Add documentation about the available Elements

Change-Id: I23d1e6dbfa90332f300d2b4656904884999111e3
Story: 2008194
Task: 41110

doc/source/admin/dib.rst

@@ -158,3 +158,102 @@ required for instance image or deploy image.
 .. _diskimage-builder: https://docs.openstack.org/diskimage-builder
 .. _dynamic-login: https://docs.openstack.org/diskimage-builder/latest/elements/dynamic-login/README.html
 .. _devuser: https://docs.openstack.org/diskimage-builder/latest/elements/devuser/README.html
+
+Available Elements
+------------------
+
+Ironic Python Agent (IPA) Extra Hardware
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+This element adds the `hardware <https://pypi.python.org/pypi/hardware>`_
+python package to the Ironic Python Agent (IPA) ramdisk. It also installs
+several package dependencies of the ``hardware`` module.
+
+The ``hardware`` package provides improves hardware introspection capabilities
+and supports benchmarking. This functionality may be enabled by adding the
+``extra-hardware`` collector in the ``[DEFAULT] inspection_collectors`` option
+or the ``ipa-inspection-collectors`` kernel command line argument.
+
+The following environment variables may be set to configure the element when
+doing a source-based installation:
+
+* ``DIB_IPA_HARDWARE_PACKAGE`` the full ``hardware`` Python package descriptor
+  to use. If unset, ``DIB_IPA_HARDWARE_VERSION`` will be used.
+* ``DIB_IPA_HARDWARE_VERSION`` the version of the ``hardware`` package to
+  install when ``DIB_IPA_HARDWARE_PACKAGE`` is unset. If unset, the latest
+  version will be installed.
+
+ironic-python-agent-ramdisk
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Builds a ramdisk with ironic-python-agent.
+
+More information can be found at:
+https://docs.openstack.org/ironic-python-agent/latest/
+
+Beyond installing the ironic-python-agent, this element does the following:
+
+* Installs the ``dhcp-all-interfaces`` so the node, upon booting, attempts to
+  obtain an IP address on all available network interfaces.
+* Disables the ``iptables`` service on SysV and systemd based systems.
+* Disables the ``ufw`` service on Upstart based systems.
+* Installs packages required for the operation of the ironic-python-agent::
+  ``qemu-utils`` ``parted`` ``hdparm`` ``util-linux`` ``genisoimage``
+* When installing from source, ``python-dev`` and ``gcc`` are also installed
+  in order to support source based installation of ironic-python-agent and its
+  dependencies.
+* Install the certificate if any, which is set to the environment variable
+  ``DIB_IPA_CERT`` for validating the authenticity by ironic-python-agent. The
+  certificate can be self-signed certificate or CA certificate.
+* Compresses initramfs with command specified in environment variable
+  ``DIB_IPA_COMPRESS_CMD``, which is 'gzip' by default. This command should
+  listen for raw data from stdin and write compressed data to stdout. Command
+  can be with arguments.
+* Configures rescue mode if ``DIB_IPA_ENABLE_RESCUE`` is not set to ``false``.
+
+This element outputs three files:
+
+ - ``$IMAGE-NAME.initramfs``: The deploy ramdisk file containing the
+   ironic-python-agent (IPA) service.
+ - ``$IMAGE-NAME.kernel``: The kernel binary file.
+
+.. note::
+   The package based install currently only enables the service when using the
+   systemd init system. This can easily be changed if there is an agent
+   package which includes upstart or sysv packaging.
+
+.. note::
+   Using the ramdisk will require at least 1.5GB of ram
+
+ironic-python-agent-tls
+~~~~~~~~~~~~~~~~~~~~~~~
+
+Adds TLS support to ironic-python-agent-ramdisk.
+
+By default this element will enable TLS API support in IPA with a self-signed
+certificate and key created at build time.
+
+Optionally, you can provide your own SSL certifiate and key, and optionally
+CA, via the following environment variables. They should be set to an
+accessible path on the build systems filesystem. If set, they will be copied
+into the built ramdisk, and IPA will be configured to use them.
+
+The environment variables are:
+ - ``DIB_IPA_CERT_FILE`` should point to the TLS certificate for ramdisk use.
+ - ``DIB_IPA_KEY_FILE`` should point to the private key matching
+   ``DIB_IPA_CERT_FILE``.
+
+You can configure the generated certificate with the following environment variables:
+ - ``DIB_IPA_CERT_HOSTNAME`` the CN for the generated
+   certificate. Defaults to "ipa-ramdisk.example.com".
+ - ``DIB_IPA_CERT_EXPIRATION`` expiration, in days, for the certificate.
+   Defaults to 1095 (three years).
+
+Note that the certificates generated by this element are self-signed, and
+any nodes using them will need to set agent_verify_ca=False in driver_info.
+
+This element can also configure client certificate validation in IPA. If you
+wish to validate client certificates, set ``DIB_IPA_CA_FILE`` to a CA file
+you wish IPA client connections to be validated against. This CA file will
+be copied into the built ramdisk, and IPA will be configured to use it.
+