mirror of
https://github.com/xcat2/confluent.git
synced 2025-02-06 05:52:39 +00:00
624984b1c9
TIOCCONS was called for users that did not want to use serial. This makes the serial console delayeed when automatic, but avoids video users from being confused.
165 lines
6.2 KiB
Bash
165 lines
6.2 KiB
Bash
#!/bin/bash
|
|
export LANG=en_US.utf8
|
|
mkdir -p /etc/confluent
|
|
if ! grep console= /proc/cmdline >& /dev/null; then
|
|
autocons=$(/opt/confluent/bin/autocons)
|
|
echo console=$autocons |sed -e 's!/dev/!!' >> /tmp/01-autocons.conf
|
|
autocons=${autocons%,*}
|
|
echo $autocons > /tmp/01-autocons.devnode
|
|
if [ ! -z "$autocons" ]; then
|
|
echo "Using $(cat /tmp/01-autocons.conf)"
|
|
(while :; do TERM=xterm-256color tmux a <> $autocons >&0 2>&1; done) &
|
|
(while :; do TERM=linux tmux a <> /dev/tty1 >&0 2>&1; done) &
|
|
else
|
|
(while :; do TERM=linux tmux a <> /dev/console >&0 2>&1; done) &
|
|
fi
|
|
else
|
|
(while :; do TERM=xterm-256color tmux a <> /dev/console >&0 2>&1; done) &
|
|
(while :; do TERM=linux tmux a <> /dev/tty1 >&0 2>&1; done) &
|
|
fi
|
|
(while :; do TERM=linux tmux <> /dev/tty2 >&0 2>&1; done) &
|
|
echo -n "udevd: "
|
|
/usr/lib/systemd/systemd-udevd --daemon
|
|
echo -n "Loading drivers..."
|
|
udevadm trigger
|
|
udevadm trigger --type=devices --action=add
|
|
udevadm settle
|
|
modprobe ib_ipoib
|
|
modprobe ib_umad
|
|
modprobe hfi1
|
|
modprobe mlx5_ib
|
|
echo "done"
|
|
cat > /etc/ssh/sshd_config << EOF
|
|
Port 22
|
|
Port 3389
|
|
Subsystem sftp /usr/libexec/openssh/sftp-server
|
|
PermitRootLogin yes
|
|
AuthorizedKeysFile .ssh/authorized_keys
|
|
EOF
|
|
mkdir ~/.ssh
|
|
cat /ssh/*pubkey > ~/.ssh/authorized_keys 2>/dev/null
|
|
cat /tls/*.pem > /etc/confluent/ca.pem
|
|
mkdir -p /etc/pki/tls/certs
|
|
cat /tls/*.pem > /etc/pki/tls/certs/ca-bundle.crt
|
|
TRIES=0
|
|
touch /etc/confluent/confluent.info
|
|
cd /sys/class/net
|
|
echo -n "Scanning for network configuration..."
|
|
while ! grep ^EXTMGRINFO: /etc/confluent/confluent.info | awk -F'|' '{print $3}' | grep 1 >& /dev/null && [ "$TRIES" -lt 30 ]; do
|
|
TRIES=$((TRIES + 1))
|
|
for i in *; do
|
|
ip link set $i up
|
|
done
|
|
/opt/confluent/bin/copernicus -t > /etc/confluent/confluent.info
|
|
done
|
|
cd /
|
|
nodename=$(grep ^NODENAME /etc/confluent/confluent.info|awk '{print $2}')
|
|
hostname $nodename
|
|
tpmdir=$(mktemp -d)
|
|
cd $tpmdir
|
|
lasthdl=""
|
|
oldumask=$(umask)
|
|
umask 0077
|
|
for hdl in $(tpm2_getcap handles-persistent|awk '{print $2}'); do
|
|
tpm2_startauthsession --policy-session --session=session.ctx
|
|
tpm2_policypcr -Q --session=session.ctx --pcr-list="sha256:15" --policy=pcr15.sha256.policy
|
|
unsealeddata=$(tpm2_unseal --auth=session:session.ctx -Q -c $hdl 2>/dev/null)
|
|
tpm2_flushcontext session.ctx
|
|
if [[ $unsealeddata == "CONFLUENT_APIKEY:"* ]]; then
|
|
confluent_apikey=${unsealeddata#CONFLUENT_APIKEY:}
|
|
echo $confluent_apikey > /etc/confluent/confluent.apikey
|
|
if [ -n "$lasthdl" ]; then
|
|
tpm2_evictcontrol -c $lasthdl
|
|
fi
|
|
lasthdl=$hdl
|
|
fi
|
|
done
|
|
cd - > /dev/null
|
|
rm -rf $tpmdir
|
|
/usr/libexec/platform-python /opt/confluent/bin/apiclient /confluent-api/self/deploycfg2 > /etc/confluent/confluent.deploycfg
|
|
if [ ! -z "$autocons" ] && grep textconsole: true /etc/confluent/confluent.deploycfg > /dev/null; then /opt/confluent/bin/autocons -c > /dev/null; fi
|
|
umask $oldumask
|
|
new_apikey=$(cat /etc/confluent/confluent.apikey)
|
|
if [ "$new_apikey" != "$confluent_apikey" ]; then
|
|
if [ -n "$lasthdl" ]; then
|
|
tpm2_evictcontrol -c $lasthdl
|
|
fi
|
|
tmpdir=$(mktemp -d)
|
|
cd $tmpdir
|
|
tpm2_startauthsession --session=session.ctx
|
|
tpm2_policypcr -Q --session=session.ctx --pcr-list="sha256:15" --policy=pcr15.sha256.policy
|
|
tpm2_createprimary -G ecc -Q --key-context=prim.ctx
|
|
(echo -n "CONFLUENT_APIKEY:$new_apikey") | tpm2_create -Q --policy=pcr15.sha256.policy --public=data.pub --private=data.priv -i - -C prim.ctx
|
|
tpm2_load -Q --parent-context=prim.ctx --public=data.pub --private=data.priv --name=confluent.apikey --key-context=data.ctx
|
|
tpm2_evictcontrol -Q -c data.ctx
|
|
tpm2_flushcontext session.ctx
|
|
cd - > /dev/null
|
|
rm -rf $tmpdir
|
|
fi
|
|
tpm2_pcrextend 15:sha256=2fbe96c50dde38ce9cd2764ddb79c216cfbcd3499568b1125450e60c45dd19f2 2> /dev/null
|
|
ifidx=$(cat /tmp/confluent.ifidx)
|
|
ifname=$(ip link |grep ^$ifidx:|awk '{print $2}')
|
|
ifname=${ifname%:}
|
|
autoconfigmethod=$(grep ipv6_method /etc/confluent/confluent.deploycfg |awk '{print $2}')
|
|
if [ "$autoconfigmethod" = "static" ]; then
|
|
ipaddr=$(grep ^ipv6_address: /etc/confluent/confluent.deploycfg)
|
|
ipaddr=${ipaddr#ipv6_address: }
|
|
ipgw=$(grep ^ipv6_gateway: /etc/confluent/confluent.deploycfg)
|
|
ipgw=${ipgw#ipv6_gateway: }
|
|
if [ "$ipgw" = "null" ]; then
|
|
ipgw=""
|
|
fi
|
|
ipnm=$(grep ^ipv6_prefix: /etc/confluent/confluent.deploycfg)
|
|
ipnm=${ipnm#ipv6_prefix: }
|
|
echo "Setting up $ifname as static at $ipaddr/$ipnm"
|
|
ip addr add dev $ifname $ipaddr/$ipnm
|
|
if [ ! -z "$ipgw" ]; then
|
|
ip route add default via $ipgw
|
|
fi
|
|
fi
|
|
autoconfigmethod=$(grep ipv4_method /etc/confluent/confluent.deploycfg |awk '{print $2}')
|
|
if [ "$autoconfigmethod" = "dhcp" ]; then
|
|
echo -n "Attempting to use dhcp to bring up $ifname..."
|
|
dhclient $ifname
|
|
echo "Complete:"
|
|
ip addr show dev $ifname
|
|
elif [ "$autoconfigmethod" = "static" ]; then
|
|
v4addr=$(grep ^ipv4_address: /etc/confluent/confluent.deploycfg)
|
|
v4addr=${v4addr#ipv4_address: }
|
|
v4gw=$(grep ^ipv4_gateway: /etc/confluent/confluent.deploycfg)
|
|
v4gw=${v4gw#ipv4_gateway: }
|
|
if [ "$v4gw" = "null" ]; then
|
|
v4gw=""
|
|
fi
|
|
v4nm=$(grep ^prefix: /etc/confluent/confluent.deploycfg)
|
|
v4nm=${v4nm#prefix: }
|
|
echo "Setting up $ifname as static at $v4addr/$v4nm"
|
|
ip addr add dev $ifname $v4addr/$v4nm
|
|
if [ ! -z "$v4gw" ]; then
|
|
ip route add default via $v4gw
|
|
fi
|
|
fi
|
|
echo -n "Initializing ssh..."
|
|
ssh-keygen -A
|
|
for pubkey in /etc/ssh/ssh_host*key.pub; do
|
|
certfile=${pubkey/.pub/-cert.pub}
|
|
privfile=${pubkey%.pub}
|
|
/usr/libexec/platform-python /opt/confluent/bin/apiclient /confluent-api/self/sshcert $pubkey > $certfile
|
|
if [ -s $certfile ]; then
|
|
echo HostCertificate $certfile >> /etc/ssh/sshd_config
|
|
fi
|
|
echo HostKey $privfile >> /etc/ssh/sshd_config
|
|
done
|
|
/usr/sbin/sshd
|
|
confluent_profile=$(grep ^profile: /etc/confluent/confluent.deploycfg | awk '{print $2}')
|
|
export confluent_profile
|
|
/usr/libexec/platform-python /opt/confluent/bin/apiclient /confluent-public/os/$confluent_profile/scripts/functions > /tmp/functions
|
|
. /tmp/functions
|
|
set_confluent_vars
|
|
export confluent_mgr
|
|
echo "Running https://$confluent_mgr/confluent-public/os/$confluent_profile/scripts/onboot.sh"
|
|
run_remote onboot.sh
|
|
while :; do
|
|
bash
|
|
done
|