autoyast – openSUSE Lizards https://lizards.opensuse.org Blogs and Ramblings of the openSUSE Members Fri, 06 Mar 2020 11:29:40 +0000 en-US hourly 1 Highlights of YaST Development Sprints 88 and 89 https://lizards.opensuse.org/2019/11/22/highlights-of-yast-development-sprints-88-and-89/ Fri, 22 Nov 2019 14:13:35 +0000 http://lizards.opensuse.org/?p=14176
  • The System Role selection dialog got usability improvements
  • Snapper gained machine-readable output
  • Storage:
  • A More User Friendly Role Selector Dialog

    Step by step, we continue improving the user experience making use of the newly added widgets to libyui. This sprint was the turn to update the role selection dialog to use the new item selector introduced during the sprint 87. Apart from looking better as it can be seen in the screenshots below, there are two immediate improvements:

    • the vertical scroll, when present, is respected after selecting a role (instead of “jumping to the beginning”), and
    • the selected role (if any) will be visible when arriving at the dialog even when the list is quite long or the available space too short.
    Before After

    What is more, updating the dialog was also useful for us to realize about some needed improvements for the widget itself, mentioned in the next section. Quite a productive change 🙂

    When one Bit is not Enough: The CustomStatusItemSelector

    A few weeks ago, we wrote about the new ItemSelector widget that is finding its way into YaST user interfaces. It turned out that just a simple on/off status is not enough in some cases, so we had to extend that concept. For example, software modules may have dependencies, and we want to show the difference between one that was explicitly selected by the user and one that was auto-selected because some other software module requires it.

    This kind of shook the foundations of the underlying classes; all of a sudden a bit is no longer just a bit, but it needs to be broken down into even smaller pieces. Well, we cheated; we now use integer values instead. Most of the class hierarchy still only uses 0 and 1, but the new YCustomStatusItemSelector also supports using higher numbers for application-defined purposes.

    For each possible status value, the application defines the name of the icon to be displayed (for graphical UIs like the Qt UI), the text equivalent (for text mode / the NCurses UI), and an optional nextStatus which tells the widget what status to cycle to when the user changes the status of an item with a mouse click or with the keyboard. A value of -1 lets the application handle this.

    So this is not a one-trick-pony that is useful only for that one use case (the software modules), but a generic tool that might find good uses in other places all over YaST as well.

    Usage examples: C++, Ruby.

    Snapper and Machine-readable Output

    Most likely you already know snapper, a great tool to work with your filesystem snapshots. Some third-party scripts and tools (e.g., YaST) use the snapper CLI to get some information, but generally, snapper generates an output intended to be human-readable. Sometimes that could cause some troubles in scripts checking the snapper output. Now on, snapper also offers CLI options to generate its output in a machine-readable format, i.e., CSV and JSON. Please, check this post for more information about those new options.

    Fix Boot Problems with Remote Encrypted Devices

    Since we adopted systemd, the management during system boot of encrypted devices on top of network-based devices like iSCSI or FCoE disks has been less than optimal. But now we are happy to announce that we have put all the pieces together to make the experience as smooth as possible.

    One of the main responsibilities of systemd is sorting the actions performed during boot and setting the dependencies between them. For example, if there are encrypted devices, systemd will first ask you for the password and activate the devices to afterwards mount the file system contained in those encrypted devices. Systemd should be able to distinguish when an encrypted device is based on a network-based storage device and, thus, can only be initialized after the network is up. In some cases that detection failed (for example network block device based mounts, such as iSCSI and FCoE disks) and systemd got stuck before initializing the network waiting for the device to be available.

    Recently, SLE and openSUSE Leap has incorporated support for specifying the _netdev option in the /etc/crypttab file. With such option, systemd will recognize the encrypted device as network-based and will only try to activate it after setting up the network. That’s analogous to the corresponding _netdev option in /etc/fstab that has been already there for quite some time and that can be used to defer when a device is mounted. For it to work properly, the _netdev option must be present in all the relevant entries of both crypttab and fstab.

    And that’s exactly what YaST will do now in openSUSE Tumbleweed and upcoming releases of both SLE and openSUSE Leap. From now on, the _netdev option will be added fstab for all mount points depending (directly or indirectly) on the network. In addition, that option (and also the noauto and nofail ones) will be propagated from fstab to all the corresponding crypttab entries.

    This should mark the end of a dark age of encrypted iSCSI and FCoE devices timing out during boot.

    AutoYaST Support for Random and Pervasive Encryption

    Back in October, we announced that YaST got support for new encryption methods like random or pervasive encryption. At that time, AutoYaST was out of scope because we wanted to have a stable (and tested) API first. Fortunately, the time has come and now AutoYaST supports these encryption mechanisms.

    Starting in autoyast2 4.2.17, you can specify the encryption method using a crypt_method element, as shown in the example below. Possible values are luks1 (regular LUKS1 encryption), pervasive_luks2 (pervasive volume encryption), protected_swap (encryption with volatile protected key), secure_swap (encryption with volatile secure key) and random_swap (encryption with volatile random key).

        <drive>
         <type config:type="symbol">CT_DISK</type>
         <use>all</use>
         <partitions config:type="list">
          <partition>
           <size>20G</size>
           <mount>/</mount>
           <filesystem config:type="symbol">ext4</filesystem>
           <crypt_method config:type="symbol">luks1</crypt_method> <!-- default method if crypt_key is defined -->
           <crypt_key>S3CR3T</crypt_key>
          </partition>
          <partition>
           <size>1G</size>
           <mount>swap</mount>
           <crypt_method config:type="symbol">random_swap</crypt_method> <!-- set encryption method -->
          </partition>
         </partitions>
        </drive>

    As we want AutoYaST to be as user-friendly as possible, it will try to help you if you do some mistake setting the encryption configuration as when in the screenshot below.

    Finally, the old crypt_fs element is deprecated, although it stills works for backward-compatibility reasons. Basically, it is equivalent to setting crypt_method to luks1.

    Improve Support for AutoYaST Guided Partitioning

    When it comes to partitioning, we can categorize AutoYaST use cases into three different levels:

    • Automatic partitioning: the user does not care about the partitioning and trusts in AutoYaST to do the right thing.
    • Guided partitioning: the user would like to set some basic settings (use LVM, set an encryption password, etc.)
    • Expert partitioning: the user specifies how the layout should look, although a complete definition is not required.

    To some extent, it is like using the regular installer where you can skip the partitioning screen and trust in YaST, use the Guided Proposal, or define the partitioning layout through the Expert Partitioner.

    The second level (Guided partitioning) was introduced in AutoYaST with the release of SUSE Linux Enteprise 15 (and Leap 15.0) but it was not documented at all. Additionally, although it was working as designed at first sight, it was far from being that useful.

    This sprint with invested quite some time improving the documentation (kudos to our awesome documentation team) and the behaviour. Now, if you want to set up an LVM system without having the specify all the details, you can use the following snippet in your profile:

    <general>
      <storage>
        <lvm config:type="boolean">true</lvm>
      </storage>
    </general>

    If you are interested in the available options, you can check the documentation draft.

    ]]>
    Highlights of YaST Development Sprint 65 https://lizards.opensuse.org/2018/10/23/highlights-of-yast-development-sprint-65/ https://lizards.opensuse.org/2018/10/23/highlights-of-yast-development-sprint-65/#comments Tue, 23 Oct 2018 15:33:59 +0000 http://lizards.opensuse.org/?p=13451
  • Snapper: list indicates special snapshots; what is snapper anyway?
  • Bcache: configuring attributes
  • AutoYaST: whole disks; partitioned RAIDs; Xen virtual partitions; better merging
  • Booting: "warning, everything is fine!"
  • CaaSP/Kubic: proposing NTP servers according to DHCP response
  • Partitioner UI is a bit faster now
  • Snapper: Show Currently Mounted and Next to be Mounted Snapshot

    Btrfs has some special snapshots: The snapshot currently mounted, and the snapshot that will be mounted next time (unless a snapshot is selected in grub). Now snapper informs the user about these two special snapshot when listing snapshots by a special sign after the number:

    # snapper --iso list --disable-used-space
     # | Type   | Pre # | Date                | User | Cleanup | Description           | Userdata     
    ---+--------+-------+---------------------+------+---------+-----------------------+--------------
    0  | single |       |                     | root |         | current               |              
    1+ | single |       | 2018-10-18 10:33:50 | root |         | first root filesystem |              
    2  | single |       | 2018-10-18 10:43:45 | root | number  | after installation    | important=yes
    3- | pre    |       | 2018-10-18 11:03:11 | root |         | ruin system           |              
    4  | post   |     3 | 2018-10-18 11:03:11 | root |         | ruin system           |              

    For more details visit http://snapper.io/2018/10/18/show-special-snapshots.html.

    More Descriptive Name for Snapper Module in YaST Control Center

    Previously, the module was called just "Snapper", but users who don’t know that Snapper is could not make any sense of that. We changed it to "Filesystem Snapshots".

    Funny anecdote: One team member asked if Snapper really supports LVM when he read the subtitle "Manage Btrfs / LVM filesystem snapshots". Yes, it does! (It has been doing that for a long time). You don’t need Btrfs for snapshots; LVM can also do that, albeit a little differently than Btrfs.

    More Bcache Improvements

    As you can see in the previous blog post, we are currently working on adding support for Bcache into the YaST partitioner. This time we allow to configure the cache mode for a new bcache device. If you are not sure what a particular cache mode means, we provide also a quite extensive help text. Beside this configuration we also limit operations to prevent data loss or operations that can result in unreliable results. Here with a couple of screenshots:

    Using whole disks in AutoYaST

    On one hand, now it is possible to format and mount a whole disk without creating any partition. In order to do so, you only need to set the <disklabel> element to none and AutoYaST will understand that you do not want to partition the drive but to use the whole disk as a filesystem.

    <drive>
      <device>/dev/sdb</device>
      <disklabel>none</disklabel>
      <partitions config:type="list">
        <partition>
          <mount>/home</mount>
          <filesystem config:type="symbol">xfs</filesystem>
        </partition>
      </partitions>
    </drive>

    Given the definition above, AutoYaST will format the whole /dev/sdb disk mounting it at /home. But that is not all: it is even possible to use a whole disk as an LVM physical volume or as a software RAID member. The support for the first case was already present in previous AutoYaST versions, but it was not working correctly in SUSE Linux Enterprise 15 and openSUSE Leap 15.

    <drive>
      <device>/dev/sdb</device>
      <disklabel>none</disklabel>
      <partitions config:type="list">
        <partition>
          <lvm_group>system</lvm_group>
        </partition>
      </partitions>
    </drive>

    AutoYaST and partitioned software RAIDs

    AutoYaST is now able to create partitioned software RAIDs, something that was not possible in pre-storage-ng times. However, in order to support such a scenario, we needed to change the way in which software RAIDs are described in AutoYaST profiles, although the old format is still supported. So let’s have a look at how a RAID looks like now.

    Instead of grouping all RAIDs in a single and special <drive> section, now each RAID is defined in its own section:

    <drive>
      <device>/dev/md0</device>
      <raid_options>
        <raid_type>raid0</raid_type>
      </raid_options>
      <partitions config:type="list">
        <partition>
          <mount>/</mount>
          <filesystem config:type="symbol">btrfs</filesystem>
        </partition>
        <partition>
          <mount>/home</mount>
          <filesystem config:type="symbol">xfs</filesystem>
        </partition>
      </partitions>
    </drive>

    Of course, if you do not want the RAID to be partitioned, just set the <disklabel> element to none, as for any other device.

    Better Xen Virtual Partitions support

    Analogous to how software RAIDs were defined in AutoYaST until now, Xen virtual partitions with a similar name were grouped in the same <drive> section. It means the /dev/xvda1, /dev/xvda2, etc. were defined within the <drive> section for xvda, which does not exist at all.

    To make things clearer, we have decided to use a separate drive section for partition:

    <drive>
      <type config:type="symbol">CT_DISK</type>
      <device>/dev/xvdd1</device>
      <disklabel>none</disklabel> <!-- not really needed -->
      <use>all</use>
      <partitions config:type="list">
        <partition>
          <format config:type="boolean">true</format>
          <mount>/home</mount>
          <size>max</size>
        </partition>
      </partitions>
    </drive>

    AutoYaST Rules: Cleaning the profiles before being merged

    AutoYaST rules offer the possibility to configure a system depending on system attributes by merging multiple control files during installation. Check the Rules and Classes section for further documentation.

    The merging process is often confusing for people, and the sections in the merged XML files must be in alphabetical order for the merge to succeed.

    AutoYaST was cleaning the profiles after a merge, but if the resultant profile was merged with another profiles that profiles were not cleaned before the merge. That was confusing and error prone, so we have fixed it cleaning also them before the merge.

    Better explanation of the requirements to boot with GPT

    As our readers know, one of the main goals of yast-storage-ng was to offer a more reliable and precise diagnosis on what partitions need to be created in order to ensure that a new system being installed will be able to boot. If something doesn’t fit with such diagnosis, the installer shows a warning message.

    In the case of booting a system installed in a GPT device, using the legacy BIOS system (as opposed to EFI), that means SLE-15 and openSUSE Leap 15.0 will warn the user if there is no partition of type BIOS Boot. But there are two problems with that.

    • The warning messages from the Partitioner and, specially, from AutoYaST don’t do a great job in explaining what is wrong.
    • Some users have reported they have GPT systems booting fine in legacy mode without a BIOS Boot partition and, thus, our diagnosis in such cases may be wrong.

    We even had a comment in our source code reinforcing the second point!

    So we tried to fix our wrong diagnosis… just to end up realizing it was in fact right. After carefully evaluating all the possible setups, checking the different specifications, the Grub2 documentation and even checking the Grub2 source code, we found that layouts without a BIOS Boot partition could get broken (resulting in a non-bootable system) by some file-system level operations. So only the configurations including a BIOS Boot partition can be considered to be 100% safe, both in the short term and against future changes in the system.

    We simply cannot allow our users to fall into traps without, at least, a warning message. So we kept the behavior as it was and we focused on improving the messages. After all, advanced users knowing the risks can ignore such warnings. This is how the new warning look in the Partitioner of the upcoming SLE-15-SP1 (and, thus, in openSUSE Leap 15.1).

    And this is what AutoYaST will report if the profile doesn’t specify a BIOS Boot partition and it’s not possible to add one to the layout described by such profile.

    CaaSP / Kubic: Propose NTP servers according to DHCP response

    All-in-one dialog of CaaSP installer asks for NTP Servers. Up to now it searched for NTP servers using SLP only. Otherwise only manual configuration was possible.

    Since now CaaSP installer parses DHCP response and fetches NTP servers if any was provided. NTP Servers obtained from DHCP are preferred over those discovered via SLP.

    Partitioner UI is a bit faster now

    We noticed that clicking around the partitioner UI feels slow. So we used the built-in (Y2PROFILER=1) as well as an external (rbspy) profiler to pinpoint the places that need optimization (mostly caching). Can you see a difference in the following screencast?

    ]]>
    https://lizards.opensuse.org/2018/10/23/highlights-of-yast-development-sprint-65/feed/ 1