docs: Update the doc to reflect the latest changes

[snf-image] / docs / architecture.rst

Architecture
============

Overview
^^^^^^^^

snf-image is a Ganeti OS definition. This means that Ganeti provisions a new
disk (block device) and passes it to snf-image. Then, snf-image is responsible
to deploy an Image on that disk. If snf-image returns successfully, Ganeti will
then spawn a VM with that disk as its primary disk.

Thus, snf-image is responsible for two (2) things, which are executed in two
separate steps:

| 1. Fill the newly provisioned disk with Image data
| 2. Customize the Image accordingly

For (1), snf-image can fetch the Image from a number of back-ends, as we
describe later. For (2) snf-image spawns a helper VM and runs a number of
configuration tasks inside the isolated environment. Once the last task returns
successfully, the helper VM ceases and snf-image returns the newly configured
disk to Ganeti.

The whole procedure is configurable via OS interface parameters, that can be
passed to snf-image from the Ganeti command line or RAPI.

snf-image is split in two components: The main program running on the Ganeti
host with full root privilege (*snf-image*, previously *snf-image-host*) and a
part running inside an unprivileged helper VM (*snf-image-helper*).

We describe each part in the following sections:

snf-image
^^^^^^^^^

This part implements the Ganeti OS interface. It extracts the Image onto the
Ganeti-provided block device, using streaming block I/O (dd with oflag=direct),
then spawns a helper VM, and passes control to snf-image-helper running inside
that helper VM. The helper VM is created using either KVM or XEN depending on
the supported hypervisor as dictated by Ganeti. It runs as an unprivileged
user.

There is no restriction on the distribution running inside the helper VM, as
long as it executes the snf-image-helper component automatically upon bootup.
The snf-image-update-helper script is provided with snf-image to automate the
creation of a helper VM image based on Debian Stable, using multistrap.

The snf-image-helper component runs inside a specific environment, which is
created and ensured by snf-image:

 * The VM features a virtual floppy, containing an ext2 file system with all
   parameters needed for image customization.
 * The hard disk provided by Ganeti that we want to deploy and customize is
   accessible as the first VirtIO hard disk.
 * All kernel/console output is redirected to the first virtual serial console,
   and eventually finds its way into the OS definition log files that Ganeti
   maintains.
 * The helper VM is expected to output "SUCCESS" to its second serial port if
   image customization was successful inside the VM.
 * If "SUCCESS" is not returned, snf-image assumes that, execution of the helper
   VM or snf-image-helper has failed.
 * The helper VM is expected to shutdown automatically once it is done. Its
   execution is time-limited; if it has not terminated after a number of
   seconds, configurable via ``/etc/default/snf-image``, snf-image sends a
   SIGTERM and/or a SIGKILL to it.

snf-image-helper
^^^^^^^^^^^^^^^^

This part runs inside the helper VM during boot-up and undertakes customization
of the target disk. It does so, by running a number of :ref:`configuration
tasks <image-configuration-tasks>`. The exact tasks that should run, are
specified by rules found in the virtual floppy, placed there by *snf-image*,
before spawning the helper VM. *snf-image-helper* uses *runparts* to run the
tasks which are found under ``/usr/lib/snf-image-helper/tasks``.

Graphical Representation
^^^^^^^^^^^^^^^^^^^^^^^^

The architecture is presented below:

.. image:: /images/arch.png


.. _storage-backends:

Storage back-ends
^^^^^^^^^^^^^^^^^

As stated above, for step (1), *snf-image* is capable of fetching images that
are stored in a variety of different back-ends and then extracting them onto
the newly created block device. The following back-ends are supported:

 * **Local back-end**:
   The local back-end is used to retrieve images that are stored on the Ganeti
   node that the image deployment takes place. All local images are expected to
   be found under a predefined image directory. By default */var/lib/snf-image*
   is used, but the user may change this by overwriting the value of the
   *IMAGE_DIR* variable under ``/etc/default/snf-image``.

 * **Network back-end**:
   The network back-end is used to retrieve images that are accessible from the
   network. snf-image can fetch images via *http:*, *https:*, *ftp:* or
   *ftps:*, using `cURL <http://curl.haxx.se/>`_.

 * **Pithos back-end**:
   *snf-image* contains a special command-line tool (*pithcat*) for retrieving
   images residing on a Pithos installation. To set up snf-image's Pithos
   back-end the user needs to setup the ``PITHOS_DATA`` and ``PITHOS_DB``
   variables inside ``/etc/default/snf-image`` accordingly.

 * **Null back-end**:
   If the null back-end is selected, no image copying is performed. This
   actually is meant for bypassing step (1) altogether. This is useful, if the
   disk provisioned by Ganeti already contains an OS installation before
   *snf-image* is executed (for example if the disk was created as a clone of
   an existing VM's hard disk).

.. _image-configuration-tasks:

Image Configuration Tasks
^^^^^^^^^^^^^^^^^^^^^^^^^

Configuration tasks are scripts called by snf-image-helper inside the helper VM
to accomplish various configuration steps on the newly created instance. See
below for a description of each one of them:

**FixPartitionTable**: Enlarges the last partition in the partition table of
the instance, to consume all the available space and optionally adds a swap
partition in the end. The task will fail if the environmental variable
*SNF_IMAGE_DEV*, which specifies the device file of the instance's hard disk,
is missing.

**FilesystemResizeUnmounted**: Extends the file system of the last partition to
cover up the whole partition. This only works for ext{2,3,4} and ufs2 file
systems. Any other file system type is ignored and a warning is triggered. The
task will fail if *SNF_IMAGE_DEV* environmental variable is missing.

**MountImage**: Mounts the root partition of the instance, specified by the
*SNF_IMAGE_PROPERTY_ROOT_PARTITION* variable. On Linux systems after the root
fs is mounted, the instance's ``/etc/fstab`` file is examined and the rest of
the disk file systems are mounted too, in a correct order. The script will fail
if any of the environmental variables *SNF_IMAGE_DEV*,
*SNF_IMAGE_PROPERTY_ROOT_PARTITION* or *SNF_IMAGE_TARGET* is unset or has a
non-sane value.

**AddSwap**: Formats the swap partition added by *FixPartitionTable* task and
adds an appropriate swap entry in the system's ``/etc/fstab``. The script will
only run if *SNF_IMAGE_PROPERTY_SWAP* is present and will fail if
*SNF_IMAGE_TARGET* in not defined.

**DeleteSSHKeys**: On Linux and \*BSD instances, this script will clear out any
ssh keys found in the instance's disk. For Debian and Ubuntu systems, the keys
are also recreated. Besides removing files that comply to the
``/etc/ssh/ssh_*_key`` pattern, the script will also parses
``/etc/ssh/sshd_config`` file for custom keys. The only variable this script
depends on is *SNF_IMAGE_TARGET*.

**DisableRemoteDesktopConnections**: This script temporary disables RDP
connections on windows instances by changing the value of *fDenyTSConnection*
registry key. RDP connections will be enabled back during the specialize pass
of the Windows setup. The task will fail if *SNF_IMAGE_TARGET* is not defined.

**InstallUnattend**: Installs the Unattend.xml files on windows instances. This
is needed by windows in order to perform an unattended setup. The
*SNF_IMAGE_TARGET* variables needs to be present for this task to run.

**SELinuxAutorelabel**: Creates *.autorelabel* file in Red Hat images. This is
needed if SELinux is enabled to enforce an automatic file system relabeling
during the first boot. The only environmental variable required by this task is
*SNF_IMAGE_TARGET*.

**AssignHostname**: Assigns or changes the hostname of the instance. The task
will fail if the Linux distribution is not supported and ``/etc/hostname`` is
not present on the file system. For now, we support Debian, Red Hat, Slackware,
SUSE and Gentoo derived distributions. The hostname is read from
*SNF_IMAGE_HOSTNAME* variable. In addition to the latter, *SNF_IMAGE_TARGET* is
also required.

**ChangePassword**: Changes the password for a list of existing users. On Linux 
systems this is accomplished by directly altering the instance's
``/etc/shadow`` file. On Windows systems a script is injected into the VM's
hard disk. This script will be executed during the specialize pass of the
Windows setup. On \*BSD systems ``/etc/master.passwd`` is altered,
``/etc/spwd.db`` is removed and a script is injected into the VM's hard disk
that will recreate the aforementioned file during the first boot. The list of
users whose passwords will changed is determined by the
*SNF_IMAGE_PROPERTY_USERS* variable (see :ref:`image-properties`). For this
task to run *SNF_IMAGE_TARGET* and *SNF_IMAGE_PASSWORD* variables need to be
present.

**FilesystemResizeMounted**: Injects a script into a Windows image file system
that will enlarge the last file system to cover up the whole partition. The
script will run during the specialize pass of the Windows setup. If the
*SNF_IMAGE_TARGET* variable is missing, the task will fail.

**EnforcePersonality**: Injects the files specified by the
*SNF_IMAGE_PROPERTY_OSFAMILY* variable into the file system. If the variable is
missing a warning is produced. Only *SNF_IMAGE_TARGET* is required for this
task to run.

**UmountImage**: Umounts the file systems previously mounted by MountImage. The
only environmental variable required is *SNF_IMAGE_TARGET*.


+-------------------------------+---+--------------------------------------------+--------------------------------------------------+
|                               |   |               Dependencies                 |               Enviromental Variables [#]_        |
+          Name                 |   +------------------+-------------------------+-------------------------+------------------------+
|                               |Pr.|        Run-After |        Run-Before       |        Required         |      Optional          |
+===============================+===+==================+=========================+=========================+========================+
|FixPartitionTable              |10 |                  |FilesystemResizeUnmounted|DEV                      |                        |
+-------------------------------+---+------------------+-------------------------+-------------------------+------------------------+
|FilesystemResizeUnmounted      |20 |FixPartitionTable |MountImage               |DEV                      |                        |
+-------------------------------+---+------------------+-------------------------+-------------------------+------------------------+
|MountImage                     |30 |                  |UmountImage              |DEV                      |                        |
|                               |   |                  |                         |TARGET                   |                        |
|                               |   |                  |                         |PROPERTY_ROOT_PARTITION  |                        |
+-------------------------------+---+------------------+-------------------------+-------------------------+------------------------+
|AddSwap                        |40 |MountImage        |EnforcePersonality       |TARGET                   |PROPERTY_OSFAMILY       |
|                               |   |                  |                         |                         |PROPERTY_SWAP           |
+-------------------------------+---+------------------+-------------------------+-------------------------+------------------------+
|DeleteSSHKeys                  |40 |MountImage        |EnforcePersonality       |TARGET                   |PROPERTY_OSFAMILY       |
+-------------------------------+---+------------------+-------------------------+-------------------------+------------------------+
|DisableRemoteDesktopConnections|40 |EnforcePersonality|UmountImage              |TARGET                   |PROPERTY_OSFAMILY       |
+-------------------------------+---+------------------+-------------------------+-------------------------+------------------------+
|InstallUnattend                |40 |MountImage        |EnforcePersonality       |TARGET                   |PROPERTY_OSFAMILY       |
+-------------------------------+---+------------------+-------------------------+-------------------------+------------------------+
|SELinuxAutorelabel             |40 |MountImage        |EnforcePersonality       |TARGET                   |PROPERTY_OSFAMILY       |
+-------------------------------+---+------------------+-------------------------+-------------------------+------------------------+
|AssignHostname                 |50 |InstallUnattend   |EnforcePersonality       |TARGET                   |                        |
|                               |   |                  |                         |HOSTNAME                 |PROPERTY_OSFAMILY       |
+-------------------------------+---+------------------+-------------------------+-------------------------+------------------------+
|ChangePassword                 |50 |InstallUnattend   |EnforcePersonality       |TARGET                   |PROPERTY_USERS          |
|                               |   |                  |                         |PASSWORD                 |PROPERTY_OSFAMILY       |
+-------------------------------+---+------------------+-------------------------+-------------------------+------------------------+
|FilesystemResizeMounted        |50 |InstallUnattend   |EnforcePersonality       |TARGET                   |PROPERTY_OSFAMILY       |
+-------------------------------+---+------------------+-------------------------+-------------------------+------------------------+
|EnforcePersonality             |60 |MountImage        |UmountImage              |TARGET                   |PERSONALITY             |
|                               |   |                  |                         |                         |PROPERTY_OSFAMILY       |
+-------------------------------+---+------------------+-------------------------+-------------------------+------------------------+
|UmountImage                    |80 |MountImage        |                         |TARGET                   |                        |
+-------------------------------+---+------------------+-------------------------+-------------------------+------------------------+

.. [#] all environmental variables are prefixed with *SNF_IMAGE_*