From e8d2f550b8cc29c1a6c824c977f8b45a44116b1e Mon Sep 17 00:00:00 2001
From: Jarrod Johnson <jjohnson2@lenovo.com>
Date: Mon, 25 Jul 2022 17:05:30 -0400
Subject: [PATCH] Draft work on ESXi identity image deployment

Prepare for routed deployment of ESXi
---
 .../initramfs/opt/confluent/bin/apiclient     | 17 +++++--
 .../esxi7/initramfs/bin/dcuiweasel            | 46 +++++++++++++++++++
 2 files changed, 60 insertions(+), 3 deletions(-)

diff --git a/confluent_osdeploy/common/initramfs/opt/confluent/bin/apiclient b/confluent_osdeploy/common/initramfs/opt/confluent/bin/apiclient
index c0a851e5..72581207 100644
--- a/confluent_osdeploy/common/initramfs/opt/confluent/bin/apiclient
+++ b/confluent_osdeploy/common/initramfs/opt/confluent/bin/apiclient
@@ -222,7 +222,8 @@ def get_apikey(nodename, hosts, errout=None):
     return apikey
 
 class HTTPSClient(client.HTTPConnection, object):
-    def __init__(self, usejson=False, port=443, host=None, errout=None):
+    def __init__(self, usejson=False, port=443, host=None, errout=None, phmac=None):
+        self.phmac = phmac
         self.errout = None
         if errout:
             self.errout = open(errout, 'w')
@@ -269,7 +270,11 @@ class HTTPSClient(client.HTTPConnection, object):
                 for line in info:
                     if line.startswith('deploy_server: ') or line.startswith('deploy_server_v6: '):
                         self.hosts.append(line.split(': ', 1)[1])
-        self.stdheaders['CONFLUENT_APIKEY'] = get_apikey(node, self.hosts, errout=self.errout)
+        if self.phmac:
+            with open(phmac, 'r') as hmacin:
+                self.stdheaders['CONFLUENT_CRYPTHMAC'] = hmacin.read()
+        else:
+            self.stdheaders['CONFLUENT_APIKEY'] = get_apikey(node, self.hosts, errout=self.errout)
         if mgtiface:
             self.stdheaders['CONFLUENT_MGTIFACE'] = mgtiface
         self.port = port
@@ -406,6 +411,12 @@ if __name__ == '__main__':
         errout = sys.argv.pop(errout)
     except ValueError:
         errout = None
+    try:
+        phmac = sys.argv.index('-p')
+        sys.argv.pop(phmac)
+        phmac = sys.argv.pop(phmac)
+    except ValueError:
+        phmac = None
     if len(sys.argv) > 2 and os.path.exists(sys.argv[-1]):
         data = open(sys.argv[-1]).read()
     if outbin:
@@ -424,4 +435,4 @@ if __name__ == '__main__':
             status, rsp = client.grab_url_with_status(sys.argv[1], data)
             sys.stdout.write(rsp.decode())
     else:
-        sys.stdout.write(HTTPSClient(usejson, errout=errout).grab_url(sys.argv[1], data).decode())
+        sys.stdout.write(HTTPSClient(usejson, errout=errout).grab_url(sys.argv[1], data, phmac=phmac).decode())
diff --git a/confluent_osdeploy/esxi7/initramfs/bin/dcuiweasel b/confluent_osdeploy/esxi7/initramfs/bin/dcuiweasel
index ca3b124b..3f3facee 100644
--- a/confluent_osdeploy/esxi7/initramfs/bin/dcuiweasel
+++ b/confluent_osdeploy/esxi7/initramfs/bin/dcuiweasel
@@ -9,6 +9,52 @@ localcli network firewall unload
 touch /etc/confluent/confluent.info
 begin=$(date +%s)
 localcli system secpolicy domain set -n appDom -l disabled
+personality=''
+for maydev in /dev/disks/mpx.vmhba*; do 
+    if mdir -i $usb |grep CNFLNT_IDNT > /dev/null; then
+	personality=$usb
+	break
+    fi
+done
+if [ ! -z "$personality" ]; then
+    mkdir -p /tmp/confluentident
+    mcopy -i $personality ::* /tmp/confluentident/
+fi
+if [ -e /tmp/confluentident/cnflnt.yml ]; then
+    cat /tls/*.pem >> /etc/confluent/ca.pem
+    deploysrvs=$(sed -n '/^deploy_servers:/,/^[^-]/p' /tmp/confluentident/cnflnt.yml |grep ^-|sed -e 's/^- //'|grep -v :)
+    nodename=$(grep ^nodename: /tmp/confluentident/cnflnt.yml|sed -e 's/nodename: //')
+    echo 'NODENAME: '$nodename > /etc/confluent/confluent.info
+    for deploysrv in $deploysrvs; do
+        echo 'MANAGER: '$deploysrv >> /etc/confluent/confluent.info
+    done
+    tcfg=$(mktemp)
+    sed -n '/^net_cfgs:/,/^[^- ]/{/^[^- ]/!p}' /tmp/confluentident/cnflnt.yml |sed -n '/^-/,/^-/{/^-/!p}'| sed -e 's/^[- ]*//'> $tcfg
+    autoconfigmethod=$(grep ^ipv4_method: $tcfg)
+    autoconfigmethod=${autoconfigmethod#ipv4_method: }
+    if [ "$autoconfigmethod" = "static" ]; then
+        v4addr=$(grep ^ipv4_address: $tcfg)
+        v4addr=${v4addr#ipv4_address: }
+        v4gw=$(grep ^ipv4_gateway: $tcfg)
+        v4gw=${v4gw#ipv4_gateway: }
+        if [ "$v4gw" = "null" ]; then
+            v4gw=""
+        fi
+        v4nm=$(grep ipv4_netmask: $tcfg)
+        v4nm=${v4nm#ipv4_netmask: }
+        localcli network ip interface ipv4 set -i vmk0 -I $v4addr -N $v4nm -g $v4gw -t static
+        localcli network ip route ipv4 add -n default -g $v4gw
+    fi
+    hmackeyfile=$(mktemp)
+    echo -n $(grep ^apitoken: cnflnt.yml|awk '{print $2}') > $hmackeyfile
+    cd -
+    passfile=$(mktemp)
+    passcrypt=$(mktemp)
+    hmacfile=$(mktemp)
+    ln -s /opt/confluent/bin/clortho /opt/confluent/bin/genpasshmac
+    /opt/confluent/bin/genpasshmac $passfile $passcrypt $hmacfile $hmackeyfile
+
+fi
 while ! grep NODENAME /etc/confluent/confluent.info; do
     echo "Searching for deployment service on local network..."
     /opt/confluent/bin/copernicus > /etc/confluent/confluent.info