From efbcae40b1fa1319eb4d72a5f7eb8a29c3e475b2 Mon Sep 17 00:00:00 2001 From: Andrew Bonney Date: Tue, 22 Oct 2024 14:23:28 +0100 Subject: [PATCH] Change references to aki/ari to raw format As noted in https://bugs.launchpad.net/ironic/+bug/2074090 the kernel and ramdisk images now need to be uploaded in raw format due to fixes for underlying CVEs. Change-Id: I2b74d9ab4d07a4d5b6045d353cf91db70c4e6cb1 --- defaults/main.yml | 8 ++++---- doc/source/configure-ironic.rst | 20 +++++++++---------- ...ramdisk-image-format-3edd5c7479ebd32a.yaml | 7 +++++++ 3 files changed, 21 insertions(+), 14 deletions(-) create mode 100644 releasenotes/notes/kernel-ramdisk-image-format-3edd5c7479ebd32a.yaml diff --git a/defaults/main.yml b/defaults/main.yml index 72b3345b..9eec3359 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -463,13 +463,13 @@ ironic_deploy_image_initramfs_name: "{{ ironic_deploy_image_base_name + '.initra ironic_deploy_image_list: - url: "{{ ironic_deploy_image_server ~ ironic_deploy_image_server_path ~ ironic_deploy_image_kernel_name }}" sha_url: "{{ ironic_deploy_image_server ~ ironic_deploy_image_server_path ~ ironic_deploy_image_kernel_name ~ '.sha256' }}" - container_format: 'aki' - disk_format: 'aki' + container_format: 'bare' + disk_format: 'raw' name: "{{ ironic_deploy_image_kernel_name }}" - url: "{{ ironic_deploy_image_server ~ ironic_deploy_image_server_path ~ ironic_deploy_image_initramfs_name }}" sha_url: "{{ ironic_deploy_image_server ~ ironic_deploy_image_server_path ~ ironic_deploy_image_initramfs_name ~ '.sha256' }}" - container_format: 'ari' - disk_format: 'ari' + container_format: 'bare' + disk_format: 'raw' name: "{{ ironic_deploy_image_initramfs_name }}" # allow user defined extra images to upload diff --git a/doc/source/configure-ironic.rst b/doc/source/configure-ironic.rst index b5f08cd1..6bfc2520 100644 --- a/doc/source/configure-ironic.rst +++ b/doc/source/configure-ironic.rst @@ -233,15 +233,15 @@ creating partition-based images. # Kernel image: openstack image create my-image.kernel \ --public \ - --disk-format aki \ - --container-format aki \ + --disk-format raw \ + --container-format bare \ --file my-image.vmlinuz # Ramdisk image openstack image create my-image.initrd \ --public \ - --disk-format ari \ - --container-format ari \ + --disk-format raw \ + --container-format bare \ --file my-image.initrd # User image @@ -412,10 +412,10 @@ following characteristics: .. code-block:: bash node_name=baremetal01 - node_mac="f0:92:1c:0c:1f:88" # MAC address of PXE interface (em1 as example) - deploy_aki=ironic-deploy-aki # Kernel image - deploy_ari=ironic-deploy-ari # Ramdisk image - resource=ironic-gold # Ironic resource class (matches flavor as CUSTOM_IRONIC_GOLD) + node_mac="f0:92:1c:0c:1f:88" # MAC address of PXE interface (em1 as example) + deploy_kernel=ironic-deploy-kernel # Kernel image + deploy_ramdisk=ironic-deploy-ramdisk # Ramdisk image + resource=ironic-gold # Ironic resource class (matches flavor as CUSTOM_IRONIC_GOLD) phys_arch=x86_64 phys_cpus=32 phys_ram=32768 @@ -439,8 +439,8 @@ following characteristics: --driver-info ipmi_username=$ipmi_username \ --driver-info ipmi_password=$ipmi_password \ --driver-info ipmi_address=$ipmi_address \ - --driver-info deploy_kernel=`openstack image show $deploy_aki -c id |awk '/id / {print $4}'` \ - --driver-info deploy_ramdisk=`openstack image show $deploy_ari -c id |awk '/id / {print $4}'` \ + --driver-info deploy_kernel=`openstack image show $deploy_kernel -c id |awk '/id / {print $4}'` \ + --driver-info deploy_ramdisk=`openstack image show $deploy_ramdisk -c id |awk '/id / {print $4}'` \ --property cpus=$phys_cpus \ --property memory_mb=$phys_ram \ --property local_gb=$phys_disk \ diff --git a/releasenotes/notes/kernel-ramdisk-image-format-3edd5c7479ebd32a.yaml b/releasenotes/notes/kernel-ramdisk-image-format-3edd5c7479ebd32a.yaml new file mode 100644 index 00000000..f526a50f --- /dev/null +++ b/releasenotes/notes/kernel-ramdisk-image-format-3edd5c7479ebd32a.yaml @@ -0,0 +1,7 @@ +--- +fixes: + - | + The format of kernel and ramdisk images for Ironic is now raw in order to + conform to upstream expectations. + + See https://bugs.launchpad.net/ironic/+bug/2074090