diff --git a/confluent_osdeploy/el8/profiles/default/scripts/functions b/confluent_osdeploy/el8/profiles/default/scripts/functions new file mode 100644 index 00000000..c280de30 --- /dev/null +++ b/confluent_osdeploy/el8/profiles/default/scripts/functions @@ -0,0 +1,14 @@ +run_remote() { + cd $(mktemp -d) + curl -f https://$mgr/confluent-public/os/$profile/scripts/$1 > $1 + chmod +x $1 + ./$1 + cd - +} + +run_remote_python { + cd $(mktemp -d) + curl -f https://$mgr/confluent-public/os/$profile/scripts/$1 > $1 + /usr/libexec/platform-python $1 + cd - +} diff --git a/confluent_osdeploy/el8/profiles/default/scripts/post.sh b/confluent_osdeploy/el8/profiles/default/scripts/post.sh new file mode 100644 index 00000000..80a6cd5e --- /dev/null +++ b/confluent_osdeploy/el8/profiles/default/scripts/post.sh @@ -0,0 +1,19 @@ +#!/bin/sh +# need to copy over ssh key info +nodename=$(grep ^NODENAME /etc/confluent/confluent.info|awk '{print $2}') +export mgr profile nodename +. /etc/confluent/functions + +# This script will execute in the installed system, but using the installer kernel prior to reboot. +# This is an appropriate place to run post install activities that do not require the actual installed +# kernel to run. For example adding drivers that would be needed for first boot to run cleanly. +# If, for example, there is a post script that has a dependency on a driver or filesystem that +# cannot work until booting into the installer, use firstboot.sh instead + +# run_remote will download and execute from /var/lib/confluent/public//scripts/ directory +# run_remote_python will use the appropriate python interpreter path to run the specified script + +# Add content as below: + +# run_remote example.sh +# run_remote_python example.py diff --git a/confluent_osdeploy/el8/profiles/default/scripts/setupssh.sh b/confluent_osdeploy/el8/profiles/default/scripts/setupssh.sh new file mode 100644 index 00000000..92689c1c --- /dev/null +++ b/confluent_osdeploy/el8/profiles/default/scripts/setupssh.sh @@ -0,0 +1,23 @@ +#!/bin/sh +grep HostCert /etc/ssh/sshd_config.anaconda >> /mnt/sysimage/etc/ssh/sshd_config +echo HostbasedAuthentication yes >> /mnt/sysimage/etc/ssh/sshd_config +echo HostbasedUsesNameFromPacketOnly yes >> /mnt/sysimage/etc/ssh/sshd_config +echo IgnoreRhosts no >> /mnt/sysimage/etc/ssh/sshd_config +sshconf=/etc/ssh/ssh_config +if [ -d /mnt/sysimage/etc/ssh/ssh_config.d/ ]; then + sshconf=/mnt/sysimage/etc/ssh/ssh_config.d/01-confluent.conf +fi +echo 'Host *' >> $sshconf +echo ' HostbasedAuthentication yes' >> $sshconf +echo ' EnableSSHKeysign yes' >> $sshconf +echo ' HostbasedKeyTypes *ed25519*' >> $sshconf + +cp /etc/ssh/ssh_host_* /mnt/sysimage/etc/ssh/ +mkdir /mnt/sysimage/root/.ssh/ +chmod 700 /mnt/sysimage/root/.ssh/ +cp /root/.ssh/authorized_keys /mnt/sysimage/root/.ssh/ +chmod 600 /mnt/sysimage/root/.ssh/authorized_keys +cp /etc/ssh/ssh_known_hosts /mnt/sysimage/etc/ssh/ +curl -f -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $(cat /etc/confluent.apikey)" https://$mgr/confluent-api/self/nodelist > /tmp/allnodes +cp /tmp/allnodes /mnt/sysimage/etc/ssh/shosts.equiv +cp /tmp/allnodes /mnt/sysimage/root/.shosts