diff --git a/confluent_osdeploy/coreos/initramfs/opt/confluent/bin/initconfluent.sh b/confluent_osdeploy/coreos/initramfs/opt/confluent/bin/initconfluent.sh index d22c38ba..8ffeb722 100644 --- a/confluent_osdeploy/coreos/initramfs/opt/confluent/bin/initconfluent.sh +++ b/confluent_osdeploy/coreos/initramfs/opt/confluent/bin/initconfluent.sh @@ -100,5 +100,7 @@ if [ -e /lib/nm-lib.sh ]; then fi fi fi +cat /proc/cmdline /etc/cmdline.d/01-confluent.conf | tr '\n' ' ' > /run/fakecmdline +mount -o bind /run/fakecmdline /proc/cmdline curl -sf https://$confluent_mgr/confluent-public/os/$confluent_profile/rootfs.img | rdcore stream-hash /etc/coreos-live-want-rootfs | bsdtar -xf - -C / diff --git a/confluent_osdeploy/coreos/initramfs/usr/lib/dracut/hooks/pre-pivot/01-confluent.sh b/confluent_osdeploy/coreos/initramfs/usr/lib/dracut/hooks/pre-pivot/01-confluent.sh index 855efc8c..e92f77e2 100644 --- a/confluent_osdeploy/coreos/initramfs/usr/lib/dracut/hooks/pre-pivot/01-confluent.sh +++ b/confluent_osdeploy/coreos/initramfs/usr/lib/dracut/hooks/pre-pivot/01-confluent.sh @@ -1,10 +1,28 @@ #!/bin/sh -rootpassword=$(grep ^rootpassword: /etc/confluent/confluent.deploycfg) -rootpassword=${rootpassword#rootpassword: } -if [ "$rootpassword" = "null" ]; then - rootpassword="" -fi +# if ignition configuration is driving, defer to it +if [ ! -f /config.ign ]; then -if [ ! -z "$rootpassword" ]; then - sed -i "s@root:[^:]*:@root:$rootpassword:@" /sysroot/etc/shadow -fi + nodename=$(grep ^NODENAME: /etc/confluent/confluent.info | awk '{print $2}') + confluent_mgr=$(grep ^MANAGER: /etc/confluent/confluent.info| head -n 1| awk '{print $2}' | sed -e s/%/%25/) + if [[ $confluent_mgr = *:* ]]; then + confluent_mgr=[$confluent_mgr] + fi + rootpassword=$(grep ^rootpassword: /etc/confluent/confluent.deploycfg) + rootpassword=${rootpassword#rootpassword: } + if [ "$rootpassword" = "null" ]; then + rootpassword="" + fi + + if [ ! -z "$rootpassword" ]; then + sed -i "s@root:[^:]*:@root:$rootpassword:@" /sysroot/etc/shadow + fi + + mount -o bind /dev /sysroot/dev + chroot /sysroot ssh-keygen -A + umount /sysroot/dev + for i in /sysroot/etc/ssh/ssh_host*key.pub; do + certname=${i/.pub/-cert.pub} + curl -f -X POST -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $(cat /etc/confluent/confluent.apikey)" -d @$i https://$confluent_mgr/confluent-api/self/sshcert > $certname + echo HostKey ${i%.pub} | sed -e 's!/sysroot!!' >> /sysroot/etc/ssh/sshd_config + echo HostCertificate $certname | sed -e 's!/sysroot!!' >> /sysroot/etc/ssh/sshd_config +done diff --git a/confluent_osdeploy/coreos/profiles/default/initprofile.sh b/confluent_osdeploy/coreos/profiles/default/initprofile.sh index d48efa79..accf9215 100644 --- a/confluent_osdeploy/coreos/profiles/default/initprofile.sh +++ b/confluent_osdeploy/coreos/profiles/default/initprofile.sh @@ -1,5 +1,6 @@ #!/bin/sh ln -s $1/images/pxeboot/vmlinuz $2/boot/kernel && \ ln -s $1/images/pxeboot/initrd.img $2/boot/initramfs/distribution && \ +ln -s $1/images/ignition.img $2/boot/initramfs/ignition.img && \ mkdir -p $2/boot/efi/boot/ && \ ln -s $1/images/pxeboot/rootfs.img $2/ diff --git a/confluent_osdeploy/coreos/profiles/default/profile.yaml b/confluent_osdeploy/coreos/profiles/default/profile.yaml index caa81bef..839f33a9 100644 --- a/confluent_osdeploy/coreos/profiles/default/profile.yaml +++ b/confluent_osdeploy/coreos/profiles/default/profile.yaml @@ -1,2 +1,5 @@ label: RedHat CoreOS %%VERSION%% %%ARCH%% (Default Profile) -kernelargs: quiet +kernelargs: quiet random.trust_cpu=on ignition.firstboot ignition.platform.id=metal +#the above boots and will have ignition agent phone home and await instructions +#kernelargs: quiet random.trust_cpu=on ignition.firstboot ignition.platform.id=metal coreos.inst=yes coreos.inst.install_dev=sda +#the above runs the installer to write to disk \ No newline at end of file