maas-devel team mailing list archive

[Jeroen Vermeulen <jeroen.vermeulen@xxxxxxxxxxxxx>]

On 04/22/2014 07:06 AM, Julian Edwards wrote:

>> Also, we ought to rename m-i-pxe-f to, say, maas-import-boot-resources.
> 
> Let's just get rid of it.  We don't need it at all, now that the code is all a 
> python module.

Yes!  In fact, I already have branches in the works which:

 * Invoke the import code from the celery task.  No shell, no script.

 * Pass config to the import code as a python dict.  No yaml.

 * Import as the "maas" user.  No root, except to run tgt-admin.

 * Make "maas" own everything in /var/lib/boot-resources.

 * Give "maas" a homedir for its own, non-root-owned, gnupg state.

(The one technical complication at the moment is that you can't set a
home directory for an existing user while it has a process running.
I'll try setting HOME instead.)

These changes will make it easy to pass the simplestreams config from
the region controller instead.  Once the region controller learns to
produce that config, of course.

Next, I would favour the following changes to what's currently in
bootresources.yaml:

1. Moving the boot/storage setting back into pserv.yaml, making it
subsume the tftp/resource_root setting.

2. Stripping off the top two layers of the bootresources.yaml config
structure.  So we simply pass the import code a list of sources, each
with a path and a list of selections.

3. Having just a single global list of boot-resource keyrings, in
pserv.yaml.

Why that last point? I hear you cry.

Laziness is one reason: why build UI fields per source, when keyrings
are really just dicts of globally-identified keys anyway?  With small
changes we can just pile a bunch of keyrings together and have
Simplestreams dig up whatever keys it needs.  It'd work best with a
supporting change in Simplestreams itself, but we can do it on our end.

The other is that the keyring setting is currently a file path, *on the
cluster controller*.  If we're ever going to manage this from the
region, the region ought to send the keyring file contents, not make
assumptions about how humans manage the cluster controller's filesystem.
 Until then, simplest thing that works and makes sense.


Jeroen