starlingx/metal
Code Issues Proposed changes
metal/installer/initrd/README
Don Penney 8267e3ce99 Add ntpd to installer, sync time from active controller during install 
To avoid potential issues due to large time jumps when NTP first syncs
the system time at runtime, this update adds ntpd to the installer
rootfs and adds a pre-script to the kickstarts to sync the time from
the active controller before starting to install the software. This
also ensures that any filesystem timestamps will be accurate right
from the node installation.

Change-Id: I166c52430cec6ba64e5a33ebde64ee65639d623c
Signed-off-by: Don Penney <don.penney@windriver.com>
2018-06-27 15:48:41 -04:00

258 lines
11 KiB
Plaintext
Raw Blame History

There are three prebuilt files that we can update when we need to make changes
to the installer:
- vmlinuz - The kernel
- initrd.img - Initial initrd loaded when the installer boots. Has kernel
modules, etc, and loads the squashfs.img
- squashfs.img - Provides the rootfs for the installer, which includes
components like anaconda
The original stock CentOS files are found:
/import/mirrors/CentOS/7.4.1708/os/x86_64/isolinux/initrd.img
/import/mirrors/CentOS/7.4.1708/os/x86_64/LiveOS/squashfs.img
# NOTE: before updating these files, assure that you've had a successful build
for the necessary files used in "kernel-rpms" and "rootfs-rpms".
# here are build procedures:
# kernel, kernel modules will be generated by this step
build-pkgs
# anaconda-*.tis.*.rpm rpm-*.tis*.rpm will be generated by this step
build-srpms --installer && build-rpms --installer
# systemd-*.tis.*.rpm and bind-utils-9.9.4-61.el7.x86_64.rpm, ima-evm-utils-1.0-1.el7.x86_64.rpm
# will be available after this step done
build-iso
===========
vmlinuz:
We're using the runtime kernel for this, so when we update the installer, we
just grab the kernel from build server or your own build environment.
Note -- The kernel to be used should be signed. The Jenkins builds will
produce signed kernels, but if you are concerned about the signature (for
example, if you are concerned that a developer kernel is being used or if
the signing server is behaving odd) then you can verify the integrity of
the kernel by going onto yow-cgts3-lx and using the command:
sbverify --cert [CERT] vmlinuz
The certificate specfied as the argument can be found in
$MY_REPO/addons/wr-cgcs/layers/cgcs/recipes-extended/shim-unsigned/files/tis-shim.crt
===========
initrd.img:
When we update the kernel and kernel modules for the installer, we need to
update the initrd.img. This is a manual procedure currently, and must be done
as **root**.
# First, extract the initrd.img:
ORIG_INITRD=$PWD/initrd.img
mkdir initrd.work
cd initrd.work
xzcat $ORIG_INITRD | cpio -i
# Make the necessary changes, and rebuild the initrd
# We want to include our kernel and required modules in the initrd. Copy their RPMs from
# the Jenkins build or local build folders (~/export/dist/isolinux/Packages/ and ~/std/rpmbuild/RPMS/)
# to ../kernel-rpms, to be extracted with rpm2cpio:
# kernel
# kmod-i40e
# kmod-ixgbe
# kmod-e1000e
# kmod-tpm
# mlnx-ofa_kernel-modules
#
# Also adding in dmidecode for debug purposes
# Delete the old kernel files:
rm -rf boot/ etc/modules-load.d/ etc/ld.so.conf.d/kernel-3.10.0-693.2.2.el7.tis.29.x86_64.conf lib/modules/3.10.0-693.2.2.el7.tis.29.x86_64/
# Extract the RPMs from the build system
# FYI, here are RPMs in "kernel-rpms":
# ls kernel-rpms/
kernel-3.10.0-693.2.2.el7.33.tis.x86_64.rpm kmod-i40e-rt-2.4.3-0.tis.6.x86_64.rpm mlnx-ofa_kernel-4.3-OFED.4.3.1.0.1.1.g8509e41.tis.1.x86_64.rpm
kernel-rt-3.10.0-693.2.2.rt56.623.el7.tis.39.x86_64.rpm kmod-ixgbe-5.2.3-0.tis.2.x86_64.rpm mlnx-ofa_kernel-devel-4.3-OFED.4.3.1.0.1.1.g8509e41.tis.1.x86_64.rpm
kmod-e1000e-3.3.6-0.tis.1.x86_64.rpm kmod-ixgbe-rt-5.2.3-0.tis.2.x86_64.rpm mlnx-ofa_kernel-modules-4.3-OFED.4.3.1.0.1.1.g8509e41.tis.1.x86_64.rpm
kmod-e1000e-rt-3.3.6-0.tis.1.x86_64.rpm kmod-tpm-4.12-0.tis.5.x86_64.rpm
kmod-i40e-2.4.3-0.tis.6.x86_64.rpm kmod-tpm-rt-4.12-0.tis.5.x86_64.rpm
for f in ../kernel-rpms/*.rpm ; do rpm2cpio $f | cpio -idu; done
# In a chroot, run depmods. The command is available from the kmod-i40e for syntax/args:
# [root@yow-cgts4-lx initrd.work]# rpm -qp --scripts ../kernel-rpms/kmod-i40e-* |grep depmod
# /usr/sbin/depmod -aeF "/boot/System.map-3.10.0-327.36.2.el7.9.tis.x86_64" "3.10.0-327.36.2.el7.9.tis.x86_64" > /dev/null || :
# /usr/sbin/depmod -aeF "/boot/System.map-3.10.0-327.36.2.el7.9.tis.x86_64" "3.10.0-327.36.2.el7.9.tis.x86_64" > /dev/null || :
chroot .
# <actual-kernel-version> need be replaced, for example, 3.10.0-693.2.2.el7.33.tis.x86_64
/usr/sbin/depmod -aeF "/boot/System.map-<actual-kernel-version>" "<actual-kernel-version>"
exit
# Remove the bisodevname package from initrd and squashfs
rm -f ./usr/lib/udev/rules.d/71-biosdevname.rules ./usr/sbin/biosdevname
# Rebuild the initrd
find . \
| cpio -o -H newc \
| xz --check=crc32 --x86 --lzma2=dict=512KiB \
> ../new-initrd.img
===========
squashfs.img:
If we want to make changes to the rootfs of the installer (ie. update anaconda),
we need to update the squashfs.img file. This file can be mounted, and contains
a rootfs image: LiveOS/rootfs.img
# Build the TIS-modified installer RPMs first (see anaconda jiggery-pokery at end of this file):
build-srpms --installer && build-rpms --installer
# We also need TIS-built systemd for NVME support, so copy the following from Jenkins build:
systemd-219-42.el7_4.1.tis.10.x86_64.rpm
systemd-libs-219-42.el7_4.1.tis.10.x86_64.rpm
systemd-sysv-219-42.el7_4.1.tis.10.x86_64.rpm
# We need to update the following RPMs in the rootfs
ima-evm-utils-1.0-1.el7.x86_64.rpm
rpm-4.14.0-1.tis.1.x86_64.rpm
rpm-build-4.14.0-1.tis.1.x86_64.rpm
rpm-build-libs-4.14.0-1.tis.1.x86_64.rpm
rpm-libs-4.14.0-1.tis.1.x86_64.rpm
rpm-plugin-systemd-inhibit-4.14.0-1.tis.1.x86_64.rpm
rpm-python-4.14.0-1.tis.1.x86_64.rpm
# We also now need bind-utils in the squashfs, due to the anaconda-preexec we've added.
bind-utils-9.9.4-51.el7.x86_64.rpm
# Add ntpd to the rootfs
ntp-4.2.6p5-25.el7.centos.2.tis.3.x86_64.rpm
# Mount the squashfs.img and copy the rootfs out:
ORIG_SQUASHFS=$PWD/squashfs.img
mkdir squashfs.mnt
mount -o loop -t squashfs $ORIG_SQUASHFS squashfs.mnt
mkdir LiveOS
cp squashfs.mnt/LiveOS/rootfs.img LiveOS/
umount squashfs.mnt
# Now mount the rootfs.img file:
mkdir squashfs.work
mount -o loop LiveOS/rootfs.img squashfs.work
cd squashfs.work
# You can now make changes as needed, and they're reflected in the rootfs.img
# For anaconda, ignore these RPMs that are built:
# anaconda-debuginfo
# anaconda-dracut
# anaconda-widgets-devel
# anaconda-gui
#
# FYI, here are RPMs from "rootfs-rpms":
ls rootfs-rpms/
anaconda-21.48.22.121-1.el7.centos.tis.5.x86_64.rpm rpm-4.14.0-1.tis.1.x86_64.rpm
anaconda-core-21.48.22.121-1.el7.centos.tis.5.x86_64.rpm rpm-build-4.14.0-1.tis.1.x86_64.rpm
anaconda-debuginfo-21.48.22.121-1.el7.centos.tis.5.x86_64.rpm rpm-build-libs-4.14.0-1.tis.1.x86_64.rpm
anaconda-dracut-21.48.22.121-1.el7.centos.tis.5.x86_64.rpm rpm-libs-4.14.0-1.tis.1.x86_64.rpm
anaconda-gui-21.48.22.121-1.el7.centos.tis.5.x86_64.rpm rpm-plugin-systemd-inhibit-4.14.0-1.tis.1.x86_64.rpm
anaconda-tui-21.48.22.121-1.el7.centos.tis.5.x86_64.rpm rpm-python-4.14.0-1.tis.1.x86_64.rpm
anaconda-widgets-21.48.22.121-1.el7.centos.tis.5.x86_64.rpm systemd-219-42.el7_4.1.tis.10.x86_64.rpm
anaconda-widgets-devel-21.48.22.121-1.el7.centos.tis.5.x86_64.rpm systemd-libs-219-42.el7_4.1.tis.10.x86_64.rpm
bind-utils-9.9.4-61.el7.x86_64.rpm systemd-sysv-219-42.el7_4.1.tis.10.x86_64.rpm
ima-evm-utils-1.0-1.el7.x86_64.rpm
# IMPORTANT Note: when copying “systemd-219-42.el7_4.1.tis.10.x86_64.rpm” from build target folders to “rootfs-rpms”,
# we need to get it from “../export/dist/isolinux/Packages/systemd-219-42.el7_4.1.tis.10.x86_64.rpm”, instead of other
# folders (for example, ../std/rpmbuild/RPMS/systemd-219-42.el7_4.1.tis.10.x86_64.rpm), they are actually having
# different sizes and delta in contents.
# Extract the rest into the squashfs
rm -rf usr/lib64/python2.7/site-packages/pyanaconda/
rm -rf usr/lib64/python2.7/site-packages/rpm/
# get files from RPMs and copy them into corresponding folders
for f in ../rootfs-rpms/*.rpm ; do rpm2cpio $f | cpio -idu; done
#find old .pyo files and delete them
find usr/lib64/python2.7/site-packages/pyanaconda/ usr/lib64/python2.7/site-packages/rpm/ -name *.pyo | xargs rm
rm -rf usr/lib/.build-id
# IMPORTANT Note, please do NOT forget the following step:
# MUST HAVE!!! Update the kernel and related kernel modules, same as what was done for "initrd.img" updating
for f in ../kernel-rpms/*.rpm ; do rpm2cpio $f | cpio -idu; done
# Remove the bisodevname package from initrd and squashfs
rm -f ./usr/lib/udev/rules.d/71-biosdevname.rules ./usr/sbin/biosdevname
cd ..
umount squashfs.work
# Build/rebuild a new squashfs.img (output file is test.squashfs.img in this
# example)
# Note: You may need to install "squashfs-tools" in advance
#remove the old version named test.squashfs.img
rm -f test.squashfs.img
#make the new squashfs image named "test.squashfs.img" or another name
mksquashfs LiveOS test.squashfs.img -keep-as-directory -comp xz -b 1M
===========
To test with design build, update the following files with paths to your test
files and filenames:
recipes-installer/pxe-network-installer/centos/build_srpm.data
recipes-installer/pxe-network-installer/centos/pxe-network-installer.spec
===========
Delivering changes:
Copy the updated vmlinuz (from kernel rpm), initrd.img, and squashfs.img files,
with appropriate version suffixes, to mirror folder where you placethese files.
Update the pxe-network-installer files to point to the new versions.
===========
NOTE: The following jiggery-pokery is no longer required after recent mirror updates.
I'm keeping the text here, though, for future reference. Just in case.
Jiggery-pokery required to build anaconda after rebase to 7.3:
The anaconda build reports a dependency error:
12:45:41 Error: Package: libgudev1-219-19.el7_2.13.x86_64 (TisCentos7Distro)
12:45:41 Requires: systemd-libs = 219-19.el7_2.13
12:45:41 Installed: systemd-libs-219-30.el7_3.6.x86_64 (@TisCentos7Distro)
12:45:41 systemd-libs = 219-30.el7_3.6
12:45:41 Available: systemd-libs-219-19.el7_2.13.x86_64 (TisCentos7Distro)
12:45:41 systemd-libs = 219-19.el7_2.13
12:45:41 You could try using --skip-broken to work around the problem
12:45:41 You could try running: rpm -Va --nofiles --nodigest
Our build system is setup to install the highest versions of packages, but there's a dependency
that has a version-specific dependency to an older version of the RPM, so it requires a little
massaging to get the anaconda RPM to build.
Step 1: Add a symlink into the cgcs-centos-repo dir:
ln -s /import/mirrors/CentOS/tis-r4-CentOS/mitaka/Binary/x86_64/systemd-libs-219-19.el7_2.13.x86_64.rpm \
$MY_REPO/cgcs-centos-repo/Binary/x86_64/
Step 2: Try to build, so the repodata is updated (this will still fail)
build-srpms --installer && build-rpms --installer
Step 3: Short-circuit the update_cgcs_repo function in build-rpms to avoid repodata update and mock env clearout
Step 4: Manually install RPM in mock env
mock -r installer/${MY_BUILD_ENVIRONMENT}-installer.cfg --copyin systemd-libs-219-19.el7_2.13.x86_64.rpm systemd-libs-219-19.el7_2.13.x86_64.rpm
mock -r installer/${MY_BUILD_ENVIRONMENT}-installer.cfg --shell
rpm -i --force systemd-libs-219-19.el7_2.13.x86_64.rpm
Step 5: Build with success!
build-srpms --installer && build-rpms --installer
View Git Blame Copy Permalink