Bug 1913689
| Summary: | [Bare Metal Image Deployment] Add support for disabling of some of Anaconda modules | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Radek Vykydal <rvykydal> |
| Component: | anaconda | Assignee: | Radek Vykydal <rvykydal> |
| Status: | CLOSED ERRATA | QA Contact: | Release Test Team <release-test-team-automation> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 8.3 | CC: | jstodola, mkolman, sbueno, vponcova, zveleba |
| Target Milestone: | rc | Flags: | pm-rhel:
mirror+
|
| Target Release: | 8.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | anaconda-33.16.4.7-1 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-05-18 15:47:16 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1834535 | ||
|
Description
Radek Vykydal
2021-01-07 11:29:11 UTC
(In reply to Radek Vykydal from comment #0) > 1) The configuration on the image produced by Image Builder via blueprint > should not be rewritten by Anaconda's default values during installation of > the image. These modules (and respecitve kickstart commands) need to be disabled: LOCALIZATION (lang, keyboard) USERS (rootpw, user, group, sshkey) TIMEZONE (timezone) NETWORK (network, firewall) As for the network module, Image Builder is not able to configure networking so there might be requirement to be able to configure networking via kickstart network command, ie not disable the network module completely and apply the configuration in case network command is present in kickstart (the situation here is a bit complicated by the fact that hostname and device configuration is achieved by the same network kickstart command). Other modules: SERVICES (services, xconfig, skipx, firstboot) SECURITY (selinux, authconfig, authselect, realm) should not rewrite configuration in the image if they are not configured in kickckstart so their disabling is not strictly required. (In reply to Radek Vykydal from comment #0) > 2) Incomplete kickstart produced by Image Builder (leaving out commands for > configuration that is already present in the image via blueprint > configuration as above in 1)) should not cause Anaconda to stop automated > installation asking interactively in UI. The modules that need to be disabled and respective kickstart commands: LOCALIZATION - lang and keyboard kickstart commands are required USERS - rootpw or admin user is required TIMEZONE - timezone kickstart command is required (In reply to Radek Vykydal from comment #2) > (In reply to Radek Vykydal from comment #0) > > > 2) Incomplete kickstart produced by Image Builder (leaving out commands for > > configuration that is already present in the image via blueprint > > configuration as above in 1)) should not cause Anaconda to stop automated > > installation asking interactively in UI. > > The modules that need to be disabled and respective kickstart commands: > > LOCALIZATION - lang and keyboard kickstart commands are required > USERS - rootpw or admin user is required > TIMEZONE - timezone kickstart command is required Notes on testing: With modules disabled in anaconda configuration in /etc/anaconda in installer image (can be added by updates.img) the respective commands missing in kickstart won't prevent fully automated installation (ie UI will not stop installation to configure the values). The configuration is not yet definitive but an example of current solution is in https://github.com/rhinstaller/anaconda/pull/3070. (In reply to Radek Vykydal from comment #1) > (In reply to Radek Vykydal from comment #0) > > > 1) The configuration on the image produced by Image Builder via blueprint > > should not be rewritten by Anaconda's default values during installation of > > the image. > > These modules (and respecitve kickstart commands) need to be disabled: > LOCALIZATION (lang, keyboard) > USERS (rootpw, user, group, sshkey) > TIMEZONE (timezone) > > NETWORK (network, firewall) > > As for the network module, Image Builder is not able to configure networking > so there might be requirement to be able to configure networking via > kickstart network command, ie not disable the network module completely and > apply the configuration in case network command is present in kickstart (the > situation here is a bit complicated by the fact that hostname and device > configuration is achieved by the same network kickstart command). > > Other modules: > SERVICES (services, xconfig, skipx, firstboot) > SECURITY (selinux, authconfig, authselect, realm) > should not rewrite configuration in the image if they are not configured in > kickckstart so their disabling is not strictly required. Notes on testing: With modules disabled in anaconda configuration in /etc/anaconda in installer image (can be added by updates.img) the respective commands won't overwrite respective configuration (via blueprint) of image (for example tar payload image) installed with liveimg command. The configuration is not yet definitive but an example of current solution is in https://github.com/rhinstaller/anaconda/pull/3070. For the (partial) disabling of NETWORK module as described above there might be another additional configuration created. Example of kickstart and blueprint for creating of the tar payload image with Image Builder can be found in https://issues.redhat.com/browse/INSTALLER-2302?focusedCommentId=15631153&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-15631153 WIP PRs: https://github.com/rhinstaller/anaconda/pull/3070 https://github.com/rhinstaller/anaconda/pull/3074 Allow to disable DBus modules:
Timezone: https://github.com/rhinstaller/anaconda/pull/3081
Users: https://github.com/rhinstaller/anaconda/pull/3082
Localization: https://github.com/rhinstaller/anaconda/pull/3083
Services: https://github.com/rhinstaller/anaconda/pull/3084
Security: https://github.com/rhinstaller/anaconda/pull/3085
Allow to disable network installation:
https://github.com/rhinstaller/anaconda/pull/3086
Supported configuration snippet:
[Anaconda]
# List of enabled Anaconda DBus modules.
kickstart_modules =
org.fedoraproject.Anaconda.Modules.Network
org.fedoraproject.Anaconda.Modules.Payloads
org.fedoraproject.Anaconda.Modules.Storage
[Network]
# Enable installation of the network configuration on the target system.
enable_installation = False
The configuration snippet from the comment 6 has changed a little: [Anaconda] # List of enabled Anaconda DBus modules. kickstart_modules = org.fedoraproject.Anaconda.Modules.Network org.fedoraproject.Anaconda.Modules.Payloads org.fedoraproject.Anaconda.Modules.Storage [Installation Target] # Should we install the network configuration? can_configure_network = False Pre-verified with anaconda-33.16.4.7-1.el8 as described in comment 9 Verified, the changes are present in RHEL-8.4.0-20210211.n.1 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (anaconda bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2021:1844 |