David Schmitt
2008-Feb-16 09:07 UTC
Re: [PATCH 3/5] add a puppet role to bootstrap puppet domUs harcode working kernels to silence xen-tools try to start the domU too
anarcat schrieb:> --- > files/puppet.role.d | 64 ++++++++++++++++++++++++++++++++++++++++++++++++++ > files/xen-tools.conf | 4 +- > manifests/xen.pp | 23 +++++++++++++++-- > 3 files changed, 86 insertions(+), 5 deletions(-) > create mode 100644 files/puppet.role.d > > diff --git a/files/xen-tools.conf b/files/xen-tools.conf > index e766551..d378af0 100644 > --- a/files/xen-tools.conf > +++ b/files/xen-tools.conf > @@ -154,8 +154,8 @@ image = sparse # Specify sparse vs. full disk images. > # > # Default kernel and ramdisk to use for the virtual servers > # > -kernel = /usr/lib/xen-3.0.3-1/bin/pygrub > -#initrd = /boot/initrd.img-2.6.16-2-xen-686 > +kernel = /boot/vmlinuz-2.6.18-6-xen-686 > +initrd = /boot/initrd.img-2.6.18-6-xen-686I''m a bit worried about hardcoding the kernel here. The next security update or, at the very least, etch-and-a-half will change this. The option I see are either constructs like lilo''s symlinks (either managed when installing the kernel or manually) or using a fact that reads the running kernel version to construct the right path here. The latter would also probably help in determining whether a domU can be started or not. Since I''m not using Xen any more, I''ll leave the final call up to your consideration.> diff --git a/manifests/xen.pp b/manifests/xen.pp > index 935adf2..66f22d0 100644 > --- a/manifests/xen.pp > +++ b/manifests/xen.pp > @@ -58,6 +58,10 @@ class xen::domain::xen0 inherits xen::domain { > source => "puppet://$servername/virtual/xen-tools.conf", > mode => 0644, owner => anarcat, group => root, > require => Package[''xen-tools'']; > + "/etc/xen-tools/role.d/puppet": > + source => "puppet://$servername/virtual/puppet.role.d", > + mode => 0644, owner => anarcat, group => root,Again, please use config_file to install this with sensible defaults and avoid coding in local special cases.> + require => Package[''xen-tools'']; > } > } > > @@ -71,7 +75,8 @@ class xen::domain::xen0 inherits xen::domain { > # ensure: present > # TODO: running, stopped, absent... (in that order?) > # TODO: resize LVM when $size changes? > -define xen::domain::xenU($ensure, $memory, $size, $swapsize = 0, $role = "minimal", $vg = "vg00", > +# TODO: require File[/etc/xen-tools/role.d/$role]? > +define xen::domain::xenU($ensure, $memory, $size, $swapsize = 0, $role = "minimal", $vg = "vg00", $dist = "etch", > $ip = "", $netmask = "255.255.255.0", $gateway = "", $mac = "") { > case $name { '''': { fail ( "Cannot create Xen domain with empty name" ) } } > case $swapsize { > @@ -92,9 +97,12 @@ define xen::domain::xenU($ensure, $memory, $size, $swapsize = 0, $role = "minima > $network = "--ip $ip --netmask $netmask $gateway_flag $mac_flag" > } > } > + # XXX: crude hack to workaround the fact that xen-tools don''t like my bootloader = directive > + $flags = "--kernel /boot/vmlinuz-2.6.18-6-xen-$architecture --initrd /boot/initrd.img-2.6.18-6-xen-$architecture" > + # stage one: insure the domU exists > case $ensure { > - "present": { > - exec { "/usr/bin/xen-create-image --lvm $vg --memory $memory --size $size $swap --hostname $name $network --debootstrap --role $role": > + "running","present": { > + exec { "/usr/bin/xen-create-image $flags --lvm $vg --memory $memory --size $size $swap --hostname $name $network --debootstrap --dist $dist --role $role": > creates => "/dev/mapper/$vg-$name--disk", > alias => "xen_create_$name", > require => [ Package[''xen-tools''], File[''/etc/xen-tools/xen-tools.conf'']], > @@ -109,4 +117,13 @@ define xen::domain::xenU($ensure, $memory, $size, $swapsize = 0, $role = "minima > } > default: { err("${fqdn}: xen domain $name: unknown ensure ''${ensure}''") } > } > + case $ensure { > + "running": { > + exec { "/usr/sbin/xm create ${name}.cfg": > + unless => "/usr/sbin/xm list | /bin/grep ${name}",To avoid false positives here, I would recommend using "egrep ''^${name} ''" here.> + # XXX: a bit abusive, since we would also need a reboot if this is the first kernel install... > + require => [ Exec["xen_create_$name"], Package["linux-image-xen-$architecture"], Package["xen-hypervisor-3.0.3-1-$architecture"] ],Shouldn''t you require the xend service here? There seems to be a bit of confusion in the patch ordering?> + } > + } > + } > }Regards, DavidS
anarcat
2008-Feb-18 23:26 UTC
Re: [PATCH 3/5] add a puppet role to bootstrap puppet domUs harcode working kernels to silence xen-tools try to start the domU too
On Sat, Feb 16, 2008 at 10:07:32AM +0100, David Schmitt wrote:> anarcat schrieb: > > --- > > files/puppet.role.d | 64 ++++++++++++++++++++++++++++++++++++++++++++++++++ > > files/xen-tools.conf | 4 +- > > manifests/xen.pp | 23 +++++++++++++++-- > > 3 files changed, 86 insertions(+), 5 deletions(-) > > create mode 100644 files/puppet.role.d > > > > diff --git a/files/xen-tools.conf b/files/xen-tools.conf > > index e766551..d378af0 100644 > > --- a/files/xen-tools.conf > > +++ b/files/xen-tools.conf > > @@ -154,8 +154,8 @@ image = sparse # Specify sparse vs. full disk images. > > # > > # Default kernel and ramdisk to use for the virtual servers > > # > > -kernel = /usr/lib/xen-3.0.3-1/bin/pygrub > > -#initrd = /boot/initrd.img-2.6.16-2-xen-686 > > +kernel = /boot/vmlinuz-2.6.18-6-xen-686 > > +initrd = /boot/initrd.img-2.6.18-6-xen-686 > > I''m a bit worried about hardcoding the kernel here. The next security > update or, at the very least, etch-and-a-half will change this. The > option I see are either constructs like lilo''s symlinks (either managed > when installing the kernel or manually) or using a fact that reads the > running kernel version to construct the right path here. The latter > would also probably help in determining whether a domU can be started or > not. > > Since I''m not using Xen any more, I''ll leave the final call up to your > consideration.Yes, this is a problem, with Xen in general, even. Note that this directive is the default one that gets used when the image is created and has no effect until the domain is started. I''d rather use pygrub (as hinted from the patch), which lets the domU boot his own kernel that hardcoding it here... or relying on the kernel version.> > diff --git a/manifests/xen.pp b/manifests/xen.pp > > index 935adf2..66f22d0 100644 > > --- a/manifests/xen.pp > > +++ b/manifests/xen.pp > > @@ -58,6 +58,10 @@ class xen::domain::xen0 inherits xen::domain { > > source => "puppet://$servername/virtual/xen-tools.conf", > > mode => 0644, owner => anarcat, group => root, > > require => Package[''xen-tools'']; > > + "/etc/xen-tools/role.d/puppet": > > + source => "puppet://$servername/virtual/puppet.role.d", > > + mode => 0644, owner => anarcat, group => root, > > Again, please use config_file to install this with sensible defaults and > avoid coding in local special cases.Yep, same comment as before (ie. will do, sorry for the mess).> > + require => Package[''xen-tools'']; > > } > > } > > > > @@ -71,7 +75,8 @@ class xen::domain::xen0 inherits xen::domain { > > # ensure: present > > # TODO: running, stopped, absent... (in that order?) > > # TODO: resize LVM when $size changes? > > -define xen::domain::xenU($ensure, $memory, $size, $swapsize = 0, $role = "minimal", $vg = "vg00", > > +# TODO: require File[/etc/xen-tools/role.d/$role]? > > +define xen::domain::xenU($ensure, $memory, $size, $swapsize = 0, $role = "minimal", $vg = "vg00", $dist = "etch", > > $ip = "", $netmask = "255.255.255.0", $gateway = "", $mac = "") { > > case $name { '''': { fail ( "Cannot create Xen domain with empty name" ) } } > > case $swapsize { > > @@ -92,9 +97,12 @@ define xen::domain::xenU($ensure, $memory, $size, $swapsize = 0, $role = "minima > > $network = "--ip $ip --netmask $netmask $gateway_flag $mac_flag" > > } > > } > > + # XXX: crude hack to workaround the fact that xen-tools don''t like my bootloader = directive > > + $flags = "--kernel /boot/vmlinuz-2.6.18-6-xen-$architecture --initrd /boot/initrd.img-2.6.18-6-xen-$architecture" > > + # stage one: insure the domU exists > > case $ensure { > > - "present": { > > - exec { "/usr/bin/xen-create-image --lvm $vg --memory $memory --size $size $swap --hostname $name $network --debootstrap --role $role": > > + "running","present": { > > + exec { "/usr/bin/xen-create-image $flags --lvm $vg --memory $memory --size $size $swap --hostname $name $network --debootstrap --dist $dist --role $role": > > creates => "/dev/mapper/$vg-$name--disk", > > alias => "xen_create_$name", > > require => [ Package[''xen-tools''], File[''/etc/xen-tools/xen-tools.conf'']], > > @@ -109,4 +117,13 @@ define xen::domain::xenU($ensure, $memory, $size, $swapsize = 0, $role = "minima > > } > > default: { err("${fqdn}: xen domain $name: unknown ensure ''${ensure}''") } > > } > > + case $ensure { > > + "running": { > > + exec { "/usr/sbin/xm create ${name}.cfg": > > + unless => "/usr/sbin/xm list | /bin/grep ${name}", > > To avoid false positives here, I would recommend using > > "egrep ''^${name} ''" > > here.Good idea.> > + # XXX: a bit abusive, since we would also need a reboot if this is the first kernel install... > > + require => [ Exec["xen_create_$name"], Package["linux-image-xen-$architecture"], Package["xen-hypervisor-3.0.3-1-$architecture"] ], > > Shouldn''t you require the xend service here? There seems to be a bit of > confusion in the patch ordering?Indeed, I should probably do that. A. -- Thoughtcrime does not entail death: thoughtcrime IS death. _______________________________________________ Puppet-users mailing list Puppet-users@madstop.com https://mail.madstop.com/mailman/listinfo/puppet-users
Peter Meier
2008-Feb-19 15:41 UTC
Re: [PATCH 3/5] add a puppet role to bootstrap puppet domUs harcode working kernels to silence xen-tools try to start the domU too
Hi> I''d rather use pygrub (as hinted from the patch), which lets the domU > boot his own kernel that hardcoding it here... or relying on the kernel > version.pygrub is the much better option in my opinion. So it might be better to push thtat? greets Pete
David Schmitt
2008-Feb-20 09:34 UTC
Re: [PATCH 3/5] add a puppet role to bootstrap puppet domUs harcode working kernels to silence xen-tools try to start the domU too
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday 19 February 2008, anarcat wrote:> Yep, same comment as before (ie. will do, sorry for the mess).No worries. That''s what reviews are for :) Peter Meier wrote:> pygrub is the much better option in my opinion. So it might be better to > push thtat?Thanks for that comment, that''s exactly why I''d like to have these discussions on the ML, instead of in my INBOX. I didn''t even know pygrub existed :) Regards, DavidS - -- The primary freedom of open source is not the freedom from cost, but the free- dom to shape software to do what you want. This freedom is /never/ exercised without cost, but is available /at all/ only by accepting the very different costs associated with open source, costs not in money, but in time and effort. - -- http://www.schierer.org/~luke/log/20070710-1129/on-forks-and-forking -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHu/QN/Pp1N6Uzh0URAkvsAJ0Xg8qGSusjyv0oxCpT/649Ngo0VgCgmMYY ou9wY8xvAz/BJhedQKuOypU=1E08 -----END PGP SIGNATURE-----