xCAT/confluent
2
0
Fork 0
mirror of https://github.com/xcat2/confluent.git synced 2025-01-14 19:57:50 +00:00
Code Issues Projects Releases Wiki Activity
3,704 Commits 39 Branches 64 Tags
Commit Graph

438 Commits

Author SHA1 Message Date
Jarrod Johnson
364085801a Fix apikey variable 2021-07-21 17:44:43 -04:00
Jarrod Johnson
8171d461ea Another selinux fixup 
systemctl enable firstboot
produces invalid selinux context, fix aafter enabling.
 2021-07-21 17:34:53 -04:00
Jarrod Johnson
3690dda177 Actually enable firstboot execution 2021-07-21 16:48:38 -04:00
Jarrod Johnson
365b81e7e1 Prune all .gitignore files, not just blessed profiles 2021-07-21 13:57:06 -04:00
Jarrod Johnson
b3fee922f9 Try to speed up selinux labelling 
There's only a couple of places
where the imaging should need fixup, be more selective in relabel.
 2021-07-21 13:26:31 -04:00
Jarrod Johnson
29d0dd6678 Add missing profile content for cloning 2021-07-21 12:47:43 -04:00
Jarrod Johnson
7d31e22447 Add post/firstboot to os cloning 2021-07-21 12:28:03 -04:00
Jarrod Johnson
5dfbeef79c Advance state of cloning 
Have imgutil complete the capture process, splitting work
between target and repository.

Provide hook through kcmdline to induce installtodisk.

Have installimage reboot system cleanly when done.

Have new /etc/confluent in cloned system.

Hook for post scripts to execute.
 2021-07-21 11:15:42 -04:00
Jarrod Johnson
55302b74d9 Have prototype cloning implemented 
Go ahead and relabel all selinux content, ssh keys, grub, and efiboot entry.
 2021-07-20 14:07:55 -04:00
Jarrod Johnson
22008f9dc9 Image cloning changes 
Refactor and try to mask ssh
keys for root user.

Try to preserve selinux context for masked files.

Add progress indicator for writing to disk.
 2021-07-19 17:30:26 -04:00
Jarrod Johnson
fada9336ee Fix swapsize float in image install 
If it undergoes float arithmetic, it must be made int again.
 2021-07-16 17:23:21 -04:00
Jarrod Johnson
bda51d2106 Start fixup, first up is the fstab 
Provide an fstab consistent
with redhat strategy, but with
the new uuids from imaging.
 2021-07-16 17:02:53 -04:00
Jarrod Johnson
88d49c9f40 Start image2disk 
This marks having written out
the partitions verbatim.
 2021-07-16 16:29:56 -04:00
Jarrod Johnson
c92b2f4255 Stage for python application to actually execute the install 2021-07-16 12:03:11 -04:00
Jarrod Johnson
ece525c2e2 Begin work on install and filter small devices from install candidacy 2021-07-16 11:11:13 -04:00
Jarrod Johnson
386dc2348c Mount multiple partitions in diskless mode 2021-07-16 10:39:11 -04:00
Jarrod Johnson
da44738e00 Generalize more of an OS on capture 
/etc/fstab, hostname, and networnk-scripts are masked
for the image.
 2021-07-15 17:30:50 -04:00
Jarrod Johnson
e43e5ac167 Add confluent_imgutil to addons 2021-07-15 14:42:26 -04:00
Jarrod Johnson
9458d33cc5 Add multipart image support to diskless 2021-07-15 14:39:17 -04:00
Jarrod Johnson
1570d3dbe3 Add c utility for reading confluent multipart images 2021-07-15 12:39:19 -04:00
Jarrod Johnson
101b5685d1 Move kickstart.custom fetch to before pre.d 
Allow custom scripts to further customize kickstart.custom
by modifying /tmp/kickstart.custom
 2021-07-12 09:23:01 -04:00
Jarrod Johnson
71d8b89a57 Fix profile name not being set in time 2021-07-09 16:22:57 -04:00
Jarrod Johnson
ea26478714 Add needed dependency for OFED 2021-07-08 11:54:14 -04:00
Jarrod Johnson
175f9317ac Skip 32bit portion of mofed 2021-07-08 11:45:43 -04:00
Jarrod Johnson
b291dee68c Add bind-utils, skip iwl*-firmware, and alphabatize packages 2021-07-08 11:38:50 -04:00
Jarrod Johnson
08cf1bbf48 Fix the sed syntax for LEAP import 2021-07-01 14:07:43 -04:00
Jarrod Johnson
e565a1752f Fix LEAP initprofile behavior 2021-07-01 13:43:31 -04:00
Jarrod Johnson
f2eba22b9b Fix TLS certs for el8 diskless 
Properly place and process
the TLS certs for a site.
 2021-06-25 13:06:35 -04:00
Jarrod Johnson
1fcab688dd Fix connection name in networkmanager diskless 2021-06-25 10:56:35 -04:00
Jarrod Johnson
abfa2c4f7c Switch back to default curl output 
The terminal size on console is a challenge.
 2021-06-24 17:01:35 -04:00
Jarrod Johnson
3be73af07e Change style of download progress in curl 
Use a simpler progress bar.
 2021-06-24 16:46:10 -04:00
Jarrod Johnson
a2b2c8a995 Remove extraneous '/' output 
Suppress output of cd -, as
it's a bit odd during boot.
 2021-06-24 15:57:03 -04:00
Jarrod Johnson
42f8056d56 Fix apiclient with TPM managed token 
The retry mechanism is amended
to clear out the useless key
and start trying to get a network grant again.
 2021-06-24 14:53:54 -04:00
Jarrod Johnson
2ef695324a Migrate genesis to new TPM strategy 
Have addons for genesis
implement the same TPM usage
model as the suse/redhat stateless.
 2021-06-24 14:35:21 -04:00
Jarrod Johnson
a8e152cc4a Switch TPM strategy on RedHat diskless 
Switch to thte same approach as used in suse:
-Try to unseal any persistent handles
-If that works, try to use it on network
-If it didn't work, clear that handle
-When an api key is retrieved, then seal it to pcr 15
-When it's all done, extend pcr15 to prevent the OS from being able to
unseal
 2021-06-24 12:04:10 -04:00
Jarrod Johnson
c92b3aea9d Mitigate error output from extraneous handles 
Unrelated handles in use will no longer result in misleading console
output.
 2021-06-24 11:41:34 -04:00
Jarrod Johnson
3c41c52d77 Rework TPM usage in SUSE diskless 
For one, need to detect stale
TPM value and clear them.

For another, seal to PCR 15 and extend after unlock, so that the booted
system is unable to retrieve
the data from the TPM (e.g.
a plain user by default is allowed
to unseal data if there's no
policy, so use a policy and
extend the state away before boot)
 2021-06-24 11:09:37 -04:00
Jarrod Johnson
e24a3a7231 Change media_url 
Have autoyast file pass validation and adapt
the processing to work with it.
 2021-06-24 08:27:55 -04:00
Jarrod Johnson
bffb7a8cac Correct typo in suse install autoconsole message 2021-06-23 17:52:21 -04:00
Jarrod Johnson
feb418ac59 Store TPM unsealed apikey in usual location 2021-06-23 17:22:18 -04:00
Jarrod Johnson
b30fabd55d Enable TPM2 on SUSE diskless for apikey 
Rather than remote sealed copy, store it in the TPM2

Will convert genesis and EL diskless for this to be the new preferred
mechanism.
 2021-06-23 17:01:27 -04:00
Jarrod Johnson
d86fc664e9 Handle space delimiting in nameservers 
If multiple dns servers, then need to quote to preserve
the list.
 2021-06-23 12:35:54 -04:00
Jarrod Johnson
6862d9e580 Correct formatting of nameserver list in suse 2021-06-23 12:26:49 -04:00
Jarrod Johnson
dc8cb1b13f Correct syntax in imageboot for suse 2021-06-23 12:24:36 -04:00
Jarrod Johnson
f10d2af59f Specify netconfig file location 2021-06-23 12:16:08 -04:00
Jarrod Johnson
172bb12885 Modify Suse diskless for suse networking 
Suse doesn't use network manager, populate sysconfig
instead.
 2021-06-23 12:07:13 -04:00
Jarrod Johnson
9ad5f52eed Package up suse diskless support 2021-06-22 16:37:04 -04:00
Jarrod Johnson
76f3537a79 Further advance SUSE15 diskless support 2021-06-22 16:18:32 -04:00
Jarrod Johnson
59e6dc80b3 Remove commented, non-working concept code 
The code was going to replace XInclude with something more manual
from sed and xml comments, but yast strips the comments.

So we instead manually make hooks for the replacement items.
 2021-06-22 12:21:18 -04:00
Jarrod Johnson
e34d76f7eb OpenSUSE 15.3 support 
A number of changes in opensuse 15.3 require modifying our
strategy.

No more XInclude. This seems to be unintentional, but it released
and so we will work around it.

Some somewhat incorrect values, as pointed out by new validation.
 2021-06-22 12:19:54 -04:00