214 lines
		
	
	
		
			7.3 KiB
		
	
	
	
		
			ReStructuredText
		
	
	
	
	
	
			
		
		
	
	
			214 lines
		
	
	
		
			7.3 KiB
		
	
	
	
		
			ReStructuredText
		
	
	
	
	
	
| .. _troubleshooting:
 | |
| 
 | |
| =========================================
 | |
| Troubleshooting Ironic-Python-Agent (IPA)
 | |
| =========================================
 | |
| 
 | |
| This document contains basic trouble shooting information for IPA.
 | |
| 
 | |
| Gaining Access to IPA on a node
 | |
| ===============================
 | |
| In order to access a running IPA instance a user must be added or enabled on
 | |
| the image. Below we will cover several ways to do this.
 | |
| 
 | |
| Access via ssh
 | |
| --------------
 | |
| CoreOS
 | |
| ~~~~~~
 | |
| To enable the ``core`` user on pre-built or CoreOS images a ssh public key
 | |
| will need to added. To do this you will need to:
 | |
| 
 | |
| - Add ``sshkey="ssh-rsa AAAA..."`` to pxe_append_params setting in ironic.conf
 | |
|   file
 | |
| - Restart the ironic-conductor with the command
 | |
|   ``service ironic-conductor restart``
 | |
| - ``ssh core@<ip-address-of-node>``
 | |
| 
 | |
| diskimage-builder (DIB)
 | |
| ~~~~~~~~~~~~~~~~~~~~~~~
 | |
| SSH access can be added to DIB built IPA images with the dynamic-login [0]_
 | |
| or the devuser element [1]_
 | |
| 
 | |
| The dynamic-login element allows the operator to inject a SSH key when the
 | |
| image boots. Kernel command line parameters are used to do this.
 | |
| 
 | |
| dynamic-login element example:
 | |
| 
 | |
| - Add ``sshkey="ssh-rsa BBA1..."`` to pxe_append_params setting in
 | |
|   the ``ironic.conf`` file
 | |
| - Restart the ironic-conductor with the command
 | |
|   ``service ironic-conductor restart``
 | |
| 
 | |
| devuser element example::
 | |
| 
 | |
|   export DIB_DEV_USER_USERNAME=username
 | |
|   export DIB_DEV_USER_PWDLESS_SUDO=yes
 | |
|   export DIB_DEV_USER_AUTHORIZED_KEYS=$HOME/.ssh/id_rsa.pub
 | |
|   disk-image-create -o /path/to/custom-ipa debian ironic-agent devuser
 | |
| 
 | |
| tinyipa
 | |
| ~~~~~~~
 | |
| 
 | |
| If you want to enable SSH access to the image,
 | |
| set ``ENABLE_SSH`` variable in your shell to ``true`` before building
 | |
| the tinyipa image::
 | |
| 
 | |
|   export ENABLE_SSH=true
 | |
| 
 | |
| By default it will use default public RSA (or, if not available, DSA)
 | |
| key of the user running the build (``~/.ssh/id_{rsa,dsa}.pub``).
 | |
| 
 | |
| To provide other public SSH key, export full path to it in your shell
 | |
| before building tinyipa as follows::
 | |
| 
 | |
|   export SSH_PUBLIC_KEY=/path/to/other/ssh/public/key
 | |
| 
 | |
| The user to use for access is default Tiny Core Linux user ``tc``.
 | |
| This user has no password and has password-less ``sudo`` permissions.
 | |
| Installed SSH server is configured to disable Password authentication.
 | |
| 
 | |
| Access via console
 | |
| ------------------
 | |
| If you need to use console access, passwords must be enabled there are a
 | |
| couple ways to enable this depending on how the IPA image was created:
 | |
| 
 | |
| CoreOS
 | |
| ~~~~~~
 | |
| CoreOS has support for auto login on the console [4]_. This can be enabled by:
 | |
| 
 | |
| - Adding ``coreos.autologin`` to pxe_append_params setting
 | |
|   in the ``ironic.conf`` file. See [4]_ for more information on using
 | |
|   autologin.
 | |
| 
 | |
| If you do not wish to enable auto login users can be added to CoreOS by editing
 | |
| the cloud-config.yml file and adding the following [2]_::
 | |
| 
 | |
|   users:
 | |
|     - name: username
 | |
|       passwd: $6$5s2u6/jR$un0AvWnqilcgaNB3Mkxd5... <example password hash>
 | |
|       groups:
 | |
|         - sudo
 | |
| 
 | |
| If using a pre-built image the cloud-config.yml must first be extracted::
 | |
| 
 | |
|   mkdir tmp_folder
 | |
|   cd tmp_folder
 | |
|   zcat ../coreos_production_pxe_image-oem-stable-mitaka.cpio | cpio --extract --make-directories
 | |
| 
 | |
| To create a password hash the mkpasswd command can be used::
 | |
| 
 | |
|   mkpasswd --method=SHA-512 --rounds=4096
 | |
| 
 | |
| After adding the user block with your favorite editor recompress the image::
 | |
| 
 | |
|   find . | cpio --create --format='newc' |gzip -c -9 > ../coreos_production_pxe_image-oem-stable-mitaka.cpio.NEW.gz
 | |
| 
 | |
| An alternative to editing the embedded cloud-config.yml [4]_ file is to pass a
 | |
| new one on the kernel command line by:
 | |
| 
 | |
| - adding ``cloud-config-url=http://example.com/cloud-config.yml``
 | |
|   to pxe_append_params setting in the ``ironic.conf`` file
 | |
| 
 | |
| diskimage-builder (DIB)
 | |
| ~~~~~~~~~~~~~~~~~~~~~~~
 | |
| Users wishing to use password access can be add the dynamic-login [0]_ or the
 | |
| devuser element [1]_
 | |
| 
 | |
| The dynamic-login element allows the operator to change the root password
 | |
| dynamically when the image boots. Kernel command line parameters
 | |
| are used to do this.
 | |
| 
 | |
| dynamic-login element example::
 | |
| 
 | |
|   Generate a ENCRYPTED_PASSWORD with the openssl passwd -1 command
 | |
|   Add rootpwd="$ENCRYPTED_PASSWORD" value on the pxe_append_params setting in /etc/ironic/ironic.conf
 | |
|   Restart the ironic-conductor with the command service ironic-conductor restart
 | |
| 
 | |
| Users can also be added to DIB built IPA images with the devuser element [1]_
 | |
| 
 | |
| Example::
 | |
| 
 | |
|   export DIB_DEV_USER_USERNAME=username
 | |
|   export DIB_DEV_USER_PWDLESS_SUDO=yes
 | |
|   export DIB_DEV_USER_PASSWORD=PASSWORD
 | |
|   disk-image-create -o /path/to/custom-ipa debian ironic-agent devuser
 | |
| 
 | |
| tinyipa
 | |
| ~~~~~~~
 | |
| 
 | |
| The image built with scripts provided in ``imagebuild/tinyipa`` folder
 | |
| of Ironic Python Agent repository by default auto-logins the default
 | |
| Tiny Core Linux user ``tc`` to the console.
 | |
| This user has no password and has password-less ``sudo`` permissions.
 | |
| 
 | |
| Set IPA to debug logging
 | |
| ========================
 | |
| Debug logging can be enabled a several different ways. The easiest way is to
 | |
| add ``ipa-debug=1`` to the kernel command line. To do this:
 | |
| 
 | |
| - Append ``ipa-debug=1`` to the pxe_append_params setting in the
 | |
|   ``ironic.conf`` file
 | |
| - Restart the ironic-conductor with the command
 | |
|   ``service ironic-conductor restart``
 | |
| 
 | |
| Another method is to edit the cloud-config.yml file.  IPA's instructions on
 | |
| building a custom image can be found at [3]_.
 | |
| 
 | |
| This essentially boils down to the following steps:
 | |
| 
 | |
| #. ``git clone https://git.openstack.org/openstack/ironic-python-agent``
 | |
| #. ``cd ironic-python-agent``
 | |
| #. ``pip install -r ./requirements.txt``
 | |
| #. If not installed, please install the docker container engine. [5]_
 | |
| #. ``cd imagebuild/coreos``
 | |
| #. Edit ``oem/cloud-config.yml`` and add ``--debug`` to the end of the
 | |
|    ExecStart setting for the ironic-python-agent.service unit.
 | |
| #. Execute ``make`` to complete the build process.
 | |
| 
 | |
| If the system is running and uses systemd then editing the services file
 | |
| will be required.
 | |
| 
 | |
| - ``systemctl edit ironic-python-agent.service``
 | |
| - Append ``--debug`` to end of the ExecStart command
 | |
| - Restart IPA. See the `Manually restart IPA`_ section below.
 | |
| 
 | |
| Where can I find the IPA logs
 | |
| =============================
 | |
| 
 | |
| Retrieving the IPA logs will differ depending on which base image was used.
 | |
| 
 | |
| 
 | |
| * Operating system that do not use ``systemd`` (ie Ubuntu 14.04)
 | |
| 
 | |
|   - logs will be found in the /var/log/ folder.
 | |
| 
 | |
| * Operating system that do use ``systemd`` (ie Fedora 22, CoreOS)
 | |
| 
 | |
|   - logs may be viewed with ``sudo journalctl -u ironic-python-agent``
 | |
| 
 | |
|   .. note::
 | |
|       sudo is not required with the CoreOS images.
 | |
| 
 | |
| 
 | |
| Manually restart IPA
 | |
| ====================
 | |
| 
 | |
| In some cases it is helpful to enable debug mode on a running node.
 | |
| If the system does not use systemd then IPA can be restarted directly::
 | |
| 
 | |
|   sudo /usr/local/bin/ironic-python-agent [--debug]
 | |
| 
 | |
| If the system uses systemd then systemctl can be used to restart the service::
 | |
| 
 | |
|   sudo systemctl restart ironic-python-agent.service
 | |
| 
 | |
| 
 | |
| References
 | |
| ==========
 | |
| .. [0] `Dynamic-login DIB element`: https://github.com/openstack/diskimage-builder/tree/master/elements/dynamic-login
 | |
| .. [1] `DevUser DIB element`: https://github.com/openstack/diskimage-builder/tree/master/elements/devuser
 | |
| .. [2] `Add User to CoreOS`: https://coreos.com/os/docs/latest/adding-users.html
 | |
| .. [3] `IPA image build reference`: https://github.com/openstack/ironic-python-agent/tree/master/imagebuild/coreos/README.rst
 | |
| .. [4] `Booting CoreOS via PXE`: https://coreos.com/os/docs/latest/booting-with-pxe.html
 | |
| .. [5] `Install docker engine`: https://docs.docker.com/engine/installation/
 | 
