Ovirt devel - Mar 2009 - [PATCH node-image] Redo md5sum for ISO image after editing w/ edit-livecd

checkisomd5 will fail on node images after being edited w/ edit-livecd
unless implantisomd5 is run on the edited ISO

Signed-off-by: Perry Myers <pmyers at redhat.com>
---
 edit-livecd |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/edit-livecd b/edit-livecd
index 6d6498a..56521e7 100755
--- a/edit-livecd
+++ b/edit-livecd
@@ -106,6 +106,7 @@ fi
 type mkisofs
 type mksquashfs
 type sed
+type implantisomd5
 
 sane_name()
 {
@@ -212,5 +213,8 @@ mkisofs \
     -o "$OUTPUT_FILE" \
     $WDIR/cd-w
 
+echo ">>> Implanting ISO MD5 Sum"
+implantisomd5 --force "$OUTPUT_FILE"
+
 # The trap ... callbacks will unmount everything.
 set +e
-- 
1.6.0.6

ovirt-pxe and ovirt-flash scripts just wrapped livecd-iso-to-* functionality
and really did not provide any added value.  Only thing that ovirt-pxe did
that was valuable was added IPAPPEND 2 to the sample config file produced
by livecd-iso-to-pxe, but since in most configurations (cobbler etc) you
can't just use this file as is, instead we'll provide samples in README
and instructions for calling livecd-iso-to-* scripts directly.

Also, ovirt-node-image-pxe subpackage provided no real value since
all it did was provide %post that ran ovirt-pxe.  So removed it.

Signed-off-by: Perry Myers <pmyers at redhat.com>
---
 Makefile.am              |    6 +-
 README                   |   45 ++++++++++++++
 README.krb5              |  149 ----------------------------------------------
 ovirt-flash              |   38 ------------
 ovirt-flash-static       |   94 -----------------------------
 ovirt-node-image.spec.in |   21 -------
 ovirt-pxe                |   37 -----------
 7 files changed, 47 insertions(+), 343 deletions(-)
 create mode 100644 README
 delete mode 100644 README.krb5
 delete mode 100755 ovirt-flash
 delete mode 100755 ovirt-flash-static
 delete mode 100755 ovirt-pxe

diff --git a/Makefile.am b/Makefile.am
index 01bf632..eef520c 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -35,17 +35,15 @@ EXTRA_DIST =				\
   .gitignore				\
   $(PACKAGE).spec			\
   $(PACKAGE).spec.in			\
-  README.krb5				\
   common-blacklist.ks			\
   common-install.ks			\
   common-pkgs.ks			\
   common-post.ks			\
-  ovirt-flash				\
   $(PACKAGE).ks				\
-  ovirt-pxe				\
   create-ovirt-iso-nodes		\
   edit-livecd				\
-  livecd-setauth
+  livecd-setauth			\
+  README
 
 DISTCLEANFILES = $(PACKAGE)-$(VERSION).tar.gz \
   $(PACKAGE).$(PKG_FMT) \
diff --git a/README b/README
new file mode 100644
index 0000000..1062727
--- /dev/null
+++ b/README
@@ -0,0 +1,45 @@
+Some notes on node image deployment
+
+Nodes are provided in ISO format.  These ISO images can be deployed by either:
+1. Writing the image to a CD
+2. Writing the image to USB flash using livecd-iso-to-disk utility
+3. Creating pxe bootable files using livecd-iso-to-pxe utility
+
+To burn a Node image to a usb stick accessible as /dev/sdb:
+livecd-iso-to-disk --format /usr/share/ovirt-node-image/ovirt-node-image.iso
/dev/sdb
+
+To create vmlinuz and initrd images suitable for pxe booting:
+livecd-iso-to-pxe /usr/share/ovirt-node-image/ovirt-node-image.iso
+
+The output of livecd-iso-to-pxe is a directory called tftpboot that has the
+following files in it:
+./pxelinux.0
+./pxelinux.cfg/default
+./vmlinuz0
+./initrd0.img
+
+The vmlinuz0/initrd0.img files can be imported into a cobbler server or any
+other PXE/tftp server.  pxelinux.cfg/default provides a template for
+configuring the pxe server to export the Node image:
+
+DEFAULT pxeboot
+TIMEOUT 20
+PROMPT 0
+LABEL pxeboot
+      KERNEL vmlinuz0
+      APPEND rootflags=loop initrd=initrd0.img root=/ovirt-node-image.iso
rootfstype=auto ro liveimg check rootfstype=iso9660 elevator=deadline
+ONERROR LOCALBOOT 0
+
+In addition, PXE booted Nodes rely on the PXE server passing the mac address
+of the pxe interface to the kernel.  This is provided by using the IPAPPEND 2
+parameter as follows:
+
+DEFAULT pxeboot
+TIMEOUT 20
+PROMPT 0
+LABEL pxeboot
+      KERNEL vmlinuz0
+      IPAPPEND 2
+      APPEND rootflags=loop initrd=initrd0.img root=/ovirt-node-image.iso
rootfstype=auto ro liveimg check rootfstype=iso9660 elevator=deadline
+ONERROR LOCALBOOT 0
+
diff --git a/README.krb5 b/README.krb5
deleted file mode 100644
index 50d3159..0000000
--- a/README.krb5
+++ /dev/null
@@ -1,149 +0,0 @@
-This README is a series of instructions for setting up kerberos for use with
-the libvirt stuff.  There are a lot of steps, it is fairly complicated, and
-the error reporting is pretty bad, so this is not for the faint of heart.
-
-It really helps to have a basic understanding of kerberos, KDC, and other
-terminology when getting this up.  You *can* just follow the steps here, but
-when things go wrong (and they almost certainly will), you'll need more
-background knowledge.
-
-To start, you need a minimum of 3 machines here:
-
-1)  The FreeIPA server, where you install the freeipa software, and which acts
-as your KDC.  I'll refer to this one as "freeipa" throughout the
document.
-2)  The host machine, that is, the one that is running ovirt and libvirtd.
-I'll refer to this one as "ovirt" throughout the document.
-3)  The client machine, that is, the one that you will be running
-virt-manager/virsh on, and connecting to the ovirt machine with.  I'll
refer
-to this machine as "client" throughout the document.
-
-With that initial part, let's get started:
-
-On the freeipa machine:
-1)  Follow the directions on http://freeipa.org/page/QuickInstall to get the
-FreeIPA server up and running.  Note that if you are running on F8 or later,
-you'll need to pay particular attention to the mod_auth_kerb section. 
During
-the FreeIPA setup, you can call your realm whatever you want; I'll use
-OVIRT.BOSTON.REDHAT.COM for the rest of the document.
-2)  Once you have freeipa installed somewhere, you'll need to add a
principle
-for the libvirt service.  To do this, on the freeipa box, run:
-
-# kadmin.local
-> addprinc -randkey libvirt/ovirt at OVIRT.BOSTON.REDHAT.COM
-> ktadd -k /tmp/ovirt-libvirt.tab libvirt/ovirt at OVIRT.BOSTON.REDHAT.COM
-> quit
-
-This will add a new principle for libvirt for the "ovirt" machine,
and export
-that principle to the /tmp/ovirt-libvirt.tab file.  Note that you'll need
-to replace "ovirt" and "OVIRT.BOSTON.REDHAT.COM" with the
full DNS name and the
-realm you are using, respectively.
-
-On the ovirt machine:
-
-NOTE: if you use the scripts (i.e. ovirt-pxe.sh) to generate an oVirt Node
-image, all of the following is done for you.  These are just notes for doing
-it by hand.
-
-1)  First, we need to edit the krb5.conf to point to the correct realm and
-KDC.  In /etc/krb5.conf, in the [realms] section, you'll want to add your
-realm name, along with it's kdc and admin server.  In my case, it looks
like:
-
-[realms]
- OVIRT.BOSTON.REDHAT.COM = {
-  kdc = freeipa:88
-  admin_server = freeipa:749
- }
-
-You'll need to replace "freeipa" with the fully qualified domain
name of your
-freeipa server.
-
-Now, you'll need to associate that realm with DNS names.  So, you'll
want to
-add 2 lines to the [domain_realm] section, which basically associates that
-realm with these names.  In my case, it looks like:
-
-[domain_realm]
- .ovirt.boston.redhat.com = OVIRT.BOSTON.REDHAT.COM
- ovirt.boston.redhat.com = OVIRT.BOSTON.REDHAT.COM
-
-Finally, we'll need to make sure that this realm is the default realm.  In
-the [libdefaults] section, you'll want to change the default_realm to point
-to your realm.  In my case, it looks like:
-
-[libdefaults]
- default_realm = OVIRT.BOSTON.REDHAT.COM
-
-2)  Now we need to make sure that libvirtd is configured properly.  In the
-simple case, libvirtd is using kerberos for authentication, and TCP for the
-transport.  We can also set it up to use kerberos for authentication and
-TLS for the transport, but that's not covered yet.  In any case, we need to
-open up the raw TCP field for our use.  Edit /etc/libvirt/libvirtd.conf, and
-uncomment "listen_tcp = 1".
-
-3)  Next we need the keytable from the freeipa server.  You should be able
-to take the keytab you exported from the freeipa machine earlier (with the
-ktadd -k command), and install it on the ovirt machine.  Basically just copy
-that exported keytab to /etc/libvirt/krb5.tab
-
-4)  Finally, we need to start the libvirtd daemon.  Of course, make sure this
-libvirtd has the GSSAPI/kerberos stuff compiled in :).  Assuming that is the
-case, you'll need to start it like:
-
-KRB5_KTNAME=/etc/libvirt/krb5.tab /root/libvirtd --listen --daemon
-
-On the client machine:
-1)  Setup up krb5.conf exactly the same as described in step 1 for the ovirt
-machine.
-2)  Edit /etc/sasl2/libvirt.conf, and add:
-mech_list: gssapi
-
-3)  Now you'll need to kinit to get an initial kerberos ticket for the
realm.
-In my case, I run:
-
-# kinit admin at OVIRT.BOSTON.REDHAT.COM
-
-and enter in the password to get a ticket.  You'll have to replace the
username
-and the realm to suit your own setup.
-
-At this point, you should run:
-
-# klist
-
-and should see output similar to the following:
-
-Ticket cache: FILE:/tmp/krb5cc_0
-Default principal: admin at VIRT.BOSTON.REDHAT.COM
-
-Valid starting     Expires            Service principal
-10/31/07 12:14:51  11/01/07 12:11:21  krbtgt/VIRT.BOSTON.REDHAT.COM at
VIRT.BOSTON.REDHAT.COM
-
-
-Kerberos 4 ticket cache: /tmp/tkt0
-klist: You have no tickets cached
-
-4)  Now we can attempt to connect to the remote hypervisor with virsh.  Of
-course, make sure your virsh has the GSSAPI/kerberos support compiled in:
-
-# virsh --connect qemu+tcp://ovirt/system list --all
-
-This should output something like:
-
- Id Name                 State
-----------------------------------
-  - f8i386               shut off
-  - f8x86_64             shut off
-
-
-Troubleshooting:
-Two main problems tend to trip people up on their first try: differences in
-time, and problems with DNS.  You have to make sure that all three machines
-in this example (freeipa, ovirt, client) are synced via NTP, and you have to
-make sure that all three machines can resolve each other's DNS name both
-forwards and backwards.  If either of those isn't true, it won't work.
-
-On the "freeipa" machine, you can look at /var/log/krb5kdc.log to get
an idea
-of what went wrong.
-
-If you see an error like "Server not found in Kerberos database",
either you
-didn't add the principle correctly in the first step here, or you have an
-alternate name for the server in /etc/hosts.  Remove any /etc/hosts aliases and
-try again.
diff --git a/ovirt-flash b/ovirt-flash
deleted file mode 100755
index 0b9c793..0000000
--- a/ovirt-flash
+++ /dev/null
@@ -1,38 +0,0 @@
-#!/bin/bash
-#
-# Create an Ovirt Host USB device (stateless)
-# Copyright 2008 Red Hat, Inc.
-# Written by Chris Lalancette <clalance at redhat.com>
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; version 2 of the License.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU Library General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-
-ME=$(basename "$0")
-warn() { printf '%s: %s\n' "$ME" "$*" >&2; }
-die() { warn "$@"; exit 1; }
-
-test $# != 2 && die "Usage: $ME <usbdevice>
<iso-image>"
-
-USBDEVICE=$1
-ISO=$2
-
-test ! -r $ISO && die "$ISO is not a readable file"
-test ! -b $USBDEVICE && die "$USBDEVICE is not a valid block
device"
-test $( id -u ) -ne 0 && die "$ME must run as root"
-
-# clear out the old partition table
-dd if=/dev/zero of=$USBDEVICE bs=4096 count=1
-printf 'n\np\n1\n\n\nt\n6\na\n1\nw\n' | fdisk $USBDEVICE
-mkdosfs -n ovirt ${USBDEVICE}1
-cat /usr/lib/syslinux/mbr.bin > $USBDEVICE
-livecd-iso-to-disk $ISO ${USBDEVICE}1
diff --git a/ovirt-flash-static b/ovirt-flash-static
deleted file mode 100755
index 79bcfbf..0000000
--- a/ovirt-flash-static
+++ /dev/null
@@ -1,94 +0,0 @@
-#!/bin/bash
-#
-# Create an Ovirt Host USB device (stateful)
-# Copyright 2008 Red Hat, Inc.
-# Written by Chris Lalancette <clalance at redhat.com>
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; version 2 of the License.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU Library General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-
-ME=$(basename "$0")
-warn() { printf '%s: %s\n' "$ME" "$*" >&2; }
-die() { warn "$@"; exit 1; }
-
-test $# != 2 && die "Usage: $ME <usbdevice>
<iso-image>"
-
-USBDEVICE=$1
-ISO=$2
-
-test ! -r "$ISO" && die "$ISO is not a readable
file"
-test ! -b "$USBDEVICE" && die "$USBDEVICE is not a valid
block device"
-test $( id -u ) -ne 0 && die "$ME must run as root"
-
-case $ISO in
-    *.iso) ;;
-    *) die "ME: ISO file name, '$ISO' lacks .iso suffix"
-esac
-
-tmpdir=$(mktemp -d) || exit 1
-
-IMGTMP="$tmpdir/ovirt"
-SQUASHTMP="$tmpdir/ovirt-squash"
-USBTMP="$tmpdir/ovirt-usb"
-
-cleanup()
-{
-  { umount "$USBTMP"
-    umount "$SQUASHTMP"
-    umount "$IMGTMP"
-  } 2> /dev/null || :
-  rm -rf "$tmpdir"
-}
-trap cleanup 0
-trap 'exit $?' 1 2 13 15
-
-# From here on, any failure makes the script fail.
-set -e
-
-# do setup
-mkdir -p "$IMGTMP" "$SQUASHTMP" "$USBTMP"
-mount -o loop "$ISO" "$IMGTMP"
-
-squashfs_img="$IMGTMP/LiveOS/squashfs.img"
-test -f "$squashfs_img" \
-  || die "not a LiveCD image: $ISO"
-
-mount -o loop "$squashfs_img" "$SQUASHTMP"
-
-# clear out the old partition table
-dd if=/dev/zero of="$USBDEVICE" bs=4096 count=1
-printf 'n\np\n1\n\n\nt\n83\na\n1\nw\n' | fdisk "$USBDEVICE"
-
-cat /usr/lib/syslinux/mbr.bin > "$USBDEVICE"
-dd if="$SQUASHTMP/LiveOS/ext3fs.img" of="${USBDEVICE}1"
-
-mount "${USBDEVICE}1" "$USBTMP"
-
-cp "$IMGTMP"/isolinux/* "$USBTMP"
-
-rm -f "$USBTMP/isolinux.bin"
-mv "$USBTMP/isolinux.cfg" "$USBTMP/extlinux.conf"
-
-iso_base=$(basename "$ISO" .iso)
-# sanitize for sed and the label name and limit to 16 bytes
-LABEL=$(echo "$iso_base" | cut -b-16 | tr -c '[[:alnum:]_.-]'
_)
-sed -i -e "s/ *append.*/  append initrd=initrd.img root=LABEL=$LABEL
ro/" \
-    "$USBTMP/extlinux.conf"
-
-extlinux -i "$USBTMP"
-
-# To test:
-cat <<\EOF > /dev/null
-mkdir -p t/LiveOS && (cd t/LiveOS && touch ext3fs.img
squashfs.img)
-genisoimage -U -o k2.iso t
-EOF
diff --git a/ovirt-node-image.spec.in b/ovirt-node-image.spec.in
index 8451dd3..c93019d 100644
--- a/ovirt-node-image.spec.in
+++ b/ovirt-node-image.spec.in
@@ -34,14 +34,6 @@ Requires: livecd-tools >= 020-2
 The ISO boot image for oVirt Node booting from CDROM device.
 At the moment, this RPM just packages prebuilt ISO.
 
-%package pxe
-Summary: oVirt Node PXE image
-Group: Applications/System
-Requires: %{name} = %{version}-%{release}
-
-%description pxe
-PXE boot image installer for oVirt Node network boot from oVirt Server.
-
 %prep
 %setup -q
 %if ! %{source_iso}
@@ -63,8 +55,6 @@ mkdir %{buildroot}
 %{__install} -d -m0755 %{buildroot}%{app_root}
 %{__install} -p -m0644 %{image_iso} %{buildroot}%{app_root}
 %{__install} -d -m0755 %{buildroot}%{_sbindir}
-%{__install} -p -m0755 ovirt-pxe %{buildroot}%{_sbindir}
-%{__install} -p -m0755 ovirt-flash %{buildroot}%{_sbindir}
 %{__install} -p -m0755 create-ovirt-iso-nodes %{buildroot}%{_sbindir}
 %{__install} -p -m0755 edit-livecd %{buildroot}%{_sbindir}
 %{__install} -p -m0755 livecd-setauth %{buildroot}%{_sbindir}
@@ -73,12 +63,6 @@ mkdir %{buildroot}
 %clean
 %{__rm} -rf %{buildroot}
 
-%post pxe
-cd %{app_root}
-rm -rf tftpboot
-ovirt-pxe %{name}.iso > /dev/null
-cobbler sync > /dev/null 2>&1 || :
-
 %files
 %defattr(0644,root,root,0755)
 %{app_root}/%{name}.iso
@@ -93,15 +77,10 @@ cobbler sync > /dev/null 2>&1 || :
 %doc %{app_root}/manifests/ovirt-release
 
 %defattr(0755,root,root,0755)
-%{_sbindir}/ovirt-pxe
-%{_sbindir}/ovirt-flash
 %{_sbindir}/create-ovirt-iso-nodes
 %{_sbindir}/edit-livecd
 %{_sbindir}/livecd-setauth
 
-%files pxe
-%defattr(0644,root,root,0755)
-
 %changelog
 * Thu Jul 03 2008 Perry Myers <pmyers at redhat.com> 0.92-0
 - Only store ISO in SRPM, and generate PXE from that during build
diff --git a/ovirt-pxe b/ovirt-pxe
deleted file mode 100755
index d1e2b91..0000000
--- a/ovirt-pxe
+++ /dev/null
@@ -1,37 +0,0 @@
-#!/bin/bash
-#
-# Create an Ovirt Host PXE boot
-# Copyright 2008 Red Hat, Inc.
-# Written by Chris Lalancette <clalance at redhat.com>
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; version 2 of the License.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU Library General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-
-ME=$(basename "$0")
-warn() { printf '%s: %s\n' "$ME" "$*" >&2; }
-die() { warn "$@"; exit 1; }
-
-test $# != 1 && die "Usage: $ME <iso-image>"
-
-ISO=$1
-test ! -r $ISO && die "$ISO is not a readable file"
-test $( id -u ) -ne 0 && die "$ME must run as root"
-
-livecd-iso-to-pxeboot $ISO
-
-# append BOOTIF with PXE MAC info
-f=tftpboot/pxelinux.cfg/default
-grep -q 'IPAPPEND 2' $f || sed -i '/KERNEL/a \\tIPAPPEND 2' $f
-
-# timeout quickly for PXE boots
-sed -i 's/timeout.*/timeout 50/' $f
-- 
1.6.0.6

ACK