Shivanand Tendulker a1d2b2ad0f Follow-up patch for documentation of rescue mode
This is the follow-up patch addresses outstanding comments for
commit 689dbf6b5c6ec1dcaf1fa37d288518c91eedf4ec.

Change-Id: I72c189988c5c274c32d61a2b9aea5a84da2b2c6e
Related-Bug: #1526449
2018-02-12 14:05:14 -05:00

1.6 KiB

Rescue Mode

Ironic supports putting nodes in rescue mode using hardware types that support rescue interfaces. A rescue operation can be used to boot nodes into a rescue ramdisk so that the rescue user can access the node. This provides the ability to access the node when normal access is not possible. For example, if there is a need to perform manual password reset or data recovery in the event of some failure, a rescue operation can be used. IPA rescue extension exposes a command finalize_rescue (that is used by Ironic) to set the password for the rescue user when the rescue ramdisk is booted.

finalize_rescue command

The rescue extension exposes the command finalize_rescue; when invoked, it triggers rescue mode:

POST /v1/commands

{"name": "rescue.finalize_rescue",
 "params": {
    "rescue_password": "p455w0rd"}
}

rescue_password is a required parameter for this command.

Upon success, it returns following data in response:

{"command_name": "finalize_rescue",
 "command_params": {
    "rescue_password": "p455w0rd"},
 "command_status": "SUCCEEDED"
 "command_result": null
 "command_error": null
}

If successful, this synchronous command will:

  1. Write the salted and crypted rescue_password to /etc/ipa-rescue-config/ipa-rescue-password in the chroot or filesystem that ironic-python-agent is running in.
  2. Stop the ironic-python-agent process after completing these actions and returning the response to the API request.