mirror of
https://github.com/xcat2/confluent.git
synced 2024-11-22 01:22:00 +00:00
Various ubuntu diskless fixes/improvements
Needed the real losetup to handle read-only file. busybox wc is way too slow, use ls instead. Explicitly make /sysroot and load xfs, as that doesn't happen implicitly. Accept a dangling symlink as viable init, since this is the case in Ubuntu. Update hostname and ca certificates consistent with ubuntu standards
This commit is contained in:
parent
82a783fa55
commit
6e4c939cd9
@ -26,7 +26,7 @@ if grep '^Format: confluent_crypted' /tmp/rootimg.info > /dev/null; then
|
||||
done
|
||||
cipher=$(head -n 1 /tmp/rootimg.key)
|
||||
key=$(tail -n 1 /tmp/rootimg.key)
|
||||
len=$(wc -c /mnt/remoteimg/rootimg.sfs | awk '{print $1}')
|
||||
len=$(ls -l /mnt/remoteimg/rootimg.sfs | awk '{print $3}')
|
||||
len=$(((len-4096)/512))
|
||||
dmsetup create cryptimg --table "0 $len crypt $cipher $key 0 $loopdev 8"
|
||||
/opt/confluent/bin/confluent_imginfo /dev/mapper/cryptimg > /tmp/rootimg.info
|
||||
@ -48,6 +48,8 @@ modprobe zram
|
||||
memtot=$(grep ^MemTotal: /proc/meminfo|awk '{print $2}')
|
||||
memtot=$((memtot/2))$(grep ^MemTotal: /proc/meminfo | awk '{print $3'})
|
||||
echo $memtot > /sys/block/zram0/disksize
|
||||
modprobe xfs
|
||||
mkdir /sysroot
|
||||
mkfs.xfs /dev/zram0 > /dev/null
|
||||
mount -o discard /dev/zram0 /mnt/overlay
|
||||
if [ ! -f /tmp/mountparts.sh ]; then
|
||||
@ -81,7 +83,7 @@ if [ ! -z "$autocons" ]; then
|
||||
mkdir -p /run/systemd/generator/getty.target.wants
|
||||
ln -s /usr/lib/systemd/system/serial-getty@.service /run/systemd/generator/getty.target.wants/serial-getty@${autocons}.service
|
||||
fi
|
||||
while [ ! -e /sysroot/sbin/init ]; do
|
||||
while [ ! -e /sysroot/sbin/init ] && [ ! -h /sysroot/sbin/init ]; do
|
||||
echo "Failed to access root filesystem or it is missing /sbin/init"
|
||||
echo "System should be accessible through ssh at port 2222 with the appropriate key"
|
||||
while [ ! -e /sysroot/sbin/init ]; do
|
||||
@ -113,10 +115,11 @@ echo ' EnableSSHKeysign yes' >> $sshconf
|
||||
echo ' HostbasedKeyTypes *ed25519*' >> $sshconf
|
||||
curl -sf -H "CONFLUENT_NODENAME: $confluent_nodename" -H "CONFLUENT_APIKEY: $(cat /etc/confluent/confluent.apikey)" https://$confluent_mgr/confluent-api/self/nodelist > /sysroot/etc/ssh/shosts.equiv
|
||||
cp /sysroot/etc/ssh/shosts.equiv /sysroot/root/.shosts
|
||||
chmod 640 /sysroot/etc/ssh/*_key
|
||||
chroot /sysroot chgrp ssh_keys /etc/ssh/*_key
|
||||
cp /tls/*.pem /sysroot/etc/pki/ca-trust/source/anchors/
|
||||
chroot /sysroot/ update-ca-trust
|
||||
echo $confluent_nodename > /sysroot/etc/hostname
|
||||
chmod 600 /sysroot/etc/ssh/*_key
|
||||
mkdir -p /sysroot/usr/share/ca-certificates/confluent/
|
||||
cp /tls/*.pem /sysroot/usr/share/ca-certificates/confluent/
|
||||
chroot /sysroot/ update-ca-certificates
|
||||
curl -sf https://$confluent_mgr/confluent-public/os/$confluent_profile/scripts/onboot.service > /sysroot/etc/systemd/system/onboot.service
|
||||
mkdir -p /sysroot/opt/confluent/bin
|
||||
curl -sf https://$confluent_mgr/confluent-public/os/$confluent_profile/scripts/onboot.sh > /sysroot/opt/confluent/bin/onboot.sh
|
||||
|
@ -34,8 +34,9 @@ copy_exec /usr/bin/ssh-keygen
|
||||
copy_exec /usr/sbin/sshd
|
||||
copy_exec /usr/sbin/mkfs.xfs
|
||||
copy_exec /usr/lib/x86_64-linux-gnu/libfuse.so.2
|
||||
copy_exec /usr/bin/mktemp
|
||||
copy_exec /usr/bin/dirname
|
||||
[ -e $DESTDIR/usr/sbin/losetup ] && rm $DESTDIR/usr/sbin/losetup
|
||||
copy_exec /usr/sbin/losetup
|
||||
copy_exec /usr/lib/x86_64-linux-gnu/libtss2-tcti-device.so.0
|
||||
manual_add_modules e1000 e1000e igb sfc mlx5_ib mlx5_core mlx4_en cxgb3 cxgb4
|
||||
manual_add_modules tg3 bnx2 bnx2x bna ixgb ixgbe qlge mptsas mpt2sas mpt3sas
|
||||
|
Loading…
Reference in New Issue
Block a user