Commit e40f40de authored by Nikos Skalkotos's avatar Nikos Skalkotos
Browse files

Merge branch 'master' into debian-wheezy

parents f16157cf 52225f51
# Makefile for Sphinx documentation
#
# You can set these variables from the command line.
SPHINXOPTS =
SPHINXBUILD = sphinx-build
PAPER =
BUILDDIR = _build
# Internal variables.
PAPEROPT_a4 = -D latex_paper_size=a4
PAPEROPT_letter = -D latex_paper_size=letter
ALLSPHINXOPTS = -d $(BUILDDIR)/doctrees $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) .
.PHONY: help clean html dirhtml pickle json htmlhelp qthelp latex changes linkcheck doctest
help:
@echo "Please use \`make <target>' where <target> is one of"
@echo " html to make standalone HTML files"
@echo " dirhtml to make HTML files named index.html in directories"
@echo " pickle to make pickle files"
@echo " json to make JSON files"
@echo " htmlhelp to make HTML files and a HTML help project"
@echo " qthelp to make HTML files and a qthelp project"
@echo " latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter"
@echo " changes to make an overview of all changed/added/deprecated items"
@echo " linkcheck to check all external links for integrity"
@echo " doctest to run all doctests embedded in the documentation (if enabled)"
clean:
-rm -rf $(BUILDDIR)/*
html:
$(SPHINXBUILD) -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html
@echo
@echo "Build finished. The HTML pages are in $(BUILDDIR)/html."
dirhtml:
$(SPHINXBUILD) -b dirhtml $(ALLSPHINXOPTS) $(BUILDDIR)/dirhtml
@echo
@echo "Build finished. The HTML pages are in $(BUILDDIR)/dirhtml."
pickle:
$(SPHINXBUILD) -b pickle $(ALLSPHINXOPTS) $(BUILDDIR)/pickle
@echo
@echo "Build finished; now you can process the pickle files."
json:
$(SPHINXBUILD) -b json $(ALLSPHINXOPTS) $(BUILDDIR)/json
@echo
@echo "Build finished; now you can process the JSON files."
htmlhelp:
$(SPHINXBUILD) -b htmlhelp $(ALLSPHINXOPTS) $(BUILDDIR)/htmlhelp
@echo
@echo "Build finished; now you can run HTML Help Workshop with the" \
".hhp project file in $(BUILDDIR)/htmlhelp."
qthelp:
$(SPHINXBUILD) -b qthelp $(ALLSPHINXOPTS) $(BUILDDIR)/qthelp
@echo
@echo "Build finished; now you can run "qcollectiongenerator" with the" \
".qhcp project file in $(BUILDDIR)/qthelp, like this:"
@echo "# qcollectiongenerator $(BUILDDIR)/qthelp/snf-image.qhcp"
@echo "To view the help file:"
@echo "# assistant -collectionFile $(BUILDDIR)/qthelp/snf-image.qhc"
latex:
$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
@echo
@echo "Build finished; the LaTeX files are in $(BUILDDIR)/latex."
@echo "Run \`make all-pdf' or \`make all-ps' in that directory to" \
"run these through (pdf)latex."
changes:
$(SPHINXBUILD) -b changes $(ALLSPHINXOPTS) $(BUILDDIR)/changes
@echo
@echo "The overview file is in $(BUILDDIR)/changes."
linkcheck:
$(SPHINXBUILD) -b linkcheck $(ALLSPHINXOPTS) $(BUILDDIR)/linkcheck
@echo
@echo "Link check complete; look for any errors in the above output " \
"or in $(BUILDDIR)/linkcheck/output.txt."
doctest:
$(SPHINXBUILD) -b doctest $(ALLSPHINXOPTS) $(BUILDDIR)/doctest
@echo "Testing of doctests in the sources finished, look at the " \
"results in $(BUILDDIR)/doctest/output.txt."
Advanced Topics
===============
Progress Monitoring Interface
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
*snf-image* has an embedded mechanism for transmitting progress messages during
an image deployment. A user may specify an external executable by overwriting
the *PROGRESS_MONITOR* variable under ``/etc/default/snf-image`` and
*snf-image* will redirect the progress messages to the standard input of this
program. In this section we will describe the format and the fields of the
progress messages.
The progress messages are json strings with standardized fields. All messages
have a **type** field whose value is a string and a **timestamp** field whose
value is a floating point number referring to a time encoded as the number of
seconds elapsed since the epoch. The rest of the field depend on the specific
type.
image-info
++++++++++
This message type is used to display random progress information. It has an
extra *messages* field whose value is a list of strings. A valid ``image-info``
message looks like this:
``{"messages": ["Starting image copy..."], "type": "image-info", "timestamp": 1378914866.209169}``
image-error
+++++++++++
This message type is used to display a fatal error that occurred during image
deployment. It may either have an extra *messages* field to display the error
message or an *stderr* field to display the last lines of the standard error
output stream of the OS creation script. Valid ``image-error`` messages look
like this:
``{"messages": ["Image customization failed."], "type": "image-error", "timestamp": 1379507045.924449}``
image-copy-progress
+++++++++++++++++++
One of the tasks *snf-image* has to accomplish is to copy the image file into
the VM's hard disk before configuring it. Messages of type
``image-copy-progress`` are used to display the progress of this task. The extra
fields this message type has is *position*, *total* and *progress*. The
*position* field is used to display the number of bytes written to the hard
disk. The *total* field indicates the overall size (in bytes) of the image, and
finally the *progress* field indicates the percent of the accomplished work.
Messages of this type look like this:
``{"position": 335547996, "total": 474398720, "type": "image-copy-progress", "timestamp": 1378914869.312985, "progress": 70.73}``
image-helper
++++++++++++
This is a family of messages that are created when *snf-image-helper* runs.
Each message of this type has a *subtype* field.
task-start
----------
Messages with *subtype* ``task-start`` indicate that *snf-image-helper*
started running a :ref:`configuration task <image-configuration-tasks>` on the
image. Messages of this type have an extra *task* field whose value is the
name of the task *snf-image-helper* started, and look like this:
``{"subtype": "task-start", "task": "FixPartitionTable", "type": "image-helper", "timestamp": 1379507040.456931}``
task-stop
---------
Messages with *subtype* ``task-stop`` are produced every time a configuration
task successfully exits. As with the ``task-start`` messages, the *task* field
is present:
``{"subtype": "task-end", "task": "FixPartitionTable", "type": "image-helper", "timestamp": 1379507041.357184}``
warning
-------
This messages are produced to display a warning. The actual warning message
itself is present in the *messages* field:
``{"subtype": "warning", "type": "image-helper", "messages": [" No swap partition defined"], "timestamp": 1379075807.71704}``
error
-----
The last ``image-helper`` message that may occur is the ``error`` message. As
with the ``image-error`` messages, either a *messages* field that hosts the
actual error message or a *stderr* field that hosts the last 10 lines of the
standard error output stream of *snf-image-helper*. Valid *error* messages look
like this:
``{"subtype": "error", "type": "image-helper", "messages": ["The image contains a(n) msdos partition table. For FreeBSD images only GUID Partition Tables are supported."], "timestamp": 1379507910.799365}``
Architecture
============
snf-image is split in two components: The main program running on the Ganeti
host with full root privilege (*snf-image* previously *snf-image-host*) and a
part running inside an unprivileged helper VM (*snf-image-helper*).
snf-image
^^^^^^^^^
This part implements the Ganeti OS interface. It extracts the Image onto the
Ganeti-provided block device, using streaming block I/O (dd with oflag=direct),
then passes control to snf-image-helper running inside a helper VM. The helper
VM is created using KVM, runs as an unprivileged user, nobody by default.
There is no restriction on the distribution running inside the helper VM, as
long as it executes the snf-image-helper component automatically upon bootup.
The snf-image-update-helper script is provided with snf-image to automate the
creation of a helper VM image based on Debian Stable, using multistrap.
The snf-image-helper component is spawned inside a specific hardware
environment:
* The VM features a virtual floppy, containing an ext2 filesystem with all
parameters needed for image customization.
* The hard disk of the VM being deployed is accessible as the first virtio
hard disk.
* All kernel/console output is redirected to the first virtual serial console,
and eventually finds its way into the OS definition log files that Ganeti
maintains.
* The helper VM is expected to output "SUCCESS" to its second serial port if
image customization was successful inside the VM.
* In any other case, execution of the helper VM or snf-image-helper has
failed.
* The helper VM is expected to shutdown automatically once it is done. Its
execution is time-limited; if it has not terminated after a number of
seconds, configurable via /etc/default/snf-image, it is sent a SIGTERM
and/or a SIGKILL.
KVM is currently a dependency for snf-image, meaning it is needed to spawn the
helper VM. There is no restriction on the hypervisor used for the actual Ganeti
instances. This is not a strict requirement; KVM could be replaced by qemu,
doing full CPU virtualization without any kernel support for spawning the
helper VM.
snf-image-helper
^^^^^^^^^^^^^^^^
This part runs inside the helper VM and undertakes customization of the VM
being deployed using a number of hooks, or tasks. The tasks run in an
environment, specified by rules found in a virtual floppy, placed there by
*snf-image*. *snf-image-helper* uses runparts to run tasks found under
*/usr/lib/snf-image-helper/tasks* by default
Graphical Representation
^^^^^^^^^^^^^^^^^^^^^^^^
The architecture is presented below:
.. image:: /images/arch.png
.. _image-configuration-tasks:
Image Configuration Tasks
^^^^^^^^^^^^^^^^^^^^^^^^^
Configuration tasks are scripts called by snf-image-helper to accomplish
various configuration steps on the newly created instance. See below for a
description of each one of them:
**FixPartitionTable**: Enlarges the last partition in the partition table of
the instance, to consume all the available space and optionally adds a swap
partition in the end.
**FilesystemResizeUnmounted**: Extends the file system of the last partition to
cover up the whole partition. This only works for ext{2,3,4} file systems. Any
other file system type is ignored and a warning is triggered. The task will
fail if *SNF_IMAGE_DEV* environmental variable is missing.
**MountImage**: Mounts the nth partition of *SNF_IMAGE_DEV*, which is specified
by *SNF_IMAGE_PROPERTY_ROOT_PARTITION* variable under the directory specified
by *SNF_IMAGE_TARGET*. The script will fail if any of those 3 variables has a
non-sane value.
**AddSwap**: Formats the swap partion added by *FixPartitionTable* task and
adds an appropriate swap entry in the system's ``/etc/fstab``. The script will
only run if *SNF_IMAGE_PROPERTY_SWAP* is present and will fail if
*SNF_IMAGE_TARGET* in not defined.
**DeleteSSHKeys**: For linux images, this script will clear out any ssh keys
found in the image and for debian, it will recreate them too. In order to find
the ssh keys, the script looks in default locations (/etc/ssh/ssh_*_key) and
also parses ``/etc/ssh/sshd_config`` file if present. The script will fail if
*SNF_IMAGE_TARGET* is not set.
**DisableRemoteDesktopConnections**: This script temporary disables RDP
connections in windows instances by changing the value *fDenyTSConnection*
registry key. RDP connections will be enabled back during the specialize pass
of the Windows setup. The task will fail if *SNF_IMAGE_TARGET* is not defined.
**InstallUnattend**: Installs the Unattend.xml files in windows images. This is
needed by windows in order to perform an unattended setup. The
*SNF_IMAGE_TARGET* variables needs to be present for this task to run.
**SELinuxAutorelabel**: Creates *.autorelabel* file in RedHat images. This is
needed if SELinux is enabled to enforce an automatic file system relabeling at
the next boot. The only enviromental variable required by this task is
*SNF_IMAGE_TARGET*.
**AssignHostname**: Assigns or changes the hostname in a Linux or Windows
image. The task will fail if the Linux distribution is not supported. For now,
we support Debian, Redhat, Slackware, SUSE and Gentoo derived distros. The
hostname is read from *SNF_IMAGE_HOSTNAME* variable. In addition to the latter,
*SNF_IMAGE_TARGET* is also required.
**ChangePassword**: Changes the password for a list of users. For Linux systems
this is accomplished by directly altering the image's ``/etc/shadow`` file. For
Windows systems a script is injected into the VM's hard disk. This script will
be executed during the specialize pass of the Windows setup. The list of users
whose passwords will changed is determined by the *SNF_IMAGE_PROPERTY_USERS*
variable (see :ref:`image-properties`). For this task to run *SNF_IMAGE_TARGET*
and *SNF_IMAGE_PASSWORD* variables need to be present.
**FilesystemResizeMounted**: Injects a script into a Windows image file system
that will enlarge the last file system to cover up the whole partition. The
script will run during the specialize pass of the Windows setup. If the
*SNF_IMAGE_TARGET* variable is missing, the task will fail.
**EnforcePersonality**: Injects the files specified by the
*SNF_IMAGE_PROPERTY_OSFAMILY* variable into the file system. If the variable is
missing a warning is produced. The only environmental variable required is
*SNF_IMAGE_TARGET*.
**UmountImage**: Umounts the file system previously mounted by MountImage. The
only environmental variable required is *SNF_IMAGE_TARGET*.
+-------------------------------+---+--------------------------------------------+--------------------------------------------------+
| | | Dependencies | Enviromental Variables [#]_ |
+ Name | +------------------+-------------------------+-------------------------+------------------------+
| |Pr.| Run-After | Run-Before | Required | Optional |
+===============================+===+==================+=========================+=========================+========================+
|FixPartitionTable |10 | |FilesystemResizeUnmounted|DEV | |
+-------------------------------+---+------------------+-------------------------+-------------------------+------------------------+
|FilesystemResizeUnmounted |20 |FixPartitionTable |MountImage |DEV | |
+-------------------------------+---+------------------+-------------------------+-------------------------+------------------------+
|MountImage |30 | |UmountImage |DEV | |
| | | | |TARGET | |
| | | | |PROPERTY_ROOT_PARTITION | |
+-------------------------------+---+------------------+-------------------------+-------------------------+------------------------+
|AddSwap |40 |MountImage |EnforcePersonality |TARGET |PROPERTY_OSFAMILY |
| | | | | |PROPERTY_SWAP |
+-------------------------------+---+------------------+-------------------------+-------------------------+------------------------+
|DeleteSSHKeys |40 |MountImage |EnforcePersonality |TARGET |PROPERTY_OSFAMILY |
+-------------------------------+---+------------------+-------------------------+-------------------------+------------------------+
|DisableRemoteDesktopConnections|40 |EnforcePersonality|UmountImage |TARGET |PROPERTY_OSFAMILY |
+-------------------------------+---+------------------+-------------------------+-------------------------+------------------------+
|InstallUnattend |40 |MountImage |EnforcePersonality |TARGET |PROPERTY_OSFAMILY |
+-------------------------------+---+------------------+-------------------------+-------------------------+------------------------+
|SELinuxAutorelabel |40 |MountImage |EnforcePersonality |TARGET |PROPERTY_OSFAMILY |
+-------------------------------+---+------------------+-------------------------+-------------------------+------------------------+
|AssignHostname |50 |InstallUnattend |EnforcePersonality |TARGET | |
| | | | |HOSTNAME |PROPERTY_OSFAMILY |
+-------------------------------+---+------------------+-------------------------+-------------------------+------------------------+
|ChangePassword |50 |InstallUnattend |EnforcePersonality |TARGET |PROPERTY_USERS |
| | | | |PASSWORD |PROPERTY_OSFAMILY |
+-------------------------------+---+------------------+-------------------------+-------------------------+------------------------+
|FilesystemResizeMounted |50 |InstallUnattend |EnforcePersonality |TARGET |PROPERTY_OSFAMILY |
+-------------------------------+---+------------------+-------------------------+-------------------------+------------------------+
|EnforcePersonality |60 |MountImage |UmountImage |TARGET |PERSONALITY |
| | | | | |PROPERTY_OSFAMILY |
+-------------------------------+---+------------------+-------------------------+-------------------------+------------------------+
|UmountImage |80 |MountImage | |TARGET | |
+-------------------------------+---+------------------+-------------------------+-------------------------+------------------------+
.. [#] all environmental variables are prefixed with *SNF_IMAGE_*
# -*- coding: utf-8 -*-
#
# snf-image documentation build configuration file, created by
# sphinx-quickstart on Fri Sep 13 16:50:13 2013.
#
# This file is execfile()d with the current directory set to its containing dir.
#
# Note that not all possible configuration values are present in this
# autogenerated file.
#
# All configuration values have a default; values that are commented out
# serve to show the default.
import sys, os
# If extensions (or modules to document with autodoc) are in another directory,
# add these directories to sys.path here. If the directory is relative to the
# documentation root, use os.path.abspath to make it absolute, like shown here.
#sys.path.append(os.path.abspath('.'))
# -- General configuration -----------------------------------------------------
# Add any Sphinx extension module names here, as strings. They can be extensions
# coming with Sphinx (named 'sphinx.ext.*') or your custom ones.
extensions = []
# Add any paths that contain templates here, relative to this directory.
templates_path = ['_templates']
# The suffix of source filenames.
source_suffix = '.rst'
# The encoding of source files.
#source_encoding = 'utf-8'
# The master toctree document.
master_doc = 'index'
# General information about the project.
project = u'snf-image'
copyright = u'2011, 2012, 2013 GRNET S.A. All rights reserved'
# The version info for the project you're documenting, acts as replacement for
# |version| and |release|, also used in various other places throughout the
# built documents.
#
# The short X.Y version.
version = '0.10'
# The full version, including alpha/beta/rc tags.
release = '0.10'
# The language for content autogenerated by Sphinx. Refer to documentation
# for a list of supported languages.
#language = None
# There are two options for replacing |today|: either, you set today to some
# non-false value, then it is used:
#today = ''
# Else, today_fmt is used as the format for a strftime call.
#today_fmt = '%B %d, %Y'
# List of documents that shouldn't be included in the build.
#unused_docs = []
# List of directories, relative to source directory, that shouldn't be searched
# for source files.
exclude_trees = ['_build']
# The reST default role (used for this markup: `text`) to use for all documents.
#default_role = None
# If true, '()' will be appended to :func: etc. cross-reference text.
#add_function_parentheses = True
# If true, the current module name will be prepended to all description
# unit titles (such as .. function::).
#add_module_names = True
# If true, sectionauthor and moduleauthor directives will be shown in the
# output. They are ignored by default.
#show_authors = False
# The name of the Pygments (syntax highlighting) style to use.
pygments_style = 'sphinx'
# A list of ignored prefixes for module index sorting.
#modindex_common_prefix = []
# -- Options for HTML output ---------------------------------------------------
# The theme to use for HTML and HTML Help pages. Major themes that come with
# Sphinx are currently 'default' and 'sphinxdoc'.
html_theme = 'default'
# Theme options are theme-specific and customize the look and feel of a theme
# further. For a list of options available for each theme, see the
# documentation.
html_theme_options = {
'collapsiblesidebar': 'true',
'footerbgcolor': '#55b577',
'footertextcolor': '#000000',
'sidebarbgcolor': '#ffffff',
'sidebarbtncolor': '#f2f2f2',
'sidebartextcolor': '#000000',
'sidebarlinkcolor': '#328e4a',
'relbarbgcolor': '#55b577',
'relbartextcolor': '#ffffff',
'relbarlinkcolor': '#ffffff',
'bgcolor': '#ffffff',
'textcolor': '#000000',
'headbgcolor': '#ffffff',
'headtextcolor': '#000000',
'headlinkcolor': '#c60f0f',
'linkcolor': '#328e4a',
'visitedlinkcolor': '#63409b',
'codebgcolor': '#eeffcc',
'codetextcolor': '#333333'
}
# Add any paths that contain custom themes here, relative to this directory.
#html_theme_path = []
# The name for this set of Sphinx documents. If None, it defaults to
# "<project> v<release> documentation".
#html_title = None
# A shorter title for the navigation bar. Default is the same as html_title.
#html_short_title = None
# The name of an image file (relative to this directory) to place at the top
# of the sidebar.
#html_logo = None
# The name of an image file (within the static path) to use as favicon of the
# docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32
# pixels large.
#html_favicon = None
# Add any paths that contain custom static files (such as style sheets) here,
# relative to this directory. They are copied after the builtin static files,
# so a file named "default.css" will overwrite the builtin "default.css".
html_static_path = ['_static']
# If not '', a 'Last updated on:' timestamp is inserted at every page bottom,
# using the given strftime format.
#html_last_updated_fmt = '%b %d, %Y'
# If true, SmartyPants will be used to convert quotes and dashes to
# typographically correct entities.
#html_use_smartypants = True
# Custom sidebar templates, maps document names to template names.
#html_sidebars = {}
# Additional templates that should be rendered to pages, maps page names to
# template names.
#html_additional_pages = {}
# If false, no module index is generated.
#html_use_modindex = True
# If false, no index is generated.
#html_use_index = True
# If true, the index is split into individual pages for each letter.
#html_split_index = False
# If true, links to the reST sources are added to the pages.
#html_show_sourcelink = True
# If true, an OpenSearch description file will be output, and all pages will
# contain a <link> tag referring to it. The value of this option must be the
# base URL from which the finished HTML is served.
#html_use_opensearch = ''
# If nonempty, this is the file name suffix for HTML files (e.g. ".xhtml").
#html_file_suffix = ''
# Output file base name for HTML help builder.
htmlhelp_basename = 'snf-imagedoc'
# -- Options for LaTeX output --------------------------------------------------
# The paper size ('letter' or 'a4').
#latex_paper_size = 'letter'
# The font size ('10pt', '11pt' or '12pt').
#latex_font_size = '10pt'
# Grouping the document tree into LaTeX files. List of tuples
# (source start file, target name, title, author, documentclass [howto/manual]).
latex_documents = [
('index', 'snf-image.tex', u'snf-image Documentation',
u'Synnefo development team', 'manual'),
]
# The name of an image file (relative to this directory) to place at the top of
# the title page.
#latex_logo = None
# For "manual" documents, if this is true, then toplevel headings are parts,
# not chapters.
#latex_use_parts = False
# Additional stuff for the LaTeX preamble.
#latex_preamble = ''
# Documents to append as an appendix to all manuals.
#latex_appendices = []
# If false, no module index is generated.
#latex_use_modindex = True
.. snf-image documentation master file, created by
sphinx-quickstart on Fri Sep 13 16:50:13 2013.
You can adapt this file completely to your liking, but it should at least
contain the root `toctree` directive.
Welcome to snf-image's documentation!
=====================================
.. image:: /images/logo.png
snf-image is a `Ganeti <http://code.google.com/p/ganeti/>`_ OS definition,
primary used by `Synnefo <http://www.synnefo.org/>`_. It is rewritten from
scratch and allows Ganeti to launch instances from predefined or untrusted
custom Images. The whole process of deploying an Image onto the block device,
as provided by Ganeti, is done in complete isolation from the physical host,
enhancing robustness and security.
snf-image supports `KVM <http://www.linux-kvm.org/page/Main_Page>`_ and
`Xen <http://www.xenproject.org/>`_ based ganeti clusters.
There are also additional hooks that can be enabled at image deployment. They
allow for:
* changing the password of root or arbitrary users
* injecting files at arbitrary locations inside the filesystem, e.g., SSH keys
* setting a custom hostname
* re-creating SSH host keys to ensure the image uses unique keys
snf-image has been used successfully to deploy many major Linux distributions
(Debian, Ubuntu/Kubuntu, CentOS, Fedora, OpenSUSE), Windows 2008 R2 & Windows
Server 2012, as well as FreeBSD 9.1
The snf-image Ganeti OS Definition is released under
`GPLv2 <http://www.gnu.org/licenses/gpl-2.0.html>`_.
Contents:
^^^^^^^^^
.. toctree::
:maxdepth: 2
architecture
installation
usage
advanced
Indices and tables
==================
* :ref:`genindex`
* :ref:`modindex`
* :ref:`search`
Installation
============
Before installing snf-image be sure to have a working Ganeti installation in
your cluster. The installation process should take place in **all** ganeti
nodes. Here we will describe the installation in a single node. The process is
identical for all nodes and should be repeated manually or automatically, e.g.,