From 648290ffbc1e070fdeed7dbae3a50e59002cf4f8 Mon Sep 17 00:00:00 2001 From: Jarrod Johnson Date: Fri, 27 Jan 2023 08:00:38 -0500 Subject: [PATCH 1/7] Begin implementing aarch64 deploy support --- confluent_osdeploy/el8/profiles/default/initprofile.sh | 8 ++++++-- confluent_server/bin/osdeploy | 9 +++++++++ confluent_server/confluent/discovery/protocols/pxe.py | 2 ++ confluent_server/confluent/osimage.py | 8 ++++++++ 4 files changed, 25 insertions(+), 2 deletions(-) diff --git a/confluent_osdeploy/el8/profiles/default/initprofile.sh b/confluent_osdeploy/el8/profiles/default/initprofile.sh index d0125588..680ffda7 100644 --- a/confluent_osdeploy/el8/profiles/default/initprofile.sh +++ b/confluent_osdeploy/el8/profiles/default/initprofile.sh @@ -2,6 +2,10 @@ sed -i 's/centos/CentOS/; s/rhel/Red Hat Enterprise Linux/; s/oraclelinux/Oracle Linux/; s/alma/AlmaLinux/' $2/profile.yaml ln -s $1/images/pxeboot/vmlinuz $2/boot/kernel && \ ln -s $1/images/pxeboot/initrd.img $2/boot/initramfs/distribution -mkdir -p $2/boot/efi/boot && \ -ln -s $1/EFI/BOOT/BOOTX64.EFI $1/EFI/BOOT/grubx64.efi $2/boot/efi/boot/ +mkdir -p $2/boot/efi/boot +if [ -e $1/EFI/BOOT/BOOTAA64.EFI ]; then + ln -s $1/EFI/BOOT/BOOTAA64.EFI $1/EFI/BOOT/grubaa64.efi $2/boot/efi/boot/ +else + ln -s $1/EFI/BOOT/BOOTX64.EFI $1/EFI/BOOT/grubx64.efi $2/boot/efi/boot/ +fi diff --git a/confluent_server/bin/osdeploy b/confluent_server/bin/osdeploy index 052a5c3a..0f924d19 100644 --- a/confluent_server/bin/osdeploy +++ b/confluent_server/bin/osdeploy @@ -223,8 +223,17 @@ def install_tftp_content(): except OSError as e: if e.errno != 17: raise + armtftplocation = '{0}/confluent/aarch64'.format(tftplocation) + try: + os.makedirs(armtftplocation) + except OSError as e: + if e.errno != 17: + raise shutil.copy('/opt/confluent/lib/ipxe/ipxe.efi', tftplocation) shutil.copy('/opt/confluent/lib/ipxe/ipxe.kkpxe', tftplocation) + if os.path.exists('/opt/confluent/lib/ipxe/ipxe-aarch64.efi') + shutil.copy('/opt/confluent/lib/ipxe/ipxe-aarch64.efi', armtftplocation) + def initialize(cmdset): diff --git a/confluent_server/confluent/discovery/protocols/pxe.py b/confluent_server/confluent/discovery/protocols/pxe.py index baa73c1b..5e2716ce 100644 --- a/confluent_server/confluent/discovery/protocols/pxe.py +++ b/confluent_server/confluent/discovery/protocols/pxe.py @@ -365,6 +365,8 @@ def proxydhcp(handler, nodeguess): bootfile = b'confluent/x86_64/ipxe.efi' elif disco['arch'] == 'bios-x86': bootfile = b'confluent/x86_64/ipxe.kkpxe' + elif disco['arch'] == 'uefi-aarch64': + bootfile = b'confluent/aarch64/ipxe.efi' if len(bootfile) > 127: log.log( {'info': 'Boot offer cannot be made to {0} as the ' diff --git a/confluent_server/confluent/osimage.py b/confluent_server/confluent/osimage.py index 8384913e..e914f636 100644 --- a/confluent_server/confluent/osimage.py +++ b/confluent_server/confluent/osimage.py @@ -376,6 +376,14 @@ def check_ubuntu(isoinfo): if not isinstance(arch, str): arch = arch.decode('utf8') major = '.'.join(ver.split('.', 2)[:2]) + if 'efi/boot/bootaa64.efi' in isoinfo[0]: + exlist = ['casper/vmlinuz', 'casper/initrd', + 'efi/boot/bootaa64.efi', 'efi/boot/grubaa64.efi' + ] + else: + exlist = ['casper/vmlinuz', 'casper/initrd', + 'efi/boot/bootx64.efi', 'efi/boot/grubx64.efi' + ] return {'name': 'ubuntu-{0}-{1}'.format(ver, arch), 'method': EXTRACT|COPY, 'extractlist': ['casper/vmlinuz', 'casper/initrd', From 1777223232296683fb7af77832c718dd4b1ef14e Mon Sep 17 00:00:00 2001 From: Jarrod Johnson Date: Fri, 27 Jan 2023 08:40:31 -0500 Subject: [PATCH 2/7] Fixes for osdeploy arm ipxe init --- confluent_server/bin/osdeploy | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/confluent_server/bin/osdeploy b/confluent_server/bin/osdeploy index 0f924d19..ed39e78c 100644 --- a/confluent_server/bin/osdeploy +++ b/confluent_server/bin/osdeploy @@ -217,13 +217,14 @@ def install_tftp_content(): else: emprint( 'Detected {0} as tftp directory, but unable to determine tftp service, ensure that a tftp server is installed and enabled manually'.format(tftplocation)) + otftplocation = tftplocation tftplocation = '{0}/confluent/x86_64'.format(tftplocation) try: os.makedirs(tftplocation) except OSError as e: if e.errno != 17: raise - armtftplocation = '{0}/confluent/aarch64'.format(tftplocation) + armtftplocation = '{0}/confluent/aarch64'.format(otftplocation) try: os.makedirs(armtftplocation) except OSError as e: @@ -231,8 +232,8 @@ def install_tftp_content(): raise shutil.copy('/opt/confluent/lib/ipxe/ipxe.efi', tftplocation) shutil.copy('/opt/confluent/lib/ipxe/ipxe.kkpxe', tftplocation) - if os.path.exists('/opt/confluent/lib/ipxe/ipxe-aarch64.efi') - shutil.copy('/opt/confluent/lib/ipxe/ipxe-aarch64.efi', armtftplocation) + if os.path.exists('/opt/confluent/lib/ipxe/ipxe-aarch64.efi'): + shutil.copy('/opt/confluent/lib/ipxe/ipxe-aarch64.efi', os.path.join(armtftplocation, 'ipxe.efi')) From 02e242ec4e1706a23e208b7bf6d9096986606a26 Mon Sep 17 00:00:00 2001 From: Jarrod Johnson Date: Fri, 27 Jan 2023 09:13:47 -0500 Subject: [PATCH 3/7] Restore link local cert in apiclient --- .../common/initramfs/opt/confluent/bin/apiclient | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/confluent_osdeploy/common/initramfs/opt/confluent/bin/apiclient b/confluent_osdeploy/common/initramfs/opt/confluent/bin/apiclient index fc1aad87..0287a4f1 100644 --- a/confluent_osdeploy/common/initramfs/opt/confluent/bin/apiclient +++ b/confluent_osdeploy/common/initramfs/opt/confluent/bin/apiclient @@ -315,7 +315,8 @@ class HTTPSClient(client.HTTPConnection, object): psock = socket.socket(addrinf[0]) psock.settimeout(timeo) psock.connect(addrinf[4]) - ctx.wrap_socket(psock, server_hostname=host) + chost = host.split('%', 1)[0] + ctx.wrap_socket(psock, server_hostname=chost) foundsrv = host psock.close() break @@ -323,6 +324,8 @@ class HTTPSClient(client.HTTPConnection, object): continue except ssl.SSLError: continue + except ssl.CertificateError: + continue else: continue break From a90cd8515e8b3496ee3cfd6507ac82430fe59d3f Mon Sep 17 00:00:00 2001 From: Jarrod Johnson Date: Fri, 27 Jan 2023 10:43:29 -0500 Subject: [PATCH 4/7] Tweak osdeploy for ARM setup --- confluent_osdeploy/buildrpm-aarch64 | 32 +++++++++++++++++++ .../confluent_osdeploy-aarch64.spec.tmpl | 11 +++---- 2 files changed, 36 insertions(+), 7 deletions(-) create mode 100644 confluent_osdeploy/buildrpm-aarch64 diff --git a/confluent_osdeploy/buildrpm-aarch64 b/confluent_osdeploy/buildrpm-aarch64 new file mode 100644 index 00000000..867c0102 --- /dev/null +++ b/confluent_osdeploy/buildrpm-aarch64 @@ -0,0 +1,32 @@ +VERSION=`git describe|cut -d- -f 1` +NUMCOMMITS=`git describe|cut -d- -f 2` +if [ "$NUMCOMMITS" != "$VERSION" ]; then + VERSION=$VERSION.dev$NUMCOMMITS.g`git describe|cut -d- -f 3` +fi +sed -e "s/#VERSION#/$VERSION/" confluent_osdeploy-aarch64.spec.tmpl > confluent_osdeploy-aarch64.spec +cd .. +cp ../LICENSE . +tar Jcvf confluent_osdeploy.tar.xz confluent_osdeploy +mv confluent_osdeploy.tar.xz ~/rpmbuild/SOURCES/ +cd - +mkdir -p el9bin/opt/confluent/bin +mkdir -p el9bin/stateless-bin +mkdir -p el8bin/opt/confluent/bin +mkdir -p el8bin/stateless-bin +podman run --privileged --rm -v $(pwd)/utils:/buildutils -i -t el9builder make -C /buildutils +cd utils +mv confluent_imginfo copernicus clortho autocons ../el9bin/opt/confluent/bin +mv start_root urlmount ../el9bin/stateless-bin/ +cd .. +podman run --privileged --rm -v $(pwd)/utils:/buildutils -i -t el8builder make -C /buildutils +cd utils +mv confluent_imginfo copernicus clortho autocons ../el8bin/opt/confluent/bin +mv start_root urlmount ../el8bin/stateless-bin/ +cd .. +tar Jcvf confluent_el9bin.tar.xz el9bin/ +tar Jcvf confluent_el8bin.tar.xz el8bin/ +mv confluent_el8bin.tar.xz ~/rpmbuild/SOURCES/ +mv confluent_el9bin.tar.xz ~/rpmbuild/SOURCES/ +rm -rf el9bin +rm -rf el8bin +rpmbuild -ba confluent_osdeploy-aarch64.spec diff --git a/confluent_osdeploy/confluent_osdeploy-aarch64.spec.tmpl b/confluent_osdeploy/confluent_osdeploy-aarch64.spec.tmpl index d282acad..c5ce6710 100644 --- a/confluent_osdeploy/confluent_osdeploy-aarch64.spec.tmpl +++ b/confluent_osdeploy/confluent_osdeploy-aarch64.spec.tmpl @@ -7,6 +7,7 @@ License: Apache2 URL: https://hpc.lenovo.com/ Source0: confluent_osdeploy.tar.xz Source1: confluent_el9bin.tar.xz +Source2: confluent_el8bin.tar.xz BuildArch: noarch Requires: confluent_ipxe mtools tar BuildRoot: /tmp @@ -23,11 +24,7 @@ This contains support utilities for enabling deployment of aarch64 architecture %build mkdir -p opt/confluent/bin mkdir -p stateless-bin -cd utils -make all -cp confluent_imginfo copernicus clortho autocons ../opt/confluent/bin -cp start_root urlmount ../stateless-bin/ -cd .. +cp -a el8bin/* . ln -s el8 el9 for os in rhvh4 el7 genesis el8 suse15 ubuntu20.04 ubuntu22.04 coreos el9; do mkdir ${os}out @@ -78,7 +75,7 @@ cp -a esxi7 esxi8 %install mkdir -p %{buildroot}/opt/confluent/share/licenses/confluent_osdeploy/ -cp LICENSE %{buildroot}/opt/confluent/share/licenses/confluent_osdeploy/ +#cp LICENSE %{buildroot}/opt/confluent/share/licenses/confluent_osdeploy/ for os in rhvh4 el7 el8 el9 genesis suse15 ubuntu20.04 ubuntu22.04 esxi6 esxi7 esxi8 coreos; do mkdir -p %{buildroot}/opt/confluent/lib/osdeploy/$os/initramfs cp ${os}out/addons-aarch64.* %{buildroot}/opt/confluent/lib/osdeploy/$os/initramfs @@ -91,4 +88,4 @@ find %{buildroot}/opt/confluent/lib/osdeploy/ -name .gitignore -exec rm -f {} + %files /opt/confluent/lib/osdeploy -%license /opt/confluent/share/licenses/confluent_osdeploy/LICENSE +#%license /opt/confluent/share/licenses/confluent_osdeploy/LICENSE From 3e71e103b15ce3f1555256256734d92e4ff47a90 Mon Sep 17 00:00:00 2001 From: Jarrod Johnson Date: Fri, 27 Jan 2023 10:47:27 -0500 Subject: [PATCH 5/7] Fix unpacking of el8 and el9 built sources --- confluent_osdeploy/confluent_osdeploy-aarch64.spec.tmpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/confluent_osdeploy/confluent_osdeploy-aarch64.spec.tmpl b/confluent_osdeploy/confluent_osdeploy-aarch64.spec.tmpl index c5ce6710..ba8660fb 100644 --- a/confluent_osdeploy/confluent_osdeploy-aarch64.spec.tmpl +++ b/confluent_osdeploy/confluent_osdeploy-aarch64.spec.tmpl @@ -19,7 +19,7 @@ This contains support utilities for enabling deployment of aarch64 architecture %define debug_package %{nil} %prep -%setup -n confluent_osdeploy -a 1 +%setup -n confluent_osdeploy -a 2 %build mkdir -p opt/confluent/bin From 627bc9ffe3544869fe10b06eb6b38575950ba046 Mon Sep 17 00:00:00 2001 From: Jarrod Johnson Date: Fri, 27 Jan 2023 12:14:37 -0500 Subject: [PATCH 6/7] Modify pkglist for aarch64 --- imgutil/el8/pkglist.aarch64 | 20 ++++++++++++++++++++ imgutil/el9/pkglist.aarch64 | 20 ++++++++++++++++++++ 2 files changed, 40 insertions(+) create mode 100644 imgutil/el8/pkglist.aarch64 create mode 100644 imgutil/el9/pkglist.aarch64 diff --git a/imgutil/el8/pkglist.aarch64 b/imgutil/el8/pkglist.aarch64 new file mode 100644 index 00000000..2141634a --- /dev/null +++ b/imgutil/el8/pkglist.aarch64 @@ -0,0 +1,20 @@ +dnf +hostname +irqbalance +less +sssd-client +NetworkManager +nfs-utils +numactl-libs +passwd +rootfiles +sudo +tuned +yum +initscripts +tpm2-tools +xfsprogs +e2fsprogs +fuse-libs +libnl3 +chrony kernel net-tools nfs-utils openssh-server rsync tar util-linux python3 tar dracut dracut-network ethtool parted openssl dhclient openssh-clients bash vim-minimal rpm iputils lvm2 efibootmgr shim-aa64 grub2-efi-aa64 attr diff --git a/imgutil/el9/pkglist.aarch64 b/imgutil/el9/pkglist.aarch64 new file mode 100644 index 00000000..2141634a --- /dev/null +++ b/imgutil/el9/pkglist.aarch64 @@ -0,0 +1,20 @@ +dnf +hostname +irqbalance +less +sssd-client +NetworkManager +nfs-utils +numactl-libs +passwd +rootfiles +sudo +tuned +yum +initscripts +tpm2-tools +xfsprogs +e2fsprogs +fuse-libs +libnl3 +chrony kernel net-tools nfs-utils openssh-server rsync tar util-linux python3 tar dracut dracut-network ethtool parted openssl dhclient openssh-clients bash vim-minimal rpm iputils lvm2 efibootmgr shim-aa64 grub2-efi-aa64 attr From 2b01d9fbfa80b0da7bac6428b8319678a7d73c97 Mon Sep 17 00:00:00 2001 From: Jarrod Johnson Date: Mon, 30 Jan 2023 12:40:40 -0500 Subject: [PATCH 7/7] Properly store all candidate host ip addresses This is needed to ensure that mis-detected primary ip falls through to another viable ip --- confluent_osdeploy/common/initramfs/opt/confluent/bin/apiclient | 1 + 1 file changed, 1 insertion(+) diff --git a/confluent_osdeploy/common/initramfs/opt/confluent/bin/apiclient b/confluent_osdeploy/common/initramfs/opt/confluent/bin/apiclient index 0287a4f1..a8b5e39b 100644 --- a/confluent_osdeploy/common/initramfs/opt/confluent/bin/apiclient +++ b/confluent_osdeploy/common/initramfs/opt/confluent/bin/apiclient @@ -253,6 +253,7 @@ class HTTPSClient(client.HTTPConnection, object): self.stdheaders['CONFLUENT_NODENAME'] = node if line.startswith('MANAGER:') and not host: host = line.split(' ')[1] + self.hosts.append(host) if not plainhost: plainhost = host if line.startswith('EXTMGRINFO:'):