Merge "DIB: allow disabling rescue mode"
This commit is contained in:
commit
7d975fe286
@ -24,15 +24,13 @@ Beyond installing the ironic-python-agent, this element does the following:
|
||||
``DIB_IPA_COMPRESS_CMD``, which is 'gzip' by default. This command should
|
||||
listen for raw data from stdin and write compressed data to stdout. Command
|
||||
can be with arguments.
|
||||
* Configures rescue mode if ``DIB_IPA_ENABLE_RESCUE`` is not set to ``false``.
|
||||
|
||||
This element outputs three files:
|
||||
|
||||
- ``$IMAGE-NAME.initramfs``: The deploy ramdisk file containing the
|
||||
ironic-python-agent (IPA) service.
|
||||
- ``$IMAGE-NAME.kernel``: The kernel binary file.
|
||||
- ``$IMAGE-NAME.vmlinuz``: A hard link pointing to the ``$IMAGE-NAME.kernel``
|
||||
file; this is just a backward compatibility layer, please do not rely
|
||||
on this file.
|
||||
|
||||
.. note::
|
||||
The package based install currently only enables the service when using the
|
||||
|
@ -6,12 +6,16 @@ fi
|
||||
set -eu
|
||||
set -o pipefail
|
||||
|
||||
DIB_IPA_ENABLE_RESCUE=${DIB_IPA_ENABLE_RESCUE:-true}
|
||||
|
||||
install-packages -e cloud-init
|
||||
|
||||
rm -rf /tmp/ironic-python-agent
|
||||
|
||||
# Make sure rescue works
|
||||
mkdir -p /etc/ipa-rescue-config
|
||||
if $DIB_IPA_ENABLE_RESCUE; then
|
||||
# Make sure rescue works
|
||||
mkdir -p /etc/ipa-rescue-config
|
||||
fi
|
||||
|
||||
case "$DIB_INIT_SYSTEM" in
|
||||
upstart)
|
||||
@ -27,7 +31,9 @@ case "$DIB_INIT_SYSTEM" in
|
||||
systemctl disable iptables.service
|
||||
fi
|
||||
systemctl enable $(svc-map ironic-python-agent).service
|
||||
if $DIB_IPA_ENABLE_RESCUE; then
|
||||
systemctl enable ironic-agent-create-rescue-user.path
|
||||
fi
|
||||
;;
|
||||
sysv)
|
||||
update-rc.d iptables disable
|
||||
|
@ -83,6 +83,17 @@ a suitable ISO for booting, and so should work against any IPA ramdisk.
|
||||
Advanced options
|
||||
----------------
|
||||
|
||||
Disabling rescue
|
||||
~~~~~~~~~~~~~~~~
|
||||
|
||||
By default rescue mode is enabled in the images. Since it allows to set root
|
||||
password on the ramdisk by anyone on the network, you may disable it if the
|
||||
rescue feature is not supported. Set the following before building the image:
|
||||
|
||||
.. code-block:: bash
|
||||
|
||||
export DIB_IPA_ENABLE_RESCUE=false
|
||||
|
||||
SSH access
|
||||
~~~~~~~~~~
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user