From 2bdc53722b76454e2bdca141d1dd832579ed1e9d Mon Sep 17 00:00:00 2001 From: Jarrod Johnson Date: Fri, 7 Apr 2023 15:45:31 -0400 Subject: [PATCH] Further advance ubuntu 18.04 support --- .../ubuntu18.04/profiles/default/preseed.cfg | 3 +- .../default/scripts/firstboot.service | 11 +++++ .../profiles/default/scripts/firstboot.sh | 20 +++++++++ .../profiles/default/scripts/post.sh | 26 ++++------- .../profiles/default/scripts/pre.sh | 44 +++++++++++++++++++ .../profiles/default/scripts/prechroot.sh | 4 ++ 6 files changed, 89 insertions(+), 19 deletions(-) create mode 100644 confluent_osdeploy/ubuntu18.04/profiles/default/scripts/firstboot.service create mode 100755 confluent_osdeploy/ubuntu18.04/profiles/default/scripts/firstboot.sh diff --git a/confluent_osdeploy/ubuntu18.04/profiles/default/preseed.cfg b/confluent_osdeploy/ubuntu18.04/profiles/default/preseed.cfg index 5454c1eb..a66669ae 100644 --- a/confluent_osdeploy/ubuntu18.04/profiles/default/preseed.cfg +++ b/confluent_osdeploy/ubuntu18.04/profiles/default/preseed.cfg @@ -20,5 +20,4 @@ tasksel tasksel/first multiselect standard d-i pkgsel/include string openssh-server curl d-i pkgsel/update-policy select none d-i pkgsel/updatedb boolean false - - +d-i finish-install/reboot_in_progress note diff --git a/confluent_osdeploy/ubuntu18.04/profiles/default/scripts/firstboot.service b/confluent_osdeploy/ubuntu18.04/profiles/default/scripts/firstboot.service new file mode 100644 index 00000000..209a95e6 --- /dev/null +++ b/confluent_osdeploy/ubuntu18.04/profiles/default/scripts/firstboot.service @@ -0,0 +1,11 @@ +[Unit] +Description=First Boot Process +Requires=network-online.target +After=network-online.target + +[Service] +ExecStart=/opt/confluent/bin/firstboot.sh + +[Install] +WantedBy=multi-user.target + diff --git a/confluent_osdeploy/ubuntu18.04/profiles/default/scripts/firstboot.sh b/confluent_osdeploy/ubuntu18.04/profiles/default/scripts/firstboot.sh new file mode 100755 index 00000000..89b4e90a --- /dev/null +++ b/confluent_osdeploy/ubuntu18.04/profiles/default/scripts/firstboot.sh @@ -0,0 +1,20 @@ +#!/bin/bash +echo "Confluent first boot is running" +#cp -a /etc/confluent/ssh/* /etc/ssh/ +#systemctl restart sshd +rootpw=$(grep ^rootpassword: /etc/confluent/confluent.deploycfg |awk '{print $2}') +if [ ! -z "$rootpw" -a "$rootpw" != "null" ]; then + echo root:$rootpw | chpasswd -e +fi +nodename=$(grep ^NODENAME: /etc/confluent/confluent.info | awk '{print $2}') +confluent_apikey=$(cat /etc/confluent/confluent.apikey) +confluent_mgr=$(grep ^deploy_server: /etc/confluent/confluent.deploycfg |awk '{print $2}') +while ! ping -c 1 $confluent_mgr >& /dev/null; do + sleep 1 +done +source /etc/confluent/functions + +run_remote_parts firstboot.d +run_remote_config firstboot.d +systemctl disable firstboot +curl -f -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $confluent_apikey" -X POST -d "status: complete" https://$confluent_mgr/confluent-api/self/updatestatus diff --git a/confluent_osdeploy/ubuntu18.04/profiles/default/scripts/post.sh b/confluent_osdeploy/ubuntu18.04/profiles/default/scripts/post.sh index 5c3b032e..f30d980f 100755 --- a/confluent_osdeploy/ubuntu18.04/profiles/default/scripts/post.sh +++ b/confluent_osdeploy/ubuntu18.04/profiles/default/scripts/post.sh @@ -1,23 +1,10 @@ #!/bin/bash -mkdir /run/sshd -mkdir /root/.ssh +mkdir -p /run/sshd +mkdir -p /root/.ssh cat /tmp/ssh/*pubkey >> /root/.ssh/authorized_keys cat /tmp/ssh/*.ca | sed -e s/^/'@cert-authority * '/ >> /etc/ssh/ssh_known_hosts chmod 700 /etc/confluent chmod go-rwx /etc/confluent/* -for pubkey in /etc/ssh/ssh_host*key.pub; do - certfile=${pubkey/.pub/-cert.pub} - privfile=${pubkey%.pub} - python3 /opt/confluent/bin/apiclient /confluent-api/self/sshcert $pubkey > $certfile - if [ -s $certfile ]; then - if ! grep $certfile /etc/ssh/sshd_config; then - echo HostCertificate $certfile >> /etc/ssh/sshd_config - fi - fi - if ! grep $privfile /etc/ssh/sshd_config > /dev/null; then - echo HostKey $privfile >> /etc/ssh/sshd_config - fi -done sshconf=/etc/ssh/ssh_config if [ -d /etc/ssh/ssh_config.d/ ]; then sshconf=/etc/ssh/ssh_config.d/01-confluent.conf @@ -26,10 +13,14 @@ echo 'Host *' >> $sshconf echo ' HostbasedAuthentication yes' >> $sshconf echo ' EnableSSHKeysign yes' >> $sshconf echo ' HostbasedKeyTypes *ed25519*' >> $sshconf +/usr/sbin/sshd confluent_profile=$(grep ^profile: /etc/confluent/confluent.deploycfg | awk '{print $2}') -python3 /opt/confluent/bin/apiclient /confluent-public/os/$confluent_profile/scripts/firstboot.sh > /etc/confluent/firstboot.sh +mkdir -p /opt/confluent/bin +python3 /opt/confluent/bin/apiclient /confluent-public/os/$confluent_profile/scripts/firstboot.sh > /opt/confluent/bin/firstboot.sh +chmod +x /opt/confluent/bin/firstboot.sh +python3 /opt/confluent/bin/apiclient /confluent-public/os/$confluent_profile/scripts/firstboot.service > /etc/systemd/system/firstboot.service +systemctl enable firstboot python3 /opt/confluent/bin/apiclient /confluent-public/os/$confluent_profile/scripts/functions > /etc/confluent/functions -chmod +x /etc/confluent/firstboot.sh source /etc/confluent/functions python3 /opt/confluent/bin/apiclient /confluent-api/self/nodelist | sed -e s/'^- //' > /tmp/allnodes cp /tmp/allnodes /root/.shosts @@ -72,4 +63,5 @@ run_remote_python syncfileclient run_remote_parts post.d run_remote_config post +python3 /opt/confluent/bin/apiclient /confluent-api/self/updatestatus -d 'status: staged' diff --git a/confluent_osdeploy/ubuntu18.04/profiles/default/scripts/pre.sh b/confluent_osdeploy/ubuntu18.04/profiles/default/scripts/pre.sh index be179c27..de2cf5e2 100755 --- a/confluent_osdeploy/ubuntu18.04/profiles/default/scripts/pre.sh +++ b/confluent_osdeploy/ubuntu18.04/profiles/default/scripts/pre.sh @@ -31,6 +31,50 @@ for pubkey in /etc/ssh/ssh_host*key.pub; do echo HostKey $keyfile >> /etc/ssh/sshd_config echo HostCertificate $certfile >> /etc/ssh/sshd_config done +if [ -e /tmp/installdisk ]; then + instdisk=$(cat /tmp/installdisk) +else + for blockdev in $(ls /sys/class/block/); do + shortname=$(basename $blockdev) + if [ "$shortname" != "${shortname%loop*}" ]; then + continue + fi + udevadm info --query=property /dev/$shortname |grep DEVTYPE=disk > /dev/null || continue # ignore partitions + udevadm info --query=property /dev/$shortname |grep DM_NAME > /dev/null && continue # not a real disk + sz=$(cat /sys/block/$shortname/size 2> /dev/null) + [ -z "$sz" ] && continue + [ $sz -lt 1048576 ] && continue # Too small + [ -z "$firstdisk" ] && firstdisk=$shortname + if udevadm info --query=property /dev/$shortname|grep ID_MODEL=| sed -e s/' '/_/g | grep -iE '(thinksystem_m.2|m.2_nvme_2-bay_raid_kit)' > /dev/null; then + instdisk=$shortname + break + fi + if udevadm info --query=property /dev/$shortname|grep MD_CONTAINER=imsm; then + sraid=$sortname + else + drv=$(udevadm info -a /dev/sdb|grep DRIVERS==|grep -Ev '""|"sd"' | sed -e s/.*=// -e s/'"'//g) + if [ "ahci" = "$drv" -a -z "$onbdisk" ]; then + onbdisk=$shortname + elif [ "megaraid" = "$drv" -a -z "$rdisk" ]; then + rdisk=$shortname + fi + fi + done +fi +if [ -z "$instdisk" ]; then + if [ ! -z "$sraid"]; then + instdisk=$sraid + elif [ ! -z "$onbdisk" ]; then + instdisk=$onbdisk + elif [ ! -z "$rdisk" ]; then + instdisk=$rdisk + else + instdisk=$firstdisk + fi +fi +if [ ! -z "$instdisk" ]; then + debconf-set partman-auto/disk /dev/$instdisk +fi echo HostbasedAuthentication yes >> /etc/ssh/sshd_config echo HostbasedUsesNameFromPacketOnly yes >> /etc/ssh/sshd_config echo IgnoreRhosts no >> /etc/ssh/sshd_config diff --git a/confluent_osdeploy/ubuntu18.04/profiles/default/scripts/prechroot.sh b/confluent_osdeploy/ubuntu18.04/profiles/default/scripts/prechroot.sh index 3f5f508b..4c244cb9 100644 --- a/confluent_osdeploy/ubuntu18.04/profiles/default/scripts/prechroot.sh +++ b/confluent_osdeploy/ubuntu18.04/profiles/default/scripts/prechroot.sh @@ -10,4 +10,8 @@ cp -a /opt/confluent /target/opt/confluent mv /tmp/post.sh /target/tmp/ cp -a /ssh /tls /target/tmp cat /tls/*.pem >> /target/etc/confluent/ca.pem +cp -a /etc/ssh/ssh_host_* /target/etc/ssh/ +grep HostCertificate /etc/ssh/sshd_config >> /target/etc/ssh/sshd_config +echo Port 2222 >> /etc/ssh/sshd_config +kill -HUP $(ps |grep -v grep|grep sshd|grep /usr|sed -e s/' root.*//') chroot /target bash /tmp/post.sh