From aron at hp.com Mon Feb 2 16:18:19 2009 From: aron at hp.com (Aron Griffis) Date: Mon, 2 Feb 2009 11:18:19 -0500 Subject: [Thincrust-devel] still no initrd Message-ID: <20090202161819.GB11713@fc.hp.com> I'm still struggling to build a working thincrust appliance. In all my attempts, the initrd is never created. I've tried appliance-tools-003.10-1.fc10.noarch on f10 and appliance-tools-004-2.fc11.noarch on rawhide. I've tried building an f10-based appliance and a rawhide-based appliance. In all cases, the image doesn't have an initrd, and therefore won't boot. Am I doing something wrong, are the tools broken, or is fedora-aos.ks at fault? Thanks, Aron From aron at hp.com Mon Feb 2 16:55:39 2009 From: aron at hp.com (Aron Griffis) Date: Mon, 2 Feb 2009 11:55:39 -0500 Subject: [Thincrust-devel] still no initrd In-Reply-To: <20090202161819.GB11713@fc.hp.com> References: <20090202161819.GB11713@fc.hp.com> Message-ID: <20090202165538.GC11713@fc.hp.com> FINALLY figured it out. My .rpmmacros file sets %_tmppath to isolate separate users on the same system. However the resulting dir didn't exist inside the image, so none of the %post scripts could run, including the generated initrd... On to actually doing interesting things with thincrust... Aron From bkearney at redhat.com Tue Feb 3 13:20:36 2009 From: bkearney at redhat.com (Bryan Kearney) Date: Tue, 03 Feb 2009 08:20:36 -0500 Subject: [Thincrust-devel] still no initrd In-Reply-To: <20090202165538.GC11713@fc.hp.com> References: <20090202161819.GB11713@fc.hp.com> <20090202165538.GC11713@fc.hp.com> Message-ID: <498844A4.4080907@redhat.com> Aron Griffis wrote: > FINALLY figured it out. > > My .rpmmacros file sets %_tmppath to isolate separate users on > the same system. However the resulting dir didn't exist inside > the image, so none of the %post scripts could run, including the > generated initrd... > > On to actually doing interesting things with thincrust... > Does this mess up building livecds as well as appliances? -- bk From aron at hp.com Wed Feb 4 04:52:56 2009 From: aron at hp.com (Aron Griffis) Date: Tue, 3 Feb 2009 23:52:56 -0500 Subject: [Thincrust-devel] still no initrd In-Reply-To: <498844A4.4080907@redhat.com> References: <20090202161819.GB11713@fc.hp.com> <20090202165538.GC11713@fc.hp.com> <498844A4.4080907@redhat.com> Message-ID: <20090204045255.GB7032@fc.hp.com> Bryan Kearney wrote: [Tue Feb 03 2009, 08:20:36AM EST] > Does this mess up building livecds as well as appliances? I'd guess yes, but I haven't tried building a livecd. Here's what I had in my .rpmmacros: %_tmppath /var/tmp/%{expand:%%(id -un)} This is to isolate multiple users building on the same machine. At first rpm scripts fail because of: sh: id: command not found then after coreutils is installed they fail because of: error: error creating temporary file /var/tmp/root/rpm-tmp.QA0gZJ: No such file or directory error: Couldn't create temporary file for %post(kernel-2.6.27.12-170.2.5.fc10.x86_64): No such file or directory To make it work, I just removed that line. Thanks, Aron From jboggs at redhat.com Wed Feb 18 02:37:06 2009 From: jboggs at redhat.com (Joey Boggs) Date: Tue, 17 Feb 2009 21:37:06 -0500 Subject: [Thincrust-devel] [PATCH ace] add FORWARD chain and in_interface options Message-ID: <1234924626-19377-1-git-send-email-jboggs@redhat.com> The FORWARD chain and in_interface options of iptables are required to support nat --- modules/firewall/manifests/firewall.pp | 5 +++-- modules/firewall/templates/rule.erb | 3 +++ 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/modules/firewall/manifests/firewall.pp b/modules/firewall/manifests/firewall.pp index 2b03cc0..51a8ca2 100644 --- a/modules/firewall/manifests/firewall.pp +++ b/modules/firewall/manifests/firewall.pp @@ -41,7 +41,7 @@ class firewall { notify => Exec["reload-firewall"], } - file { [ "$firewall_dir/filter/INPUT", "$firewall_dir/filter/OUTPUT" ]: + file { [ "$firewall_dir/filter/INPUT", "$firewall_dir/filter/OUTPUT", "$firewall_dir/filter/FORWARD" ]: ensure => directory, mode => 0755, require => File["${firewall_dir}/filter"], @@ -141,7 +141,8 @@ define firewall_rule ( $destination = '', $action = 'ACCEPT', $table = 'filter', - $out_interface = '' + $out_interface = '', + $in_interface = '' ) { file { "/usr/share/firewall/${table}/${chain}/${name}": owner => root, diff --git a/modules/firewall/templates/rule.erb b/modules/firewall/templates/rule.erb index 75b06df..6a480c8 100644 --- a/modules/firewall/templates/rule.erb +++ b/modules/firewall/templates/rule.erb @@ -21,6 +21,9 @@ --source-port <%= source_port + " " -%> <% end -%> <% end -%> +<% unless in_interface.empty? -%> +--in-interface <%= in_interface %> <%= " " -%> +<% end -%> <% unless out_interface.empty? -%> --out-interface <%= out_interface %> <%= " " -%> <% end -%> -- 1.6.0.6 From jboggs at redhat.com Wed Feb 18 02:41:05 2009 From: jboggs at redhat.com (Joey Boggs) Date: Tue, 17 Feb 2009 21:41:05 -0500 Subject: [Thincrust-devel] Re: [PATCH ace] add FORWARD chain and in_interface options In-Reply-To: <1234924626-19377-1-git-send-email-jboggs@redhat.com> References: <1234924626-19377-1-git-send-email-jboggs@redhat.com> Message-ID: <499B7541.9000905@redhat.com> I'd like to get this into ace ASAP to support nat for ovirt nodes. Let me know if you need anything from me. I've attached an example to help with testing ------------------------------ import 'firewall' firewall::setup{'setup': status => 'enabled' } firewall_rule{"nat-1": chain => "FORWARD", in_interface => "ovirtbr0", out_interface => "wlan0", protocol => ""} firewall_rule{"nat-2": table => "nat", chain => "POSTROUTING", out_interface => "eth0", protocol => "", action => "MASQUERADE"} firewall_rule{"ssh": destination_port => "22"} ------------------------------ # Generated by iptables-save v1.4.1.1 on Tue Feb 17 20:57:15 2009 *nat :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [1202:80855] :OUTPUT ACCEPT [0:0] -A POSTROUTING -o eth0 -j MASQUERADE COMMIT # Completed on Tue Feb 17 20:57:15 2009 # Generated by iptables-save v1.4.1.1 on Tue Feb 17 20:57:15 2009 *filter :INPUT DROP [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [138851:101321182] -A INPUT -i lo -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -m limit --limit 3/min -j LOG --log-prefix "[IPTABLES] INPUT : " -A FORWARD -i ovirtbr0 -o wlan0 -j ACCEPT COMMIT # Completed on Tue Feb 17 20:57:15 2009 Joey Boggs wrote: > The FORWARD chain and in_interface options of iptables are required to support nat > > --- > modules/firewall/manifests/firewall.pp | 5 +++-- > modules/firewall/templates/rule.erb | 3 +++ > 2 files changed, 6 insertions(+), 2 deletions(-) > > diff --git a/modules/firewall/manifests/firewall.pp b/modules/firewall/manifests/firewall.pp > index 2b03cc0..51a8ca2 100644 > --- a/modules/firewall/manifests/firewall.pp > +++ b/modules/firewall/manifests/firewall.pp > @@ -41,7 +41,7 @@ class firewall { > notify => Exec["reload-firewall"], > } > > - file { [ "$firewall_dir/filter/INPUT", "$firewall_dir/filter/OUTPUT" ]: > + file { [ "$firewall_dir/filter/INPUT", "$firewall_dir/filter/OUTPUT", "$firewall_dir/filter/FORWARD" ]: > ensure => directory, > mode => 0755, > require => File["${firewall_dir}/filter"], > @@ -141,7 +141,8 @@ define firewall_rule ( > $destination = '', > $action = 'ACCEPT', > $table = 'filter', > - $out_interface = '' > + $out_interface = '', > + $in_interface = '' > ) { > file { "/usr/share/firewall/${table}/${chain}/${name}": > owner => root, > diff --git a/modules/firewall/templates/rule.erb b/modules/firewall/templates/rule.erb > index 75b06df..6a480c8 100644 > --- a/modules/firewall/templates/rule.erb > +++ b/modules/firewall/templates/rule.erb > @@ -21,6 +21,9 @@ > --source-port <%= source_port + " " -%> > <% end -%> > <% end -%> > +<% unless in_interface.empty? -%> > +--in-interface <%= in_interface %> <%= " " -%> > +<% end -%> > <% unless out_interface.empty? -%> > --out-interface <%= out_interface %> <%= " " -%> > <% end -%> > From bkearney at redhat.com Wed Feb 18 13:40:49 2009 From: bkearney at redhat.com (Bryan Kearney) Date: Wed, 18 Feb 2009 08:40:49 -0500 Subject: [Thincrust-devel] Re: [PATCH ace] add FORWARD chain and in_interface options In-Reply-To: <499B7541.9000905@redhat.com> References: <1234924626-19377-1-git-send-email-jboggs@redhat.com> <499B7541.9000905@redhat.com> Message-ID: <499C0FE1.90209@redhat.com> Joey Boggs wrote: > I'd like to get this into ace ASAP to support nat for ovirt nodes. Let > me know if you need anything from me. I've attached an example to help > with testing Grab the latest here: http://koji.fedoraproject.org/koji/buildinfo?buildID=83169 If it works for you, lemme know and I will push it to f9 and f10. -- bk From jboggs at redhat.com Wed Feb 18 14:31:43 2009 From: jboggs at redhat.com (Joey Boggs) Date: Wed, 18 Feb 2009 09:31:43 -0500 Subject: [Thincrust-devel] Re: [PATCH ace] add FORWARD chain and in_interface options In-Reply-To: <499C0FE1.90209@redhat.com> References: <1234924626-19377-1-git-send-email-jboggs@redhat.com> <499B7541.9000905@redhat.com> <499C0FE1.90209@redhat.com> Message-ID: <499C1BCF.5020506@redhat.com> Works great, thanks for the quick update Bryan Kearney wrote: > Joey Boggs wrote: >> I'd like to get this into ace ASAP to support nat for ovirt nodes. >> Let me know if you need anything from me. I've attached an example to >> help with testing > > Grab the latest here: > > http://koji.fedoraproject.org/koji/buildinfo?buildID=83169 > > If it works for you, lemme know and I will push it to f9 and f10. > > -- bk > > _______________________________________________ > Thincrust-devel mailing list > Thincrust-devel at redhat.com > https://www.redhat.com/mailman/listinfo/thincrust-devel From bkearney at redhat.com Thu Feb 19 13:28:36 2009 From: bkearney at redhat.com (Bryan Kearney) Date: Thu, 19 Feb 2009 08:28:36 -0500 Subject: [Thincrust-devel] Re: [PATCH ace] add FORWARD chain and in_interface options In-Reply-To: <499C1BCF.5020506@redhat.com> References: <1234924626-19377-1-git-send-email-jboggs@redhat.com> <499B7541.9000905@redhat.com> <499C0FE1.90209@redhat.com> <499C1BCF.5020506@redhat.com> Message-ID: <499D5E84.5020509@redhat.com> Joey Boggs wrote: > Works great, thanks for the quick update > You are welcome. It has hit stable on F10. -- bk From jboggs at redhat.com Fri Feb 20 18:50:20 2009 From: jboggs at redhat.com (Joey Boggs) Date: Fri, 20 Feb 2009 13:50:20 -0500 Subject: [Thincrust-devel] [PATCH] change single substitute to multiple for file_replacement Message-ID: <1235155820-26982-1-git-send-email-jboggs@redhat.com> --- .../plugins/puppet/type/file_replacement.rb | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/modules/appliance_base/plugins/puppet/type/file_replacement.rb b/modules/appliance_base/plugins/puppet/type/file_replacement.rb index 5fb4cc7..72cd88c 100644 --- a/modules/appliance_base/plugins/puppet/type/file_replacement.rb +++ b/modules/appliance_base/plugins/puppet/type/file_replacement.rb @@ -66,7 +66,7 @@ Puppet::Type.newtype(:file_replacement) do fail("File #{resource[:file]} does not exist") else data = File.read(resource[:file]) - newData = data.sub(resource[:pattern], resource[:replacement]) + newData = data.gsub(resource[:pattern], resource[:replacement]) file = File.new(resource[:file], "w+") file << newData file.close -- 1.6.0.6 From jboggs at redhat.com Tue Feb 24 18:14:10 2009 From: jboggs at redhat.com (Joey Boggs) Date: Tue, 24 Feb 2009 13:14:10 -0500 Subject: [Thincrust-devel] [PATCH] remove refreshonly requirement of firewall refresh/save Message-ID: <1235499250-16411-1-git-send-email-jboggs@redhat.com> --- modules/firewall/manifests/firewall.pp | 4 +--- 1 files changed, 1 insertions(+), 3 deletions(-) diff --git a/modules/firewall/manifests/firewall.pp b/modules/firewall/manifests/firewall.pp index 51a8ca2..57ca55d 100644 --- a/modules/firewall/manifests/firewall.pp +++ b/modules/firewall/manifests/firewall.pp @@ -86,13 +86,11 @@ class firewall { # relevent execs exec { "reload-firewall": command => "/usr/local/bin/iptables-update.sh", - require => File["iptables-update"], - refreshonly => true, + require => File["iptables-update"] } exec { "save-config": command => "/sbin/iptables-save > /etc/sysconfig/iptables", - refreshonly => true, require => Exec["reload-firewall"] } -- 1.6.0.6