opennebula / addon-context-linux Goto Github PK
View Code? Open in Web Editor NEWLinux VM Contextualization
License: Apache License 2.0
Linux VM Contextualization
License: Apache License 2.0
Multiple instances can run in parallel
492 ? S 0:00 \_ /usr/lib/systemd/systemd-udevd
524 ? S 0:00 | \_ /bin/sh /usr/sbin/one-context-reconfigure
526 ? S 0:00 | \_ /bin/sh /usr/sbin/one-context-reconfigure
2084 ? S 0:00 | \_ /bin/bash /usr/sbin/one-contextd reconfigure
2093 ? S 0:00 | \_ curl -o /tmp/context.sh.new http://169.254.169.254/latest/user-data
493 ? S 0:00 \_ /usr/lib/systemd/systemd-udevd
494 ? S 0:00 \_ /usr/lib/systemd/systemd-udevd
495 ? S 0:00 \_ /usr/lib/systemd/systemd-udevd
525 ? S 0:00 | \_ /bin/sh /usr/sbin/one-context-reconfigure
527 ? S 0:00 | \_ /bin/sh /usr/sbin/one-context-reconfigure
2085 ? S 0:00 | \_ /bin/bash /usr/sbin/one-contextd reconfigure
2094 ? S 0:00 | \_ curl -o /tmp/context.sh.new http://169.254.169.254/latest/user-data
496 ? S 0:00 \_ /usr/lib/systemd/systemd-udevd
512 ? S 0:00 | \_ /bin/sh /usr/sbin/one-context-reconfigure
513 ? S 0:00 | \_ /bin/sh /usr/sbin/one-context-reconfigure
2086 ? S 0:00 | \_ /bin/bash /usr/sbin/one-contextd reconfigure
2095 ? S 0:00 | \_ curl -o /tmp/context.sh.new http://169.254.169.254/latest/user-data
497 ? S 0:00 \_ /usr/lib/systemd/systemd-udevd
# head -8 /tmp/context.log
Waiting one minute to reconfigure the machine
Waiting one minute to reconfigure the machine
Waiting one minute to reconfigure the machine
Reconfiguring
Reconfiguring
Reconfiguring
+ get_new_context
+ get_new_context
This will allow for a more flexible way to add files to it. For example, add SysV init scripts to CentOS 6 and Systemd to CentOS 7.
Hello,
If I disable network context on a template, the /etc/network/interfaces
and /etc/resolv.conf
are overwritten.
Regards.
Hello,
I'm in the process of writing a patch to contextualize the user used to configure the ssh public key.
The idea is to avoid untraceable generic account like root
, so I'll proposed another pull request for sudo
context script to create a local account with sudo
permission.
I started with a ${SSH_USER}
variable, but I saw the ${USERNAME}
used for windows machines and I think reusing it here is better than creating a new one.
Tell me what do you think about this.
Regards.
The packages try to get context data in this order:
The timeout for EC2 can take minutes making vmware machines wait a lot before booting. EC2 should be the last check.
Hello,
I think we could split the contextualisation scripts in two parts:
multi-user.target
(like $START_SCRIPT
)Regards.
Patch submited by Bill Cole to http://dev.opennebula.org/issues/3842
It may seem like an arcane use case, but it is easy enough to make possible with an explicit argument added to the fpm call.
From http://dev.opennebula.org/issues/2927
If there are multiple nics, like eth0 and eth1, and both have a GATEWAY defined, it is not currently possible to choose which interface represents the default gateway.
We are going to implement this with an special variable GATEWAY_IFACE that sets the interface to be used as default GW.
Seems that fpm version 1.4.0 doesn't have this option. (tag v5.0.0)
PACKAGE_TYPE=deb PACKAGE_NAME=mypkg-context ./generate.sh
ERROR: Unrecognised option '--rpm-summary'
See: 'fpm --help'
mypkg-context_5.0.0.deb
shutdown has been renamed to terminate, and delete is deprecated.
Latest fpm version uses rpmbuild and needs --rpm-summary
option.
Some cloud images do not have the host ssh key and needs to be generated on first boot. This way all the VMs will have different keys.
Hi,
don't quite understand why, but no nameservers are set in /etc/resolv.conf.
To fix that I have to do:
cp /etc/one-context.d/loc-11-dns /etc/one-context.d/net-11-dns
My dns are passed thru context with ETHX_DNS
This is on Fedora 26 server. I can try on CentOS 7.
OpenNebula 5.4 one-context-5.4.0-1.el7.noarch
I think it was working nice with one-context-5.0.x
As far as I understand this might be because one-contextd is run in network type configuration. Which seems fine, but why there is no net-xx-dns ?
Best regards,
Edouard
After deploy new VM of Debian 8, network not start. Interface present but not up.
Explicitly check if CONFIGURE_INTERFACES=no
causes problems.
From this ticket:
Bug found in https://forum.opennebula.org/t/nic-reattach-on-sunstone-breaks-etc-network-interfaces/1599/3
Even if the interface is not found the information for the interface is added to the configuration file without device name:
iface inet static
address ...
network ...
netmask ...
gateway ...
Used by 05-hostname
script - without the host
command the DNS_HOSTNAME=1
functionality doesn't work.
The context packages use ifconfig
that is deprecated in some distros to get the MAC addresses from interfaces. It also expects the interfaces to have names starting with "ETH", this is no longer true. The interfaces should be identified with its MAC address.
Serial TTY should be unconfigured so kernel upgrades don't render the VM unbootable.
If partition was extended by dracut module, the filesystem resize in the one-context is never done because the script terminates after growpart has nothing to do (NOCHANGE: partition 1 is size 25155742. it cannot be grown
)
#!/bin/sh
set -e
...
for PART in ${PARTITION}; do
${GROWPART} ${DISK} ${PART} # <------ exits
done
...
case "${FSTYPE}" in
ext2|ext3|ext4)
resize2fs ${DEVICE}
By Nico Schottelius in http://dev.opennebula.org/issues/3931.
The problem with overwriting on (re-)boot is that every manual change is overwritten. This causes problems, because users are usually not aware of what opennebula is "doing to their VM".
I suggest to change it to append, if the key is not present. It can be a very simple script like if ! grep "$key" ~root/.ssh/authorized_keys; then echo $key >> ... ; fi
If the contextualisation packages are somewhere available in a version control repo, I can also create a pull request
There is a check in /usr/sbin/one-contextd which prevents subsequent contextualizations, until the context ISO changes. It should be aligned with Windows context. to run on each boot. State files should be also moved from /tmp somewhere in /var (e.g. /var/run?) .
Right now the rules are located at /etc/udev/rules.d
. As this is installed by a package they should be in /lib/udev
.
ONEGATE token is read from the cdrom. This is not available in VMs started with vcenter drivers.
If gateway is not defined in virtual network context, it will be createad in vm interfaces file anyway.
BRIDGE = "vmbr1"
DESCRIPTION = "vlan30"
FILTER_IP_SPOOFING = "YES"
FILTER_MAC_SPOOFING = "YES"
NETWORK_MASK = "255.255.254.0"
PHYDEV = ""
SECURITY_GROUPS = "0"
VLAN_ID = ""
VN_MAD = "fw"
VM template:
AUTOMATIC_DS_REQUIREMENTS = ""CLUSTERS/ID" @> 0"
AUTOMATIC_REQUIREMENTS = "(CLUSTER_ID = 0) & !(PUBLIC_CLOUD = YES)"
CONTEXT = [
DISK_ID = "1",
DNS_HOSTNAME = "YES",
ETH0_CONTEXT_FORCE_IPV4 = "",
ETH0_DNS = "",
ETH0_GATEWAY = "",
ETH0_GATEWAY6 = "",
ETH0_IP = "192.168.31.2",
ETH0_IP6 = "",
ETH0_IP6_ULA = "",
ETH0_MAC = "02:00:c0:a8:1f:02",
ETH0_MASK = "255.255.254.0",
ETH0_MTU = "",
ETH0_NETWORK = "",
ETH0_SEARCH_DOMAIN = "",
ETH0_VLAN_ID = "",
ETH0_VROUTER_IP = "",
ETH0_VROUTER_IP6 = "",
ETH0_VROUTER_MANAGEMENT = "",
NETWORK = "YES",
ONEGATE_ENDPOINT = "http://192.168.40.165:5030",
REPORT_READY = "YES",
SET_HOSTNAME = "Ubuntu-xenial-template-204-204",
SSH_PUBLIC_KEY = "ssh-rsa ....",
TARGET = "hda",
TOKEN = "YES",
VMID = "204" ]
...
auto eth0
iface eth0 inet static
address 192.168.31.2
network 192.168.31.0
netmask 255.255.254.0
gateway 192.168.31.1
version 5.0.1
Seems like context package 5.0 don't authenticate with token to report ready state to onegate.
From opennebula onegate log:
------
Tue Jun 21 01:15:51 2016 [E]: X_ONEGATE_TOKEN header not preset
Tue Jun 21 01:15:51 2016 [I]: Unauthorized login attempt
Tue Jun 21 01:15:51 2016 [I]: 192.168.17.200 - - [21/Jun/2016:01:15:51 +0300] "PUT /vm HTTP/1.1" 401 14 0.0016
------
VM (ubuntu 16.04) context log:
Waiting one minute to reconfigure the machine Waiting one minute to reconfigure the machine Reconfiguring diff: /tmp/context.sh: No such file or directory Reconfiguring NOCHANGE: partition 2 could only be grown by 2015 [fudge=2048] /sbin/ifdown: interface eth0 not configured /usr/bin/onegate.rb:21:in <module:CloudClient>': undefined method +' for nil:NilClass (NoMethodError) from /usr/bin/onegate.rb:13:in <main>' % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed ^M 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0^M100 23 100 14 100 9 2356 1514 --:--:-- --:--:-- --:--:-- 2800 Not authorized
In VM /tmp/one_env file does have TOKENTXT variable present.
Also allready contextualized VM with persistent disks and waits for network to come up too long.
This does not happen on 1st boot.
IP6_ULA generated by IPv6 address ranges is not supported
service networking start
no longer works in Debian 8 after d96cb50. This happens because it disables network confguration in /etc/default/networking
:
CONFIGURE_INTERFACES=no
Network should be configured with ifup
, the same as Ubuntu.
addon-context-linux/base_deb.one/etc/one-context.d/10-network
Lines 259 to 275 in c9a384b
On VM nic hotplug the context data is updated. The context packages should be able to notice this using udev rules and reconfigure the machine.
Get context data using VMware tools instead of CD for vcenter driver.
http://dev.opennebula.org/issues/3366
The data is in base64 format and can be retrieved with this command:
$ vmtoolsd --cmd 'info-get guestinfo.opennebula.context' | openssl base64 -d
Reconfiguration now occurs when a new NIC is added. It can happen that nic additions can happen after system boots. This leads to networking reconfiguration and makes the machine unreachable for some seconds.
The package information is outdated:
Packager : C12G Labs <[email protected]>
Vendor : C12G Labs
URL : http://opennebula.org
By Nicolas Belan from http://dev.opennebula.org/issues/3160
I have installed a CentOS 7 from scratch.
I installed one-context RPM for 4.8.0.
I rebooted and 'cat' eth0 configuration:
[root@localhost network-scripts]# cat ifcfg-eth0
DEVICE=eth0
BOOTPROTO=none
ONBOOT=yes
TYPE=Ethernet
NETMASK=255.255.255.128
IPADDR=192.168.0.135
GATEWAY=192.168.0.254
IPV6INIT=yes
IPV6ADDR=2a00:afee:0:f:400:b9ff:fe1e:5c87
IPV6_DEFAULTGW=2a00:afee:0:f::ffff
The IPv6 addr is not set correctly on reboot. Only L-local IP is set (fe80::)
To fix that, I added NM_CONTROLLED=no in 00-network:gen_network_configuration()
ONBOOT=yes
NM_CONTROLLED=no
TYPE=Ethernet
Now, IPv6 is correctly set on reboot.
At 2-3 of 8 newly instantiated VMs on our environment (Opennebula with StorPool Integration), the CONTEXT volume is not available when vmcontext starts.
I added a hotfix and simple logging to our environment:
phroton@0aea9c0
Could be done better, but works for us.
curl http://169.254.169.254/latest/user-data
curl -X "GET" "http://onegate.endpoint/vm" --header "X-ONEGATE-TOKEN: freqdptHxEQ+D43d7guTRZQ==" --header "X-ONEGATE-VMID: 55"
The base system should be ready before configuring network access.
Error and debug messages should be written to a log file for easier debugging.
Release 4.14 will support image resizing on clone. Context packages should be able to resize automatically the root filesystem on boot.
Some old Ubuntu 14.04 versions have a book that leave loopback device unconfigured when network is restarted. This does not happen anymore with 14.04.4.
https://forum.opennebula.org/t/loopback-address-missing-in-ubuntu-14-04-kvm/310/1
Hello,
I just tried the 4.90.0 context for linux (ubuntu package) and found that /etc/hosts
is not updated with the new host name provided by SET_HOSTNAME
context attribute.
cat /etc/hosts
127.0.0.1 localhost
127.0.1.1 xenial.eole.lan xenial
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
I think the line 127.0.1.1 could be replaced.
Regards.
Based on:
https://wiki.debian.org/NetworkConfiguration#The_resolv.conf_configuration_file
and
https://help.ubuntu.com/lts/serverguide/network-configuration.html#name-resolution
If your system uses resolvconf
then the information about name servers is only available to other programs if they are included in the /etc/network/interfaces
file.
This causes programs to fail when they try to grab contextualized vms dns settings such as when adding a transparent dns proxy/cache to the vm.
I'm using ubuntu 14.04
I downloaded the deb from https://github.com/OpenNebula/addon-context-linux/releases/download/v4.14.4/one-context_4.14.4.deb
when i try to install this package using 'dpkg -i one-context_4.14.4.deb', it thows '/etc/init.d/vmcontext' file does not exist error.
To resolve this problem, now i copy and paste all the scripts to my image.
root@tom:~# dpkg -i one-context_4.14.3.deb
(Reading database ... 51873 files and directories currently installed.)
Preparing to unpack one-context_4.14.3.deb ...
Unpacking one-context (4.14.3) over (4.14.3) ...
Setting up one-context (4.14.3) ...
`update-rc.d: /etc/init.d/vmcontext: file does not exist`
Processing triggers for ureadahead (0.100.0-16) ...
root@tom-resize:/etc/init.d# nano vmcontext
root@tom-resize:/etc/init.d# dpkg -i /root/one-context_4.14.3.deb
(Reading database ... 51873 files and directories currently installed.)
Preparing to unpack /root/one-context_4.14.3.deb ...
Unpacking one-context (4.14.3) over (4.14.3) ...
Setting up one-context (4.14.3) ...
System start/stop links for /etc/init.d/vmcontext already exist.
Issue originally reported by Nicolas Belan at dev.opennebula.org:
Hi,
When using multiple network on vrouter, you may have multiple default gateway defined (1 per vnet)
To choose the right gateway, it is possible to set "metric", as in:
`
localhost:~# cat /etc/network/interfaces
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 172.25.104.254
network 172.25.104.0
netmask 255.255.255.0
gateway 172.25.104.254
metric 1000
auto eth1
iface eth1 inet static
address 172.25.101.201
network 172.25.101.0
netmask 255.255.0.0
gateway 172.25.8.20
metric 101
`
Metric may be set in context variable, and retrieve from context, using something like:
`
get_metric() {
if is_gateway; then
metric=$(get_iface_var "METRIC")
if [ -z "$metric" ]; then
if [ "$DEV" = "eth0" ]; then
metric=1000
else
metric=$((100+$IFACE_NUM))
fi
fi
echo $metric
fi
}
`
Using that code, by default, the second network interface is the default gateway (1=LAN, 2=WAN), and that can be change using ETH{X}_METRIC=10
Perhaps a hardcoded "eth0" is not correct; but this is a starting point.
Adding the right call "METRIC=$(get_metric)" in the interface loop, this makes the job for me :)
`--- /etc/one-context.d/00-network.orig
+++ /etc/one-context.d/00-network
@@ -88,7 +88,23 @@
echo $gateway
fi
}
+# Gets the gateway metric
+get_metric() {
if is_gateway; then
metric=$(get_iface_var "METRIC")
if [ -z "$metric" ]; then
if [ "$DEV" = "eth0" ]; then
metric=1000
else
metric=$((100+$IFACE_NUM))
fi
fi
echo $metric
fi
+}
get_gateway6() {
if is_gateway; then
@@ -147,6 +163,10 @@
echo " gateway $GATEWAY6"
fi
echo " metric $METRIC"
@@ -191,6 +211,7 @@
MASK=$(get_mask)
MTU=$(get_mtu)
GATEWAY=$(get_gateway)
METRIC=$(get_metric)
IPV6=$(get_iface_var "IPV6")
[[ -z $IPV6 ]] && IPV6=$(get_iface_var "IP6")
`
Current execution order
configures SSH access by 12-ssh_public_key
for the $USERNAME
before the user is actually created by 20-set-username-password
. If the $USERNAME
doesn't exist for SSH, script fallbacks to root. In subsequent runs, the desired $USERNAME
is configured.
# curl -o /tmp/context.sh.new http://169.254.169.254/latest/user-data
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- 0:02:07 --:--:-- 0curl: (7) Failed connect to 169.254.169.254:80; Connection timed out
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.