Draft work on ESXi identity image deployment

Prepare for routed deployment of ESXi
2024-11-22 01:22:00 +00:00 · 2022-07-25 17:05:30 -04:00 · 2022-07-25 17:05:30 -04:00 · e8d2f550b8
commit e8d2f550b8
parent 9fe156601b
2 changed files with 60 additions and 3 deletions
--- a/confluent_osdeploy/common/initramfs/opt/confluent/bin/apiclient
+++ b/confluent_osdeploy/common/initramfs/opt/confluent/bin/apiclient
@ -222,7 +222,8 @@ def get_apikey(nodename, hosts, errout=None):
    return apikey

 class HTTPSClient(client.HTTPConnection, object):
-    def __init__(self, usejson=False, port=443, host=None, errout=None):
+    def __init__(self, usejson=False, port=443, host=None, errout=None, phmac=None):
+        self.phmac = phmac
        self.errout = None
        if errout:
            self.errout = open(errout, 'w')
@ -269,7 +270,11 @@ class HTTPSClient(client.HTTPConnection, object):
                for line in info:
                    if line.startswith('deploy_server: ') or line.startswith('deploy_server_v6: '):
                        self.hosts.append(line.split(': ', 1)[1])
-        self.stdheaders['CONFLUENT_APIKEY'] = get_apikey(node, self.hosts, errout=self.errout)
+        if self.phmac:
+            with open(phmac, 'r') as hmacin:
+                self.stdheaders['CONFLUENT_CRYPTHMAC'] = hmacin.read()
+        else:
+            self.stdheaders['CONFLUENT_APIKEY'] = get_apikey(node, self.hosts, errout=self.errout)
        if mgtiface:
            self.stdheaders['CONFLUENT_MGTIFACE'] = mgtiface
        self.port = port
@ -406,6 +411,12 @@ if __name__ == '__main__':
        errout = sys.argv.pop(errout)
    except ValueError:
        errout = None
+    try:
+        phmac = sys.argv.index('-p')
+        sys.argv.pop(phmac)
+        phmac = sys.argv.pop(phmac)
+    except ValueError:
+        phmac = None
    if len(sys.argv) > 2 and os.path.exists(sys.argv[-1]):
        data = open(sys.argv[-1]).read()
    if outbin:
@ -424,4 +435,4 @@ if __name__ == '__main__':
            status, rsp = client.grab_url_with_status(sys.argv[1], data)
            sys.stdout.write(rsp.decode())
    else:
-        sys.stdout.write(HTTPSClient(usejson, errout=errout).grab_url(sys.argv[1], data).decode())
+        sys.stdout.write(HTTPSClient(usejson, errout=errout).grab_url(sys.argv[1], data, phmac=phmac).decode())
--- a/confluent_osdeploy/esxi7/initramfs/bin/dcuiweasel
+++ b/confluent_osdeploy/esxi7/initramfs/bin/dcuiweasel
@ -9,6 +9,52 @@ localcli network firewall unload
 touch /etc/confluent/confluent.info
 begin=$(date +%s)
 localcli system secpolicy domain set -n appDom -l disabled
+personality=''
+for maydev in /dev/disks/mpx.vmhba*; do 
+    if mdir -i $usb |grep CNFLNT_IDNT > /dev/null; then
+	personality=$usb
+	break
+    fi
+done
+if [ ! -z "$personality" ]; then
+    mkdir -p /tmp/confluentident
+    mcopy -i $personality ::* /tmp/confluentident/
+fi
+if [ -e /tmp/confluentident/cnflnt.yml ]; then
+    cat /tls/*.pem >> /etc/confluent/ca.pem
+    deploysrvs=$(sed -n '/^deploy_servers:/,/^[^-]/p' /tmp/confluentident/cnflnt.yml |grep ^-|sed -e 's/^- //'|grep -v :)
+    nodename=$(grep ^nodename: /tmp/confluentident/cnflnt.yml|sed -e 's/nodename: //')
+    echo 'NODENAME: '$nodename > /etc/confluent/confluent.info
+    for deploysrv in $deploysrvs; do
+        echo 'MANAGER: '$deploysrv >> /etc/confluent/confluent.info
+    done
+    tcfg=$(mktemp)
+    sed -n '/^net_cfgs:/,/^[^- ]/{/^[^- ]/!p}' /tmp/confluentident/cnflnt.yml |sed -n '/^-/,/^-/{/^-/!p}'| sed -e 's/^[- ]*//'> $tcfg
+    autoconfigmethod=$(grep ^ipv4_method: $tcfg)
+    autoconfigmethod=${autoconfigmethod#ipv4_method: }
+    if [ "$autoconfigmethod" = "static" ]; then
+        v4addr=$(grep ^ipv4_address: $tcfg)
+        v4addr=${v4addr#ipv4_address: }
+        v4gw=$(grep ^ipv4_gateway: $tcfg)
+        v4gw=${v4gw#ipv4_gateway: }
+        if [ "$v4gw" = "null" ]; then
+            v4gw=""
+        fi
+        v4nm=$(grep ipv4_netmask: $tcfg)
+        v4nm=${v4nm#ipv4_netmask: }
+        localcli network ip interface ipv4 set -i vmk0 -I $v4addr -N $v4nm -g $v4gw -t static
+        localcli network ip route ipv4 add -n default -g $v4gw
+    fi
+    hmackeyfile=$(mktemp)
+    echo -n $(grep ^apitoken: cnflnt.yml|awk '{print $2}') > $hmackeyfile
+    cd -
+    passfile=$(mktemp)
+    passcrypt=$(mktemp)
+    hmacfile=$(mktemp)
+    ln -s /opt/confluent/bin/clortho /opt/confluent/bin/genpasshmac
+    /opt/confluent/bin/genpasshmac $passfile $passcrypt $hmacfile $hmackeyfile
+
+fi
 while ! grep NODENAME /etc/confluent/confluent.info; do
    echo "Searching for deployment service on local network..."
    /opt/confluent/bin/copernicus > /etc/confluent/confluent.info