operation of the ironic-python-agent:: + ``qemu-utils`` ``parted`` ``hdparm`` ``util-linux`` ``genisoimage`` +* When installing from source, ``python-dev`` and ``gcc`` are also installed + in order to support source based installation of ironic-python-agent and its + dependencies. +* Install the certificate if any, which is set to the environment variable + ``DIB_IPA_CERT`` for validating the authenticity by ironic-python-agent. The + certificate can be self-signed certificate or CA certificate. +* Compresses initramfs with command specified in environment variable + ``DIB_IPA_COMPRESS_CMD``, which is 'gzip' by default. This command should + listen for raw data from stdin and write compressed data to stdout. Command + can be with arguments. + +This element outputs three files: + +- ``$IMAGE-NAME.initramfs``: The deploy ramdisk file containing the + ironic-python-agent (IPA) service. +- ``$IMAGE-NAME.kernel``: The kernel binary file. +- ``$IMAGE-NAME.vmlinuz``: A hard link pointing to the ``$IMAGE-NAME.kernel`` + file; this is just a backward compatibility layer, please do not rely + on this file. + +.. note:: + The package based install currently only enables the service when using the + systemd init system. This can easily be changed if there is an agent + package which includes upstart or sysv packaging. + +.. note:: + Using the ramdisk will require at least 1.5GB of ram diff --git a/dib/ironic-python-agent-ramdisk/cleanup.d/99-ramdisk-create b/dib/ironic-python-agent-ramdisk/cleanup.d/99-ramdisk-create new file mode 100755 index 0000000..3db28bc --- /dev/null +++ b/dib/ironic-python-agent-ramdisk/cleanup.d/99-ramdisk-create @@ -0,0 +1,58 @@ +#!/bin/bash + +# dib-lint: disable=safe_sudo + +if [ "${DIB_DEBUG_TRACE:-0}" -gt 0 ]; then + set -x +fi +set -eu +set -o pipefail + + +[ -n "$TARGET_ROOT" ] + +USER=${USER:-$(whoami)} + +source $_LIB/img-functions + +IMAGE_PATH=$(readlink -f $IMAGE_NAME) +cd $TARGET_ROOT + +DIB_IPA_COMPRESS_CMD="${DIB_IPA_COMPRESS_CMD:-gzip}" + +echo "#disabled" > ./tmp/fstab.new +sudo mv ./tmp/fstab.new ./etc/fstab +sudo ln -s ./sbin/init ./ + +# Note: The pci.ids, which is used by lshw, locate on Ubuntu +# in /usr/share/misc. Therefore we are removing only the +# ./usr/share/misc/m* (will remove the magic and magic.mgc files). +# on RHEL pci.ids is locate on /usr/share/hwdata/pci.ids. +sudo find . -xdev \ + -path './sys/*' -prune -o \ + -path './tmp/*' -prune -o \ + -path './boot/*' -prune -o \ + -path './root/.cache' -prune -o \ + -path './usr/include/*' -prune -o \ + -path './usr/lib/locale/*' -prune -o \ + -path './usr/share/doc/*' -prune -o \ + -path './usr/share/man/*' -prune -o \ + -path './usr/share/info/*' -prune -o \ + -path './usr/share/licenses/*' -prune -o \ + -path './usr/share/misc/m*' -prune -o \ + -path './usr/src/kernels/*' -prune -o \ + -path './var/cache/*' -prune -o \ + -name '*.pyc' -prune -o \ + -name '*.pyo' -prune -o \ + -print | sudo cpio -o -H newc | ${DIB_IPA_COMPRESS_CMD} > ${IMAGE_PATH}.initramfs + +select_boot_kernel_initrd $TARGET_ROOT +sudo cp $BOOTDIR/$KERNEL ${IMAGE_PATH}.kernel +sudo chown $USER: ${IMAGE_PATH}.kernel + +# TODO(lucasagomes): Create a hard link for the .vmlinuz file to keep +# it backward compatible. Remove it after it has been consistent and +# documented in both places for at least one full OpenStack release cycle +echo "WARNING: The kernel extension .vmlinuz has been deprecated. Please rely on the file with the extension .kernel instead." +sudo rm -f ${IMAGE_PATH}.vmlinuz +ln ${IMAGE_PATH}.kernel ${IMAGE_PATH}.vmlinuz diff --git a/dib/ironic-python-agent-ramdisk/element-deps b/dib/ironic-python-agent-ramdisk/element-deps new file mode 100644 index 0000000..0f0d86e --- /dev/null +++ b/dib/ironic-python-agent-ramdisk/element-deps @@ -0,0 +1,10 @@ +dhcp-all-interfaces +ibft-interfaces +install-static +no-final-image +package-installs +pip-and-virtualenv +pkg-map +runtime-ssh-host-keys +source-repositories +svc-map diff --git a/dib/ironic-python-agent-ramdisk/element-provides b/dib/ironic-python-agent-ramdisk/element-provides new file mode 100644 index 0000000..7e20b1d --- /dev/null +++ b/dib/ironic-python-agent-ramdisk/element-provides @@ -0,0 +1 @@ +ironic-python-agent diff --git a/dib/ironic-python-agent-ramdisk/extra-data.d/15-ssl-ca-copy b/dib/ironic-python-agent-ramdisk/extra-data.d/15-ssl-ca-copy new file mode 100755 index 0000000..f04917b --- /dev/null +++ b/dib/ironic-python-agent-ramdisk/extra-data.d/15-ssl-ca-copy @@ -0,0 +1,12 @@ +#!/bin/bash + +if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then + set -x +fi + +set -eu +set -o pipefail + +if [ -n "${DIB_IPA_CERT:=}" ]; then + cp $DIB_IPA_CERT $TMP_HOOKS_PATH/ipa-trusted-cert.pem +fi diff --git a/dib/ironic-python-agent-ramdisk/finalise.d/99-remove-extra-packages b/dib/ironic-python-agent-ramdisk/finalise.d/99-remove-extra-packages new file mode 100755 index 0000000..72b4210 --- /dev/null +++ b/dib/ironic-python-agent-ramdisk/finalise.d/99-remove-extra-packages @@ -0,0 +1,31 @@ +#!/bin/bash + +if [ "${DIB_DEBUG_TRACE:-0}" -gt 0 ]; then + set -x +fi +set -eu +set -o pipefail + +# TODO(lucasagomes): optimize the ramdisk for other OSs +if [ $DISTRO_NAME = 'fedora' ] ; then + + _remove_yum='' + if [ $DIB_RELEASE -ge 22 ]; then + # if we are on F22, we can remove yum if there, because it has + # been superseeded by dnf + _remove_yum='yum' + fi + + install-packages -e kernel-debug-devel gcc fedora-logos \ + rsync pykickstart \ + genisoimage tcpdump \ + man-db kbd-misc \ + plymouth cronie ${_remove_yum} + + ${YUM:-yum} clean all + + # Rebuilding the rpm database after removing packages will reduce + # its size + rpm --rebuilddb + +fi diff --git a/dib/ironic-python-agent-ramdisk/install.d/ironic-agent-package-install/package-installs-ironic-agent b/dib/ironic-python-agent-ramdisk/install.d/ironic-agent-package-install/package-installs-ironic-agent new file mode 100644 index 0000000..7e20b1d --- /dev/null +++ b/dib/ironic-python-agent-ramdisk/install.d/ironic-agent-package-install/package-installs-ironic-agent @@ -0,0 +1 @@ +ironic-python-agent diff --git a/dib/ironic-python-agent-ramdisk/install.d/ironic-agent-source-install/60-ironic-agent-install b/dib/ironic-python-agent-ramdisk/install.d/ironic-agent-source-install/60-ironic-agent-install new file mode 100755 index 0000000..3987c14 --- /dev/null +++ b/dib/ironic-python-agent-ramdisk/install.d/ironic-agent-source-install/60-ironic-agent-install @@ -0,0 +1,49 @@ +#!/bin/bash + +if [ "${DIB_DEBUG_TRACE:-0}" -gt 0 ]; then + set -x +fi +set -eu +set -o pipefail + +SCRIPTDIR=$(dirname $0) +IPADIR=/usr/share/ironic-python-agent + +# Generate upper-constraints +$IPADIR/imagebuild/common/generate_upper_constraints.sh $IPADIR/upper-constraints.txt + +# create the virtual environment +virtualenv $IPADIR/venv + +# pip might be an older version which does not support the -c option, therefore upgrade first +$IPADIR/venv/bin/pip install pip --upgrade + +# install IPA inside the virtual environment +$IPADIR/venv/bin/pip install -c $IPADIR/upper-constraints.txt $IPADIR + +# FIXME(lucasagomes): Figure out how we can use the "--install-option" +# parameter for pip install so we don't have to manually create a symlink +# create the launcher link so services can use it +ln -s $IPADIR/venv/bin/ironic-python-agent /usr/local/bin/ironic-python-agent + +case "$DIB_INIT_SYSTEM" in + upstart) + install -D -g root -o root -m 0755 ${SCRIPTDIR}/ironic-python-agent.conf /etc/init/ironic-python-agent.conf + ;; + systemd) + install -D -g root -o root -m 0755 ${SCRIPTDIR}/ironic-python-agent.service /usr/lib/systemd/system/ironic-python-agent.service + ;; + sysv) + install -D -g root -o root -m 0755 ${SCRIPTDIR}/ironic-python-agent.init /etc/init.d/ironic-python-agent.init + update-rc.d ironic-python-agent.init defaults + ;; + *) + echo "Unsupported init system" + exit 1 + ;; +esac + +# Copying the self signed certificate for request library +if [ -f /tmp/in_target.d/ipa-trusted-cert.pem ]; then + cat /tmp/in_target.d/ipa-trusted-cert.pem >> $($IPADIR/venv/bin/python -c "import requests; print requests.certs.where()") +fi diff --git a/dib/ironic-python-agent-ramdisk/install.d/ironic-agent-source-install/ironic-python-agent.conf b/dib/ironic-python-agent-ramdisk/install.d/ironic-agent-source-install/ironic-python-agent.conf new file mode 100644 index 0000000..6fe38dc --- /dev/null +++ b/dib/ironic-python-agent-ramdisk/install.d/ironic-agent-source-install/ironic-python-agent.conf @@ -0,0 +1,22 @@ +# ironic-python-agent - OpenStack Ironic Python Agent +# +# The ironic-python-agent helps ironic in deploying instances. + +description "Ironic Python Agnet" + +start on runlevel [2345] +stop on runlevel [!2345] + +respawn +respawn limit 10 5 +umask 022 + +expect stop + +console output + +pre-start script + echo Starting Ironic Python Agent +end script + +exec /usr/local/bin/ironic-python-agent diff --git a/dib/ironic-python-agent-ramdisk/install.d/ironic-agent-source-install/ironic-python-agent.init b/dib/ironic-python-agent-ramdisk/install.d/ironic-agent-source-install/ironic-python-agent.init new file mode 100755 index 0000000..7ecb3a0 --- /dev/null +++ b/dib/ironic-python-agent-ramdisk/install.d/ironic-agent-source-install/ironic-python-agent.init @@ -0,0 +1,31 @@ +#!/bin/sh -e +### BEGIN INIT INFO +# Provides: ironic-python-agent +# Required-Start: $local_fs networking +# Required-Stop: $local_fs +# Default-Start: S +# Default-Stop: 0 6 +# X-Start-Before: +# Short-Description: Ironic Python Agent +# Description: Starts Ironic Python Agent for instance deployment +### END INIT INFO + +NAME=ironic-python-agent +INIT_NAME=/etc/init.d/${NAME} +SCRIPT_NAME=/usr/local/bin/${NAME} + +[ -x $SCRIPT_NAME ] || exit 0 + +case "$1" in + start) + $SCRIPT_NAME + ;; + stop) + ;; + *) + echo "Usage: $INIT_NAME {start|stop}" + exit 1 + ;; +esac + +exit 0 diff --git a/dib/ironic-python-agent-ramdisk/install.d/ironic-agent-source-install/ironic-python-agent.service b/dib/ironic-python-agent-ramdisk/install.d/ironic-agent-source-install/ironic-python-agent.service new file mode 100644 index 0000000..d6e4ca2 --- /dev/null +++ b/dib/ironic-python-agent-ramdisk/install.d/ironic-agent-source-install/ironic-python-agent.service @@ -0,0 +1,13 @@ +[Unit] +Description=Ironic Python Agent +After=network-online.target + +[Service] +ExecStartPre=/sbin/modprobe vfat +ExecStart=/usr/local/bin/ironic-python-agent +Restart=always +RestartSec=30s + +[Install] +WantedBy=multi-user.target + diff --git a/dib/ironic-python-agent-ramdisk/package-installs.yaml b/dib/ironic-python-agent-ramdisk/package-installs.yaml new file mode 100644 index 0000000..f63487f --- /dev/null +++ b/dib/ironic-python-agent-ramdisk/package-installs.yaml @@ -0,0 +1,20 @@ +tgt: +curl: +# dmidecode does not exist for ppc* arches so we use lshw +dmidecode: + not-arch: ppc64,ppc64el,ppc64le +iptables: +lshw: +ipmitool: +qemu-utils: +gcc: +python-dev: +parted: +hdparm: +util-linux: +genisoimage: +gdisk: +kmod: +psmisc: +dosfstools: +mdadm: diff --git a/dib/ironic-python-agent-ramdisk/pkg-map b/dib/ironic-python-agent-ramdisk/pkg-map new file mode 100644 index 0000000..1c83de3 --- /dev/null +++ b/dib/ironic-python-agent-ramdisk/pkg-map @@ -0,0 +1,33 @@ +{ + "release": { + "rhel": { + "8": { + "tgt": "targetcli", + "curl": "curl", + "ironic-python-agent": "openstack-ironic-python-agent", + "qemu-utils": "qemu-img", + "python-dev": "python3-devel" + } + } + }, + "family": { + "redhat": { + "tgt": "scsi-target-utils", + "curl": "curl", + "ironic-python-agent": "openstack-ironic-python-agent", + "qemu-utils": "qemu-img", + "python-dev": "python2-devel" + }, + "debian": { + "tgt": "tgt", + "curl": "curl" + } + }, + "default": { + "tgt": "tgt", + "curl": "curl", + "ironic-python-agent": "openstack-ironic-python-agent", + "qemu-utils": "qemu-utils", + "python-dev": "python-dev" + } +} diff --git a/dib/ironic-python-agent-ramdisk/post-install.d/80-ironic-agent b/dib/ironic-python-agent-ramdisk/post-install.d/80-ironic-agent new file mode 100755 index 0000000..81f074e --- /dev/null +++ b/dib/ironic-python-agent-ramdisk/post-install.d/80-ironic-agent @@ -0,0 +1,36 @@ +#!/bin/bash + +if [ "${DIB_DEBUG_TRACE:-0}" -gt 0 ]; then + set -x +fi +set -eu +set -o pipefail + +install-packages -e cloud-init + +rm -rf /tmp/ironic-python-agent + +case "$DIB_INIT_SYSTEM" in + upstart) + if [ -f /etc/init/ufw.conf ]; then + mv /etc/init/ufw.conf /etc/init/ufw.conf.disabled + fi + if [ -f /etc/init/tgt.conf ]; then + mv /etc/init/tgt.conf /etc/init/tgt.conf.disabled + fi + ;; + systemd) + if [[ $(systemctl --no-pager list-unit-files iptables) =~ 'enabled' ]]; then + systemctl disable iptables.service + fi + systemctl enable $(svc-map ironic-python-agent).service + systemctl enable ironic-agent-create-rescue-user.path + ;; + sysv) + update-rc.d iptables disable + ;; + *) + echo "Unsupported init system" + exit 1 + ;; +esac diff --git a/dib/ironic-python-agent-ramdisk/source-repository-ironic-agent b/dib/ironic-python-agent-ramdisk/source-repository-ironic-agent new file mode 100644 index 0000000..72f690d --- /dev/null +++ b/dib/ironic-python-agent-ramdisk/source-repository-ironic-agent @@ -0,0 +1 @@ +ironic-agent git /usr/share/ironic-python-agent https://opendev.org/openstack/ironic-python-agent diff --git a/dib/ironic-python-agent-ramdisk/static/etc/systemd/system/ironic-agent-create-rescue-user.path b/dib/ironic-python-agent-ramdisk/static/etc/systemd/system/ironic-agent-create-rescue-user.path new file mode 100644 index 0000000..9987044 --- /dev/null +++ b/dib/ironic-python-agent-ramdisk/static/etc/systemd/system/ironic-agent-create-rescue-user.path @@ -0,0 +1,8 @@ +[Unit] +Description=Ironic user rescue - notify path existence + +[Path] +PathExists=/etc/ipa-rescue-config/ipa-rescue-password + +[Install] +WantedBy=multi-user.target diff --git a/dib/ironic-python-agent-ramdisk/static/etc/systemd/system/ironic-agent-create-rescue-user.service b/dib/ironic-python-agent-ramdisk/static/etc/systemd/system/ironic-agent-create-rescue-user.service new file mode 100644 index 0000000..befeda6 --- /dev/null +++ b/dib/ironic-python-agent-ramdisk/static/etc/systemd/system/ironic-agent-create-rescue-user.service @@ -0,0 +1,10 @@ +[Unit] +Description=Ironic agent rescue user creation + +[Service] +ExecStart=/bin/bash /usr/local/bin/ironic-python-agent-create-rescue-user.sh +Type=oneshot +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target diff --git a/dib/ironic-python-agent-ramdisk/svc-map b/dib/ironic-python-agent-ramdisk/svc-map new file mode 100644 index 0000000..d9c79e1 --- /dev/null +++ b/dib/ironic-python-agent-ramdisk/svc-map @@ -0,0 +1,4 @@ +ironic-python-agent: + default: openstack-ironic-python-agent + redhat: openstack-ironic-python-agent + debian: ironic-python-agent \ No newline at end of file diff --git a/dib/ironic-python-agent-ramdisk/test-elements/build-succeeds-fedora/element-deps b/dib/ironic-python-agent-ramdisk/test-elements/build-succeeds-fedora/element-deps new file mode 100644 index 0000000..33b0844 --- /dev/null +++ b/dib/ironic-python-agent-ramdisk/test-elements/build-succeeds-fedora/element-deps @@ -0,0 +1,2 @@ +fedora-minimal +openstack-ci-mirrors diff --git a/dib/ironic-python-agent-ramdisk/test-elements/build-succeeds-fedora/element-type b/dib/ironic-python-agent-ramdisk/test-elements/build-succeeds-fedora/element-type new file mode 100644 index 0000000..fb12a1f --- /dev/null +++ b/dib/ironic-python-agent-ramdisk/test-elements/build-succeeds-fedora/element-type @@ -0,0 +1 @@ +ramdisk