Troubleshooting Ironic-Python-Agent (IPA)¶

CoreOS¶

To enable the core user on pre-built or CoreOS images a ssh public key will need to added. To do this you will need to:

• Add sshkey="ssh-rsa AAAA..." to pxe_append_params setting in ironic.conf file
• Restart the ironic-conductor with the command service ironic-conductor restart
• ssh core@<ip-address-of-node>

diskimage-builder (DIB)¶

SSH access can be added to DIB built IPA images with the dynamic-login [0] or the devuser element [1]

The dynamic-login element allows the operator to inject a SSH key when the image boots. Kernel command line parameters are used to do this.

dynamic-login element example:

• Add sshkey="ssh-rsa BBA1..." to pxe_append_params setting in the ironic.conf file
• Restart the ironic-conductor with the command service ironic-conductor restart

devuser element example:

export DIB_DEV_USER_USERNAME=username
export DIB_DEV_USER_PWDLESS_SUDO=yes
export DIB_DEV_USER_AUTHORIZED_KEYS=$HOME/.ssh/id_rsa.pub
disk-image-create -o /path/to/custom-ipa debian ironic-agent devuser

tinyipa¶

If you want to enable SSH access to the image, set ENABLE_SSH variable in your shell to true before building the tinyipa image:

export ENABLE_SSH=true

By default it will use default public RSA (or, if not available, DSA) key of the user running the build (~/.ssh/id_{rsa,dsa}.pub).

To provide other public SSH key, export full path to it in your shell before building tinyipa as follows:

export SSH_PUBLIC_KEY=/path/to/other/ssh/public/key

The user to use for access is default Tiny Core Linux user tc. This user has no password and has password-less sudo permissions. Installed SSH server is configured to disable Password authentication.

CoreOS¶

CoreOS has support for auto login on the console [4]. This can be enabled by:

• Adding coreos.autologin to pxe_append_params setting in the ironic.conf file. See [4] for more information on using autologin.

If you do not wish to enable auto login users can be added to CoreOS by editing the cloud-config.yml file and adding the following [2]:

users:
  - name: username
    passwd: $6$5s2u6/jR$un0AvWnqilcgaNB3Mkxd5... <example password hash>
    groups:
      - sudo

If using a pre-built image the cloud-config.yml must first be extracted:

mkdir tmp_folder
cd tmp_folder
zcat ../coreos_production_pxe_image-oem-stable-mitaka.cpio | cpio --extract --make-directories

To create a password hash the mkpasswd command can be used:

mkpasswd --method=SHA-512 --rounds=4096

After adding the user block with your favorite editor recompress the image:

find . | cpio --create --format='newc' |gzip -c -9 > ../coreos_production_pxe_image-oem-stable-mitaka.cpio.NEW.gz

An alternative to editing the embedded cloud-config.yml [4] file is to pass a new one on the kernel command line by:

• adding cloud-config-url=http://example.com/cloud-config.yml to pxe_append_params setting in the ironic.conf file

diskimage-builder (DIB)¶

Users wishing to use password access can be add the dynamic-login [0] or the devuser element [1]

The dynamic-login element allows the operator to change the root password dynamically when the image boots. Kernel command line parameters are used to do this.

dynamic-login element example:

Generate a ENCRYPTED_PASSWORD with the openssl passwd -1 command
Add rootpwd="$ENCRYPTED_PASSWORD" value on the pxe_append_params setting in /etc/ironic/ironic.conf
Restart the ironic-conductor with the command service ironic-conductor restart

Users can also be added to DIB built IPA images with the devuser element [1]

Example:

export DIB_DEV_USER_USERNAME=username
export DIB_DEV_USER_PWDLESS_SUDO=yes
export DIB_DEV_USER_PASSWORD=PASSWORD
disk-image-create -o /path/to/custom-ipa debian ironic-agent devuser

tinyipa¶

The image built with scripts provided in imagebuild/tinyipa folder of Ironic Python Agent repository by default auto-logins the default Tiny Core Linux user tc to the console. This user has no password and has password-less sudo permissions.