Add documentation about the available Elements
Change-Id: I23d1e6dbfa90332f300d2b4656904884999111e3 Story: 2008194 Task: 41110
This commit is contained in:
parent
5e72595a73
commit
e8dda18132
|
@ -158,3 +158,102 @@ required for instance image or deploy image.
|
|||
.. _diskimage-builder: https://docs.openstack.org/diskimage-builder
|
||||
.. _dynamic-login: https://docs.openstack.org/diskimage-builder/latest/elements/dynamic-login/README.html
|
||||
.. _devuser: https://docs.openstack.org/diskimage-builder/latest/elements/devuser/README.html
|
||||
|
||||
Available Elements
|
||||
------------------
|
||||
|
||||
Ironic Python Agent (IPA) Extra Hardware
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
This element adds the `hardware <https://pypi.python.org/pypi/hardware>`_
|
||||
python package to the Ironic Python Agent (IPA) ramdisk. It also installs
|
||||
several package dependencies of the ``hardware`` module.
|
||||
|
||||
The ``hardware`` package provides improves hardware introspection capabilities
|
||||
and supports benchmarking. This functionality may be enabled by adding the
|
||||
``extra-hardware`` collector in the ``[DEFAULT] inspection_collectors`` option
|
||||
or the ``ipa-inspection-collectors`` kernel command line argument.
|
||||
|
||||
The following environment variables may be set to configure the element when
|
||||
doing a source-based installation:
|
||||
|
||||
* ``DIB_IPA_HARDWARE_PACKAGE`` the full ``hardware`` Python package descriptor
|
||||
to use. If unset, ``DIB_IPA_HARDWARE_VERSION`` will be used.
|
||||
* ``DIB_IPA_HARDWARE_VERSION`` the version of the ``hardware`` package to
|
||||
install when ``DIB_IPA_HARDWARE_PACKAGE`` is unset. If unset, the latest
|
||||
version will be installed.
|
||||
|
||||
ironic-python-agent-ramdisk
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
Builds a ramdisk with ironic-python-agent.
|
||||
|
||||
More information can be found at:
|
||||
https://docs.openstack.org/ironic-python-agent/latest/
|
||||
|
||||
Beyond installing the ironic-python-agent, this element does the following:
|
||||
|
||||
* Installs the ``dhcp-all-interfaces`` so the node, upon booting, attempts to
|
||||
obtain an IP address on all available network interfaces.
|
||||
* Disables the ``iptables`` service on SysV and systemd based systems.
|
||||
* Disables the ``ufw`` service on Upstart based systems.
|
||||
* Installs packages required for the operation of the ironic-python-agent::
|
||||
``qemu-utils`` ``parted`` ``hdparm`` ``util-linux`` ``genisoimage``
|
||||
* When installing from source, ``python-dev`` and ``gcc`` are also installed
|
||||
in order to support source based installation of ironic-python-agent and its
|
||||
dependencies.
|
||||
* Install the certificate if any, which is set to the environment variable
|
||||
``DIB_IPA_CERT`` for validating the authenticity by ironic-python-agent. The
|
||||
certificate can be self-signed certificate or CA certificate.
|
||||
* Compresses initramfs with command specified in environment variable
|
||||
``DIB_IPA_COMPRESS_CMD``, which is 'gzip' by default. This command should
|
||||
listen for raw data from stdin and write compressed data to stdout. Command
|
||||
can be with arguments.
|
||||
* Configures rescue mode if ``DIB_IPA_ENABLE_RESCUE`` is not set to ``false``.
|
||||
|
||||
This element outputs three files:
|
||||
|
||||
- ``$IMAGE-NAME.initramfs``: The deploy ramdisk file containing the
|
||||
ironic-python-agent (IPA) service.
|
||||
- ``$IMAGE-NAME.kernel``: The kernel binary file.
|
||||
|
||||
.. note::
|
||||
The package based install currently only enables the service when using the
|
||||
systemd init system. This can easily be changed if there is an agent
|
||||
package which includes upstart or sysv packaging.
|
||||
|
||||
.. note::
|
||||
Using the ramdisk will require at least 1.5GB of ram
|
||||
|
||||
ironic-python-agent-tls
|
||||
~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
Adds TLS support to ironic-python-agent-ramdisk.
|
||||
|
||||
By default this element will enable TLS API support in IPA with a self-signed
|
||||
certificate and key created at build time.
|
||||
|
||||
Optionally, you can provide your own SSL certifiate and key, and optionally
|
||||
CA, via the following environment variables. They should be set to an
|
||||
accessible path on the build systems filesystem. If set, they will be copied
|
||||
into the built ramdisk, and IPA will be configured to use them.
|
||||
|
||||
The environment variables are:
|
||||
- ``DIB_IPA_CERT_FILE`` should point to the TLS certificate for ramdisk use.
|
||||
- ``DIB_IPA_KEY_FILE`` should point to the private key matching
|
||||
``DIB_IPA_CERT_FILE``.
|
||||
|
||||
You can configure the generated certificate with the following environment variables:
|
||||
- ``DIB_IPA_CERT_HOSTNAME`` the CN for the generated
|
||||
certificate. Defaults to "ipa-ramdisk.example.com".
|
||||
- ``DIB_IPA_CERT_EXPIRATION`` expiration, in days, for the certificate.
|
||||
Defaults to 1095 (three years).
|
||||
|
||||
Note that the certificates generated by this element are self-signed, and
|
||||
any nodes using them will need to set agent_verify_ca=False in driver_info.
|
||||
|
||||
This element can also configure client certificate validation in IPA. If you
|
||||
wish to validate client certificates, set ``DIB_IPA_CA_FILE`` to a CA file
|
||||
you wish IPA client connections to be validated against. This CA file will
|
||||
be copied into the built ramdisk, and IPA will be configured to use it.
|
||||
|
||||
|
|
Loading…
Reference in New Issue