From d17b1d060c2511383e1f2df801d407051dbae685 Mon Sep 17 00:00:00 2001 From: Jarrod Johnson Date: Mon, 3 May 2021 12:48:08 -0400 Subject: [PATCH] Prepend confluent_ to vars and switch to explicitly requesting directory The 'profile' variable notably induces dracut to be excruciatingly slow, mitigate chance by putting confluent before apikey, mgr, and profile. Further, it has been requested to have the scripts use same name on server for directory moving forward. Implement this request while allowing existing OS profiles to keep working. --- .../el7/profiles/default/kickstart | 22 ++++----- .../el7/profiles/default/scripts/firstboot.sh | 14 +++--- .../el7/profiles/default/scripts/functions | 24 +++++----- .../el7/profiles/default/scripts/post.sh | 6 +-- .../el7/profiles/default/scripts/pre.sh | 10 ++-- .../el7/profiles/default/scripts/setupssh.sh | 2 +- .../el8/profiles/default/kickstart | 22 ++++----- .../el8/profiles/default/scripts/firstboot.sh | 14 +++--- .../el8/profiles/default/scripts/functions | 24 +++++----- .../el8/profiles/default/scripts/post.sh | 6 +-- .../el8/profiles/default/scripts/pre.sh | 10 ++-- .../el8/profiles/default/scripts/setupssh.sh | 2 +- .../profiles/default/scripts/functions | 20 ++++---- .../suse15/profiles/hpc/autoyast | 16 +++---- .../suse15/profiles/hpc/scripts/firstboot.sh | 12 ++--- .../suse15/profiles/hpc/scripts/functions | 46 +++++++++++++++++-- .../suse15/profiles/hpc/scripts/post.sh | 12 ++--- .../suse15/profiles/hpc/scripts/pre.sh | 4 +- .../suse15/profiles/hpc/scripts/prechroot.sh | 4 +- .../suse15/profiles/hpc/scripts/setupssh.sh | 2 +- .../profiles/default/scripts/firstboot.sh | 10 ++-- .../profiles/default/scripts/functions | 22 ++++----- .../profiles/default/scripts/post.sh | 8 ++-- .../profiles/default/scripts/pre.sh | 6 +-- confluent_server/confluent/selfservice.py | 9 ++-- 25 files changed, 183 insertions(+), 144 deletions(-) diff --git a/confluent_osdeploy/el7/profiles/default/kickstart b/confluent_osdeploy/el7/profiles/default/kickstart index 4371b721..b6512f0d 100644 --- a/confluent_osdeploy/el7/profiles/default/kickstart +++ b/confluent_osdeploy/el7/profiles/default/kickstart @@ -50,23 +50,23 @@ pciutils %include /tmp/kickstart.custom %pre -profile=$(grep ^profile: /etc/confluent/confluent.deploycfg |awk '{print $2}') -mgr=$(grep deploy_server /etc/confluent/confluent.deploycfg |awk '{print $2}') -curl -f https://$mgr/confluent-public/os/$profile/scripts/pre.sh > /tmp/preinst.sh +confluent_profile=$(grep ^profile: /etc/confluent/confluent.deploycfg |awk '{print $2}') +confluent_mgr=$(grep deploy_server /etc/confluent/confluent.deploycfg |awk '{print $2}') +curl -f https://$confluent_mgr/confluent-public/os/$confluent_profile/scripts/pre.sh > /tmp/preinst.sh . /tmp/preinst.sh %end %post --nochroot mkdir -p /mnt/sysimage/etc/confluent -profile=$(grep ^profile: /etc/confluent/confluent.deploycfg |awk '{print $2}') -mgr=$(grep deploy_server /etc/confluent/confluent.deploycfg |awk '{print $2}') -curl -f https://$mgr/confluent-public/os/$profile/scripts/prechroot.sh > /tmp/postinst.sh +confluent_profile=$(grep ^profile: /etc/confluent/confluent.deploycfg |awk '{print $2}') +confluent_mgr=$(grep deploy_server /etc/confluent/confluent.deploycfg |awk '{print $2}') +curl -f https://$confluent_mgr/confluent-public/os/$confluent_profile/scripts/prechroot.sh > /tmp/postinst.sh . /tmp/postinst.sh # Hook firstboot.sh -curl -f https://$mgr/confluent-public/os/$profile/scripts/firstboot.service > /mnt/sysimage/etc/systemd/system/firstboot.service +curl -f https://$confluent_mgr/confluent-public/os/$confluent_profile/scripts/firstboot.service > /mnt/sysimage/etc/systemd/system/firstboot.service mkdir -p /mnt/sysimage/opt/confluent/bin -curl -f https://$mgr/confluent-public/os/$profile/scripts/firstboot.sh > /mnt/sysimage/opt/confluent/bin/firstboot.sh +curl -f https://$confluent_mgr/confluent-public/os/$confluent_profile/scripts/firstboot.sh > /mnt/sysimage/opt/confluent/bin/firstboot.sh chmod +x /mnt/sysimage/opt/confluent/bin/firstboot.sh %end @@ -75,8 +75,8 @@ cat /etc/confluent/tls/*.pem >> /etc/pki/tls/certs/ca-bundle.crt systemctl enable firstboot chgrp ssh_keys /etc/ssh/ssh*key restorecon /etc/ssh/ssh*key /root/.shosts /etc/ssh/shosts.equiv /etc/ssh/ssh_config.d/* /opt/confluent/bin/firstboot.sh -profile=$(grep ^profile: /etc/confluent/confluent.deploycfg |awk '{print $2}') -mgr=$(grep deploy_server /etc/confluent/confluent.deploycfg |awk '{print $2}') -curl -f https://$mgr/confluent-public/os/$profile/scripts/post.sh > /tmp/postinst.sh +confluent_profile=$(grep ^profile: /etc/confluent/confluent.deploycfg |awk '{print $2}') +confluent_mgr=$(grep deploy_server /etc/confluent/confluent.deploycfg |awk '{print $2}') +curl -f https://$confluent_mgr/confluent-public/os/$confluent_profile/scripts/post.sh > /tmp/postinst.sh . /tmp/postinst.sh %end diff --git a/confluent_osdeploy/el7/profiles/default/scripts/firstboot.sh b/confluent_osdeploy/el7/profiles/default/scripts/firstboot.sh index 9b754056..73d10d98 100644 --- a/confluent_osdeploy/el7/profiles/default/scripts/firstboot.sh +++ b/confluent_osdeploy/el7/profiles/default/scripts/firstboot.sh @@ -6,10 +6,10 @@ # the script notifies confluent that install is fully complete. nodename=$(grep ^NODENAME /etc/confluent/confluent.info|awk '{print $2}') -apikey=$(cat /etc/confluent/confluent.apikey) -mgr=$(grep deploy_server /etc/confluent/confluent.deploycfg|awk '{print $2}') -profile=$(grep ^profile: /etc/confluent/confluent.deploycfg|awk '{print $2}') -export nodename mgr profile +confluent_apikey=$(cat /etc/confluent/confluent.apikey) +confluent_mgr=$(grep deploy_server /etc/confluent/confluent.deploycfg|awk '{print $2}') +confluent_profile=$(grep ^profile: /etc/confluent/confluent.deploycfg|awk '{print $2}') +export nodename confluent_mgr confluent_profile . /etc/confluent/functions exec >> /var/log/confluent/confluent-firstboot.log exec 2>> /var/log/confluent/confluent-firstboot.log @@ -23,13 +23,13 @@ if [ ! -f /etc/confluent/firstboot.ran ]; then run_remote firstboot.custom # Firstboot scripts may be placed into firstboot.d, e.g. firstboot.d/01-firstaction.sh, firstboot.d/02-secondaction.sh - run_remote_parts firstboot + run_remote_parts firstboot.d # Induce execution of remote configuration, e.g. ansible plays in ansible/firstboot.d/ - run_remote_config firstboot + run_remote_config firstboot.d fi -curl -X POST -d 'status: complete' -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $apikey" https://$mgr/confluent-api/self/updatestatus +curl -X POST -d 'status: complete' -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $confluent_apikey" https://$confluent_mgr/confluent-api/self/updatestatus systemctl disable firstboot rm /etc/systemd/system/firstboot.service rm /etc/confluent/firstboot.ran diff --git a/confluent_osdeploy/el7/profiles/default/scripts/functions b/confluent_osdeploy/el7/profiles/default/scripts/functions index 4919a918..c930044d 100644 --- a/confluent_osdeploy/el7/profiles/default/scripts/functions +++ b/confluent_osdeploy/el7/profiles/default/scripts/functions @@ -1,9 +1,9 @@ function set_confluent_vars() { - if [ -z "$mgr" ]; then - mgr=$(grep ^deploy_server: /etc/confluent/confluent.deploycfg | sed -e 's/[^ ]*: //') + if [ -z "$confluent_mgr" ]; then + confluent_mgr=$(grep ^deploy_server: /etc/confluent/confluent.deploycfg | sed -e 's/[^ ]*: //') fi - if [ -z "$profile" ]; then - profile=$(grep ^profile: /etc/confluent/confluent.deploycfg | sed -e 's/[^ ]*: //') + if [ -z "$confluent_profile" ]; then + confluent_profile=$(grep ^profile: /etc/confluent/confluent.deploycfg | sed -e 's/[^ ]*: //') fi } @@ -14,7 +14,7 @@ fetch_remote() { fi set_confluent_vars mkdir -p $(dirname $1) - curl -f -sS $curlargs https://$mgr/confluent-public/os/$profile/scripts/$1 > $1 + curl -f -sS $curlargs https://$confluent_mgr/confluent-public/os/$confluent_profile/scripts/$1 > $1 if [ $? != 0 ]; then echo $1 failed to download; return 1; fi } @@ -22,7 +22,7 @@ source_remote_parts() { confluentscripttmpdir=$(mktemp -d) scriptlist=$(/usr/libexec/platform-python /etc/confluent/apiclient /confluent-api/self/scriptlist/$1|sed -e 's/^- //') for script in $scriptlist; do - source_remote $1.d/$script + source_remote $1/$script done unset confluentscripttmpdir } @@ -31,7 +31,7 @@ run_remote_parts() { confluentscripttmpdir=$(mktemp -d) scriptlist=$(/usr/libexec/platform-python /etc/confluent/apiclient /confluent-api/self/scriptlist/$1|sed -e 's/^- //') for script in $scriptlist; do - run_remote $1.d/$script + run_remote $1/$script done unset confluentscripttmpdir } @@ -40,7 +40,7 @@ source_remote() { set_confluent_vars echo echo '---------------------------------------------------------------------------' - echo Sourcing $1 from https://$mgr/confluent-public/os/$profile/scripts/ + echo Sourcing $1 from https://$confluent_mgr/confluent-public/os/$confluent_profile/scripts/ if [ -z "$confluentscripttmpdir" ]; then confluentscripttmpdir=$(mktemp -d) fi @@ -61,7 +61,7 @@ run_remote() { set_confluent_vars echo echo '---------------------------------------------------------------------------' - echo Running $requestedcmd from https://$mgr/confluent-public/os/$profile/scripts/ + echo Running $requestedcmd from https://$confluent_mgr/confluent-public/os/$confluent_profile/scripts/ if [ -z "$confluentscripttmpdir" ]; then confluentscripttmpdir=$(mktemp -d) fi @@ -91,12 +91,12 @@ run_remote_python() { curlargs=" --cacert /etc/confluent/ca.pem" fi echo '---------------------------------------------------------------------------' - echo Running python script "'$*'" from https://$mgr/confluent-public/os/$profile/scripts/ + echo Running python script "'$*'" from https://$confluent_mgr/confluent-public/os/$confluent_profile/scripts/ tmpdir=$(mktemp -d) echo Executing in $tmpdir cd $tmpdir mkdir -p $(dirname $1) - curl -f -sS $curlargs https://$mgr/confluent-public/os/$profile/scripts/$1 > $1 + curl -f -sS $curlargs https://$confluent_mgr/confluent-public/os/$confluent_profile/scripts/$1 > $1 if [ $? != 0 ]; then echo "'$*'" failed to download; return 1; fi if [ -x /usr/libexec/platform-python ]; then /usr/libexec/platform-python $* @@ -117,7 +117,7 @@ run_remote_config() { apiclient=/etc/confluent/apiclient fi echo '---------------------------------------------------------------------------' - echo Requesting to run remote configuration for "'$*'" from $mgr under profile $profile + echo Requesting to run remote configuration for "'$*'" from $confluent_mgr under profile $confluent_profile if [ -x /usr/libexec/platform-python ]; then /usr/libexec/platform-python $apiclient /confluent-api/self/remoteconfig/"$*" -d {} /usr/libexec/platform-python $apiclient /confluent-api/self/remoteconfig/status -w 204 diff --git a/confluent_osdeploy/el7/profiles/default/scripts/post.sh b/confluent_osdeploy/el7/profiles/default/scripts/post.sh index f6fa2d07..408cfee4 100644 --- a/confluent_osdeploy/el7/profiles/default/scripts/post.sh +++ b/confluent_osdeploy/el7/profiles/default/scripts/post.sh @@ -41,9 +41,9 @@ run_remote_python syncfileclient run_remote post.custom # Also, scripts may be placed into 'post.d', e.g. post.d/01-runfirst.sh, post.d/02-runsecond.sh -run_remote_parts post +run_remote_parts post.d # Induce execution of remote configuration, e.g. ansible plays in ansible/post.d/ -run_remote_config post -curl -sf -X POST -d 'status: staged' -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $apikey" https://$mgr/confluent-api/self/updatestatus +run_remote_config post.d +curl -sf -X POST -d 'status: staged' -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $apikey" https://$confluent_mgr/confluent-api/self/updatestatus kill $logshowpid diff --git a/confluent_osdeploy/el7/profiles/default/scripts/pre.sh b/confluent_osdeploy/el7/profiles/default/scripts/pre.sh index 63922ae8..5695e550 100644 --- a/confluent_osdeploy/el7/profiles/default/scripts/pre.sh +++ b/confluent_osdeploy/el7/profiles/default/scripts/pre.sh @@ -35,7 +35,7 @@ if [ "$rootpw" = null ]; then else echo "rootpw --iscrypted $rootpw" > /tmp/rootpw fi -curl -sf https://$mgr/confluent-public/os/$profile/profile.yaml > /tmp/instprofile.yaml +curl -sf https://$confluent_mgr/confluent-public/os/$confluent_profile/profile.yaml > /tmp/instprofile.yaml blargs=$(grep ^installedargs: /tmp/instprofile.yaml | sed -e 's/#.*//' -e 's/^installedargs: //') if [ ! -z "$blargs" ]; then blargs=' --append="'$blargs'"' @@ -52,7 +52,7 @@ fi ssh-keygen -A for pubkey in /etc/ssh/ssh_host*key.pub; do certfile=${pubkey/.pub/-cert.pub} - curl -sf -X POST -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $(cat /etc/confluent/confluent.apikey)" -d @$pubkey https://$mgr/confluent-api/self/sshcert > $certfile + curl -sf -X POST -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $(cat /etc/confluent/confluent.apikey)" -d @$pubkey https://$confluent_mgr/confluent-api/self/sshcert > $certfile echo HostCertificate $certfile >> /etc/ssh/sshd_config.anaconda done /usr/sbin/sshd -f /etc/ssh/sshd_config.anaconda @@ -66,10 +66,10 @@ fi export mgr profile nodename -curl -sf https://$mgr/confluent-public/os/$profile/scripts/functions > /tmp/functions +curl -sf https://$confluent_mgr/confluent-public/os/$confluent_profile/scripts/functions > /tmp/functions . /tmp/functions run_remote pre.custom -run_remote_parts pre +run_remote_parts pre.d if [ ! -e /tmp/installdisk ]; then run_remote_python getinstalldisk fi @@ -78,5 +78,5 @@ if [ -e /tmp/installdisk -a ! -e /tmp/partitioning ]; then echo ignoredisk --only-use $(cat /tmp/installdisk) >> /tmp/partitioning echo autopart --nohome $LUKSPARTY >> /tmp/partitioning fi -python /etc/confluent/apiclient /confluent-public/os/$profile/kickstart.custom -o /tmp/kickstart.custom +python /etc/confluent/apiclient /confluent-public/os/$confluent_profile/kickstart.custom -o /tmp/kickstart.custom kill $logshowpid diff --git a/confluent_osdeploy/el7/profiles/default/scripts/setupssh.sh b/confluent_osdeploy/el7/profiles/default/scripts/setupssh.sh index 909829c5..f06c4d61 100644 --- a/confluent_osdeploy/el7/profiles/default/scripts/setupssh.sh +++ b/confluent_osdeploy/el7/profiles/default/scripts/setupssh.sh @@ -18,6 +18,6 @@ chmod 700 /mnt/sysimage/root/.ssh/ cp /root/.ssh/authorized_keys /mnt/sysimage/root/.ssh/ chmod 600 /mnt/sysimage/root/.ssh/authorized_keys cp /etc/ssh/ssh_known_hosts /mnt/sysimage/etc/ssh/ -curl -f -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $(cat /etc/confluent/confluent.apikey)" https://$mgr/confluent-api/self/nodelist > /tmp/allnodes +curl -f -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $(cat /etc/confluent/confluent.apikey)" https://$confluent_mgr/confluent-api/self/nodelist > /tmp/allnodes cp /tmp/allnodes /mnt/sysimage/etc/ssh/shosts.equiv cp /tmp/allnodes /mnt/sysimage/root/.shosts diff --git a/confluent_osdeploy/el8/profiles/default/kickstart b/confluent_osdeploy/el8/profiles/default/kickstart index 63b56ce6..25f476da 100644 --- a/confluent_osdeploy/el8/profiles/default/kickstart +++ b/confluent_osdeploy/el8/profiles/default/kickstart @@ -52,23 +52,23 @@ pciutils %include /tmp/kickstart.custom %pre -profile=$(grep ^profile: /etc/confluent/confluent.deploycfg |awk '{print $2}') -mgr=$(grep deploy_server /etc/confluent/confluent.deploycfg |awk '{print $2}') -curl -f https://$mgr/confluent-public/os/$profile/scripts/pre.sh > /tmp/preinst.sh +confluent_profile=$(grep ^profile: /etc/confluent/confluent.deploycfg |awk '{print $2}') +confluent_mgr=$(grep deploy_server /etc/confluent/confluent.deploycfg |awk '{print $2}') +curl -f https://$confluent_mgr/confluent-public/os/$confluent_profile/scripts/pre.sh > /tmp/preinst.sh . /tmp/preinst.sh %end %post --nochroot mkdir -p /mnt/sysimage/etc/confluent -profile=$(grep ^profile: /etc/confluent/confluent.deploycfg |awk '{print $2}') -mgr=$(grep deploy_server /etc/confluent/confluent.deploycfg |awk '{print $2}') -curl -f https://$mgr/confluent-public/os/$profile/scripts/prechroot.sh > /tmp/postinst.sh +confluent_profile=$(grep ^profile: /etc/confluent/confluent.deploycfg |awk '{print $2}') +confluent_mgr=$(grep deploy_server /etc/confluent/confluent.deploycfg |awk '{print $2}') +curl -f https://$confluent_mgr/confluent-public/os/$confluent_profile/scripts/prechroot.sh > /tmp/postinst.sh . /tmp/postinst.sh # Hook firstboot.sh -curl -f https://$mgr/confluent-public/os/$profile/scripts/firstboot.service > /mnt/sysimage/etc/systemd/system/firstboot.service +curl -f https://$confluent_mgr/confluent-public/os/$confluent_profile/scripts/firstboot.service > /mnt/sysimage/etc/systemd/system/firstboot.service mkdir -p /mnt/sysimage/opt/confluent/bin -curl -f https://$mgr/confluent-public/os/$profile/scripts/firstboot.sh > /mnt/sysimage/opt/confluent/bin/firstboot.sh +curl -f https://$confluent_mgr/confluent-public/os/$confluent_profile/scripts/firstboot.sh > /mnt/sysimage/opt/confluent/bin/firstboot.sh chmod +x /mnt/sysimage/opt/confluent/bin/firstboot.sh %end @@ -77,8 +77,8 @@ cat /etc/confluent/tls/*.pem >> /etc/pki/tls/certs/ca-bundle.crt systemctl enable firstboot chgrp ssh_keys /etc/ssh/ssh*key restorecon /etc/ssh/ssh*key /root/.shosts /etc/ssh/shosts.equiv /etc/ssh/ssh_config.d/* /opt/confluent/bin/firstboot.sh -profile=$(grep ^profile: /etc/confluent/confluent.deploycfg |awk '{print $2}') -mgr=$(grep deploy_server /etc/confluent/confluent.deploycfg |awk '{print $2}') -curl -f https://$mgr/confluent-public/os/$profile/scripts/post.sh > /tmp/postinst.sh +confluent_profile=$(grep ^profile: /etc/confluent/confluent.deploycfg |awk '{print $2}') +confluent_mgr=$(grep deploy_server /etc/confluent/confluent.deploycfg |awk '{print $2}') +curl -f https://$confluent_mgr/confluent-public/os/$confluent_profile/scripts/post.sh > /tmp/postinst.sh . /tmp/postinst.sh %end diff --git a/confluent_osdeploy/el8/profiles/default/scripts/firstboot.sh b/confluent_osdeploy/el8/profiles/default/scripts/firstboot.sh index 9b754056..73d10d98 100644 --- a/confluent_osdeploy/el8/profiles/default/scripts/firstboot.sh +++ b/confluent_osdeploy/el8/profiles/default/scripts/firstboot.sh @@ -6,10 +6,10 @@ # the script notifies confluent that install is fully complete. nodename=$(grep ^NODENAME /etc/confluent/confluent.info|awk '{print $2}') -apikey=$(cat /etc/confluent/confluent.apikey) -mgr=$(grep deploy_server /etc/confluent/confluent.deploycfg|awk '{print $2}') -profile=$(grep ^profile: /etc/confluent/confluent.deploycfg|awk '{print $2}') -export nodename mgr profile +confluent_apikey=$(cat /etc/confluent/confluent.apikey) +confluent_mgr=$(grep deploy_server /etc/confluent/confluent.deploycfg|awk '{print $2}') +confluent_profile=$(grep ^profile: /etc/confluent/confluent.deploycfg|awk '{print $2}') +export nodename confluent_mgr confluent_profile . /etc/confluent/functions exec >> /var/log/confluent/confluent-firstboot.log exec 2>> /var/log/confluent/confluent-firstboot.log @@ -23,13 +23,13 @@ if [ ! -f /etc/confluent/firstboot.ran ]; then run_remote firstboot.custom # Firstboot scripts may be placed into firstboot.d, e.g. firstboot.d/01-firstaction.sh, firstboot.d/02-secondaction.sh - run_remote_parts firstboot + run_remote_parts firstboot.d # Induce execution of remote configuration, e.g. ansible plays in ansible/firstboot.d/ - run_remote_config firstboot + run_remote_config firstboot.d fi -curl -X POST -d 'status: complete' -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $apikey" https://$mgr/confluent-api/self/updatestatus +curl -X POST -d 'status: complete' -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $confluent_apikey" https://$confluent_mgr/confluent-api/self/updatestatus systemctl disable firstboot rm /etc/systemd/system/firstboot.service rm /etc/confluent/firstboot.ran diff --git a/confluent_osdeploy/el8/profiles/default/scripts/functions b/confluent_osdeploy/el8/profiles/default/scripts/functions index 4919a918..c930044d 100644 --- a/confluent_osdeploy/el8/profiles/default/scripts/functions +++ b/confluent_osdeploy/el8/profiles/default/scripts/functions @@ -1,9 +1,9 @@ function set_confluent_vars() { - if [ -z "$mgr" ]; then - mgr=$(grep ^deploy_server: /etc/confluent/confluent.deploycfg | sed -e 's/[^ ]*: //') + if [ -z "$confluent_mgr" ]; then + confluent_mgr=$(grep ^deploy_server: /etc/confluent/confluent.deploycfg | sed -e 's/[^ ]*: //') fi - if [ -z "$profile" ]; then - profile=$(grep ^profile: /etc/confluent/confluent.deploycfg | sed -e 's/[^ ]*: //') + if [ -z "$confluent_profile" ]; then + confluent_profile=$(grep ^profile: /etc/confluent/confluent.deploycfg | sed -e 's/[^ ]*: //') fi } @@ -14,7 +14,7 @@ fetch_remote() { fi set_confluent_vars mkdir -p $(dirname $1) - curl -f -sS $curlargs https://$mgr/confluent-public/os/$profile/scripts/$1 > $1 + curl -f -sS $curlargs https://$confluent_mgr/confluent-public/os/$confluent_profile/scripts/$1 > $1 if [ $? != 0 ]; then echo $1 failed to download; return 1; fi } @@ -22,7 +22,7 @@ source_remote_parts() { confluentscripttmpdir=$(mktemp -d) scriptlist=$(/usr/libexec/platform-python /etc/confluent/apiclient /confluent-api/self/scriptlist/$1|sed -e 's/^- //') for script in $scriptlist; do - source_remote $1.d/$script + source_remote $1/$script done unset confluentscripttmpdir } @@ -31,7 +31,7 @@ run_remote_parts() { confluentscripttmpdir=$(mktemp -d) scriptlist=$(/usr/libexec/platform-python /etc/confluent/apiclient /confluent-api/self/scriptlist/$1|sed -e 's/^- //') for script in $scriptlist; do - run_remote $1.d/$script + run_remote $1/$script done unset confluentscripttmpdir } @@ -40,7 +40,7 @@ source_remote() { set_confluent_vars echo echo '---------------------------------------------------------------------------' - echo Sourcing $1 from https://$mgr/confluent-public/os/$profile/scripts/ + echo Sourcing $1 from https://$confluent_mgr/confluent-public/os/$confluent_profile/scripts/ if [ -z "$confluentscripttmpdir" ]; then confluentscripttmpdir=$(mktemp -d) fi @@ -61,7 +61,7 @@ run_remote() { set_confluent_vars echo echo '---------------------------------------------------------------------------' - echo Running $requestedcmd from https://$mgr/confluent-public/os/$profile/scripts/ + echo Running $requestedcmd from https://$confluent_mgr/confluent-public/os/$confluent_profile/scripts/ if [ -z "$confluentscripttmpdir" ]; then confluentscripttmpdir=$(mktemp -d) fi @@ -91,12 +91,12 @@ run_remote_python() { curlargs=" --cacert /etc/confluent/ca.pem" fi echo '---------------------------------------------------------------------------' - echo Running python script "'$*'" from https://$mgr/confluent-public/os/$profile/scripts/ + echo Running python script "'$*'" from https://$confluent_mgr/confluent-public/os/$confluent_profile/scripts/ tmpdir=$(mktemp -d) echo Executing in $tmpdir cd $tmpdir mkdir -p $(dirname $1) - curl -f -sS $curlargs https://$mgr/confluent-public/os/$profile/scripts/$1 > $1 + curl -f -sS $curlargs https://$confluent_mgr/confluent-public/os/$confluent_profile/scripts/$1 > $1 if [ $? != 0 ]; then echo "'$*'" failed to download; return 1; fi if [ -x /usr/libexec/platform-python ]; then /usr/libexec/platform-python $* @@ -117,7 +117,7 @@ run_remote_config() { apiclient=/etc/confluent/apiclient fi echo '---------------------------------------------------------------------------' - echo Requesting to run remote configuration for "'$*'" from $mgr under profile $profile + echo Requesting to run remote configuration for "'$*'" from $confluent_mgr under profile $confluent_profile if [ -x /usr/libexec/platform-python ]; then /usr/libexec/platform-python $apiclient /confluent-api/self/remoteconfig/"$*" -d {} /usr/libexec/platform-python $apiclient /confluent-api/self/remoteconfig/status -w 204 diff --git a/confluent_osdeploy/el8/profiles/default/scripts/post.sh b/confluent_osdeploy/el8/profiles/default/scripts/post.sh index f6fa2d07..408cfee4 100644 --- a/confluent_osdeploy/el8/profiles/default/scripts/post.sh +++ b/confluent_osdeploy/el8/profiles/default/scripts/post.sh @@ -41,9 +41,9 @@ run_remote_python syncfileclient run_remote post.custom # Also, scripts may be placed into 'post.d', e.g. post.d/01-runfirst.sh, post.d/02-runsecond.sh -run_remote_parts post +run_remote_parts post.d # Induce execution of remote configuration, e.g. ansible plays in ansible/post.d/ -run_remote_config post -curl -sf -X POST -d 'status: staged' -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $apikey" https://$mgr/confluent-api/self/updatestatus +run_remote_config post.d +curl -sf -X POST -d 'status: staged' -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $apikey" https://$confluent_mgr/confluent-api/self/updatestatus kill $logshowpid diff --git a/confluent_osdeploy/el8/profiles/default/scripts/pre.sh b/confluent_osdeploy/el8/profiles/default/scripts/pre.sh index 63922ae8..5695e550 100644 --- a/confluent_osdeploy/el8/profiles/default/scripts/pre.sh +++ b/confluent_osdeploy/el8/profiles/default/scripts/pre.sh @@ -35,7 +35,7 @@ if [ "$rootpw" = null ]; then else echo "rootpw --iscrypted $rootpw" > /tmp/rootpw fi -curl -sf https://$mgr/confluent-public/os/$profile/profile.yaml > /tmp/instprofile.yaml +curl -sf https://$confluent_mgr/confluent-public/os/$confluent_profile/profile.yaml > /tmp/instprofile.yaml blargs=$(grep ^installedargs: /tmp/instprofile.yaml | sed -e 's/#.*//' -e 's/^installedargs: //') if [ ! -z "$blargs" ]; then blargs=' --append="'$blargs'"' @@ -52,7 +52,7 @@ fi ssh-keygen -A for pubkey in /etc/ssh/ssh_host*key.pub; do certfile=${pubkey/.pub/-cert.pub} - curl -sf -X POST -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $(cat /etc/confluent/confluent.apikey)" -d @$pubkey https://$mgr/confluent-api/self/sshcert > $certfile + curl -sf -X POST -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $(cat /etc/confluent/confluent.apikey)" -d @$pubkey https://$confluent_mgr/confluent-api/self/sshcert > $certfile echo HostCertificate $certfile >> /etc/ssh/sshd_config.anaconda done /usr/sbin/sshd -f /etc/ssh/sshd_config.anaconda @@ -66,10 +66,10 @@ fi export mgr profile nodename -curl -sf https://$mgr/confluent-public/os/$profile/scripts/functions > /tmp/functions +curl -sf https://$confluent_mgr/confluent-public/os/$confluent_profile/scripts/functions > /tmp/functions . /tmp/functions run_remote pre.custom -run_remote_parts pre +run_remote_parts pre.d if [ ! -e /tmp/installdisk ]; then run_remote_python getinstalldisk fi @@ -78,5 +78,5 @@ if [ -e /tmp/installdisk -a ! -e /tmp/partitioning ]; then echo ignoredisk --only-use $(cat /tmp/installdisk) >> /tmp/partitioning echo autopart --nohome $LUKSPARTY >> /tmp/partitioning fi -python /etc/confluent/apiclient /confluent-public/os/$profile/kickstart.custom -o /tmp/kickstart.custom +python /etc/confluent/apiclient /confluent-public/os/$confluent_profile/kickstart.custom -o /tmp/kickstart.custom kill $logshowpid diff --git a/confluent_osdeploy/el8/profiles/default/scripts/setupssh.sh b/confluent_osdeploy/el8/profiles/default/scripts/setupssh.sh index 909829c5..f06c4d61 100644 --- a/confluent_osdeploy/el8/profiles/default/scripts/setupssh.sh +++ b/confluent_osdeploy/el8/profiles/default/scripts/setupssh.sh @@ -18,6 +18,6 @@ chmod 700 /mnt/sysimage/root/.ssh/ cp /root/.ssh/authorized_keys /mnt/sysimage/root/.ssh/ chmod 600 /mnt/sysimage/root/.ssh/authorized_keys cp /etc/ssh/ssh_known_hosts /mnt/sysimage/etc/ssh/ -curl -f -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $(cat /etc/confluent/confluent.apikey)" https://$mgr/confluent-api/self/nodelist > /tmp/allnodes +curl -f -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $(cat /etc/confluent/confluent.apikey)" https://$confluent_mgr/confluent-api/self/nodelist > /tmp/allnodes cp /tmp/allnodes /mnt/sysimage/etc/ssh/shosts.equiv cp /tmp/allnodes /mnt/sysimage/root/.shosts diff --git a/confluent_osdeploy/genesis/profiles/default/scripts/functions b/confluent_osdeploy/genesis/profiles/default/scripts/functions index 3af34a16..49bb5038 100644 --- a/confluent_osdeploy/genesis/profiles/default/scripts/functions +++ b/confluent_osdeploy/genesis/profiles/default/scripts/functions @@ -1,9 +1,9 @@ function set_confluent_vars() { - if [ -z "$mgr" ]; then - mgr=$(grep ^deploy_server: /etc/confluent/confluent.deploycfg | sed -e 's/[^ ]*: //') + if [ -z "$confluent_mgr" ]; then + confluent_mgr=$(grep ^deploy_server: /etc/confluent/confluent.deploycfg | sed -e 's/[^ ]*: //') fi - if [ -z "$profile" ]; then - profile=$(grep ^profile: /etc/confluent/confluent.deploycfg | sed -e 's/[^ ]*: //') + if [ -z "$confluent_profile" ]; then + confluent_profile=$(grep ^profile: /etc/confluent/confluent.deploycfg | sed -e 's/[^ ]*: //') fi } @@ -12,7 +12,7 @@ fetch_remote() { curlargs=" --cacert /etc/confluent/ca.pem" fi set_confluent_vars - curl -f -sS $curlargs https://$mgr/confluent-public/os/$profile/scripts/$1 > $1 + curl -f -sS $curlargs https://$confluent_mgr/confluent-public/os/$confluent_profile/scripts/$1 > $1 if [ $? != 0 ]; then echo $1 failed to download; return 1; fi } @@ -25,11 +25,11 @@ run_remote() { set_confluent_vars echo echo '---------------------------------------------------------------------------' - echo Running $requestedcmd from https://$mgr/confluent-public/os/$profile/scripts/ + echo Running $requestedcmd from https://$confluent_mgr/confluent-public/os/$confluent_profile/scripts/ tmpdir=$(mktemp -d) echo Executing in $tmpdir cd $tmpdir - curl -f -sS $curlargs https://$mgr/confluent-public/os/$profile/scripts/$1 > $1 + curl -f -sS $curlargs https://$confluent_mgr/confluent-public/os/$confluent_profile/scripts/$1 > $1 if [ $? != 0 ]; then echo $requestedcmd failed to download; return 1; fi chmod +x $1 cmd=$1 @@ -51,11 +51,11 @@ run_remote_python() { curlargs=" --cacert /etc/confluent/ca.pem" fi echo '---------------------------------------------------------------------------' - echo Running python script "'$*'" from https://$mgr/confluent-public/os/$profile/scripts/ + echo Running python script "'$*'" from https://$confluent_mgr/confluent-public/os/$confluent_profile/scripts/ tmpdir=$(mktemp -d) echo Executing in $tmpdir cd $tmpdir - curl -f -sS $curlargs https://$mgr/confluent-public/os/$profile/scripts/$1 > $1 + curl -f -sS $curlargs https://$confluent_mgr/confluent-public/os/$confluent_profile/scripts/$1 > $1 if [ $? != 0 ]; then echo "'$*'" failed to download; return 1; fi /usr/libexec/platform-python $* retcode=$? @@ -72,7 +72,7 @@ run_remote_config() { apiclient=/etc/confluent/apiclient fi echo '---------------------------------------------------------------------------' - echo Requesting to run remote configuration for "'$*'" from $mgr under profile $profile + echo Requesting to run remote configuration for "'$*'" from $confluent_mgr under profile $confluent_profile /usr/libexec/platform-python $apiclient /confluent-api/self/remoteconfig/"$*" -d {} /usr/libexec/platform-python $apiclient /confluent-api/self/remoteconfig/status -w 204 echo diff --git a/confluent_osdeploy/suse15/profiles/hpc/autoyast b/confluent_osdeploy/suse15/profiles/hpc/autoyast index e485c8d7..7aec831c 100644 --- a/confluent_osdeploy/suse15/profiles/hpc/autoyast +++ b/confluent_osdeploy/suse15/profiles/hpc/autoyast @@ -103,10 +103,10 @@ dynamic behavior and replace with static configuration. /tmp/pre.sh +curl $proto://$confluent_mgr/confluent-public/os/$confluent_profile/scripts/pre.sh > /tmp/pre.sh . /tmp/pre.sh ]]> @@ -119,13 +119,13 @@ curl $proto://$mgr/confluent-public/os/$profile/scripts/pre.sh > /tmp/pre.sh /tmp/prechroot.sh +curl $proto://$confluent_mgr/confluent-public/os/$confluent_profile/scripts/prechroot.sh > /tmp/prechroot.sh . /tmp/prechroot.sh -curl -f $proto://$mgr/confluent-public/os/$profile/scripts/firstboot.sh > /mnt/etc/confluent/firstboot.sh -curl -f $proto://$mgr/confluent-public/os/$profile/scripts/post.sh > /mnt/etc/confluent/post.sh +curl -f $proto://$confluent_mgr/confluent-public/os/$confluent_profile/scripts/firstboot.sh > /mnt/etc/confluent/firstboot.sh +curl -f $proto://$confluent_mgr/confluent-public/os/$confluent_profile/scripts/post.sh > /mnt/etc/confluent/post.sh chmod +x /mnt/etc/confluent/firstboot.sh chmod +x /mnt/etc/confluent/post.sh cp /mnt/etc/confluent/post.sh /mnt/var/adm/autoinstall/scripts/ diff --git a/confluent_osdeploy/suse15/profiles/hpc/scripts/firstboot.sh b/confluent_osdeploy/suse15/profiles/hpc/scripts/firstboot.sh index b0297b03..a5466310 100644 --- a/confluent_osdeploy/suse15/profiles/hpc/scripts/firstboot.sh +++ b/confluent_osdeploy/suse15/profiles/hpc/scripts/firstboot.sh @@ -3,18 +3,18 @@ # This script runs at the end of the final boot, updating status nodename=$(grep ^NODENAME /etc/confluent/confluent.info|awk '{print $2}') -mgr=$(grep ^deploy_server /etc/confluent/confluent.deploycfg|awk '{print $2}') -profile=$(grep ^profile: /etc/confluent/confluent.deploycfg|sed -e 's/^rootpassword: //') +confluent_mgr=$(grep ^deploy_server /etc/confluent/confluent.deploycfg|awk '{print $2}') +confluent_profile=$(grep ^profile: /etc/confluent/confluent.deploycfg|sed -e 's/^rootpassword: //') proto=$(grep ^protocol: /etc/confluent/confluent.deploycfg |awk '{print $2}') -apikey=$(cat /etc/confluent/confluent.apikey) +confluent_apikey=$(cat /etc/confluent/confluent.apikey) . /etc/confluent/functions run_remote firstboot.custom # Firstboot scripts may be placed into firstboot.d, e.g. firstboot.d/01-firstaction.sh, firstboot.d/02-secondaction.sh -run_remote_parts firstboot +run_remote_parts firstboot.d # Induce execution of remote configuration, e.g. ansible plays in ansible/firstboot.d/ -run_remote_config firstboot +run_remote_config firstboot.d -curl --capath /etc/confluent/tls -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $apikey" -f -X POST -d "status: complete" https://$mgr/confluent-api/self/updatestatus +curl --capath /etc/confluent/tls -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $confluent_apikey" -f -X POST -d "status: complete" https://$confluent_mgr/confluent-api/self/updatestatus diff --git a/confluent_osdeploy/suse15/profiles/hpc/scripts/functions b/confluent_osdeploy/suse15/profiles/hpc/scripts/functions index 4c07e5e7..926bcf64 100644 --- a/confluent_osdeploy/suse15/profiles/hpc/scripts/functions +++ b/confluent_osdeploy/suse15/profiles/hpc/scripts/functions @@ -1,12 +1,22 @@ +function set_confluent_vars() { + if [ -z "$confluent_mgr" ]; then + confluent_mgr=$(grep ^deploy_server: /etc/confluent/confluent.deploycfg | sed -e 's/[^ ]*: //') + fi + if [ -z "$confluent_profile" ]; then + confluent_profile=$(grep ^profile: /etc/confluent/confluent.deploycfg | sed -e 's/[^ ]*: //') + fi +} + run_remote() { + set_confluent_vars requestedcmd="'$*'" echo echo '---------------------------------------------------------------------------' - echo Running $requestedcmd from https://$mgr/confluent-public/os/$profile/scripts/ + echo Running $requestedcmd from https://$confluent_mgr/confluent-public/os/$confluent_profile/scripts/ tmpdir=$(mktemp -d) echo Executing in $tmpdir cd $tmpdir - curl -f -sS https://$mgr/confluent-public/os/$profile/scripts/$1 > $1 + curl -f -sS https://$confluent_mgr/confluent-public/os/$confluent_profile/scripts/$1 > $1 if [ $? != 0 ]; then echo $requestedcmd failed to download; return 1; fi chmod +x $1 cmd=$1 @@ -18,14 +28,40 @@ run_remote() { return $retcode } +source_remote_parts() { + confluentscripttmpdir=$(mktemp -d) + apiclient=/opt/confluent/bin/apiclient + if [ -f /etc/confluent/apiclient ]; then + apiclient=/etc/confluent/apiclient + fi + scriptlist=$(/usr/bin/python3 $apiclient /confluent-api/self/scriptlist/$1|sed -e 's/^- //') + for script in $scriptlist; do + source_remote $1/$script + done + unset confluentscripttmpdir +} + +run_remote_parts() { + confluentscripttmpdir=$(mktemp -d) + apiclient=/opt/confluent/bin/apiclient + if [ -f /etc/confluent/apiclient ]; then + apiclient=/etc/confluent/apiclient + fi + scriptlist=$(/usr/bin/python3 $apiclient /confluent-api/self/scriptlist/$1|sed -e 's/^- //') + for script in $scriptlist; do + run_remote $1/$script + done + unset confluentscripttmpdir +} + run_remote_python() { echo echo '---------------------------------------------------------------------------' - echo Running python script "'$*'" from https://$mgr/confluent-public/os/$profile/scripts/ + echo Running python script "'$*'" from https://$confluent_mgr/confluent-public/os/$confluent_profile/scripts/ tmpdir=$(mktemp -d) echo Executing in $tmpdir cd $tmpdir - curl -f -sS https://$mgr/confluent-public/os/$profile/scripts/$1 > $1 + curl -f -sS https://$confluent_mgr/confluent-public/os/$confluent_profile/scripts/$1 > $1 if [ $? != 0 ]; then echo "'$*'" failed to download; return 1; fi python3 $* retcode=$? @@ -42,7 +78,7 @@ run_remote_config() { apiclient=/etc/confluent/apiclient fi echo '---------------------------------------------------------------------------' - echo Requesting to run remote configuration for "'$*'" from $mgr under profile $profile + echo Requesting to run remote configuration for "'$*'" from $confluent_mgr under profile $confluent_profile python3 $apiclient /confluent-api/self/remoteconfig/"$*" -d {} python3 $apiclient /confluent-api/self/remoteconfig/status -w 204 echo diff --git a/confluent_osdeploy/suse15/profiles/hpc/scripts/post.sh b/confluent_osdeploy/suse15/profiles/hpc/scripts/post.sh index 8c64bf29..ff871923 100644 --- a/confluent_osdeploy/suse15/profiles/hpc/scripts/post.sh +++ b/confluent_osdeploy/suse15/profiles/hpc/scripts/post.sh @@ -9,10 +9,10 @@ # If there are dependencies on the kernel (drivers or special filesystems) # then firstboot.sh would be the script to customize. -mgr=$(grep ^deploy_server /etc/confluent/confluent.deploycfg|awk '{print $2}') -profile=$(grep ^profile: /etc/confluent/confluent.deploycfg|sed -e 's/^profile: //') +confluent_mgr=$(grep ^deploy_server /etc/confluent/confluent.deploycfg|awk '{print $2}') +confluent_profile=$(grep ^profile: /etc/confluent/confluent.deploycfg|sed -e 's/^profile: //') nodename=$(grep ^NODENAME /etc/confluent/confluent.info|awk '{print $2}') -apikey=$(cat /etc/confluent/confluent.apikey) +confluent_apikey=$(cat /etc/confluent/confluent.apikey) chmod 700 /etc/confluent chmod og-rwx /etc/confluent/* @@ -28,10 +28,10 @@ run_remote_python syncfileclient run_remote post.custom # Also, scripts may be placed into 'post.d', e.g. post.d/01-runfirst.sh, post.d/02-runsecond.sh -run_remote_parts post +run_remote_parts post.d # Induce execution of remote configuration, e.g. ansible plays in ansible/post.d/ -run_remote_config post +run_remote_config post.d -curl -X POST -d 'status: staged' -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $apikey" https://$mgr/confluent-api/self/updatestatus +curl -X POST -d 'status: staged' -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $confluent_apikey" https://$confluent_mgr/confluent-api/self/updatestatus diff --git a/confluent_osdeploy/suse15/profiles/hpc/scripts/pre.sh b/confluent_osdeploy/suse15/profiles/hpc/scripts/pre.sh index d6232a09..14e6501d 100644 --- a/confluent_osdeploy/suse15/profiles/hpc/scripts/pre.sh +++ b/confluent_osdeploy/suse15/profiles/hpc/scripts/pre.sh @@ -21,12 +21,12 @@ cat /ssh/*pubkey > ~/.ssh/authorized_keys 2>/dev/null ssh-keygen -A for i in /etc/ssh/ssh_host*key.pub; do certname=${i/.pub/-cert.pub} - curl -f -X POST -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $(cat /etc/confluent/confluent.apikey)" -d @$i https://$mgr/confluent-api/self/sshcert > $certname + curl -f -X POST -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $(cat /etc/confluent/confluent.apikey)" -d @$i https://$confluent_mgr/confluent-api/self/sshcert > $certname echo HostKey ${i%.pub} >> /etc/ssh/sshd_config echo HostCertificate $certname >> /etc/ssh/sshd_config done /usr/sbin/sshd -curl -f https://$mgr/confluent-public/os/$profile/scripts/functions > /tmp/functions +curl -f https://$confluent_mgr/confluent-public/os/$confluent_profile/scripts/functions > /tmp/functions . /tmp/functions ntpcfg="" if grep ^ntpservers: /etc/confluent/confluent.deploycfg > /dev/null; then diff --git a/confluent_osdeploy/suse15/profiles/hpc/scripts/prechroot.sh b/confluent_osdeploy/suse15/profiles/hpc/scripts/prechroot.sh index 2979a9b7..e73de763 100644 --- a/confluent_osdeploy/suse15/profiles/hpc/scripts/prechroot.sh +++ b/confluent_osdeploy/suse15/profiles/hpc/scripts/prechroot.sh @@ -4,8 +4,8 @@ # is still running, with the to-be-booted system mounted in /mnt # carry over deployment configuration and api key for OS install action -mgr=$(grep ^deploy_server /etc/confluent/confluent.deploycfg|awk '{print $2}') -profile=$(grep ^profile: /etc/confluent/confluent.deploycfg|sed -e 's/^profile: //') +confluent_mgr=$(grep ^deploy_server /etc/confluent/confluent.deploycfg|awk '{print $2}') +confluent_profile=$(grep ^profile: /etc/confluent/confluent.deploycfg|sed -e 's/^profile: //') nodename=$(grep ^NODENAME /etc/confluent/confluent.info|awk '{print $2}') export mgr profile nodename mkdir -p /mnt/etc/confluent diff --git a/confluent_osdeploy/suse15/profiles/hpc/scripts/setupssh.sh b/confluent_osdeploy/suse15/profiles/hpc/scripts/setupssh.sh index af585c68..181e225a 100644 --- a/confluent_osdeploy/suse15/profiles/hpc/scripts/setupssh.sh +++ b/confluent_osdeploy/suse15/profiles/hpc/scripts/setupssh.sh @@ -28,7 +28,7 @@ echo /usr/lib/ssh/ssh-keysign root:root 4711 >> /mnt/etc/permissions.local chmod 4711 /mnt/usr/lib/ssh/ssh-keysign # Download list of nodes from confluent, and put it into shosts.equiv (for most users) and .shosts (for root) -curl -f -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $(cat /etc/confluent/confluent.apikey)" https://$mgr/confluent-api/self/nodelist > /tmp/allnodes +curl -f -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $(cat /etc/confluent/confluent.apikey)" https://$confluent_mgr/confluent-api/self/nodelist > /tmp/allnodes cp /tmp/allnodes /mnt/root/.shosts cp /tmp/allnodes /mnt/etc/ssh/shosts.equiv diff --git a/confluent_osdeploy/ubuntu20.04/profiles/default/scripts/firstboot.sh b/confluent_osdeploy/ubuntu20.04/profiles/default/scripts/firstboot.sh index f07ada2c..d23c36f0 100755 --- a/confluent_osdeploy/ubuntu20.04/profiles/default/scripts/firstboot.sh +++ b/confluent_osdeploy/ubuntu20.04/profiles/default/scripts/firstboot.sh @@ -7,12 +7,12 @@ if [ ! -z "$rootpw" -a "$rootpw" != "null" ]; then echo root:$rootpw | chpasswd -e fi nodename=$(grep ^NODENAME: /etc/confluent/confluent.info | awk '{print $2}') -apikey=$(cat /etc/confluent/confluent.apikey) -mgr=$(grep ^deploy_server: /etc/confluent/confluent.deploycfg |awk '{print $2}') +confluent_apikey=$(cat /etc/confluent/confluent.apikey) +confluent_mgr=$(grep ^deploy_server: /etc/confluent/confluent.deploycfg |awk '{print $2}') hostnamectl set-hostname $(grep ^NODENAME: /etc/confluent/confluent.info | awk '{print $2}') touch /etc/cloud/cloud-init.disabled source /etc/confluent/functions -run_remote_parts firstboot -run_remote_config firstboot -curl --capath /etc/confluent/tls -f -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $apikey" -X POST -d "status: complete" https://$mgr/confluent-api/self/updatestatus +run_remote_parts firstboot.d +run_remote_config firstboot.d +curl --capath /etc/confluent/tls -f -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $confluent_apikey" -X POST -d "status: complete" https://$confluent_mgr/confluent-api/self/updatestatus diff --git a/confluent_osdeploy/ubuntu20.04/profiles/default/scripts/functions b/confluent_osdeploy/ubuntu20.04/profiles/default/scripts/functions index bd6445f5..00985e21 100644 --- a/confluent_osdeploy/ubuntu20.04/profiles/default/scripts/functions +++ b/confluent_osdeploy/ubuntu20.04/profiles/default/scripts/functions @@ -1,9 +1,9 @@ function set_confluent_vars() { - if [ -z "$mgr" ]; then - mgr=$(grep ^deploy_server: /etc/confluent/confluent.deploycfg | sed -e 's/[^ ]*: //') + if [ -z "$confluent_mgr" ]; then + confluent_mgr=$(grep ^deploy_server: /etc/confluent/confluent.deploycfg | sed -e 's/[^ ]*: //') fi - if [ -z "$profile" ]; then - profile=$(grep ^profile: /etc/confluent/confluent.deploycfg | sed -e 's/[^ ]*: //') + if [ -z "$confluent_profile" ]; then + confluent_profile=$(grep ^profile: /etc/confluent/confluent.deploycfg | sed -e 's/[^ ]*: //') fi } @@ -13,14 +13,14 @@ fetch_remote() { fi set_confluent_vars mkdir -p $(dirname $1) - curl -f -sS $curlargs https://$mgr/confluent-public/os/$profile/scripts/$1 > $1 + curl -f -sS $curlargs https://$confluent_mgr/confluent-public/os/$confluent_profile/scripts/$1 > $1 if [ $? != 0 ]; then echo $1 failed to download; return 1; fi } run_remote_parts() { scriptlist=$(python3 /etc/confluent/apiclient /confluent-api/self/scriptlist/$1|sed -e 's/^- //') for script in $scriptlist; do - run_remote $1.d/$script + run_remote $1/$script done } @@ -33,12 +33,12 @@ run_remote() { set_confluent_vars echo echo '---------------------------------------------------------------------------' - echo Running $requestedcmd from https://$mgr/confluent-public/os/$profile/scripts/ + echo Running $requestedcmd from https://$confluent_mgr/confluent-public/os/$confluent_profile/scripts/ tmpdir=$(mktemp -d) echo Executing in $tmpdir cd $tmpdir mkdir -p $(dirname $1) - curl -f -sS $curlargs https://$mgr/confluent-public/os/$profile/scripts/$1 > $1 + curl -f -sS $curlargs https://$confluent_mgr/confluent-public/os/$confluent_profile/scripts/$1 > $1 if [ $? != 0 ]; then echo $requestedcmd failed to download; return 1; fi chmod +x $1 cmd=$1 @@ -60,12 +60,12 @@ run_remote_python() { curlargs=" --cacert /etc/confluent/ca.pem" fi echo '---------------------------------------------------------------------------' - echo Running python script "'$*'" from https://$mgr/confluent-public/os/$profile/scripts/ + echo Running python script "'$*'" from https://$confluent_mgr/confluent-public/os/$confluent_profile/scripts/ tmpdir=$(mktemp -d) echo Executing in $tmpdir cd $tmpdir mkdir -p $(dirname $1) - curl -f -sS $curlargs https://$mgr/confluent-public/os/$profile/scripts/$1 > $1 + curl -f -sS $curlargs https://$confluent_mgr/confluent-public/os/$confluent_profile/scripts/$1 > $1 if [ $? != 0 ]; then echo "'$*'" failed to download; return 1; fi python3 $* retcode=$? @@ -82,7 +82,7 @@ run_remote_config() { apiclient=/etc/confluent/apiclient fi echo '---------------------------------------------------------------------------' - echo Requesting to run remote configuration for "'$*'" from $mgr under profile $profile + echo Requesting to run remote configuration for "'$*'" from $confluent_mgr under profile $confluent_profile python3 $apiclient /confluent-api/self/remoteconfig/"$*" -d {} python3 $apiclient /confluent-api/self/remoteconfig/status -w 204 echo diff --git a/confluent_osdeploy/ubuntu20.04/profiles/default/scripts/post.sh b/confluent_osdeploy/ubuntu20.04/profiles/default/scripts/post.sh index fe705538..64dee5f7 100755 --- a/confluent_osdeploy/ubuntu20.04/profiles/default/scripts/post.sh +++ b/confluent_osdeploy/ubuntu20.04/profiles/default/scripts/post.sh @@ -20,8 +20,8 @@ echo ' HostbasedAuthentication yes' >> $sshconf echo ' EnableSSHKeysign yes' >> $sshconf echo ' HostbasedKeyTypes *ed25519*' >> $sshconf -curl -f https://$mgr/confluent-public/os/$profile/scripts/firstboot.sh > /target/etc/confluent/firstboot.sh -curl -f https://$mgr/confluent-public/os/$profile/scripts/functions > /target/etc/confluent/functions +curl -f https://$confluent_mgr/confluent-public/os/$confluent_profile/scripts/firstboot.sh > /target/etc/confluent/firstboot.sh +curl -f https://$confluent_mgr/confluent-public/os/$confluent_profile/scripts/functions > /target/etc/confluent/functions source /target/etc/confluent/functions chmod +x /target/etc/confluent/firstboot.sh cp /tmp/allnodes /target/root/.shosts @@ -42,7 +42,7 @@ if [ "$textcons" = "true" ] && ! grep console= /proc/cmdline > /dev/null; then updategrub=1 fi fi -kargs=$(curl https://$mgr/confluent-public/os/$profile/profile.yaml | grep ^installedargs: | sed -e 's/#.*//') +kargs=$(curl https://$confluent_mgr/confluent-public/os/$confluent_profile/profile.yaml | grep ^installedargs: | sed -e 's/#.*//') if [ ! -z "$kargs" ]; then sed -i 's/GRUB_CMDLINE_LINUX="\([^"]*\)"/GRUB_CMDLINE_LINUX="\1 '"${kargs}"'"/' /target/etc/default/grub fi @@ -66,7 +66,7 @@ kill -HUP $(cat /run/sshd.pid) cat /target/etc/confluent/tls/*.pem > /target/etc/confluent/ca.pem cat /target/etc/confluent/tls/*.pem > /etc/confluent/ca.pem chroot /target bash -c "source /etc/confluent/functions; run_remote_python syncfileclient" -chroot /target bash -c "source /etc/confluent/functions; run_remote_parts post" +chroot /target bash -c "source /etc/confluent/functions; run_remote_parts post.d" source /target/etc/confluent/functions run_remote_config post diff --git a/confluent_osdeploy/ubuntu20.04/profiles/default/scripts/pre.sh b/confluent_osdeploy/ubuntu20.04/profiles/default/scripts/pre.sh index 49b86651..ddfe598b 100755 --- a/confluent_osdeploy/ubuntu20.04/profiles/default/scripts/pre.sh +++ b/confluent_osdeploy/ubuntu20.04/profiles/default/scripts/pre.sh @@ -15,7 +15,7 @@ apikey=$(cat /custom-installation/confluent/confluent.apikey) for pubkey in /etc/ssh/ssh_host*key.pub; do certfile=${pubkey/.pub/-cert.pub} keyfile=${pubkey%.pub} - curl -f -X POST -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $apikey" -d @$pubkey https://$mgr/confluent-api/self/sshcert > $certfile + curl -f -X POST -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $apikey" -d @$pubkey https://$confluent_mgr/confluent-api/self/sshcert > $certfile echo HostKey $keyfile >> /etc/ssh/sshd_config.d/confluent.conf echo HostCertificate $certfile >> /etc/ssh/sshd_config.d/confluent.conf done @@ -23,7 +23,7 @@ echo HostbasedAuthentication yes >> /etc/ssh/sshd_config.d/confluent.conf echo HostbasedUsesNameFromPacketOnly yes >> /etc/ssh/sshd_config.d/confluent.conf echo IgnoreRhosts no >> /etc/ssh/sshd_config.d/confluent.conf systemctl restart sshd -curl -f -X POST -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $apikey" https://$mgr/confluent-api/self/nodelist > /tmp/allnodes -curl -f https://$mgr/confluent-public/os/$profile/scripts/getinstalldisk > /custom-installation/getinstalldisk +curl -f -X POST -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $apikey" https://$confluent_mgr/confluent-api/self/nodelist > /tmp/allnodes +curl -f https://$confluent_mgr/confluent-public/os/$confluent_profile/scripts/getinstalldisk > /custom-installation/getinstalldisk python3 /custom-installation/getinstalldisk sed -i s!%%INSTALLDISK%%!/dev/$(cat /tmp/installdisk)! /autoinstall.yaml diff --git a/confluent_server/confluent/selfservice.py b/confluent_server/confluent/selfservice.py index e99826a4..7d064e33 100644 --- a/confluent_server/confluent/selfservice.py +++ b/confluent_server/confluent/selfservice.py @@ -269,7 +269,7 @@ def handle_request(env, start_response): scriptcat = env['PATH_INFO'].replace('/self/remoteconfig/', '') slist, profile = get_scriptlist( scriptcat, cfg, nodename, - '/var/lib/confluent/public/os/{0}/ansible/{1}.d/') + '/var/lib/confluent/public/os/{0}/ansible/{1}') playlist = [] dirname = '/var/lib/confluent/public/os/{0}/ansible/{1}.d/'.format( profile, scriptcat) @@ -311,7 +311,7 @@ def handle_request(env, start_response): scriptcat = env['PATH_INFO'].replace('/self/scriptlist/', '') slist, _ = get_scriptlist( scriptcat, cfg, nodename, - '/var/lib/confluent/public/os/{0}/scripts/{1}.d/') + '/var/lib/confluent/public/os/{0}/scripts/{1}') if slist: start_response('200 OK', (('Content-Type', 'application/yaml'),)) yield yaml.safe_dump(util.natural_sort(slist), default_flow_style=False) @@ -337,8 +337,11 @@ def get_scriptlist(scriptcat, cfg, nodename, pathtemplate): profile = deployinfo.get( 'deployment.profile', {}).get('value', '') slist = [] + target = pathtemplate.format(profile, scriptcat) + if not os.path.isdir(target) and os.path.isdir(target + '.d'): + target = target + '.d' try: - slist = os.listdir(pathtemplate.format(profile, scriptcat)) + slist = os.listdir(target) except OSError: pass return slist, profile