xCAT/confluent
2
0
Fork 0
mirror of https://github.com/xcat2/confluent.git synced 2024-11-23 01:53:28 +00:00
Code Issues Projects Releases Wiki Activity
7e07ec96a2
confluent/imgutil/el8/dracut/install
Jarrod Johnson a8e152cc4a Switch TPM strategy on RedHat diskless 
Switch to thte same approach as used in suse:
-Try to unseal any persistent handles
-If that works, try to use it on network
-If it didn't work, clear that handle
-When an api key is retrieved, then seal it to pcr 15
-When it's all done, extend pcr15 to prevent the OS from being able to
unseal
2021-06-24 12:04:10 -04:00

34 lines
1.8 KiB
Plaintext
Raw Blame History

dracut_install mktemp
dracut_install /lib64/libtss2-tcti-device.so.0
dracut_install tpm2_create tpm2_pcrread tpm2_createpolicy tpm2_createprimary
dracut_install tpm2_load tpm2_unseal tpm2_getcap tpm2_evictcontrol
dracut_install tpm2_pcrextend tpm2_policypcr tpm2_flushcontext tpm2_startauthsession
dracut_install curl openssl tar cpio gzip lsmod ethtool xz lsmod ethtool
dracut_install modprobe touch echo cut wc bash netstat uniq grep ip hostname
dracut_install awk egrep dirname expr sort
dracut_install ssh sshd reboot parted mkfs mkfs.ext4 mkfs.xfs xfs_db mkswap
dracut_install efibootmgr uuidgen
dracut_install du df ssh-keygen scp clear dhclient
dracut_install /lib64/libnss_dns-2.28.so /lib64/libnss_dns.so.2
dracut_install /usr/lib64/libnl-3.so.200
dracut_install /etc/nsswitch.conf /etc/services /etc/protocols
dracut_install chmod whoami head tail basename tr
dracut_install /usr/sbin/arping /usr/sbin/dhclient-script ipcalc logger hostnamectl
inst /bin/bash /bin/sh
dracut_install /lib64/libfuse.so.2 /lib64/libfuse.so.2.9.7
dracut_install chown chroot dd expr kill parted rsync sort blockdev findfs insmod lvm
dracut_install /usr/lib/udev/rules.d/10-dm.rules /usr/sbin/dmsetup /usr/lib/udev/rules.d/95-dm-notify.rules
dracut_install /usr/lib/udev/rules.d/60-net.rules /lib/udev/rename_device /usr/lib/systemd/network/99-default.link
#this would be nfs with lock, but not needed, go nolock
#dracut_install mount.nfs rpcbind rpc.statd /etc/netconfig sm-notify
dracut_install mount.nfs /etc/netconfig
inst /usr/lib/dracut/modules.d/40network/net-lib.sh /lib/net-lib.sh
# network mount, and disk imaging helpers can come from a second stage
# this is narrowly focused on getting network up and fetching images
# and those images may opt to do something with cloning or whatever
Reference in New Issue View Git Blame Copy Permalink