Rework ubuntu profile to break scripts into profile

This makes the pre/post/firstboot scripts more accessible and consistent with the other distributions.
2025-03-16 00:17:47 +00:00 · 2020-05-19 12:22:46 -04:00 · 2020-05-19 12:22:46 -04:00 · 9093a6e80a
commit 9093a6e80a
parent 66f0e8225e
6 changed files with 55 additions and 40 deletions
--- a/confluent_osdeploy/ubuntu20.04/initramfs/custom-installation/hooks/casper-bottom.sh
+++ b/confluent_osdeploy/ubuntu20.04/initramfs/custom-installation/hooks/casper-bottom.sh
@ -1,7 +1,9 @@
 cd /root
 cat /tls/*.0 > /root/etc/ssl/certs/ca-certificates.crt
 mkdir -p /root/custom-installation/ssh
+mkdir -p /root/custom-installation/tls
 cp /ssh/* /root/custom-installation/ssh
+cp /tls/* /root/custom-installation/tls
 NODENAME=$(grep ^NODENAME: /custom-installation/confluent/confluent.info|awk '{print $2}')
 MGR=$(grep ^MANAGER: /custom-installation/confluent/confluent.info|head -n 1| awk '{print $2}')
 oum=$(umask)
@ -43,7 +45,7 @@ if [ -f /custom-installation/autocons.info ]; then
    cons=$(cat /custom-installation/autocons.info)
 fi
 if [ ! -z "$cons" ]; then
-    echo "Installation will proceed on graphics console, autoconsole not supported for Ubuntu" > ${cons%,*}
+    echo "Installation will proceed on graphics console, autoconsole not supported during autoinstall phase" > ${cons%,*}
    #fcmdline="$fcmdline console=${cons#/dev/}"
 fi
 echo $fcmdline > /custom-installation/confluent/fakecmdline
--- a/confluent_osdeploy/ubuntu20.04/initramfs/custom-installation/post.sh
+++ b/confluent_osdeploy/ubuntu20.04/initramfs/custom-installation/post.sh
@ -1,21 +1,6 @@
-cp -a /root/.ssh /target/root/
-mkdir -p /target/etc/confluent/ssh/sshd_config.d/
-cp /custom-installation/confluent/* /target/etc/confluent/
-for i in /custom-installation/ssh/*.ca; do
-    echo '@cert-authority *' $(cat $i) >> /target/etc/ssh/ssh_known_hosts
-done
-
-cp -a /etc/ssh/ssh_host* /target/etc/confluent/ssh/
-cp -a /etc/ssh/sshd_config.d/confluent.conf /target/etc/confluent/ssh/sshd_config.d/
-sshconf=/target/etc/ssh/ssh_config
-if [ -d /target/etc/ssh/ssh_config.d/ ]; then
-    sshconf=/target/etc/ssh/ssh_config.d/01-confluent.conf
-fi
-echo 'Host *' >> $sshconf
-echo '    HostbasedAuthentication yes' >> $sshconf
-echo '    EnableSSHKeysign yes' >> $sshconf
-echo '    HostbasedKeyTypes *ed25519*' >> $sshconf
-
-cp /custom-installation/firstboot.sh /target/etc/confluent/firstboot.sh
-cp /tmp/allnodes /target/root/.shosts
-cp /tmp/allnodes /target/etc/ssh/shosts.equiv
+#!/bin/bash
+deploycfg=/custom-installation/confluent/confluent.deploycfg
+mgr=$(grep ^deploy_server $deploycfg|awk '{print $2}')
+profile=$(grep ^profile: $deploycfg|awk '{print $2}')
+curl -f https://$mgr/confluent-public/os/$profile/scripts/post.sh > /tmp/post.sh
+. /tmp/post.sh
--- a/confluent_osdeploy/ubuntu20.04/initramfs/custom-installation/pre.sh
+++ b/confluent_osdeploy/ubuntu20.04/initramfs/custom-installation/pre.sh
@ -1,21 +1,6 @@
 #!/bin/bash
 deploycfg=/custom-installation/confluent/confluent.deploycfg
 mgr=$(grep ^deploy_server $deploycfg|awk '{print $2}')
-cat /custom-installation/ssh/*.rootpubkey > /root/.ssh/authorized_keys
-nodename=$(grep ^NODENAME: /custom-installation/confluent/confluent.info|awk '{print $2}')
-apikey=$(cat /custom-installation/confluent/confluent.apikey)
-for pubkey in /etc/ssh/ssh_host*key.pub; do
-    certfile=${pubkey/.pub/-cert.pub}
-    keyfile=${pubkey%.pub}
-    curl -f -X POST -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $apikey" -d @$pubkey https://$mgr/confluent-api/self/sshcert > $certfile
-    echo HostKey $keyfile >> /etc/ssh/sshd_config.d/confluent.conf
-    echo HostCertificate $certfile >> /etc/ssh/sshd_config.d/confluent.conf
-done
-echo HostbasedAuthentication yes >> /etc/ssh/sshd_config.d/confluent.conf
-echo HostbasedUsesNameFromPacketOnly yes >> /etc/ssh/sshd_config.d/confluent.conf
-echo IgnoreRhosts no >> /etc/ssh/sshd_config.d/confluent.conf
-systemctl restart sshd
-curl -f X POST -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $apikey" https://$mgr/confluent-api/self/nodelist > /tmp/allnodes
-curl https://$mgr/confluent-public/confluent/util/getinstalldisk > /custom-installation/getinstalldisk
-python3 /custom-installation/getinstalldisk
-sed -i s!%%INSTALLDISK%%!/dev/$(cat /tmp/installdisk)! /autoinstall.yaml
+profile=$(grep ^profile: $deploycfg|awk '{print $2}')
+curl -f https://$mgr/confluent-public/os/$profile/scripts/pre.sh > /tmp/pre.sh
+. /tmp/pre.sh
--- a/confluent_osdeploy/ubuntu20.04/initramfs/custom-installation/firstboot.sh
+++ b/confluent_osdeploy/ubuntu20.04/initramfs/custom-installation/firstboot.sh
--- a/confluent_osdeploy/ubuntu20.04/profiles/default/scripts/post.sh
+++ b/confluent_osdeploy/ubuntu20.04/profiles/default/scripts/post.sh
@ -0,0 +1,24 @@
+#!/bin/bash
+cp -a /root/.ssh /target/root/
+mkdir -p /target/etc/confluent/ssh/sshd_config.d/
+cp /custom-installation/confluent/* /target/etc/confluent/
+for i in /custom-installation/ssh/*.ca; do
+    echo '@cert-authority *' $(cat $i) >> /target/etc/ssh/ssh_known_hosts
+done
+
+cp -a /etc/ssh/ssh_host* /target/etc/confluent/ssh/
+cp -a /etc/ssh/sshd_config.d/confluent.conf /target/etc/confluent/ssh/sshd_config.d/
+sshconf=/target/etc/ssh/ssh_config
+if [ -d /target/etc/ssh/ssh_config.d/ ]; then
+    sshconf=/target/etc/ssh/ssh_config.d/01-confluent.conf
+fi
+echo 'Host *' >> $sshconf
+echo '    HostbasedAuthentication yes' >> $sshconf
+echo '    EnableSSHKeysign yes' >> $sshconf
+echo '    HostbasedKeyTypes *ed25519*' >> $sshconf
+
+curl -f https://$mgr/confluent-public/os/$profile/scripts/firstboot.sh > /target/etc/confluent/firstboot.sh
+chmod +x /target/etc/confluent/firstboot.sh
+cp /tmp/allnodes /target/root/.shosts
+cp /tmp/allnodes /target/etc/ssh/shosts.equiv
+
--- a/confluent_osdeploy/ubuntu20.04/profiles/default/scripts/pre.sh
+++ b/confluent_osdeploy/ubuntu20.04/profiles/default/scripts/pre.sh
@ -0,0 +1,19 @@
+#!/bin/bash
+cat /custom-installation/ssh/*.rootpubkey > /root/.ssh/authorized_keys
+nodename=$(grep ^NODENAME: /custom-installation/confluent/confluent.info|awk '{print $2}')
+apikey=$(cat /custom-installation/confluent/confluent.apikey)
+for pubkey in /etc/ssh/ssh_host*key.pub; do
+    certfile=${pubkey/.pub/-cert.pub}
+    keyfile=${pubkey%.pub}
+    curl -f -X POST -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $apikey" -d @$pubkey https://$mgr/confluent-api/self/sshcert > $certfile
+    echo HostKey $keyfile >> /etc/ssh/sshd_config.d/confluent.conf
+    echo HostCertificate $certfile >> /etc/ssh/sshd_config.d/confluent.conf
+done
+echo HostbasedAuthentication yes >> /etc/ssh/sshd_config.d/confluent.conf
+echo HostbasedUsesNameFromPacketOnly yes >> /etc/ssh/sshd_config.d/confluent.conf
+echo IgnoreRhosts no >> /etc/ssh/sshd_config.d/confluent.conf
+systemctl restart sshd
+curl -f X POST -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $apikey" https://$mgr/confluent-api/self/nodelist > /tmp/allnodes
+curl https://$mgr/confluent-public/confluent/util/getinstalldisk > /custom-installation/getinstalldisk
+python3 /custom-installation/getinstalldisk
+sed -i s!%%INSTALLDISK%%!/dev/$(cat /tmp/installdisk)! /autoinstall.yaml