Updates to the coreos support

Bring in and let ignition do the driving if the import had one.
2025-02-27 07:41:13 +00:00 · 2021-05-20 17:33:22 -04:00 · 2021-05-20 17:33:22 -04:00 · 086def0bb8
commit 086def0bb8
parent 9ac4cf0641
4 changed files with 33 additions and 9 deletions
--- a/confluent_osdeploy/coreos/initramfs/opt/confluent/bin/initconfluent.sh
+++ b/confluent_osdeploy/coreos/initramfs/opt/confluent/bin/initconfluent.sh
@ -100,5 +100,7 @@ if [ -e /lib/nm-lib.sh ]; then
        fi
    fi
 fi
+cat /proc/cmdline /etc/cmdline.d/01-confluent.conf | tr '\n' ' ' > /run/fakecmdline
+mount -o bind /run/fakecmdline /proc/cmdline

 curl -sf https://$confluent_mgr/confluent-public/os/$confluent_profile/rootfs.img | rdcore stream-hash /etc/coreos-live-want-rootfs | bsdtar -xf - -C /
--- a/confluent_osdeploy/coreos/initramfs/usr/lib/dracut/hooks/pre-pivot/01-confluent.sh
+++ b/confluent_osdeploy/coreos/initramfs/usr/lib/dracut/hooks/pre-pivot/01-confluent.sh
@ -1,10 +1,28 @@
 #!/bin/sh
-rootpassword=$(grep ^rootpassword: /etc/confluent/confluent.deploycfg)
-rootpassword=${rootpassword#rootpassword: }
-if [ "$rootpassword" = "null" ]; then
-    rootpassword=""
-fi
+# if ignition configuration is driving, defer to it
+if [ ! -f /config.ign ]; then

-if [ ! -z "$rootpassword" ]; then
-    sed -i "s@root:[^:]*:@root:$rootpassword:@" /sysroot/etc/shadow
-fi
+    nodename=$(grep ^NODENAME: /etc/confluent/confluent.info | awk '{print $2}')
+    confluent_mgr=$(grep ^MANAGER: /etc/confluent/confluent.info| head -n 1| awk '{print $2}' | sed -e s/%/%25/)
+    if [[ $confluent_mgr = *:* ]]; then
+        confluent_mgr=[$confluent_mgr]
+    fi
+    rootpassword=$(grep ^rootpassword: /etc/confluent/confluent.deploycfg)
+    rootpassword=${rootpassword#rootpassword: }
+    if [ "$rootpassword" = "null" ]; then
+        rootpassword=""
+    fi
+
+    if [ ! -z "$rootpassword" ]; then
+        sed -i "s@root:[^:]*:@root:$rootpassword:@" /sysroot/etc/shadow
+    fi
+
+    mount -o bind /dev /sysroot/dev
+    chroot /sysroot ssh-keygen -A
+    umount /sysroot/dev
+    for i in  /sysroot/etc/ssh/ssh_host*key.pub; do
+        certname=${i/.pub/-cert.pub}
+        curl -f -X POST -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $(cat /etc/confluent/confluent.apikey)" -d @$i https://$confluent_mgr/confluent-api/self/sshcert > $certname
+        echo HostKey ${i%.pub} | sed -e 's!/sysroot!!' >> /sysroot/etc/ssh/sshd_config
+        echo HostCertificate $certname | sed -e 's!/sysroot!!' >> /sysroot/etc/ssh/sshd_config
+done
--- a/confluent_osdeploy/coreos/profiles/default/initprofile.sh
+++ b/confluent_osdeploy/coreos/profiles/default/initprofile.sh
@ -1,5 +1,6 @@
 #!/bin/sh
 ln -s $1/images/pxeboot/vmlinuz $2/boot/kernel && \
 ln -s $1/images/pxeboot/initrd.img $2/boot/initramfs/distribution && \
+ln -s $1/images/ignition.img $2/boot/initramfs/ignition.img && \
 mkdir -p $2/boot/efi/boot/ && \
 ln -s $1/images/pxeboot/rootfs.img $2/
--- a/confluent_osdeploy/coreos/profiles/default/profile.yaml
+++ b/confluent_osdeploy/coreos/profiles/default/profile.yaml
@ -1,2 +1,5 @@
 label: RedHat CoreOS %%VERSION%% %%ARCH%% (Default Profile)
-kernelargs: quiet
+kernelargs: quiet random.trust_cpu=on ignition.firstboot ignition.platform.id=metal
+#the above boots and will have ignition agent phone home and await instructions
+#kernelargs: quiet random.trust_cpu=on ignition.firstboot ignition.platform.id=metal  coreos.inst=yes coreos.inst.install_dev=sda 
+#the above runs the installer to write to disk