openstack
/
ironic-python-agent-builder
Code Issues Proposed changes

DIB: allow disabling rescue mode 

Change-Id: Ife73d59b8e5c4454634d0e6c4f23daaf7cc9fb66
This commit is contained in:
Dmitry Tantsur 2019-09-30 10:57:36 +02:00
parent 59e683cfd7
commit cecbc860dd
3 changed files with 21 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
dib/ironic-python-agent-ramdisk/README.rst
View File

@ -24,15 +24,13 @@ Beyond installing the ironic-python-agent, this element does the following:
``DIB_IPA_COMPRESS_CMD``, which is 'gzip' by default. This command should ``DIB_IPA_COMPRESS_CMD``, which is 'gzip' by default. This command should
listen for raw data from stdin and write compressed data to stdout. Command listen for raw data from stdin and write compressed data to stdout. Command
can be with arguments. can be with arguments.
* Configures rescue mode if ``DIB_IPA_ENABLE_RESCUE`` is not set to ``false``.
This element outputs three files: This element outputs three files:
- ``$IMAGE-NAME.initramfs``: The deploy ramdisk file containing the - ``$IMAGE-NAME.initramfs``: The deploy ramdisk file containing the
ironic-python-agent (IPA) service. ironic-python-agent (IPA) service.
- ``$IMAGE-NAME.kernel``: The kernel binary file. - ``$IMAGE-NAME.kernel``: The kernel binary file.
- ``$IMAGE-NAME.vmlinuz``: A hard link pointing to the ``$IMAGE-NAME.kernel``
file; this is just a backward compatibility layer, please do not rely
on this file.
.. note:: .. note::
The package based install currently only enables the service when using the The package based install currently only enables the service when using the

12
dib/ironic-python-agent-ramdisk/post-install.d/80-ironic-python-agent-ramdisk
View File

@ -6,12 +6,16 @@ fi
set -eu set -eu
set -o pipefail set -o pipefail
DIB_IPA_ENABLE_RESCUE=${DIB_IPA_ENABLE_RESCUE:-true}
install-packages -e cloud-init install-packages -e cloud-init
rm -rf /tmp/ironic-python-agent rm -rf /tmp/ironic-python-agent
# Make sure rescue works if $DIB_IPA_ENABLE_RESCUE; then
mkdir -p /etc/ipa-rescue-config # Make sure rescue works
mkdir -p /etc/ipa-rescue-config
fi
case "$DIB_INIT_SYSTEM" in case "$DIB_INIT_SYSTEM" in
upstart) upstart)
@ -27,7 +31,9 @@ case "$DIB_INIT_SYSTEM" in
systemctl disable iptables.service systemctl disable iptables.service
fi fi
systemctl enable $(svc-map ironic-python-agent).service systemctl enable $(svc-map ironic-python-agent).service
systemctl enable ironic-agent-create-rescue-user.path if $DIB_IPA_ENABLE_RESCUE; then
systemctl enable ironic-agent-create-rescue-user.path
fi
;; ;;
sysv) sysv)
update-rc.d iptables disable update-rc.d iptables disable

11
doc/source/admin/dib.rst
View File

@ -85,6 +85,17 @@ a suitable ISO for booting, and so should work against any IPA ramdisk.
Advanced options Advanced options
---------------- ----------------
Disabling rescue
~~~~~~~~~~~~~~~~
By default rescue mode is enabled in the images. Since it allows to set root
password on the ramdisk by anyone on the network, you may disable it if the
rescue feature is not supported. Set the following before building the image:
.. code-block:: bash
export DIB_IPA_ENABLE_RESCUE=false
SSH access SSH access
~~~~~~~~~~ ~~~~~~~~~~