xCAT/confluent
2
0
Fork 0
mirror of https://github.com/xcat2/confluent.git synced 2024-11-22 09:32:21 +00:00
Code Issues Projects Releases Wiki Activity
3,777 Commits 39 Branches 63 Tags 18 MiB
925cca1733
Commit Graph

70 Commits

Author SHA1 Message Date
Jarrod Johnson
ce98ff6b3d Fix suse imgutil build function 2021-08-27 09:03:35 -04:00
Jarrod Johnson
e35ce77bc7 Fix SUSE imgutil 2021-08-27 08:46:47 -04:00
Jarrod Johnson
dd1615b4a7 Fixes for imgutil 2021-08-26 16:03:38 -04:00
Jarrod Johnson
d0c23e490b Tolerate delays in crypt-dm completion for imgutil 2021-08-26 10:38:34 -04:00
Jarrod Johnson
b4ee1ab6af Fix imgutil build 2021-08-25 15:58:48 -04:00
Jarrod Johnson
30e901ef19 Attempt -p and -r arguments to add repos and speciy alternate pakagke list. 2021-08-18 17:34:27 -04:00
Jarrod Johnson
b44ac19723 Provide some info on image progeny on pack 2021-08-18 15:50:03 -04:00
Jarrod Johnson
e9bc7ebe8d Finish conversion of imgutil to argparse 2021-08-12 09:15:15 -04:00
Jarrod Johnson
8a8e9718f9 Begin migration of imgutil to argparse 
We no longer support python 2.6, we can use argparse for better subcommand handling.
 2021-08-11 17:01:32 -04:00
Jarrod Johnson
865021beff Unack to rootfs 
This keeps things neutral and leaves the door open for multipart
support
 2021-08-11 16:14:46 -04:00
Jarrod Johnson
71342272bf Add imgutil unpack 
Provide capability to unpack previously packed diskless images.
 2021-08-10 09:04:30 -04:00
Jarrod Johnson
1e418e1bcf Stub to drive unpack feature 2021-08-09 16:47:27 -04:00
Jarrod Johnson
91caf76cae Fix ownership problems with build and capture 
Some parent directories were never given to confluent user
 2021-08-04 12:12:57 -04:00
Jarrod Johnson
48d84a5422 Fix get_json 
Some handlers may work in bytes or str,
normalize to str on the way out.
 2021-08-02 14:35:59 -04:00
Jarrod Johnson
af9676ee6f Improve appearance of imgutil capture 
Provide more feedback with less worrisome normal output.
 2021-07-27 08:36:48 -04:00
Jarrod Johnson
8ab6fef632 Fix kernel selection on pack 
Make a specialized sort
for kernel versions to more reliably identify the latest version.
 2021-07-26 13:03:26 -04:00
Jarrod Johnson
a720ccdbc8 Set ownership/permissions of private section 
Fix confluent being unable to read, and make the permissions more consistent.
 2021-07-26 11:12:59 -04:00
Jarrod Johnson
0ad59436ec Mitigate scratch consumption 
As an old file is copied in for future disposale, delete
it as we go by fallocate
to punch holes in it.
 2021-07-26 09:19:33 -04:00
Jarrod Johnson
4928f50332 Create private directiories and correct key format 2021-07-23 17:43:47 -04:00
Jarrod Johnson
7f468c3a91 Correct offset to be in sectors, not bytes 2021-07-23 17:32:42 -04:00
Jarrod Johnson
81b4da6a95 Add encrypted stateless pack 2021-07-23 17:11:33 -04:00
Jarrod Johnson
4bde1b963f Transfer encryption key on capture 2021-07-23 16:54:57 -04:00
Jarrod Johnson
54667570bd Create encrypted image and private profile data 
Prepare for securing os profile witht custom images
 2021-07-23 16:13:24 -04:00
Jarrod Johnson
4ddfa192ba Remove sticky bit from profile directory 2021-07-21 12:16:22 -04:00
Jarrod Johnson
fa45ea8ad3 Finalize a captured image 2021-07-21 11:56:15 -04:00
Jarrod Johnson
f4281e115b Fix permissions on generated profile. 2021-07-21 11:53:51 -04:00
Jarrod Johnson
5dfbeef79c Advance state of cloning 
Have imgutil complete the capture process, splitting work
between target and repository.

Provide hook through kcmdline to induce installtodisk.

Have installimage reboot system cleanly when done.

Have new /etc/confluent in cloned system.

Hook for post scripts to execute.
 2021-07-21 11:15:42 -04:00
Jarrod Johnson
cd8a1dfe5e Draft work to flesh out profile and pull back 
Fingerprint the target and prepare for more effort.

Will have another imgutil primitive for post-capture prep to get the
initramfs, kernel, rootimg, and bootloader content ready for copy.
 2021-07-20 17:02:08 -04:00
Jarrod Johnson
2257a67420 Begin wiring imgutil for remote capture 
Will be having to run on remote
system and local system
and combining the results
as well as cleaning up after ourselves on target.
 2021-07-20 15:56:47 -04:00
Jarrod Johnson
55302b74d9 Have prototype cloning implemented 
Go ahead and relabel all selinux content, ssh keys, grub, and efiboot entry.
 2021-07-20 14:07:55 -04:00
Jarrod Johnson
22008f9dc9 Image cloning changes 
Refactor and try to mask ssh
keys for root user.

Try to preserve selinux context for masked files.

Add progress indicator for writing to disk.
 2021-07-19 17:30:26 -04:00
Jarrod Johnson
da44738e00 Generalize more of an OS on capture 
/etc/fstab, hostname, and networnk-scripts are masked
for the image.
 2021-07-15 17:30:50 -04:00
Jarrod Johnson
46c0852b6f Add more non-json data to image format 2021-07-15 12:38:50 -04:00
Jarrod Johnson
e3bd1d6cac Correct format of confluent multipart magic 2021-07-15 11:24:49 -04:00
Jarrod Johnson
85643d82e8 Add losetup to el8 stateless 
For multipart support, need to manually
set up loop mount and dmsetup.
 2021-07-15 10:45:38 -04:00
Jarrod Johnson
7e07ec96a2 Combine json and images into a single multi-part file 
This will facilitate urlmount use for mounting without
downloading.
 2021-07-15 09:12:17 -04:00
Jarrod Johnson
eb3dd0f10a Begin work on imgutil capture 
Provide mechanism to capture for cloning purposes.
 2021-07-14 17:36:55 -04:00
Jarrod Johnson
f830514d10 Implement support for additional pam prompts 
For example, if PAM has OTP, then support it.
 2021-06-25 17:26:32 -04:00
Jarrod Johnson
c19ae8a451 Add tpm2 tools to genesis 
Follow the design of the stateless usage of TPM
 2021-06-24 13:20:47 -04:00
Jarrod Johnson
a8e152cc4a Switch TPM strategy on RedHat diskless 
Switch to thte same approach as used in suse:
-Try to unseal any persistent handles
-If that works, try to use it on network
-If it didn't work, clear that handle
-When an api key is retrieved, then seal it to pcr 15
-When it's all done, extend pcr15 to prevent the OS from being able to
unseal
 2021-06-24 12:04:10 -04:00
Jarrod Johnson
5be4a5ab73 Add missing TPM utilities to suse boot 2021-06-24 11:22:41 -04:00
Jarrod Johnson
ee5ea4263f Add curl to suse15 pkglist 2021-06-23 17:16:13 -04:00
Jarrod Johnson
b30fabd55d Enable TPM2 on SUSE diskless for apikey 
Rather than remote sealed copy, store it in the TPM2

Will convert genesis and EL diskless for this to be the new preferred
mechanism.
 2021-06-23 17:01:27 -04:00
Jarrod Johnson
4445b8cc78 Fix name resolution for suse hosts/containers 
Suse uses a strategy with symlinks, adapt
the resolv.conf target based on findings from
symlink chasing.
 2021-06-23 11:49:16 -04:00
Jarrod Johnson
b2fa2d92c5 Correct formatting mistake in os profile label in diskless 2021-06-23 11:32:43 -04:00
Jarrod Johnson
23231e2b75 Have Suse15 diskless prep initrd and enable sshd 2021-06-22 16:59:12 -04:00
Jarrod Johnson
9ad5f52eed Package up suse diskless support 2021-06-22 16:37:04 -04:00
Jarrod Johnson
76f3537a79 Further advance SUSE15 diskless support 2021-06-22 16:18:32 -04:00
Jarrod Johnson
b26b46dc41 Crate dracut module for suse15 2021-06-22 14:49:15 -04:00
Jarrod Johnson
deec9b111a Initial phase of suse diskless support 2021-06-22 14:29:28 -04:00