mirror of
https://github.com/xcat2/confluent.git
synced 2025-06-18 20:30:58 +00:00
Normalize path to confluent files
After going through tmp and etc, settle on /etc/confluent/ as the generally relevant directory when possible. Additionally, move apikey and ifidx logic into apiclient where possible
This commit is contained in:
Jarrod Johnson
@ -3,10 +3,21 @@ try:
|
||||
import http.client as client
|
||||
except ImportError:
|
||||
import httplib as client
|
||||
import os
|
||||
import socket
|
||||
import subprocess
|
||||
import ssl
|
||||
import sys
|
||||
|
||||
def get_apikey(nodename, mgr):
|
||||
if os.path.exists('/etc/confluent/confluent.apikey'):
|
||||
return open('/etc/confluent/confluent.apikey').read().strip()
|
||||
apikey = subprocess.check_output(['/opt/confluent/bin/clortho', nodename, mgr])
|
||||
with open('/etc/confluent/confluent.apikey', 'wb+') as apiout:
|
||||
apiout.write(apikey)
|
||||
os.chmod('/etc/confluent/confluent.apikey', 0o600)
|
||||
return apikey
|
||||
|
||||
class HTTPSClient(client.HTTPConnection, object):
|
||||
def __init__(self, port=443):
|
||||
self.stdheaders = {}
|
||||
@ -27,7 +38,11 @@ class HTTPSClient(client.HTTPConnection, object):
|
||||
host, mgtiface, havedefault = extinfo[:3]
|
||||
if havedefault == '0' and extinfo[2] == '1':
|
||||
host, mgtiface, havedefault = extinfo[:3]
|
||||
self.stdheaders['CONFLUENT_APIKEY'] = open('/etc/confluent/confluent.apikey').read().strip()
|
||||
if not os.path.exists('/tmp/confluent.ifidx') and '%' in host:
|
||||
ifidx = host.split('%', 1)[1]
|
||||
with open('/tmp/confluent.ifidx', 'w+') as ifout:
|
||||
ifout.write(ifdx)
|
||||
self.stdheaders['CONFLUENT_APIKEY'] = get_apikey(node, host)
|
||||
if mgtiface:
|
||||
self.stdheaders['CONFLUENT_MGTIFACE'] = mgtiface
|
||||
client.HTTPConnection.__init__(self, host, port)
|
||||
|
||||
@ -2,58 +2,43 @@
|
||||
[ -e /tmp/confluent.initq ] && return 0
|
||||
echo -n "" > /tmp/confluent.initq
|
||||
TRIES=0
|
||||
while ! grep ^EXTMGRINFO: /tmp/confluent.info | awk -F'|' '{print $3}' | grep 1 >& /dev/null && [ "$TRIES" -lt 60 ]; do
|
||||
oum=$(umask)
|
||||
umask 0077
|
||||
mkdir -p /etc/confluennt
|
||||
umask $oum
|
||||
cd /sys/class/net
|
||||
while ! grep ^EXTMGRINFO: /etc/confluent/confluent.info | awk -F'|' '{print $3}' | grep 1 >& /dev/null && [ "$TRIES" -lt 60 ]; do
|
||||
TRIES=$((TRIES + 1))
|
||||
cd /sys/class/net
|
||||
for currif in *; do
|
||||
ip link set $currif up
|
||||
done
|
||||
cd /
|
||||
/opt/confluent/bin/copernicus -t > /tmp/confluent.info
|
||||
/opt/confluent/bin/copernicus -t > /etc/confluent/confluent.info
|
||||
done
|
||||
cd /
|
||||
|
||||
read ifidx <<EOF
|
||||
$(grep ^EXTMGRINFO: /tmp/confluent.info | awk -F'|' '{print $1 " " $3'} | grep 1$ | awk '{print $2}' | sed -e s/.*%//)
|
||||
EOF
|
||||
if [ -z "$ifidx" ]; then
|
||||
read ifidx <<EOF
|
||||
$(grep ^MANAGER /tmp/confluent.info|grep fe80|sed -e s/.*%//)
|
||||
EOF
|
||||
fi
|
||||
read mgr << EOF
|
||||
$(grep ^MANAGER /tmp/confluent.info|grep fe80|awk '{print $2}')
|
||||
EOF
|
||||
nodename=$(grep ^NODENAME /etc/confluent/confluent.info|awk '{print $2}')
|
||||
#TODO: blkid --label <whatever> to find mounted api
|
||||
|
||||
cat /tls/*.pem > /etc/confluent/ca.pem
|
||||
/usr/libexec/platform-python /opt/confluent/bin/apiclient /confluent-api/self/deploycfg > /etc/confluent/confluent.deploycfg
|
||||
ifidx=$(cat /tmp/confluent.ifidx)
|
||||
ifname=$(ip link |grep ^$ifidx:|awk '{print $2}')
|
||||
ifname=${ifname%:}
|
||||
echo $ifname > /tmp/net.ifaces
|
||||
nodename=$(grep ^NODENAME /tmp/confluent.info|awk '{print $2}')
|
||||
#TODO: blkid --label <whatever> to find mounted api
|
||||
|
||||
if [ -z "$apikey" ]; then
|
||||
apikey=$(/opt/confluent/bin/clortho $nodename $mgr)
|
||||
fi
|
||||
oum=$(umask)
|
||||
umask 0077
|
||||
mkdir /etc/confluent
|
||||
echo $apikey > /etc/confluent.apikey
|
||||
umask $oum
|
||||
cp /tmp/confluent.info /etc/confluent.apikey /etc/confluent/
|
||||
cat /tls/*.pem > /etc/confluent/ca.pem
|
||||
/usr/libexec/platform-python /opt/confluent/bin/apiclient /confluent-api/self/deploycfg > /tmp/confluent.deploycfg
|
||||
|
||||
dnsdomain=$(grep ^dnsdomain: /tmp/confluent.deploycfg)
|
||||
dnsdomain=$(grep ^dnsdomain: /etc/confluent/confluent.deploycfg)
|
||||
dnsdomain=${dnsdomain#dnsdomain: }
|
||||
hostname=$nodename
|
||||
if [ ! -z "$dnsdomain" ] && [ "$dnsdomain" != "null" ]; then
|
||||
hostname=$hostname.$dnsdomain
|
||||
fi
|
||||
mgr=$(grep ^deploy_server: /tmp/confluent.deploycfg)
|
||||
mgr=$(grep ^deploy_server: /etc/confluent/confluent.deploycfg)
|
||||
mgr=${mgr#deploy_server: }
|
||||
profilename=$(grep ^profile: /tmp/confluent.deploycfg)
|
||||
profilename=$(grep ^profile: /etc/confluent/confluent.deploycfg)
|
||||
profilename=${profilename#profile: }
|
||||
proto=$(grep ^protocol: /tmp/confluent.deploycfg)
|
||||
proto=$(grep ^protocol: /etc/confluent/confluent.deploycfg)
|
||||
proto=${proto#protocol: }
|
||||
textconsole=$(grep ^textconsole: /tmp/confluent.deploycfg)
|
||||
textconsole=$(grep ^textconsole: /etc/confluent/confluent.deploycfg)
|
||||
textconsole=${textconsole#textconsole: }
|
||||
if [ $textconsole = "true" ] && ! grep console= /proc/cmdline > /dev/null; then
|
||||
autocons=$(cat /tmp/01-autocons.devnode)
|
||||
@ -72,19 +57,19 @@ kickstart=$proto://$mgr/confluent-public/os/$profilename/kickstart
|
||||
root=anaconda-net:$proto://$mgr/confluent-public/os/$profilename/distribution
|
||||
export kickstart
|
||||
export root
|
||||
autoconfigmethod=$(grep ipv4_method /tmp/confluent.deploycfg)
|
||||
autoconfigmethod=$(grep ipv4_method /etc/confluent/confluent.deploycfg)
|
||||
autoconfigmethod=${autoconfigmethod#ipv4_method: }
|
||||
if [ "$autoconfigmethod" = "dhcp" ]; then
|
||||
echo ip=$ifname:dhcp >> /etc/cmdline.d/01-confluent.conf
|
||||
else
|
||||
v4addr=$(grep ^ipv4_address: /tmp/confluent.deploycfg)
|
||||
v4addr=$(grep ^ipv4_address: /etc/confluent/confluent.deploycfg)
|
||||
v4addr=${v4addr#ipv4_address: }
|
||||
v4gw=$(grep ^ipv4_gateway: /tmp/confluent.deploycfg)
|
||||
v4gw=$(grep ^ipv4_gateway: /etc/confluent/confluent.deploycfg)
|
||||
v4gw=${v4gw#ipv4_gateway: }
|
||||
if [ "$v4gw" = "null" ]; then
|
||||
v4gw=""
|
||||
fi
|
||||
v4nm=$(grep ipv4_netmask: /tmp/confluent.deploycfg)
|
||||
v4nm=$(grep ipv4_netmask: /etc/confluent/confluent.deploycfg)
|
||||
v4nm=${v4nm#ipv4_netmask: }
|
||||
echo ip=$v4addr::$v4gw:$v4nm:$hostname:$ifname:none >> /etc/cmdline.d/01-confluent.conf
|
||||
fi
|
||||
@ -101,5 +86,5 @@ while read -r entry; do
|
||||
nameserversec=1
|
||||
continue
|
||||
fi
|
||||
done < /tmp/confluent.deploycfg
|
||||
done < /etc/confluent/confluent.deploycfg
|
||||
|
||||
|
||||
@ -6,7 +6,9 @@ done
|
||||
|
||||
cat /etc/pki/tls/certs/ca-bundle.crt > $BUNDLENAME
|
||||
mkdir -p /sysroot/etc/confluent/
|
||||
chmod 700 /sysroot/etc/confluent
|
||||
cp -a /tls /sysroot/etc/confluent
|
||||
cp /etc/confluent/* /sysroot/etc/confluent
|
||||
sed -i 's/install::/install:*:/' /sysroot/etc/shadow
|
||||
sed -i 's/root::/root:*:/' /sysroot/etc/shadow
|
||||
mkdir -p /sysroot/root/.ssh
|
||||
@ -17,8 +19,4 @@ mkdir -p /sysroot/etc/ssh/
|
||||
for i in /ssh/*.ca; do
|
||||
echo '@cert-authority *' $(cat $i) >> /sysroot/etc/ssh/ssh_known_hosts
|
||||
done
|
||||
cp /etc/confluent.apikey /sysroot/etc/
|
||||
cp /etc/confluent.apikey /sysroot/etc/confluent/
|
||||
cp /opt/confluent/bin/apiclient /sysroot/etc/confluent
|
||||
cp /tmp/confluent.deploycfg /tmp/confluent.info /sysroot/etc/
|
||||
cp /tmp/confluent.deploycfg /tmp/confluent.info /sysroot/etc/confluent
|
||||
|
||||
@ -41,16 +41,16 @@ python3
|
||||
%end
|
||||
|
||||
%pre
|
||||
profile=$(grep ^profile: /etc/confluent.deploycfg |awk '{print $2}')
|
||||
mgr=$(grep deploy_server /etc/confluent.deploycfg |awk '{print $2}')
|
||||
profile=$(grep ^profile: /etc/confluent/confluent.deploycfg |awk '{print $2}')
|
||||
mgr=$(grep deploy_server /etc/confluent/confluent.deploycfg |awk '{print $2}')
|
||||
curl -f https://$mgr/confluent-public/os/$profile/scripts/pre.sh > /tmp/preinst.sh
|
||||
. /tmp/preinst.sh
|
||||
%end
|
||||
|
||||
%post --nochroot
|
||||
mkdir -p /mnt/sysimage/etc/confluent
|
||||
profile=$(grep ^profile: /etc/confluent.deploycfg |awk '{print $2}')
|
||||
mgr=$(grep deploy_server /etc/confluent.deploycfg |awk '{print $2}')
|
||||
profile=$(grep ^profile: /etc/confluent/confluent.deploycfg |awk '{print $2}')
|
||||
mgr=$(grep deploy_server /etc/confluent/confluennt.deploycfg |awk '{print $2}')
|
||||
curl -f https://$mgr/confluent-public/os/$profile/scripts/prechroot.sh > /tmp/postinst.sh
|
||||
. /tmp/postinst.sh
|
||||
|
||||
|
||||
@ -8,23 +8,23 @@
|
||||
# method is to edit the kicktstart file and comment out or
|
||||
# delete %include /tmp/partitioning
|
||||
|
||||
nodename=$(grep ^NODENAME /etc/confluent.info|awk '{print $2}')
|
||||
locale=$(grep ^locale: /etc/confluent.deploycfg)
|
||||
nodename=$(grep ^NODENAME /etc/confluent/confluent.info|awk '{print $2}')
|
||||
locale=$(grep ^locale: /etc/confluent/confluent.deploycfg)
|
||||
locale=${locale#locale: }
|
||||
keymap=$(grep ^keymap: /etc/confluent.deploycfg)
|
||||
keymap=$(grep ^keymap: /etc/confluent/confluent.deploycfg)
|
||||
keymap=${keymap#keymap: }
|
||||
echo lang $locale > /tmp/langinfo
|
||||
echo keyboard --vckeymap=$keymap >> /tmp/langinfo
|
||||
tz=$(grep ^timezone: /etc/confluent.deploycfg)
|
||||
tz=$(grep ^timezone: /etc/confluent/confluent.deploycfg)
|
||||
tz=${tz#timezone: }
|
||||
echo timezone $tz --utc > /tmp/timezone
|
||||
rootpw=$(grep ^rootpassword /etc/confluent.deploycfg | awk '{print $2}')
|
||||
rootpw=$(grep ^rootpassword /etc/confluent/confluent.deploycfg | awk '{print $2}')
|
||||
if [ "$rootpw" = null ]; then
|
||||
echo "rootpw --lock" > /tmp/rootpw
|
||||
else
|
||||
echo "rootpw --iscrypted $rootpw" > /tmp/rootpw
|
||||
fi
|
||||
grubpw=$(grep ^grubpassword /etc/confluent.deploycfg | awk '{print $2}')
|
||||
grubpw=$(grep ^grubpassword /etc/confluent/confluent.deploycfg | awk '{print $2}')
|
||||
if [ "$grubpw" = "null" ]; then
|
||||
touch /tmp/grubpw
|
||||
else
|
||||
@ -32,7 +32,7 @@ else
|
||||
fi
|
||||
for pubkey in /etc/ssh/ssh_host*key.pub; do
|
||||
certfile=${pubkey/.pub/-cert.pub}
|
||||
curl -f -X POST -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $(cat /etc/confluent.apikey)" -d @$pubkey https://$mgr/confluent-api/self/sshcert > $certfile
|
||||
curl -f -X POST -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $(cat /etc/confluent/confluent.apikey)" -d @$pubkey https://$mgr/confluent-api/self/sshcert > $certfile
|
||||
echo HostCertificate $certfile >> /etc/ssh/sshd_config.anaconda
|
||||
done
|
||||
/usr/sbin/sshd -f /etc/ssh/sshd_config.anaconda
|
||||
@ -40,10 +40,10 @@ if [ -f "/run/install/cmdline.d/01-autocons.conf" ]; then
|
||||
consoledev=$(cat /run/install/cmdline.d/01-autocons.conf | sed -e 's!console=!/dev/!' -e 's/,.*//')
|
||||
tmux a <> $consoledev >&0 2>&1 &
|
||||
fi
|
||||
cryptboot=$(grep ^encryptboot: /etc/confluent.deploycfg | awk '{print $2}')
|
||||
cryptboot=$(grep ^encryptboot: /etc/confluent/confluent.deploycfg | awk '{print $2}')
|
||||
LUKSPARTY=''
|
||||
if [ "$cryptboot" == "bound" ]; then
|
||||
LUKSPARTY="--encrypted --passphrase=$(cat /etc/confluent.apikey)"
|
||||
LUKSPARTY="--encrypted --passphrase=$(cat /etc/confluent/confluent.apikey)"
|
||||
echo $cryptboot >> /tmp/cryptboot
|
||||
fi
|
||||
|
||||
|
||||
@ -7,7 +7,7 @@
|
||||
# It is almost certainly more useful to use post.sh or firstboot.sh
|
||||
# for customization, which will run in a more normal mechanism
|
||||
|
||||
nodename=$(grep ^NODENAME /etc/confluent.info|awk '{print $2}')
|
||||
nodename=$(grep ^NODENAME /etc/confluent/confluent.info|awk '{print $2}')
|
||||
export mgr profile nodename
|
||||
cp -a /etc/confluent /mnt/sysimage/etc
|
||||
chmod -R og-rwx /mnt/sysimage/etc/confluent
|
||||
|
||||
@ -18,6 +18,6 @@ chmod 700 /mnt/sysimage/root/.ssh/
|
||||
cp /root/.ssh/authorized_keys /mnt/sysimage/root/.ssh/
|
||||
chmod 600 /mnt/sysimage/root/.ssh/authorized_keys
|
||||
cp /etc/ssh/ssh_known_hosts /mnt/sysimage/etc/ssh/
|
||||
curl -f -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $(cat /etc/confluent.apikey)" https://$mgr/confluent-api/self/nodelist > /tmp/allnodes
|
||||
curl -f -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $(cat /etc/confluent/confluent.apikey)" https://$mgr/confluent-api/self/nodelist > /tmp/allnodes
|
||||
cp /tmp/allnodes /mnt/sysimage/etc/ssh/shosts.equiv
|
||||
cp /tmp/allnodes /mnt/sysimage/root/.shosts
|
||||
|
||||
@ -3,35 +3,26 @@
|
||||
mkdir -p /etc/confluent
|
||||
cat /tls/*.pem > /etc/confluent/ca.pem
|
||||
echo -n "" > /tmp/confluent.initq
|
||||
while ! grep MANAGER /etc/confluent/confluent.info >& /dev/null; do
|
||||
cd /sys/class/net
|
||||
TRIES=0
|
||||
touch /tmp/confluent.info
|
||||
cd /sys/class/net
|
||||
while ! awk -F'|' '{print $3}' /tmp/confluent.info |grep 2 >& /dev/null && [ "$TRIES" -lt 60 ]; do
|
||||
TRIES=$((TRIES + 1))
|
||||
for currif in *; do
|
||||
ip link set $currif up
|
||||
done
|
||||
cd -
|
||||
/opt/confluent/bin/copernicus -t > /etc/confluent/confluent.info
|
||||
done
|
||||
read ifidx <<EOF
|
||||
$(grep ^MANAGER /etc/confluent/confluent.info|grep fe80|sed -e s/.*%//)
|
||||
EOF
|
||||
read mgr << EOF
|
||||
$(grep ^MANAGER /etc/confluent/confluent.info|grep fe80|awk '{print $2}')
|
||||
EOF
|
||||
mgridx=${mgr#*%}
|
||||
ifname=$(ip link |grep ^$ifidx:|awk '{print $2}')
|
||||
ifname=${ifname%:}
|
||||
echo $ifname > /tmp/net.ifaces
|
||||
cd /
|
||||
nodename=$(grep ^NODENAME /etc/confluent/confluent.info|awk '{print $2}')
|
||||
#TODO: blkid --label <whatever> to find mounted api
|
||||
|
||||
if [ -z "$apikey" ]; then
|
||||
apikey=$(/opt/confluent/bin/clortho $nodename $mgr)
|
||||
fi
|
||||
oum=$(umask)
|
||||
umask 0077
|
||||
echo $apikey > /etc/confluent/confluent.apikey
|
||||
umask $oum
|
||||
python /opt/confluent/bin/apiclient /confluent-api/self/deploycfg > /tmp/confluent.deploycfg
|
||||
mgridx=$(cat /tmp/confluent.ifidx)
|
||||
ifname=$(ip link |grep ^$ifidx:|awk '{print $2}')
|
||||
ifname=${ifname%:}
|
||||
echo $ifname > /tmp/net.ifaces
|
||||
|
||||
dnsdomain=$(grep ^dnsdomain: /tmp/confluent.deploycfg)
|
||||
dnsdomain=${dnsdomain#dnsdomain: }
|
||||
|
||||
@ -35,8 +35,8 @@ liveimg --url=file:///tmp/install.img
|
||||
reboot
|
||||
|
||||
%pre
|
||||
profile=$(grep ^profile: /etc/confluent.deploycfg |awk '{print $2}')
|
||||
mgr=$(grep deploy_server /etc/confluent.deploycfg |awk '{print $2}')
|
||||
profile=$(grep ^profile: /etc/confluent/confluent.deploycfg |awk '{print $2}')
|
||||
mgr=$(grep deploy_server /etc/confluent/confluent.deploycfg |awk '{print $2}')
|
||||
curl -f https://$mgr/confluent-public/os/$profile/scripts/pre.sh > /tmp/preinst.sh
|
||||
. /tmp/preinst.sh
|
||||
%end
|
||||
@ -44,8 +44,8 @@ curl -f https://$mgr/confluent-public/os/$profile/scripts/pre.sh > /tmp/preinst.
|
||||
%post --nochroot
|
||||
nodectl init
|
||||
mkdir -p /mnt/sysimage/etc/confluent
|
||||
profile=$(grep ^profile: /etc/confluent.deploycfg |awk '{print $2}')
|
||||
mgr=$(grep deploy_server /etc/confluent.deploycfg |awk '{print $2}')
|
||||
profile=$(grep ^profile: /etc/confluent/confluent.deploycfg |awk '{print $2}')
|
||||
mgr=$(grep deploy_server /etc/confluent/confluent.deploycfg |awk '{print $2}')
|
||||
curl -f https://$mgr/confluent-public/os/$profile/scripts/prechroot.sh > /tmp/postinst.sh
|
||||
. /tmp/postinst.sh
|
||||
|
||||
|
||||
@ -8,23 +8,23 @@
|
||||
# method is to edit the kicktstart file and comment out or
|
||||
# delete %include /tmp/partitioning
|
||||
|
||||
nodename=$(grep ^NODENAME /etc/confluent.info|awk '{print $2}')
|
||||
locale=$(grep ^locale: /etc/confluent.deploycfg)
|
||||
nodename=$(grep ^NODENAME /etc/confluent/confluent.info|awk '{print $2}')
|
||||
locale=$(grep ^locale: /etc/confluent/confluent.deploycfg)
|
||||
locale=${locale#locale: }
|
||||
keymap=$(grep ^keymap: /etc/confluent.deploycfg)
|
||||
keymap=$(grep ^keymap: /etc/confluent/confluent.deploycfg)
|
||||
keymap=${keymap#keymap: }
|
||||
echo lang $locale > /tmp/langinfo
|
||||
echo keyboard --vckeymap=$keymap >> /tmp/langinfo
|
||||
tz=$(grep ^timezone: /etc/confluent.deploycfg)
|
||||
tz=$(grep ^timezone: /etc/confluent/confluent.deploycfg)
|
||||
tz=${tz#timezone: }
|
||||
echo timezone $tz --utc > /tmp/timezone
|
||||
rootpw=$(grep ^rootpassword /etc/confluent.deploycfg | awk '{print $2}')
|
||||
rootpw=$(grep ^rootpassword /etc/confluent/confluent.deploycfg | awk '{print $2}')
|
||||
if [ "$rootpw" = null ]; then
|
||||
echo "rootpw --lock" > /tmp/rootpw
|
||||
else
|
||||
echo "rootpw --iscrypted $rootpw" > /tmp/rootpw
|
||||
fi
|
||||
grubpw=$(grep ^grubpassword /etc/confluent.deploycfg | awk '{print $2}')
|
||||
grubpw=$(grep ^grubpassword /etc/confluent/confluent.deploycfg | awk '{print $2}')
|
||||
if [ "$grubpw" = "null" ]; then
|
||||
touch /tmp/grubpw
|
||||
else
|
||||
@ -33,7 +33,7 @@ fi
|
||||
ssh-keygen -A
|
||||
for pubkey in /etc/ssh/ssh_host*key.pub; do
|
||||
certfile=${pubkey/.pub/-cert.pub}
|
||||
curl -f -X POST -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $(cat /etc/confluent.apikey)" -d @$pubkey https://$mgr/confluent-api/self/sshcert > $certfile
|
||||
curl -f -X POST -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $(cat /etc/confluent/confluent.apikey)" -d @$pubkey https://$mgr/confluent-api/self/sshcert > $certfile
|
||||
echo HostCertificate $certfile >> /etc/ssh/sshd_config.anaconda
|
||||
done
|
||||
/usr/sbin/sshd -f /etc/ssh/sshd_config.anaconda
|
||||
@ -41,10 +41,10 @@ if [ -f "/run/install/cmdline.d/01-autocons.conf" ]; then
|
||||
consoledev=$(cat /run/install/cmdline.d/01-autocons.conf | sed -e 's!console=!/dev/!' -e 's/,.*//')
|
||||
TMUX= tmux a <> $consoledev >&0 2>&1 &
|
||||
fi
|
||||
cryptboot=$(grep ^encryptboot: /etc/confluent.deploycfg | awk '{print $2}')
|
||||
cryptboot=$(grep ^encryptboot: /etc/confluent/confluent.deploycfg | awk '{print $2}')
|
||||
LUKSPARTY=''
|
||||
if [ "$cryptboot" == "bound" ]; then
|
||||
LUKSPARTY="--encrypted --passphrase=$(cat /etc/confluent.apikey)"
|
||||
LUKSPARTY="--encrypted --passphrase=$(cat /etc/confluent/confluent.apikey)"
|
||||
echo $cryptboot >> /tmp/cryptboot
|
||||
fi
|
||||
|
||||
|
||||
@ -7,7 +7,7 @@
|
||||
# It is almost certainly more useful to use post.sh or firstboot.sh
|
||||
# for customization, which will run in a more normal mechanism
|
||||
|
||||
nodename=$(grep ^NODENAME /etc/confluent.info|awk '{print $2}')
|
||||
nodename=$(grep ^NODENAME /etc/confluent/confluent.info|awk '{print $2}')
|
||||
export mgr profile nodename
|
||||
cp -a /etc/confluent /mnt/sysimage/etc
|
||||
cp /tmp/functions /mnt/sysimage/etc/confluent/
|
||||
|
||||
@ -15,26 +15,27 @@ if ! grep console /proc/cmdline > /dev/null; then
|
||||
echo "Serial console detected from firmmware: $autocons" > ${autocons%,*}
|
||||
fi
|
||||
fi
|
||||
mkdir -p /etc/confluent
|
||||
chmod 700 /etc/confluent
|
||||
cd /sys/class/net
|
||||
for nic in *; do
|
||||
ip link set $nic up
|
||||
done
|
||||
echo -n "Discovering confluent..."
|
||||
/opt/confluent/bin/copernicus -t > /tmp/confluent.info
|
||||
touch /etc/confluent/confluent.info
|
||||
TRIES=0
|
||||
while ! awk -F'|' '{print $3}' /tmp/confluent.info |grep 1 >& /dev/null && [ "$TRIES" -lt 60 ]; do
|
||||
while ! awk -F'|' '{print $3}' /etc/confluent/confluent.info |grep 1 >& /dev/null && [ "$TRIES" -lt 60 ]; do
|
||||
TRIES=$((TRIES + 1))
|
||||
|
||||
/opt/confluent/bin/copernicus -t > /tmp/confluent.info
|
||||
for nic in *; do
|
||||
ip link set $nic up
|
||||
done
|
||||
/opt/confluent/bin/copernicus -t > /etc/confluent/confluent.info
|
||||
done
|
||||
nodename=$(grep ^NODENAME: /tmp/confluent.info | head -n 1 | sed -e 's/NODENAME: //')
|
||||
nodename=$(grep ^NODENAME: /etc/confluent/confluent.info | head -n 1 | sed -e 's/NODENAME: //')
|
||||
echo "done ($nodename)"
|
||||
echo "Hostname: $nodename" >> /etc/linuxrc.d/01-confluent
|
||||
mgr=$(grep ^EXTMGRINFO: /etc/confluent/confluent.info |awk -F'|' '{print $1 " " $3}'|grep " 1$" | head -n 1 | awk '{print $2}')
|
||||
if [ -z "$mgr" ]; then
|
||||
mgr=$(grep ^MANAGER: /tmp/confluent.info | head -n 1 | sed -e 's/MANAGER: //')
|
||||
mgr=$(grep ^MANAGER: /etc/confluent/confluent.info | head -n 1 | sed -e 's/MANAGER: //')
|
||||
fi
|
||||
mgtiface=$(grep $mgr /tmp/confluent.info | grep EXTMGRINFO: | head -n 1 | awk -F'|' '{print $2}')
|
||||
mgtiface=$(grep $mgr /etc/confluent/confluent.info | grep EXTMGRINFO: | head -n 1 | awk -F'|' '{print $2}')
|
||||
echo -n "Acquiring configuration from $mgr..."
|
||||
bootifidx=${mgr#*%}
|
||||
for nic in *; do
|
||||
@ -44,19 +45,19 @@ for nic in *; do
|
||||
done
|
||||
cd -
|
||||
echo "NetDevice: $bootif" >> /etc/linuxrc.d/01-confluent
|
||||
/opt/confluent/bin/clortho $nodename $mgr > /tmp/confluent.apikey
|
||||
/opt/confluent/bin/clortho $nodename $mgr > /etc/confluent/confluent.apikey
|
||||
mgr="[$mgr]"
|
||||
if [ -z "$mgtiface" ]; then
|
||||
curl -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $(cat /tmp/confluent.apikey)" https://$mgr/confluent-api/self/deploycfg > /tmp/confluent.deploycfg
|
||||
curl -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $(cat /etc/confluent/confluent.apikey)" https://$mgr/confluent-api/self/deploycfg > /etc/confluent/confluent.deploycfg
|
||||
else
|
||||
curl -H "CONFLUENT_MGTIFACE: $mgtiface" -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $(cat /tmp/confluent.apikey)" https://$mgr/confluent-api/self/deploycfg > /tmp/confluent.deploycfg
|
||||
curl -H "CONFLUENT_MGTIFACE: $mgtiface" -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $(cat /etc/confluent/confluent.apikey)" https://$mgr/confluent-api/self/deploycfg > /etc/confluent/confluent.deploycfg
|
||||
fi
|
||||
dnsdomain=$(grep ^dnsdomain: /tmp/confluent.deploycfg)
|
||||
dnsdomain=$(grep ^dnsdomain: /etc/confluent/confluent.deploycfg)
|
||||
dnsdomain=${dnsdomain#dnsdomain: }
|
||||
if [ ! -z "$dnsdomain" ] && [ "$dnsdomain" != "null" ]; then
|
||||
echo "Domain: $dnsdomain" >> /etc/linuxrc.d/01-confluent
|
||||
fi
|
||||
textconsole=$(grep ^textconsole: /tmp/confluent.deploycfg)
|
||||
textconsole=$(grep ^textconsole: /etc/confluent/confluent.deploycfg)
|
||||
textconsole=${textconsole#textconsole: }
|
||||
if [ "$textconsole" = "true" ] && ! grep console= /proc/cmdline > /dev/null && [ ! -z "$autocons" ]; then
|
||||
echo "Serial console autodetected and enabled, will be available upon install completion" > ${autocons%,*}
|
||||
@ -70,18 +71,18 @@ if [ "$textconsole" = "true" ] && ! grep console= /proc/cmdline > /dev/null && [
|
||||
echo "ConsoleDevice: ${autocons%,*}" >> /etc/linuxrc.d/01-confluent
|
||||
fi
|
||||
|
||||
tz=$(grep timezone: /tmp/confluent.deploycfg | awk '{print $2}')
|
||||
tz=$(grep timezone: /etc/confluent/confluent.deploycfg | awk '{print $2}')
|
||||
echo "<timezone>${tz}</timezone>" > /tmp/timezone
|
||||
autoconfigmethod=$(grep ipv4_method /tmp/confluent.deploycfg)
|
||||
autoconfigmethod=$(grep ipv4_method /etc/confluent/confluent.deploycfg)
|
||||
autoconfigmethod=${autoconfigmethod#ipv4_method: }
|
||||
if [ "$autoconfigmethod" = "dhcp" ]; then
|
||||
echo "DHCP: 1" >> /etc/linuxrc.d/01-confluent
|
||||
else
|
||||
v4addr=$(grep ^ipv4_address: /tmp/confluent.deploycfg)
|
||||
v4addr=$(grep ^ipv4_address: /etc/confluent/confluent.deploycfg)
|
||||
v4addr=${v4addr#ipv4_address: }
|
||||
v4gw=$(grep ^ipv4_gateway: /tmp/confluent.deploycfg)
|
||||
v4gw=$(grep ^ipv4_gateway: /etc/confluent/confluent.deploycfg)
|
||||
v4gw=${v4gw#ipv4_gateway: }
|
||||
v4nm=$(grep ipv4_netmask: /tmp/confluent.deploycfg)
|
||||
v4nm=$(grep ipv4_netmask: /etc/confluent/confluent.deploycfg)
|
||||
v4nm=${v4nm#ipv4_netmask: }
|
||||
echo "HostIP: $v4addr" >> /etc/linuxrc.d/01-confluent
|
||||
echo "Netmask: $v4nm" >> /etc/linuxrc.d/01-confluent
|
||||
@ -101,14 +102,14 @@ else
|
||||
nameserversec=1
|
||||
continue
|
||||
fi
|
||||
done < /tmp/confluent.deploycfg
|
||||
done < /etc/confluent/confluent.deploycfg
|
||||
fi
|
||||
echo done
|
||||
mgr=$(grep ^deploy_server: /tmp/confluent.deploycfg)
|
||||
mgr=$(grep ^deploy_server: /etc/confluent/confluent.deploycfg)
|
||||
mgr=${mgr#deploy_server: }
|
||||
profilename=$(grep ^profile: /tmp/confluent.deploycfg)
|
||||
profilename=$(grep ^profile: /etc/confluent/confluent.deploycfg)
|
||||
profilename=${profilename#profile: }
|
||||
proto=$(grep ^protocol: /tmp/confluent.deploycfg)
|
||||
proto=$(grep ^protocol: /etc/confluent/confluent.deploycfg)
|
||||
proto=${proto#protocol: }
|
||||
|
||||
echo "<media_url>${proto}://${mgr}/confluent-public/os/${profilename}/product</media_url>" > /tmp/pkgurl
|
||||
|
||||
@ -101,9 +101,9 @@ dynamic behavior and replace with static configuration.
|
||||
<source>
|
||||
<![CDATA[
|
||||
#!/bin/sh
|
||||
mgr=$(grep ^deploy_server /tmp/confluent.deploycfg|awk '{print $2}')
|
||||
profile=$(grep ^profile: /tmp/confluent.deploycfg|sed -e 's/^profile: //')
|
||||
proto=$(grep ^protocol: /tmp/confluent.deploycfg |awk '{print $2}')
|
||||
mgr=$(grep ^deploy_server /etc/confluent/confluent.deploycfg|awk '{print $2}')
|
||||
profile=$(grep ^profile: /etc/confluent/confluent.deploycfg|sed -e 's/^profile: //')
|
||||
proto=$(grep ^protocol: /etc/confluent/confluent.deploycfg |awk '{print $2}')
|
||||
curl $proto://$mgr/confluent-public/os/$profile/scripts/pre.sh > /tmp/pre.sh
|
||||
. /tmp/pre.sh
|
||||
]]>
|
||||
@ -117,9 +117,9 @@ curl $proto://$mgr/confluent-public/os/$profile/scripts/pre.sh > /tmp/pre.sh
|
||||
<source>
|
||||
<![CDATA[
|
||||
#!/bin/sh
|
||||
mgr=$(grep ^deploy_server /tmp/confluent.deploycfg|awk '{print $2}')
|
||||
profile=$(grep ^profile: /tmp/confluent.deploycfg|sed -e 's/^profile: //')
|
||||
proto=$(grep ^protocol: /tmp/confluent.deploycfg |awk '{print $2}')
|
||||
mgr=$(grep ^deploy_server /etc/confluent/confluent.deploycfg|awk '{print $2}')
|
||||
profile=$(grep ^profile: /etc/confluent/confluent.deploycfg|sed -e 's/^profile: //')
|
||||
proto=$(grep ^protocol: /etc/confluent/confluent.deploycfg |awk '{print $2}')
|
||||
curl $proto://$mgr/confluent-public/os/$profile/scripts/prechroot.sh > /tmp/prechroot.sh
|
||||
. /tmp/prechroot.sh
|
||||
curl -f $proto://$mgr/confluent-public/os/$profile/scripts/firstboot.sh > /mnt/etc/confluent/firstboot.sh
|
||||
|
||||
@ -3,12 +3,12 @@
|
||||
# This script runs before the installer executes, and sets up ssh during install as well
|
||||
# as rewriting the autoyast file with any substitutions prior to it being evaluated for real
|
||||
|
||||
nodename=$(grep ^NODENAME /tmp/confluent.info|awk '{print $2}')
|
||||
rootpw=$(grep rootpassword: /tmp/confluent.deploycfg|sed -e 's/^rootpassword: //')
|
||||
nodename=$(grep ^NODENAME /etc/confluent/confluent.info|awk '{print $2}')
|
||||
rootpw=$(grep rootpassword: /etc/confluent/confluent.deploycfg|sed -e 's/^rootpassword: //')
|
||||
if [ "$rootpw" = "null" ]; then
|
||||
rootpw="!"
|
||||
fi
|
||||
cryptboot=$(grep encryptboot: /tmp/confluent.deploycfg|sed -e 's/^encryptboot: //')
|
||||
cryptboot=$(grep encryptboot: /etc/confluent/confluent.deploycfg|sed -e 's/^encryptboot: //')
|
||||
if [ "$cryptboot" != "" ] && [ "$cryptboot" != "none" ] && [ "$cryptboot" != "null" ]; then
|
||||
echo "****Encrypted boot requested, but not implemented for this OS, halting install" > /dev/console
|
||||
[ -f '/tmp/autoconsdev' ] && (echo "****Encryptod boot requested, but not implemented for this OS,halting install" >> $(cat /tmp/autoconsdev))
|
||||
@ -20,7 +20,7 @@ cat /ssh/*.rootpubkey > ~/.ssh/authorized_keys
|
||||
ssh-keygen -A
|
||||
for i in /etc/ssh/ssh_host*key.pub; do
|
||||
certname=${i/.pub/-cert.pub}
|
||||
curl -f -X POST -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $(cat /tmp/confluent.apikey)" -d @$i https://$mgr/confluent-api/self/sshcert > $certname
|
||||
curl -f -X POST -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $(cat /etc/confluent/confluent.apikey)" -d @$i https://$mgr/confluent-api/self/sshcert > $certname
|
||||
echo HostKey ${i%.pub} >> /etc/ssh/sshd_config
|
||||
echo HostCertificate $certname >> /etc/ssh/sshd_config
|
||||
done
|
||||
|
||||
@ -4,13 +4,12 @@
|
||||
# is still running, with the to-be-booted system mounted in /mnt
|
||||
|
||||
# carry over deployment configuration and api key for OS install action
|
||||
mgr=$(grep ^deploy_server /tmp/confluent.deploycfg|awk '{print $2}')
|
||||
profile=$(grep ^profile: /tmp/confluent.deploycfg|sed -e 's/^profile: //')
|
||||
nodename=$(grep ^NODENAME /tmp/confluent.info|awk '{print $2}')
|
||||
mgr=$(grep ^deploy_server /etc/confluent/confluent.deploycfg|awk '{print $2}')
|
||||
profile=$(grep ^profile: /etc/confluent/confluent.deploycfg|sed -e 's/^profile: //')
|
||||
nodename=$(grep ^NODENAME /etc/confluent/confluent.info|awk '{print $2}')
|
||||
export mgr profile nodename
|
||||
mkdir -p /mnt/etc/confluent
|
||||
chmod 700 /mnt/etc/confluent
|
||||
chmod 600 /tmp/confluent.*
|
||||
cp /tmp/functions /mnt/etc/confluent/
|
||||
. /tmp/functions
|
||||
cp /tmp/confluent.* /mnt/etc/confluent/
|
||||
|
||||
@ -28,7 +28,7 @@ echo /usr/lib/ssh/ssh-keysign root:root 4711 >> /mnt/etc/permissions.local
|
||||
chmod 4711 /mnt/usr/lib/ssh/ssh-keysign
|
||||
|
||||
# Download list of nodes from confluent, and put it into shosts.equiv (for most users) and .shosts (for root)
|
||||
curl -f -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $(cat /tmp/confluent.apikey)" https://$mgr/confluent-api/self/nodelist > /tmp/allnodes
|
||||
curl -f -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $(cat /etc/confluent/confluent.apikey)" https://$mgr/confluent-api/self/nodelist > /tmp/allnodes
|
||||
cp /tmp/allnodes /mnt/root/.shosts
|
||||
cp /tmp/allnodes /mnt/etc/ssh/shosts.equiv
|
||||
|
||||
|
||||
Reference in New Issue
Block a user