ab6db0f11c
This makes the main container within the apt daemonset run as privileged, which is required to perform kernel upgrades through it. It was confirmed that even with all capabilities enabled, an unprivileged apt is unable to perform the necessary updates to the boot partition during a kernel upgrade. Change-Id: I4e996794f24fcfc9d8ced7a58cecd2ceec36f6c5 |
||
---|---|---|
divingbell | ||
doc | ||
tools | ||
.gitignore | ||
.gitreview | ||
.zuul.yaml | ||
LICENSE | ||
Makefile | ||
README.rst | ||
TODO | ||
Vagrantfile | ||
setup.cfg | ||
setup.py | ||
test-requirements.txt | ||
tox.ini |
README.rst
Divingbell
Introduction
Divingbell is a lightweight solution for:
1. Bare metal configuration management for a few very targeted use cases via the following modules:
- apparmor
- ethtool
- exec (run arbitrary scripts)
- system limits
- mounts
- permissions (perm)
- sysctl values
- basic user account management (uamlite)
- Bare metal package manager orchestration using apt module
What problems does it solve?
The needs identified for Divingbell were:
- To plug gaps in day 1 tools (e.g., Drydock) for node configuration
- To provide a day 2 solution for managing these configurations going forward
- [Future] To provide a day 2 solution for system level host patching
Documentation
Find more documentation for Divingbell on Read the Docs.