xCAT/confluent
2
0
Fork 0
mirror of https://github.com/xcat2/confluent.git synced 2024-11-22 17:43:14 +00:00
Code Issues Projects Releases Wiki Activity
3,627 Commits 39 Branches 63 Tags 18 MiB
9c43dbff47
Commit Graph

411 Commits

Author SHA1 Message Date
Jarrod Johnson
f2eba22b9b Fix TLS certs for el8 diskless 
Properly place and process
the TLS certs for a site.
 2021-06-25 13:06:35 -04:00
Jarrod Johnson
1fcab688dd Fix connection name in networkmanager diskless 2021-06-25 10:56:35 -04:00
Jarrod Johnson
abfa2c4f7c Switch back to default curl output 
The terminal size on console is a challenge.
 2021-06-24 17:01:35 -04:00
Jarrod Johnson
3be73af07e Change style of download progress in curl 
Use a simpler progress bar.
 2021-06-24 16:46:10 -04:00
Jarrod Johnson
a2b2c8a995 Remove extraneous '/' output 
Suppress output of cd -, as
it's a bit odd during boot.
 2021-06-24 15:57:03 -04:00
Jarrod Johnson
42f8056d56 Fix apiclient with TPM managed token 
The retry mechanism is amended
to clear out the useless key
and start trying to get a network grant again.
 2021-06-24 14:53:54 -04:00
Jarrod Johnson
2ef695324a Migrate genesis to new TPM strategy 
Have addons for genesis
implement the same TPM usage
model as the suse/redhat stateless.
 2021-06-24 14:35:21 -04:00
Jarrod Johnson
a8e152cc4a Switch TPM strategy on RedHat diskless 
Switch to thte same approach as used in suse:
-Try to unseal any persistent handles
-If that works, try to use it on network
-If it didn't work, clear that handle
-When an api key is retrieved, then seal it to pcr 15
-When it's all done, extend pcr15 to prevent the OS from being able to
unseal
 2021-06-24 12:04:10 -04:00
Jarrod Johnson
c92b3aea9d Mitigate error output from extraneous handles 
Unrelated handles in use will no longer result in misleading console
output.
 2021-06-24 11:41:34 -04:00
Jarrod Johnson
3c41c52d77 Rework TPM usage in SUSE diskless 
For one, need to detect stale
TPM value and clear them.

For another, seal to PCR 15 and extend after unlock, so that the booted
system is unable to retrieve
the data from the TPM (e.g.
a plain user by default is allowed
to unseal data if there's no
policy, so use a policy and
extend the state away before boot)
 2021-06-24 11:09:37 -04:00
Jarrod Johnson
e24a3a7231 Change media_url 
Have autoyast file pass validation and adapt
the processing to work with it.
 2021-06-24 08:27:55 -04:00
Jarrod Johnson
bffb7a8cac Correct typo in suse install autoconsole message 2021-06-23 17:52:21 -04:00
Jarrod Johnson
feb418ac59 Store TPM unsealed apikey in usual location 2021-06-23 17:22:18 -04:00
Jarrod Johnson
b30fabd55d Enable TPM2 on SUSE diskless for apikey 
Rather than remote sealed copy, store it in the TPM2

Will convert genesis and EL diskless for this to be the new preferred
mechanism.
 2021-06-23 17:01:27 -04:00
Jarrod Johnson
d86fc664e9 Handle space delimiting in nameservers 
If multiple dns servers, then need to quote to preserve
the list.
 2021-06-23 12:35:54 -04:00
Jarrod Johnson
6862d9e580 Correct formatting of nameserver list in suse 2021-06-23 12:26:49 -04:00
Jarrod Johnson
dc8cb1b13f Correct syntax in imageboot for suse 2021-06-23 12:24:36 -04:00
Jarrod Johnson
f10d2af59f Specify netconfig file location 2021-06-23 12:16:08 -04:00
Jarrod Johnson
172bb12885 Modify Suse diskless for suse networking 
Suse doesn't use network manager, populate sysconfig
instead.
 2021-06-23 12:07:13 -04:00
Jarrod Johnson
9ad5f52eed Package up suse diskless support 2021-06-22 16:37:04 -04:00
Jarrod Johnson
76f3537a79 Further advance SUSE15 diskless support 2021-06-22 16:18:32 -04:00
Jarrod Johnson
59e6dc80b3 Remove commented, non-working concept code 
The code was going to replace XInclude with something more manual
from sed and xml comments, but yast strips the comments.

So we instead manually make hooks for the replacement items.
 2021-06-22 12:21:18 -04:00
Jarrod Johnson
e34d76f7eb OpenSUSE 15.3 support 
A number of changes in opensuse 15.3 require modifying our
strategy.

No more XInclude. This seems to be unintentional, but it released
and so we will work around it.

Some somewhat incorrect values, as pointed out by new validation.
 2021-06-22 12:19:54 -04:00
Jarrod Johnson
490827fe3a Allow memory reclamation through deletion 
When going to zram, things were solid for space reduction as
data was written, however memory could no longer be reclaimed.

It turns out that zram supports TRIM, and by telling xfs discard,
we have it do trim-on-demand. It is by default off out of performance
concerns, but I don't think that applies to a zram backed filesystem.
 2021-06-15 09:36:44 -04:00
Jarrod Johnson
2ecab0432c Fix imageboot.sh issues for diskless boot 2021-06-15 08:58:21 -04:00
Jarrod Johnson
3f87696978 Fix typo in imageboot.sh script 2021-06-15 08:38:27 -04:00
Jarrod Johnson
38a4e20b9a Fix issues around imageboot and source in functions 2021-06-15 08:31:45 -04:00
Jarrod Johnson
62ac393721 Fix imgutil profile path and osdeploy diskless layout 2021-06-15 08:00:09 -04:00
Jarrod Johnson
1d148afd70 Add sourcing of functions to dracut hook 2021-06-14 18:46:36 -04:00
Jarrod Johnson
03cb065342 Fix inconsistency with naming of profiles 2021-06-14 16:09:48 -04:00
Jarrod Johnson
cb4b8ab06f First pass at packaging imgutil 2021-06-14 16:02:52 -04:00
Jarrod Johnson
60aef0767c Pull in the diskless profile content for os deploy 2021-06-14 14:38:38 -04:00
Jarrod Johnson
15f5ec9362 Rename common to 'default' 2021-06-14 14:37:40 -04:00
Jarrod Johnson
870c8255f4 Move diskless to el8-diskless 
The code so far is EL8 specific, properly
organize it.
 2021-06-14 14:36:23 -04:00
Jarrod Johnson
795645f90a Extract boot logic from 'addons.cpio' 
Make it easier to see and customize image boot script
behavior, leaving addons.cpio only to bring up network
and set up ssh.
 2021-06-14 14:33:35 -04:00
Jarrod Johnson
261def8de2 Rename and refactor imgutil to separate rpm 2021-06-14 07:39:01 -04:00
Jarrod Johnson
25f65a278f Notation on untethered option 2021-06-11 16:18:59 -04:00
Jarrod Johnson
f565030087 Switch to zram for overlay 
Further mitigate unevictable memory penalty
for written files in stateless.
 2021-06-11 16:16:17 -04:00
Jarrod Johnson
fa3220f3d1 Actually fix up the osdeploy build 
For now, stub out the diskless profile dir, which doesn't quite
exist yet.
 2021-06-04 17:45:52 -04:00
Jarrod Johnson
14bc4df92e Fix path mistake in osdeploy build script 2021-06-04 17:33:14 -04:00
Jarrod Johnson
1645d47b73 Fix clortho 
The suggested correection for clortho was in fact
incorrect.  Revert back and cast it.
 2021-06-04 17:19:19 -04:00
Jarrod Johnson
bf158bc5aa Prep for diskless specific profile categories 2021-06-03 18:20:47 -04:00
Jarrod Johnson
8228c345bc Fix the build path of the stateless path 2021-06-03 18:12:18 -04:00
Jarrod Johnson
8eecd03d4b Correct path name in build process 2021-06-03 17:50:01 -04:00
Jarrod Johnson
044ae53ae3 Add symlink for site, and placeholder for addons 
Will need to detect the proper 'category' for
the addons link.
 2021-06-03 17:20:41 -04:00
Jarrod Johnson
1a30876a2d Begin work to package diskless support 
First will work on the 'addons' portion of the needed
work.
 2021-06-03 17:17:42 -04:00
Jarrod Johnson
e0c59cc341 Fixup c utilities and add start_root 
The diskless will use start_root to boot the 'main' OS as a container.
 2021-06-03 17:06:10 -04:00
Jarrod Johnson
93c21d4148 Commit to python3 ofr imgutil 
The imgutil will never be supported with python2,
so we will go ahead and commit to python.
 2021-06-03 16:52:22 -04:00
Jarrod Johnson
e23a88a4c3 Have resolv.conf more reliably work 
Also, make sure it is read-only in the exec case
 2021-06-03 15:47:17 -04:00
Jarrod Johnson
db965f133e Add a 'pack' and attempt to bind /etc/resolv.conf on exec 
This facilitates custom manual image work
 2021-06-02 17:26:46 -04:00