[Ovirt-devel] [PATCH node-image] Remove ovirt-pxe and ovirt-flash* wrapper scripts and provide docs in README
Joey Boggs
jboggs at redhat.com
Mon Mar 30 14:02:39 UTC 2009
Removing the -pxe package and ovirt-pxe will break the installer's
ovirt-node-image portion/cobbler import. I'll work on fixing this today.
Perry Myers wrote:
> ovirt-pxe and ovirt-flash scripts just wrapped livecd-iso-to-* functionality
> and really did not provide any added value. Only thing that ovirt-pxe did
> that was valuable was added IPAPPEND 2 to the sample config file produced
> by livecd-iso-to-pxe, but since in most configurations (cobbler etc) you
> can't just use this file as is, instead we'll provide samples in README
> and instructions for calling livecd-iso-to-* scripts directly.
>
> Also, ovirt-node-image-pxe subpackage provided no real value since
> all it did was provide %post that ran ovirt-pxe. So removed it.
>
> Signed-off-by: Perry Myers <pmyers at redhat.com>
> ---
> Makefile.am | 6 +-
> README | 45 ++++++++++++++
> README.krb5 | 149 ----------------------------------------------
> ovirt-flash | 38 ------------
> ovirt-flash-static | 94 -----------------------------
> ovirt-node-image.spec.in | 21 -------
> ovirt-pxe | 37 -----------
> 7 files changed, 47 insertions(+), 343 deletions(-)
> create mode 100644 README
> delete mode 100644 README.krb5
> delete mode 100755 ovirt-flash
> delete mode 100755 ovirt-flash-static
> delete mode 100755 ovirt-pxe
>
> diff --git a/Makefile.am b/Makefile.am
> index 01bf632..eef520c 100644
> --- a/Makefile.am
> +++ b/Makefile.am
> @@ -35,17 +35,15 @@ EXTRA_DIST = \
> .gitignore \
> $(PACKAGE).spec \
> $(PACKAGE).spec.in \
> - README.krb5 \
> common-blacklist.ks \
> common-install.ks \
> common-pkgs.ks \
> common-post.ks \
> - ovirt-flash \
> $(PACKAGE).ks \
> - ovirt-pxe \
> create-ovirt-iso-nodes \
> edit-livecd \
> - livecd-setauth
> + livecd-setauth \
> + README
>
> DISTCLEANFILES = $(PACKAGE)-$(VERSION).tar.gz \
> $(PACKAGE).$(PKG_FMT) \
> diff --git a/README b/README
> new file mode 100644
> index 0000000..1062727
> --- /dev/null
> +++ b/README
> @@ -0,0 +1,45 @@
> +Some notes on node image deployment
> +
> +Nodes are provided in ISO format. These ISO images can be deployed by either:
> +1. Writing the image to a CD
> +2. Writing the image to USB flash using livecd-iso-to-disk utility
> +3. Creating pxe bootable files using livecd-iso-to-pxe utility
> +
> +To burn a Node image to a usb stick accessible as /dev/sdb:
> +livecd-iso-to-disk --format /usr/share/ovirt-node-image/ovirt-node-image.iso /dev/sdb
> +
> +To create vmlinuz and initrd images suitable for pxe booting:
> +livecd-iso-to-pxe /usr/share/ovirt-node-image/ovirt-node-image.iso
> +
> +The output of livecd-iso-to-pxe is a directory called tftpboot that has the
> +following files in it:
> +./pxelinux.0
> +./pxelinux.cfg/default
> +./vmlinuz0
> +./initrd0.img
> +
> +The vmlinuz0/initrd0.img files can be imported into a cobbler server or any
> +other PXE/tftp server. pxelinux.cfg/default provides a template for
> +configuring the pxe server to export the Node image:
> +
> +DEFAULT pxeboot
> +TIMEOUT 20
> +PROMPT 0
> +LABEL pxeboot
> + KERNEL vmlinuz0
> + APPEND rootflags=loop initrd=initrd0.img root=/ovirt-node-image.iso rootfstype=auto ro liveimg check rootfstype=iso9660 elevator=deadline
> +ONERROR LOCALBOOT 0
> +
> +In addition, PXE booted Nodes rely on the PXE server passing the mac address
> +of the pxe interface to the kernel. This is provided by using the IPAPPEND 2
> +parameter as follows:
> +
> +DEFAULT pxeboot
> +TIMEOUT 20
> +PROMPT 0
> +LABEL pxeboot
> + KERNEL vmlinuz0
> + IPAPPEND 2
> + APPEND rootflags=loop initrd=initrd0.img root=/ovirt-node-image.iso rootfstype=auto ro liveimg check rootfstype=iso9660 elevator=deadline
> +ONERROR LOCALBOOT 0
> +
> diff --git a/README.krb5 b/README.krb5
> deleted file mode 100644
> index 50d3159..0000000
> --- a/README.krb5
> +++ /dev/null
> @@ -1,149 +0,0 @@
> -This README is a series of instructions for setting up kerberos for use with
> -the libvirt stuff. There are a lot of steps, it is fairly complicated, and
> -the error reporting is pretty bad, so this is not for the faint of heart.
> -
> -It really helps to have a basic understanding of kerberos, KDC, and other
> -terminology when getting this up. You *can* just follow the steps here, but
> -when things go wrong (and they almost certainly will), you'll need more
> -background knowledge.
> -
> -To start, you need a minimum of 3 machines here:
> -
> -1) The FreeIPA server, where you install the freeipa software, and which acts
> -as your KDC. I'll refer to this one as "freeipa" throughout the document.
> -2) The host machine, that is, the one that is running ovirt and libvirtd.
> -I'll refer to this one as "ovirt" throughout the document.
> -3) The client machine, that is, the one that you will be running
> -virt-manager/virsh on, and connecting to the ovirt machine with. I'll refer
> -to this machine as "client" throughout the document.
> -
> -With that initial part, let's get started:
> -
> -On the freeipa machine:
> -1) Follow the directions on http://freeipa.org/page/QuickInstall to get the
> -FreeIPA server up and running. Note that if you are running on F8 or later,
> -you'll need to pay particular attention to the mod_auth_kerb section. During
> -the FreeIPA setup, you can call your realm whatever you want; I'll use
> -OVIRT.BOSTON.REDHAT.COM for the rest of the document.
> -2) Once you have freeipa installed somewhere, you'll need to add a principle
> -for the libvirt service. To do this, on the freeipa box, run:
> -
> -# kadmin.local
> -> addprinc -randkey libvirt/ovirt at OVIRT.BOSTON.REDHAT.COM
> -> ktadd -k /tmp/ovirt-libvirt.tab libvirt/ovirt at OVIRT.BOSTON.REDHAT.COM
> -> quit
> -
> -This will add a new principle for libvirt for the "ovirt" machine, and export
> -that principle to the /tmp/ovirt-libvirt.tab file. Note that you'll need
> -to replace "ovirt" and "OVIRT.BOSTON.REDHAT.COM" with the full DNS name and the
> -realm you are using, respectively.
> -
> -On the ovirt machine:
> -
> -NOTE: if you use the scripts (i.e. ovirt-pxe.sh) to generate an oVirt Node
> -image, all of the following is done for you. These are just notes for doing
> -it by hand.
> -
> -1) First, we need to edit the krb5.conf to point to the correct realm and
> -KDC. In /etc/krb5.conf, in the [realms] section, you'll want to add your
> -realm name, along with it's kdc and admin server. In my case, it looks like:
> -
> -[realms]
> - OVIRT.BOSTON.REDHAT.COM = {
> - kdc = freeipa:88
> - admin_server = freeipa:749
> - }
> -
> -You'll need to replace "freeipa" with the fully qualified domain name of your
> -freeipa server.
> -
> -Now, you'll need to associate that realm with DNS names. So, you'll want to
> -add 2 lines to the [domain_realm] section, which basically associates that
> -realm with these names. In my case, it looks like:
> -
> -[domain_realm]
> - .ovirt.boston.redhat.com = OVIRT.BOSTON.REDHAT.COM
> - ovirt.boston.redhat.com = OVIRT.BOSTON.REDHAT.COM
> -
> -Finally, we'll need to make sure that this realm is the default realm. In
> -the [libdefaults] section, you'll want to change the default_realm to point
> -to your realm. In my case, it looks like:
> -
> -[libdefaults]
> - default_realm = OVIRT.BOSTON.REDHAT.COM
> -
> -2) Now we need to make sure that libvirtd is configured properly. In the
> -simple case, libvirtd is using kerberos for authentication, and TCP for the
> -transport. We can also set it up to use kerberos for authentication and
> -TLS for the transport, but that's not covered yet. In any case, we need to
> -open up the raw TCP field for our use. Edit /etc/libvirt/libvirtd.conf, and
> -uncomment "listen_tcp = 1".
> -
> -3) Next we need the keytable from the freeipa server. You should be able
> -to take the keytab you exported from the freeipa machine earlier (with the
> -ktadd -k command), and install it on the ovirt machine. Basically just copy
> -that exported keytab to /etc/libvirt/krb5.tab
> -
> -4) Finally, we need to start the libvirtd daemon. Of course, make sure this
> -libvirtd has the GSSAPI/kerberos stuff compiled in :). Assuming that is the
> -case, you'll need to start it like:
> -
> -KRB5_KTNAME=/etc/libvirt/krb5.tab /root/libvirtd --listen --daemon
> -
> -On the client machine:
> -1) Setup up krb5.conf exactly the same as described in step 1 for the ovirt
> -machine.
> -2) Edit /etc/sasl2/libvirt.conf, and add:
> -mech_list: gssapi
> -
> -3) Now you'll need to kinit to get an initial kerberos ticket for the realm.
> -In my case, I run:
> -
> -# kinit admin at OVIRT.BOSTON.REDHAT.COM
> -
> -and enter in the password to get a ticket. You'll have to replace the username
> -and the realm to suit your own setup.
> -
> -At this point, you should run:
> -
> -# klist
> -
> -and should see output similar to the following:
> -
> -Ticket cache: FILE:/tmp/krb5cc_0
> -Default principal: admin at VIRT.BOSTON.REDHAT.COM
> -
> -Valid starting Expires Service principal
> -10/31/07 12:14:51 11/01/07 12:11:21 krbtgt/VIRT.BOSTON.REDHAT.COM at VIRT.BOSTON.REDHAT.COM
> -
> -
> -Kerberos 4 ticket cache: /tmp/tkt0
> -klist: You have no tickets cached
> -
> -4) Now we can attempt to connect to the remote hypervisor with virsh. Of
> -course, make sure your virsh has the GSSAPI/kerberos support compiled in:
> -
> -# virsh --connect qemu+tcp://ovirt/system list --all
> -
> -This should output something like:
> -
> - Id Name State
> -----------------------------------
> - - f8i386 shut off
> - - f8x86_64 shut off
> -
> -
> -Troubleshooting:
> -Two main problems tend to trip people up on their first try: differences in
> -time, and problems with DNS. You have to make sure that all three machines
> -in this example (freeipa, ovirt, client) are synced via NTP, and you have to
> -make sure that all three machines can resolve each other's DNS name both
> -forwards and backwards. If either of those isn't true, it won't work.
> -
> -On the "freeipa" machine, you can look at /var/log/krb5kdc.log to get an idea
> -of what went wrong.
> -
> -If you see an error like "Server not found in Kerberos database", either you
> -didn't add the principle correctly in the first step here, or you have an
> -alternate name for the server in /etc/hosts. Remove any /etc/hosts aliases and
> -try again.
> diff --git a/ovirt-flash b/ovirt-flash
> deleted file mode 100755
> index 0b9c793..0000000
> --- a/ovirt-flash
> +++ /dev/null
> @@ -1,38 +0,0 @@
> -#!/bin/bash
> -#
> -# Create an Ovirt Host USB device (stateless)
> -# Copyright 2008 Red Hat, Inc.
> -# Written by Chris Lalancette <clalance at redhat.com>
> -#
> -# This program is free software; you can redistribute it and/or modify
> -# it under the terms of the GNU General Public License as published by
> -# the Free Software Foundation; version 2 of the License.
> -#
> -# This program is distributed in the hope that it will be useful,
> -# but WITHOUT ANY WARRANTY; without even the implied warranty of
> -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> -# GNU Library General Public License for more details.
> -#
> -# You should have received a copy of the GNU General Public License
> -# along with this program; if not, write to the Free Software
> -# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
> -
> -ME=$(basename "$0")
> -warn() { printf '%s: %s\n' "$ME" "$*" >&2; }
> -die() { warn "$@"; exit 1; }
> -
> -test $# != 2 && die "Usage: $ME <usbdevice> <iso-image>"
> -
> -USBDEVICE=$1
> -ISO=$2
> -
> -test ! -r $ISO && die "$ISO is not a readable file"
> -test ! -b $USBDEVICE && die "$USBDEVICE is not a valid block device"
> -test $( id -u ) -ne 0 && die "$ME must run as root"
> -
> -# clear out the old partition table
> -dd if=/dev/zero of=$USBDEVICE bs=4096 count=1
> -printf 'n\np\n1\n\n\nt\n6\na\n1\nw\n' | fdisk $USBDEVICE
> -mkdosfs -n ovirt ${USBDEVICE}1
> -cat /usr/lib/syslinux/mbr.bin > $USBDEVICE
> -livecd-iso-to-disk $ISO ${USBDEVICE}1
> diff --git a/ovirt-flash-static b/ovirt-flash-static
> deleted file mode 100755
> index 79bcfbf..0000000
> --- a/ovirt-flash-static
> +++ /dev/null
> @@ -1,94 +0,0 @@
> -#!/bin/bash
> -#
> -# Create an Ovirt Host USB device (stateful)
> -# Copyright 2008 Red Hat, Inc.
> -# Written by Chris Lalancette <clalance at redhat.com>
> -#
> -# This program is free software; you can redistribute it and/or modify
> -# it under the terms of the GNU General Public License as published by
> -# the Free Software Foundation; version 2 of the License.
> -#
> -# This program is distributed in the hope that it will be useful,
> -# but WITHOUT ANY WARRANTY; without even the implied warranty of
> -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> -# GNU Library General Public License for more details.
> -#
> -# You should have received a copy of the GNU General Public License
> -# along with this program; if not, write to the Free Software
> -# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
> -
> -ME=$(basename "$0")
> -warn() { printf '%s: %s\n' "$ME" "$*" >&2; }
> -die() { warn "$@"; exit 1; }
> -
> -test $# != 2 && die "Usage: $ME <usbdevice> <iso-image>"
> -
> -USBDEVICE=$1
> -ISO=$2
> -
> -test ! -r "$ISO" && die "$ISO is not a readable file"
> -test ! -b "$USBDEVICE" && die "$USBDEVICE is not a valid block device"
> -test $( id -u ) -ne 0 && die "$ME must run as root"
> -
> -case $ISO in
> - *.iso) ;;
> - *) die "ME: ISO file name, '$ISO' lacks .iso suffix"
> -esac
> -
> -tmpdir=$(mktemp -d) || exit 1
> -
> -IMGTMP="$tmpdir/ovirt"
> -SQUASHTMP="$tmpdir/ovirt-squash"
> -USBTMP="$tmpdir/ovirt-usb"
> -
> -cleanup()
> -{
> - { umount "$USBTMP"
> - umount "$SQUASHTMP"
> - umount "$IMGTMP"
> - } 2> /dev/null || :
> - rm -rf "$tmpdir"
> -}
> -trap cleanup 0
> -trap 'exit $?' 1 2 13 15
> -
> -# From here on, any failure makes the script fail.
> -set -e
> -
> -# do setup
> -mkdir -p "$IMGTMP" "$SQUASHTMP" "$USBTMP"
> -mount -o loop "$ISO" "$IMGTMP"
> -
> -squashfs_img="$IMGTMP/LiveOS/squashfs.img"
> -test -f "$squashfs_img" \
> - || die "not a LiveCD image: $ISO"
> -
> -mount -o loop "$squashfs_img" "$SQUASHTMP"
> -
> -# clear out the old partition table
> -dd if=/dev/zero of="$USBDEVICE" bs=4096 count=1
> -printf 'n\np\n1\n\n\nt\n83\na\n1\nw\n' | fdisk "$USBDEVICE"
> -
> -cat /usr/lib/syslinux/mbr.bin > "$USBDEVICE"
> -dd if="$SQUASHTMP/LiveOS/ext3fs.img" of="${USBDEVICE}1"
> -
> -mount "${USBDEVICE}1" "$USBTMP"
> -
> -cp "$IMGTMP"/isolinux/* "$USBTMP"
> -
> -rm -f "$USBTMP/isolinux.bin"
> -mv "$USBTMP/isolinux.cfg" "$USBTMP/extlinux.conf"
> -
> -iso_base=$(basename "$ISO" .iso)
> -# sanitize for sed and the label name and limit to 16 bytes
> -LABEL=$(echo "$iso_base" | cut -b-16 | tr -c '[[:alnum:]_.-]' _)
> -sed -i -e "s/ *append.*/ append initrd=initrd.img root=LABEL=$LABEL ro/" \
> - "$USBTMP/extlinux.conf"
> -
> -extlinux -i "$USBTMP"
> -
> -# To test:
> -cat <<\EOF > /dev/null
> -mkdir -p t/LiveOS && (cd t/LiveOS && touch ext3fs.img squashfs.img)
> -genisoimage -U -o k2.iso t
> -EOF
> diff --git a/ovirt-node-image.spec.in b/ovirt-node-image.spec.in
> index 8451dd3..c93019d 100644
> --- a/ovirt-node-image.spec.in
> +++ b/ovirt-node-image.spec.in
> @@ -34,14 +34,6 @@ Requires: livecd-tools >= 020-2
> The ISO boot image for oVirt Node booting from CDROM device.
> At the moment, this RPM just packages prebuilt ISO.
>
> -%package pxe
> -Summary: oVirt Node PXE image
> -Group: Applications/System
> -Requires: %{name} = %{version}-%{release}
> -
> -%description pxe
> -PXE boot image installer for oVirt Node network boot from oVirt Server.
> -
> %prep
> %setup -q
> %if ! %{source_iso}
> @@ -63,8 +55,6 @@ mkdir %{buildroot}
> %{__install} -d -m0755 %{buildroot}%{app_root}
> %{__install} -p -m0644 %{image_iso} %{buildroot}%{app_root}
> %{__install} -d -m0755 %{buildroot}%{_sbindir}
> -%{__install} -p -m0755 ovirt-pxe %{buildroot}%{_sbindir}
> -%{__install} -p -m0755 ovirt-flash %{buildroot}%{_sbindir}
> %{__install} -p -m0755 create-ovirt-iso-nodes %{buildroot}%{_sbindir}
> %{__install} -p -m0755 edit-livecd %{buildroot}%{_sbindir}
> %{__install} -p -m0755 livecd-setauth %{buildroot}%{_sbindir}
> @@ -73,12 +63,6 @@ mkdir %{buildroot}
> %clean
> %{__rm} -rf %{buildroot}
>
> -%post pxe
> -cd %{app_root}
> -rm -rf tftpboot
> -ovirt-pxe %{name}.iso > /dev/null
> -cobbler sync > /dev/null 2>&1 || :
> -
> %files
> %defattr(0644,root,root,0755)
> %{app_root}/%{name}.iso
> @@ -93,15 +77,10 @@ cobbler sync > /dev/null 2>&1 || :
> %doc %{app_root}/manifests/ovirt-release
>
> %defattr(0755,root,root,0755)
> -%{_sbindir}/ovirt-pxe
> -%{_sbindir}/ovirt-flash
> %{_sbindir}/create-ovirt-iso-nodes
> %{_sbindir}/edit-livecd
> %{_sbindir}/livecd-setauth
>
> -%files pxe
> -%defattr(0644,root,root,0755)
> -
> %changelog
> * Thu Jul 03 2008 Perry Myers <pmyers at redhat.com> 0.92-0
> - Only store ISO in SRPM, and generate PXE from that during build
> diff --git a/ovirt-pxe b/ovirt-pxe
> deleted file mode 100755
> index d1e2b91..0000000
> --- a/ovirt-pxe
> +++ /dev/null
> @@ -1,37 +0,0 @@
> -#!/bin/bash
> -#
> -# Create an Ovirt Host PXE boot
> -# Copyright 2008 Red Hat, Inc.
> -# Written by Chris Lalancette <clalance at redhat.com>
> -#
> -# This program is free software; you can redistribute it and/or modify
> -# it under the terms of the GNU General Public License as published by
> -# the Free Software Foundation; version 2 of the License.
> -#
> -# This program is distributed in the hope that it will be useful,
> -# but WITHOUT ANY WARRANTY; without even the implied warranty of
> -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> -# GNU Library General Public License for more details.
> -#
> -# You should have received a copy of the GNU General Public License
> -# along with this program; if not, write to the Free Software
> -# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
> -
> -ME=$(basename "$0")
> -warn() { printf '%s: %s\n' "$ME" "$*" >&2; }
> -die() { warn "$@"; exit 1; }
> -
> -test $# != 1 && die "Usage: $ME <iso-image>"
> -
> -ISO=$1
> -test ! -r $ISO && die "$ISO is not a readable file"
> -test $( id -u ) -ne 0 && die "$ME must run as root"
> -
> -livecd-iso-to-pxeboot $ISO
> -
> -# append BOOTIF with PXE MAC info
> -f=tftpboot/pxelinux.cfg/default
> -grep -q 'IPAPPEND 2' $f || sed -i '/KERNEL/a \\tIPAPPEND 2' $f
> -
> -# timeout quickly for PXE boots
> -sed -i 's/timeout.*/timeout 50/' $f
>
More information about the ovirt-devel
mailing list