mirror of
https://github.com/xcat2/confluent.git
synced 2025-10-23 23:45:40 +00:00
Draft work on ESXi identity image deployment
Prepare for routed deployment of ESXi
This commit is contained in:
@@ -222,7 +222,8 @@ def get_apikey(nodename, hosts, errout=None):
|
||||
return apikey
|
||||
|
||||
class HTTPSClient(client.HTTPConnection, object):
|
||||
def __init__(self, usejson=False, port=443, host=None, errout=None):
|
||||
def __init__(self, usejson=False, port=443, host=None, errout=None, phmac=None):
|
||||
self.phmac = phmac
|
||||
self.errout = None
|
||||
if errout:
|
||||
self.errout = open(errout, 'w')
|
||||
@@ -269,7 +270,11 @@ class HTTPSClient(client.HTTPConnection, object):
|
||||
for line in info:
|
||||
if line.startswith('deploy_server: ') or line.startswith('deploy_server_v6: '):
|
||||
self.hosts.append(line.split(': ', 1)[1])
|
||||
self.stdheaders['CONFLUENT_APIKEY'] = get_apikey(node, self.hosts, errout=self.errout)
|
||||
if self.phmac:
|
||||
with open(phmac, 'r') as hmacin:
|
||||
self.stdheaders['CONFLUENT_CRYPTHMAC'] = hmacin.read()
|
||||
else:
|
||||
self.stdheaders['CONFLUENT_APIKEY'] = get_apikey(node, self.hosts, errout=self.errout)
|
||||
if mgtiface:
|
||||
self.stdheaders['CONFLUENT_MGTIFACE'] = mgtiface
|
||||
self.port = port
|
||||
@@ -406,6 +411,12 @@ if __name__ == '__main__':
|
||||
errout = sys.argv.pop(errout)
|
||||
except ValueError:
|
||||
errout = None
|
||||
try:
|
||||
phmac = sys.argv.index('-p')
|
||||
sys.argv.pop(phmac)
|
||||
phmac = sys.argv.pop(phmac)
|
||||
except ValueError:
|
||||
phmac = None
|
||||
if len(sys.argv) > 2 and os.path.exists(sys.argv[-1]):
|
||||
data = open(sys.argv[-1]).read()
|
||||
if outbin:
|
||||
@@ -424,4 +435,4 @@ if __name__ == '__main__':
|
||||
status, rsp = client.grab_url_with_status(sys.argv[1], data)
|
||||
sys.stdout.write(rsp.decode())
|
||||
else:
|
||||
sys.stdout.write(HTTPSClient(usejson, errout=errout).grab_url(sys.argv[1], data).decode())
|
||||
sys.stdout.write(HTTPSClient(usejson, errout=errout).grab_url(sys.argv[1], data, phmac=phmac).decode())
|
||||
|
@@ -9,6 +9,52 @@ localcli network firewall unload
|
||||
touch /etc/confluent/confluent.info
|
||||
begin=$(date +%s)
|
||||
localcli system secpolicy domain set -n appDom -l disabled
|
||||
personality=''
|
||||
for maydev in /dev/disks/mpx.vmhba*; do
|
||||
if mdir -i $usb |grep CNFLNT_IDNT > /dev/null; then
|
||||
personality=$usb
|
||||
break
|
||||
fi
|
||||
done
|
||||
if [ ! -z "$personality" ]; then
|
||||
mkdir -p /tmp/confluentident
|
||||
mcopy -i $personality ::* /tmp/confluentident/
|
||||
fi
|
||||
if [ -e /tmp/confluentident/cnflnt.yml ]; then
|
||||
cat /tls/*.pem >> /etc/confluent/ca.pem
|
||||
deploysrvs=$(sed -n '/^deploy_servers:/,/^[^-]/p' /tmp/confluentident/cnflnt.yml |grep ^-|sed -e 's/^- //'|grep -v :)
|
||||
nodename=$(grep ^nodename: /tmp/confluentident/cnflnt.yml|sed -e 's/nodename: //')
|
||||
echo 'NODENAME: '$nodename > /etc/confluent/confluent.info
|
||||
for deploysrv in $deploysrvs; do
|
||||
echo 'MANAGER: '$deploysrv >> /etc/confluent/confluent.info
|
||||
done
|
||||
tcfg=$(mktemp)
|
||||
sed -n '/^net_cfgs:/,/^[^- ]/{/^[^- ]/!p}' /tmp/confluentident/cnflnt.yml |sed -n '/^-/,/^-/{/^-/!p}'| sed -e 's/^[- ]*//'> $tcfg
|
||||
autoconfigmethod=$(grep ^ipv4_method: $tcfg)
|
||||
autoconfigmethod=${autoconfigmethod#ipv4_method: }
|
||||
if [ "$autoconfigmethod" = "static" ]; then
|
||||
v4addr=$(grep ^ipv4_address: $tcfg)
|
||||
v4addr=${v4addr#ipv4_address: }
|
||||
v4gw=$(grep ^ipv4_gateway: $tcfg)
|
||||
v4gw=${v4gw#ipv4_gateway: }
|
||||
if [ "$v4gw" = "null" ]; then
|
||||
v4gw=""
|
||||
fi
|
||||
v4nm=$(grep ipv4_netmask: $tcfg)
|
||||
v4nm=${v4nm#ipv4_netmask: }
|
||||
localcli network ip interface ipv4 set -i vmk0 -I $v4addr -N $v4nm -g $v4gw -t static
|
||||
localcli network ip route ipv4 add -n default -g $v4gw
|
||||
fi
|
||||
hmackeyfile=$(mktemp)
|
||||
echo -n $(grep ^apitoken: cnflnt.yml|awk '{print $2}') > $hmackeyfile
|
||||
cd -
|
||||
passfile=$(mktemp)
|
||||
passcrypt=$(mktemp)
|
||||
hmacfile=$(mktemp)
|
||||
ln -s /opt/confluent/bin/clortho /opt/confluent/bin/genpasshmac
|
||||
/opt/confluent/bin/genpasshmac $passfile $passcrypt $hmacfile $hmackeyfile
|
||||
|
||||
fi
|
||||
while ! grep NODENAME /etc/confluent/confluent.info; do
|
||||
echo "Searching for deployment service on local network..."
|
||||
/opt/confluent/bin/copernicus > /etc/confluent/confluent.info
|
||||
|
Reference in New Issue
Block a user