mirror of
https://github.com/xcat2/confluent.git
synced 2024-11-27 03:49:57 +00:00
257edff3a7
For whatever reason, SUSE loses the certificate during firstboot.
28 lines
1.4 KiB
Bash
28 lines
1.4 KiB
Bash
#!/bin/bash
|
|
|
|
# This script runs at the end of the final boot, updating status
|
|
exec >> /var/log/confluent/confluent-firstboot.log
|
|
exec 2>> /var/log/confluent/confluent-firstboot.log
|
|
|
|
nodename=$(grep ^NODENAME /etc/confluent/confluent.info|awk '{print $2}')
|
|
confluent_mgr=$(grep ^deploy_server /etc/confluent/confluent.deploycfg|awk '{print $2}')
|
|
confluent_profile=$(grep ^profile: /etc/confluent/confluent.deploycfg|sed -e 's/^rootpassword: //')
|
|
proto=$(grep ^protocol: /etc/confluent/confluent.deploycfg |awk '{print $2}')
|
|
confluent_apikey=$(cat /etc/confluent/confluent.apikey)
|
|
. /etc/confluent/functions
|
|
|
|
for i in /etc/ssh/ssh_host*key.pub; do
|
|
certname=${i/.pub/-cert.pub}
|
|
curl -f -X POST -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $(cat /etc/confluent/confluent.apikey)" -d @$i https://$confluent_mgr/confluent-api/self/sshcert > $certname
|
|
done
|
|
systemctl restart sshd
|
|
run_remote firstboot.custom
|
|
|
|
# Firstboot scripts may be placed into firstboot.d, e.g. firstboot.d/01-firstaction.sh, firstboot.d/02-secondaction.sh
|
|
run_remote_parts firstboot.d
|
|
|
|
# Induce execution of remote configuration, e.g. ansible plays in ansible/firstboot.d/
|
|
run_remote_config firstboot.d
|
|
|
|
curl --capath /etc/confluent/tls -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $confluent_apikey" -f -X POST -d "status: complete" https://$confluent_mgr/confluent-api/self/updatestatus
|