[Maas-devel] Importing maas images from somewhere OTHER than maas.ubuntu.com

Jeffrey Lane jeffrey.lane at canonical.com
Thu Sep 18 22:20:23 UTC 2014


I need some pointers on importing fast-path images.

I currently have the following:

a method for building custom fast-path images
a sample simple-stream hosted on another system that has my custom
fast-path images
a maas server (running the latest from Trusty Updates)

I have modifed bootresources.yaml to point to my private simplestream

I have tried with and without the keyring: listed in bootresources.yaml

both times, the import of the image to my maas server fails because of
the keyring:

ubuntu at critical-maas:/var/log/maas$ sudo -E maas-import-pxe-files
2014-09-18 15:55:10,127 INFO Importing boot resources.
2014-09-18 15:55:10,161 ERROR Unhandled exception; unable to continue.
Traceback (most recent call last):
  File "/usr/sbin/maas-import-pxe-files", line 30, in <module>
    main(args)
  File "/usr/lib/python2.7/dist-packages/provisioningserver/import_images/boot_resources.py",
line 493, in main
    repo_boot = dumper.dump(source['path'], keyring=source['keyring'])
  File "/usr/lib/python2.7/dist-packages/provisioningserver/import_images/boot_resources.py",
line 276, in dump
    super(RepoDumper, self).sync(reader, rpath)
  File "/usr/lib/python2.7/dist-packages/simplestreams/mirrors/__init__.py",
line 82, in sync
    content, payload = reader.read_json(path)
  File "/usr/lib/python2.7/dist-packages/simplestreams/mirrors/__init__.py",
line 40, in read_json
    return raw, self.policy(content=raw, path=path)
  File "/usr/lib/python2.7/dist-packages/simplestreams/util.py", line
254, in policy_read_signed
    return read_signed(content=content, keyring=keyring)
  File "/usr/lib/python2.7/dist-packages/simplestreams/util.py", line
271, in read_signed
    raise e
CalledProcessError: Command '['gpg', '--batch', '--verify',
u'--keyring=/usr/share/keyrings/ubuntu-cloudimage-keyring.gpg', '-']'
returned non-zero exit status 1

I'm pretty sure this is because my custom image is not signed.

So what I want to know is, how do I build my own keyring and sign
images OR for now, how can i tell maas to import unsigned images and
ignore the cloud keyring?

My end goal is this:
A simple stream that hosts certification fast-path images built from
LTS ISO images that are consumed by MAAS the same way we consume the
regular fast-path images, and used for testing.

Right now, I can build the custom images from LTS ISOs.
I can manually inject them into MAAS (by replacing an existing
root-tgz file in /var/lib/maas/boot-resources)
I can install nodes using my custom images, boot them and perform
certification testing.

Now I'm trying to work out all the in-between parts to make this viable.

So any ideas?

At the VERY least, I'd like to have my stream with unsigned images
imported into maas without worrying about keyrings nad stuff.  For
now, this is PoC so I don't care about security.  Down the road, I
WILL and that could help solve a couple other dilemmas as well, but
for now, just showing I can build it and make it work in a simple form
will be great.

Thanks
Jeff

-- 
"Entropy isn't what it used to be."

Jeff Lane - Server Certification Team Lead, Tools Developer, Warrior
Poet, Lover of Pie
Phone: 919-442-8649
Ubuntu Ham: W4KDH                          Freenode IRC: bladernr or bladernr_
gpg: 1024D/3A14B2DD 8C88 B076 0DD7 B404 1417  C466 4ABD 3635 3A14 B2DD




More information about the Maas-devel mailing list