Delete unused elements
delorean-repo: replaced by tripleo-repos and other repo setup approaches hosts: heat hasn't manage hosts file for many releases localboot: replaced by diskimage-builder grub2, bootloader elements ntp: replaced by installing chrony package os-net-config: the package is installed by other elements, and the script is now called from ansible overcloud-dracut: replaced by diskimage-builder dracut-regenerate element overcloud-partition: no image now uses this, overcloud-hardened-uefi-full uses overcloud-partition-uefi Change-Id: I990493b51d87a40140c1648f2b04c982ce959b1d
This commit is contained in:
parent
12d4eec7dc
commit
44abab621f
|
@ -1,18 +0,0 @@
|
|||
Configure the image to pull packages from a Delorean repo
|
||||
|
||||
This element configures the image such that it downloads
|
||||
packages from the specified Delorean repository. To use set
|
||||
DELOREAN\_REPO\_URL to the Delorean repo you'd like to use.
|
||||
This can be 'current' or any revision in the past that you'd
|
||||
like to use. Example:
|
||||
|
||||
export DELOREAN\_REPO\_URL=http://localhost/~user/repos/current
|
||||
|
||||
Delorean is a tool that can be used to automate building upstream
|
||||
packages:
|
||||
|
||||
https://github.com/openstack-packages/delorean
|
||||
|
||||
The Delorean tool currently supports Fedora packages and Yum
|
||||
repositories.
|
||||
Support for other distributions may be added in the future.
|
|
@ -1 +0,0 @@
|
|||
pkg-map
|
|
@ -1,5 +0,0 @@
|
|||
#!/bin/bash
|
||||
set -e
|
||||
set -o xtrace
|
||||
|
||||
yum clean metadata
|
|
@ -1,26 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
set -o xtrace
|
||||
|
||||
export DELOREAN_REPO_FILE=${DELOREAN_REPO_FILE:-"delorean.repo"}
|
||||
|
||||
# delorean requires delorean-deps
|
||||
if [[ "rhel7 centos7" =~ "$DISTRO_NAME" ]]; then
|
||||
|
||||
if [ -z "$STABLE_RELEASE" ]; then
|
||||
curl -L http://trunk.rdoproject.org/centos7/delorean-deps.repo -o /etc/yum.repos.d/delorean-deps.repo
|
||||
else
|
||||
curl -L http://trunk.rdoproject.org/centos7-$STABLE_RELEASE/delorean-deps.repo -o /etc/yum.repos.d/delorean-deps.repo
|
||||
fi
|
||||
|
||||
elif [[ "fedora" =~ "$DISTRO_NAME" ]]; then
|
||||
curl -L http://trunk.rdoproject.org/f$DIB_RELEASE/delorean-deps.repo -o /etc/yum.repos.d/delorean-deps.repo
|
||||
fi
|
||||
|
||||
if [ -n "$DELOREAN_REPO_URL" ]; then
|
||||
curl -L $DELOREAN_REPO_URL/$DELOREAN_REPO_FILE -o /etc/yum.repos.d/$DELOREAN_REPO_FILE
|
||||
else
|
||||
echo "Please configure a DELOREAN_REPO_URL."
|
||||
exit 1
|
||||
fi
|
|
@ -1,5 +0,0 @@
|
|||
Permit injecting content into /etc/hosts from heat
|
||||
|
||||
# Configuration
|
||||
|
||||
hosts: '192.0.2.1 my-host.example.com'
|
|
@ -1,2 +0,0 @@
|
|||
os-apply-config
|
||||
os-refresh-config
|
|
@ -1,51 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -eu
|
||||
set -o pipefail
|
||||
|
||||
write_entries() {
|
||||
local file="$1"
|
||||
local entries="$2"
|
||||
|
||||
# Don't do anything if the file isn't there
|
||||
if [ ! -f "$file" ]; then
|
||||
return
|
||||
fi
|
||||
|
||||
if grep -q "^# HEAT_HOSTS_START" "$file"; then
|
||||
temp=$(mktemp)
|
||||
(
|
||||
sed '/^# HEAT_HOSTS_START/,$d' "$file"
|
||||
echo -ne "# HEAT_HOSTS_START - Do not edit manually within this section!\n"
|
||||
echo "$entries"
|
||||
echo -ne "# HEAT_HOSTS_END\n"
|
||||
sed '1,/^# HEAT_HOSTS_END/d' "$file"
|
||||
) > "$temp"
|
||||
echo "INFO: Updating hosts file $file, check below for changes"
|
||||
diff "$file" "$temp" || true
|
||||
cat "$temp" > "$file"
|
||||
else
|
||||
echo -ne "\n# HEAT_HOSTS_START - Do not edit manually within this section!\n" >> "$file"
|
||||
echo "$entries" >> "$file"
|
||||
echo -ne "# HEAT_HOSTS_END\n\n" >> "$file"
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
ENTRIES=$(os-apply-config --key hosts --type raw --key-default '' | tr '[A-Z]' '[a-z]' | sed -e 's/\\n/\n/g' -e '/^$/d')
|
||||
if [ ! -z "$ENTRIES" ]; then
|
||||
# cloud-init files are /etc/cloud/templates/hosts.OSNAME.tmpl
|
||||
DIST=$(lsb_release -is | tr -s '[A-Z]' '[a-z]')
|
||||
case $DIST in
|
||||
fedora|redhatenterpriseserver)
|
||||
name="redhat"
|
||||
;;
|
||||
*)
|
||||
name="$DIST"
|
||||
;;
|
||||
esac
|
||||
write_entries "/etc/cloud/templates/hosts.${name}.tmpl" "$ENTRIES"
|
||||
write_entries "/etc/hosts" "$ENTRIES"
|
||||
else
|
||||
echo "No hosts in Heat, nothing written."
|
||||
fi
|
|
@ -1 +0,0 @@
|
|||
lsb_release:
|
|
@ -1,7 +0,0 @@
|
|||
{
|
||||
"family": {
|
||||
"redhat": {
|
||||
"lsb_release": "redhat-lsb-core"
|
||||
}
|
||||
}
|
||||
}
|
|
@ -1,21 +0,0 @@
|
|||
Installs grub boot loader from packages.
|
||||
|
||||
If you want to build an image with localboot for non arm architecture:
|
||||
|
||||
* Set up grub boot loader on the disk using os-refresh-config when system boot
|
||||
up and enables boot from HDD. This needs at least one PXE boot after deployment
|
||||
to work properly.
|
||||
In case Grub serial terminal support is needed, use serial-console element.
|
||||
|
||||
If you want to build an image with localboot for uboot arm boards:
|
||||
|
||||
* uboot (when set to boot from the disk) looks on the first disk partition
|
||||
for a file named boot.scr in / or /boot. This is a uboot
|
||||
script file, packaged in the special uboot format (like uImage and uInitrd)
|
||||
by the mkimage command, that tells uboot where the kernel and initrd are, and
|
||||
what the kernel boot arguments. This file is created by mkimage command
|
||||
using the flash-kernel script, provided by the u-boot-tools package.
|
||||
|
||||
* The user must provide a uboot script file which contains kernel, initrd and console
|
||||
parameters. This file path is read from an environment variable named
|
||||
UBOOT\_SCRIPT\_FILE\_PATH.
|
|
@ -1,49 +0,0 @@
|
|||
#!/bin/bash
|
||||
#
|
||||
# Copyright 2014 Hewlett-Packard Development Company, L.P.
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
set -eux
|
||||
set -o pipefail
|
||||
|
||||
source $_LIB/img-functions
|
||||
|
||||
# Dig up the initrd and kernel.
|
||||
select_boot_kernel_initrd $TARGET_ROOT
|
||||
BOOTDIR=$TARGET_ROOT/boot
|
||||
|
||||
# For Grub 2, config file will be generated once system is booted up.
|
||||
# But for legacy grub, there is no command to generate config file so
|
||||
# legacy grub config file needs to be adjusted here
|
||||
if [ -f $BOOTDIR/grub/grub.conf ] ; then
|
||||
# Fix root and update kernel/initrds
|
||||
kernel_parms=`awk '!/^#/ && /vmlinuz-/' $BOOTDIR/grub/grub.conf`
|
||||
for parm in $kernel_parms ; do
|
||||
case $parm in
|
||||
root=*)
|
||||
sed -i "s,${parm#root=},LABEL=${DIB_ROOT_LABEL},g" $BOOTDIR/grub/grub.conf
|
||||
;;
|
||||
/boot/vmlinuz-*)
|
||||
KERNEL_VERSION=${KERNEL#vmlinuz-}
|
||||
if [ -n "$KERNEL_VERSION" ] ; then
|
||||
OLD_KER_VER=${parm#/boot/vmlinuz-}
|
||||
sed -i "s/${OLD_KER_VER}\([ )]\|\(\.[a-zA-Z]\)\|$\)/${KERNEL_VERSION}\1/g" $BOOTDIR/grub/grub.conf
|
||||
fi
|
||||
;;
|
||||
*)
|
||||
;;
|
||||
esac
|
||||
done
|
||||
fi
|
|
@ -1,2 +0,0 @@
|
|||
cleanup-kernel-initrd
|
||||
os-refresh-config
|
|
@ -1,38 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -eux
|
||||
set -o pipefail
|
||||
|
||||
if [ "$ARCH" == "amd64" -o "$ARCH" == "i386" ]; then
|
||||
# grub-pc deb package postinst will try to install grub into root
|
||||
# device which definitely fail at this stage.
|
||||
# The workaround is to skip error and remove postinst script
|
||||
if [[ "ubuntu debian" =~ "$DISTRO_NAME" ]]; then
|
||||
set +e
|
||||
install-packages grub-pc
|
||||
# if grub-pc.postinst exists, it's the postinst issue
|
||||
# otherwise we should still fail here
|
||||
if [ $? -ne 0 ]; then
|
||||
GRUB_POSTINST=/var/lib/dpkg/info/grub-pc.postinst
|
||||
if [ -e $GRUB_POSTINST ]; then
|
||||
rm -f $GRUB_POSTINST
|
||||
else
|
||||
set -e && false
|
||||
fi
|
||||
fi
|
||||
set -e
|
||||
else
|
||||
install-packages grub-pc
|
||||
fi
|
||||
|
||||
elif [ "$ARCH" == "aarch64" -o "$ARCH" == "armhf" ]; then
|
||||
install-package u-boot-tools
|
||||
#This copies uboot scripts to boot folder
|
||||
if [ -f "$UBOOT_SCRIPT_FILE_PATH" ] ; then
|
||||
cp "$UBOOT_SCRIPT_FILE_PATH" "$TARGET_ROOT/boot/boot.cmd"
|
||||
fi
|
||||
|
||||
else
|
||||
echo "ERROR: localboot is not supported for $ARCH architectures."
|
||||
exit 1
|
||||
fi
|
|
@ -1,71 +0,0 @@
|
|||
#!/bin/bash
|
||||
#
|
||||
# Copyright 2014 Hewlett-Packard Development Company, L.P.
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
set -eu
|
||||
set -o pipefail
|
||||
|
||||
echo Installing Boot Loader
|
||||
if [[ "aarch64 armhf" =~ "$(uname -m)" ]]; then
|
||||
KERNEL_RELEASE="$(uname -r)"
|
||||
KERNEL="/boot/vmlinuz-$KERNEL_RELEASE"
|
||||
RAMDISK="/boot/initrd.img-$KERNEL_RELEASE"
|
||||
FILE="/boot/boot.cmd"
|
||||
#this file will contain script with boot parameters like ramdisk and kernel
|
||||
#address and console parameters. This varies from arm board to board, User
|
||||
#will provide boot script.
|
||||
if [ -f "$FILE" ] ; then
|
||||
#boot.scr file is created by below command which requires u-boot-tools package.
|
||||
mkimage -C none -A arm -T script -d "$FILE" /boot/boot.scr
|
||||
else
|
||||
echo "$FILE file not found to generate boot.scr"
|
||||
fi
|
||||
|
||||
else
|
||||
grub_bin=$(which grub)
|
||||
if [ -n "$grub_bin" ] ; then
|
||||
grub_ver="$($grub_bin --version | grep 0\.97)"
|
||||
if [ -n "$grub_ver" ] ; then
|
||||
echo "Legacy grub 0.97 found"
|
||||
$grub_bin --batch << EOF
|
||||
root (hd0,0)
|
||||
setup (hd0)
|
||||
EOF
|
||||
else
|
||||
echo "unknown legacy grub version"
|
||||
fi
|
||||
else
|
||||
# Some distros have grub2 binaries named as grub2-install, grub2-mkconfig, etc.
|
||||
# Others have grub-install, grub-mkconfig, etc..
|
||||
grub_bin_prefix="grub"
|
||||
grub_bin="$(which ${grub_bin_prefix}-mkconfig)"
|
||||
if [ -n "${grub_bin}" ] ; then
|
||||
grub_bin_prefix="grub2"
|
||||
grub_bin="$(which ${grub_bin_prefix}-mkconfig)"
|
||||
fi
|
||||
if [ -n "$grub_bin" ] ; then
|
||||
grub_ver="$($grub_bin --version | grep 2\...)"
|
||||
if [ -n "$grub_ver" ] ; then
|
||||
echo "GRUB 2.xx found"
|
||||
${grub_bin_prefix}-mkconfig -o /boot/${grub_bin_prefix}/grub.cfg
|
||||
${grub_bin_prefix}-install --force /dev/sda
|
||||
else
|
||||
echo "unknown grub version"
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
fi
|
|
@ -1,8 +0,0 @@
|
|||
Setup ntpd and optionally configure it using Heat metadata.
|
||||
|
||||
Heat Metadata can be used to specify the configuration:
|
||||
|
||||
ntp:
|
||||
servers:
|
||||
- { server: server1.foo.example }
|
||||
- { server: server2.foo.test, fudge: stratum 0 }
|
|
@ -1,2 +0,0 @@
|
|||
os-apply-config
|
||||
os-refresh-config
|
|
@ -1,10 +0,0 @@
|
|||
#!/bin/bash
|
||||
set -ue
|
||||
|
||||
# we don't want chrony and ntp conflict each others.
|
||||
if rpm -q chrony; then
|
||||
yum remove -y chrony
|
||||
fi
|
||||
|
||||
# ntpdate is used when the network is brought up to correct any large time skew
|
||||
install-packages ntp ntpdate
|
|
@ -1,32 +0,0 @@
|
|||
# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
|
||||
|
||||
driftfile /var/lib/ntp/ntp.drift
|
||||
|
||||
# Enable this if you want statistics to be logged.
|
||||
#statsdir /var/log/ntpstats/
|
||||
|
||||
statistics loopstats peerstats clockstats
|
||||
filegen loopstats file loopstats type day enable
|
||||
filegen peerstats file peerstats type day enable
|
||||
filegen clockstats file clockstats type day enable
|
||||
|
||||
# By default, exchange time with everybody, but don't allow configuration.
|
||||
restrict -4 default kod notrap nomodify nopeer noquery
|
||||
restrict -6 default kod notrap nomodify nopeer noquery
|
||||
|
||||
# Local users may interrogate the ntp server more closely.
|
||||
restrict 127.0.0.1
|
||||
restrict ::1
|
||||
|
||||
# Remote NTP server(s) to synchronize with.
|
||||
{{#ntp.servers}}
|
||||
{{#server}}
|
||||
server {{server}}
|
||||
{{/server}}
|
||||
{{/ntp.servers}}
|
||||
|
||||
# Specify the internal hardware clock as a reference clock.
|
||||
# Set a high stratum so this is only used if all external clocks fail.
|
||||
# This will mitigate skew until external clocks return to service.
|
||||
server 127.127.1.0 # local clock address
|
||||
fudge 127.127.1.0 stratum 10
|
|
@ -1,29 +0,0 @@
|
|||
#!/bin/bash
|
||||
set -eu
|
||||
set -o pipefail
|
||||
|
||||
# NTP server to sync with.
|
||||
NTP_SERVER="$(os-apply-config --key 'ntp.servers.0.server' --type raw --key-default '')"
|
||||
SERVICE_NAME="$(svc-map ntpd)"
|
||||
|
||||
if [ -n "${NTP_SERVER}" ]; then
|
||||
ntpdate -q "${NTP_SERVER}" ||
|
||||
{ echo "ERROR: ntpdate cannot connect to: ${NTP_SERVER}"; exit 1; }
|
||||
|
||||
# Ensure ntpd is not running
|
||||
NTP_STOP_LOOPS=5; LOOP_COUNT=0
|
||||
while service "${SERVICE_NAME}" status &>/dev/null &&
|
||||
[ ${LOOP_COUNT} -lt ${NTP_STOP_LOOPS} ]; do
|
||||
service "${SERVICE_NAME}" stop
|
||||
sleep $((5 * $((LOOP_COUNT + 1))))
|
||||
done
|
||||
# If ntpd is still running then abort.
|
||||
service "${SERVICE_NAME}" status &>/dev/null && exit 1
|
||||
|
||||
# Set the system clock to the value of the NTP clock.
|
||||
# Note: This will not sanity check the ntp server like ntpd.
|
||||
ntpdate -b "${NTP_SERVER}"
|
||||
hwclock --systohc # Re-align the H/W clock. (incase of power loss)
|
||||
|
||||
service "${SERVICE_NAME}" start
|
||||
fi
|
|
@ -1,3 +0,0 @@
|
|||
ntpd:
|
||||
default: ntp
|
||||
redhat: ntpd
|
|
@ -1,31 +0,0 @@
|
|||
Install, configure, and (optionally) run os-net-config.
|
||||
|
||||
Installs os-net-config and configures a JSON formatted config file
|
||||
at /etc/os-net-config/element\_config.json. The os-net-config command
|
||||
is only executed if configuration metadata is provided.
|
||||
|
||||
Configuration
|
||||
-------------
|
||||
os\_net\_config: JSON (or YAML) metadata in the os-net-config format.
|
||||
|
||||
Config Examples:
|
||||
---------------
|
||||
|
||||
```
|
||||
{ "os_net_config":
|
||||
{ "network_config": [
|
||||
{
|
||||
"type": "ovs_bridge",
|
||||
"name": "br-ctlplane",
|
||||
"use_dhcp": "true",
|
||||
"primary": "true",
|
||||
"members": [
|
||||
{
|
||||
"type": "interface",
|
||||
"name": "em1"
|
||||
}
|
||||
]
|
||||
}
|
||||
]}
|
||||
}
|
||||
```
|
|
@ -1,6 +0,0 @@
|
|||
os-apply-config
|
||||
os-refresh-config
|
||||
package-installs
|
||||
pip-manifest
|
||||
openvswitch
|
||||
interface-names
|
|
@ -1,6 +0,0 @@
|
|||
if [ -z "${OS_NET_CONFIG_VENV_DIR:-}" ]; then
|
||||
export OS_NET_CONFIG_VENV_DIR=${OPENSTACK_VENV_DIR:-"/opt/stack/venvs/os-net-config"}
|
||||
fi
|
||||
if [ -z "${OS_NET_CONFIG_INSTALL_OPTS:-}" ]; then
|
||||
export OS_NET_CONFIG_INSTALL_OPTS=${OPENSTACK_EXTRA_INSTALL_OPTS:-""}
|
||||
fi
|
|
@ -1,37 +0,0 @@
|
|||
#!/bin/bash
|
||||
set -ex
|
||||
|
||||
manifest=$(get-pip-manifest os-net-config)
|
||||
|
||||
if [[ "$DISTRO_NAME" == "debian" ]] && [[ "$DIB_RELEASE" == "stable" || "$DIB_RELEASE" == "bullseye" ]]
|
||||
then
|
||||
virtualenv $OS_NET_CONFIG_VENV_DIR
|
||||
else
|
||||
virtualenv --setuptools $OS_NET_CONFIG_VENV_DIR
|
||||
fi
|
||||
|
||||
set +u
|
||||
source $OS_NET_CONFIG_VENV_DIR/bin/activate
|
||||
set -u
|
||||
|
||||
if [ -n "$manifest" ]; then
|
||||
use-pip-manifest $manifest
|
||||
else
|
||||
# bug #1201253 : virtualenv-1.10.1 embeds setuptools-0.9.8, which
|
||||
# doesn't manage correctly HTTPS sockets when downloading pbr from
|
||||
# https://pypi.python.org/simple/ if using http_proxy and https_proxy
|
||||
# envvars
|
||||
$OS_NET_CONFIG_VENV_DIR/bin/pip install -U 'setuptools>=1.0'
|
||||
# bug #1293812 : Avoid easy_install triggering on pbr.
|
||||
$OS_NET_CONFIG_VENV_DIR/bin/pip install -U 'pbr>=0.11'
|
||||
$OS_NET_CONFIG_VENV_DIR/bin/pip install -U os-net-config
|
||||
fi
|
||||
|
||||
# Write the manifest of what was installed
|
||||
write-pip-manifest os-net-config
|
||||
|
||||
ln -s $OS_NET_CONFIG_VENV_DIR/bin/os-net-config /usr/local/bin/os-net-config
|
||||
|
||||
set +u
|
||||
deactivate
|
||||
set -u
|
|
@ -1,3 +0,0 @@
|
|||
{{#os_net_config}}
|
||||
{{.}}
|
||||
{{/os_net_config}}
|
|
@ -1,122 +0,0 @@
|
|||
#!/bin/bash
|
||||
set -ux
|
||||
|
||||
function get_metadata_ip() {
|
||||
|
||||
local METADATA_IP
|
||||
|
||||
# Look for a variety of Heat transports
|
||||
# FIXME: Heat should provide a way to obtain this in a single place
|
||||
for URL in os-collect-config.cfn.metadata_url os-collect-config.heat.auth_url os-collect-config.request.metadata_url os-collect-config.zaqar.auth_url; do
|
||||
METADATA_IP=$(os-apply-config --key $URL --key-default '' --type raw 2>/dev/null | sed -e 's|http.*://\([^:]*\).*|\1|')
|
||||
[ -n "$METADATA_IP" ] && break
|
||||
done
|
||||
|
||||
echo $METADATA_IP
|
||||
|
||||
}
|
||||
|
||||
function is_local_ip() {
|
||||
local IP_TO_CHECK=$1
|
||||
if ip -o a | grep "inet6\? $IP_TO_CHECK/" &>/dev/null; then
|
||||
return 0
|
||||
else
|
||||
return 1
|
||||
fi
|
||||
}
|
||||
|
||||
function ping_metadata_ip() {
|
||||
local METADATA_IP=$(get_metadata_ip)
|
||||
local METADATA_IP_PING_TIMEOUT=60
|
||||
|
||||
if [ -n "$METADATA_IP" ] && ! is_local_ip $METADATA_IP; then
|
||||
|
||||
echo -n "Trying to ping metadata IP ${METADATA_IP}..."
|
||||
|
||||
local COUNT=0
|
||||
until ping -c 1 $METADATA_IP &> /dev/null; do
|
||||
COUNT=$(( $COUNT + 1 ))
|
||||
sleep 1
|
||||
if [ $COUNT -eq $METADATA_IP_PING_TIMEOUT ]; then
|
||||
echo "FAILURE"
|
||||
echo "$METADATA_IP is not pingable." >&2
|
||||
exit 1
|
||||
fi
|
||||
done
|
||||
echo "SUCCESS"
|
||||
|
||||
else
|
||||
echo "No metadata IP found. Skipping."
|
||||
fi
|
||||
}
|
||||
|
||||
function configure_safe_defaults() {
|
||||
|
||||
[[ $? == 0 ]] && return 0
|
||||
|
||||
cat > /etc/os-net-config/dhcp_all_interfaces.yaml <<EOF_CAT
|
||||
# This file is an autogenerated safe defaults file for os-net-config
|
||||
# which runs DHCP on all discovered interfaces to ensure connectivity
|
||||
# back to the undercloud for updates
|
||||
network_config:
|
||||
EOF_CAT
|
||||
|
||||
for iface in $(ls /sys/class/net | grep -v -e ^lo$ -e ^vnet$); do
|
||||
local mac_addr_type="$(cat /sys/class/net/${iface}/addr_assign_type)"
|
||||
if [ "$mac_addr_type" != "0" ]; then
|
||||
echo "Device has generated MAC, skipping."
|
||||
else
|
||||
ip link set dev $iface up &>/dev/null
|
||||
HAS_LINK="$(cat /sys/class/net/${iface}/carrier)"
|
||||
|
||||
TRIES=10
|
||||
while [ "$HAS_LINK" == "0" -a $TRIES -gt 0 ]; do
|
||||
HAS_LINK="$(cat /sys/class/net/${iface}/carrier)"
|
||||
if [ "$HAS_LINK" == "1" ]; then
|
||||
break
|
||||
else
|
||||
sleep 1
|
||||
fi
|
||||
TRIES=$(( TRIES - 1 ))
|
||||
done
|
||||
if [ "$HAS_LINK" == "1" ] ; then
|
||||
cat >> /etc/os-net-config/dhcp_all_interfaces.yaml <<EOF_CAT
|
||||
-
|
||||
type: interface
|
||||
name: $iface
|
||||
use_dhcp: true
|
||||
EOF_CAT
|
||||
fi
|
||||
fi
|
||||
done
|
||||
os-net-config -c /etc/os-net-config/dhcp_all_interfaces.yaml -v --detailed-exit-codes --cleanup
|
||||
RETVAL=$?
|
||||
if [[ $RETVAL == 2 ]]; then
|
||||
ping_metadata_ip
|
||||
elif [[ $RETVAL != 0 ]]; then
|
||||
echo "ERROR: configuration of safe defaults failed."
|
||||
fi
|
||||
}
|
||||
|
||||
NET_CONFIG=$(os-apply-config --key os_net_config --type raw --key-default '')
|
||||
|
||||
if [ -n "$NET_CONFIG" ]; then
|
||||
trap configure_safe_defaults EXIT
|
||||
os-net-config -c /etc/os-net-config/element_config.json -v --detailed-exit-codes
|
||||
RETVAL=$?
|
||||
if [[ $RETVAL == 2 ]]; then
|
||||
ping_metadata_ip
|
||||
|
||||
#NOTE: dprince this udev rule can apparently leak DHCP processes?
|
||||
# https://bugs.launchpad.net/tripleo/+bug/1538259
|
||||
# until we discover the root cause we can simply disable the
|
||||
# rule because networking has already been configured at this point
|
||||
if [ -f /etc/udev/rules.d/99-dhcp-all-interfaces.rules ]; then
|
||||
rm /etc/udev/rules.d/99-dhcp-all-interfaces.rules
|
||||
fi
|
||||
|
||||
elif [[ $RETVAL != 0 ]]; then
|
||||
echo "ERROR: os-net-config configuration failed." >&2
|
||||
exit 1
|
||||
fi
|
||||
fi
|
|
@ -1,2 +0,0 @@
|
|||
os-net-config:
|
||||
installtype: package
|
|
@ -1,10 +0,0 @@
|
|||
{
|
||||
"family": {
|
||||
"debian": {
|
||||
"os-net-config": "python-os-net-config"
|
||||
}
|
||||
},
|
||||
"default": {
|
||||
"os-net-config": "os-net-config"
|
||||
}
|
||||
}
|
|
@ -1,7 +0,0 @@
|
|||
================
|
||||
overcloud-dracut
|
||||
================
|
||||
Rebuilds initramfs adding all the modules needed to support
|
||||
TripleO needs in terms of booting whole disk images with
|
||||
enabled security. We need lvm and encryption on the images,
|
||||
so adding related packages and modules to enable those.
|
|
@ -1,2 +0,0 @@
|
|||
package-installs
|
||||
select-boot-kernel-initrd
|
|
@ -1,13 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
|
||||
set -x
|
||||
fi
|
||||
set -eu
|
||||
set -o pipefail
|
||||
|
||||
RET=$(select-boot-kernel-initrd)
|
||||
KERNEL_VERSION=`echo ${RET%:*} | sed 's/vmlinuz-//g'`
|
||||
RAMDISK=/boot/${RET#*:}
|
||||
|
||||
dracut --force --add "crypt lvm" $RAMDISK $KERNEL_VERSION
|
|
@ -1,2 +0,0 @@
|
|||
cryptsetup:
|
||||
lvm2:
|
|
@ -1,11 +0,0 @@
|
|||
overcloud-partition
|
||||
===================
|
||||
|
||||
overcloud-partition is an element to add extra security hardening features to
|
||||
the tripleo images: partition creation.
|
||||
|
||||
It includes the block-device-default definition, that creates independent
|
||||
partitions on the overcloud image, allowing those to accomplish the ANSSI
|
||||
security requirements. Please note that the sizes of the partitions may not
|
||||
be enough for production usage, they will need to be resized properly after
|
||||
deployment depending on the available disk size.
|
|
@ -1,95 +0,0 @@
|
|||
- local_loop:
|
||||
name: image0
|
||||
- partitioning:
|
||||
base: image0
|
||||
label: mbr
|
||||
partitions:
|
||||
- name: root
|
||||
flags: [ boot,primary ]
|
||||
size: 40G
|
||||
- lvm:
|
||||
name: lvm
|
||||
base: [ root ]
|
||||
pvs:
|
||||
- name: pv
|
||||
base: root
|
||||
options: [ "--force" ]
|
||||
vgs:
|
||||
- name: vg
|
||||
base: [ "pv" ]
|
||||
options: [ "--force" ]
|
||||
lvs:
|
||||
- name: lv_root
|
||||
base: vg
|
||||
extents: 23%VG
|
||||
- name: lv_tmp
|
||||
base: vg
|
||||
extents: 4%VG
|
||||
- name: lv_var
|
||||
base: vg
|
||||
extents: 45%VG
|
||||
- name: lv_log
|
||||
base: vg
|
||||
extents: 23%VG
|
||||
- name: lv_audit
|
||||
base: vg
|
||||
extents: 4%VG
|
||||
- name: lv_home
|
||||
base: vg
|
||||
extents: 1%VG
|
||||
- mkfs:
|
||||
name: fs_root
|
||||
base: lv_root
|
||||
type: xfs
|
||||
label: "img-rootfs"
|
||||
mount:
|
||||
mount_point: /
|
||||
fstab:
|
||||
options: "rw,relatime"
|
||||
fsck-passno: 1
|
||||
- mkfs:
|
||||
name: fs_tmp
|
||||
base: lv_tmp
|
||||
type: xfs
|
||||
mount:
|
||||
mount_point: /tmp
|
||||
fstab:
|
||||
options: "rw,nosuid,nodev,noexec,relatime"
|
||||
fsck-passno: 2
|
||||
- mkfs:
|
||||
name: fs_var
|
||||
base: lv_var
|
||||
type: xfs
|
||||
mount:
|
||||
mount_point: /var
|
||||
fstab:
|
||||
options: "rw,relatime"
|
||||
fsck-passno: 2
|
||||
- mkfs:
|
||||
name: fs_log
|
||||
base: lv_log
|
||||
type: xfs
|
||||
mount:
|
||||
mount_point: /var/log
|
||||
fstab:
|
||||
options: "rw,relatime"
|
||||
fsck-passno: 2
|
||||
- mkfs:
|
||||
name: fs_audit
|
||||
base: lv_audit
|
||||
type: xfs
|
||||
mount:
|
||||
mount_point: /var/log/audit
|
||||
fstab:
|
||||
options: "rw,relatime"
|
||||
fsck-passno: 2
|
||||
- mkfs:
|
||||
name: fs_home
|
||||
base: lv_home
|
||||
type: xfs
|
||||
mount:
|
||||
mount_point: /home
|
||||
fstab:
|
||||
options: "rw,nodev,relatime"
|
||||
fsck-passno: 2
|
||||
|
|
@ -1 +0,0 @@
|
|||
growvols
|
|
@ -1 +0,0 @@
|
|||
block-device
|
|
@ -1,10 +0,0 @@
|
|||
#
|
||||
# Arch gate
|
||||
#
|
||||
|
||||
if [[ "arm64 aarch64" =~ $ARCH ]]; then
|
||||
echo "overcloud-partition is not supported on AARCH64"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
export DIB_BLOCK_DEVICE=mbr
|
|
@ -1,8 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -eux
|
||||
|
||||
# Ensure tmp.mount isn't masked, which is done in cloud images
|
||||
# such as CentOS-Stream-GenericCloud-8
|
||||
systemctl unmask tmp.mount
|
||||
systemctl enable tmp.mount
|
Loading…
Reference in New Issue