Multiple instances can run in parallel

  492 ?        S      0:00  \_ /usr/lib/systemd/systemd-udevd
  524 ?        S      0:00  |   \_ /bin/sh /usr/sbin/one-context-reconfigure
  526 ?        S      0:00  |       \_ /bin/sh /usr/sbin/one-context-reconfigure
 2084 ?        S      0:00  |           \_ /bin/bash /usr/sbin/one-contextd reconfigure
 2093 ?        S      0:00  |               \_ curl -o /tmp/context.sh.new http://169.254.169.254/latest/user-data
  493 ?        S      0:00  \_ /usr/lib/systemd/systemd-udevd
  494 ?        S      0:00  \_ /usr/lib/systemd/systemd-udevd
  495 ?        S      0:00  \_ /usr/lib/systemd/systemd-udevd
  525 ?        S      0:00  |   \_ /bin/sh /usr/sbin/one-context-reconfigure
  527 ?        S      0:00  |       \_ /bin/sh /usr/sbin/one-context-reconfigure
 2085 ?        S      0:00  |           \_ /bin/bash /usr/sbin/one-contextd reconfigure
 2094 ?        S      0:00  |               \_ curl -o /tmp/context.sh.new http://169.254.169.254/latest/user-data
  496 ?        S      0:00  \_ /usr/lib/systemd/systemd-udevd
  512 ?        S      0:00  |   \_ /bin/sh /usr/sbin/one-context-reconfigure
  513 ?        S      0:00  |       \_ /bin/sh /usr/sbin/one-context-reconfigure
 2086 ?        S      0:00  |           \_ /bin/bash /usr/sbin/one-contextd reconfigure
 2095 ?        S      0:00  |               \_ curl -o /tmp/context.sh.new http://169.254.169.254/latest/user-data
  497 ?        S      0:00  \_ /usr/lib/systemd/systemd-udevd

# head -8 /tmp/context.log
Waiting one minute to reconfigure the machine
Waiting one minute to reconfigure the machine
Waiting one minute to reconfigure the machine
Reconfiguring
Reconfiguring
Reconfiguring
+ get_new_context
+ get_new_context

This will allow for a more flexible way to add files to it. For example, add SysV init scripts to CentOS 6 and Systemd to CentOS 7.

Hello,

If I disable network context on a template, the /etc/network/interfaces and /etc/resolv.conf are overwritten.

Regards.

Hello,

I'm in the process of writing a patch to contextualize the user used to configure the ssh public key.

The idea is to avoid untraceable generic account like root, so I'll proposed another pull request for sudo context script to create a local account with sudo permission.

I started with a ${SSH_USER} variable, but I saw the ${USERNAME} used for windows machines and I think reusing it here is better than creating a new one.

Tell me what do you think about this.

Regards.

The packages try to get context data in this order:

• Context CDROM
• EC2 metadata server
• vmware tools

The timeout for EC2 can take minutes making vmware machines wait a lot before booting. EC2 should be the last check.

Hello,

I think we could split the contextualisation scripts in two parts:

• what should be done before the network is UP (setting configuration parameters like network, hostname, etc.)
• what should be done when the system is running, i.e after multi-user.target (like $START_SCRIPT)

Regards.

Patch submited by Bill Cole to http://dev.opennebula.org/issues/3842

It may seem like an arcane use case, but it is easy enough to make possible with an explicit argument added to the fpm call.

From http://dev.opennebula.org/issues/2927

If there are multiple nics, like eth0 and eth1, and both have a GATEWAY defined, it is not currently possible to choose which interface represents the default gateway.

We are going to implement this with an special variable GATEWAY_IFACE that sets the interface to be used as default GW.

Seems that fpm version 1.4.0 doesn't have this option. (tag v5.0.0)

PACKAGE_TYPE=deb PACKAGE_NAME=mypkg-context ./generate.sh
ERROR: Unrecognised option '--rpm-summary'

See: 'fpm --help'
mypkg-context_5.0.0.deb

shutdown has been renamed to terminate, and delete is deprecated.

Latest fpm version uses rpmbuild and needs --rpm-summary option.

Some cloud images do not have the host ssh key and needs to be generated on first boot. This way all the VMs will have different keys.

Hi,

don't quite understand why, but no nameservers are set in /etc/resolv.conf.
To fix that I have to do:
cp /etc/one-context.d/loc-11-dns /etc/one-context.d/net-11-dns

My dns are passed thru context with ETHX_DNS

This is on Fedora 26 server. I can try on CentOS 7.
OpenNebula 5.4 one-context-5.4.0-1.el7.noarch

I think it was working nice with one-context-5.0.x

As far as I understand this might be because one-contextd is run in network type configuration. Which seems fine, but why there is no net-xx-dns ?

Best regards,
Edouard

After deploy new VM of Debian 8, network not start. Interface present but not up.

Explicitly check if CONFIGURE_INTERFACES=no causes problems.

From this ticket:

http://dev.opennebula.org/issues/4886

Bug found in https://forum.opennebula.org/t/nic-reattach-on-sunstone-breaks-etc-network-interfaces/1599/3

Even if the interface is not found the information for the interface is added to the configuration file without device name:

iface  inet static
  address ...
  network ...
  netmask ...
  gateway ...

Used by 05-hostname script - without the host command the DNS_HOSTNAME=1 functionality doesn't work.

The context packages use ifconfig that is deprecated in some distros to get the MAC addresses from interfaces. It also expects the interfaces to have names starting with "ETH", this is no longer true. The interfaces should be identified with its MAC address.

Serial TTY should be unconfigured so kernel upgrades don't render the VM unbootable.

If partition was extended by dracut module, the filesystem resize in the one-context is never done because the script terminates after growpart has nothing to do (NOCHANGE: partition 1 is size 25155742. it cannot be grown)

#!/bin/sh
set -e
...
for PART in ${PARTITION}; do
  ${GROWPART} ${DISK} ${PART}  # <------ exits
done
...
case "${FSTYPE}" in
  ext2|ext3|ext4)
    resize2fs ${DEVICE}

By Nico Schottelius in http://dev.opennebula.org/issues/3931.

The problem with overwriting on (re-)boot is that every manual change is overwritten. This causes problems, because users are usually not aware of what opennebula is "doing to their VM".

I suggest to change it to append, if the key is not present. It can be a very simple script like if ! grep "$key" ~root/.ssh/authorized_keys; then echo $key >> ... ; fi

If the contextualisation packages are somewhere available in a version control repo, I can also create a pull request

There is a check in /usr/sbin/one-contextd which prevents subsequent contextualizations, until the context ISO changes. It should be aligned with Windows context. to run on each boot. State files should be also moved from /tmp somewhere in /var (e.g. /var/run?) .

Right now the rules are located at /etc/udev/rules.d. As this is installed by a package they should be in /lib/udev.

• Check if this path is the same in all distributions
• Find the best place in that directory (order number)

ONEGATE token is read from the cdrom. This is not available in VMs started with vcenter drivers.

If gateway is not defined in virtual network context, it will be createad in vm interfaces file anyway.

Network definition:

BRIDGE = "vmbr1"
DESCRIPTION = "vlan30"
FILTER_IP_SPOOFING = "YES"
FILTER_MAC_SPOOFING = "YES"
NETWORK_MASK = "255.255.254.0"
PHYDEV = ""
SECURITY_GROUPS = "0"
VLAN_ID = ""
VN_MAD = "fw"

VM template:

AUTOMATIC_DS_REQUIREMENTS = ""CLUSTERS/ID" @> 0"
AUTOMATIC_REQUIREMENTS = "(CLUSTER_ID = 0) & !(PUBLIC_CLOUD = YES)"
CONTEXT = [
DISK_ID = "1",
DNS_HOSTNAME = "YES",
ETH0_CONTEXT_FORCE_IPV4 = "",
ETH0_DNS = "",
ETH0_GATEWAY = "",
ETH0_GATEWAY6 = "",
ETH0_IP = "192.168.31.2",
ETH0_IP6 = "",
ETH0_IP6_ULA = "",
ETH0_MAC = "02:00:c0:a8:1f:02",
ETH0_MASK = "255.255.254.0",
ETH0_MTU = "",
ETH0_NETWORK = "",
ETH0_SEARCH_DOMAIN = "",
ETH0_VLAN_ID = "",
ETH0_VROUTER_IP = "",
ETH0_VROUTER_IP6 = "",
ETH0_VROUTER_MANAGEMENT = "",
NETWORK = "YES",
ONEGATE_ENDPOINT = "http://192.168.40.165:5030",
REPORT_READY = "YES",
SET_HOSTNAME = "Ubuntu-xenial-template-204-204",
SSH_PUBLIC_KEY = "ssh-rsa ....",
TARGET = "hda",
TOKEN = "YES",
VMID = "204" ]
...

And vm ends up with interfaces file like this:

auto eth0
iface eth0 inet static
address 192.168.31.2
network 192.168.31.0
netmask 255.255.254.0
gateway 192.168.31.1

version 5.0.1

Seems like context package 5.0 don't authenticate with token to report ready state to onegate.

From opennebula onegate log:

------
Tue Jun 21 01:15:51 2016 [E]: X_ONEGATE_TOKEN header not preset
Tue Jun 21 01:15:51 2016 [I]: Unauthorized login attempt
Tue Jun 21 01:15:51 2016 [I]: 192.168.17.200 - - [21/Jun/2016:01:15:51 +0300] "PUT /vm HTTP/1.1" 401 14 0.0016
------

VM (ubuntu 16.04) context log:
Waiting one minute to reconfigure the machine Waiting one minute to reconfigure the machine Reconfiguring diff: /tmp/context.sh: No such file or directory Reconfiguring NOCHANGE: partition 2 could only be grown by 2015 [fudge=2048] /sbin/ifdown: interface eth0 not configured /usr/bin/onegate.rb:21:in <module:CloudClient>': undefined method +' for nil:NilClass (NoMethodError) from /usr/bin/onegate.rb:13:in <main>' % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed ^M 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0^M100 23 100 14 100 9 2356 1514 --:--:-- --:--:-- --:--:-- 2800 Not authorized
In VM /tmp/one_env file does have TOKENTXT variable present.

Also allready contextualized VM with persistent disks and waits for network to come up too long.
This does not happen on 1st boot.

IP6_ULA generated by IPv6 address ranges is not supported

one-context-reconfigure takes too long and can be killed by udevd:

Seen on Debian 8 with systemd.

service networking start no longer works in Debian 8 after d96cb50. This happens because it disables network confguration in /etc/default/networking:

CONFIGURE_INTERFACES=no

Network should be configured with ifup, the same as Ubuntu.

On VM nic hotplug the context data is updated. The context packages should be able to notice this using udev rules and reconfigure the machine.

Get context data using VMware tools instead of CD for vcenter driver.

http://dev.opennebula.org/issues/3366

The data is in base64 format and can be retrieved with this command:

$ vmtoolsd --cmd 'info-get guestinfo.opennebula.context' | openssl base64 -d

Reconfiguration now occurs when a new NIC is added. It can happen that nic additions can happen after system boots. This leads to networking reconfiguration and makes the machine unreachable for some seconds.

The package information is outdated:

Packager    : C12G Labs <[email protected]>
Vendor      : C12G Labs
URL         : http://opennebula.org

By Nicolas Belan from http://dev.opennebula.org/issues/3160

I have installed a CentOS 7 from scratch.
I installed one-context RPM for 4.8.0.

I rebooted and 'cat' eth0 configuration:

[root@localhost network-scripts]# cat ifcfg-eth0
DEVICE=eth0
BOOTPROTO=none
ONBOOT=yes
TYPE=Ethernet
NETMASK=255.255.255.128
IPADDR=192.168.0.135
GATEWAY=192.168.0.254

IPV6INIT=yes
IPV6ADDR=2a00:afee:0:f:400:b9ff:fe1e:5c87
IPV6_DEFAULTGW=2a00:afee:0:f::ffff

The IPv6 addr is not set correctly on reboot. Only L-local IP is set (fe80::)

To fix that, I added NM_CONTROLLED=no in 00-network:gen_network_configuration()

ONBOOT=yes
NM_CONTROLLED=no
TYPE=Ethernet

Now, IPv6 is correctly set on reboot.

At 2-3 of 8 newly instantiated VMs on our environment (Opennebula with StorPool Integration), the CONTEXT volume is not available when vmcontext starts.

I added a hotfix and simple logging to our environment:
phroton@0aea9c0

Could be done better, but works for us.

• Network scripts should not be applied
• CONTEXT information should be retrieved from the metadata server

curl http://169.254.169.254/latest/user-data
curl -X "GET" "http://onegate.endpoint/vm" --header "X-ONEGATE-TOKEN: freqdptHxEQ+D43d7guTRZQ==" --header "X-ONEGATE-VMID: 55"

The base system should be ready before configuring network access.

Error and debug messages should be written to a log file for easier debugging.

Release 4.14 will support image resizing on clone. Context packages should be able to resize automatically the root filesystem on boot.

Some old Ubuntu 14.04 versions have a book that leave loopback device unconfigured when network is restarted. This does not happen anymore with 14.04.4.

https://forum.opennebula.org/t/loopback-address-missing-in-ubuntu-14-04-kvm/310/1

Hello,

I just tried the 4.90.0 context for linux (ubuntu package) and found that /etc/hosts is not updated with the new host name provided by SET_HOSTNAME context attribute.

cat /etc/hosts
127.0.0.1   localhost
127.0.1.1   xenial.eole.lan xenial

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

I think the line 127.0.1.1 could be replaced.

Regards.

Based on:

https://wiki.debian.org/NetworkConfiguration#The_resolv.conf_configuration_file
and
https://help.ubuntu.com/lts/serverguide/network-configuration.html#name-resolution

If your system uses resolvconf then the information about name servers is only available to other programs if they are included in the /etc/network/interfaces file.

This causes programs to fail when they try to grab contextualized vms dns settings such as when adding a transparent dns proxy/cache to the vm.

I'm using ubuntu 14.04

I downloaded the deb from https://github.com/OpenNebula/addon-context-linux/releases/download/v4.14.4/one-context_4.14.4.deb

when i try to install this package using 'dpkg -i one-context_4.14.4.deb', it thows '/etc/init.d/vmcontext' file does not exist error.

To resolve this problem, now i copy and paste all the scripts to my image.

root@tom:~# dpkg -i one-context_4.14.3.deb 
(Reading database ... 51873 files and directories currently installed.)
Preparing to unpack one-context_4.14.3.deb ...
Unpacking one-context (4.14.3) over (4.14.3) ...
Setting up one-context (4.14.3) ...
`update-rc.d: /etc/init.d/vmcontext: file does not exist`
Processing triggers for ureadahead (0.100.0-16) ...

root@tom-resize:/etc/init.d# nano vmcontext
root@tom-resize:/etc/init.d# dpkg -i /root/one-context_4.14.3.deb
(Reading database ... 51873 files and directories currently installed.)
Preparing to unpack /root/one-context_4.14.3.deb ...
Unpacking one-context (4.14.3) over (4.14.3) ...
Setting up one-context (4.14.3) ...
System start/stop links for /etc/init.d/vmcontext already exist.

Issue originally reported by Nicolas Belan at dev.opennebula.org:

Hi,
When using multiple network on vrouter, you may have multiple default gateway defined (1 per vnet)

To choose the right gateway, it is possible to set "metric", as in:
`
localhost:~# cat /etc/network/interfaces
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
address 172.25.104.254
network 172.25.104.0
netmask 255.255.255.0
gateway 172.25.104.254
metric 1000

auto eth1
iface eth1 inet static
address 172.25.101.201
network 172.25.101.0
netmask 255.255.0.0
gateway 172.25.8.20
metric 101
`

Metric may be set in context variable, and retrieve from context, using something like:

`

Gets the gateway metric

get_metric() {
if is_gateway; then
metric=$(get_iface_var "METRIC")

    if [ -z "$metric" ]; then
        if [ "$DEV" = "eth0" ]; then
            metric=1000
        else
            metric=$((100+$IFACE_NUM))
        fi
    fi

    echo $metric

fi
}
`
Using that code, by default, the second network interface is the default gateway (1=LAN, 2=WAN), and that can be change using ETH{X}_METRIC=10

Perhaps a hardcoded "eth0" is not correct; but this is a starting point.

Adding the right call "METRIC=$(get_metric)" in the interface loop, this makes the job for me :)

`--- /etc/one-context.d/00-network.orig
+++ /etc/one-context.d/00-network
@@ -88,7 +88,23 @@
echo $gateway
fi
}
+# Gets the gateway metric
+get_metric() {

• if is_gateway; then

•    metric=$(get_iface_var "METRIC")
  

•    if [ -z "$metric" ]; then
  

•        if [ "$DEV" = "eth0" ]; then
  

•            metric=1000
  

•        else
  

•            metric=$((100+$IFACE_NUM))
  

•        fi
  

•    fi
  

•    echo $metric
  

• fi
  +}

Gets the network gateway6

get_gateway6() {
if is_gateway; then
@@ -147,6 +163,10 @@
echo " gateway $GATEWAY6"
fi

• if [ -n "$METRIC" ]; then

•    echo "  metric $METRIC" 
  

• fi
• echo ""
  }

@@ -191,6 +211,7 @@
MASK=$(get_mask)
MTU=$(get_mtu)
GATEWAY=$(get_gateway)

•    METRIC=$(get_metric)
  
     IPV6=$(get_iface_var "IPV6")
     [[ -z $IPV6 ]] && IPV6=$(get_iface_var "IP6")
  

`

Current execution order

• 12-ssh_public_key
• 13-selinux-ssh
  ...
• 20-set-username-password

configures SSH access by 12-ssh_public_key for the $USERNAME before the user is actually created by 20-set-username-password. If the $USERNAME doesn't exist for SSH, script fallbacks to root. In subsequent runs, the desired $USERNAME is configured.