Merge "DIB: allow disabling rescue mode"

This commit is contained in:
Zuul 2019-10-16 13:08:19 +00:00 committed by Gerrit Code Review
commit 7d975fe286
3 changed files with 21 additions and 6 deletions

View File

@ -24,15 +24,13 @@ Beyond installing the ironic-python-agent, this element does the following:
``DIB_IPA_COMPRESS_CMD``, which is 'gzip' by default. This command should
listen for raw data from stdin and write compressed data to stdout. Command
can be with arguments.
* Configures rescue mode if ``DIB_IPA_ENABLE_RESCUE`` is not set to ``false``.
This element outputs three files:
- ``$IMAGE-NAME.initramfs``: The deploy ramdisk file containing the
ironic-python-agent (IPA) service.
- ``$IMAGE-NAME.kernel``: The kernel binary file.
- ``$IMAGE-NAME.vmlinuz``: A hard link pointing to the ``$IMAGE-NAME.kernel``
file; this is just a backward compatibility layer, please do not rely
on this file.
.. note::
The package based install currently only enables the service when using the

View File

@ -6,12 +6,16 @@ fi
set -eu
set -o pipefail
DIB_IPA_ENABLE_RESCUE=${DIB_IPA_ENABLE_RESCUE:-true}
install-packages -e cloud-init
rm -rf /tmp/ironic-python-agent
# Make sure rescue works
mkdir -p /etc/ipa-rescue-config
if $DIB_IPA_ENABLE_RESCUE; then
# Make sure rescue works
mkdir -p /etc/ipa-rescue-config
fi
case "$DIB_INIT_SYSTEM" in
upstart)
@ -27,7 +31,9 @@ case "$DIB_INIT_SYSTEM" in
systemctl disable iptables.service
fi
systemctl enable $(svc-map ironic-python-agent).service
systemctl enable ironic-agent-create-rescue-user.path
if $DIB_IPA_ENABLE_RESCUE; then
systemctl enable ironic-agent-create-rescue-user.path
fi
;;
sysv)
update-rc.d iptables disable

View File

@ -83,6 +83,17 @@ a suitable ISO for booting, and so should work against any IPA ramdisk.
Advanced options
----------------
Disabling rescue
~~~~~~~~~~~~~~~~
By default rescue mode is enabled in the images. Since it allows to set root
password on the ramdisk by anyone on the network, you may disable it if the
rescue feature is not supported. Set the following before building the image:
.. code-block:: bash
export DIB_IPA_ENABLE_RESCUE=false
SSH access
~~~~~~~~~~