From d129f081433c14c963105ea2b3bf17272f1310aa Mon Sep 17 00:00:00 2001 From: Hu Shuai Date: Thu, 6 Jan 2022 16:12:03 +0800 Subject: [PATCH 1/2] Fix image-customization image pull failure Signed-off-by: Hu Shuai --- .../baremetal/files/usr/local/bin/startironic.sh.template | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/data/data/bootstrap/baremetal/files/usr/local/bin/startironic.sh.template b/data/data/bootstrap/baremetal/files/usr/local/bin/startironic.sh.template index 42c8e762b97..08f976b5d2c 100755 --- a/data/data/bootstrap/baremetal/files/usr/local/bin/startironic.sh.template +++ b/data/data/bootstrap/baremetal/files/usr/local/bin/startironic.sh.template @@ -173,7 +173,7 @@ else fi # Embed agent ignition into the rhcos live iso -sudo podman run -d --net host --privileged --name image-customization \ +podman run -d --net host --privileged --name image-customization \ --env DEPLOY_ISO="/shared/html/images/ironic-python-agent.iso" \ --env DEPLOY_INITRD="/shared/html/images/ironic-python-agent.initramfs" \ --env IRONIC_BASE_URL="http://${IRONIC_HOST}" \ @@ -188,7 +188,7 @@ sudo podman run -d --net host --privileged --name image-customization \ -v /etc/containers:/tmp/containers:z \ ${CUSTOMIZATION_IMAGE} -sudo podman run -d --net host --privileged --name ironic-conductor \ +podman run -d --net host --privileged --name ironic-conductor \ --restart on-failure \ --env IRONIC_RAMDISK_SSH_KEY="$IRONIC_RAMDISK_SSH_KEY" \ --env MARIADB_PASSWORD=$mariadb_password \ @@ -212,7 +212,7 @@ podman run -d --net host --privileged --name ironic-inspector \ -v $AUTH_DIR:/auth:ro \ -v $IRONIC_SHARED_VOLUME:/shared:z "${IRONIC_IMAGE}" -sudo podman run -d --net host --privileged --name ironic-api \ +podman run -d --net host --privileged --name ironic-api \ --restart on-failure \ --env MARIADB_PASSWORD=$mariadb_password \ --env PROVISIONING_INTERFACE=$PROVISIONING_NIC \ @@ -221,7 +221,7 @@ sudo podman run -d --net host --privileged --name ironic-api \ -v $AUTH_DIR:/auth:ro \ -v $IRONIC_SHARED_VOLUME:/shared:z ${IRONIC_IMAGE} -sudo podman run -d --name ironic-ramdisk-logs \ +podman run -d --name ironic-ramdisk-logs \ --restart on-failure \ --entrypoint /bin/runlogwatch.sh \ -v $IRONIC_SHARED_VOLUME:/shared:z ${IRONIC_IMAGE} From 2fb7349c521d7778a84b0e633a56783d8b27586b Mon Sep 17 00:00:00 2001 From: Hu Shuai Date: Fri, 7 Jan 2022 10:10:37 +0800 Subject: [PATCH 2/2] Remove redundant sudo for iptables commands Signed-off-by: Hu Shuai --- .../baremetal/files/usr/local/bin/startironic.sh.template | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/data/data/bootstrap/baremetal/files/usr/local/bin/startironic.sh.template b/data/data/bootstrap/baremetal/files/usr/local/bin/startironic.sh.template index 08f976b5d2c..3954e05e286 100755 --- a/data/data/bootstrap/baremetal/files/usr/local/bin/startironic.sh.template +++ b/data/data/bootstrap/baremetal/files/usr/local/bin/startironic.sh.template @@ -111,8 +111,8 @@ podman run -d --name coreos-downloader \ # Add firewall rules to ensure the IPA ramdisk can reach httpd, Ironic and the Inspector API on the host for port in 80 5050 6385 ; do - if ! sudo $IPTABLES -C INPUT -i $PROVISIONING_NIC -p tcp -m tcp --dport $port -j ACCEPT > /dev/null 2>&1; then - sudo $IPTABLES -I INPUT -i $PROVISIONING_NIC -p tcp -m tcp --dport $port -j ACCEPT + if ! $IPTABLES -C INPUT -i $PROVISIONING_NIC -p tcp -m tcp --dport $port -j ACCEPT > /dev/null 2>&1; then + $IPTABLES -I INPUT -i $PROVISIONING_NIC -p tcp -m tcp --dport $port -j ACCEPT fi done