Implement remote config for EL8

2024-11-22 09:32:21 +00:00 · 2021-03-18 14:12:19 -04:00 · 2021-03-18 14:12:19 -04:00 · 66efa1da5c
commit 66efa1da5c
parent df97e808c6
6 changed files with 109 additions and 10 deletions
--- a/confluent_osdeploy/common/opt/confluent/bin/apiclient
+++ b/confluent_osdeploy/common/opt/confluent/bin/apiclient
@ -100,6 +100,9 @@ class HTTPSClient(client.HTTPConnection, object):
        self.sock = ctx.wrap_socket(psock, server_hostname=host)

    def grab_url(self, url, data=None, returnrsp=False):
+        return self.grab_url_with_status(url, data, returnrsp)[1]
+
+    def grab_url_with_status(self, url, data=None, returnrsp=False):
        if data:
            method = 'POST'
        else:
@ -108,9 +111,9 @@ class HTTPSClient(client.HTTPConnection, object):
        rsp = self.getresponse()
        if rsp.status >= 200 and rsp.status < 300:
            if returnrsp:
-                return rsp
+                return rsp.status, rsp
            else:
-                return rsp.read()
+                return rsp.status, rsp.read()
        raise Exception(rsp.read())

 if __name__ == '__main__':
@ -121,8 +124,26 @@ if __name__ == '__main__':
    if len(sys.argv) == 1:
        HTTPSClient()
        sys.exit(0)
-    if sys.argv[-2] == '-o':
-        with open(sys.argv[3], 'wb') as outf:
+    try:
+        outbin = sys.argv.index('-o')
+        sys.argv.pop(outbin)
+        outbin = sys.argv.pop(outbin)
+    except ValueError:
+        outbin = None
+    try:
+        waitfor = sys.argv.index('-w')
+        sys.argv.pop(waitfor)
+        waitfor = int(sys.argv.pop(waitfor))
+    except ValueError:
+        waitfor = None
+    try:
+        data = sys.argv.index('-d')
+        sys.argv.pop(data)
+        data = sys.argv.pop(data)
+    except ValueError:
+        data = None
+    if outbin:
+        with open(outbin, 'wb') as outf:
            reader = HTTPSClient(json=json).grab_url(
                sys.argv[1], data, returnrsp=True)
            chunk = reader.read(16384)
@ -130,8 +151,13 @@ if __name__ == '__main__':
                outf.write(chunk)
                chunk = reader.read(16384)
        sys.exit(0)
-    elif len(sys.argv) > 2 and not os.path.exists(sys.argv[-1]):
-        data = sys.argv[-1]
-    if os.path.exists(sys.argv[-1]):
+    if len(sys.argv) > 2 and os.path.exists(sys.argv[-1]):
        data = open(sys.argv[-1]).read()
-    sys.stdout.write(HTTPSClient(json=json).grab_url(sys.argv[1], data).decode())
+    if waitfor:
+        client = HTTPSClient(json=json)
+        status = 201
+        while status != waitfor:
+            status, rsp = client.grab_url_with_status(sys.argv[1], data)
+            sys.stdout.write(rsp.decode())
+    else:
+        sys.stdout.write(HTTPSClient(json=json).grab_url(sys.argv[1], data).decode())
--- a/confluent_osdeploy/el8/profiles/default/ansible/firstboot.d/README.txt
+++ b/confluent_osdeploy/el8/profiles/default/ansible/firstboot.d/README.txt
@ -0,0 +1,25 @@
+Ansible playbooks ending in .yml or .yaml that are placed into this directory will be executed at the
+appropriate phase of the install process.
+
+The 'hosts' may be omitted, and if included will be ignored, replaced with the host that is specifically
+requesting the playbooks be executed.
+
+Also, the playbooks will be executed on the deployment server. Hence it may be slower in aggregate than
+running content under scripts/ which ask much less of the deployment server
+
+Here is an example of what a playbook would look like broadly:
+
+- name: Example
+  gather_facts: no
+  tasks:
+       - name: Example1
+         lineinfile:
+           path: /etc/hosts
+           line: 1.2.3.4 test1
+           create: yes
+       - name: Example2
+         lineinfile:
+           path: /etc/hosts
+           line: 1.2.3.5 test2
+           create: yes
+
--- a/confluent_osdeploy/el8/profiles/default/ansible/post.d/README.txt
+++ b/confluent_osdeploy/el8/profiles/default/ansible/post.d/README.txt
@ -0,0 +1,25 @@
+Ansible playbooks ending in .yml or .yaml that are placed into this directory will be executed at the
+appropriate phase of the install process.
+
+The 'hosts' may be omitted, and if included will be ignored, replaced with the host that is specifically
+requesting the playbooks be executed.
+
+Also, the playbooks will be executed on the deployment server. Hence it may be slower in aggregate than
+running content under scripts/ which ask much less of the deployment server
+
+Here is an example of what a playbook would look like broadly:
+
+- name: Example
+  gather_facts: no
+  tasks:
+       - name: Example1
+         lineinfile:
+           path: /etc/hosts
+           line: 1.2.3.4 test1
+           create: yes
+       - name: Example2
+         lineinfile:
+           path: /etc/hosts
+           line: 1.2.3.5 test2
+           create: yes
+
--- a/confluent_osdeploy/el8/profiles/default/scripts/firstboot.sh
+++ b/confluent_osdeploy/el8/profiles/default/scripts/firstboot.sh
@ -19,6 +19,9 @@ run_remote firstboot.custom
 run_remote_parts firstboot


+# Induce execution of remote configuration, e.g. ansible plays in ansible/firstboot.d/
+run_remote_config firstboot
+
 curl -X POST -d 'status: complete' -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $apikey" https://$mgr/confluent-api/self/updatestatus
 systemctl disable firstboot
 rm /etc/systemd/system/firstboot.service
--- a/confluent_osdeploy/el8/profiles/default/scripts/functions
+++ b/confluent_osdeploy/el8/profiles/default/scripts/functions
@ -73,3 +73,21 @@ run_remote_python() {
    cd - > /dev/null
    return $retcode
 }
+
+run_remote_config() {
+    echo
+    set_confluent_vars
+    apiclient=/opt/confluent/bin/apiclient
+    if [ -f /etc/confluent/apiclient ]; then
+        apiclient=/etc/confluent/apiclient
+    fi
+    echo '---------------------------------------------------------------------------'
+    echo Requesting to run remote configuration for "'$*'" from $mgr under profile $profile
+    /usr/libexec/platform-python $apiclient /confluent-api/self/remoteconfig/"$*" -d {}
+    /usr/libexec/platform-python $apiclient /confluent-api/self/remoteconfig/status -w 204
+    echo
+    echo 'Completed remote configuration
+    echo '---------------------------------------------------------------------------'
+    return
+}
+
--- a/confluent_osdeploy/el8/profiles/default/scripts/post.sh
+++ b/confluent_osdeploy/el8/profiles/default/scripts/post.sh
@ -8,8 +8,6 @@ chmod og-rwx /etc/confluent/*
 export mgr profile nodename
 . /etc/confluent/functions

-curl -X POST -d 'status: staged' -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $apikey" https://$mgr/confluent-api/self/updatestatus
-

 if [ -f /tmp/cryptboot ]; then
    run_remote tpm_luks.sh
@ -36,3 +34,7 @@ run_remote post.custom

 # Also, scripts may be placed into 'post.d', e.g. post.d/01-runfirst.sh, post.d/02-runsecond.sh
 run_remote_parts post
+
+# Induce execution of remote configuration, e.g. ansible plays in ansible/post.d/
+run_remote_config post
+curl -X POST -d 'status: staged' -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $apikey" https://$mgr/confluent-api/self/updatestatus