mirror of
https://github.com/xcat2/confluent.git
synced 2025-01-27 03:19:56 +00:00
d0e73c887b
Parts of esxi install depend on firewall running. When we are done with 'odd' networking, restore firewall to meet that expectation.
121 lines
5.0 KiB
Bash
121 lines
5.0 KiB
Bash
#!/bin/sh
|
|
# copernicus is hard coded, easier to script a fake sysfs
|
|
if [ ! -f /var/run/vmware/show-esx-shell-login ]; then
|
|
chvt 1
|
|
sleep 1
|
|
chvt 2
|
|
/etc/init.d/ESXShell start
|
|
fi
|
|
uuid=$(vsish -e get /hardware/bios/dmiInfo|grep -A15 UUID|sed -e 's/.*://'|sed -e ':a;N;$!ba;s/\n//g' | sed -e 's/ *0x//g')
|
|
uuid=${uuid:0:8}-${uuid:8:4}-${uuid:12:4}-${uuid:16:4}-${uuid:20:12}
|
|
kargs=$(vsish -e get /system/bootCmdLine|grep "command line:")
|
|
vlanid=""
|
|
for karg in $kargs; do
|
|
if [ ${karg%=*} = "vlanid" ]; then
|
|
vlanid=${karg/*=}
|
|
fi
|
|
done
|
|
if [ ! -z "$vlanid" ]; then
|
|
echo $vlanid > /tmp/confluent.vlanid
|
|
localcli network vswitch standard portgroup set -p "Management Network" -v $vlanid
|
|
fi
|
|
mkdir -p /sys/devices/virtual/dmi/id/
|
|
echo $uuid > /sys/devices/virtual/dmi/id/product_uuid
|
|
mkdir -p /etc/confluent
|
|
localcli network firewall unload
|
|
touch /etc/confluent/confluent.info
|
|
begin=$(date +%s)
|
|
localcli system secpolicy domain set -n appDom -l disabled
|
|
personality=''
|
|
for usb in /dev/disks/mpx.vmhba*; do
|
|
if mdir -i $usb |grep CNFLNT_IDNT > /dev/null; then
|
|
personality=$usb
|
|
break
|
|
fi
|
|
done
|
|
if [ ! -z "$personality" ]; then
|
|
mkdir -p /tmp/confluentident
|
|
mcopy -i $personality ::* /tmp/confluentident/
|
|
fi
|
|
touch /etc/confluent/confluent.apikey
|
|
if [ -e /tmp/confluentident/cnflnt.yml ]; then
|
|
cat /tls/*.pem >> /etc/confluent/ca.pem
|
|
deploysrvs=$(sed -n '/^deploy_servers:/,/^[^-]/p' /tmp/confluentident/cnflnt.yml |grep ^-|sed -e 's/^- //'|grep -v :)
|
|
nodename=$(grep ^nodename: /tmp/confluentident/cnflnt.yml|sed -e 's/nodename: //')
|
|
echo 'NODENAME: '$nodename > /etc/confluent/confluent.info
|
|
for deploysrv in $deploysrvs; do
|
|
echo 'MANAGER: '$deploysrv >> /etc/confluent/confluent.info
|
|
done
|
|
tcfg=$(mktemp)
|
|
sed -n '/^net_cfgs:/,/^[^- ]/{/^[^- ]/!p}' /tmp/confluentident/cnflnt.yml |sed -n '/^-/,/^-/{/^-/!p}'| sed -e 's/^[- ]*//'> $tcfg
|
|
autoconfigmethod=$(grep ^ipv4_method: $tcfg)
|
|
autoconfigmethod=${autoconfigmethod#ipv4_method: }
|
|
if [ "$autoconfigmethod" = "static" ]; then
|
|
v4addr=$(grep ^ipv4_address: $tcfg)
|
|
v4addr=${v4addr#ipv4_address: }
|
|
v4addr=${v4addr%/*}
|
|
v4gw=$(grep ^ipv4_gateway: $tcfg)
|
|
v4gw=${v4gw#ipv4_gateway: }
|
|
if [ "$v4gw" = "null" ]; then
|
|
v4gw=""
|
|
fi
|
|
v4nm=$(grep ipv4_netmask: $tcfg)
|
|
v4nm=${v4nm#ipv4_netmask: }
|
|
localcli network ip interface ipv4 set -i vmk0 -I $v4addr -N $v4nm -g $v4gw -t static
|
|
localcli network ip route ipv4 add -n default -g $v4gw
|
|
fi
|
|
hmackeyfile=$(mktemp)
|
|
echo -n $(grep ^apitoken: /tmp/confluentident/cnflnt.yml|awk '{print $2}') > $hmackeyfile
|
|
cd -
|
|
passfile=$(mktemp)
|
|
passcrypt=$(mktemp)
|
|
hmacfile=$(mktemp)
|
|
ln -s /opt/confluent/bin/clortho /opt/confluent/bin/genpasshmac
|
|
/opt/confluent/bin/genpasshmac $passfile $passcrypt $hmacfile $hmackeyfile
|
|
echo -n 'Registering new API key with deployment server: '
|
|
/opt/confluent/bin/apiclient -p $hmacfile /confluent-api/self/registerapikey $passcrypt
|
|
echo
|
|
cp $passfile /etc/confluent/confluent.apikey
|
|
fi
|
|
while ! grep NODENAME /etc/confluent/confluent.info; do
|
|
echo "Searching for deployment service on local network..."
|
|
/opt/confluent/bin/copernicus > /etc/confluent/confluent.info
|
|
esxcfg-nics -l
|
|
if [ $(date +%s) -gt $((begin + 90)) ]; then
|
|
if [ ! -f /var/run/vmware/show-esx-shell-login ]; then
|
|
chvt 1
|
|
sleep 1
|
|
chvt 2
|
|
/etc/init.d/ESXShell start
|
|
fi
|
|
echo "Unable to locate a deployment system on the local network, verify network connectivity"
|
|
echo "A debug session has been made available on Alt-F1"
|
|
sleep 30
|
|
fi
|
|
done
|
|
node=$(grep NODENAME: /etc/confluent/confluent.info|head -n 1|awk '{print $2}')
|
|
cat /tls/*.pem > /etc/confluent/ca.pem
|
|
mgr=$(python /opt/confluent/bin/apiclient -c)
|
|
APIKEY=$(cat /etc/confluent/confluent.apikey)
|
|
|
|
if [ -z "$APIKEY" ]; then
|
|
cp /opt/confluent/bin/clortho /clortho
|
|
(/clortho $node $mgr || /opt/confluent/bin/clortho $node $mgr) > /etc/confluent/confluent.apikey
|
|
APIKEY=$(cat /etc/confluent/confluent.apikey)
|
|
fi
|
|
while [ -z "$APIKEY" ]; do
|
|
echo "Deployment server failed to grant node deployment token, retrying token retrieval"
|
|
echo "A debug session has been made available on Alt-F1"
|
|
(/clortho $node $mgr || /opt/confluent/bin/clortho $node $mgr) > /etc/confluent/confluent.apikey
|
|
APIKEY=$(cat /etc/confluent/confluent.apikey)
|
|
done
|
|
/opt/confluent/bin/apiclient /confluent-api/self/deploycfg > /etc/confluent/confluent.deploycfg.new
|
|
profile=$(grep ^profile: /etc/confluent/confluent.deploycfg.new | sed -e 's/^profile: //')
|
|
/opt/confluent/bin/apiclient /confluent-public/os/$profile/kickstart > /etc/confluent/ks.cfg
|
|
/opt/confluent/bin/apiclient /confluent-public/os/$profile/scripts/modinstall > /tmp/modinstall
|
|
mv /etc/confluent/confluent.deploycfg.new /etc/confluent/confluent.deploycfg
|
|
export node mgr profile
|
|
. /tmp/modinstall
|
|
localcli network firewall load
|
|
exec /bin/install
|