DIB: allow disabling rescue mode

Change-Id: Ife73d59b8e5c4454634d0e6c4f23daaf7cc9fb66
changes/62/685662/2
Dmitry Tantsur 3 years ago
parent 59e683cfd7
commit cecbc860dd
  1. 4
      dib/ironic-python-agent-ramdisk/README.rst
  2. 12
      dib/ironic-python-agent-ramdisk/post-install.d/80-ironic-python-agent-ramdisk
  3. 11
      doc/source/admin/dib.rst

@ -24,15 +24,13 @@ Beyond installing the ironic-python-agent, this element does the following:
``DIB_IPA_COMPRESS_CMD``, which is 'gzip' by default. This command should
listen for raw data from stdin and write compressed data to stdout. Command
can be with arguments.
* Configures rescue mode if ``DIB_IPA_ENABLE_RESCUE`` is not set to ``false``.
This element outputs three files:
- ``$IMAGE-NAME.initramfs``: The deploy ramdisk file containing the
ironic-python-agent (IPA) service.
- ``$IMAGE-NAME.kernel``: The kernel binary file.
- ``$IMAGE-NAME.vmlinuz``: A hard link pointing to the ``$IMAGE-NAME.kernel``
file; this is just a backward compatibility layer, please do not rely
on this file.
.. note::
The package based install currently only enables the service when using the

@ -6,12 +6,16 @@ fi
set -eu
set -o pipefail
DIB_IPA_ENABLE_RESCUE=${DIB_IPA_ENABLE_RESCUE:-true}
install-packages -e cloud-init
rm -rf /tmp/ironic-python-agent
# Make sure rescue works
mkdir -p /etc/ipa-rescue-config
if $DIB_IPA_ENABLE_RESCUE; then
# Make sure rescue works
mkdir -p /etc/ipa-rescue-config
fi
case "$DIB_INIT_SYSTEM" in
upstart)
@ -27,7 +31,9 @@ case "$DIB_INIT_SYSTEM" in
systemctl disable iptables.service
fi
systemctl enable $(svc-map ironic-python-agent).service
systemctl enable ironic-agent-create-rescue-user.path
if $DIB_IPA_ENABLE_RESCUE; then
systemctl enable ironic-agent-create-rescue-user.path
fi
;;
sysv)
update-rc.d iptables disable

@ -85,6 +85,17 @@ a suitable ISO for booting, and so should work against any IPA ramdisk.
Advanced options
----------------
Disabling rescue
~~~~~~~~~~~~~~~~
By default rescue mode is enabled in the images. Since it allows to set root
password on the ramdisk by anyone on the network, you may disable it if the
rescue feature is not supported. Set the following before building the image:
.. code-block:: bash
export DIB_IPA_ENABLE_RESCUE=false
SSH access
~~~~~~~~~~

Loading…
Cancel
Save