History

Ian Wienand 5089e4e541 Move setfiles to outside chroot with runcon As described in the comments inline, on a selinux enabled kernel (such as a centos build host) you need to have permissions to change the contexts to those the kernel doesn't understand -- such as when you're building a fedora image. For some reason, setfiles has an arbitrary limit of 10 errors before it stops. I believe we previously had 9 errors (this mean 9 mis-labeled files, which were just waiting to cause problems). Something changed with F26 setfiles and it started erroring immediately, which lead to investigation. Infra builds, on non-selinux Ubuntu kernel's, would not have hit this issue. This means we need to move this to run with a manual chroot into the image under restorecon. I'm really not sure why ironic-agent removes all the selinux tools from the image, it seems like an over-optimisation (it's been like that since Id6333ca5d99716ccad75ea1964896acf371fa72a). Keep them so we can run the relabel. Change-Id: I4f5b591817ffcd776cbee0a0f9ca9f48de72aa6b		2017-07-24 10:14:07 +10:00
..
cleanup.d	Release 1.27.0	2017-02-03 11:49:45 +11:00
environment.d	Trivial fix typos	2017-05-31 11:17:05 +07:00
extra-data.d	Move elements & lib relative to diskimage_builder package	2016-11-01 17:27:41 -07:00
finalise.d	Move setfiles to outside chroot with runcon	2017-07-24 10:14:07 +10:00
install.d	Release 1.27.0	2017-02-03 11:49:45 +11:00
post-install.d	Move elements & lib relative to diskimage_builder package	2016-11-01 17:27:41 -07:00
test-elements/build-succeeds-fedora	Move ironic-agent test to fedora-minimal	2017-06-21 15:05:36 +10:00
README.rst	Release 1.27.0	2017-02-03 11:49:45 +11:00
element-deps	Release 1.21.1	2017-02-02 20:36:23 +11:00
element-provides	Move elements & lib relative to diskimage_builder package	2016-11-01 17:27:41 -07:00
package-installs.yaml	Move elements & lib relative to diskimage_builder package	2016-11-01 17:27:41 -07:00
pkg-map	Remove centos and rhel elements	2017-06-28 12:26:24 +10:00
source-repository-ironic-agent	Move elements & lib relative to diskimage_builder package	2016-11-01 17:27:41 -07:00
svc-map	Move elements & lib relative to diskimage_builder package	2016-11-01 17:27:41 -07:00

README.rst

ironic-agent

Builds a ramdisk with ironic-python-agent. More information can be found at:: https://git.openstack.org/cgit/openstack/ironic-python-agent/

Beyond installing the ironic-python-agent, this element does the following:

Installs the dhcp-all-interfaces so the node, upon booting, attempts to obtain an IP address on all available network interfaces.
Disables the iptables service on SysV and systemd based systems.
Disables the ufw service on Upstart based systems.
Installs packages required for the operation of the ironic-python-agent::

qemu-utils parted hdparm util-linux genisoimage
When installing from source, python-dev and gcc are also installed in order to support source based installation of ironic-python-agent and its dependencies.
Install the certificate if any, which is set to the environment variable DIB_IPA_CERT for validating the authenticity by ironic-python-agent. The certificate can be self-signed certificate or CA certificate.
Compresses initramfs with command specified in environment variable DIB_IPA_COMPRESS_CMD, which is 'gzip' by default. This command should listen for raw data from stdin and write compressed data to stdout. Command can be with arguments.

This element outputs three files:

$IMAGE-NAME.initramfs: The deploy ramdisk file containing the ironic-python-agent (IPA) service.
$IMAGE-NAME.kernel: The kernel binary file.
$IMAGE-NAME.vmlinuz: A hard link pointing to the $IMAGE-NAME.kernel file; this is just a backward compatibility layer, please do not rely on this file.

Note

The package based install currently only enables the service when using the systemd init system. This can easily be changed if there is an agent package which includes upstart or sysv packaging.

Note

Using the ramdisk will require at least 1.5GB of ram