Add mods to adapt an xcat stateless image to a confluennt payload

2025-10-31 03:12:31 +00:00 · 2020-09-17 14:23:37 -04:00
parent 9828ea5898
commit ed842fcc1a
6 changed files with 260 additions and 0 deletions
--- a/misc/xcatstateless/initramfs/usr/lib/dracut/hooks/cmdline/01-confluent.sh
+++ b/misc/xcatstateless/initramfs/usr/lib/dracut/hooks/cmdline/01-confluent.sh
@@ -0,0 +1,18 @@
+#!/bin/bash
+mkdir -p /etc/pki/tls/certs
+echo -n "" >> /tmp/net.ifaces
+cat /tls/*.0 >> /etc/pki/tls/certs/ca-bundle.crt
+if ! grep console= /proc/cmdline >& /dev/null; then
+    autocons=$(/opt/confluent/bin/autocons)
+    if [ -n "$autocons" ]; then
+        echo console=$autocons |sed -e 's!/dev/!!' >> /tmp/01-autocons.conf
+        autocons=${autocons%,*}
+        echo $autocons > /tmp/01-autocons.devnode
+        echo "Detected firmware specified console at $(cat /tmp/01-autocons.conf)" > $autocons
+	echo "Modify profile.yaml and run updateboot to have nodeconsole work by adding console=$(cat /tmp/01-autocons.conf)" > $autocons
+    fi
+fi
+if grep console=ttyS /proc/cmdline >& /dev/null; then
+    echo "Serial console has been requested in the kernel arguments, the local video may not show progress" > /dev/tty1
+fi
+
--- a/misc/xcatstateless/initramfs/usr/lib/dracut/hooks/initqueue/01-confluent.sh
+++ b/misc/xcatstateless/initramfs/usr/lib/dracut/hooks/initqueue/01-confluent.sh
@@ -0,0 +1,126 @@
+#!/bin/sh
+[ -e /tmp/confluent.initq ] && return 0
+if [ -f /tmp/dd_disk ]; then
+    for dd in $(cat /tmp/dd_disk); do
+        if [ -e $dd ]; then
+            driver-updates --disk $dd $dd
+        fi
+    done
+fi
+TRIES=0
+oum=$(umask)
+umask 0077
+mkdir -p /etc/confluent
+echo -n > /etc/confluent/confluent.info
+umask $oum
+cd /sys/class/net
+while ! grep ^EXTMGRINFO: /etc/confluent/confluent.info | awk -F'|' '{print $3}' | grep 1 >& /dev/null && [ "$TRIES" -lt 60 ]; do
+    TRIES=$((TRIES + 1))
+    for currif in *; do
+        ip link set $currif up
+    done
+    /opt/confluent/bin/copernicus -t > /etc/confluent/confluent.info
+done
+cd /
+grep ^EXTMGRINFO: /etc/confluent/confluent.info || return 0  # Do absolutely nothing if no data at all yet
+echo -n "" > /tmp/confluent.initq
+# restart cmdline
+echo -n "" > /etc/cmdline.d/01-confluent.conf
+mkdir -p /var/log/xcat
+
+#TODO: blkid --label <whatever> to find mounted api
+nodename=$(grep ^NODENAME /etc/confluent/confluent.info|awk '{print $2}')
+mgr=$(grep ^EXTMGRINFO: /etc/confluent/confluent.info| sed -e 's/^EXTMGRINFO: //' | awk -F'|' '{print $1 " " $2 " " $3}' |grep 1$ | awk 'NR < 2')
+if [ -z "$mgr" ]; then
+    mgr=$(grep ^EXTMGRINFO: /etc/confluent/confluent.info| sed -e 's/^EXTMGRINFO: //' | awk -F'|' '{print $1 " " $2 " " $3}' | awk 'NR < 2')
+fi
+mgtiface=$(echo $mgr | awk '{print $2}')
+mgr=$(echo $mgr | awk '{print $1}')
+if [ ! -f /etc/confluent/confluent.apikey ]; then
+    /opt/confluent/bin/clortho $nodename $mgr > /etc/confluent/confluent.apikey
+fi
+if echo $mgr | grep '%' > /dev/null; then
+    echo $mgr | awk -F% '{print $2}' > /tmp/confluent.ifidx
+fi
+apikey=$(cat /etc/confluent/confluent.apikey)
+if echo $mgr | grep ':' > /dev/null; then
+    mgr="[$mgr]"
+fi
+curl -f -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $apikey" -H "CONFLUENT_MGTIFACE: $mgtiface" https://$mgr/confluent-api/self/deploycfg > /etc/confluent/confluent.deploycfg
+
+
+
+
+cat /tls/*.pem > /etc/confluent/ca.pem
+ifidx=$(cat /tmp/confluent.ifidx)
+ifname=$(ip link |grep ^$ifidx:|awk '{print $2}')
+ifname=${ifname%:}
+echo $ifname > /tmp/net.ifaces
+
+dnsdomain=$(grep ^dnsdomain: /etc/confluent/confluent.deploycfg)
+dnsdomain=${dnsdomain#dnsdomain: }
+hostname=$nodename
+if [ ! -z "$dnsdomain" ] && [ "$dnsdomain" != "null" ]; then
+    hostname=$hostname.$dnsdomain
+fi
+mgr=$(grep ^deploy_server: /etc/confluent/confluent.deploycfg)
+mgr=${mgr#deploy_server: }
+if ! grep XCAT /proc/cmdline > /dev/null; then
+        echo XCAT=$mgr:3001 >> /etc/cmdline.d/01-confluent.conf
+fi
+profilename=$(grep ^profile: /etc/confluent/confluent.deploycfg)
+profilename=${profilename#profile: }
+proto=$(grep ^protocol: /etc/confluent/confluent.deploycfg)
+proto=${proto#protocol: }
+textconsole=$(grep ^textconsole: /etc/confluent/confluent.deploycfg)
+textconsole=${textconsole#textconsole: }
+if [ "$textconsole" = "true" ] && ! grep console= /proc/cmdline > /dev/null; then
+        autocons=$(cat /tmp/01-autocons.devnode)
+        if [ ! -z "$autocons" ]; then
+            echo Auto-configuring installed system to use text console
+            echo Auto-configuring installed system to use text console > $autocons
+            cp /tmp/01-autocons.conf /etc/cmdline.d/
+        else
+            echo "Unable to automatically detect requested text console"
+        fi
+fi
+
+echo imgurl=$proto://$mgr/confluent-public/os/$profilename/rootimg.cpio.gz >> /etc/cmdline.d/01-confluent.conf
+autoconfigmethod=$(grep ipv4_method /etc/confluent/confluent.deploycfg)
+autoconfigmethod=${autoconfigmethod#ipv4_method: }
+if [ "$autoconfigmethod" = "dhcp" ]; then
+    echo ip=$ifname:dhcp >>  /etc/cmdline.d/01-confluent.conf
+else
+    v4addr=$(grep ^ipv4_address: /etc/confluent/confluent.deploycfg)
+    v4addr=${v4addr#ipv4_address: }
+    v4gw=$(grep ^ipv4_gateway: /etc/confluent/confluent.deploycfg)
+    v4gw=${v4gw#ipv4_gateway: }
+    if [ "$v4gw" = "null" ]; then
+        v4gw=""
+    fi
+    v4nm=$(grep ipv4_netmask: /etc/confluent/confluent.deploycfg)
+    v4nm=${v4nm#ipv4_netmask: }
+    echo ip=$v4addr::$v4gw:$v4nm:$hostname:$ifname:none >> /etc/cmdline.d/01-confluent.conf
+    mkdir -p /etc/sysconfig/network-scripts
+    ifcfg=/etc/sysconfig/network-scripts/ifcfg-$ifname
+    echo DEVICE=$ifname >> $ifcfg
+    echo NAME=$ifname >> $ifcfg
+    echo IPADDR=$v4addr >> $ifcfg
+    echo GATEWAY=$v4gw >> $ifcfg
+    echo NETMASK=$v4nm >> $ifcfg
+fi
+nameserversec=0
+while read -r entry; do
+    if [ $nameserversec = 1 ]; then
+        if [[ $entry == "-"* ]] && [[ $entry != "- ''" ]]; then
+            echo nameserver=${entry#- } >> /etc/cmdline.d/01-confluent.conf
+            continue
+        fi
+    fi
+    nameserversec=0
+    if [ "${entry%:*}" = "nameservers" ]; then
+        nameserversec=1
+        continue
+    fi
+done < /etc/confluent/confluent.deploycfg
+
--- a/misc/xcatstateless/initramfs/usr/lib/dracut/hooks/pre-pivot/01-confluent.sh
+++ b/misc/xcatstateless/initramfs/usr/lib/dracut/hooks/pre-pivot/01-confluent.sh
@@ -0,0 +1,40 @@
+#!/bin/bash
+BUNDLENAME=/sysroot/etc/pki/tls/certs/ca-bundle.crt
+while [ -h $BUNDLENAME ]; do
+    BUNDLENAME=/sysroot/$(readlink $BUNDLENAME)
+done
+cat /tls/*.0 >> $BUNDLENAME
+mkdir -p /sysroot/etc/confluent/
+chmod 700 /sysroot/etc/confluent
+cp -a /tls /sysroot/etc/confluent
+cp /etc/confluent/* /sysroot/etc/confluent
+rootpw=$(grep ^rootpassword: /etc/confluent/confluent.deploycfg | awk '{print $2}')
+if [ "null" = "$rootpw" -o "" = $rootpw ]; then
+        rootpw='*'
+fi
+sed -i "s!root:[^:]*:!root:$rootpw:!" /sysroot/etc/shadow
+mkdir -p /sysroot/root/.ssh
+chmod 700 /sysroot/root/.ssh
+cat /ssh/*.rootpubkey > /sysroot/root/.ssh/authorized_keys
+chmod 600 /sysroot/root/.ssh/authorized_keys
+mkdir -p /sysroot/etc/ssh/
+for i in /ssh/*.ca; do
+    echo '@cert-authority *' $(cat $i) >> /sysroot/etc/ssh/ssh_known_hosts
+done
+cp /opt/confluent/bin/apiclient /sysroot/etc/confluent
+cp /etc/sysconfig/network-scripts/* /sysroot/etc/sysconfig/network-scripts/
+ifname=$(ip link|grep ^$(cat /tmp/confluent.ifidx) | awk '{print $2}'|sed -e 's/://')
+mkdir /sysroot/tmp
+ip link set $ifname down; ip link set $ifname up
+while ! ip addr show dev $ifname|grep fe80 > /dev/null; do
+        sleep 0.1
+done
+while ip addr|grep tentative > /dev/null; do
+        sleep 0.1
+done
+mgr=$(grep ^deploy_server: /etc/confluent/confluent.deploycfg|awk '{print $2}')
+profile=$(grep ^profile: /etc/confluent/confluent.deploycfg|awk '{print $2}')
+export mgr profile
+curl -Ssf https://$mgr/confluent-public/os/$profile/scripts/earlyboot.sh > /sysroot/etc/confluent/earlyboot.sh
+chroot /sysroot bash /etc/confluent/earlyboot.sh
+
--- a/misc/xcatstateless/scripts/earlyboot.sh
+++ b/misc/xcatstateless/scripts/earlyboot.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+mgr=$(grep ^deploy_server: /etc/confluent/confluent.deploycfg|awk '{print $2}')
+profile=$(grep ^profile: /etc/confluent/confluent.deploycfg|awk '{print $2}')
+nodename=$(grep ^NODENAME: /etc/confluent/confluent.info|awk '{print $2}')
+export mgr profile nodename
+curl -sSf https://$mgr/confluent-public/os/$profile/scripts/functions > /tmp/functions
+. /tmp/functions
+
+run_remote setupssh.sh
+
--- a/misc/xcatstateless/scripts/functions
+++ b/misc/xcatstateless/scripts/functions
@@ -0,0 +1,38 @@
+run_remote() {
+    requestedcmd="'$*'"
+    echo
+    echo '---------------------------------------------------------------------------'
+    echo Running $requestedcmd from https://$mgr/confluent-public/os/$profile/scripts/
+    tmpdir=$(mktemp -d)
+    echo Executing in $tmpdir
+    cd $tmpdir
+    curl -f -sS https://$mgr/confluent-public/os/$profile/scripts/$1 > $1
+    if [ $? != 0 ]; then echo $requestedcmd failed to download; return 1; fi
+    chmod +x $1
+    cmd=$1
+    if [ -x /usr/bin/chcon ]; then
+        chcon system_u:object_r:bin_t:s0 $cmd >& /dev/null
+    fi
+    shift
+    ./$cmd $*
+    retcode=$?
+    echo "$requestedcmd exited with code $retcode"
+    cd - > /dev/null
+    return $retcode
+}
+
+run_remote_python() {
+    echo
+    echo '---------------------------------------------------------------------------'
+    echo Running python script "'$*'" from https://$mgr/confluent-public/os/$profile/scripts/
+    tmpdir=$(mktemp -d)
+    echo Executing in $tmpdir
+    cd $tmpdir
+    curl -f -sS https://$mgr/confluent-public/os/$profile/scripts/$1 > $1
+    if [ $? != 0 ]; then echo "'$*'" failed to download; return 1; fi
+    /usr/libexec/platform-python $*
+    retcode=$?
+    echo "'$*' exited with code $retcode"
+    cd - > /dev/null
+    return $retcode
+}
--- a/misc/xcatstateless/scripts/setupssh.sh
+++ b/misc/xcatstateless/scripts/setupssh.sh
@@ -0,0 +1,27 @@
+#!/bin/sh
+
+rm /etc/ssh/*host*key* >& /dev/null
+ssh-keygen -A
+/usr/libexec/platform-python /etc/confluent/apiclient >& /dev/null
+for pubkey in /etc/ssh/ssh_host*key.pub; do
+    certfile=${pubkey/.pub/-cert.pub}
+    /usr/libexec/platform-python /etc/confluent/apiclient /confluent-api/self/sshcert $pubkey > $certfile
+    echo HostCertificate $certfile >> /etc/ssh/sshd_config
+done
+
+echo HostbasedAuthentication yes >> /etc/ssh/sshd_config
+echo HostbasedUsesNameFromPacketOnly yes >> /etc/ssh/sshd_config
+echo IgnoreRhosts no >> /etc/ssh/sshd_config
+if [ -d /etc/ssh/ssh_config.d/ ]; then
+    sshconf=/etc/ssh/ssh_config.d/01-confluent.conf
+fi
+echo 'Host *' >> $sshconf
+echo '    HostbasedAuthentication yes' >> $sshconf
+echo '    EnableSSHKeysign yes' >> $sshconf
+echo '    HostbasedKeyTypes *ed25519*' >> $sshconf
+
+curl -Ssf -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $(cat /etc/confluent/confluent.apikey)" https://$mgr/confluent-api/self/nodelist > /tmp/allnodes
+cp /tmp/allnodes /etc/ssh/shosts.equiv
+cp /tmp/allnodes /root/.shosts
+rm /tmp/allnodes
+