Initially dirmngr package was installed to allow running apt-key inside
deployment.sh to install puppetlabs key. Then after moving puppetlabs
key to local file package installation was removed. But we still need it
for successful first puppet run that also uses apt-key. Otherwise there
is the error: 'Could not find a suitable provider for apt_key'. Puppet
also installs dirmngr package but in such case only the second puppet run
will be successful so we need to install the package before the very
first puppet run.
Change-Id: I28edbd8c91c841074ac1b3f1eb6df16e14daa084
In deployment.sh line 2109:
local puppet_gpg='/root/puppet.gpg'
^-- SC2168: 'local' is only valid in functions.
Change-Id: I628cbac844db6aa1913ab1747906656d7d6d739b
The puppet.gpg is located in Grml-sipwise so no need to download the
hard-coded key but use the local one.
Change-Id: Id57180de96efef4a5a13086e7807c615bd65b886
In the event of network blips, HA switchovers or failure of the servers, there
might be a problem downloading some of the hundreds or thousands of packages
needed for installation.
Set the option to retry 3 times in the case of such failures, to try to minimise
their impact.
This has to be done in several places because mmdebstrap (which uses apt) and
apt-get are invoked at different points.
Change-Id: I5acbd9895fa37452026e582c241ced945fbba3d7
This script copies puppet.gpg file to '/root' dir of Grml-sipwise
image in building process.
Create 'scripts/PUPPETLABS' so '10-gpgkey' is copied there in runtime.
Change-Id: I836fa35e3f64f40cb4ee4a298fc18676f7689b54
The boot parameter 'ngcpstatus' is used to wait the number of seconds
before ending process so the external system can retrieve the final
status from 4242 port.
Add the value of this parameter as STATUS_WAIT_SECONDS option to
ngcp-initial-configuration config so external system can track the
configuration stage also.
Change-Id: I68d9c65a1cc96bf581305e92d8b9b6bfc34e7ed2
mmdebstrap and debootstrap install any "important" packages in the
standard installation variants, pulling in e.g. libgdbm5 (which was of
priority `important` until #890832 was fixed and it was downgraded to
priority `optional` with libgdbm6).
Same for libusb-1.0-0 vs libusb-0.1-4:amd64:
% apt-cache show libusb-1.0-0 | grep Priority
Priority: optional
% apt-cache show libusb-0.1-4:amd64 | grep Priority
Priority: important
Resulting in having libusb-0.1-4 *and* libusb-1.0-0 installed on
our NGCP systems, while libusb-0.1-4 is completely unneeded and irrelevant.
So this is unnecessary, and all the other packages that are automatically
pulled in via the standard installation should be handled via according
and explicit dependencies elsewhere, JFTR - currently being in
Debian/buster:
| apt-utils bsdmainutils cpio cron debconf-i18n dmidecode dmsetup
| e2fsprogs gdbm-l10n ifupdown init iproute2 iptables iputils-ping
| isc-dhcp-client isc-dhcp-common kmod less libapparmor1 libapt-inst2.0
| libargon2-1 libbsd0 libcap2 libcap2-bin libcom-err2 libcryptsetup12
| libdevmapper1.02.1 libdns-export1104 libelf1 libestr0 libext2fs2
| libfastjson4 libidn11 libip4tc0 libip6tc0 libiptc0 libisc-export1100
| libjson-c3 libkmod2 liblocale-gettext-perl liblognorm5 libmnl0
| libncurses6 libnetfilter-conntrack3 libnewt0.52 libnfnetlink0 libnftnl11
| libpopt0 libprocps7 libslang2 libss2 libtext-charwidth-perl
| libtext-iconv-perl libtext-wrapi18n-perl libxtables12 logrotate lsb-base
| mount nano netbase procps readline-common rsyslog sensible-utils systemd
| systemd-sysv tasksel tasksel-data tzdata udev vim-common vim-tiny
| whiptail xxd
The essential variant lacks apt(-get), while the minbase variant provides
the same base as essential, *plus* apt so we can actually install
further packages, so that's what we're using.
We pull in systemd + systemd-sysv + init explicitly to force its usage,
ngcp-installer is complaining and prompting otherwise.
We pull in isc-dhcp-client + ifupdown to have a working networking/DHCP
setup after reboot, since we don't use systemd-networkd or alike (yet).
Applying this change will result in lacking the following packages in
our Debian/stretch based trunk builds:
* apt-utils
* blends-tasks
* debconf-i18n
* iputils-ping
* isc-dhcp-common
* libapt-inst2.0
* liblocale-gettext-perl
* libtext-charwidth-perl
* libtext-iconv-perl
* libtext-wrapi18n-perl
* libusb-0.1-4
* logrotate
* tasksel
* tasksel-data
* vim-tiny
The ones we want to have available will be handled via explicit
dependencies in NGCP (meta)packages.
Change-Id: I14dac92d99172cf792a0334601a930ce6698dc83
Sipwise DNS servers in LDC will be turned off soonish,
also new DNS servers in GCloud will NOT be available for public usage.
We have to use some public DNS servers.
Change-Id: I1c5cb78b90da18e893658417a6886b7b4f81fa0d
This variable tells ngcp-installer that it is run from
deployment.sh.
In this case we need it to skip CE warning in ngcp-installer:
===================
This installation script is not intended to run in a shared system,
as it can add/delete/update existing configurations.
Please run this script only in a base install of 64 bit Debian 9 (stretch)
on a dedicated server.
Do you want to continue with the installation process? (y/N):
===================
Change-Id: I9a33ccbe07332a09a64c98a2bef844fa95498c05
By default we should not skip any confirmation messages. In automation
setup we need just change it to 'yes' before
ngcp-initial-configuration.
Change-Id: I1ca69aaa1e19f8e34b82434d99b50e41add74f6f
apt > 1.6 started creating this directory, but older apt versions do not
know how to clean it up. When using a newer host apt than the one that
will be used in the chroot, the chroot apt will be unable to remove it
properly, and will emit a warning.
mmdebstrap was supposedly fixed in version 0.4.0-1, but the code was
inserted before further «apt-get update» calls, so the directory gets
regenerated. We workaround this here for now, after having run
grml-debootstrap which might be calling mmdebstrap depending on the
release.
Change-Id: I13ad1b7ecc9f60414ab7e9222bada10d09baa2ab
This package contains Sipwise gpg keys so we don't need to download them
on fly during deployment.sh.
Change-Id: I629c7e43d9f62e033a0e869a307bf5b3b0490ce0
Otherwise the servers with Software RAID cannot be
installed due to the error on stage 'grub-install "/dev/$disk"':
> grub-install: error: /usr/lib/grub/i386-pc/modinfo.sh doesn't exist. Please specify --target or --directory.
The package grub-pc is a NGCP dependency, so it is available
when we install NGCP but missing when we recovery server using Puppet
or install Debian plain on Software RAID.
Change-Id: I46caf893d2d6c523b6c007702d21f6b81caac291
When bootstrapping into a tmpfs (running inside a VirtualBox VM using a
Grml-Sipwise ISO), debootstrap takes 2min 17seconds, while mmdebstrap
takes only ~20 seconds. This is a notable change that's worth using it
by default.
Quoting mmdebstrap's package description:
| Downloads, unpacks and installs Debian packages to either directly create a
| directory which can be chrooted into, or a tarball of it. In contrast to
| debootstrap it uses apt, supports more than one mirror, automatically uses
| security and updates mirrors for Debian stable chroots, is 3-6 times faster,
| produces smaller output by removing unnecessary cruft, is bit-by-bit
| reproducible if $SOURCE_DATE_EPOCH is set, allows unprivileged operation using
| Linux user namespaces, fakechroot or proot and can setup foreign architecture
| chroots using qemu-user.
Further differences noted between debootstrap + mmdebstrap:
* debootstrap requires exec + dev permissions on the target,
while mmdebstrap doesn't need them (being a good thing, actually)
* mmdebstrap pulls in gnupg1/gpgv1 on the target system (stretch-only),
while debootstrap doesn't
* debootstrap leaves the Debian packages in /var/cache/apt/archives behind,
while mmdebstrap doesn't
* debootstrap leaves the Debian repository files in /var/lib/apt/lists behind,
while mmdebstrap doesn't
* mmdebstrap doesn't consider apt, debconf as Priority 'required' but as 'important',
gcc-8-base, libacl1, libattr1 + zlib1g as 'required' instead of 'optional',
libbz2-1.0 + libpcre3 as 'important' instead of 'optional';
libdb5.3 + libtasn1-6 as 'standard' instead of 'optional'
None of those issues should cause any issues for us, though.
Change-Id: I93616263c2fed45ab8063fce024b98a7c6272660
As we build and use our specific Grml images with all required packages
we don't need to install any additional ones.
Change-Id: I20df3b0e676fc49439cb9a7cfe250e71f71c6238
Create directories to place files with repo information and gpg key
during building of grml-sipwise iso.
Change-Id: I9ed158b085ea6caaab6a34ce74b5f66ec0f80ce7
- Use hidden visibility by default, and export the symbol explicitly.
- Resolve real_uname() only once.
- Return early if the real_uname() fails, to avoid acting on bogus data.
- Call dlerror() before dlsym() to clear any previous errors.
- Compute the release member size from the utsname struct instead of
hard-coding it.
- Always NUL-terminate the relese buffer, so protect against very long
environment strings.
- Make various variables into const.
- Add functional tests.
- Style changes.
Change-Id: Iaf040edcc704fbc50a15d895276c820e71fe19a5
The version 5.2.18 building is very slow on the recent
Debian stretch kernel 4.9.0-8-amd64:
VBoxGuestAdditions version 5.2.18:
> 12:32:52 (netscript.grml:1854): vagrant_configuration(): grml-chroot /mnt /media/cdrom/VBoxLinuxAdditions.run --nox11
> Writing /etc/debian_chroot ...
> Verifying archive integrity... All good.
> Uncompressing VirtualBox 5.2.18 Guest Additions for Linux........
> VirtualBox Guest Additions installer
> Copying additional installer modules ...
> Installing additional modules ...
> VirtualBox Guest Additions: Building the VirtualBox Guest Additions kernel modules. This may take a while.
> VirtualBox Guest Additions: Starting.
> VirtualBox Guest Additions: Building the VirtualBox Guest Additions kernel modules. This may take a while.
> +12:39:15 (netscript.grml:1856): vagrant_configuration(): ...
VBoxGuestAdditions version 5.2.26:
> +13:35:50 (netscript.grml:1854): vagrant_configuration(): grml-chroot /mnt /media/cdrom/VBoxLinuxAdditions.run --nox11
> Writing /etc/debian_chroot ...
> Verifying archive integrity... All good.
> Uncompressing VirtualBox 5.2.26 Guest Additions for Linux........
> VirtualBox Guest Additions installer
> Copying additional installer modules ...
> Installing additional modules ...
> VirtualBox Guest Additions: Building the VirtualBox Guest Additions kernel
> modules. This may take a while.
> VirtualBox Guest Additions: To build modules for other installed kernels, run
> VirtualBox Guest Additions: /sbin/rcvboxadd quicksetup <version>
> VirtualBox Guest Additions: Building the modules for kernel 4.9.0-8-amd64.
> VirtualBox Guest Additions: Starting.
> Running in chroot, ignoring request: daemon-reload
> +13:39:12 (netscript.grml:1856): vagrant_configuration():
5.2.26 is the latest stable version from VirtualBox,
reported as such by upstream (see
https://download.virtualbox.org/virtualbox/LATEST-STABLE.TXT)
Change-Id: Ieb4b158344b3e4d0bf2719e8897cdfcdf133082b
Instead of runtime compiling during the installation compile this lib
in package building and deliver as part of the package.
Change-Id: Ic97adb0c958c57976ac5d23974b0efc306ccb326
This is the same solution for a similar problem and that it was implemented in
5ab1f5418a, but extending it to other parts of the
code that did not wait-and-retry.
Apparently commands like "blockdev --flushbufs" (flush buffers of block devices)
do not solve the situation in all cases, so this is a more foolproof --if
inelegant-- solution that should not slow down the deployment more than a few
seconds at most.
Change-Id: If74e134262475ab0b100981f94fa310536f0a7ab
In newer systems it can be under ngcp-data partition (/ngcp-data/home/sipwise),
in older systems without this partition it can be under /var/sipwise.
Also this way is more future-proof, if the location changes again.
Change-Id: If2d3a3b55ea81871071bf846c8ca981e703d3d88
HOSTNAME env variable is not set from 'ip=' but seems to be set
outside of deployment.sh script and exported to it. HOSTNAME
variable is set differently if newer grml20181230 is set in
dnsmasq dhcp.conf. We have 'ip=' option where we explicitly set
hostname for the host so let's use it (instead of uncontrolled
HOSTNAME variable) for puppet installation case.
Change-Id: I3fa2cc7ec982b270302d2d0940d6477b666eaf5c
GRML 2018.12 adds 'iface lo inet dhcp' line to /etc/network/interfaces
which is used in stretch system. This line breaks networking service on
boot so it isn't properly restarted in system_restart_network function
so network configuration is not complete.
Change-Id: I5e2ec763fea7db6f605e87b171514a985b0de621
This part is the installation of the packages in GRML system which is
testing/buster now so we need to use this debian name in source list.
Change-Id: I417065021bb08b704bf614181f68187705e09f8b
We seem to be hitting https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918590
which causes installations to take "forever" as soon as LVM is involved, spitting
messages like:
| WARNING: Device /dev/loop0 not initialized in udev database even after waiting 10000000 microseconds.
grml-scripts >=2.8.4 + grml-debootstrap >=0.86 provide workarounds for this,
so when we're installing Debian/buster then make sure we have
recent versions of grml-scripts (providing grml-chroot tool)
and grml-debootstrap available.
Change-Id: I07409790989445a0a30b7373a37bee3bda47ae89
Guillem Jover
Sergii Kipot
Mykola Malkov
Alexander Lutay
Manuel Montecelo
Sipwise Jenkins Builder
Michael Prokop