Build and set root pass for TripleO introspection and overcloud-full.qcow2 image

Build image

the main reason, why I do not like default images, as they use a lot of space, but do not contain some useful apps 😉 especially, when my primary task is to host internal clouds… So let’s build some image, which contains a slightly different packages and almost unchanged space 😀 What I have in TODO list, partition layout! To build such image, I use one file for both ironic and overcloud images.

cat ~/overcloud-images-centos8.yaml 
disk_images:
  -
    imagename: overcloud-full
    type: qcow2
    distro: centos
    release: 8
    elements:
      - baremetal
      - dhcp-all-interfaces
      - openvswitch
      - overcloud-agent
      - overcloud-base
      - overcloud-controller
      - overcloud-compute
      - overcloud-ceph-storage
      - puppet-modules
      - stable-interface-names
      - grub2
      - element-manifest
      - dynamic-login
      - iptables
      - enable-packages-install
      - override-pip-and-virtualenv
      - dracut-regenerate
      - remove-machine-id
      - remove-resolvconf
      - openssh
      - disable-nouveau
      - selinux-permissive
      - interface-names
    packages:
      - python3-psutil
      - python3-debtcollector
      - python3-dbus
      - device-mapper-multipath
      - openstack-heat-agents
      - os-net-config
      - jq
      - sos
      - lldpd.x86_64
      - nmap-ncat
      - sysstat
      - tcpdump
      - iptraf-ng
      - iperf3
    options:
      - "--min-tmpfs=7"
      - "--mkfs-options '-s size=4096'"
    environment:
      FS_TYPE: xfs
      DIB_PYTHON_VERSION: '3'
      DIB_MODPROBE_BLACKLIST: 'usb-storage cramfs freevxfs jffs2 hfs hfsplus squashfs udf vfat bluetooth'
      DIB_BOOTLOADER_DEFAULT_CMDLINE: 'nofb nomodeset vga=normal console=tty1 console=ttyS1,115200 crashkernel=no audit=1 nousb'
      DIB_BLOCK_DEVICE: 'mbr'
  -
    imagename: ironic-python-agent
    type: qcow2
    imageext: initramfs
    distro: centos
    release: 8
    elements:
      - ironic-agent-multipath
      - ironic-python-agent-ramdisk
      - selinux-permissive
      - interface-names
      - dynamic-login
      - element-manifest
      - network-gateway
      - enable-packages-install
      - override-pip-and-virtualenv
    packages:
      - python3-hardware-detect
      - lldpd.x86_64
      - nmap-ncat
      - tcpdump
      - iptraf-ng
      - iperf3
    options:
      - "--min-tmpfs=7"
    environment:
      DIB_PYTHON_VERSION: '3'
      DIB_BOOTLOADER_DEFAULT_CMDLINE: 'nofb console=tty1 console=ttyS1,115200 crashkernel=no'
      DIB_BLOCK_DEVICE: 'mbr'

mkdir images-$(date +%F);
cd images-$(date +%F) # I hope you do not execute it at midnight ;)
cp -ar /etc/yum.repos.d repos
# enable: repos/CentOS-HA.repo
sed -i "s/enabled=0/enabled=1/g" repos/CentOS-Linux-HighAvailability.repo
sed -i "s/gpgcheck=1/gpgcheck=0/g" repos/*repo
export DIB_YUM_REPO_CONF="$(ls $(pwd)/repos/*repo)"
export STABLE_RELEASE="ussuri"
openstack overcloud image build --config-file /home/stack/overcloud-images-centos8.yaml

Please keep in mind, that in the middle of C8 repo filenames were changed… and some package names… so if it fails, double check if all is good. Also I have enabled PowerTools (to help it find rubby, or some libs for rubby) and other openstack-ussuri-release repos… Ok, once everything is built, let’s change passwords…

Change password

ironic-python-agent.initramfs

mkdir a
cd a
sudo /usr/lib/dracut/skipcpio ../ironic-python-agent.initramfs | zcat | cpio -ivd | pax -r
sudo sed -i "s/^root:!!/root:$(openssl passwd -1 MYPA55)/" etc/shadow # if it gets error, exec second time, or just modify file accordingly if you understand what this command does.
# rpm2cpio ~/RPMs/python-proliantutils-2.1.7-1.el7ost.noarch.rpm | pax -r # if you need to install some homemade rpm
sudo find . 2>/dev/null | sudo cpio --quiet -c -o | gzip -8  > ../ironic-python-agent.initramfs
# sudo chown stack: ../ironic-python-agent.initramfs

Ok, now we are finished to change ironic inspection image password to MYPA55 < change that one to any you like. Now let’s move on to overcloud-full.qcow2

overcloud-full.qcow2

Ok, for this one, I have undercloud in a VM and build it in a VM on CentOS Linux 8, so it is not able with default options to mount qcow2 in VM… So I move my qcow2 to my hyper and surprise! C7 cannot mount C8 built image! So what to do? simple, here is a script:

#!/usr/bin/env bash

if [[ "$#" < "1" ]]; then
        echo "$0 /path/to/file.qcow2 [pass]" >&2
        exit
fi

if [[ -n "$2" ]]; then
        PASAS="$2"
else
        PASAS="MyPa55"
fi

export LIBGUESTFS_PATH=/home/stack/appliance/
export LIBGUESTFS_BACKEND=direct
virt-customize --selinux-relabel -a $1 --root-password password:${PASAS}

Em, yes, Default pass also MyPa55 😉 Replace it with smth nicer, like names human body parts, or your favourite Metallica song lyrics, or even some letter in the alphabet 😉 BUT I think your biggest question is: “WTF is that appliance”… HAHA, yeah, that interesting thing. generally, due to difference in C7 and C8, and the way it was built (libguestfish or how that beast is called…) it using different labs and appliance is a “fixed kernel” sort of “branded zones in SlowLarry’s” 😉 so let;s get it:

wget https://download.libguestfs.org/binaries/appliance/appliance-1.40.1.tar.xz
tar -axf appliance-1.40.1.tar.xz
mv appliance /home/stack/

Thank you for reading, here are external links, have a nice day 😉

External Links

• https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/16.1/html-single/director_installation_and_usage/index#using-the-overcloud-minimal-image-to-avoid-using-a-Red-Hat-subscription-entitlement
• https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/16.0/html-single/partner_integration/index#qcow_setting_the_root_password