diff --git a/confluent_osdeploy/ubuntu20.04/initramfs/custom-installation/hooks/casper-bottom.sh b/confluent_osdeploy/ubuntu20.04/initramfs/custom-installation/hooks/casper-bottom.sh index e858b5cd..5936a4f5 100755 --- a/confluent_osdeploy/ubuntu20.04/initramfs/custom-installation/hooks/casper-bottom.sh +++ b/confluent_osdeploy/ubuntu20.04/initramfs/custom-installation/hooks/casper-bottom.sh @@ -1,7 +1,9 @@ cd /root cat /tls/*.0 > /root/etc/ssl/certs/ca-certificates.crt mkdir -p /root/custom-installation/ssh +mkdir -p /root/custom-installation/tls cp /ssh/* /root/custom-installation/ssh +cp /tls/* /root/custom-installation/tls NODENAME=$(grep ^NODENAME: /custom-installation/confluent/confluent.info|awk '{print $2}') MGR=$(grep ^MANAGER: /custom-installation/confluent/confluent.info|head -n 1| awk '{print $2}') oum=$(umask) @@ -43,7 +45,7 @@ if [ -f /custom-installation/autocons.info ]; then cons=$(cat /custom-installation/autocons.info) fi if [ ! -z "$cons" ]; then - echo "Installation will proceed on graphics console, autoconsole not supported for Ubuntu" > ${cons%,*} + echo "Installation will proceed on graphics console, autoconsole not supported during autoinstall phase" > ${cons%,*} #fcmdline="$fcmdline console=${cons#/dev/}" fi echo $fcmdline > /custom-installation/confluent/fakecmdline diff --git a/confluent_osdeploy/ubuntu20.04/initramfs/custom-installation/post.sh b/confluent_osdeploy/ubuntu20.04/initramfs/custom-installation/post.sh index 0f21f260..f2eee7ee 100755 --- a/confluent_osdeploy/ubuntu20.04/initramfs/custom-installation/post.sh +++ b/confluent_osdeploy/ubuntu20.04/initramfs/custom-installation/post.sh @@ -1,21 +1,6 @@ -cp -a /root/.ssh /target/root/ -mkdir -p /target/etc/confluent/ssh/sshd_config.d/ -cp /custom-installation/confluent/* /target/etc/confluent/ -for i in /custom-installation/ssh/*.ca; do - echo '@cert-authority *' $(cat $i) >> /target/etc/ssh/ssh_known_hosts -done - -cp -a /etc/ssh/ssh_host* /target/etc/confluent/ssh/ -cp -a /etc/ssh/sshd_config.d/confluent.conf /target/etc/confluent/ssh/sshd_config.d/ -sshconf=/target/etc/ssh/ssh_config -if [ -d /target/etc/ssh/ssh_config.d/ ]; then - sshconf=/target/etc/ssh/ssh_config.d/01-confluent.conf -fi -echo 'Host *' >> $sshconf -echo ' HostbasedAuthentication yes' >> $sshconf -echo ' EnableSSHKeysign yes' >> $sshconf -echo ' HostbasedKeyTypes *ed25519*' >> $sshconf - -cp /custom-installation/firstboot.sh /target/etc/confluent/firstboot.sh -cp /tmp/allnodes /target/root/.shosts -cp /tmp/allnodes /target/etc/ssh/shosts.equiv +#!/bin/bash +deploycfg=/custom-installation/confluent/confluent.deploycfg +mgr=$(grep ^deploy_server $deploycfg|awk '{print $2}') +profile=$(grep ^profile: $deploycfg|awk '{print $2}') +curl -f https://$mgr/confluent-public/os/$profile/scripts/post.sh > /tmp/post.sh +. /tmp/post.sh diff --git a/confluent_osdeploy/ubuntu20.04/initramfs/custom-installation/pre.sh b/confluent_osdeploy/ubuntu20.04/initramfs/custom-installation/pre.sh index 44a440d4..58981daa 100755 --- a/confluent_osdeploy/ubuntu20.04/initramfs/custom-installation/pre.sh +++ b/confluent_osdeploy/ubuntu20.04/initramfs/custom-installation/pre.sh @@ -1,21 +1,6 @@ #!/bin/bash deploycfg=/custom-installation/confluent/confluent.deploycfg mgr=$(grep ^deploy_server $deploycfg|awk '{print $2}') -cat /custom-installation/ssh/*.rootpubkey > /root/.ssh/authorized_keys -nodename=$(grep ^NODENAME: /custom-installation/confluent/confluent.info|awk '{print $2}') -apikey=$(cat /custom-installation/confluent/confluent.apikey) -for pubkey in /etc/ssh/ssh_host*key.pub; do - certfile=${pubkey/.pub/-cert.pub} - keyfile=${pubkey%.pub} - curl -f -X POST -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $apikey" -d @$pubkey https://$mgr/confluent-api/self/sshcert > $certfile - echo HostKey $keyfile >> /etc/ssh/sshd_config.d/confluent.conf - echo HostCertificate $certfile >> /etc/ssh/sshd_config.d/confluent.conf -done -echo HostbasedAuthentication yes >> /etc/ssh/sshd_config.d/confluent.conf -echo HostbasedUsesNameFromPacketOnly yes >> /etc/ssh/sshd_config.d/confluent.conf -echo IgnoreRhosts no >> /etc/ssh/sshd_config.d/confluent.conf -systemctl restart sshd -curl -f X POST -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $apikey" https://$mgr/confluent-api/self/nodelist > /tmp/allnodes -curl https://$mgr/confluent-public/confluent/util/getinstalldisk > /custom-installation/getinstalldisk -python3 /custom-installation/getinstalldisk -sed -i s!%%INSTALLDISK%%!/dev/$(cat /tmp/installdisk)! /autoinstall.yaml +profile=$(grep ^profile: $deploycfg|awk '{print $2}') +curl -f https://$mgr/confluent-public/os/$profile/scripts/pre.sh > /tmp/pre.sh +. /tmp/pre.sh diff --git a/confluent_osdeploy/ubuntu20.04/initramfs/custom-installation/firstboot.sh b/confluent_osdeploy/ubuntu20.04/profiles/default/scripts/firstboot.sh similarity index 100% rename from confluent_osdeploy/ubuntu20.04/initramfs/custom-installation/firstboot.sh rename to confluent_osdeploy/ubuntu20.04/profiles/default/scripts/firstboot.sh diff --git a/confluent_osdeploy/ubuntu20.04/profiles/default/scripts/post.sh b/confluent_osdeploy/ubuntu20.04/profiles/default/scripts/post.sh new file mode 100755 index 00000000..6a7dcafa --- /dev/null +++ b/confluent_osdeploy/ubuntu20.04/profiles/default/scripts/post.sh @@ -0,0 +1,24 @@ +#!/bin/bash +cp -a /root/.ssh /target/root/ +mkdir -p /target/etc/confluent/ssh/sshd_config.d/ +cp /custom-installation/confluent/* /target/etc/confluent/ +for i in /custom-installation/ssh/*.ca; do + echo '@cert-authority *' $(cat $i) >> /target/etc/ssh/ssh_known_hosts +done + +cp -a /etc/ssh/ssh_host* /target/etc/confluent/ssh/ +cp -a /etc/ssh/sshd_config.d/confluent.conf /target/etc/confluent/ssh/sshd_config.d/ +sshconf=/target/etc/ssh/ssh_config +if [ -d /target/etc/ssh/ssh_config.d/ ]; then + sshconf=/target/etc/ssh/ssh_config.d/01-confluent.conf +fi +echo 'Host *' >> $sshconf +echo ' HostbasedAuthentication yes' >> $sshconf +echo ' EnableSSHKeysign yes' >> $sshconf +echo ' HostbasedKeyTypes *ed25519*' >> $sshconf + +curl -f https://$mgr/confluent-public/os/$profile/scripts/firstboot.sh > /target/etc/confluent/firstboot.sh +chmod +x /target/etc/confluent/firstboot.sh +cp /tmp/allnodes /target/root/.shosts +cp /tmp/allnodes /target/etc/ssh/shosts.equiv + diff --git a/confluent_osdeploy/ubuntu20.04/profiles/default/scripts/pre.sh b/confluent_osdeploy/ubuntu20.04/profiles/default/scripts/pre.sh new file mode 100755 index 00000000..5aa313fb --- /dev/null +++ b/confluent_osdeploy/ubuntu20.04/profiles/default/scripts/pre.sh @@ -0,0 +1,19 @@ +#!/bin/bash +cat /custom-installation/ssh/*.rootpubkey > /root/.ssh/authorized_keys +nodename=$(grep ^NODENAME: /custom-installation/confluent/confluent.info|awk '{print $2}') +apikey=$(cat /custom-installation/confluent/confluent.apikey) +for pubkey in /etc/ssh/ssh_host*key.pub; do + certfile=${pubkey/.pub/-cert.pub} + keyfile=${pubkey%.pub} + curl -f -X POST -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $apikey" -d @$pubkey https://$mgr/confluent-api/self/sshcert > $certfile + echo HostKey $keyfile >> /etc/ssh/sshd_config.d/confluent.conf + echo HostCertificate $certfile >> /etc/ssh/sshd_config.d/confluent.conf +done +echo HostbasedAuthentication yes >> /etc/ssh/sshd_config.d/confluent.conf +echo HostbasedUsesNameFromPacketOnly yes >> /etc/ssh/sshd_config.d/confluent.conf +echo IgnoreRhosts no >> /etc/ssh/sshd_config.d/confluent.conf +systemctl restart sshd +curl -f X POST -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $apikey" https://$mgr/confluent-api/self/nodelist > /tmp/allnodes +curl https://$mgr/confluent-public/confluent/util/getinstalldisk > /custom-installation/getinstalldisk +python3 /custom-installation/getinstalldisk +sed -i s!%%INSTALLDISK%%!/dev/$(cat /tmp/installdisk)! /autoinstall.yaml