[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Ovirt-devel] [PATCH node] generalized configuration persistence for oVirt Node



Alan Pevec wrote:
If local OVIRT partition is available, persist selected configuration files,
for now: Kerberos config, libvirt keytab and SSH host key.

To initialize OVIRT partition, boot oVirt Node with ovirt_init=scsi parameter,
this will format the first disk and create the partition.
For more details see http://ovirt.org/page/Local_Disk_Usage

This conceptually looks fine to me. Need to put it through the paces to make sure it works as advertised :) But Ack on the process anyhow.

This got brought up before with your original local installation patches, but this patch brings it up again...

If the user never manually goes to a box and changes the kernel command line to include ovirt_init=/dev/sd* they'll never have a config partition. That makes me think that we need a way to have a process to create a USB key of the oVirt Node that contains some user specified kernel command line options. That way someone could just walk up to a bunch of machines with the key and in sequence boot the key and install the Node on local disk without any keystrokes.

Also, how do we handle this in PXE environments? How do we allow the admin to tell a specific machine to boot with ovirt_init=/dev/sda? I suppose we can set that as default in pxe config file, but is there any problem with specifying that multiple times? (i.e. will it blow away the existing config partition on the 2nd boot?)

Perry

Signed-off-by: Alan Pevec <apevec redhat com>
---
 ovirt-node.spec.in      |    1 +
 scripts/ovirt           |   53 ++++++++++++++++++++--------------------------
 scripts/ovirt-early     |   10 ++------
 scripts/ovirt-functions |   38 +++++++++++++++++++++++++++++++++
 scripts/ovirt-post      |    7 +++++-
 5 files changed, 71 insertions(+), 38 deletions(-)
 mode change 100755 => 100644 scripts/ovirt-early

diff --git a/ovirt-node.spec.in b/ovirt-node.spec.in
index 92905fd..fb31c4f 100644
--- a/ovirt-node.spec.in
+++ b/ovirt-node.spec.in
@@ -12,6 +12,7 @@ Requires(post):  /sbin/chkconfig
 Requires(preun): /sbin/chkconfig
 BuildRequires:  libvirt-devel
 BuildRequires:  dbus-devel hal-devel
+Requires:       augeas
 Requires:       libvirt
 Requires:       hal
 Requires:       collectd
diff --git a/scripts/ovirt b/scripts/ovirt
index 0878a9e..d81a72e 100644
--- a/scripts/ovirt
+++ b/scripts/ovirt
@@ -11,30 +11,31 @@
 . /etc/init.d/ovirt-functions
start() {
-    krb5_conf=/etc/krb5.conf
-    krb5_tab=/etc/libvirt/krb5.tab
-    # retrieve config from local oVirt partition if available
-    #   krb5.conf krb5.tab
-    #   TODO local admin password, ssh server key - what else?
+    # retrieve config from local OVIRT partition if available
     ovirt=$(mktemp -d)
+    ovirt_mount $ovirt
+    # /config on OVIRT partition contains persisted /etc files
     cfg=$ovirt/config
-    if [ -e /dev/disk/by-label/$OVIRT_LABEL ]; then
-      mount -r /dev/disk/by-label/$OVIRT_LABEL $ovirt
-    else
-      mount -r /dev/live $ovirt
-    fi
-    if [ -e $cfg/krb5.conf ]; then
-      cp -a $cfg/krb5.conf $krb5_conf
-    fi
-    if [ -e $cfg/krb5.tab ]; then
-      cp -a $cfg/krb5.tab $krb5_tab
+    if [ -d $cfg/etc ]; then
+      cp -rv $cfg/etc/* /etc
+      restorecon -r /etc
     fi
-    if [ -s $krb5_tab ]; then
-      krb5_tab=
+    # and optional Augeas augtool script
+    aug=$cfg/config.aug
+    if [ -f $aug ]; then
+      tmpaug=$(mktemp)
+      cp $aug $tmpaug
+      echo "save" >> $tmpaug
+      augtool < $tmpaug > /dev/null 2>&1
+      if [ $? -eq 0 ]; then
+        printf "$aug applied."
+      fi
     fi
+    umount $ovirt && rmdir $ovirt
find_srv ipa tcp
     if [ -n "$SRV_HOST" -a -n "$SRV_PORT" ]; then
+        krb5_conf=/etc/krb5.conf
         # FIXME this is IPA specific
         wget -q \
             http://$SRV_HOST:$SRV_PORT/ipa/config/krb5.ini -O $krb5_conf.tmp
@@ -42,33 +43,25 @@ start() {
             echo "Failed to get $krb5_conf"; return 1
         fi
         mv $krb5_conf.tmp $krb5_conf
-        # store config in oVirt partition
-        if [ -e $cfg ]; then
-            mount -o remount,rw $ovirt
-            cp -a $krb5_conf $cfg/krb5.conf
-        fi
     else
         echo "skipping Kerberos configuration"
     fi
find_srv identify tcp
     if [ -n "$SRV_HOST" -a -n "$SRV_PORT" ]; then
+        krb5_tab=/etc/libvirt/krb5.tab
+        # skip ktab download if we got it from /config
+        if [ -s $krb5_tab ]; then
+          krb5_tab=
+        fi
         ovirt-awake start $SRV_HOST $SRV_PORT $krb5_tab
         if [ $? -ne 0 ]; then
             echo "ovirt-awake failed"; return 1
         fi
-        # store config in oVirt partition
-        if [ -n "$krb_tab" -a -e $cfg ]; then
-            mount -o remount,rw $ovirt
-            cp -a $krb5_tab $cfg/krb5.tab
-        fi
     else
         echo "skipping ovirt-awake, oVirt identify service not available"
     fi
- # cleanup
-    umount $ovirt && rmdir $ovirt
-
     find_srv collectd tcp
     if [ -n "$SRV_HOST" -a -n "$SRV_PORT" ]; then
         collectd_conf=/etc/collectd.conf
diff --git a/scripts/ovirt-early b/scripts/ovirt-early
old mode 100755
new mode 100644
index 6d9bd76..3ab9f47
--- a/scripts/ovirt-early
+++ b/scripts/ovirt-early
@@ -217,13 +217,9 @@ local_install() {
     mkdir -p $ovirt/config
     # update local config using the one embedded in livecd image
     # TODO admin tool for adding /config into livecd image
-    if [ -e $live/config/krb5.conf ]; then
-      cp -a $live/config/krb5.conf $ovirt/config \
-      || echo "krb5.conf copy failed"
-    fi
-    if [ -e $live/config/krb5.tab ]; then
-      cp -a $live/config/krb5.tab $ovirt/config \
-      || echo "krb5.tab copy failed"
+    if [ -d $live/config ]; then
+      cp -rv $live/config/* $ovirt/config \
+      || echo "config copy failed"
     fi
if [ $local_os = 0 ]; then
diff --git a/scripts/ovirt-functions b/scripts/ovirt-functions
index 3bec877..bd59d09 100644
--- a/scripts/ovirt-functions
+++ b/scripts/ovirt-functions
@@ -47,3 +47,41 @@ ovirt_setup_libvirtd() {
        echo "mech_list: gssapi" >> $sasl_conf
     fi
 }
+
+ovirt_mount() {
+    if [ -e /dev/disk/by-label/$OVIRT_LABEL ]; then
+      mount -r /dev/disk/by-label/$OVIRT_LABEL $1
+    else
+      mount -r /dev/live $1
+    fi
+}
+
+md5() {
+  md5sum $1 2>/dev/null | (read MD5 filename; echo $MD5)
+}
+
+# persist configuration to /config on OVIRT partition
+#   ovirt_store_config /etc/config /etc/config2 ...
+ovirt_store_config() {
+    ovirt=$(mktemp -d)
+    ovirt_mount $ovirt
+    cfg=$ovirt/config
+    rw=0
+    printf "store config:"
+    for f in "$@"; do
+       # ignore non-/etc paths
+       if [ $f != ${f#/etc/} ]; then
+           # check if changed
+           if [ "$(md5 $f)" != "$(md5 $cfg$f)" ]; then
+               if [ $rw = 0 ]; then
+                   mount -o remount,rw $ovirt
+                   rw=1
+               fi
+               mkdir -p $cfg$(dirname $f)
+               cp $f $cfg$f
+               print " $f"
+           fi
+       fi
+    done
+    umount $ovirt && rmdir $ovirt
+}
diff --git a/scripts/ovirt-post b/scripts/ovirt-post
index d989940..046a2c0 100644
--- a/scripts/ovirt-post
+++ b/scripts/ovirt-post
@@ -11,8 +11,13 @@
 . /etc/init.d/ovirt-functions
start() {
-    find_srv identify tcp
+    # persist selected configuration files
+    ovirt_store_config \
+      /etc/krb5.conf \
+      /etc/libvirt/krb5.tab \
+      /etc/ssh/ssh_host*_key*
+ find_srv identify tcp
     if [ -n "$SRV_HOST" -a -n "$SRV_PORT" ]; then
         ovirt-identify-node -s $SRV_HOST -p $SRV_PORT
     else

--
|=-        Red Hat, Engineering, Emerging Technologies, Boston        -=|
|=-                     Email: pmyers redhat com                      -=|
|=-         Office: +1 412 474 3552   Mobile: +1 703 362 9622         -=|
|=- GnuPG: E65E4F3D 88F9 F1C9 C2F3 1303 01FE 817C C5D2 8B91 E65E 4F3D -=|


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]