2021-06-14 14:33:35 -04:00
|
|
|
. /lib/dracut-lib.sh
|
|
|
|
mkdir -p /mnt/remoteimg /mnt/remote /mnt/overlay
|
2021-06-15 08:58:21 -04:00
|
|
|
if [ "untethered" = "$(getarg confluent_imagemethod)" ]; then
|
2021-06-14 14:33:35 -04:00
|
|
|
mount -t tmpfs untethered /mnt/remoteimg
|
2021-06-24 17:01:35 -04:00
|
|
|
curl https://$confluent_mgr/confluent-public/os/$confluent_profile/rootimg.sfs -o /mnt/remoteimg/rootimg.sfs
|
2021-06-14 14:33:35 -04:00
|
|
|
else
|
|
|
|
confluent_urls="$confluent_urls https://$confluent_mgr/confluent-public/os/$confluent_profile/rootimg.sfs"
|
|
|
|
/opt/confluent/bin/urlmount $confluent_urls /mnt/remoteimg
|
|
|
|
fi
|
2021-07-15 14:39:17 -04:00
|
|
|
/opt/confluent/bin/confluent_imginfo /mnt/remoteimg/rootimg.sfs > /tmp/rootimg.info
|
2021-07-23 16:49:02 -04:00
|
|
|
loopdev=$(losetup -f)
|
2021-07-23 19:06:14 -04:00
|
|
|
export mountsrc=$loopdev
|
2021-07-23 16:49:02 -04:00
|
|
|
losetup -r $loopdev /mnt/remoteimg/rootimg.sfs
|
|
|
|
if grep '^Format: confluent_crypted' /tmp/rootimg.info > /dev/null; then
|
2021-07-23 18:43:57 -04:00
|
|
|
curl -sf -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $(cat /etc/confluent/confluent.apikey)" https://$confluent_mgr/confluent-api/self/profileprivate/pending/rootimg.key > /tmp/rootimg.key
|
2021-07-23 16:49:02 -04:00
|
|
|
cipher=$(head -n 1 /tmp/rootimg.key)
|
2021-07-23 18:43:57 -04:00
|
|
|
key=$(tail -n 1 /tmp/rootimg.key)
|
|
|
|
len=$(wc -c /mnt/remoteimg/rootimg.sfs | awk '{print $1}')
|
|
|
|
len=$(((len-4096)/512))
|
2021-07-23 16:49:02 -04:00
|
|
|
dmsetup create cryptimg --table "0 $len crypt $cipher $key 0 $loopdev 8"
|
|
|
|
/opt/confluent/bin/confluent_imginfo /dev/mapper/cryptimg > /tmp/rootimg.info
|
2021-07-23 19:06:14 -04:00
|
|
|
mountsrc=/dev/mapper/cryptimg
|
2021-07-23 16:49:02 -04:00
|
|
|
fi
|
|
|
|
|
2021-07-15 14:39:17 -04:00
|
|
|
if grep '^Format: squashfs' /tmp/rootimg.info > /dev/null; then
|
2021-07-23 16:49:02 -04:00
|
|
|
mount -o ro $mountsrc /mnt/remote
|
2021-07-15 17:30:50 -04:00
|
|
|
elif grep '^Format: confluent_multisquash' /tmp/rootimg.info; then
|
2021-07-23 16:49:02 -04:00
|
|
|
tail -n +3 /tmp/rootimg.info | awk '{gsub("/", "_"); print "echo 0 " $4 " linear '$mountsrc' " $3 " | dmsetup create mproot" $7}' > /tmp/setupmount.sh
|
2021-07-15 14:39:17 -04:00
|
|
|
. /tmp/setupmount.sh
|
|
|
|
cat /tmp/setupmount.sh |awk '{printf "mount /dev/mapper/"$NF" "; sub("mproot", ""); gsub("_", "/"); print "/mnt/remote"$NF}' > /tmp/mountparts.sh
|
|
|
|
. /tmp/mountparts.sh
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
2021-06-14 14:33:35 -04:00
|
|
|
#mount -t tmpfs overlay /mnt/overlay
|
|
|
|
modprobe zram
|
|
|
|
memtot=$(grep ^MemTotal: /proc/meminfo|awk '{print $2}')
|
|
|
|
memtot=$((memtot/2))$(grep ^MemTotal: /proc/meminfo | awk '{print $3'})
|
|
|
|
echo $memtot > /sys/block/zram0/disksize
|
2021-06-15 08:58:21 -04:00
|
|
|
mkfs.xfs /dev/zram0 > /dev/null
|
2021-06-15 09:36:44 -04:00
|
|
|
mount -o discard /dev/zram0 /mnt/overlay
|
2021-07-16 10:39:11 -04:00
|
|
|
if [ ! -f /tmp/mountparts.sh ]; then
|
|
|
|
mkdir -p /mnt/overlay/upper /mnt/overlay/work
|
|
|
|
mount -t overlay -o upperdir=/mnt/overlay/upper,workdir=/mnt/overlay/work,lowerdir=/mnt/remote disklessroot /sysroot
|
|
|
|
else
|
|
|
|
for srcmount in $(cat /tmp/mountparts.sh | awk '{print $3}'); do
|
|
|
|
mkdir -p /mnt/overlay${srcmount}/upper /mnt/overlay${srcmount}/work
|
|
|
|
mount -t overlay -o upperdir=/mnt/overlay${srcmount}/upper,workdir=/mnt/overlay${srcmount}/work,lowerdir=${srcmount} disklesspart /sysroot${srcmount#/mnt/remote}
|
|
|
|
done
|
|
|
|
fi
|
2021-06-14 14:33:35 -04:00
|
|
|
mkdir -p /sysroot/etc/ssh
|
|
|
|
mkdir -p /sysroot/etc/confluent
|
|
|
|
mkdir -p /sysroot/root/.ssh
|
|
|
|
cp /root/.ssh/* /sysroot/root/.ssh
|
|
|
|
chmod 700 /sysroot/root/.ssh
|
|
|
|
cp /etc/confluent/* /sysroot/etc/confluent/
|
|
|
|
cp /etc/ssh/*key* /sysroot/etc/ssh/
|
|
|
|
for pubkey in /etc/ssh/ssh_host*key.pub; do
|
|
|
|
certfile=${pubkey/.pub/-cert.pub}
|
|
|
|
privfile=${pubkey%.pub}
|
|
|
|
if [ -s $certfile ]; then
|
|
|
|
echo HostCertificate $certfile >> /sysroot/etc/ssh/sshd_config
|
|
|
|
fi
|
|
|
|
echo HostKey $privfile >> /sysroot/etc/ssh/sshd_config
|
|
|
|
done
|
|
|
|
|
|
|
|
mkdir -p /sysroot/dev /sysroot/sys /sysroot/proc /sysroot/run
|
|
|
|
if [ ! -z "$autocons" ]; then
|
|
|
|
autocons=${autocons%,*}
|
|
|
|
mkdir -p /run/systemd/generator/getty.target.wants
|
|
|
|
ln -s /usr/lib/systemd/system/serial-getty@.service /run/systemd/generator/getty.target.wants/serial-getty@${autocons}.service
|
|
|
|
fi
|
|
|
|
while [ ! -e /sysroot/sbin/init ]; do
|
|
|
|
echo "Failed to access root filesystem or it is missing /sbin/init"
|
|
|
|
echo "System should be accessible through ssh at port 2222 with the appropriate key"
|
|
|
|
while [ ! -e /sysroot/sbin/init ]; do
|
|
|
|
sleep 1
|
|
|
|
done
|
|
|
|
done
|
|
|
|
rootpassword=$(grep ^rootpassword: /etc/confluent/confluent.deploycfg)
|
|
|
|
rootpassword=${rootpassword#rootpassword: }
|
|
|
|
if [ "$rootpassword" = "null" ]; then
|
|
|
|
rootpassword=""
|
|
|
|
fi
|
|
|
|
|
|
|
|
if [ ! -z "$rootpassword" ]; then
|
|
|
|
sed -i "s@root:[^:]*:@root:$rootpassword:@" /sysroot/etc/shadow
|
|
|
|
fi
|
|
|
|
for i in /ssh/*.ca; do
|
|
|
|
echo '@cert-authority *' $(cat $i) >> /sysroot/etc/ssh/ssh_known_hosts
|
|
|
|
done
|
|
|
|
echo HostbasedAuthentication yes >> /sysroot/etc/ssh/sshd_config
|
|
|
|
echo HostbasedUsesNameFromPacketOnly yes >> /sysroot/etc/ssh/sshd_config
|
|
|
|
echo IgnoreRhosts no >> /sysroot/etc/ssh/sshd_config
|
|
|
|
sshconf=/sysroot/etc/ssh/ssh_config
|
|
|
|
if [ -d /sysroot/etc/ssh/ssh_config.d/ ]; then
|
|
|
|
sshconf=/sysroot/etc/ssh/ssh_config.d/01-confluent.conf
|
|
|
|
fi
|
|
|
|
echo 'Host *' >> $sshconf
|
|
|
|
echo ' HostbasedAuthentication yes' >> $sshconf
|
|
|
|
echo ' EnableSSHKeysign yes' >> $sshconf
|
|
|
|
echo ' HostbasedKeyTypes *ed25519*' >> $sshconf
|
|
|
|
curl -sf -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $(cat /etc/confluent/confluent.apikey)" https://$confluent_mgr/confluent-api/self/nodelist > /sysroot/etc/ssh/shosts.equiv
|
|
|
|
cp /sysroot/etc/ssh/shosts.equiv /sysroot/root/.shosts
|
|
|
|
chmod 640 /sysroot/etc/ssh/*_key
|
|
|
|
chroot /sysroot chgrp ssh_keys /etc/ssh/*_key
|
2021-06-25 13:06:35 -04:00
|
|
|
cp /tls/*.pem /sysroot/etc/pki/ca-trust/source/anchors/
|
|
|
|
chroot /sysroot/ update-ca-trust
|
2021-06-14 14:33:35 -04:00
|
|
|
curl -sf https://$confluent_mgr/confluent-public/os/$confluent_profile/scripts/onboot.service > /sysroot/etc/systemd/system/onboot.service
|
|
|
|
mkdir -p /sysroot/opt/confluent/bin
|
|
|
|
curl -sf https://$confluent_mgr/confluent-public/os/$confluent_profile/scripts/onboot.sh > /sysroot/opt/confluent/bin/onboot.sh
|
|
|
|
chmod +x /sysroot/opt/confluent/bin/onboot.sh
|
2021-07-23 16:23:15 -04:00
|
|
|
cp /opt/confluent/bin/apiclient /sysroot/opt/confluent/bin
|
2021-06-14 14:33:35 -04:00
|
|
|
ln -s /etc/systemd/system/onboot.service /sysroot/etc/systemd/system/multi-user.target.wants/onboot.service
|
2021-06-15 08:38:27 -04:00
|
|
|
cp /etc/confluent/functions /sysroot/etc/confluent/functions
|
2021-07-21 11:15:42 -04:00
|
|
|
if grep installtodisk /proc/cmdline > /dev/null; then
|
|
|
|
. /etc/confluent/functions
|
|
|
|
run_remote installimage
|
|
|
|
exec reboot -f
|
|
|
|
fi
|
2021-06-14 14:33:35 -04:00
|
|
|
exec /opt/confluent/bin/start_root
|