[Ovirt-devel] [PATCH node] generalized configuration persistence for oVirt Node

Perry N. Myers pmyers at redhat.com
Fri Sep 19 18:36:53 UTC 2008


Alan Pevec wrote:
> If local OVIRT partition is available, persist selected configuration files,
> for now: Kerberos config, libvirt keytab and SSH host key.
> 
> To initialize OVIRT partition, boot oVirt Node with ovirt_init=scsi parameter,
> this will format the first disk and create the partition.
> For more details see http://ovirt.org/page/Local_Disk_Usage

This conceptually looks fine to me.  Need to put it through the paces to 
make sure it works as advertised :)  But Ack on the process anyhow.

This got brought up before with your original local installation patches, 
but this patch brings it up again...

If the user never manually goes to a box and changes the kernel command 
line to include ovirt_init=/dev/sd* they'll never have a config partition. 
  That makes me think that we need a way to have a process to create a USB 
key of the oVirt Node that contains some user specified kernel command 
line options.  That way someone could just walk up to a bunch of machines 
with the key and in sequence boot the key and install the Node on local 
disk without any keystrokes.

Also, how do we handle this in PXE environments?  How do we allow the 
admin to tell a specific machine to boot with ovirt_init=/dev/sda?  I 
suppose we can set that as default in pxe config file, but is there any 
problem with specifying that multiple times?  (i.e. will it blow away the 
existing config partition on the 2nd boot?)

Perry

> Signed-off-by: Alan Pevec <apevec at redhat.com>
> ---
>  ovirt-node.spec.in      |    1 +
>  scripts/ovirt           |   53 ++++++++++++++++++++--------------------------
>  scripts/ovirt-early     |   10 ++------
>  scripts/ovirt-functions |   38 +++++++++++++++++++++++++++++++++
>  scripts/ovirt-post      |    7 +++++-
>  5 files changed, 71 insertions(+), 38 deletions(-)
>  mode change 100755 => 100644 scripts/ovirt-early
> 
> diff --git a/ovirt-node.spec.in b/ovirt-node.spec.in
> index 92905fd..fb31c4f 100644
> --- a/ovirt-node.spec.in
> +++ b/ovirt-node.spec.in
> @@ -12,6 +12,7 @@ Requires(post):  /sbin/chkconfig
>  Requires(preun): /sbin/chkconfig
>  BuildRequires:  libvirt-devel
>  BuildRequires:  dbus-devel hal-devel
> +Requires:       augeas
>  Requires:       libvirt
>  Requires:       hal
>  Requires:       collectd
> diff --git a/scripts/ovirt b/scripts/ovirt
> index 0878a9e..d81a72e 100644
> --- a/scripts/ovirt
> +++ b/scripts/ovirt
> @@ -11,30 +11,31 @@
>  . /etc/init.d/ovirt-functions
>  
>  start() {
> -    krb5_conf=/etc/krb5.conf
> -    krb5_tab=/etc/libvirt/krb5.tab
> -    # retrieve config from local oVirt partition if available
> -    #   krb5.conf krb5.tab
> -    #   TODO local admin password, ssh server key - what else?
> +    # retrieve config from local OVIRT partition if available
>      ovirt=$(mktemp -d)
> +    ovirt_mount $ovirt
> +    # /config on OVIRT partition contains persisted /etc files
>      cfg=$ovirt/config
> -    if [ -e /dev/disk/by-label/$OVIRT_LABEL ]; then
> -      mount -r /dev/disk/by-label/$OVIRT_LABEL $ovirt
> -    else
> -      mount -r /dev/live $ovirt
> -    fi
> -    if [ -e $cfg/krb5.conf ]; then
> -      cp -a $cfg/krb5.conf $krb5_conf
> -    fi
> -    if [ -e $cfg/krb5.tab ]; then
> -      cp -a $cfg/krb5.tab $krb5_tab
> +    if [ -d $cfg/etc ]; then
> +      cp -rv $cfg/etc/* /etc
> +      restorecon -r /etc
>      fi
> -    if [ -s $krb5_tab ]; then
> -      krb5_tab=
> +    # and optional Augeas augtool script
> +    aug=$cfg/config.aug
> +    if [ -f $aug ]; then
> +      tmpaug=$(mktemp)
> +      cp $aug $tmpaug
> +      echo "save" >> $tmpaug
> +      augtool < $tmpaug > /dev/null 2>&1
> +      if [ $? -eq 0 ]; then
> +        printf "$aug applied."
> +      fi
>      fi
> +    umount $ovirt && rmdir $ovirt
>  
>      find_srv ipa tcp
>      if [ -n "$SRV_HOST" -a -n "$SRV_PORT" ]; then
> +        krb5_conf=/etc/krb5.conf
>          # FIXME this is IPA specific
>          wget -q \
>              http://$SRV_HOST:$SRV_PORT/ipa/config/krb5.ini -O $krb5_conf.tmp
> @@ -42,33 +43,25 @@ start() {
>              echo "Failed to get $krb5_conf"; return 1
>          fi
>          mv $krb5_conf.tmp $krb5_conf
> -        # store config in oVirt partition
> -        if [ -e $cfg ]; then
> -            mount -o remount,rw $ovirt
> -            cp -a $krb5_conf $cfg/krb5.conf
> -        fi
>      else
>          echo "skipping Kerberos configuration"
>      fi
>  
>      find_srv identify tcp
>      if [ -n "$SRV_HOST" -a -n "$SRV_PORT" ]; then
> +        krb5_tab=/etc/libvirt/krb5.tab
> +        # skip ktab download if we got it from /config
> +        if [ -s $krb5_tab ]; then
> +          krb5_tab=
> +        fi
>          ovirt-awake start $SRV_HOST $SRV_PORT $krb5_tab
>          if [ $? -ne 0 ]; then
>              echo "ovirt-awake failed"; return 1
>          fi
> -        # store config in oVirt partition
> -        if [ -n "$krb_tab" -a -e $cfg ]; then
> -            mount -o remount,rw $ovirt
> -            cp -a $krb5_tab $cfg/krb5.tab
> -        fi
>      else
>          echo "skipping ovirt-awake, oVirt identify service not available"
>      fi
>  
> -    # cleanup
> -    umount $ovirt && rmdir $ovirt
> -
>      find_srv collectd tcp
>      if [ -n "$SRV_HOST" -a -n "$SRV_PORT" ]; then
>          collectd_conf=/etc/collectd.conf
> diff --git a/scripts/ovirt-early b/scripts/ovirt-early
> old mode 100755
> new mode 100644
> index 6d9bd76..3ab9f47
> --- a/scripts/ovirt-early
> +++ b/scripts/ovirt-early
> @@ -217,13 +217,9 @@ local_install() {
>      mkdir -p $ovirt/config
>      # update local config using the one embedded in livecd image
>      # TODO admin tool for adding /config into livecd image
> -    if [ -e $live/config/krb5.conf ]; then
> -      cp -a $live/config/krb5.conf $ovirt/config \
> -      || echo "krb5.conf copy failed"
> -    fi
> -    if [ -e $live/config/krb5.tab ]; then
> -      cp -a $live/config/krb5.tab $ovirt/config \
> -      || echo "krb5.tab copy failed"
> +    if [ -d $live/config ]; then
> +      cp -rv $live/config/* $ovirt/config \
> +      || echo "config copy failed"
>      fi
>  
>      if [ $local_os = 0 ]; then
> diff --git a/scripts/ovirt-functions b/scripts/ovirt-functions
> index 3bec877..bd59d09 100644
> --- a/scripts/ovirt-functions
> +++ b/scripts/ovirt-functions
> @@ -47,3 +47,41 @@ ovirt_setup_libvirtd() {
>         echo "mech_list: gssapi" >> $sasl_conf
>      fi
>  }
> +
> +ovirt_mount() {
> +    if [ -e /dev/disk/by-label/$OVIRT_LABEL ]; then
> +      mount -r /dev/disk/by-label/$OVIRT_LABEL $1
> +    else
> +      mount -r /dev/live $1
> +    fi
> +}
> +
> +md5() {
> +  md5sum $1 2>/dev/null | (read MD5 filename; echo $MD5)
> +}
> +
> +# persist configuration to /config on OVIRT partition
> +#   ovirt_store_config /etc/config /etc/config2 ...
> +ovirt_store_config() {
> +    ovirt=$(mktemp -d)
> +    ovirt_mount $ovirt
> +    cfg=$ovirt/config
> +    rw=0
> +    printf "store config:"
> +    for f in "$@"; do
> +       # ignore non-/etc paths
> +       if [ $f != ${f#/etc/} ]; then
> +           # check if changed
> +           if [ "$(md5 $f)" != "$(md5 $cfg$f)" ]; then
> +               if [ $rw = 0 ]; then
> +                   mount -o remount,rw $ovirt
> +                   rw=1
> +               fi
> +               mkdir -p $cfg$(dirname $f)
> +               cp $f $cfg$f
> +               print " $f"
> +           fi
> +       fi
> +    done
> +    umount $ovirt && rmdir $ovirt
> +}
> diff --git a/scripts/ovirt-post b/scripts/ovirt-post
> index d989940..046a2c0 100644
> --- a/scripts/ovirt-post
> +++ b/scripts/ovirt-post
> @@ -11,8 +11,13 @@
>  . /etc/init.d/ovirt-functions
>  
>  start() {
> -    find_srv identify tcp
> +    # persist selected configuration files
> +    ovirt_store_config \
> +      /etc/krb5.conf \
> +      /etc/libvirt/krb5.tab \
> +      /etc/ssh/ssh_host*_key*
>  
> +    find_srv identify tcp
>      if [ -n "$SRV_HOST" -a -n "$SRV_PORT" ]; then
>          ovirt-identify-node -s $SRV_HOST -p $SRV_PORT
>      else

-- 
|=-        Red Hat, Engineering, Emerging Technologies, Boston        -=|
|=-                     Email: pmyers at redhat.com                      -=|
|=-         Office: +1 412 474 3552   Mobile: +1 703 362 9622         -=|
|=- GnuPG: E65E4F3D 88F9 F1C9 C2F3 1303 01FE 817C C5D2 8B91 E65E 4F3D -=|




More information about the ovirt-devel mailing list