From 6e4c939cd99d36f96e69699f58ac4a43dd188da8 Mon Sep 17 00:00:00 2001 From: Jarrod Johnson Date: Fri, 19 Nov 2021 11:00:50 -0500 Subject: [PATCH] Various ubuntu diskless fixes/improvements Needed the real losetup to handle read-only file. busybox wc is way too slow, use ls instead. Explicitly make /sysroot and load xfs, as that doesn't happen implicitly. Accept a dangling symlink as viable init, since this is the case in Ubuntu. Update hostname and ca certificates consistent with ubuntu standards --- .../profiles/default/scripts/imageboot.sh | 15 +++++++++------ imgutil/ubuntu/initramfs-tools/hooks/confluent | 3 ++- 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/confluent_osdeploy/ubuntu20.04-diskless/profiles/default/scripts/imageboot.sh b/confluent_osdeploy/ubuntu20.04-diskless/profiles/default/scripts/imageboot.sh index 35119ded..cfbfa565 100644 --- a/confluent_osdeploy/ubuntu20.04-diskless/profiles/default/scripts/imageboot.sh +++ b/confluent_osdeploy/ubuntu20.04-diskless/profiles/default/scripts/imageboot.sh @@ -26,7 +26,7 @@ if grep '^Format: confluent_crypted' /tmp/rootimg.info > /dev/null; then done cipher=$(head -n 1 /tmp/rootimg.key) key=$(tail -n 1 /tmp/rootimg.key) - len=$(wc -c /mnt/remoteimg/rootimg.sfs | awk '{print $1}') + len=$(ls -l /mnt/remoteimg/rootimg.sfs | awk '{print $3}') len=$(((len-4096)/512)) dmsetup create cryptimg --table "0 $len crypt $cipher $key 0 $loopdev 8" /opt/confluent/bin/confluent_imginfo /dev/mapper/cryptimg > /tmp/rootimg.info @@ -48,6 +48,8 @@ modprobe zram memtot=$(grep ^MemTotal: /proc/meminfo|awk '{print $2}') memtot=$((memtot/2))$(grep ^MemTotal: /proc/meminfo | awk '{print $3'}) echo $memtot > /sys/block/zram0/disksize +modprobe xfs +mkdir /sysroot mkfs.xfs /dev/zram0 > /dev/null mount -o discard /dev/zram0 /mnt/overlay if [ ! -f /tmp/mountparts.sh ]; then @@ -81,7 +83,7 @@ if [ ! -z "$autocons" ]; then mkdir -p /run/systemd/generator/getty.target.wants ln -s /usr/lib/systemd/system/serial-getty@.service /run/systemd/generator/getty.target.wants/serial-getty@${autocons}.service fi -while [ ! -e /sysroot/sbin/init ]; do +while [ ! -e /sysroot/sbin/init ] && [ ! -h /sysroot/sbin/init ]; do echo "Failed to access root filesystem or it is missing /sbin/init" echo "System should be accessible through ssh at port 2222 with the appropriate key" while [ ! -e /sysroot/sbin/init ]; do @@ -113,10 +115,11 @@ echo ' EnableSSHKeysign yes' >> $sshconf echo ' HostbasedKeyTypes *ed25519*' >> $sshconf curl -sf -H "CONFLUENT_NODENAME: $confluent_nodename" -H "CONFLUENT_APIKEY: $(cat /etc/confluent/confluent.apikey)" https://$confluent_mgr/confluent-api/self/nodelist > /sysroot/etc/ssh/shosts.equiv cp /sysroot/etc/ssh/shosts.equiv /sysroot/root/.shosts -chmod 640 /sysroot/etc/ssh/*_key -chroot /sysroot chgrp ssh_keys /etc/ssh/*_key -cp /tls/*.pem /sysroot/etc/pki/ca-trust/source/anchors/ -chroot /sysroot/ update-ca-trust +echo $confluent_nodename > /sysroot/etc/hostname +chmod 600 /sysroot/etc/ssh/*_key +mkdir -p /sysroot/usr/share/ca-certificates/confluent/ +cp /tls/*.pem /sysroot/usr/share/ca-certificates/confluent/ +chroot /sysroot/ update-ca-certificates curl -sf https://$confluent_mgr/confluent-public/os/$confluent_profile/scripts/onboot.service > /sysroot/etc/systemd/system/onboot.service mkdir -p /sysroot/opt/confluent/bin curl -sf https://$confluent_mgr/confluent-public/os/$confluent_profile/scripts/onboot.sh > /sysroot/opt/confluent/bin/onboot.sh diff --git a/imgutil/ubuntu/initramfs-tools/hooks/confluent b/imgutil/ubuntu/initramfs-tools/hooks/confluent index 6b9076f8..3bacf09f 100644 --- a/imgutil/ubuntu/initramfs-tools/hooks/confluent +++ b/imgutil/ubuntu/initramfs-tools/hooks/confluent @@ -34,8 +34,9 @@ copy_exec /usr/bin/ssh-keygen copy_exec /usr/sbin/sshd copy_exec /usr/sbin/mkfs.xfs copy_exec /usr/lib/x86_64-linux-gnu/libfuse.so.2 -copy_exec /usr/bin/mktemp copy_exec /usr/bin/dirname +[ -e $DESTDIR/usr/sbin/losetup ] && rm $DESTDIR/usr/sbin/losetup +copy_exec /usr/sbin/losetup copy_exec /usr/lib/x86_64-linux-gnu/libtss2-tcti-device.so.0 manual_add_modules e1000 e1000e igb sfc mlx5_ib mlx5_core mlx4_en cxgb3 cxgb4 manual_add_modules tg3 bnx2 bnx2x bna ixgb ixgbe qlge mptsas mpt2sas mpt3sas