From da44738e00ea1add4922e60f7b3ff33a856fe230 Mon Sep 17 00:00:00 2001 From: Jarrod Johnson Date: Thu, 15 Jul 2021 17:30:50 -0400 Subject: [PATCH] Generalize more of an OS on capture /etc/fstab, hostname, and networnk-scripts are masked for the image. --- .../profiles/default/scripts/imageboot.sh | 2 +- imgutil/imgutil | 48 ++++++++++++------- 2 files changed, 33 insertions(+), 17 deletions(-) diff --git a/confluent_osdeploy/el8-diskless/profiles/default/scripts/imageboot.sh b/confluent_osdeploy/el8-diskless/profiles/default/scripts/imageboot.sh index 76301cc0..2fa51546 100644 --- a/confluent_osdeploy/el8-diskless/profiles/default/scripts/imageboot.sh +++ b/confluent_osdeploy/el8-diskless/profiles/default/scripts/imageboot.sh @@ -10,7 +10,7 @@ fi /opt/confluent/bin/confluent_imginfo /mnt/remoteimg/rootimg.sfs > /tmp/rootimg.info if grep '^Format: squashfs' /tmp/rootimg.info > /dev/null; then mount -o loop,ro /mnt/remoteimg/*.sfs /mnt/remote -elif grep '^Format: confluent_multisqaush' /tmp/rootimg.info; then +elif grep '^Format: confluent_multisquash' /tmp/rootimg.info; then loopdev=$(losetup -f) losetup -r $loopdev /mnt/remoteimg/rootimg.sfs tail -n +3 /tmp/rootimg.info | awk '{print 0 " " $4 " '$loopdev' " $3 " " $7}' diff --git a/imgutil/imgutil b/imgutil/imgutil index 8903a5f6..f0d839ee 100644 --- a/imgutil/imgutil +++ b/imgutil/imgutil @@ -66,6 +66,10 @@ def sanitize_shadow(shadowfile): newshadow += ':'.join(passent) + '\n' return newshadow +def mask_file(filename, maskwith='/run/imgutil/captmp/empty'): + if os.path.exists(filename): + _mount_file(maskwith, filename) + def capture_fs(args): fsinfo, fname = args _mount(fsinfo['mount'], '/run/imgutil/capin', flags=MS_BIND|MS_RDONLY) @@ -75,20 +79,18 @@ def capture_fs(args): elif fsinfo['mount'] == '/': targdir = '/run/imgutil/capin/etc' if targdir is not None: - if os.path.exists(os.path.join(targdir, 'shadow')): - _mount_file('/run/imgutil/captmp/shadow', os.path.join(targdir, 'shadow')) - if os.path.exists(os.path.join(targdir, 'gshadow')): - _mount_file('/run/imgutil/captmp/gshadow', os.path.join(targdir, 'gshadow')) - if os.path.exists(os.path.join(targdir, 'shadow-')): - _mount_file('/run/imgutil/captmp/empty', os.path.join(targdir, 'shadow-')) - if os.path.exists(os.path.join(targdir, 'gshadow-')): - _mount_file('/run/imgutil/captmp/empty', os.path.join(targdir, 'gshadow-')) - for sshkey in glob.glob(os.path.join(targdir, 'ssh/*key')): - _mount_file('/run/imgutil/captmp/empty', sshkey) - for sshkey in glob.glob(os.path.join(targdir, 'pki/tls/private/*')): - _mount_file('/run/imgutil/captmp/empty', sshkey) - if os.path.exists(os.path.join(targdir, 'confluent')): - _mount('none', os.path.join(targdir, 'confluent'), 'tmpfs') + mask_file(os.path.join(targdir, 'shadow'), '/run/imgutil/captmp/shadow') + mask_file(os.path.join(targdir, 'gshadow'), '/run/imgutil/captmp/gshadow') + mask_file(os.path.join(targdir, 'fstab'), '/run/imgutil/captmp/fstab') + mask_file(os.path.join(targdir, 'shadow-')) + mask_file(os.path.join(targdir, 'gshadow-')) + mask_file(os.path.join(targdir, 'hostname')) + for tname in glob.glob(os.path.join(targdir, 'ssh/*key')): + _mount_file('/run/imgutil/captmp/empty', tname) + for tname in glob.glob(os.path.join(targdir, 'pki/tls/private/*')): + _mount_file('/run/imgutil/captmp/empty', tname) + if os.path.exists(os.path.join(targdir, 'sysconfig/network-scripts')): + _mount('none', os.path.join(targdir, 'sysconfig/network-scripts'), 'tmpfs') subprocess.check_call(['mksquashfs', '/run/imgutil/capin', fname + '.sfs', '-comp', 'xz']) def capture_system(): @@ -96,12 +98,27 @@ def capture_system(): _mount('none', '/run/imgutil/capout', 'tmpfs') run_constrained(capture_system_back, None) +def generalize_fstab(): + with open('/etc/fstab') as tabfile: + fstab = tabfile.read().split('\n') + newtab = '' + for tab in fstab: + tabent = tab.split('#', 1)[0] + tabent = tabent.split() + if len(tabent) >= 3 and tabent[2] in ('ext3', 'ext4', 'xfs', 'btrfs', 'vfat', 'swap'): + newtab += tab.replace(tabent[0], '#ORIGFSTAB#' + tabent[0] + '#', 1) + '\n' + else: + newtab += tab + '\n' + with open('/run/imgutil/captmp/fstab', 'w') as newtabout: + newtabout.write(newtab) + def capture_system_back(args): newshadow = sanitize_shadow('/etc/shadow') newgshadow = sanitize_shadow('/etc/gshadow') mkdirp('/run/imgutil/capin') mkdirp('/run/imgutil/captmp') _mount('none', '/run/imgutil/captmp', 'tmpfs') + generalize_fstab() with open('/run/imgutil/captmp/shadow', 'w') as shadowout: shadowout.write(newshadow) with open('/run/imgutil/captmp/gshadow', 'w') as shadowout: @@ -109,7 +126,7 @@ def capture_system_back(args): with open('/run/imgutil/captmp/empty', 'w') as shadowout: pass i = 0 - with open('/run/imgutil/capout/final.img', 'wb') as outimg: + with open('/run/imgutil/capout/rootimg.sfs', 'wb') as outimg: # Signature outimg.write(b'\x63\x7b\x9d\x26\xb7\xfd\x48\x30\x89\xf9\x11\xcf\x18\xfd\xff\xa1CONFLUENT_IMAGE') for fs in get_partition_info(): @@ -154,7 +171,6 @@ def capture_system_back(args): outimg.write(b'\x00' * pad) - def create_yumconf(sourcedir): repodir = tempfile.mkdtemp(prefix='genimage-yumrepos.d-') yumconf = open(os.path.join(repodir, 'repos.repo'), 'w+')