Debian Tech Preview
Draft Debian preview document Additional placeholders for conditional content. Add k8s 1.23 only bullet to Limited Scope topic. rST rendering fixes. Address patchset 3 review comments. Additional operational impacts. Implement patchset 5 review comments. Reuse PXE config updates DS. Address patchset 8 review comments. Additional patching details. rST formatting fix. Complete Known Issues topic. Fix typo in placeholder name. Make references to Debian GA version generic. Fix merge conflict. Remove trailing space. Story: 2009965 Task: 45617 Signed-off-by: Ron Stone <ronald.stone@windriver.com> Change-Id: Iac67113dc7f56209637828a2b807cd65669ec583
This commit is contained in:
parent
32ca14806a
commit
df8d634fc8
21
doc/source/_includes/deb-tech-preview.rest
Normal file
21
doc/source/_includes/deb-tech-preview.rest
Normal file
@ -0,0 +1,21 @@
|
||||
.. begin-prod-an-1
|
||||
.. end-prod-an-1
|
||||
|
||||
.. begin-prod-an-2
|
||||
.. end-prod-an-2
|
||||
|
||||
.. begin-dec-and-imp
|
||||
.. end-dec-and-imp
|
||||
|
||||
.. begin-declarative
|
||||
.. end-declarative
|
||||
|
||||
.. begin-install-prereqs
|
||||
.. end-install-prereqs
|
||||
|
||||
.. begin-prep-servers
|
||||
.. end-prep-servers
|
||||
|
||||
.. begin-known-issues
|
||||
.. end-known-issues
|
||||
|
@ -102,3 +102,14 @@
|
||||
because target lable differs here/partner contexts.
|
||||
|
||||
.. |_link-inst-book| replace:: :ref:`Installation guide <index-install-e083ca818006>`
|
||||
|
||||
|
||||
.. Debian Tech Preview
|
||||
|
||||
.. |deb-prev-prods| replace:: |prod|
|
||||
.. |deb-510-kernel-release| replace:: release 6.0
|
||||
.. |deb-eval-release| replace:: release 7.0
|
||||
.. |deb-production-release| replace:: release 8.0
|
||||
.. |deb-install-step-change| replace:: \
|
||||
.. |deb-dup-std-na| replace:: Duplex, and standard configurations are not available.
|
||||
.. |deb-update-iso| replace:: \
|
||||
|
@ -1,8 +1,8 @@
|
||||
.. _index-debian-introduction-8eb59cf0a062:
|
||||
|
||||
===================
|
||||
Debian Introduction
|
||||
===================
|
||||
==============
|
||||
Debian Preview
|
||||
==============
|
||||
|
||||
--------------------
|
||||
StarlingX Kubernetes
|
||||
|
@ -0,0 +1,42 @@
|
||||
.. _debian-based-solution-75cd4fb6f023:
|
||||
|
||||
=====================
|
||||
Debian-based Solution
|
||||
=====================
|
||||
|
||||
Major features of Debian-based |prod| will include:
|
||||
|
||||
* Linux 5.10 Yocto-based kernel ( https://www.yoctoproject.org/ )
|
||||
|
||||
The Yocto Project Kernel:
|
||||
|
||||
* tracks stable kernel updates very closely; staying very current with the
|
||||
stable kernel,
|
||||
|
||||
* provides a reliable implementation of the pre-empt-rt patchset (see:
|
||||
https://rt.wiki.kernel.org/index.php/Main_Page), and
|
||||
|
||||
* provides predictable and searchable |CVE| handling.
|
||||
|
||||
|org| will also leverage its existing relationships with the Yocto Project to
|
||||
enhance development, bug fixes and other activities in the Yocto Project kernel
|
||||
to drive |prod| quality and feature content.
|
||||
|
||||
* Debian Bullseye (11.3)
|
||||
|
||||
Debian is a well-established Linux Distribution supported by a large and
|
||||
mature open-source community.
|
||||
|
||||
* OSTree ( https://ostree.readthedocs.io/en/stable/manual/introduction/ )
|
||||
|
||||
OSTree provides for robust and efficient versioning, packaging and
|
||||
upgrading of Linux-based systems.
|
||||
|
||||
* An updated Installer to seamlessly adapt to Debian and OSTree
|
||||
|
||||
* Updated software patching and upgrades for Debian and OSTree.
|
||||
|
||||
|
||||
.. include:: /_includes/deb-tech-preview.rest
|
||||
:start-after: begin-prod-an-2
|
||||
:end-before: end-prod-an-2
|
Binary file not shown.
After Width: | Height: | Size: 70 KiB |
@ -1,5 +1,16 @@
|
||||
|
||||
.. _index-debian-introduction-kub-c3fa5e92e8d6:
|
||||
|
||||
.. include:: /_includes/toc-title-debian-kub.rest
|
||||
|
||||
|
||||
.. toctree::
|
||||
:maxdepth: 2
|
||||
|
||||
overview-234a36ffe9fb
|
||||
debian-based-solution-75cd4fb6f023
|
||||
operational-impacts-9cf2e610b5b3
|
||||
technology-preview-reduced-scope-0008a139a4b9
|
||||
technology-preview-installation-fa6f71e9737d
|
||||
technology-preview-known-issues-899a77ad709c
|
||||
|
||||
|
@ -0,0 +1,133 @@
|
||||
.. _operational-impacts-9cf2e610b5b3:
|
||||
|
||||
===================
|
||||
Operational Impacts
|
||||
===================
|
||||
|
||||
The operational impact of Debian-based |prod| is small:
|
||||
|
||||
* Functional equivalence with CentOS-based |prod|
|
||||
|
||||
* Use of the |prod| CLIs and APIs will remain the same:
|
||||
|
||||
* |prod| on Debian will provide the same CLIs and APIs as |prod| on CentOS.
|
||||
|
||||
* |prod| on Debian will run the same 5.10 kernel version as |prod| on
|
||||
CentOS.
|
||||
|
||||
* |prod| on Debian will support the same set of Kubernetes APIs used in
|
||||
|prod| on CentOS.
|
||||
|
||||
* The procedure to install hosts will be unchanged by the migration from
|
||||
CentOS to Debian. Only the ``grub`` menu has been modified.
|
||||
|
||||
* The CLIs used for software updates (patching) will be unchanged by
|
||||
the migration from CentOS to Debian.
|
||||
|
||||
* User applications running in containers on CentOS should run on Debian
|
||||
without modification. Re-validation of containers on Debian is encouraged to
|
||||
identify any exceptions.
|
||||
|
||||
* A small subset of operating system-specific commands will differ. Some of
|
||||
these changes result from the switch in distributions while others are
|
||||
generic changes that have accumulated since the release of the CentOS
|
||||
distribution currently used. For example:
|
||||
|
||||
|
||||
* The Debian installation requires new pxeboot grub menus. See
|
||||
:ref:`Technology Preview Installation <deb-grub-deltas>`.
|
||||
|
||||
* Some prompt strings will be slightly different (for example: ssh login,
|
||||
passwd command, and others).
|
||||
|
||||
* Many 3rd-party software packages are running a newer version in Debian
|
||||
and this may lead to minor changes in syntax, output, config files, and
|
||||
logs.
|
||||
|
||||
* The URL to expose keystone service does not have the version appended.
|
||||
|
||||
* On Debian, interface and static routes need to be handled using system-API.
|
||||
|
||||
* Do not edit configuration files in ``/etc/network/`` as they are
|
||||
regenerated from sysinv database after a system reboot. Any changes
|
||||
directly done there will be lost.
|
||||
|
||||
* The static routes configuration file is ``/etc/network/routes``
|
||||
|
||||
* Interface configuration files are located in
|
||||
``/etc/network/interfaces.d/``
|
||||
|
||||
* Debian stores network information in ``/etc/network`` instead of
|
||||
``/etc/sysconfig/network-scripts`` location used in CentOS. However, the
|
||||
|prod| ``system …`` commands are unchanged. |deb-update-iso|
|
||||
|
||||
* Patching on Debian is done using ostree commits rather than individual
|
||||
RPMs.
|
||||
|
||||
You can see which packages are updated by ostree using the :command:`dpkg
|
||||
-l` instead of :command:`rpm -qa` used on CentOS.
|
||||
|
||||
* Patching is done via reboot required patches. In-service patching is not
|
||||
supported in the Technology Preview release.
|
||||
|
||||
* The patching CLI commands and Horizon interactions are the same as for
|
||||
CentOS.
|
||||
|
||||
* The supported patching CLI commands for |deb-eval-release| are:
|
||||
|
||||
* ``sw-patch upload``
|
||||
* ``sw-patch upload-dir``
|
||||
* ``sw-patch apply``
|
||||
* ``sw-patch remove``
|
||||
* ``sw-patch delete``
|
||||
* ``sw-patch query``
|
||||
* ``sw-patch show``
|
||||
* ``sw-patch query-hosts``
|
||||
* ``sw-patch host-install``
|
||||
* ``sw-patch host-install-async``
|
||||
* ``sw-patch install-local``
|
||||
|
||||
However, since Debian patches work with ostree commits rather than
|
||||
RPMs, the patch contents visible on Horizon and CLI are different.
|
||||
|
||||
Running the ``sw-patch show <patch-ID>`` CLI command or selecting
|
||||
**Software Management** and the patch name in Horizon displays details
|
||||
about the contents of a Debian patch including:
|
||||
|
||||
* The number of ostree commits in this patch.
|
||||
|
||||
* The base commit on which the patch can be applied.
|
||||
|
||||
* The commit IDs that are associated with this patch.
|
||||
|
||||
**CLI**
|
||||
|
||||
Sample ``sw-patch show <patch-ID>`` output:
|
||||
|
||||
.. code-block:: none
|
||||
|
||||
DEBIAN_RR:
|
||||
Release: 22.06
|
||||
Patch State: Available
|
||||
Status: DEV
|
||||
Unremovable: N
|
||||
RR: Y
|
||||
Summary: Reboot Required Patch 0015
|
||||
Description: Reboot Required Patch for resolving subcloud unlock issue
|
||||
Install Instructions:
|
||||
Please ensure that there is 450MB minimum available space in the directory where the patch is going to be placed.
|
||||
Warnings: This patch requires PATCH_0014 to be installed first.
|
||||
Contents:
|
||||
|
||||
No. of commits: 2
|
||||
Base commit: d0a0d5ad78746c86ab477fb5ccb98d7e813484a9cb1c0a780363233794655fdc
|
||||
Commit1: a386e76d6430f7fd6693d40379cccc838445f4abd409f158b919c010da80cb83
|
||||
Commit2: 647dcef3f32d61b3d341fab905f5267c5614d804cae5d295693a6098db6e4e6d
|
||||
|
||||
|
||||
**Horizon**
|
||||
|
||||
Sample **Software Management** > *patch name* output.
|
||||
|
||||
.. figure:: figures/debian_patching_details_horizon.png
|
||||
:width: 600px
|
83
doc/source/debian/kubernetes/overview-234a36ffe9fb.rst
Normal file
83
doc/source/debian/kubernetes/overview-234a36ffe9fb.rst
Normal file
@ -0,0 +1,83 @@
|
||||
.. _overview-234a36ffe9fb:
|
||||
|
||||
========
|
||||
Overview
|
||||
========
|
||||
|
||||
With support for the CentOS Distribution being discontinued, |deb-prev-prods|
|
||||
will move to the Debian OS Distribution. Debian is a well-established Linux
|
||||
Distribution supported by a large and mature open-source community and used by
|
||||
hundreds of commercial organizations, including Google. When fully transitioned
|
||||
to Debian, |deb-prev-prods| will have full functional equivalence to the
|
||||
current CentOS-based versions of |deb-prev-prods|.
|
||||
|
||||
The planned rollout for the transition to Debian is as follows:
|
||||
|
||||
|
||||
.. rubric:: |prod| |deb-510-kernel-release| (RELEASED)
|
||||
|
||||
* General Availability (GA) Release of CentOS7 |prod| (for production
|
||||
deployments)
|
||||
|
||||
* Moved to 5.10 kernel, which will be used by the upcoming Debian-based
|
||||
release.
|
||||
|
||||
.. rubric:: |prod| |deb-eval-release|
|
||||
|
||||
|
||||
|prod| |deb-eval-release| is a general Availability (GA) Release of CentOS7
|
||||
|prod| for production deployments. It will be the last release of a CentOS7
|
||||
–based |prod|.
|
||||
|
||||
|prod| |deb-eval-release| inherits the 5.10 version of the Linux kernel
|
||||
introduced in |prod| |deb-510-kernel-release|.
|
||||
|
||||
|prod| |deb-eval-release| is also a technology Preview Release of Debian |prod|
|
||||
for evaluation purposes.
|
||||
|
||||
|prod| |deb-eval-release| release runs Debian Bullseye (11.3). It is limited in
|
||||
scope to the |AIO-SX| configuration. |deb-dup-std-na|
|
||||
|
||||
See :ref:`technology-preview-reduced-scope-0008a139a4b9` for details.
|
||||
|
||||
|
||||
.. rubric:: Debian |prod| General Availability
|
||||
|
||||
|
||||
An upcoming release will make Debian |prod| genrally available for
|
||||
production deployments.
|
||||
|
||||
This upcoming release will run Debian Bullseye 11.3 or later with
|
||||
full functional equivalence to the CentOS-based |prod|.
|
||||
|
||||
.. only:: partner
|
||||
|
||||
.. include:: /_includes/deb-tech-preview.rest
|
||||
:start-after: begin-prod-an-1
|
||||
:end-before: end-prod-an-1
|
||||
|
||||
|
||||
.. rubric:: Planned in-service upgrade paths for |prod|
|
||||
|
||||
* |prod| |deb-510-kernel-release| running CentOS ==> |prod| |deb-eval-release| running CentOS ==> |prod| Debian general availability release
|
||||
|
||||
or
|
||||
|
||||
* |prod| |deb-510-kernel-release| running CentOS ==> |prod| Debian general availability release
|
||||
|
||||
|
||||
.. note::
|
||||
|
||||
There will be no upgrade paths related to the |prod| |deb-eval-release|
|
||||
Debian Technology Preview release.
|
||||
|
||||
The |prod-long| |deb-eval-release| Debian Technology Preview allows you to
|
||||
evaluate and prepare for the upcoming Debian-based General Availability release
|
||||
while continuing to run your production deployment
|
||||
on CentOS-based |prod-long|. It is strongly recommended that you perform a
|
||||
complete assessment of |prod| and your application running on |prod| in a lab
|
||||
setting to fully understand and plan for any changes that may be required to
|
||||
your application when you migrate to Debian-based |prod|
|
||||
the |prod| Debian General Availability release in a production
|
||||
environment.
|
||||
|
@ -0,0 +1,302 @@
|
||||
.. _technology-preview-installation-fa6f71e9737d:
|
||||
|
||||
===============================
|
||||
Technology Preview Installation
|
||||
===============================
|
||||
|
||||
In general, the installation of |prod| |deb-eval-release| Debian Technology
|
||||
Preview on All-in-one Simplex is unchanged.
|
||||
|
||||
|
||||
.. only:: partner
|
||||
|
||||
.. include:: /_includes/deb-tech-preview.rest
|
||||
:start-after: begin-dec-and-imp
|
||||
:end-before: end-dec-and-imp
|
||||
|
||||
|
||||
There are no changes to:
|
||||
|
||||
* The overall installation workflow
|
||||
|
||||
.. only:: partner
|
||||
|
||||
.. include:: /_includes/deb-tech-preview.rest
|
||||
:start-after: begin-install-prereqs
|
||||
:end-before: end-install-prereqs
|
||||
|
||||
|
||||
* The installation prerequisites, i.e. required files, boot mechanism
|
||||
(bootable USB or pxeboot server), network connectivity, external DNS Server
|
||||
and a Docker Registry:
|
||||
|
||||
.. only:: partner
|
||||
|
||||
.. include:: /_includes/deb-tech-preview.rest
|
||||
:start-after: begin-install-prereqs
|
||||
:end-before: end-install-prereqs
|
||||
|
||||
* The hardware requirements: :ref:`starlingx-hardware-requirements`, or
|
||||
|
||||
* The preparation of physical servers, i.e. BIOS setup, etc.
|
||||
|
||||
The only minor change in the installation is in the initial install of software
|
||||
on controller-0. |deb-update-iso|
|
||||
|
||||
.. only:: partner
|
||||
|
||||
.. include:: /_includes/deb-tech-preview.rest
|
||||
:start-after: begin-prep-servers
|
||||
:end-before: end-prep-servers
|
||||
|
||||
There is a single install menu |deb-install-step-change| to choose between an
|
||||
AIO-Controller with the Standard Kernel and an AIO-Controller with the
|
||||
Low-Latency Kernel. Of course the actual console log output of the software
|
||||
install will be different due to OSTree and Debian details.
|
||||
|
||||
.. _deb-grub-deltas:
|
||||
|
||||
The Debian installation requires configuration of the new pxeboot grub menus;
|
||||
one for servers with Legacy BIOS support and another for servers with |UEFI|
|
||||
firmware.
|
||||
|
||||
During |PXE| boot configuration setup, as described in
|
||||
:ref:`configuring-a-pxe-boot-server-r6`, additional steps are required to
|
||||
collect configuration information and create a grub menu to install |prod|
|
||||
|deb-eval-release| AIO controller-0 function on the target server.
|
||||
|
||||
#. Wipe the install device prior to Debian installation.
|
||||
|
||||
.. code-block:: none
|
||||
|
||||
$ sudo wipedisk --force --include-backup
|
||||
$ sudo sgdisk -o /dev/sda
|
||||
|
||||
Repeat the :command:`sudo sgdisk -o` command for all disks, such as ``dev/sdb``,
|
||||
``/dev/sdc``, and so-on.
|
||||
|
||||
#. **Option 1:** Install controller-0 from a USB device containing the
|
||||
Debian ISO image.
|
||||
|
||||
Use this method to install locally from a physical or virtual media USB
|
||||
device/ISO.
|
||||
|
||||
#. Add the Debian ISO image to a USB device and make the target server
|
||||
boot the ISO image from that USB device.
|
||||
|
||||
#. During installation, select the install type from the presented
|
||||
menu. For a |UEFI| installation, the menu options are prefixed with
|
||||
"UEFI ".
|
||||
|
||||
#. **Option 2:** Install controller-0 from a PXEboot install feed.
|
||||
|
||||
This method uses a network PXEboot install from a remote PXEboot server
|
||||
and 'feed' directory.
|
||||
|
||||
* The 'feed' directory is a directory containing the mounted contents
|
||||
of the Debian ISO.
|
||||
|
||||
* The 'feed' creation process for the Debian install differs from the
|
||||
CentOS method.
|
||||
|
||||
* The 'feed' can be populated with either a **direct ISO mount**
|
||||
or a **copy of the ISO content**.
|
||||
|
||||
**Direct ISO mount** method:
|
||||
|
||||
#. Mount the ISO at the feed directory location on the pxeboot server.
|
||||
|
||||
#. Copy the ISO to the 'feed' directory location pxeboot server.
|
||||
|
||||
.. note::
|
||||
|
||||
This can be a common location for installing many servers or a
|
||||
unique location for a specific server.
|
||||
|
||||
#. Mount the ISO as the 'feed' directory.
|
||||
|
||||
.. note:: The mount requires root access. If you don't have root
|
||||
access on the PXEboot server then use the **ISO copy** method.
|
||||
|
||||
.. code-block:: none
|
||||
|
||||
$ IMAGENAME=<debian_image>
|
||||
$ sudo mount -o loop ${IMAGENAME}.iso ${IMAGENAME}_feed
|
||||
|
||||
**Copy ISO contents** method:
|
||||
|
||||
|
||||
#. Create a tarball containing the mounted ISO content
|
||||
|
||||
#. Copy the Debian ISO to a location where the ISO can be mounted
|
||||
|
||||
#. Mount the ISO, tar it up and copy the feed tarball to the PXEboot
|
||||
server
|
||||
|
||||
|
||||
#. Untar the feed tarball at the feed directory location on your
|
||||
PXEboot server.
|
||||
|
||||
An example of the above commands:
|
||||
|
||||
.. code-block:: none
|
||||
|
||||
$ IMAGENAME=<debian_image>
|
||||
|
||||
$ sudo mount -o loop ${IMAGENAME}.iso ${IMAGENAME}_feed
|
||||
$ tar -czf ${IMAGENAME}_feed.tgz ${IMAGENAME}_feed
|
||||
$ scp ${IMAGENAME}_feed.tgz <username>@<pxeboot_server>:<feed directory>
|
||||
|
||||
$ ssh <username>@<pxeboot_server>
|
||||
|
||||
$ cd <feed directory>
|
||||
$ tar -xzf ${IMAGENAME}_feed.tgz
|
||||
$ rm ${IMAGENAME}_feed.tgz
|
||||
|
||||
#. Optionally, link your new feed directory to the name the pxeboot
|
||||
server translates the incoming MAC based |DHCP| request to.
|
||||
|
||||
.. code-block:: none
|
||||
|
||||
$ ln -s ${IMAGENAME}_feed feed
|
||||
|
||||
Your 'feed' directory or link should now list similarly to the
|
||||
following example:
|
||||
|
||||
.. code-block:: none
|
||||
|
||||
drwxr-xr-x 7 someuser users 4096 Jun 13 10:33 starlingx-20220612220558_feed
|
||||
lrwxrwxrwx 1 someuser users 58 Jun 13 10:35 feed -> starlingx-20220612220558_feed
|
||||
|
||||
The 'feed' directory structure should be as follows:
|
||||
|
||||
.. code-block:: none
|
||||
|
||||
feed
|
||||
├── bzImage-rt ... Lowlatency kernel
|
||||
├── bzImage-std ... Standard kernel
|
||||
├── initrd ... Installer initramfs image
|
||||
├── kickstart
|
||||
│ └── kickstart.cfg ... Unified kickstart
|
||||
│
|
||||
├── ostree_repo ... OSTree Archive Repo
|
||||
│ ├── config
|
||||
│ ├── extensions
|
||||
│ └── objects
|
||||
│
|
||||
├── pxeboot
|
||||
└── samples
|
||||
├── efi-pxeboot.cfg.debian ... controller-0 UEFI install menu sample
|
||||
├── pxeboot.cfg.debian ... controller-0 BIOS install menu sample
|
||||
├── pxeboot_setup.sh ... script used to tailor the above samples
|
||||
└── README ... info file
|
||||
|
||||
Note that many files and directories have been omitted for clarity.
|
||||
|
||||
#. Set up the PXEboot grub menus.
|
||||
|
||||
The ISO contains a ``pxeboot/sample`` directory with controller-0
|
||||
install grub menus.
|
||||
|
||||
* For BIOS: ``feed/pxeboot/samples/pxeboot.cfg.debian``
|
||||
|
||||
* For UEFI: ``feed/pxeboot/samples/efi-pxeboot.cfg.debian``
|
||||
|
||||
You must customize these grub menus for a specific server
|
||||
install by modifying the following variable replacement strings
|
||||
with path and other information that is specific to your pxeboot
|
||||
server.
|
||||
|
||||
``xxxFEEDxxx``
|
||||
The path between http server base and feed directory. For
|
||||
example: ``/var/www/html/xxxFEED_xxx/<ISO content>``
|
||||
|
||||
``xxxPXEBOOTxxx``
|
||||
The offset path between /pxeboot and the feed to find
|
||||
``bzImage/initrd``. For example:
|
||||
``/var/pxeboot/xxxPXEBOOTxxx/<ISO content>``
|
||||
|
||||
``xxxBASE_URLxxx``
|
||||
The pxeboot server URL: ``http://###.###.###.###``
|
||||
|
||||
``xxxINSTDEVxxx``
|
||||
The install device name. Default: ``/dev/sda`` Example:
|
||||
``/dev/nvme01``
|
||||
|
||||
``xxxSYSTEMxxx``
|
||||
The system install type index. Default: aio>aio-serial
|
||||
(All-in-one Install - Serial; Console)
|
||||
|
||||
menu32 = no default system install type ; requires manual select
|
||||
|
||||
disk = Disk Boot
|
||||
|
||||
standard>serial = Controller Install - Serial Console
|
||||
|
||||
standard>graphical = Controller Install - Graphical Console
|
||||
|
||||
aio>serial = All-in-one Install - Serial Console
|
||||
|
||||
aio>graphical = All-in-one Install - Graphical Console
|
||||
|
||||
aio-lowlat>serial = All-in-one (lowlatency) Install - Serial Console
|
||||
|
||||
aio-lowlat>graphical = All-in-one (lowlatency) Install - Graphical Console
|
||||
|
||||
The ISO also contains the ``pxeboot/samples/pxeboot_setup.sh``
|
||||
script that can be used to automatically setup both the BIOS and
|
||||
|UEFI| grub files for a specific install.
|
||||
|
||||
.. code-block:: none
|
||||
|
||||
./feed/pxeboot/samples/pxeboot_setup.sh --help
|
||||
|
||||
Usage: ./pxeboot_setup.sh [Arguments Options]
|
||||
|
||||
Arguments:
|
||||
|
||||
-i | --input <input path> : Path to pxeboot.cfg.debian and efi-pxeboot.cfg.debian grub template files
|
||||
-o | --output <output path> : Path to created pxeboot.cfg.debian and efi-pxeboot.cfg.debian grub files
|
||||
-p | --pxeboot <pxeboot path> : Offset path between /pxeboot and bzImage/initrd
|
||||
-f | --feed <feed path> : Offset path between http server base and mounted iso
|
||||
-u | --url <pxe server url> : The pxeboot server's URL
|
||||
|
||||
Options:
|
||||
|
||||
-h | --help : Print this help info
|
||||
-b | --backup : Create backup of updated grub files as .named files
|
||||
-d | --device <install device> : Install device path ; default: /dev/sda
|
||||
-s | --system <system install> : System install type ; default: 3
|
||||
|
||||
0 = Disk Boot
|
||||
1 = Controller Install - Serial Console
|
||||
2 = Controller Install - Graphical Console
|
||||
3 = All-in-one Install - Serial Console (default)
|
||||
4 = All-in-one Install - Graphical Console
|
||||
5 = All-in-one (lowlatency) Install - Serial Console
|
||||
6 = All-in-one (lowlatency) Install - Graphical Console
|
||||
|
||||
Example:
|
||||
|
||||
pxeboot_setup.sh -i /path/to/grub/template/dir
|
||||
-o /path/to/target/iso/mount
|
||||
-p pxeboot/offset/to/bzImage_initrd
|
||||
-f pxeboot/offset/to/target_feed
|
||||
-u http://###.###.###.###
|
||||
-d /dev/sde
|
||||
-s 5
|
||||
|
||||
The remaining install steps are also completely unchanged:
|
||||
|
||||
.. only:: partner
|
||||
|
||||
**Imperative mode**
|
||||
|
||||
:ref:`aio_simplex_install_kubernetes_r6`
|
||||
|
||||
.. only:: partner
|
||||
|
||||
.. include:: /_includes/deb-tech-preview.rest
|
||||
:start-after: begin-declarative
|
||||
:end-before: end-declarative
|
||||
|
@ -0,0 +1,14 @@
|
||||
.. _technology-preview-known-issues-899a77ad709c:
|
||||
|
||||
===============================
|
||||
Technology Preview Known Issues
|
||||
===============================
|
||||
|
||||
Known issues and workarounds with the |prod| |deb-eval-release| are the same
|
||||
as those for |prod| |deb-eval-release| based on CentOS.
|
||||
|
||||
.. only:: partner
|
||||
|
||||
.. include:: /_includes/deb-tech-preview.rest
|
||||
:start-after: begin-known-issues
|
||||
:end-before: end-known-issues
|
@ -0,0 +1,22 @@
|
||||
.. _technology-preview-reduced-scope-0008a139a4b9:
|
||||
|
||||
================================
|
||||
Technology Preview Reduced Scope
|
||||
================================
|
||||
|
||||
The |prod| |deb-eval-release| Debian Technology Preview release will have
|
||||
reduced scope:
|
||||
|
||||
* Only AIO-SX deployments are supported. Duplex, Standard and
|
||||
Distributed Cloud configurations are not available in this release.
|
||||
|
||||
* Only Kubernetes version 1.23 is supported.
|
||||
|
||||
* Support for both standard and low-latency kernel.
|
||||
|
||||
* Only Reboot Patching is available. In-service patching is not supported.
|
||||
|
||||
* Upgrades to or from this release are not supported.
|
||||
|
||||
Full equivalency of configurations and features will be supported in the upcoming
|
||||
|prod| Debian General Availability release.
|
@ -17,7 +17,7 @@ use the contents of the working directory to construct a |PXE| boot environment
|
||||
according to your own requirements or preferences.
|
||||
|
||||
For more information about using a |PXE| boot server, see :ref:`Configure a
|
||||
PXE Boot Server <configuring-a-pxe-boot-server>`.
|
||||
PXE Boot Server <configuring-a-pxe-boot-server-r5>`.
|
||||
|
||||
.. rubric:: |proc|
|
||||
|
||||
|
@ -1,6 +1,6 @@
|
||||
|
||||
.. jow1440534908675
|
||||
.. _configuring-a-pxe-boot-server:
|
||||
.. _configuring-a-pxe-boot-server-r5:
|
||||
|
||||
===========================
|
||||
Configure a PXE Boot Server
|
||||
|
@ -1,7 +1,12 @@
|
||||
|
||||
.. jow1440534908675
|
||||
|
||||
.. _configuring-a-pxe-boot-server:
|
||||
|
||||
.. _configuring-a-pxe-boot-server-r6:
|
||||
|
||||
|
||||
|
||||
===========================
|
||||
Configure a PXE Boot Server
|
||||
===========================
|
||||
@ -14,7 +19,7 @@ initialization.
|
||||
|prod| includes a setup script to simplify configuring a |PXE| boot server. If
|
||||
you prefer, you can manually apply a custom configuration; for more
|
||||
information, see :ref:`Access PXE Boot Server Files for a Custom Configuration
|
||||
<accessing-pxe-boot-server-files-for-a-custom-configuration-r6>`.
|
||||
<accessing-pxe-boot-server-files-for-a-custom-configuration>`.
|
||||
|
||||
The |prod| setup script accepts a path to the root TFTP directory as a
|
||||
parameter, and copies all required files for BIOS and |UEFI| clients into this
|
||||
@ -110,6 +115,12 @@ Use a Linux workstation as the |PXE| Boot server.
|
||||
|
||||
#. Set up the |PXE| boot configuration.
|
||||
|
||||
.. important::
|
||||
|
||||
|PXE| configuration steps differ for |prod| |deb-eval-release|
|
||||
evaluation on the Debian distribution. See the :ref:`Debian Technology
|
||||
Preview <deb-grub-deltas>` |PXE| configuration procedure for details.
|
||||
|
||||
The ISO image includes a setup script, which you can run to complete the
|
||||
configuration.
|
||||
|
||||
|
@ -6,7 +6,7 @@
|
||||
Local LDAP Linux User Accounts
|
||||
==============================
|
||||
|
||||
You can create regular Linux user accounts using the |prod| LDAP service.
|
||||
You can create regular Linux user accounts using the |prod| |LDAP| service.
|
||||
|
||||
Local |LDAP| accounts are centrally managed on the active controller; all
|
||||
hosts in the cloud/cluster use the Local |LDAP| server on the active controller
|
||||
@ -40,9 +40,39 @@ Local |LDAP| user accounts share the following set of attributes:
|
||||
- Login sessions are logged out automatically after about 15 minutes of
|
||||
inactivity.
|
||||
|
||||
- The accounts are blocked following five consecutive unsuccessful login
|
||||
attempts. They are unblocked automatically after a period of about five
|
||||
minutes.
|
||||
- After each unsuccessful login attemt, a 15 second delay is imposed before
|
||||
making another attempt. If you attempt to login before 15 seconds the
|
||||
system will display a message such as:
|
||||
|
||||
``Account temporary locked (10 seconds left)``
|
||||
|
||||
.. note:: On Debian-based |prod| systems, this delay is 3 seconds.
|
||||
|
||||
- After five consecutive unsuccessful login attempts, further attempts are
|
||||
blocked for about five minutes. On further attemps within 5 minutes, the
|
||||
system will display a message such as:
|
||||
|
||||
``Account locked due to 6 failed logins``
|
||||
|
||||
.. note::
|
||||
|
||||
On Debian-based |prod| systems, you are alerted on the 6th and
|
||||
subsequent attempts:
|
||||
|
||||
``Account locked due to 6 failed logins``
|
||||
|
||||
and an error message is displayed on subsequent attempts:
|
||||
|
||||
``Maximum number of tries exceeded (5)``
|
||||
|
||||
To clarify, on CentOS-based |prod| systems, the 5 minute block is not an
|
||||
absolute window, but a sliding one. That is, if you keep attempting to log
|
||||
in within those 5 minutes, the window keeps sliding and the you remain
|
||||
blocked. Therefore, you should not attempt any further login attempts for 5
|
||||
minutes after 5 unsuccessful login attempts.
|
||||
|
||||
On Debian-based |prod| systems, 5 mins after the account is locked, the
|
||||
failed attempts will be reset and failed attempts re-counted.
|
||||
|
||||
- All authentication attempts are recorded on the file /var/log/auth.log
|
||||
of the target host.
|
||||
@ -91,4 +121,4 @@ from the console ports of the hosts; no |SSH| access is allowed.
|
||||
|
||||
.. seealso::
|
||||
|
||||
:ref:`Create LDAP Linux Accounts <create-ldap-linux-accounts>`
|
||||
:ref:`Create LDAP Linux Accounts <create-ldap-linux-accounts>`
|
||||
|
@ -23,13 +23,40 @@ The default initial password is **sysadmin**.
|
||||
- The initial password must be changed immediately when you log in to each
|
||||
host for the first time. For details, see |_link-inst-book|.
|
||||
|
||||
- After each unsuccessful login attempt, a 15 second delay is imposed before
|
||||
making another attempt. If you attempt to login before 15 seconds the
|
||||
system will display a message such as:
|
||||
|
||||
``Account temporary locked (10 seconds left)``
|
||||
|
||||
.. note:: On Debian-based |prod| systems, this delay is 3 seconds.
|
||||
|
||||
- After five consecutive unsuccessful login attempts, further attempts are
|
||||
blocked for about five minutes. To clarify, the 5 minute block is not an
|
||||
blocked for about five minutes. On further attemps within 5 minutes, the
|
||||
system will display a message such as:
|
||||
|
||||
``Account locked due to 6 failed logins``
|
||||
|
||||
.. note::
|
||||
|
||||
On Debian-based |prod| systems, you are alerted on the 6th and
|
||||
subsequent attempts:
|
||||
|
||||
``Account locked due to 6 failed logins``
|
||||
|
||||
and an error message is displayed on subsequent attempts:
|
||||
|
||||
``Maximum number of tries exceeded (5)``
|
||||
|
||||
To clarify, on CentOS-based |prod| systems, the 5 minute block is not an
|
||||
absolute window, but a sliding one. That is, if you keep attempting to log
|
||||
in within those 5 minutes, the window keeps sliding and the user remains
|
||||
in within those 5 minutes, the window keeps sliding and the you remain
|
||||
blocked. Therefore, you should not attempt any further login attempts for 5
|
||||
minutes after 5 unsuccessful login attempts.
|
||||
|
||||
On Debian-based |prod| systems, 5 mins after the account is locked, the
|
||||
failed attempts will be reset and failed attempts re-counted.
|
||||
|
||||
|
||||
Subsequent password changes must be executed on the active controller in an
|
||||
**unlocked**, **enabled**, and **available** state to ensure that they
|
||||
|
Loading…
x
Reference in New Issue
Block a user