2
0
mirror of https://github.com/xcat2/confluent.git synced 2025-01-27 03:19:56 +00:00
Jarrod Johnson d0e73c887b Load firewall before esxi installation begins
Parts of esxi install depend on firewall running.  When
we are done with 'odd' networking, restore firewall
to meet that expectation.
2024-05-07 10:06:57 -04:00

121 lines
5.0 KiB
Bash

#!/bin/sh
# copernicus is hard coded, easier to script a fake sysfs
if [ ! -f /var/run/vmware/show-esx-shell-login ]; then
chvt 1
sleep 1
chvt 2
/etc/init.d/ESXShell start
fi
uuid=$(vsish -e get /hardware/bios/dmiInfo|grep -A15 UUID|sed -e 's/.*://'|sed -e ':a;N;$!ba;s/\n//g' | sed -e 's/ *0x//g')
uuid=${uuid:0:8}-${uuid:8:4}-${uuid:12:4}-${uuid:16:4}-${uuid:20:12}
kargs=$(vsish -e get /system/bootCmdLine|grep "command line:")
vlanid=""
for karg in $kargs; do
if [ ${karg%=*} = "vlanid" ]; then
vlanid=${karg/*=}
fi
done
if [ ! -z "$vlanid" ]; then
echo $vlanid > /tmp/confluent.vlanid
localcli network vswitch standard portgroup set -p "Management Network" -v $vlanid
fi
mkdir -p /sys/devices/virtual/dmi/id/
echo $uuid > /sys/devices/virtual/dmi/id/product_uuid
mkdir -p /etc/confluent
localcli network firewall unload
touch /etc/confluent/confluent.info
begin=$(date +%s)
localcli system secpolicy domain set -n appDom -l disabled
personality=''
for usb in /dev/disks/mpx.vmhba*; do
if mdir -i $usb |grep CNFLNT_IDNT > /dev/null; then
personality=$usb
break
fi
done
if [ ! -z "$personality" ]; then
mkdir -p /tmp/confluentident
mcopy -i $personality ::* /tmp/confluentident/
fi
touch /etc/confluent/confluent.apikey
if [ -e /tmp/confluentident/cnflnt.yml ]; then
cat /tls/*.pem >> /etc/confluent/ca.pem
deploysrvs=$(sed -n '/^deploy_servers:/,/^[^-]/p' /tmp/confluentident/cnflnt.yml |grep ^-|sed -e 's/^- //'|grep -v :)
nodename=$(grep ^nodename: /tmp/confluentident/cnflnt.yml|sed -e 's/nodename: //')
echo 'NODENAME: '$nodename > /etc/confluent/confluent.info
for deploysrv in $deploysrvs; do
echo 'MANAGER: '$deploysrv >> /etc/confluent/confluent.info
done
tcfg=$(mktemp)
sed -n '/^net_cfgs:/,/^[^- ]/{/^[^- ]/!p}' /tmp/confluentident/cnflnt.yml |sed -n '/^-/,/^-/{/^-/!p}'| sed -e 's/^[- ]*//'> $tcfg
autoconfigmethod=$(grep ^ipv4_method: $tcfg)
autoconfigmethod=${autoconfigmethod#ipv4_method: }
if [ "$autoconfigmethod" = "static" ]; then
v4addr=$(grep ^ipv4_address: $tcfg)
v4addr=${v4addr#ipv4_address: }
v4addr=${v4addr%/*}
v4gw=$(grep ^ipv4_gateway: $tcfg)
v4gw=${v4gw#ipv4_gateway: }
if [ "$v4gw" = "null" ]; then
v4gw=""
fi
v4nm=$(grep ipv4_netmask: $tcfg)
v4nm=${v4nm#ipv4_netmask: }
localcli network ip interface ipv4 set -i vmk0 -I $v4addr -N $v4nm -g $v4gw -t static
localcli network ip route ipv4 add -n default -g $v4gw
fi
hmackeyfile=$(mktemp)
echo -n $(grep ^apitoken: /tmp/confluentident/cnflnt.yml|awk '{print $2}') > $hmackeyfile
cd -
passfile=$(mktemp)
passcrypt=$(mktemp)
hmacfile=$(mktemp)
ln -s /opt/confluent/bin/clortho /opt/confluent/bin/genpasshmac
/opt/confluent/bin/genpasshmac $passfile $passcrypt $hmacfile $hmackeyfile
echo -n 'Registering new API key with deployment server: '
/opt/confluent/bin/apiclient -p $hmacfile /confluent-api/self/registerapikey $passcrypt
echo
cp $passfile /etc/confluent/confluent.apikey
fi
while ! grep NODENAME /etc/confluent/confluent.info; do
echo "Searching for deployment service on local network..."
/opt/confluent/bin/copernicus > /etc/confluent/confluent.info
esxcfg-nics -l
if [ $(date +%s) -gt $((begin + 90)) ]; then
if [ ! -f /var/run/vmware/show-esx-shell-login ]; then
chvt 1
sleep 1
chvt 2
/etc/init.d/ESXShell start
fi
echo "Unable to locate a deployment system on the local network, verify network connectivity"
echo "A debug session has been made available on Alt-F1"
sleep 30
fi
done
node=$(grep NODENAME: /etc/confluent/confluent.info|head -n 1|awk '{print $2}')
cat /tls/*.pem > /etc/confluent/ca.pem
mgr=$(python /opt/confluent/bin/apiclient -c)
APIKEY=$(cat /etc/confluent/confluent.apikey)
if [ -z "$APIKEY" ]; then
cp /opt/confluent/bin/clortho /clortho
(/clortho $node $mgr || /opt/confluent/bin/clortho $node $mgr) > /etc/confluent/confluent.apikey
APIKEY=$(cat /etc/confluent/confluent.apikey)
fi
while [ -z "$APIKEY" ]; do
echo "Deployment server failed to grant node deployment token, retrying token retrieval"
echo "A debug session has been made available on Alt-F1"
(/clortho $node $mgr || /opt/confluent/bin/clortho $node $mgr) > /etc/confluent/confluent.apikey
APIKEY=$(cat /etc/confluent/confluent.apikey)
done
/opt/confluent/bin/apiclient /confluent-api/self/deploycfg > /etc/confluent/confluent.deploycfg.new
profile=$(grep ^profile: /etc/confluent/confluent.deploycfg.new | sed -e 's/^profile: //')
/opt/confluent/bin/apiclient /confluent-public/os/$profile/kickstart > /etc/confluent/ks.cfg
/opt/confluent/bin/apiclient /confluent-public/os/$profile/scripts/modinstall > /tmp/modinstall
mv /etc/confluent/confluent.deploycfg.new /etc/confluent/confluent.deploycfg
export node mgr profile
. /tmp/modinstall
localcli network firewall load
exec /bin/install