Alan Pevec
2008-Sep-19 17:54 UTC
[Ovirt-devel] [PATCH node] generalized configuration persistence for oVirt Node
If local OVIRT partition is available, persist selected configuration files,
for now: Kerberos config, libvirt keytab and SSH host key.
To initialize OVIRT partition, boot oVirt Node with ovirt_init=scsi parameter,
this will format the first disk and create the partition.
For more details see http://ovirt.org/page/Local_Disk_Usage
Signed-off-by: Alan Pevec <apevec at redhat.com>
---
ovirt-node.spec.in | 1 +
scripts/ovirt | 53 ++++++++++++++++++++--------------------------
scripts/ovirt-early | 10 ++------
scripts/ovirt-functions | 38 +++++++++++++++++++++++++++++++++
scripts/ovirt-post | 7 +++++-
5 files changed, 71 insertions(+), 38 deletions(-)
mode change 100755 => 100644 scripts/ovirt-early
diff --git a/ovirt-node.spec.in b/ovirt-node.spec.in
index 92905fd..fb31c4f 100644
--- a/ovirt-node.spec.in
+++ b/ovirt-node.spec.in
@@ -12,6 +12,7 @@ Requires(post): /sbin/chkconfig
Requires(preun): /sbin/chkconfig
BuildRequires: libvirt-devel
BuildRequires: dbus-devel hal-devel
+Requires: augeas
Requires: libvirt
Requires: hal
Requires: collectd
diff --git a/scripts/ovirt b/scripts/ovirt
index 0878a9e..d81a72e 100644
--- a/scripts/ovirt
+++ b/scripts/ovirt
@@ -11,30 +11,31 @@
. /etc/init.d/ovirt-functions
start() {
- krb5_conf=/etc/krb5.conf
- krb5_tab=/etc/libvirt/krb5.tab
- # retrieve config from local oVirt partition if available
- # krb5.conf krb5.tab
- # TODO local admin password, ssh server key - what else?
+ # retrieve config from local OVIRT partition if available
ovirt=$(mktemp -d)
+ ovirt_mount $ovirt
+ # /config on OVIRT partition contains persisted /etc files
cfg=$ovirt/config
- if [ -e /dev/disk/by-label/$OVIRT_LABEL ]; then
- mount -r /dev/disk/by-label/$OVIRT_LABEL $ovirt
- else
- mount -r /dev/live $ovirt
- fi
- if [ -e $cfg/krb5.conf ]; then
- cp -a $cfg/krb5.conf $krb5_conf
- fi
- if [ -e $cfg/krb5.tab ]; then
- cp -a $cfg/krb5.tab $krb5_tab
+ if [ -d $cfg/etc ]; then
+ cp -rv $cfg/etc/* /etc
+ restorecon -r /etc
fi
- if [ -s $krb5_tab ]; then
- krb5_tab+ # and optional Augeas augtool script
+ aug=$cfg/config.aug
+ if [ -f $aug ]; then
+ tmpaug=$(mktemp)
+ cp $aug $tmpaug
+ echo "save" >> $tmpaug
+ augtool < $tmpaug > /dev/null 2>&1
+ if [ $? -eq 0 ]; then
+ printf "$aug applied."
+ fi
fi
+ umount $ovirt && rmdir $ovirt
find_srv ipa tcp
if [ -n "$SRV_HOST" -a -n "$SRV_PORT" ]; then
+ krb5_conf=/etc/krb5.conf
# FIXME this is IPA specific
wget -q \
http://$SRV_HOST:$SRV_PORT/ipa/config/krb5.ini -O $krb5_conf.tmp
@@ -42,33 +43,25 @@ start() {
echo "Failed to get $krb5_conf"; return 1
fi
mv $krb5_conf.tmp $krb5_conf
- # store config in oVirt partition
- if [ -e $cfg ]; then
- mount -o remount,rw $ovirt
- cp -a $krb5_conf $cfg/krb5.conf
- fi
else
echo "skipping Kerberos configuration"
fi
find_srv identify tcp
if [ -n "$SRV_HOST" -a -n "$SRV_PORT" ]; then
+ krb5_tab=/etc/libvirt/krb5.tab
+ # skip ktab download if we got it from /config
+ if [ -s $krb5_tab ]; then
+ krb5_tab+ fi
ovirt-awake start $SRV_HOST $SRV_PORT $krb5_tab
if [ $? -ne 0 ]; then
echo "ovirt-awake failed"; return 1
fi
- # store config in oVirt partition
- if [ -n "$krb_tab" -a -e $cfg ]; then
- mount -o remount,rw $ovirt
- cp -a $krb5_tab $cfg/krb5.tab
- fi
else
echo "skipping ovirt-awake, oVirt identify service not
available"
fi
- # cleanup
- umount $ovirt && rmdir $ovirt
-
find_srv collectd tcp
if [ -n "$SRV_HOST" -a -n "$SRV_PORT" ]; then
collectd_conf=/etc/collectd.conf
diff --git a/scripts/ovirt-early b/scripts/ovirt-early
old mode 100755
new mode 100644
index 6d9bd76..3ab9f47
--- a/scripts/ovirt-early
+++ b/scripts/ovirt-early
@@ -217,13 +217,9 @@ local_install() {
mkdir -p $ovirt/config
# update local config using the one embedded in livecd image
# TODO admin tool for adding /config into livecd image
- if [ -e $live/config/krb5.conf ]; then
- cp -a $live/config/krb5.conf $ovirt/config \
- || echo "krb5.conf copy failed"
- fi
- if [ -e $live/config/krb5.tab ]; then
- cp -a $live/config/krb5.tab $ovirt/config \
- || echo "krb5.tab copy failed"
+ if [ -d $live/config ]; then
+ cp -rv $live/config/* $ovirt/config \
+ || echo "config copy failed"
fi
if [ $local_os = 0 ]; then
diff --git a/scripts/ovirt-functions b/scripts/ovirt-functions
index 3bec877..bd59d09 100644
--- a/scripts/ovirt-functions
+++ b/scripts/ovirt-functions
@@ -47,3 +47,41 @@ ovirt_setup_libvirtd() {
echo "mech_list: gssapi" >> $sasl_conf
fi
}
+
+ovirt_mount() {
+ if [ -e /dev/disk/by-label/$OVIRT_LABEL ]; then
+ mount -r /dev/disk/by-label/$OVIRT_LABEL $1
+ else
+ mount -r /dev/live $1
+ fi
+}
+
+md5() {
+ md5sum $1 2>/dev/null | (read MD5 filename; echo $MD5)
+}
+
+# persist configuration to /config on OVIRT partition
+# ovirt_store_config /etc/config /etc/config2 ...
+ovirt_store_config() {
+ ovirt=$(mktemp -d)
+ ovirt_mount $ovirt
+ cfg=$ovirt/config
+ rw=0
+ printf "store config:"
+ for f in "$@"; do
+ # ignore non-/etc paths
+ if [ $f != ${f#/etc/} ]; then
+ # check if changed
+ if [ "$(md5 $f)" != "$(md5 $cfg$f)" ]; then
+ if [ $rw = 0 ]; then
+ mount -o remount,rw $ovirt
+ rw=1
+ fi
+ mkdir -p $cfg$(dirname $f)
+ cp $f $cfg$f
+ print " $f"
+ fi
+ fi
+ done
+ umount $ovirt && rmdir $ovirt
+}
diff --git a/scripts/ovirt-post b/scripts/ovirt-post
index d989940..046a2c0 100644
--- a/scripts/ovirt-post
+++ b/scripts/ovirt-post
@@ -11,8 +11,13 @@
. /etc/init.d/ovirt-functions
start() {
- find_srv identify tcp
+ # persist selected configuration files
+ ovirt_store_config \
+ /etc/krb5.conf \
+ /etc/libvirt/krb5.tab \
+ /etc/ssh/ssh_host*_key*
+ find_srv identify tcp
if [ -n "$SRV_HOST" -a -n "$SRV_PORT" ]; then
ovirt-identify-node -s $SRV_HOST -p $SRV_PORT
else
--
1.5.5.1
Perry N. Myers
2008-Sep-19 18:36 UTC
[Ovirt-devel] [PATCH node] generalized configuration persistence for oVirt Node
Alan Pevec wrote:> If local OVIRT partition is available, persist selected configuration files, > for now: Kerberos config, libvirt keytab and SSH host key. > > To initialize OVIRT partition, boot oVirt Node with ovirt_init=scsi parameter, > this will format the first disk and create the partition. > For more details see http://ovirt.org/page/Local_Disk_UsageThis conceptually looks fine to me. Need to put it through the paces to make sure it works as advertised :) But Ack on the process anyhow. This got brought up before with your original local installation patches, but this patch brings it up again... If the user never manually goes to a box and changes the kernel command line to include ovirt_init=/dev/sd* they'll never have a config partition. That makes me think that we need a way to have a process to create a USB key of the oVirt Node that contains some user specified kernel command line options. That way someone could just walk up to a bunch of machines with the key and in sequence boot the key and install the Node on local disk without any keystrokes. Also, how do we handle this in PXE environments? How do we allow the admin to tell a specific machine to boot with ovirt_init=/dev/sda? I suppose we can set that as default in pxe config file, but is there any problem with specifying that multiple times? (i.e. will it blow away the existing config partition on the 2nd boot?) Perry> Signed-off-by: Alan Pevec <apevec at redhat.com> > --- > ovirt-node.spec.in | 1 + > scripts/ovirt | 53 ++++++++++++++++++++-------------------------- > scripts/ovirt-early | 10 ++------ > scripts/ovirt-functions | 38 +++++++++++++++++++++++++++++++++ > scripts/ovirt-post | 7 +++++- > 5 files changed, 71 insertions(+), 38 deletions(-) > mode change 100755 => 100644 scripts/ovirt-early > > diff --git a/ovirt-node.spec.in b/ovirt-node.spec.in > index 92905fd..fb31c4f 100644 > --- a/ovirt-node.spec.in > +++ b/ovirt-node.spec.in > @@ -12,6 +12,7 @@ Requires(post): /sbin/chkconfig > Requires(preun): /sbin/chkconfig > BuildRequires: libvirt-devel > BuildRequires: dbus-devel hal-devel > +Requires: augeas > Requires: libvirt > Requires: hal > Requires: collectd > diff --git a/scripts/ovirt b/scripts/ovirt > index 0878a9e..d81a72e 100644 > --- a/scripts/ovirt > +++ b/scripts/ovirt > @@ -11,30 +11,31 @@ > . /etc/init.d/ovirt-functions > > start() { > - krb5_conf=/etc/krb5.conf > - krb5_tab=/etc/libvirt/krb5.tab > - # retrieve config from local oVirt partition if available > - # krb5.conf krb5.tab > - # TODO local admin password, ssh server key - what else? > + # retrieve config from local OVIRT partition if available > ovirt=$(mktemp -d) > + ovirt_mount $ovirt > + # /config on OVIRT partition contains persisted /etc files > cfg=$ovirt/config > - if [ -e /dev/disk/by-label/$OVIRT_LABEL ]; then > - mount -r /dev/disk/by-label/$OVIRT_LABEL $ovirt > - else > - mount -r /dev/live $ovirt > - fi > - if [ -e $cfg/krb5.conf ]; then > - cp -a $cfg/krb5.conf $krb5_conf > - fi > - if [ -e $cfg/krb5.tab ]; then > - cp -a $cfg/krb5.tab $krb5_tab > + if [ -d $cfg/etc ]; then > + cp -rv $cfg/etc/* /etc > + restorecon -r /etc > fi > - if [ -s $krb5_tab ]; then > - krb5_tab> + # and optional Augeas augtool script > + aug=$cfg/config.aug > + if [ -f $aug ]; then > + tmpaug=$(mktemp) > + cp $aug $tmpaug > + echo "save" >> $tmpaug > + augtool < $tmpaug > /dev/null 2>&1 > + if [ $? -eq 0 ]; then > + printf "$aug applied." > + fi > fi > + umount $ovirt && rmdir $ovirt > > find_srv ipa tcp > if [ -n "$SRV_HOST" -a -n "$SRV_PORT" ]; then > + krb5_conf=/etc/krb5.conf > # FIXME this is IPA specific > wget -q \ > http://$SRV_HOST:$SRV_PORT/ipa/config/krb5.ini -O $krb5_conf.tmp > @@ -42,33 +43,25 @@ start() { > echo "Failed to get $krb5_conf"; return 1 > fi > mv $krb5_conf.tmp $krb5_conf > - # store config in oVirt partition > - if [ -e $cfg ]; then > - mount -o remount,rw $ovirt > - cp -a $krb5_conf $cfg/krb5.conf > - fi > else > echo "skipping Kerberos configuration" > fi > > find_srv identify tcp > if [ -n "$SRV_HOST" -a -n "$SRV_PORT" ]; then > + krb5_tab=/etc/libvirt/krb5.tab > + # skip ktab download if we got it from /config > + if [ -s $krb5_tab ]; then > + krb5_tab> + fi > ovirt-awake start $SRV_HOST $SRV_PORT $krb5_tab > if [ $? -ne 0 ]; then > echo "ovirt-awake failed"; return 1 > fi > - # store config in oVirt partition > - if [ -n "$krb_tab" -a -e $cfg ]; then > - mount -o remount,rw $ovirt > - cp -a $krb5_tab $cfg/krb5.tab > - fi > else > echo "skipping ovirt-awake, oVirt identify service not available" > fi > > - # cleanup > - umount $ovirt && rmdir $ovirt > - > find_srv collectd tcp > if [ -n "$SRV_HOST" -a -n "$SRV_PORT" ]; then > collectd_conf=/etc/collectd.conf > diff --git a/scripts/ovirt-early b/scripts/ovirt-early > old mode 100755 > new mode 100644 > index 6d9bd76..3ab9f47 > --- a/scripts/ovirt-early > +++ b/scripts/ovirt-early > @@ -217,13 +217,9 @@ local_install() { > mkdir -p $ovirt/config > # update local config using the one embedded in livecd image > # TODO admin tool for adding /config into livecd image > - if [ -e $live/config/krb5.conf ]; then > - cp -a $live/config/krb5.conf $ovirt/config \ > - || echo "krb5.conf copy failed" > - fi > - if [ -e $live/config/krb5.tab ]; then > - cp -a $live/config/krb5.tab $ovirt/config \ > - || echo "krb5.tab copy failed" > + if [ -d $live/config ]; then > + cp -rv $live/config/* $ovirt/config \ > + || echo "config copy failed" > fi > > if [ $local_os = 0 ]; then > diff --git a/scripts/ovirt-functions b/scripts/ovirt-functions > index 3bec877..bd59d09 100644 > --- a/scripts/ovirt-functions > +++ b/scripts/ovirt-functions > @@ -47,3 +47,41 @@ ovirt_setup_libvirtd() { > echo "mech_list: gssapi" >> $sasl_conf > fi > } > + > +ovirt_mount() { > + if [ -e /dev/disk/by-label/$OVIRT_LABEL ]; then > + mount -r /dev/disk/by-label/$OVIRT_LABEL $1 > + else > + mount -r /dev/live $1 > + fi > +} > + > +md5() { > + md5sum $1 2>/dev/null | (read MD5 filename; echo $MD5) > +} > + > +# persist configuration to /config on OVIRT partition > +# ovirt_store_config /etc/config /etc/config2 ... > +ovirt_store_config() { > + ovirt=$(mktemp -d) > + ovirt_mount $ovirt > + cfg=$ovirt/config > + rw=0 > + printf "store config:" > + for f in "$@"; do > + # ignore non-/etc paths > + if [ $f != ${f#/etc/} ]; then > + # check if changed > + if [ "$(md5 $f)" != "$(md5 $cfg$f)" ]; then > + if [ $rw = 0 ]; then > + mount -o remount,rw $ovirt > + rw=1 > + fi > + mkdir -p $cfg$(dirname $f) > + cp $f $cfg$f > + print " $f" > + fi > + fi > + done > + umount $ovirt && rmdir $ovirt > +} > diff --git a/scripts/ovirt-post b/scripts/ovirt-post > index d989940..046a2c0 100644 > --- a/scripts/ovirt-post > +++ b/scripts/ovirt-post > @@ -11,8 +11,13 @@ > . /etc/init.d/ovirt-functions > > start() { > - find_srv identify tcp > + # persist selected configuration files > + ovirt_store_config \ > + /etc/krb5.conf \ > + /etc/libvirt/krb5.tab \ > + /etc/ssh/ssh_host*_key* > > + find_srv identify tcp > if [ -n "$SRV_HOST" -a -n "$SRV_PORT" ]; then > ovirt-identify-node -s $SRV_HOST -p $SRV_PORT > else-- |=- Red Hat, Engineering, Emerging Technologies, Boston -=| |=- Email: pmyers at redhat.com -=| |=- Office: +1 412 474 3552 Mobile: +1 703 362 9622 -=| |=- GnuPG: E65E4F3D 88F9 F1C9 C2F3 1303 01FE 817C C5D2 8B91 E65E 4F3D -=|
Perry N. Myers
2008-Sep-19 19:42 UTC
[Ovirt-devel] [PATCH node] generalized configuration persistence for oVirt Node
Alan Pevec wrote:> If local OVIRT partition is available, persist selected configuration files, > for now: Kerberos config, libvirt keytab and SSH host key. > > To initialize OVIRT partition, boot oVirt Node with ovirt_init=scsi parameter, > this will format the first disk and create the partition. > For more details see http://ovirt.org/page/Local_Disk_UsageTested this and seems to work so ACK. Fixed one minor typo below... <snip>> +# persist configuration to /config on OVIRT partition > +# ovirt_store_config /etc/config /etc/config2 ... > +ovirt_store_config() { > + ovirt=$(mktemp -d) > + ovirt_mount $ovirt > + cfg=$ovirt/config > + rw=0 > + printf "store config:" > + for f in "$@"; do > + # ignore non-/etc paths > + if [ $f != ${f#/etc/} ]; then > + # check if changed > + if [ "$(md5 $f)" != "$(md5 $cfg$f)" ]; then > + if [ $rw = 0 ]; then > + mount -o remount,rw $ovirt > + rw=1 > + fi > + mkdir -p $cfg$(dirname $f) > + cp $f $cfg$f > + print " $f"This should be printf I fixed the patch and pushed this to the repo. Perry