mirror of
https://github.com/xcat2/confluent.git
synced 2025-02-06 14:02:38 +00:00
198 lines
7.3 KiB
Bash
198 lines
7.3 KiB
Bash
#!/bin/bash
|
|
export LANG=en_US.utf8
|
|
mkdir -p /etc/confluent
|
|
if ! grep console= /proc/cmdline >& /dev/null; then
|
|
autocons=$(/opt/confluent/bin/autocons)
|
|
echo console=$autocons |sed -e 's!/dev/!!' >> /tmp/01-autocons.conf
|
|
autocons=${autocons%,*}
|
|
echo $autocons > /tmp/01-autocons.devnode
|
|
if [ ! -z "$autocons" ]; then
|
|
echo "Using $(cat /tmp/01-autocons.conf)"
|
|
(while :; do TERM=xterm-256color tmux a <> $autocons >&0 2>&1; done) &
|
|
(while :; do TERM=linux tmux a <> /dev/tty1 >&0 2>&1; done) &
|
|
else
|
|
(while :; do TERM=linux tmux a <> /dev/console >&0 2>&1; done) &
|
|
fi
|
|
else
|
|
(while :; do TERM=xterm-256color tmux a <> /dev/console >&0 2>&1; done) &
|
|
(while :; do TERM=linux tmux a <> /dev/tty1 >&0 2>&1; done) &
|
|
fi
|
|
(while :; do TERM=linux tmux <> /dev/tty2 >&0 2>&1; done) &
|
|
echo -n "udevd: "
|
|
/usr/lib/systemd/systemd-udevd --daemon
|
|
echo -n "Loading drivers..."
|
|
udevadm trigger
|
|
udevadm trigger --type=devices --action=add
|
|
udevadm settle
|
|
modprobe ib_ipoib
|
|
modprobe ib_umad
|
|
modprobe hfi1
|
|
modprobe mlx5_ib
|
|
echo "done"
|
|
cat > /etc/ssh/sshd_config << EOF
|
|
Port 22
|
|
Port 3389
|
|
Subsystem sftp /usr/libexec/openssh/sftp-server
|
|
PermitRootLogin yes
|
|
AuthorizedKeysFile .ssh/authorized_keys
|
|
EOF
|
|
mkdir ~/.ssh
|
|
cat /ssh/*pubkey > ~/.ssh/authorized_keys 2>/dev/null
|
|
cat /tls/*.pem > /etc/confluent/ca.pem
|
|
mkdir -p /etc/pki/tls/certs
|
|
cat /tls/*.pem > /etc/pki/tls/certs/ca-bundle.crt
|
|
TRIES=0
|
|
touch /etc/confluent/confluent.info
|
|
if [ -e /dev/disk/by-label/CNFLNT_IDNT ]; then
|
|
mkdir -p /media/ident
|
|
mount /dev/disk/by-label/CNFLNT_IDNT /media/ident
|
|
if [ -e /media/ident/genesis_bootstrap.sh ]; then
|
|
exec sh /media/ident/genesis_bootstrap.sh
|
|
fi
|
|
fi
|
|
if [ -e /dev/disk/by-label/GENESIS-X86 ]; then
|
|
mkdir -p /media/genesis
|
|
mount /dev/disk/by-label/GENESIS-X86 /media/genesis
|
|
if [ -e /media/genesis/genesis_bootstrap.sh ]; then
|
|
exec sh /media/genesis/genesis_bootstrap.sh
|
|
fi
|
|
fi
|
|
cd /sys/class/net
|
|
echo -n "Scanning for network configuration..."
|
|
while ! grep ^EXTMGRINFO: /etc/confluent/confluent.info | awk -F'|' '{print $3}' | grep 1 >& /dev/null && [ "$TRIES" -lt 30 ]; do
|
|
TRIES=$((TRIES + 1))
|
|
for i in *; do
|
|
ip link set $i up
|
|
done
|
|
/opt/confluent/bin/copernicus -t > /etc/confluent/confluent.info
|
|
done
|
|
cd /
|
|
nodename=$(grep ^NODENAME /etc/confluent/confluent.info|awk '{print $2}')
|
|
hostname $nodename
|
|
tpmdir=$(mktemp -d)
|
|
cd $tpmdir
|
|
lasthdl=""
|
|
oldumask=$(umask)
|
|
umask 0077
|
|
for hdl in $(tpm2_getcap handles-persistent|awk '{print $2}'); do
|
|
tpm2_startauthsession --policy-session --session=session.ctx
|
|
tpm2_policypcr -Q --session=session.ctx --pcr-list="sha256:15" --policy=pcr15.sha256.policy
|
|
unsealeddata=$(tpm2_unseal --auth=session:session.ctx -Q -c $hdl 2>/dev/null)
|
|
tpm2_flushcontext session.ctx
|
|
if [[ $unsealeddata == "CONFLUENT_APIKEY:"* ]]; then
|
|
confluent_apikey=${unsealeddata#CONFLUENT_APIKEY:}
|
|
echo $confluent_apikey > /etc/confluent/confluent.apikey
|
|
if [ -n "$lasthdl" ]; then
|
|
tpm2_evictcontrol -c $lasthdl
|
|
fi
|
|
lasthdl=$hdl
|
|
fi
|
|
done
|
|
cd - > /dev/null
|
|
rm -rf $tpmdir
|
|
while ! /usr/libexec/platform-python /opt/confluent/bin/apiclient /confluent-api/self/deploycfg2 > /etc/confluent/confluent.deploycfg; do
|
|
sleep 10
|
|
done
|
|
if [ ! -z "$autocons" ] && grep "textconsole: true" /etc/confluent/confluent.deploycfg > /dev/null; then /opt/confluent/bin/autocons -c > /dev/null; fi
|
|
umask $oldumask
|
|
new_apikey=$(cat /etc/confluent/confluent.apikey)
|
|
if [ "$new_apikey" != "$confluent_apikey" ]; then
|
|
if [ -n "$lasthdl" ]; then
|
|
tpm2_evictcontrol -c $lasthdl
|
|
fi
|
|
tmpdir=$(mktemp -d)
|
|
cd $tmpdir
|
|
tpm2_startauthsession --session=session.ctx
|
|
tpm2_policypcr -Q --session=session.ctx --pcr-list="sha256:15" --policy=pcr15.sha256.policy
|
|
tpm2_createprimary -G ecc -Q --key-context=prim.ctx
|
|
(echo -n "CONFLUENT_APIKEY:$new_apikey") | tpm2_create -Q --policy=pcr15.sha256.policy --public=data.pub --private=data.priv -i - -C prim.ctx
|
|
tpm2_load -Q --parent-context=prim.ctx --public=data.pub --private=data.priv --name=confluent.apikey --key-context=data.ctx
|
|
tpm2_evictcontrol -Q -c data.ctx
|
|
tpm2_flushcontext session.ctx
|
|
cd - > /dev/null
|
|
rm -rf $tmpdir
|
|
fi
|
|
tpm2_pcrextend 15:sha256=2fbe96c50dde38ce9cd2764ddb79c216cfbcd3499568b1125450e60c45dd19f2 2> /dev/null
|
|
ifidx=$(cat /tmp/confluent.ifidx)
|
|
ifname=$(ip link |grep ^$ifidx:|awk '{print $2}')
|
|
ifname=${ifname%:}
|
|
autoconfigmethod=$(grep ipv6_method /etc/confluent/confluent.deploycfg |awk '{print $2}')
|
|
if [ "$autoconfigmethod" = "static" ]; then
|
|
ipaddr=$(grep ^ipv6_address: /etc/confluent/confluent.deploycfg)
|
|
ipaddr=${ipaddr#ipv6_address: }
|
|
ipgw=$(grep ^ipv6_gateway: /etc/confluent/confluent.deploycfg)
|
|
ipgw=${ipgw#ipv6_gateway: }
|
|
if [ "$ipgw" = "null" ]; then
|
|
ipgw=""
|
|
fi
|
|
ipnm=$(grep ^ipv6_prefix: /etc/confluent/confluent.deploycfg)
|
|
ipnm=${ipnm#ipv6_prefix: }
|
|
echo "Setting up $ifname as static at $ipaddr/$ipnm"
|
|
ip addr add dev $ifname $ipaddr/$ipnm
|
|
if [ ! -z "$ipgw" ]; then
|
|
ip route add default via $ipgw
|
|
fi
|
|
fi
|
|
autoconfigmethod=$(grep ipv4_method /etc/confluent/confluent.deploycfg |awk '{print $2}')
|
|
if [ "$autoconfigmethod" = "dhcp" ]; then
|
|
echo -n "Attempting to use dhcp to bring up $ifname..."
|
|
dhclient $ifname
|
|
echo "Complete:"
|
|
ip addr show dev $ifname
|
|
elif [ "$autoconfigmethod" = "static" ]; then
|
|
v4addr=$(grep ^ipv4_address: /etc/confluent/confluent.deploycfg)
|
|
v4addr=${v4addr#ipv4_address: }
|
|
v4gw=$(grep ^ipv4_gateway: /etc/confluent/confluent.deploycfg)
|
|
v4gw=${v4gw#ipv4_gateway: }
|
|
if [ "$v4gw" = "null" ]; then
|
|
v4gw=""
|
|
fi
|
|
v4nm=$(grep ^prefix: /etc/confluent/confluent.deploycfg)
|
|
v4nm=${v4nm#prefix: }
|
|
echo "Setting up $ifname as static at $v4addr/$v4nm"
|
|
ip addr add dev $ifname $v4addr/$v4nm
|
|
if [ ! -z "$v4gw" ]; then
|
|
ip route add default via $v4gw
|
|
fi
|
|
fi
|
|
nameserversec=0
|
|
while read -r entry; do
|
|
if [ $nameserversec = 1 ]; then
|
|
if [[ $entry == "-"* ]] && [[ $entry != "- ''" ]]; then
|
|
echo nameserver ${entry#- } >> /etc/resolv.conf
|
|
continue
|
|
fi
|
|
fi
|
|
nameserversec=0
|
|
if [ "${entry%:*}" = "nameservers" ]; then
|
|
nameserversec=1
|
|
continue
|
|
fi
|
|
done < /etc/confluent/confluent.deploycfg
|
|
dnsdomain=$(grep ^dnsdomain: /etc/confluent/confluent.deploycfg)
|
|
dnsdomain=${dnsdomain#dnsdomain: }
|
|
echo search $dnsdomain >> /etc/resolv.conf
|
|
echo -n "Initializing ssh..."
|
|
ssh-keygen -A
|
|
for pubkey in /etc/ssh/ssh_host*key.pub; do
|
|
certfile=${pubkey/.pub/-cert.pub}
|
|
privfile=${pubkey%.pub}
|
|
/usr/libexec/platform-python /opt/confluent/bin/apiclient /confluent-api/self/sshcert $pubkey > $certfile
|
|
if [ -s $certfile ]; then
|
|
echo HostCertificate $certfile >> /etc/ssh/sshd_config
|
|
fi
|
|
echo HostKey $privfile >> /etc/ssh/sshd_config
|
|
done
|
|
/usr/sbin/sshd
|
|
confluent_profile=$(grep ^profile: /etc/confluent/confluent.deploycfg | awk '{print $2}')
|
|
export confluent_profile
|
|
/usr/libexec/platform-python /opt/confluent/bin/apiclient /confluent-public/os/$confluent_profile/scripts/functions > /etc/confluent/functions
|
|
. /etc/confluent/functions
|
|
set_confluent_vars
|
|
export confluent_mgr
|
|
echo "Running https://$confluent_mgr/confluent-public/os/$confluent_profile/scripts/onboot.sh"
|
|
run_remote onboot.sh
|
|
while :; do
|
|
bash
|
|
done
|