This document contains basic trouble shooting information for IPA.
In order to access a running IPA instance a user must be added or enabled on the image. Below we will cover several ways to do this.
To enable the core
user on pre-built or CoreOS images a ssh public key
will need to added. To do this you will need to:
sshkey="ssh-rsa AAAA..."
to pxe_append_params setting in ironic.conf
fileservice ironic-conductor restart
ssh core@<ip-address-of-node>
SSH access can be added to DIB built IPA images with the dynamic-login [0] or the devuser element [1]
The dynamic-login element allows the operator to inject a SSH key when the image boots. Kernel command line parameters are used to do this.
dynamic-login element example:
sshkey="ssh-rsa BBA1..."
to pxe_append_params setting in
the ironic.conf
fileservice ironic-conductor restart
devuser element example:
export DIB_DEV_USER_USERNAME=username
export DIB_DEV_USER_PWDLESS_SUDO=yes
export DIB_DEV_USER_AUTHORIZED_KEYS=$HOME/.ssh/id_rsa.pub
disk-image-create -o /path/to/custom-ipa debian ironic-agent devuser
If you want to enable SSH access to the image,
set ENABLE_SSH
variable in your shell to true
before building
the tinyipa image:
export ENABLE_SSH=true
By default it will use default public RSA (or, if not available, DSA)
key of the user running the build (~/.ssh/id_{rsa,dsa}.pub
).
To provide other public SSH key, export full path to it in your shell before building tinyipa as follows:
export SSH_PUBLIC_KEY=/path/to/other/ssh/public/key
The user to use for access is default Tiny Core Linux user tc
.
This user has no password and has password-less sudo
permissions.
Installed SSH server is configured to disable Password authentication.
If you need to use console access, passwords must be enabled there are a couple ways to enable this depending on how the IPA image was created:
CoreOS has support for auto login on the console [4]. This can be enabled by:
coreos.autologin
to pxe_append_params setting
in the ironic.conf
file. See [4] for more information on using
autologin.If you do not wish to enable auto login users can be added to CoreOS by editing the cloud-config.yml file and adding the following [2]:
users:
- name: username
passwd: $6$5s2u6/jR$un0AvWnqilcgaNB3Mkxd5... <example password hash>
groups:
- sudo
If using a pre-built image the cloud-config.yml must first be extracted:
mkdir tmp_folder
cd tmp_folder
zcat ../coreos_production_pxe_image-oem-stable-mitaka.cpio | cpio --extract --make-directories
To create a password hash the mkpasswd command can be used:
mkpasswd --method=SHA-512 --rounds=4096
After adding the user block with your favorite editor recompress the image:
find . | cpio --create --format='newc' |gzip -c -9 > ../coreos_production_pxe_image-oem-stable-mitaka.cpio.NEW.gz
An alternative to editing the embedded cloud-config.yml [4] file is to pass a new one on the kernel command line by:
cloud-config-url=http://example.com/cloud-config.yml
to pxe_append_params setting in the ironic.conf
fileUsers wishing to use password access can be add the dynamic-login [0] or the devuser element [1]
The dynamic-login element allows the operator to change the root password dynamically when the image boots. Kernel command line parameters are used to do this.
dynamic-login element example:
Generate a ENCRYPTED_PASSWORD with the openssl passwd -1 command
Add rootpwd="$ENCRYPTED_PASSWORD" value on the pxe_append_params setting in /etc/ironic/ironic.conf
Restart the ironic-conductor with the command service ironic-conductor restart
Users can also be added to DIB built IPA images with the devuser element [1]
Example:
export DIB_DEV_USER_USERNAME=username
export DIB_DEV_USER_PWDLESS_SUDO=yes
export DIB_DEV_USER_PASSWORD=PASSWORD
disk-image-create -o /path/to/custom-ipa debian ironic-agent devuser
The image built with scripts provided in imagebuild/tinyipa
folder
of Ironic Python Agent repository by default auto-logins the default
Tiny Core Linux user tc
to the console.
This user has no password and has password-less sudo
permissions.
Debug logging can be enabled a several different ways. The easiest way is to
add ipa-debug=1
to the kernel command line. To do this:
ipa-debug=1
to the pxe_append_params setting in the
ironic.conf
fileservice ironic-conductor restart
Another method is to edit the cloud-config.yml file. IPA’s instructions on building a custom image can be found at [3].
This essentially boils down to the following steps:
git clone https://git.openstack.org/openstack/ironic-python-agent
cd ironic-python-agent
pip install -r ./requirements.txt
cd imagebuild/coreos
oem/cloud-config.yml
and add --debug
to the end of the
ExecStart setting for the ironic-python-agent.service unit.make
to complete the build process.If the system is running and uses systemd then editing the services file will be required.
systemctl edit ironic-python-agent.service
--debug
to end of the ExecStart commandRetrieving the IPA logs will differ depending on which base image was used.
Operating system that do not use systemd
(ie Ubuntu 14.04)
Operating system that do use systemd
(ie Fedora 22, CoreOS)
sudo journalctl -u ironic-python-agent
Note
sudo is not required with the CoreOS images.
In some cases it is helpful to enable debug mode on a running node. If the system does not use systemd then IPA can be restarted directly:
sudo /usr/local/bin/ironic-python-agent [--debug]
If the system uses systemd then systemctl can be used to restart the service:
sudo systemctl restart ironic-python-agent.service
[0] | (1, 2) Dynamic-login DIB element: https://github.com/openstack/diskimage-builder/tree/master/diskimage_builder/elements/dynamic-login |
[1] | (1, 2, 3) DevUser DIB element: https://github.com/openstack/diskimage-builder/tree/master/diskimage_builder/elements/devuser |
[2] | Add User to CoreOS: https://coreos.com/os/docs/latest/adding-users.html |
[3] | IPA image build reference: https://github.com/openstack/ironic-python-agent/tree/master/imagebuild/coreos/README.rst |
[4] | (1, 2, 3) Booting CoreOS via PXE: https://coreos.com/os/docs/latest/booting-with-pxe.html |
[5] | Install docker engine: https://docs.docker.com/engine/installation/ |
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.