1913689 – [Bare Metal Image Deployment] Add support for disabling of some of Anaconda modules

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1913689 - [Bare Metal Image Deployment] Add support for disabling of some of Anaconda modules

Summary: [Bare Metal Image Deployment] Add support for disabling of some of Anaconda m...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 8
Classification:	Red Hat
Component:	anaconda
Sub Component:
Version:	8.3
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	8.0
Assignee:	Radek Vykydal
QA Contact:	Release Test Team
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1834535
TreeView+	depends on / blocked

Reported:	2021-01-07 11:29 UTC by Radek Vykydal
Modified:	2021-05-18 15:47 UTC (History)
CC List:	5 users (show)
Fixed In Version:	anaconda-33.16.4.7-1
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2021-05-18 15:47:16 UTC
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Radek Vykydal 2021-01-07 11:29:11 UTC

As described in https://bugzilla.redhat.com/show_bug.cgi?id=1834535#c4 for Bare Metal Image Deployment feature (https://issues.redhat.com/browse/RHELBU-414) Anaconda needs to add support for conifiguration of modules that should be disabled / masked during image installation in two aspects:

1) The configuration on the image produced by Image Builder via blueprint should not be overwritten by Anaconda's default values during installation of the image.

2) Incomplete kickstart produced by Image Builder (leaving out commands for configuration that is already present in the image via blueprint configuration as above in 1)) should not cause Anaconda to stop automated installation asking interactively in UI.

Both 1) and 2) will be achieved on the level / granularity of Anaconda modules by not enabling respective module in anaconda configuration file.

If there is a demand to use custom kickstart overriding the kickstart generated by Image Builder [1], the modules handling commands to be configured by the kickstart need to be re-enabled. This can be achieved by:

a) Modification of the configuration file in the image. This is a less convenient way from user point of view.

b) By selecting specific profile by installer boot option inst.product and inst.variant. This would require Image Builder setting which modules are disabled by a specific profile in /etc/anaconda/product.d directory (as opposed to just dropping the configuration file into /etc/anaconda/conf.d)

[1] For example by using inst.ks boot option.

Comment 1 Radek Vykydal 2021-01-07 11:31:34 UTC

(In reply to Radek Vykydal from comment #0)

> 1) The configuration on the image produced by Image Builder via blueprint
> should not be rewritten by Anaconda's default values during installation of
> the image.

These modules (and respecitve kickstart commands) need to be disabled:
LOCALIZATION (lang, keyboard)
USERS (rootpw, user, group, sshkey)
TIMEZONE (timezone)

NETWORK (network, firewall)

As for the network module, Image Builder is not able to configure networking so there might be requirement to be able to configure networking via kickstart network command, ie not disable the network module completely and apply the configuration in case network command is present in kickstart (the situation here is a bit complicated by the fact that hostname and device configuration is achieved by the same network kickstart command).

Other modules:
SERVICES (services, xconfig, skipx, firstboot)
SECURITY (selinux, authconfig, authselect, realm)
should not rewrite configuration in the image if they are not configured in kickckstart so their disabling is not strictly required.

Comment 2 Radek Vykydal 2021-01-07 11:33:02 UTC

(In reply to Radek Vykydal from comment #0)

> 2) Incomplete kickstart produced by Image Builder (leaving out commands for
> configuration that is already present in the image via blueprint
> configuration as above in 1)) should not cause Anaconda to stop automated
> installation asking interactively in UI.

The modules that need to be disabled and respective kickstart commands:

LOCALIZATION - lang and keyboard kickstart commands are required
USERS - rootpw or admin user is required
TIMEZONE - timezone kickstart command is required

Comment 3 Radek Vykydal 2021-01-07 13:43:32 UTC

(In reply to Radek Vykydal from comment #2)
> (In reply to Radek Vykydal from comment #0)
> 
> > 2) Incomplete kickstart produced by Image Builder (leaving out commands for
> > configuration that is already present in the image via blueprint
> > configuration as above in 1)) should not cause Anaconda to stop automated
> > installation asking interactively in UI.
> 
> The modules that need to be disabled and respective kickstart commands:
> 
> LOCALIZATION - lang and keyboard kickstart commands are required
> USERS - rootpw or admin user is required
> TIMEZONE - timezone kickstart command is required

Notes on testing:

With modules disabled in anaconda configuration in /etc/anaconda in installer image (can be added by updates.img) the respective commands missing in kickstart won't prevent fully automated installation (ie UI will not stop installation to configure the values).
The configuration is not yet definitive but an example of current solution is in https://github.com/rhinstaller/anaconda/pull/3070.

Comment 4 Radek Vykydal 2021-01-07 13:52:49 UTC

(In reply to Radek Vykydal from comment #1)
> (In reply to Radek Vykydal from comment #0)
> 
> > 1) The configuration on the image produced by Image Builder via blueprint
> > should not be rewritten by Anaconda's default values during installation of
> > the image.
> 
> These modules (and respecitve kickstart commands) need to be disabled:
> LOCALIZATION (lang, keyboard)
> USERS (rootpw, user, group, sshkey)
> TIMEZONE (timezone)
> 
> NETWORK (network, firewall)
> 
> As for the network module, Image Builder is not able to configure networking
> so there might be requirement to be able to configure networking via
> kickstart network command, ie not disable the network module completely and
> apply the configuration in case network command is present in kickstart (the
> situation here is a bit complicated by the fact that hostname and device
> configuration is achieved by the same network kickstart command).
> 
> Other modules:
> SERVICES (services, xconfig, skipx, firstboot)
> SECURITY (selinux, authconfig, authselect, realm)
> should not rewrite configuration in the image if they are not configured in
> kickckstart so their disabling is not strictly required.

Notes on testing:

With modules disabled in anaconda configuration in /etc/anaconda in installer image (can be added by updates.img) the respective commands won't overwrite respective configuration (via blueprint) of image (for example tar payload image) installed with liveimg command.
The configuration is not yet definitive but an example of current solution is in https://github.com/rhinstaller/anaconda/pull/3070.
For the (partial) disabling of NETWORK module as described above there might be another additional configuration created.

Example of kickstart and blueprint for creating of the tar payload image with Image Builder can be found in https://issues.redhat.com/browse/INSTALLER-2302?focusedCommentId=15631153&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-15631153

Comment 5 Radek Vykydal 2021-01-07 14:10:52 UTC

WIP PRs:
https://github.com/rhinstaller/anaconda/pull/3070
https://github.com/rhinstaller/anaconda/pull/3074

Comment 6 Vendula Poncova 2021-01-11 19:41:30 UTC

Allow to disable DBus modules:

    Timezone: https://github.com/rhinstaller/anaconda/pull/3081
    Users: https://github.com/rhinstaller/anaconda/pull/3082
    Localization: https://github.com/rhinstaller/anaconda/pull/3083
    Services: https://github.com/rhinstaller/anaconda/pull/3084
    Security: https://github.com/rhinstaller/anaconda/pull/3085

Allow to disable network installation:

    https://github.com/rhinstaller/anaconda/pull/3086

Supported configuration snippet:

[Anaconda]
# List of enabled Anaconda DBus modules.
kickstart_modules =
     org.fedoraproject.Anaconda.Modules.Network
     org.fedoraproject.Anaconda.Modules.Payloads
     org.fedoraproject.Anaconda.Modules.Storage

[Network]
# Enable installation of the network configuration on the target system.
enable_installation = False

Comment 7 Vendula Poncova 2021-01-14 14:58:43 UTC

The configuration snippet from the comment 6 has changed a little:

[Anaconda]
# List of enabled Anaconda DBus modules.
kickstart_modules =
     org.fedoraproject.Anaconda.Modules.Network
     org.fedoraproject.Anaconda.Modules.Payloads
     org.fedoraproject.Anaconda.Modules.Storage

[Installation Target]
# Should we install the network configuration?
can_configure_network = False

Comment 10 Zdenek Veleba 2021-01-21 19:04:01 UTC

Pre-verified with anaconda-33.16.4.7-1.el8 as described in comment 9

Comment 13 Zdenek Veleba 2021-02-11 13:51:49 UTC

Verified, the changes are present in RHEL-8.4.0-20210211.n.1

Comment 15 errata-xmlrpc 2021-05-18 15:47:16 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (anaconda bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:1844

Note You need to log in before you can comment on or make changes to this bug.