├── .gitignore ├── API.txt ├── LICENSE ├── README.md ├── SECURITY ├── TODO ├── confluent_client ├── COPYRIGHT ├── MANIFEST.in ├── addattribs.py ├── bin │ ├── collate │ ├── confetty │ ├── confluent2ansible │ ├── confluent2hosts │ ├── confluent2lxca │ ├── confluent2xcat │ ├── dir2img │ ├── nodeapply │ ├── nodeattrib │ ├── nodebmcpassword │ ├── nodebmcreset │ ├── nodeboot │ ├── nodeconfig │ ├── nodeconsole │ ├── nodedefine │ ├── nodedeploy │ ├── nodediscover │ ├── nodeeventlog │ ├── nodefirmware │ ├── nodegroupattrib │ ├── nodegroupdefine │ ├── nodegrouplist │ ├── nodegroupremove │ ├── nodegrouprename │ ├── nodehealth │ ├── nodeidentify │ ├── nodeinventory │ ├── nodel2traceroute │ ├── nodelicense │ ├── nodelist │ ├── nodemedia │ ├── nodeping │ ├── nodepower │ ├── noderemove │ ├── noderename │ ├── nodereseat │ ├── nodersync │ ├── noderun │ ├── nodesensors │ ├── nodesetboot │ ├── nodeshell │ ├── nodestorage │ ├── nodesupport │ └── stats ├── builddeb ├── buildrpm ├── confluent │ ├── client.py │ ├── logreader.py │ ├── screensqueeze.py │ ├── sortutil.py │ ├── termhandler.py │ ├── textgroup.py │ ├── tlv.py │ └── tlvdata.py ├── confluent_client.spec.tmpl ├── confluent_env.csh ├── confluent_env.sh ├── doc │ └── man │ │ ├── buildindex.sh │ │ ├── collate.ronn │ │ ├── collective.ronn │ │ ├── confetty.ronn │ │ ├── confluent.ronn │ │ ├── confluent2hosts.ronn │ │ ├── confluentdbutil.ronn │ │ ├── nodeapply.ronn │ │ ├── nodeattrib.ronn.tmpl │ │ ├── nodeattribexpressions.ronn │ │ ├── nodebmcpassword.ronn │ │ ├── nodebmcreset.ronn │ │ ├── nodeboot.ronn │ │ ├── nodeconfig.ronn │ │ ├── nodeconsole.ronn │ │ ├── nodedefine.ronn │ │ ├── nodedeploy.ronn │ │ ├── nodediscover.ronn │ │ ├── nodeeventlog.ronn │ │ ├── nodefirmware.ronn │ │ ├── nodegroupattrib.ronn.tmpl │ │ ├── nodegroupdefine.ronn │ │ ├── nodegrouplist.ronn │ │ ├── nodegroupremove.ronn │ │ ├── nodehealth.ronn │ │ ├── nodeidentify.ronn │ │ ├── nodeinventory.ronn │ │ ├── nodel2traceroute.ronn │ │ ├── nodelicense.ronn │ │ ├── nodelist.ronn │ │ ├── nodemedia.ronn │ │ ├── nodeping.ronn │ │ ├── nodepower.ronn │ │ ├── noderange.ronn │ │ ├── noderemove.ronn │ │ ├── nodereseat.ronn │ │ ├── nodersync.ronn │ │ ├── noderun.ronn │ │ ├── nodesensors.ronn │ │ ├── nodesetboot.ronn │ │ ├── nodeshell.ronn │ │ ├── nodestorage.ronn │ │ ├── nodesupport.ronn │ │ ├── osdeploy.ronn │ │ └── stats.ronn ├── makeman ├── makesetup ├── requirements.txt ├── samples │ └── nodeattrib_from_switch.py └── setup.py.tmpl ├── confluent_common ├── README.txt ├── VERSION ├── buildrpm ├── confluent_common.spec.tmpl ├── makesetup └── setup.py.tmpl ├── confluent_osdeploy ├── buildrpm ├── buildrpm-aarch64 ├── common │ ├── initramfs │ │ └── opt │ │ │ └── confluent │ │ │ └── bin │ │ │ └── apiclient │ └── profile │ │ └── scripts │ │ ├── autoconsole │ │ ├── confignet │ │ └── setupssh ├── confluent_osdeploy-aarch64.spec.tmpl ├── confluent_osdeploy.spec.tmpl ├── coreos │ ├── initramfs │ │ ├── etc │ │ │ └── systemd │ │ │ │ └── system │ │ │ │ └── initrd-root-fs.target.requires │ │ │ │ └── confluent-rootfs.service │ │ ├── opt │ │ │ └── confluent │ │ │ │ └── bin │ │ │ │ └── initconfluent.sh │ │ └── usr │ │ │ └── lib │ │ │ ├── dracut │ │ │ └── hooks │ │ │ │ ├── cmdline │ │ │ │ └── 01-confluent.sh │ │ │ │ └── pre-pivot │ │ │ │ └── 01-confluent.sh │ │ │ └── systemd │ │ │ └── system │ │ │ └── confluent-rootfs.service │ └── profiles │ │ └── default │ │ ├── initprofile.sh │ │ └── profile.yaml ├── debian │ ├── initramfs │ │ └── lib │ │ │ └── debian-installer-startup.d │ │ │ └── S25confluentinit │ └── profiles │ │ └── default │ │ ├── initprofile.sh │ │ ├── preseed.cfg │ │ ├── profile.yaml │ │ └── scripts │ │ ├── confignet │ │ ├── firstboot.d │ │ └── .gitignore │ │ ├── firstboot.service │ │ ├── firstboot.sh │ │ ├── functions │ │ ├── post.d │ │ └── .gitignore │ │ ├── post.sh │ │ ├── pre.sh │ │ ├── prechroot.sh │ │ ├── proxmox │ │ ├── proxmoxve.firstboot │ │ └── proxmoxve.post │ │ └── setupssh ├── el7-diskless │ ├── initramfs │ │ └── usr │ │ │ └── lib │ │ │ └── dracut │ │ │ └── hooks │ │ │ └── cmdline │ │ │ └── 10-confluentdiskless.sh │ └── profiles │ │ └── default │ │ ├── scripts │ │ ├── firstboot.custom │ │ ├── firstboot.d │ │ │ └── .gitignore │ │ ├── firstboot.service │ │ ├── firstboot.sh │ │ ├── functions │ │ ├── getinstalldisk │ │ ├── image2disk.py │ │ ├── imageboot.sh │ │ ├── installimage │ │ ├── onboot.custom │ │ ├── onboot.d │ │ │ └── .gitignore │ │ ├── onboot.service │ │ ├── onboot.sh │ │ ├── post.d │ │ │ └── .gitignore │ │ ├── post.sh │ │ └── syncfileclient │ │ └── syncfiles ├── el7 │ ├── initramfs │ │ └── usr │ │ │ └── lib │ │ │ └── dracut │ │ │ └── hooks │ │ │ ├── cmdline │ │ │ └── 01-confluent.sh │ │ │ ├── initqueue │ │ │ ├── 01-confluent.sh │ │ │ └── finished │ │ │ │ └── confluent.sh │ │ │ └── pre-pivot │ │ │ └── 01-confluent.sh │ └── profiles │ │ └── default │ │ ├── ansible │ │ ├── firstboot.d │ │ │ └── README.txt │ │ └── post.d │ │ │ └── README.txt │ │ ├── initprofile.sh │ │ ├── kickstart │ │ ├── kickstart.custom │ │ ├── profile.yaml │ │ ├── scripts │ │ ├── add_local_repositories │ │ ├── configbmc │ │ ├── firstboot.custom │ │ ├── firstboot.d │ │ │ └── .gitignore │ │ ├── firstboot.service │ │ ├── firstboot.sh │ │ ├── functions │ │ ├── getinstalldisk │ │ ├── infiniband │ │ │ ├── mofed.post │ │ │ └── mofed.pre │ │ ├── post.custom │ │ ├── post.d │ │ │ └── .gitignore │ │ ├── post.sh │ │ ├── pre.custom │ │ ├── pre.d │ │ │ └── .gitignore │ │ ├── pre.sh │ │ ├── prechroot.sh │ │ ├── setupssh.sh │ │ ├── syncfileclient │ │ └── tpm_luks.sh │ │ └── syncfiles ├── el8-diskless │ ├── initramfs │ │ └── usr │ │ │ └── lib │ │ │ └── dracut │ │ │ └── hooks │ │ │ └── cmdline │ │ │ └── 10-confluentdiskless.sh │ └── profiles │ │ └── default │ │ ├── scripts │ │ ├── add_local_repositories │ │ ├── firstboot.custom │ │ ├── firstboot.d │ │ │ └── .gitignore │ │ ├── firstboot.service │ │ ├── firstboot.sh │ │ ├── functions │ │ ├── getinstalldisk │ │ ├── image2disk.py │ │ ├── imageboot.sh │ │ ├── installimage │ │ ├── onboot.custom │ │ ├── onboot.d │ │ │ └── .gitignore │ │ ├── onboot.service │ │ ├── onboot.sh │ │ ├── post.d │ │ │ └── .gitignore │ │ ├── post.sh │ │ └── syncfileclient │ │ └── syncfiles ├── el8 │ ├── initramfs │ │ └── usr │ │ │ └── lib │ │ │ └── dracut │ │ │ └── hooks │ │ │ ├── cmdline │ │ │ └── 01-confluent.sh │ │ │ ├── pre-pivot │ │ │ └── 01-confluent.sh │ │ │ └── pre-trigger │ │ │ └── 01-confluent.sh │ └── profiles │ │ └── default │ │ ├── ansible │ │ ├── firstboot.d │ │ │ └── README.txt │ │ └── post.d │ │ │ └── README.txt │ │ ├── initprofile.sh │ │ ├── kickstart │ │ ├── kickstart.custom │ │ ├── packagelist │ │ ├── partitioning │ │ ├── profile.yaml │ │ ├── scripts │ │ ├── add_local_repositories │ │ ├── configbmc │ │ ├── firstboot.custom │ │ ├── firstboot.d │ │ │ └── .gitignore │ │ ├── firstboot.service │ │ ├── firstboot.sh │ │ ├── functions │ │ ├── getinstalldisk │ │ ├── infiniband │ │ │ ├── mofed.post │ │ │ └── mofed.pre │ │ ├── post.custom │ │ ├── post.d │ │ │ └── .gitignore │ │ ├── post.sh │ │ ├── pre.custom │ │ ├── pre.d │ │ │ └── .gitignore │ │ ├── pre.sh │ │ ├── prechroot.sh │ │ ├── setupssh.sh │ │ ├── syncfileclient │ │ └── tpm_luks.sh │ │ └── syncfiles ├── el9-diskless │ ├── initramfs │ │ └── usr │ │ │ └── lib │ │ │ └── dracut │ │ │ └── hooks │ │ │ └── cmdline │ │ │ └── 10-confluentdiskless.sh │ └── profiles │ │ └── default │ │ ├── scripts │ │ ├── add_local_repositories │ │ ├── firstboot.custom │ │ ├── firstboot.d │ │ │ └── .gitignore │ │ ├── firstboot.service │ │ ├── firstboot.sh │ │ ├── functions │ │ ├── getinstalldisk │ │ ├── image2disk.py │ │ ├── imageboot.sh │ │ ├── installimage │ │ ├── onboot.custom │ │ ├── onboot.d │ │ │ └── .gitignore │ │ ├── onboot.service │ │ ├── onboot.sh │ │ ├── post.d │ │ │ └── .gitignore │ │ ├── post.sh │ │ └── syncfileclient │ │ └── syncfiles ├── esxi7 │ ├── initramfs │ │ └── bin │ │ │ └── dcuiweasel │ └── profiles │ │ └── hypervisor │ │ ├── initprofile.sh │ │ ├── kickstart │ │ ├── profile.yaml │ │ └── scripts │ │ ├── makeksnet │ │ └── modinstall ├── genesis │ ├── initramfs │ │ ├── opt │ │ │ └── confluent │ │ │ │ └── bin │ │ │ │ └── rungenesis │ │ └── usr │ │ │ └── lib │ │ │ └── dracut │ │ │ └── hooks │ │ │ └── cmdline │ │ │ └── 10-genesis.sh │ └── profiles │ │ └── default │ │ ├── ansible │ │ └── onboot.d │ │ │ └── README.txt │ │ ├── profile.yaml │ │ └── scripts │ │ ├── configbmc │ │ ├── functions │ │ ├── onboot.sh │ │ └── syncfileclient ├── rhvh4 │ ├── initramfs │ │ └── usr │ │ │ └── lib │ │ │ └── dracut │ │ │ └── hooks │ │ │ ├── cmdline │ │ │ └── 01-confluent.sh │ │ │ ├── initqueue │ │ │ ├── 01-confluent.sh │ │ │ └── finished │ │ │ │ └── confluent.sh │ │ │ └── pre-pivot │ │ │ └── 01-confluent.sh │ └── profiles │ │ └── default │ │ ├── initprofile.sh │ │ ├── kickstart │ │ ├── kickstart.custom │ │ ├── profile.yaml │ │ └── scripts │ │ ├── firstboot.custom │ │ ├── firstboot.service │ │ ├── firstboot.sh │ │ ├── functions │ │ ├── getinstalldisk │ │ ├── post.custom │ │ ├── post.sh │ │ ├── pre.custom │ │ ├── pre.sh │ │ ├── prechroot.sh │ │ ├── setupssh.sh │ │ └── tpm_luks.sh ├── suse15-diskless │ ├── initramfs │ │ └── lib │ │ │ └── dracut │ │ │ └── hooks │ │ │ └── cmdline │ │ │ └── 10-confluentdiskless.sh │ └── profiles │ │ └── default │ │ ├── scripts │ │ ├── functions │ │ ├── imageboot.sh │ │ ├── onboot.custom │ │ ├── onboot.d │ │ │ └── .gitignore │ │ ├── onboot.service │ │ ├── onboot.sh │ │ └── syncfileclient │ │ └── syncfiles ├── suse15 │ ├── initramfs │ │ ├── etc │ │ │ └── linuxrc.d │ │ │ │ └── 01-confluent │ │ └── opt │ │ │ └── confluent │ │ │ └── bin │ │ │ └── suseagent │ └── profiles │ │ ├── hpc │ │ ├── ansible │ │ │ ├── firstboot.d │ │ │ │ └── README.txt │ │ │ └── post.d │ │ │ │ └── README.txt │ │ ├── autoyast.leap │ │ ├── autoyast.sle │ │ ├── initprofile.sh │ │ ├── profile.yaml │ │ ├── scripts │ │ │ ├── firstboot.custom │ │ │ ├── firstboot.d │ │ │ │ └── .gitignore │ │ │ ├── firstboot.sh │ │ │ ├── functions │ │ │ ├── getinstalldisk │ │ │ ├── post.custom │ │ │ ├── post.d │ │ │ │ ├── .gitignore │ │ │ │ └── 10-remove-online-repos.sh │ │ │ ├── post.sh │ │ │ ├── pre.d │ │ │ │ └── .gitignore │ │ │ ├── pre.sh │ │ │ ├── prechroot.sh │ │ │ ├── setupssh.sh │ │ │ └── syncfileclient │ │ └── syncfiles │ │ └── server │ │ ├── ansible │ │ ├── firstboot.d │ │ │ └── README.txt │ │ └── post.d │ │ │ └── README.txt │ │ ├── autoyast.leap │ │ ├── autoyast.sle │ │ ├── initprofile.sh │ │ ├── profile.yaml │ │ ├── scripts │ │ ├── firstboot.custom │ │ ├── firstboot.d │ │ │ └── .gitignore │ │ ├── firstboot.sh │ │ ├── functions │ │ ├── getinstalldisk │ │ ├── post.custom │ │ ├── post.d │ │ │ ├── .gitignore │ │ │ └── 10-remove-online-repos.sh │ │ ├── post.sh │ │ ├── pre.d │ │ │ └── .gitignore │ │ ├── pre.sh │ │ ├── prechroot.sh │ │ ├── setupssh.sh │ │ └── syncfileclient │ │ └── syncfiles ├── ubuntu18.04 │ ├── initramfs │ │ └── lib │ │ │ └── debian-installer-startup.d │ │ │ └── S25confluentinit │ └── profiles │ │ └── default │ │ ├── initprofile.sh │ │ ├── preseed.cfg │ │ ├── profile.yaml │ │ └── scripts │ │ ├── firstboot.service │ │ ├── firstboot.sh │ │ ├── functions │ │ ├── post.sh │ │ ├── pre.sh │ │ └── prechroot.sh ├── ubuntu20.04-diskless │ ├── initramfs │ │ ├── conf │ │ │ └── conf.d │ │ │ │ └── confluent │ │ └── scripts │ │ │ └── init-premount │ │ │ └── confluent │ └── profiles │ │ └── default │ │ └── scripts │ │ ├── firstboot.service │ │ ├── firstboot.sh │ │ ├── functions │ │ ├── getinstalldisk │ │ ├── image2disk.py │ │ ├── imageboot.sh │ │ ├── installimage │ │ ├── onboot.service │ │ ├── onboot.sh │ │ ├── post.sh │ │ └── syncfileclient ├── ubuntu20.04 │ ├── initramfs │ │ ├── conf │ │ │ └── conf.d │ │ │ │ └── confluent │ │ ├── custom-installation │ │ │ ├── hooks │ │ │ │ └── casper-bottom.sh │ │ │ ├── post.sh │ │ │ └── pre.sh │ │ └── scripts │ │ │ └── init-premount │ │ │ └── confluent │ └── profiles │ │ └── default │ │ ├── autoinstall │ │ ├── meta-data │ │ └── user-data │ │ ├── initprofile.sh │ │ ├── profile.yaml │ │ └── scripts │ │ ├── firstboot.d │ │ └── .gitignore │ │ ├── firstboot.sh │ │ ├── functions │ │ ├── getinstalldisk │ │ ├── post.d │ │ └── .gitignore │ │ ├── post.sh │ │ ├── pre.sh │ │ └── syncfileclient ├── ubuntu22.04-diskless ├── ubuntu22.04 │ ├── initramfs │ │ ├── conf │ │ │ └── conf.d │ │ │ │ └── confluent │ │ ├── custom-installation │ │ │ ├── post.sh │ │ │ └── pre.sh │ │ └── scripts │ │ │ ├── casper-bottom │ │ │ └── 99confluent │ │ │ └── init-premount │ │ │ └── confluent │ └── profiles │ │ └── default │ │ ├── ansible │ │ ├── firstboot.d │ │ │ └── README.txt │ │ └── post.d │ │ │ └── README.txt │ │ ├── autoinstall │ │ ├── meta-data │ │ └── user-data │ │ ├── initprofile.sh │ │ ├── profile.yaml │ │ └── scripts │ │ ├── addcrypt │ │ ├── firstboot.d │ │ └── .gitignore │ │ ├── firstboot.sh │ │ ├── functions │ │ ├── getinstalldisk │ │ ├── mergetime │ │ ├── post.d │ │ └── .gitignore │ │ ├── post.sh │ │ ├── pre.d │ │ └── .gitignore │ │ ├── pre.sh │ │ ├── syncfileclient │ │ ├── systemdecrypt │ │ └── systemdecrypt-hook ├── ubuntu24.04 ├── ubuntu24.04-diskless └── utils │ ├── Makefile │ ├── autocons.c │ ├── clortho.c │ ├── confluent_imginfo.c │ ├── confusebox │ ├── Makefile │ ├── apiclient.go │ ├── genpasshmac.go │ ├── go.mod │ ├── go.sum │ └── main.go │ ├── copernicus.c │ ├── goapiclient │ ├── go.mod │ ├── go.sum │ └── main.go │ ├── gopasshmac │ ├── go.mod │ ├── go.sum │ └── main.go │ ├── sha-256.c │ ├── sha-256.h │ ├── start_root.c │ ├── urlmount.c │ └── urlmount3.c ├── confluent_perl ├── Confluent │ ├── Client.pm │ └── TLV.pm └── example.pl ├── confluent_server ├── COPYRIGHT ├── MANIFEST.in ├── bin │ ├── collective │ ├── confluent │ ├── confluent_selfcheck │ ├── confluentdbutil │ ├── confluentsrv.py │ ├── createcert.sh │ └── osdeploy ├── builddeb ├── buildrpm ├── confluent │ ├── alerts.py │ ├── asynchttp.py │ ├── auth.py │ ├── certutil.py │ ├── collective │ │ ├── __init__.py │ │ ├── invites.py │ │ └── manager.py │ ├── config │ │ ├── __init__.py │ │ ├── attributes.py │ │ ├── conf.py │ │ └── configmanager.py │ ├── consoleserver.py │ ├── core.py │ ├── credserver.py │ ├── discovery │ │ ├── __init__.py │ │ ├── core.py │ │ ├── handlers │ │ │ ├── __init__.py │ │ │ ├── bmc.py │ │ │ ├── cpstorage.py │ │ │ ├── generic.py │ │ │ ├── imm.py │ │ │ ├── megarac.py │ │ │ ├── pxe.py │ │ │ ├── redfishbmc.py │ │ │ ├── smm.py │ │ │ ├── smm3.py │ │ │ ├── tsm.py │ │ │ ├── xcc.py │ │ │ └── xcc3.py │ │ └── protocols │ │ │ ├── __init__.py │ │ │ ├── mdns.py │ │ │ ├── pxe.py │ │ │ ├── slp.py │ │ │ └── ssdp.py │ ├── exceptions.py │ ├── firmwaremanager.py │ ├── forwarder.py │ ├── httpapi.py │ ├── interface │ │ ├── __init__.py │ │ └── console.py │ ├── log.py │ ├── lookuptools.py │ ├── main.py │ ├── messages.py │ ├── mountmanager.py │ ├── neighutil.py │ ├── netutil.py │ ├── networking │ │ ├── __init__.py │ │ ├── lldp.py │ │ ├── macmap.py │ │ ├── netutil.py │ │ └── nxapi.py │ ├── noderange.py │ ├── osimage.py │ ├── pam.py │ ├── plugin.py │ ├── plugins │ │ ├── __init__.py │ │ ├── configuration │ │ │ ├── __init__.py │ │ │ └── attributes.py │ │ ├── console │ │ │ ├── ikvm.py │ │ │ ├── openbmc.py │ │ │ └── tsmsol.py │ │ ├── deployment │ │ │ └── identimage.py │ │ ├── hardwaremanagement │ │ │ ├── __init__.py │ │ │ ├── affluent.py │ │ │ ├── cnos.py │ │ │ ├── cooltera.py │ │ │ ├── deltapdu.py │ │ │ ├── eatonpdu.py │ │ │ ├── enclosure.py │ │ │ ├── enlogic.py │ │ │ ├── enos.py │ │ │ ├── geist.py │ │ │ ├── ipmi.py │ │ │ ├── nxos.py │ │ │ ├── pdu.py │ │ │ ├── proxmox.py │ │ │ ├── redfish.py │ │ │ └── vcenter.py │ │ ├── info │ │ │ └── layout.py │ │ └── shell │ │ │ └── ssh.py │ ├── runansible.py │ ├── selfservice.py │ ├── shellmodule.py │ ├── shellserver.py │ ├── snmputil.py │ ├── sockapi.py │ ├── sshutil.py │ ├── syncfiles.py │ ├── userutil.py │ ├── util.py │ ├── vinzmanager.py │ └── webauthn.py ├── confluent_server.spec.tmpl ├── confluentdbgcli.py ├── confluentsrv.spec ├── dbgtools │ ├── confluentdbgcli.py │ └── processhangtraces.py ├── makesetup ├── requirements.txt ├── setup.py.tmpl ├── sysctl │ └── confluent.conf ├── systemd │ └── confluent.service └── sysvinit │ └── confluent ├── confluent_vtbufferd ├── COPYING.tmt ├── Makefile ├── NOTICE ├── builddeb ├── buildrpm ├── confluent_vtbufferd.spec.tmpl ├── debian │ ├── changelog │ ├── compat │ ├── control │ ├── copyright │ ├── format │ └── rules ├── tmt.c ├── tmt.h └── vtbufferd.c ├── confluent_web ├── COPYING ├── consoles.css └── consoles.html ├── container ├── Dockerfile └── runconfluent.sh ├── doc └── SocketProtocol.txt ├── genesis ├── 97genesis │ ├── cmdline.sh │ ├── install-base │ ├── install-gui │ ├── install-locale │ ├── install-python312 │ ├── install-python313 │ ├── install-python39 │ ├── installkernel │ └── module-setup.sh ├── buildgenesis.sh ├── confluent-genesis.spec ├── exlicenses │ ├── bash │ │ └── NOTICE │ ├── dhcp-common │ │ └── NOTICE │ ├── libgcrypt │ │ └── LICENSES.ppc-aes-gcm │ └── libsepol │ │ └── NOTICE ├── extracttmuxlicenses.py ├── fetchlicenses ├── firefox │ ├── firefoxlibs │ └── makelayer.sh └── getlicenses.py ├── imgutil ├── builddeb ├── buildrpm ├── confluent_imgutil.spec.tmpl ├── control.tmpl ├── el7 │ ├── dracut │ │ ├── install │ │ └── installkernel │ └── pkglist ├── el8 │ ├── dracut │ │ ├── install │ │ └── installkernel │ ├── pkglist │ └── pkglist.aarch64 ├── el9 │ ├── dracut │ │ ├── install │ │ └── installkernel │ ├── pkglist │ └── pkglist.aarch64 ├── imgutil ├── suse15 │ ├── dracut │ │ ├── install │ │ └── installkernel │ └── pkglist ├── ubuntu │ ├── initramfs-tools │ │ ├── conf.d │ │ │ └── confluent.conf │ │ └── hooks │ │ │ └── confluent │ └── pkglist ├── ubuntu20.04 ├── ubuntu22.04 └── ubuntu24.04 └── misc ├── adoptnode.sh ├── autocons.py ├── cfg-dhcp-redfish-bmcs-by-switch.py ├── disablepasscomplexity.py ├── filterpasswd ├── finalizeadopt.sh ├── fixexpiry.py ├── fixsmmexpiry.py ├── forceinventory.py ├── getcsr.py ├── getinstdisk.py ├── getpass.py ├── getusbnicaddr ├── getxcccsr.py ├── grabscreenshot.py ├── installcert.py ├── installxcccert.py ├── mac2lla.py ├── makealtca.py ├── makeboot.centos.py ├── makeuefinetbootentry.py ├── mofed └── install_mofed ├── prepadopt.sh ├── prepfish.py ├── setinitalpwd.py ├── setupssh.sh ├── slpscan.py ├── snakeidentify.py ├── ssdpscan.py ├── swraid ├── tpmnotes ├── vroc └── xcatstateless ├── initramfs └── usr │ └── lib │ └── dracut │ └── hooks │ ├── cmdline │ └── 01-confluent.sh │ ├── initqueue │ └── 01-confluent.sh │ └── pre-pivot │ └── 01-confluent.sh └── scripts ├── earlyboot.sh ├── functions └── setupssh.sh /.gitignore: -------------------------------------------------------------------------------- 1 | *.pyc 2 | .*. 3 | confluent_client/man/man* 4 | .vscode 5 | .*.sw* 6 | .sw* 7 | .idea/* 8 | -------------------------------------------------------------------------------- /API.txt: -------------------------------------------------------------------------------- 1 | Each layer has API implications. 2 | 3 | For now, I'll start with plugin api. 4 | Arguments are always passed in keyword style 5 | 6 | plugins should implement: 7 | create(nodes, element, configmanager) 8 | retrieve(nodes, element, configmanager) 9 | update(nodes, element, configmanager) 10 | delete(nodes, element, configmanager) 11 | 12 | For the element '_console/session', the return should be an object 13 | implementing: 14 | connect(callback) 15 | read() 16 | write(data) 17 | close() 18 | 19 | For all other elements for now, the caller should get an iterable. 20 | This means a plugin may elect to return a tuple, list, 21 | class of their design implementing the iterator interface, 22 | or elect to use 'yield' in their function for a generator 23 | 24 | Northbound of confluent, the interface is straightforward. 25 | API is presented as a tree of resources. 26 | 27 | TLS socket resembles the SMASH CLP syntax, but does not actually implement 28 | SMASH CLP. Notably, client should assume case sensitivity, strings can 29 | exceed 255 characters, input can be more complex than spec allows, 30 | and no relationship to CIM is defined. The SMASH CLP prompt -> is used and the 31 | paradigm of navigating targets like a filesystem is used as well as the 32 | verb names set, create, start, stop, show, etc. 33 | 34 | 35 | HTTP presents a mostly RESTful interface (noderange, consoles, 36 | and optional multi-request, comet behavior) 37 | 38 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Confluent 2 | 3 | ![Python 3](https://img.shields.io/badge/python-3-blue.svg) [![License](https://img.shields.io/badge/license-Apache%202.0-blue.svg)](https://github.com/xcat2/confluent/blob/master/LICENSE) 4 | 5 | Confluent is a software package to handle essential bootstrap and operation of scale-out server configurations. 6 | It supports stateful and stateless deployments for various operating systems. 7 | 8 | Check [this page](https://hpc.lenovo.com/users/documentation/whatisconfluent.html 9 | ) for a more detailed list of features. 10 | 11 | Confluent is the modern successor of [xCAT](https://github.com/xcat2/xcat-core). 12 | If you're coming from xCAT, check out [this comparison](https://hpc.lenovo.com/users/documentation/confluentvxcat.html). 13 | 14 | # Documentation 15 | 16 | Confluent documentation is hosted on hpc.lenovo.com: https://hpc.lenovo.com/users/documentation/ 17 | 18 | # Download 19 | 20 | Get the latest version from: https://hpc.lenovo.com/users/downloads/ 21 | 22 | Check release notes on: https://hpc.lenovo.com/users/news/ 23 | 24 | # Open Source License 25 | 26 | Confluent is made available under the Apache 2.0 license: https://opensource.org/license/apache-2-0 27 | 28 | # Developers 29 | 30 | Want to help? Submit a [Pull Request](https://github.com/xcat2/confluent/pulls). 31 | -------------------------------------------------------------------------------- /confluent_client/MANIFEST.in: -------------------------------------------------------------------------------- 1 | include confluent_env.sh 2 | include confluent_env.csh 3 | -------------------------------------------------------------------------------- /confluent_client/addattribs.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | import os 3 | import sys 4 | path = os.path.dirname(os.path.realpath(__file__)) 5 | try: 6 | sys.path.remove(path) 7 | except Exception: 8 | pass 9 | path = os.path.realpath(os.path.join(path, '..', 'confluent_server')) 10 | sys.path.append(path) 11 | 12 | import confluent.config.attributes as attr 13 | import shutil 14 | 15 | shutil.copyfile('doc/man/nodeattrib.ronn.tmpl', 'doc/man/nodeattrib.ronn') 16 | shutil.copyfile('doc/man/nodegroupattrib.ronn.tmpl', 'doc/man/nodegroupattrib.ronn') 17 | 18 | def append_attributes(filename): 19 | with open(filename, 'a') as outf: 20 | for field in sorted(attr.node): 21 | outf.write('\n* `{0}`:\n {1}\n'.format(field, attr.node[field]['description'])) 22 | # Optionally write valid values if they exist 23 | for key, values in attr.node[field].items(): 24 | if key.startswith('valid'): 25 | values_formatted = ', '.join("'{0}'".format(v) for v in values) 26 | outf.write(f'\n Valid values: {values_formatted}\n') 27 | 28 | append_attributes('doc/man/nodeattrib.ronn') 29 | append_attributes('doc/man/nodegroupattrib.ronn') 30 | -------------------------------------------------------------------------------- /confluent_client/builddeb: -------------------------------------------------------------------------------- 1 | ../confluent_server/builddeb -------------------------------------------------------------------------------- /confluent_client/buildrpm: -------------------------------------------------------------------------------- 1 | ../confluent_server/buildrpm -------------------------------------------------------------------------------- /confluent_client/confluent/sortutil.py: -------------------------------------------------------------------------------- 1 | # vim: tabstop=4 shiftwidth=4 softtabstop=4 2 | 3 | # Copyright 2014 IBM Corporation 4 | # Copyright 2015-2016 Lenovo 5 | # 6 | # Licensed under the Apache License, Version 2.0 (the "License"); 7 | # you may not use this file except in compliance with the License. 8 | # You may obtain a copy of the License at 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, software 13 | # distributed under the License is distributed on an "AS IS" BASIS, 14 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | # See the License for the specific language governing permissions and 16 | # limitations under the License. 17 | 18 | import re 19 | 20 | numregex = re.compile('([0-9]+)') 21 | 22 | 23 | def naturalize_string(key): 24 | """Analyzes string in a human way to enable natural sort 25 | 26 | :param key: The node name to analyze 27 | :returns: A structure that can be consumed by 'sorted' 28 | """ 29 | return [int(text) if text.isdigit() else text.lower() 30 | for text in re.split(numregex, key)] 31 | 32 | 33 | def natural_sort(iterable): 34 | """Return a sort using natural sort if possible 35 | 36 | :param iterable: 37 | :return: 38 | """ 39 | try: 40 | return sorted(iterable, key=naturalize_string) 41 | except TypeError: 42 | # The natural sort attempt failed, fallback to ascii sort 43 | return sorted(iterable) 44 | -------------------------------------------------------------------------------- /confluent_client/confluent/tlv.py: -------------------------------------------------------------------------------- 1 | # vim: tabstop=4 shiftwidth=4 softtabstop=4 2 | 3 | # Copyright 2014 IBM Corporation 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # Define types for TLV use in logs and other 17 | 18 | 19 | class Types(object): 20 | text, json, filehandle = range(3) 21 | -------------------------------------------------------------------------------- /confluent_client/confluent_env.csh: -------------------------------------------------------------------------------- 1 | setenv PATH /opt/confluent/bin:$PATH 2 | -------------------------------------------------------------------------------- /confluent_client/doc/man/buildindex.sh: -------------------------------------------------------------------------------- 1 | for i in *.ronn; do echo -n `head -n 1 $i|awk '{print $1}'`; echo " $i"; done > index.txt 2 | -------------------------------------------------------------------------------- /confluent_client/doc/man/confluent.ronn: -------------------------------------------------------------------------------- 1 | confluent(8) -- Start the confluent server 2 | ========================================================= 3 | 4 | ## SYNOPSIS 5 | 6 | `confluent` 7 | 8 | ## DESCRIPTION 9 | 10 | **confluent** is the name of the server daemon. It is normally run 11 | through the init subsystem rather than executed directly. All confluent 12 | commands connect to confluent daemon. It provides the web interface, debug, 13 | and unix socket connectivity. 14 | 15 | -------------------------------------------------------------------------------- /confluent_client/doc/man/confluent2hosts.ronn: -------------------------------------------------------------------------------- 1 | confluent2hosts(8) -- Generate /etc/hosts entries for nodes 2 | ======================================================== 3 | 4 | ## SYNOPSIS 5 | 6 | `confluent2hosts -i -n ` 7 | `confluent2hosts -a ` 8 | 9 | ## DESCRIPTION 10 | 11 | `confluent2hosts` can be used to help generate /etc/hosts entries for a 12 | noderange. There are two general approaches. 13 | 14 | It can be used ad-hoc, using -i and -n to specify the address and name portions respectively. This accepts the standard confluent expression syntax, allowing for things like 172.30.1.{n1} or {node}.{dns.domain} or {bmc}. 15 | 16 | It can also read from the confluent db, using `-a`. In this mode, each net.. group is pulled together into hosts lines. ipv4_address and ipv6_address fields are associated with the corresponding hostname attributes. You can use `-f` to put the FQDN first. 17 | 18 | ## EXAMPLES 19 | 20 | * Generate /etc/hosts entries ad-hoc using default name: 21 | `# confluent2hosts -i 10.2.3.{n1} d9-d12` 22 | 23 | * Generate /etc/hosts entries ad-hoc using alternative name: 24 | `# confluent2hosts -i 10.2.3.{n1} -n "{node}-alt {node}-alt.{dns.domain}" d9-d12` 25 | 26 | * Generate /etc/hosts entries using the confluent DB as a reference: 27 | `# confluent2hosts -a d9-d12` 28 | 29 | -------------------------------------------------------------------------------- /confluent_client/doc/man/nodeapply.ronn: -------------------------------------------------------------------------------- 1 | nodeapply(8) -- Execute command on many nodes in a noderange through ssh 2 | ========================================================================= 3 | 4 | ## SYNOPSIS 5 | 6 | `nodeapply [options] ` 7 | 8 | ## DESCRIPTION 9 | 10 | Provides shortcut access to a number of common operations against deployed 11 | nodes. These operations include refreshing ssh certificates and configuration, 12 | rerunning syncflies, and executing specified postscripts. 13 | 14 | ## OPTIONS 15 | 16 | * `-k`, `--security` 17 | Refresh SSH configuration (hosts.equiv and node SSH certificates) 18 | 19 | * `-F`, `--sync` 20 | Rerun syncfiles from deployed profile 21 | 22 | * `-P SCRIPTS`, `--scripts=SCRIPTS` 23 | Re-run specified scripts, with full path under scripts specified, e.g. post.d/scriptname,firstboot.d/otherscriptname 24 | 25 | * `-c COUNT`, `-f COUNT`, `--count=COUNT` 26 | Specify the maximum number of instances to run concurrently 27 | 28 | * `-m MAXNODES`, `--maxnodes=MAXNODES` 29 | Specify a maximum number of nodes to run remote ssh command to, prompting 30 | if over the threshold 31 | -------------------------------------------------------------------------------- /confluent_client/doc/man/nodebmcpassword.ronn: -------------------------------------------------------------------------------- 1 | nodebmcpassword(8) -- Change management controller password for a specified user 2 | ========================================================= 3 | 4 | ## SYNOPSIS 5 | 6 | `nodebmcpassword ` 7 | 8 | ## DESCRIPTION 9 | 10 | `nodebmcpassword` allows you to change the management controller password for a user on a specified noderange 11 | 12 | ## OPTIONS 13 | 14 | * `-m MAXNODES`, `--maxnodes=MAXNODES`: 15 | Number of nodes to affect before prompting for 16 | confirmation 17 | 18 | * `-h`, `--help`: 19 | Show help message and exit 20 | 21 | ## EXAMPLES: 22 | 23 | * Reset the management controller for nodes n1 through n4: 24 | `# nodebmcreset n1-n4` 25 | `n1: Password Change Successful` 26 | `n2: Password Change Successful` 27 | `n3: Password Change Successful` 28 | `n4: Password Change Successful` -------------------------------------------------------------------------------- /confluent_client/doc/man/nodebmcreset.ronn: -------------------------------------------------------------------------------- 1 | nodebmcreset(8) -- Reset management controller 2 | ========================================================= 3 | 4 | ## SYNOPSIS 5 | 6 | `nodebmcreset ` 7 | 8 | ## DESCRIPTION 9 | 10 | `nodebmcreset` allows you to reset the management controller of the specified noderange 11 | 12 | ## OPTIONS 13 | 14 | * `-m MAXNODES`, `--maxnodes=MAXNODES`: 15 | Number of nodes to affect before prompting for 16 | confirmation 17 | 18 | * `-h`, `--help`: 19 | Show help message and exit 20 | 21 | ## EXAMPLES: 22 | 23 | * Reset the management controller for nodes n1 through n4: 24 | `# nodebmcreset n1-n4` 25 | `n1: BMC Reset Successful` 26 | `n2: BMC Reset Successful` 27 | `n3: BMC Reset Successful` 28 | `n4: BMC Reset Successful` 29 | -------------------------------------------------------------------------------- /confluent_client/doc/man/nodedefine.ronn: -------------------------------------------------------------------------------- 1 | nodedefine(8) -- Define new confluent nodes 2 | =================================================================== 3 | 4 | ## SYNOPSIS 5 | 6 | `nodedefine [nodeattribute1=value1> ...]` 7 | 8 | ## DESCRIPTION 9 | 10 | `nodedefine` allows the definition of new nodes for the confluent management 11 | system. It has the same syntax as `nodeattrib(8)`, and the commands differ in 12 | that `nodeattrib(8)` will error if a node does not exist. 13 | 14 | ## EXAMPLES 15 | 16 | * Define two racks of nodes, named r{rack}u{u}: 17 | `# nodedefine r1u1-r2u4` 18 | `r1u4: created` 19 | `r1u1: created` 20 | `r1u2: created` 21 | `r1u3: created` 22 | `r2u4: created` 23 | `r2u3: created` 24 | `r2u2: created` 25 | `r2u1: created` 26 | 27 | ## SEE ALSO 28 | 29 | noderange(5), nodeattribexpressions(8) 30 | -------------------------------------------------------------------------------- /confluent_client/doc/man/nodegroupdefine.ronn: -------------------------------------------------------------------------------- 1 | nodegroupdefine(8) -- Define new confluent node group 2 | =================================================================== 3 | 4 | ## SYNOPSIS 5 | 6 | `nodegroupdefine [nodeattribute1=value1> ...]` 7 | 8 | ## DESCRIPTION 9 | 10 | `nodegroupdefine` allows the definition of a new nodegroup for the confluent management 11 | service. It may only define a single group name at a time. 12 | It has the same syntax as `nodegroupattrib(8)`, and the commands differ in 13 | that `nodegroupattrib(8)` will error if a node group does not exist. 14 | 15 | ## EXAMPLES 16 | 17 | * Create a group called `compute`: 18 | `# nodegroupdefine compute` 19 | `compute: created` 20 | 21 | 22 | ## SEE ALSO 23 | 24 | nodeattribexpressions(8), nodegroupattrib(8), nodegroupremove(8) 25 | -------------------------------------------------------------------------------- /confluent_client/doc/man/nodegrouplist.ronn: -------------------------------------------------------------------------------- 1 | nodegrouplist(8) -- List the defined confluent nodegroups 2 | =================================================================== 3 | 4 | ## SYNOPSIS 5 | 6 | `nodegrouplist` 7 | 8 | ## DESCRIPTION 9 | 10 | `nodegrouplist` lists the currently defined groups in confluent. 11 | 12 | ## SEE ALSO 13 | 14 | nodeattrib(8), nodeattribexpressions(5), nodegroupattrib(8) 15 | -------------------------------------------------------------------------------- /confluent_client/doc/man/nodegroupremove.ronn: -------------------------------------------------------------------------------- 1 | nodegroupremove(8) -- Remove a nodegroup from the confluent database 2 | ==================================================================== 3 | 4 | ## SYNOPSIS 5 | 6 | `nodegroupremove ` 7 | 8 | ## DESCRIPTION 9 | 10 | `nodegroupremove` simply removes the given single nodegroup from the confluent database. 11 | 12 | 13 | ## EXAMPLES 14 | 15 | * Remove group called testgroup 16 | `# nodegroupremove testgroup` 17 | `testgroup: deleted` 18 | 19 | -------------------------------------------------------------------------------- /confluent_client/doc/man/nodehealth.ronn: -------------------------------------------------------------------------------- 1 | nodehealth(8) -- Show health summary of confluent nodes 2 | ======================================================== 3 | 4 | ## SYNOPSIS 5 | 6 | `nodehealth ` 7 | 8 | ## DESCRIPTION 9 | 10 | `nodehealth` reports the current health assessment of a confluent node. It 11 | will report either `ok`, `warning`, `critical`, or `failed`, along with 12 | a string explaining the reason for any result other than `ok`. 13 | 14 | ## EXAMPLES 15 | 16 | * Pull health summary of 5 nodes: 17 | `# nodehealth n1-n4,r1` 18 | `n1: critical (Mezz Exp 2 Fault:Critical)` 19 | `n3: ok` 20 | `n2: ok` 21 | `r1: ok` 22 | `n4: ok` 23 | -------------------------------------------------------------------------------- /confluent_client/doc/man/nodeidentify.ronn: -------------------------------------------------------------------------------- 1 | nodeidentify(8) -- Control the identify LED of confluent nodes 2 | ========================================================= 3 | 4 | ## SYNOPSIS 5 | 6 | `nodidentify [on|off|blink]` 7 | 8 | ## DESCRIPTION 9 | 10 | `nodeidentify` allows you to turn on or off the location LED of conflueunt nodes, 11 | making it easier to determine the physical location of the nodes. The following 12 | options are supported: 13 | 14 | * `on`: Turn on the identify LED 15 | * `off`: Turn off the identify LED 16 | * `blink`: Set the identify LED to blink (when supported by the system) 17 | 18 | ## EXAMPLES: 19 | 20 | * Turn on the identify LED on nodes n1 through n4: 21 | `# nodeidentify n1-n4 on` 22 | `n1: on` 23 | `n2: on` 24 | `n3: on` 25 | `n4: on` 26 | 27 | * Turn off the identify LED on nodes n1 thorugh n4: 28 | `# nodeidentify n1-n4 off` 29 | `n1: off` 30 | `n2: off` 31 | `n4: off` 32 | `n3: off` 33 | -------------------------------------------------------------------------------- /confluent_client/doc/man/nodelicense.ronn: -------------------------------------------------------------------------------- 1 | nodelicense(8) -- Manage license keys on BMC 2 | ================================================================= 3 | 4 | ## SYNOPSIS 5 | 6 | `nodelicense [list][install |save |delete ]` 7 | 8 | ## DESCRIPTION 9 | 10 | `nodelicense` manages license keys on supported BMCs. Without an argument, the command 11 | lists currently installed license. Using `delete` will remove the specified license name 12 | from the BMC. The `save` subcommand will take the passed directory (which may be in the form 13 | of /path/to/{node}/ to have the node name substituted for each node) and back up installed licenses 14 | to that directory. The `install` command will take the specified filename and install. The filename 15 | argument may be of the form xcc_fod_0034_7X21{id.serial}.key to have the serial number substituted 16 | to allow unique licenses to be specified in a single command. 17 | 18 | ## OPTIONS 19 | 20 | * `-m MAXNODES`, `--maxnodes=MAXNODES`: 21 | Specify a maximum number of nodes to delete licenses from, prompting if over the threshold 22 | 23 | * `-h`, `--help`: 24 | Show help message and exit 25 | -------------------------------------------------------------------------------- /confluent_client/doc/man/nodeping.ronn: -------------------------------------------------------------------------------- 1 | nodeping(8) -- Pings a node or a noderange. 2 | ============================== 3 | ## SYNOPSIS 4 | `nodeping [options] noderange` 5 | 6 | ## DESCRIPTION 7 | **nodeping** is a command that pings the default NIC on a node. 8 | It can also be used with the `-s` flag to change the ping location to something that is 'non primary' 9 | 10 | 11 | ## OPTIONS 12 | * ` -f` COUNT, `-c` COUNT, --count=COUNT 13 | Number of commands to run at a time 14 | * `-h`, `--help`: 15 | Show help message and exit 16 | * `-s` SUBSTITUTENAME, --substitutename=SUBSTITUTENAME 17 | Use a different name other than the nodename for ping. This may be a 18 | expression, such as {bmc} or, if no { character is present, it is treated as a suffix. -s -eth1 would make n1 become n1-eth1, for example. 19 | 20 | 21 | ## EXAMPLES 22 | * Pinging a node : 23 | `# nodeping ` 24 | `node : ping` 25 | 26 | * Pinging a group: 27 | `# nodeping ` 28 | `Node1 : ping 29 | Node2 : ping 30 | Node3 : ping` 31 | 32 | * Pinging BMC on a node: 33 | `# nodeping -s {bmc} ` 34 | ` Node-bmc : ping` 35 | 36 | * Pinging by specifying a suffix: 37 | `# nodeping d1-d4 -s -eth1` 38 | `d2-eth1: no_ping` 39 | `d1-eth1: no_ping` 40 | `d3-eth1: no_ping` 41 | `d4-eth1: no_ping` 42 | 43 | * Fail to ping node: 44 | `# nodeping ` 45 | `node : no_ping` 46 | 47 | 48 | -------------------------------------------------------------------------------- /confluent_client/doc/man/noderemove.ronn: -------------------------------------------------------------------------------- 1 | noderemove(8) -- Remove nodes from the confluent management service 2 | =================================================================== 3 | 4 | ## SYNOPSIS 5 | 6 | `noderemove ` 7 | 8 | ## DESCRIPTION 9 | 10 | `noderemove` simply removes the given noderange from the confluent database. 11 | 12 | ## OPTIONS 13 | 14 | * `-m MAXNODES`, `--maxnodes=MAXNODES`: 15 | Specify a maximum number of nodes to delete, prompting if over the 16 | threshold 17 | 18 | * `-h`, `--help`: 19 | Show help message and exit 20 | 21 | ## EXAMPLES 22 | 23 | * Remove two racks each with 4 nodes: 24 | `# noderemove r1u1-r2u4` 25 | `r1u4: deleted` 26 | `r1u1: deleted` 27 | `r1u2: deleted` 28 | `r1u3: deleted` 29 | `r2u4: deleted` 30 | `r2u3: deleted` 31 | `r2u2: deleted` 32 | `r2u1: deleted` 33 | -------------------------------------------------------------------------------- /confluent_client/doc/man/nodereseat.ronn: -------------------------------------------------------------------------------- 1 | nodereseat(8) -- Request a reseat of a node 2 | ============================================ 3 | 4 | ## SYNOPSIS 5 | 6 | `nodereseat ` 7 | 8 | ## DESCRIPTION 9 | 10 | `nodereseat` requests the enclosure manager of the current node to reseat that 11 | node's slot. This should be equivalent to removing the system entirely from 12 | the chassis and putting it back in, but without actually having to do so. 13 | 14 | ## OPTIONS 15 | 16 | * `-m MAXNODES`, `--maxnodes=MAXNODES`: 17 | Specify a maximum number of nodes to reseat, prompting if over the threshold 18 | 19 | * `-h`, `--help`: 20 | Show help message and exit 21 | 22 | ## EXAMPLES 23 | 24 | * Reseating the node `s1`: 25 | `# nodereseat s1` 26 | `s1: Reseat successful` 27 | -------------------------------------------------------------------------------- /confluent_client/doc/man/nodersync.ronn: -------------------------------------------------------------------------------- 1 | nodersync(8) -- Run rsync in parallel against a noderange 2 | ========================================================================= 3 | 4 | ## SYNOPSIS 5 | 6 | `nodersync :` 7 | 8 | ## DESCRIPTION 9 | 10 | Supervises execution of rsync to push files or a directory tree to the specified 11 | noderange. This will present progress as percentage for all nodes. 12 | 13 | ## OPTIONS 14 | 15 | * `-f COUNT`, `-c COUNT`, `--count=COUNT`: 16 | Specify how many rsync executions to do concurrently. If noderange 17 | exceeds the count, then excess nodes will wait until one of the 18 | active count completes. 19 | 20 | * `-s`, `--substitutename`: 21 | 'Use a different name other than the nodename for rsync' 22 | 23 | * `-m MAXNODES`, `--maxnodes=MAXNODES`: 24 | Specify a maximum number of nodes to run rsync to, prompting if over the 25 | threshold 26 | 27 | * `-h`, `--help`: 28 | Show help message and exit 29 | -------------------------------------------------------------------------------- /confluent_client/doc/man/osdeploy.ronn: -------------------------------------------------------------------------------- 1 | osdeploy(8) --- Configure general OS deployment facilities of confluent 2 | ========================================================================== 3 | 4 | ## SYNOPSIS 5 | 6 | `osdeploy import ` 7 | `osdeploy updateboot ` 8 | `osdeploy rebase ` 9 | `osdeploy initialize [-h] [-g] [-u] [-s] [-k] [-t] [-p] [-i] [-l] [-a]` 10 | 11 | ## DESCRIPTION 12 | 13 | **osdeploy** manages the facilities and os deployment content of a confluent server. The 14 | `import` subcommand will generate profiles from an iso image. `updateboot` will take any 15 | changes in the specified update that need to be pushed into boot configuration and/or images 16 | and ensure those needed changes are performed. `initialize` provides assistance in setting 17 | up the most commonly required facilities. `rebase` has confluent attempt to update profile 18 | content that came from /opt/confluent in an rpm update, if profile supports it. 19 | Run `osdeploy initialize -h` for more detail on the options offered by `osdeploy initialize`. -------------------------------------------------------------------------------- /confluent_client/makeman: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | cd `dirname $0` 3 | python3 addattribs.py || python2 addattribs.py 4 | cd `dirname $0`/doc/man 5 | mkdir -p ../../man/man1 6 | mkdir -p ../../man/man5 7 | mkdir -p ../../man/man8 8 | ronn -r *.ronn 9 | mv *.1 ../../man/man1/ 10 | mv *.5 ../../man/man5/ 11 | mv *.8 ../../man/man8/ 12 | 13 | -------------------------------------------------------------------------------- /confluent_client/makesetup: -------------------------------------------------------------------------------- 1 | ../confluent_server/makesetup -------------------------------------------------------------------------------- /confluent_client/requirements.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xcat2/confluent/6a90e1cc77d3e7e67982fe172cd210da56424a3f/confluent_client/requirements.txt -------------------------------------------------------------------------------- /confluent_client/samples/nodeattrib_from_switch.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python2 2 | 3 | # This is a sample python script for going through all observed mac addresses 4 | # and assuming they are BMC related and printing nodeattrib commands 5 | # for each node to access the bmc using the interface specified on the command 6 | # line 7 | 8 | # Not necessarily as useful if there may be mistakes in the 9 | # net.switch/net.switchport attributes, but a handy utility in a pinch when 10 | # you really know 11 | 12 | 13 | import confluent.client as cl 14 | import socket 15 | import struct 16 | c = cl.Command() 17 | macs = [] 18 | interface = sys.argv[1] 19 | for mac in c.read('/networking/macs/by-mac/'): 20 | macs.append(mac['item']['href']) 21 | for mac in macs: 22 | macinfo = list(c.read('/networking/macs/by-mac/{0}'.format(mac)))[0] 23 | if 'possiblenode' in macinfo and macinfo['possiblenode']: 24 | if macinfo['macsonport'] > 1: 25 | print('#Ambiguous set of macs on port for ' + macinfo[ 26 | 'possiblenode']) 27 | prefix = int(mac.replace('-', '')[:6], 16) ^ 0b100000000000000000 28 | prefix = prefix << 8 29 | prefix |= 0xff 30 | suffix = int(mac.replace('-', '')[6:], 16) 31 | suffix |= 0xfe000000 32 | rawn = struct.pack('!QLL', 0xfe80000000000000, prefix, suffix) 33 | bmc = socket.inet_ntop(socket.AF_INET6, rawn) 34 | print('nodeattrib {0} bmc={1}%{2}'.format(macinfo['possiblenode'], 35 | bmc, interface)) 36 | -------------------------------------------------------------------------------- /confluent_client/setup.py.tmpl: -------------------------------------------------------------------------------- 1 | from setuptools import setup 2 | import os 3 | 4 | data_files = [('/etc/profile.d', ['confluent_env.sh', 'confluent_env.csh']), 5 | ('/opt/confluent/share/licenses/confluent_client/', ['LICENSE', 'COPYRIGHT']) 6 | ] 7 | try: 8 | scriptlist = ['bin/{0}'.format(d) for d in os.listdir('bin/')] 9 | data_files.append(('/opt/confluent/share/man/man1', ['man/man1/' + x for x in os.listdir('man/man1')])) 10 | data_files.append(('/opt/confluent/share/man/man5', ['man/man5/' + x for x in os.listdir('man/man5')])) 11 | data_files.append(('/opt/confluent/share/man/man8', ['man/man8/' + x for x in os.listdir('man/man8')])) 12 | except OSError: 13 | pass 14 | 15 | setup( 16 | name='confluent_client', 17 | version='#VERSION#', 18 | author='Lenovo', 19 | author_email='jjohnson2@lenovo.com', 20 | url='http://github.com/lenovo/confluent/', 21 | license='Apache-2.0', 22 | description='Command line client and libraries for confluent management server', 23 | long_description='Command line client and libraries for confluent management server', 24 | packages=['confluent'], 25 | platforms=['Linux'], 26 | scripts=scriptlist, 27 | data_files=data_files, 28 | ) 29 | -------------------------------------------------------------------------------- /confluent_common/README.txt: -------------------------------------------------------------------------------- 1 | The contents of this package have been moved into confluent_client 2 | -------------------------------------------------------------------------------- /confluent_common/VERSION: -------------------------------------------------------------------------------- 1 | 1.0.1 2 | -------------------------------------------------------------------------------- /confluent_common/buildrpm: -------------------------------------------------------------------------------- 1 | ../confluent_server/buildrpm -------------------------------------------------------------------------------- /confluent_common/confluent_common.spec.tmpl: -------------------------------------------------------------------------------- 1 | %define name confluent_common 2 | %define version #VERSION# 3 | %define release 1 4 | 5 | Summary: common content for confluent client and server 6 | Name: %{name} 7 | Version: %{version} 8 | Release: %{release} 9 | Source0: %{name}-%{version}.tar.gz 10 | License: UNKNOWN 11 | Group: Development/Libraries 12 | BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot 13 | Prefix: %{_prefix} 14 | BuildArch: noarch 15 | Vendor: Jarrod Johnson 16 | Url: http://xcat.sf.net/ 17 | 18 | %description 19 | This provides the modules common for both client and server 20 | 21 | %prep 22 | %setup -n %{name}-%{version} -n %{name}-%{version} 23 | 24 | %build 25 | python2 setup.py build 26 | 27 | %install 28 | python2 setup.py install --single-version-externally-managed -O1 --root=$RPM_BUILD_ROOT --record=INSTALLED_FILES --install-purelib=/opt/confluent/lib/python --install-scripts=/opt/confluent/bin 29 | 30 | %clean 31 | rm -rf $RPM_BUILD_ROOT 32 | 33 | %files -f INSTALLED_FILES 34 | %defattr(-,root,root) 35 | -------------------------------------------------------------------------------- /confluent_common/makesetup: -------------------------------------------------------------------------------- 1 | ../confluent_server/makesetup -------------------------------------------------------------------------------- /confluent_common/setup.py.tmpl: -------------------------------------------------------------------------------- 1 | from setuptools import setup 2 | 3 | setup( 4 | name='confluent_common', 5 | version='#VERSION#', 6 | author='Jarrod Johnson', 7 | author_email='jjohnson2@lenovo.com', 8 | description='common content for confluent client and server', 9 | url='http://xcat.sf.net/', 10 | ) 11 | -------------------------------------------------------------------------------- /confluent_osdeploy/buildrpm: -------------------------------------------------------------------------------- 1 | VERSION=`git describe|cut -d- -f 1` 2 | NUMCOMMITS=`git describe|cut -d- -f 2` 3 | if [ "$NUMCOMMITS" != "$VERSION" ]; then 4 | LASTNUM=$(echo $VERSION|rev|cut -d . -f 1|rev) 5 | LASTNUM=$((LASTNUM+1)) 6 | FIRSTPART=$(echo $VERSION|rev|cut -d . -f 2- |rev) 7 | VERSION=${FIRSTPART}.${LASTNUM} 8 | VERSION=$VERSION~dev$NUMCOMMITS+`git describe|cut -d- -f 3` 9 | fi 10 | sed -e "s/#VERSION#/$VERSION/" confluent_osdeploy.spec.tmpl > confluent_osdeploy.spec 11 | cd .. 12 | cp ../LICENSE . 13 | tar Jcvf confluent_osdeploy.tar.xz confluent_osdeploy 14 | mv confluent_osdeploy.tar.xz ~/rpmbuild/SOURCES/ 15 | cd - 16 | mkdir -p el9bin/opt/confluent/bin 17 | mkdir -p el9bin/stateless-bin 18 | podman run --privileged --rm -v $(pwd)/utils:/buildutils -i -t fedorabuild make -C /buildutils 19 | cd utils 20 | cp confluent_imginfo copernicus clortho autocons ../el9bin/opt/confluent/bin 21 | cp start_root urlmount ../el9bin/stateless-bin/ 22 | make clean 23 | cd .. 24 | mkdir -p el8bin/opt/confluent/bin 25 | mkdir -p el8bin/stateless-bin 26 | podman run --privileged --rm -v $(pwd)/utils:/buildutils -i -t el7build make -C /buildutils 27 | cd utils 28 | cp confluent_imginfo copernicus clortho autocons ../el8bin/opt/confluent/bin 29 | cp start_root urlmount ../el8bin/stateless-bin/ 30 | make clean 31 | cd .. 32 | tar Jcvf confluent_el9bin.tar.xz el9bin/ 33 | tar Jcvf confluent_el8bin.tar.xz el8bin/ 34 | mv confluent_el8bin.tar.xz ~/rpmbuild/SOURCES/ 35 | mv confluent_el9bin.tar.xz ~/rpmbuild/SOURCES/ 36 | rm -rf el9bin 37 | rm -rf el8bin 38 | rpmbuild -ba confluent_osdeploy.spec 39 | -------------------------------------------------------------------------------- /confluent_osdeploy/coreos/initramfs/etc/systemd/system/initrd-root-fs.target.requires/confluent-rootfs.service: -------------------------------------------------------------------------------- 1 | /usr/lib/systemd/system/confluent-rootfs.service -------------------------------------------------------------------------------- /confluent_osdeploy/coreos/initramfs/usr/lib/dracut/hooks/cmdline/01-confluent.sh: -------------------------------------------------------------------------------- 1 | cat /tls/*.0 >> /etc/pki/tls/certs/ca-bundle.crt 2 | if ! grep console= /proc/cmdline >& /dev/null; then 3 | autocons=$(/opt/confluent/bin/autocons) 4 | if [ -n "$autocons" ]; then 5 | echo console=$autocons |sed -e 's!/dev/!!' >> /tmp/01-autocons.conf 6 | autocons=${autocons%,*} 7 | echo $autocons > /tmp/01-autocons.devnode 8 | echo "Detected firmware specified console at $(cat /tmp/01-autocons.conf)" > $autocons 9 | fi 10 | fi 11 | -------------------------------------------------------------------------------- /confluent_osdeploy/coreos/initramfs/usr/lib/systemd/system/confluent-rootfs.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Confluent initialization 3 | DefaultDependencies=false 4 | 5 | After=basic.target 6 | # Network is enabled here 7 | After=dracut-initqueue.service 8 | Before=ignition-setup-user.service 9 | Before=coreos-ignition-setup-user.service 10 | Before=coreos-livepxe-rootfs.service 11 | 12 | 13 | 14 | # If we fail, the boot will fail. Be explicit about it. 15 | OnFailure=emergency.target 16 | OnFailureJobMode=isolate 17 | 18 | [Service] 19 | Type=oneshot 20 | RemainAfterExit=yes 21 | ExecStart=/opt/confluent/bin/initconfluent.sh 22 | 23 | -------------------------------------------------------------------------------- /confluent_osdeploy/coreos/profiles/default/initprofile.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | profname=$(basename $2) 3 | if file -L $1/images/ignition.img | grep gzip > /dev/null; then 4 | mkdir -p /var/lib/confluent/private/os/${profname}/pending/ 5 | cd /var/lib/confluent/private/os/${profname}/pending/ 6 | zcat $1/images/ignition.img | cpio -dumiv 7 | fi 8 | ln -s $1/images/pxeboot/vmlinuz $2/boot/kernel && \ 9 | ln -s $1/images/pxeboot/initrd.img $2/boot/initramfs/distribution && \ 10 | mkdir -p $2/boot/efi/boot/ && \ 11 | ln -s $1/images/pxeboot/rootfs.img $2/ && \ 12 | (mcopy -i $1/images/efiboot.img ::efi/redhat/grubx64.efi $2/boot/efi/boot/ || \ 13 | mcopy -i $1/images/efiboot.img ::efi/boot/grubx64.efi $2/boot/efi/boot/) && \ 14 | mcopy -i $1/images/efiboot.img ::efi/boot/bootx64.efi $2/boot/efi/boot/ 15 | -------------------------------------------------------------------------------- /confluent_osdeploy/coreos/profiles/default/profile.yaml: -------------------------------------------------------------------------------- 1 | label: RedHat CoreOS %%VERSION%% %%ARCH%% (Default Profile) 2 | kernelargs: quiet random.trust_cpu=on ignition.firstboot ignition.platform.id=metal 3 | #the above boots and will have ignition agent phone home and await instructions 4 | #kernelargs: quiet random.trust_cpu=on ignition.firstboot ignition.platform.id=metal coreos.inst=yes coreos.inst.install_dev=sda 5 | #the above runs the installer to write to disk -------------------------------------------------------------------------------- /confluent_osdeploy/debian/profiles/default/initprofile.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | sed -i 's/label: debian/label: Debian/' $2/profile.yaml && \ 3 | ln -s $1/linux $2/boot/kernel && \ 4 | ln -s $1/initrd.gz $2/boot/initramfs/distribution && \ 5 | mkdir -p $2/boot/efi/boot && \ 6 | rm $2/distribution && \ 7 | mcopy -i $1/boot/grub/efi.img ::/efi/boot/* $2/boot/efi/boot 8 | 9 | -------------------------------------------------------------------------------- /confluent_osdeploy/debian/profiles/default/preseed.cfg: -------------------------------------------------------------------------------- 1 | d-i anna/choose_modules string openssh-server-udeb 2 | d-i partman-auto/method string regular 3 | d-i partman-lvm/device_remove_lvm boolean true 4 | d-i partman-md/device_remove_md boolean true 5 | d-i partman-auto/expert_recipe_file string /tmp/partitionfile 6 | d-i partman/confirm_write_new_label boolean true 7 | d-i partman/choose_partition select finish 8 | d-i partman/confirm boolean true 9 | d-i partman/confirm_nooverwrite boolean true 10 | d-i passwd/make-user boolean false 11 | d-i clock-setup/utc boolean true 12 | d-i apt-setup/multiverse boolean false 13 | d-i apt-setup/universe boolean false 14 | d-i apt-setup/backports boolean false 15 | d-i apt-setup/updates boolean false 16 | d-i grub-installer/only_debian boolean true 17 | tasksel tasksel/first multiselect standard 18 | d-i pkgsel/include string openssh-server curl 19 | d-i pkgsel/update-policy select none 20 | d-i pkgsel/updatedb boolean false 21 | d-i finish-install/reboot_in_progress note 22 | popularity-contest popularity-contest/participate boolean false 23 | d-i partman-auto/method string lvm 24 | d-i partman-auto/choose_recipe select atomic 25 | d-i partman-lvm/confirm boolean true 26 | d-i partman-lvm/confirm_nooverwrite boolean true 27 | d-i partman-auto-lvm/guided_size string max 28 | -------------------------------------------------------------------------------- /confluent_osdeploy/debian/profiles/default/profile.yaml: -------------------------------------------------------------------------------- 1 | label: %%DISTRO%% %%VERSION%% %%ARCH%% (Default Profile) 2 | kernelargs: quiet osprofile=%%PROFILE%% 3 | #installedargs: example # These arguments would be added to the installed system 4 | -------------------------------------------------------------------------------- /confluent_osdeploy/debian/profiles/default/scripts/firstboot.d/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xcat2/confluent/6a90e1cc77d3e7e67982fe172cd210da56424a3f/confluent_osdeploy/debian/profiles/default/scripts/firstboot.d/.gitignore -------------------------------------------------------------------------------- /confluent_osdeploy/debian/profiles/default/scripts/firstboot.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=First Boot Process 3 | Requires=network-online.target 4 | After=network-online.target 5 | 6 | [Service] 7 | ExecStart=/opt/confluent/bin/firstboot.sh 8 | 9 | [Install] 10 | WantedBy=multi-user.target 11 | 12 | -------------------------------------------------------------------------------- /confluent_osdeploy/debian/profiles/default/scripts/firstboot.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo "Confluent first boot is running" 3 | HOME=$(getent passwd $(whoami)|cut -d: -f 6) 4 | export HOME 5 | #cp -a /etc/confluent/ssh/* /etc/ssh/ 6 | #systemctl restart sshd 7 | rootpw=$(grep ^rootpassword: /etc/confluent/confluent.deploycfg |awk '{print $2}') 8 | if [ ! -z "$rootpw" -a "$rootpw" != "null" ]; then 9 | echo root:$rootpw | chpasswd -e 10 | fi 11 | nodename=$(grep ^NODENAME: /etc/confluent/confluent.info | awk '{print $2}') 12 | confluent_apikey=$(cat /etc/confluent/confluent.apikey) 13 | confluent_mgr=$(grep ^deploy_server: /etc/confluent/confluent.deploycfg |awk '{print $2}') 14 | while ! ping -c 1 $confluent_mgr >& /dev/null; do 15 | sleep 1 16 | done 17 | source /etc/confluent/functions 18 | 19 | run_remote_parts firstboot.d 20 | run_remote_config firstboot.d 21 | systemctl disable firstboot 22 | curl -f -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $confluent_apikey" -X POST -d "status: complete" https://$confluent_mgr/confluent-api/self/updatestatus 23 | -------------------------------------------------------------------------------- /confluent_osdeploy/debian/profiles/default/scripts/post.d/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xcat2/confluent/6a90e1cc77d3e7e67982fe172cd210da56424a3f/confluent_osdeploy/debian/profiles/default/scripts/post.d/.gitignore -------------------------------------------------------------------------------- /confluent_osdeploy/debian/profiles/default/scripts/prechroot.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | mount -o bind /sys /target/sys 3 | mount -o bind /dev /target/dev 4 | mount -o bind /dev/pts /target/dev/pts 5 | mount -o bind /proc /target/proc 6 | mount -o bind /dev/pts /target/dev/pts 7 | mount -o bind /run /target/run 8 | cp -a /etc/confluent /target/etc/confluent 9 | cp -a /opt/confluent /target/opt/confluent 10 | mv /tmp/post.sh /target/tmp/ 11 | cp -a /ssh /tls /target/tmp 12 | cat /tls/*.pem >> /target/etc/confluent/ca.pem 13 | cp -a /etc/ssh/ssh_host_* /target/etc/ssh/ 14 | grep HostCertificate /etc/ssh/sshd_config >> /target/etc/ssh/sshd_config 15 | echo Port 2222 >> /etc/ssh/sshd_config 16 | kill -HUP $(ps |grep -v grep|grep sshd|grep /usr|sed -e s/' root.*//') 17 | cp /tls/* /target/etc/ssl/certs/ 18 | cat /tls/*.pem >> /target/etc/ssl/certs/ca-certificates.crt 19 | chroot /target bash /tmp/post.sh 20 | -------------------------------------------------------------------------------- /confluent_osdeploy/debian/profiles/default/scripts/proxmox/proxmoxve.firstboot: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Add this to firstboot.d 3 | export DEBIAN_FRONTEND=noninteractive 4 | apt-get -y install proxmox-ve postfix open-iscsi chrony < /dev/null 5 | 6 | -------------------------------------------------------------------------------- /confluent_osdeploy/debian/profiles/default/scripts/proxmox/proxmoxve.post: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # This script would run in post.d 3 | # 4 | export DEBIAN_FRONTEND=noninteractive 5 | echo "deb [arch=amd64] http://download.proxmox.com/debian/pve bookworm pve-no-subscription" > /etc/apt/sources.list.d/pve-install-repo.list 6 | wget https://enterprise.proxmox.com/debian/proxmox-release-bookworm.gpg -O /etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg 7 | sum=$(sha512sum /etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg) 8 | if [ "$sum" -ne "7da6fe34168adc6e479327ba517796d4702fa2f8b4f0a9833f5ea6e6b48f6507a6da403a274fe201595edc86a84463d50383d07f64bdde2e3658108db7d6dc87" ]; then 9 | echo "Mismatch in fingerprint!" 10 | rm /etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg 11 | exit 1 12 | fi 13 | apt-get update && apt-get -y full-upgrade < /dev/null 14 | 15 | apt-get -y install proxmox-default-kernel < /dev/null 16 | apt-get -y remove linux-image-amd64 'linux-image-6.1*' < /dev/null 17 | update-grub 18 | apt-get -y remove os-prober < /dev/null 19 | 20 | 21 | -------------------------------------------------------------------------------- /confluent_osdeploy/el7-diskless/profiles/default/scripts/firstboot.custom: -------------------------------------------------------------------------------- 1 | . /etc/confluent/functions 2 | # This is a convenient place to keep customizations separate from modifying the stock scripts 3 | # While modification of the stock scripts is fine, it may be easier to rebase to a newer 4 | # stock profile if the '.custom' files are used. 5 | -------------------------------------------------------------------------------- /confluent_osdeploy/el7-diskless/profiles/default/scripts/firstboot.d/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xcat2/confluent/6a90e1cc77d3e7e67982fe172cd210da56424a3f/confluent_osdeploy/el7-diskless/profiles/default/scripts/firstboot.d/.gitignore -------------------------------------------------------------------------------- /confluent_osdeploy/el7-diskless/profiles/default/scripts/firstboot.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=First Boot Process 3 | Requires=network-online.target 4 | After=network-online.target 5 | 6 | [Service] 7 | ExecStart=/opt/confluent/bin/firstboot.sh 8 | 9 | [Install] 10 | WantedBy=multi-user.target 11 | 12 | -------------------------------------------------------------------------------- /confluent_osdeploy/el7-diskless/profiles/default/scripts/onboot.custom: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xcat2/confluent/6a90e1cc77d3e7e67982fe172cd210da56424a3f/confluent_osdeploy/el7-diskless/profiles/default/scripts/onboot.custom -------------------------------------------------------------------------------- /confluent_osdeploy/el7-diskless/profiles/default/scripts/onboot.d/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xcat2/confluent/6a90e1cc77d3e7e67982fe172cd210da56424a3f/confluent_osdeploy/el7-diskless/profiles/default/scripts/onboot.d/.gitignore -------------------------------------------------------------------------------- /confluent_osdeploy/el7-diskless/profiles/default/scripts/onboot.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Confluent onboot hook 3 | Requires=network-online.target 4 | After=network-online.target 5 | 6 | [Service] 7 | ExecStart=/opt/confluent/bin/onboot.sh 8 | 9 | [Install] 10 | WantedBy=multi-user.target 11 | 12 | -------------------------------------------------------------------------------- /confluent_osdeploy/el7-diskless/profiles/default/scripts/post.d/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xcat2/confluent/6a90e1cc77d3e7e67982fe172cd210da56424a3f/confluent_osdeploy/el7-diskless/profiles/default/scripts/post.d/.gitignore -------------------------------------------------------------------------------- /confluent_osdeploy/el7/initramfs/usr/lib/dracut/hooks/cmdline/01-confluent.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo -n "" >> /tmp/net.ifaces 3 | cat /tls/*.0 >> /etc/pki/tls/certs/ca-bundle.crt 4 | if ! grep console= /proc/cmdline >& /dev/null; then 5 | autocons=$(/opt/confluent/bin/autocons) 6 | if [ -n "$autocons" ]; then 7 | echo console=$autocons |sed -e 's!/dev/!!' >> /tmp/01-autocons.conf 8 | autocons=${autocons%,*} 9 | echo $autocons > /tmp/01-autocons.devnode 10 | echo "Detected firmware specified console at $(cat /tmp/01-autocons.conf)" > $autocons 11 | echo "Initializing auto detected console when installer starts" > $autocons 12 | fi 13 | fi 14 | if grep console=ttyS /proc/cmdline >& /dev/null; then 15 | echo "Serial console has been requested in the kernel arguments, the local video may not show progress" > /dev/tty1 16 | fi 17 | . /lib/anaconda-lib.sh 18 | wait_for_kickstart 19 | -------------------------------------------------------------------------------- /confluent_osdeploy/el7/initramfs/usr/lib/dracut/hooks/initqueue/finished/confluent.sh: -------------------------------------------------------------------------------- 1 | [ -e /tmp/confluent.initq ] 2 | -------------------------------------------------------------------------------- /confluent_osdeploy/el7/initramfs/usr/lib/dracut/hooks/pre-pivot/01-confluent.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | BUNDLENAME=/sysroot/etc/pki/tls/certs/ca-bundle.crt 3 | while [ -h $BUNDLENAME ]; do 4 | BUNDLENAME=/sysroot/$(readlink $BUNDLENAME) 5 | done 6 | 7 | cat /etc/pki/tls/certs/ca-bundle.crt > $BUNDLENAME 8 | mkdir -p /sysroot/etc/confluent/ 9 | cp -a /tls /sysroot/etc/confluent 10 | cp -a /etc/confluent/* /sysroot/etc/confluent/ 11 | sed -i 's/install::/install:*:/' /sysroot/etc/shadow 12 | sed -i 's/root::/root:*:/' /sysroot/etc/shadow 13 | mkdir -p /sysroot/root/.ssh 14 | #chmod 700 /sysroot/root/.ssh 15 | cat /ssh/*pubkey > /sysroot/root/.ssh/authorized_keys 16 | #chmod 600 /sysroot/root/.ssh/authorized_keys 17 | mkdir -p /sysroot/etc/ssh/ 18 | for i in /ssh/*.ca; do 19 | echo '@cert-authority *' $(cat $i) >> /sysroot/etc/ssh/ssh_known_hosts 20 | done 21 | mkdir -p /sysroot/opt/confluent/bin 22 | cp /opt/confluent/bin/apiclient /sysroot/opt/confluent/bin 23 | cp /opt/confluent/bin/apiclient /sysroot/etc/confluent/ 24 | -------------------------------------------------------------------------------- /confluent_osdeploy/el7/profiles/default/ansible/firstboot.d/README.txt: -------------------------------------------------------------------------------- 1 | Ansible playbooks ending in .yml or .yaml that are placed into this directory will be executed at the 2 | appropriate phase of the install process. 3 | 4 | Alternatively, plays may be placed in /var/lib/confluent/private/os//ansible/. 5 | This prevents public clients from being able to read the plays, which is not necessary for them to function, 6 | and may protect them from divulging material contained in the plays or associated roles. 7 | 8 | The 'hosts' may be omitted, and if included will be ignored, replaced with the host that is specifically 9 | requesting the playbooks be executed. 10 | 11 | Also, the playbooks will be executed on the deployment server. Hence it may be slower in aggregate than 12 | running content under scripts/ which ask much less of the deployment server 13 | 14 | Here is an example of what a playbook would look like broadly: 15 | 16 | - name: Example 17 | gather_facts: no 18 | tasks: 19 | - name: Example1 20 | lineinfile: 21 | path: /etc/hosts 22 | line: 1.2.3.4 test1 23 | create: yes 24 | - name: Example2 25 | lineinfile: 26 | path: /etc/hosts 27 | line: 1.2.3.5 test2 28 | create: yes 29 | 30 | -------------------------------------------------------------------------------- /confluent_osdeploy/el7/profiles/default/ansible/post.d/README.txt: -------------------------------------------------------------------------------- 1 | Ansible playbooks ending in .yml or .yaml that are placed into this directory will be executed at the 2 | appropriate phase of the install process. 3 | 4 | Alternatively, plays may be placed in /var/lib/confluent/private/os//ansible/. 5 | This prevents public clients from being able to read the plays, which is not necessary for them to function, 6 | and may protect them from divulging material contained in the plays or associated roles. 7 | 8 | The 'hosts' may be omitted, and if included will be ignored, replaced with the host that is specifically 9 | requesting the playbooks be executed. 10 | 11 | Also, the playbooks will be executed on the deployment server. Hence it may be slower in aggregate than 12 | running content under scripts/ which ask much less of the deployment server 13 | 14 | Here is an example of what a playbook would look like broadly: 15 | 16 | - name: Example 17 | gather_facts: no 18 | tasks: 19 | - name: Example1 20 | lineinfile: 21 | path: /etc/hosts 22 | line: 1.2.3.4 test1 23 | create: yes 24 | - name: Example2 25 | lineinfile: 26 | path: /etc/hosts 27 | line: 1.2.3.5 test2 28 | create: yes 29 | 30 | -------------------------------------------------------------------------------- /confluent_osdeploy/el7/profiles/default/initprofile.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | sed -i 's/centos/CentOS/; s/rhel/Red Hat Enterprise Linux/; s/oraclelinux/Oracle Linux/; s/alma/AlmaLinux/' $2/profile.yaml 3 | ln -s $1/images/pxeboot/vmlinuz $2/boot/kernel && \ 4 | ln -s $1/images/pxeboot/initrd.img $2/boot/initramfs/distribution 5 | mkdir -p $2/boot/efi/boot && \ 6 | ln -s $1/EFI/BOOT/BOOTX64.EFI $1/EFI/BOOT/grubx64.efi $2/boot/efi/boot/ 7 | 8 | -------------------------------------------------------------------------------- /confluent_osdeploy/el7/profiles/default/kickstart.custom: -------------------------------------------------------------------------------- 1 | # Any custom kickstart additions may go here. It may be required to 2 | # modify base kickstart file to change certain portions, but adding 3 | # custom content to this file allows for most convenient way to 4 | # refresh to a newer base profile if desired. 5 | # Two common example customizations are provided: 6 | #firewall --disabled 7 | #selinux --disabled 8 | -------------------------------------------------------------------------------- /confluent_osdeploy/el7/profiles/default/profile.yaml: -------------------------------------------------------------------------------- 1 | label: %%DISTRO%% %%VERSION%% %%ARCH%% (Default Profile) 2 | kernelargs: quiet # These arguments are passed to the installer 3 | #installedargs: example # These arguments would be added to the installed system 4 | -------------------------------------------------------------------------------- /confluent_osdeploy/el7/profiles/default/scripts/firstboot.custom: -------------------------------------------------------------------------------- 1 | . /etc/confluent/functions 2 | # This is a convenient place to keep customizations separate from modifying the stock scripts 3 | # While modification of the stock scripts is fine, it may be easier to rebase to a newer 4 | # stock profile if the '.custom' files are used. 5 | -------------------------------------------------------------------------------- /confluent_osdeploy/el7/profiles/default/scripts/firstboot.d/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xcat2/confluent/6a90e1cc77d3e7e67982fe172cd210da56424a3f/confluent_osdeploy/el7/profiles/default/scripts/firstboot.d/.gitignore -------------------------------------------------------------------------------- /confluent_osdeploy/el7/profiles/default/scripts/firstboot.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=First Boot Process 3 | Requires=network-online.target 4 | After=network-online.target 5 | 6 | [Service] 7 | ExecStart=/opt/confluent/bin/firstboot.sh 8 | 9 | [Install] 10 | WantedBy=multi-user.target 11 | 12 | -------------------------------------------------------------------------------- /confluent_osdeploy/el7/profiles/default/scripts/infiniband/mofed.post: -------------------------------------------------------------------------------- 1 | # To use this script, rename or copy the mofed image to either ofed.tgz or ofed.iso 2 | # and modify the script below if wanting to use the iso instead of tgz 3 | 4 | # It checks for mellanox devices and opts not to install, so this script could be added 5 | # to a general profile without causing mofed to install on non-mellanox systems 6 | . /etc/confluent/functions 7 | if lspci -d 15b3:: -n |grep 15b3 > /dev/null; then 8 | # Uncomment the following three lines and comment out the next 9 | # two lines to use the .iso instead of the tgz packaging 10 | #fetch_remote infiniband/mofed.iso 11 | #mkdir MLNX_OFED 12 | #mount -o loop infiniband/mofed.iso MLNX_OFED 13 | fetch_remote infiniband/mofed.tgz 14 | tar xf infiniband/mofed.tgz 15 | # The rest is common between tar and iso 16 | cd MLNX_OFED* 17 | ./mlnxofedinstall --force 18 | fi 19 | 20 | -------------------------------------------------------------------------------- /confluent_osdeploy/el7/profiles/default/scripts/infiniband/mofed.pre: -------------------------------------------------------------------------------- 1 | # Add needed base packages to the install 2 | cat << EOF >> /tmp/addonpackages 3 | perl 4 | pkgconf-pkg-config 5 | tcsh 6 | lsof 7 | tk 8 | gcc-gfortran 9 | tcl 10 | EOF 11 | -------------------------------------------------------------------------------- /confluent_osdeploy/el7/profiles/default/scripts/post.custom: -------------------------------------------------------------------------------- 1 | . /etc/confluent/functions 2 | # This is a convenient place to keep customizations separate from modifying the stock scripts 3 | # While modification of the stock scripts is fine, it may be easier to rebase to a newer 4 | # stock profile if the '.custom' files are used. 5 | 6 | # An example for installing OFED for infiniband follows (see the file for more detail): 7 | #run_remote infiniband/mofed.post 8 | -------------------------------------------------------------------------------- /confluent_osdeploy/el7/profiles/default/scripts/post.d/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xcat2/confluent/6a90e1cc77d3e7e67982fe172cd210da56424a3f/confluent_osdeploy/el7/profiles/default/scripts/post.d/.gitignore -------------------------------------------------------------------------------- /confluent_osdeploy/el7/profiles/default/scripts/pre.custom: -------------------------------------------------------------------------------- 1 | . /tmp/functions 2 | # This is a convenient place to keep customizations separate from modifying the stock scripts 3 | # While modification of the stock scripts is fine, it may be easier to rebase to a newer 4 | # stock profile if the '.custom' files are used. 5 | # 6 | #Here is an example to locally configure the platform BMC according 7 | #to confluent configuration so that the BMC would be on the correct 8 | #network: 9 | #run_remote_python configbmc -c 10 | 11 | #Some addons improve efficiency by adding dependencies during install 12 | #here is an example for adding OFED install prereqs to the install 13 | #run_remote infiniband/mofed.pre 14 | -------------------------------------------------------------------------------- /confluent_osdeploy/el7/profiles/default/scripts/pre.d/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xcat2/confluent/6a90e1cc77d3e7e67982fe172cd210da56424a3f/confluent_osdeploy/el7/profiles/default/scripts/pre.d/.gitignore -------------------------------------------------------------------------------- /confluent_osdeploy/el7/profiles/default/scripts/prechroot.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # This script runs after install is complete, but inside the installer 4 | # environment. This is useful for carrying work done in pre/during the 5 | # installer into the installed environment. 6 | 7 | # It is almost certainly more useful to use post.sh or firstboot.sh 8 | # for customization, which will run in a more normal mechanism 9 | 10 | nodename=$(grep ^NODENAME /etc/confluent/confluent.info|awk '{print $2}') 11 | export confluent_mgr confluent_profile nodename 12 | cp -a /etc/confluent /mnt/sysimage/etc 13 | mkdir -p /mnt/sysimage/opt/confluent/bin 14 | cp /opt/confluent/bin/apiclient /mnt/sysimage/opt/confluent/bin/ 15 | chmod -R og-rwx /mnt/sysimage/etc/confluent 16 | cp /tmp/functions /mnt/sysimage/etc/confluent/ 17 | hostnamectl set-hostname $nodename 18 | cp /etc/hostname /mnt/sysimage/etc/hostname 19 | . /tmp/functions 20 | if [ -f /tmp/cryptboot ]; then 21 | cp /tmp/cryptboot /mnt/sysimage/tmp/ 22 | fi 23 | mkdir -p /mnt/sysimage/var/log/confluent 24 | mv /tmp/confluent-pre.log /mnt/sysimage/var/log/confluent 25 | echo Port 2222 >> /etc/ssh/sshd_config.anaconda 26 | echo Match LocalPort 22 >> /etc/ssh/sshd_config.anaconda 27 | echo " ChrootDirectory /mnt/sysimage" >> /etc/ssh/sshd_config.anaconda 28 | kill -HUP $(cat /run/sshd.pid) 29 | 30 | # Preserve the ssh setup work done for the installer 31 | # by copying into the target system and setting up 32 | # host based authentication 33 | run_remote setupssh.sh 34 | -------------------------------------------------------------------------------- /confluent_osdeploy/el7/profiles/default/scripts/setupssh.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | grep HostCert /etc/ssh/sshd_config.anaconda >> /mnt/sysimage/etc/ssh/sshd_config 3 | echo HostbasedAuthentication yes >> /mnt/sysimage/etc/ssh/sshd_config 4 | echo HostbasedUsesNameFromPacketOnly yes >> /mnt/sysimage/etc/ssh/sshd_config 5 | echo IgnoreRhosts no >> /mnt/sysimage/etc/ssh/sshd_config 6 | sshconf=/mnt/sysimage/etc/ssh/ssh_config 7 | if [ -d /mnt/sysimage/etc/ssh/ssh_config.d/ ]; then 8 | sshconf=/mnt/sysimage/etc/ssh/ssh_config.d/01-confluent.conf 9 | fi 10 | echo 'Host *' >> $sshconf 11 | echo ' HostbasedAuthentication yes' >> $sshconf 12 | echo ' EnableSSHKeysign yes' >> $sshconf 13 | echo ' HostbasedKeyTypes *ed25519*' >> $sshconf 14 | 15 | cp /etc/ssh/ssh_host_* /mnt/sysimage/etc/ssh/ 16 | mkdir /mnt/sysimage/root/.ssh/ 17 | chmod 700 /mnt/sysimage/root/.ssh/ 18 | cp /root/.ssh/authorized_keys /mnt/sysimage/root/.ssh/ 19 | chmod 600 /mnt/sysimage/root/.ssh/authorized_keys 20 | cp /etc/ssh/ssh_known_hosts /mnt/sysimage/etc/ssh/ 21 | curl -f -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $(cat /etc/confluent/confluent.apikey)" https://$confluent_mgr/confluent-api/self/nodelist > /tmp/allnodes 22 | cp /tmp/allnodes /mnt/sysimage/etc/ssh/shosts.equiv 23 | cp /tmp/allnodes /mnt/sysimage/root/.shosts 24 | -------------------------------------------------------------------------------- /confluent_osdeploy/el7/profiles/default/scripts/tpm_luks.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | cryptdisk=$(blkid -t TYPE="crypto_LUKS"|sed -e s/:.*//) 3 | clevis luks bind -f -d $cryptdisk -k - tpm2 '{}' < /etc/confluent/confluent.apikey 4 | cryptsetup luksRemoveKey $cryptdisk < /etc/confluent/confluent.apikey 5 | -------------------------------------------------------------------------------- /confluent_osdeploy/el8-diskless/profiles/default/scripts/firstboot.custom: -------------------------------------------------------------------------------- 1 | . /etc/confluent/functions 2 | # This is a convenient place to keep customizations separate from modifying the stock scripts 3 | # While modification of the stock scripts is fine, it may be easier to rebase to a newer 4 | # stock profile if the '.custom' files are used. 5 | -------------------------------------------------------------------------------- /confluent_osdeploy/el8-diskless/profiles/default/scripts/firstboot.d/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xcat2/confluent/6a90e1cc77d3e7e67982fe172cd210da56424a3f/confluent_osdeploy/el8-diskless/profiles/default/scripts/firstboot.d/.gitignore -------------------------------------------------------------------------------- /confluent_osdeploy/el8-diskless/profiles/default/scripts/firstboot.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=First Boot Process 3 | Requires=network-online.target 4 | After=network-online.target 5 | 6 | [Service] 7 | ExecStart=/opt/confluent/bin/firstboot.sh 8 | 9 | [Install] 10 | WantedBy=multi-user.target 11 | 12 | -------------------------------------------------------------------------------- /confluent_osdeploy/el8-diskless/profiles/default/scripts/onboot.custom: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xcat2/confluent/6a90e1cc77d3e7e67982fe172cd210da56424a3f/confluent_osdeploy/el8-diskless/profiles/default/scripts/onboot.custom -------------------------------------------------------------------------------- /confluent_osdeploy/el8-diskless/profiles/default/scripts/onboot.d/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xcat2/confluent/6a90e1cc77d3e7e67982fe172cd210da56424a3f/confluent_osdeploy/el8-diskless/profiles/default/scripts/onboot.d/.gitignore -------------------------------------------------------------------------------- /confluent_osdeploy/el8-diskless/profiles/default/scripts/onboot.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Confluent onboot hook 3 | Requires=network-online.target 4 | After=network-online.target 5 | 6 | [Service] 7 | ExecStart=/opt/confluent/bin/onboot.sh 8 | 9 | [Install] 10 | WantedBy=multi-user.target 11 | 12 | -------------------------------------------------------------------------------- /confluent_osdeploy/el8-diskless/profiles/default/scripts/post.d/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xcat2/confluent/6a90e1cc77d3e7e67982fe172cd210da56424a3f/confluent_osdeploy/el8-diskless/profiles/default/scripts/post.d/.gitignore -------------------------------------------------------------------------------- /confluent_osdeploy/el8/initramfs/usr/lib/dracut/hooks/cmdline/01-confluent.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo -n "" >> /tmp/net.ifaces 3 | echo -n "" > /tmp/01-autocons.devnode 4 | BUNDLENAME=/etc/pki/tls/certs/ca-bundle.crt 5 | if [ ! -e "$BUNDLENAME" ]; then 6 | BUNDLENAME=/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem 7 | mkdir -p /etc/pki/tls/certs 8 | ln -s $BUNDLENAME /etc/pki/tls/certs/ca-bundle.crt 9 | fi 10 | cat /tls/*.0 >> $BUNDLENAME 11 | if ! grep console= /proc/cmdline >& /dev/null; then 12 | autocons=$(/opt/confluent/bin/autocons) 13 | if [ -n "$autocons" ]; then 14 | echo console=$autocons |sed -e 's!/dev/!!' >> /tmp/01-autocons.conf 15 | autocons=${autocons%,*} 16 | echo $autocons > /tmp/01-autocons.devnode 17 | echo "Detected firmware specified console at $(cat /tmp/01-autocons.conf)" > $autocons 18 | echo "Initializing auto detected console when installer starts" > $autocons 19 | fi 20 | fi 21 | if grep console=ttyS /proc/cmdline >& /dev/null; then 22 | echo "Serial console has been requested in the kernel arguments, the local video may not show progress" > /dev/tty1 23 | fi 24 | . /lib/anaconda-lib.sh 25 | echo rd.fcoe=0 > /etc/cmdline.d/nofcoe.conf 26 | wait_for_kickstart 27 | -------------------------------------------------------------------------------- /confluent_osdeploy/el8/initramfs/usr/lib/dracut/hooks/pre-pivot/01-confluent.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | BUNDLENAME=/sysroot/etc/pki/tls/certs/ca-bundle.crt 3 | if [ ! -e "$BUNDLENAME" ]; then 4 | BUNDLENAME=/sysroot/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem 5 | fi 6 | while [ -h $BUNDLENAME ]; do 7 | BUNDLENAME=/sysroot/$(readlink $BUNDLENAME) 8 | done 9 | 10 | cat /etc/pki/tls/certs/ca-bundle.crt > $BUNDLENAME 11 | mkdir -p /sysroot/etc/confluent/ 12 | chmod 700 /sysroot/etc/confluent 13 | cp -a /tls /sysroot/etc/confluent 14 | cp /etc/confluent/* /sysroot/etc/confluent 15 | sed -i 's/install::/install:*:/' /sysroot/etc/shadow 16 | sed -i 's/root::/root:*:/' /sysroot/etc/shadow 17 | mkdir -p /sysroot/root/.ssh 18 | chmod 700 /sysroot/root/.ssh 19 | cat /ssh/*pubkey > /sysroot/root/.ssh/authorized_keys 20 | chmod 600 /sysroot/root/.ssh/authorized_keys 21 | mkdir -p /sysroot/etc/ssh/ 22 | for i in /ssh/*.ca; do 23 | echo '@cert-authority *' $(cat $i) >> /sysroot/etc/ssh/ssh_known_hosts 24 | done 25 | mkdir -p /sysroot/opt/confluent/bin 26 | cp /opt/confluent/bin/apiclient /sysroot/opt/confluent/bin 27 | cp /opt/confluent/bin/apiclient /sysroot/etc/confluent/ 28 | -------------------------------------------------------------------------------- /confluent_osdeploy/el8/profiles/default/ansible/firstboot.d/README.txt: -------------------------------------------------------------------------------- 1 | Ansible playbooks ending in .yml or .yaml that are placed into this directory will be executed at the 2 | appropriate phase of the install process. 3 | 4 | Alternatively, plays may be placed in /var/lib/confluent/private/os//ansible/. 5 | This prevents public clients from being able to read the plays, which is not necessary for them to function, 6 | and may protect them from divulging material contained in the plays or associated roles. 7 | 8 | The 'hosts' may be omitted, and if included will be ignored, replaced with the host that is specifically 9 | requesting the playbooks be executed. 10 | 11 | Also, the playbooks will be executed on the deployment server. Hence it may be slower in aggregate than 12 | running content under scripts/ which ask much less of the deployment server 13 | 14 | Here is an example of what a playbook would look like broadly: 15 | 16 | - name: Example 17 | gather_facts: no 18 | tasks: 19 | - name: Example1 20 | lineinfile: 21 | path: /etc/hosts 22 | line: 1.2.3.4 test1 23 | create: yes 24 | - name: Example2 25 | lineinfile: 26 | path: /etc/hosts 27 | line: 1.2.3.5 test2 28 | create: yes 29 | 30 | -------------------------------------------------------------------------------- /confluent_osdeploy/el8/profiles/default/ansible/post.d/README.txt: -------------------------------------------------------------------------------- 1 | Ansible playbooks ending in .yml or .yaml that are placed into this directory will be executed at the 2 | appropriate phase of the install process. 3 | 4 | Alternatively, plays may be placed in /var/lib/confluent/private/os//ansible/. 5 | This prevents public clients from being able to read the plays, which is not necessary for them to function, 6 | and may protect them from divulging material contained in the plays or associated roles. 7 | 8 | The 'hosts' may be omitted, and if included will be ignored, replaced with the host that is specifically 9 | requesting the playbooks be executed. 10 | 11 | Also, the playbooks will be executed on the deployment server. Hence it may be slower in aggregate than 12 | running content under scripts/ which ask much less of the deployment server 13 | 14 | Here is an example of what a playbook would look like broadly: 15 | 16 | - name: Example 17 | gather_facts: no 18 | tasks: 19 | - name: Example1 20 | lineinfile: 21 | path: /etc/hosts 22 | line: 1.2.3.4 test1 23 | create: yes 24 | - name: Example2 25 | lineinfile: 26 | path: /etc/hosts 27 | line: 1.2.3.5 test2 28 | create: yes 29 | 30 | -------------------------------------------------------------------------------- /confluent_osdeploy/el8/profiles/default/initprofile.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | sed -i 's/centos/CentOS/; s/rhel/Red Hat Enterprise Linux/; s/oraclelinux/Oracle Linux/; s/alma/AlmaLinux/;s/fedora/Fedora Linux/' $2/profile.yaml 3 | if grep Fedora $2/profile.yaml > /dev/null; then 4 | sed -i 's/@^minimal-environment/#/' $2/packagelist 5 | fi 6 | ln -s $1/images/pxeboot/vmlinuz $2/boot/kernel && \ 7 | ln -s $1/images/pxeboot/initrd.img $2/boot/initramfs/distribution 8 | mkdir -p $2/boot/efi/boot 9 | if [ -e $1/EFI/BOOT/BOOTAA64.EFI ]; then 10 | ln -s $1/EFI/BOOT/BOOTAA64.EFI $1/EFI/BOOT/grubaa64.efi $2/boot/efi/boot/ 11 | else 12 | ln -s $1/EFI/BOOT/BOOTX64.EFI $1/EFI/BOOT/grubx64.efi $2/boot/efi/boot/ 13 | fi 14 | 15 | -------------------------------------------------------------------------------- /confluent_osdeploy/el8/profiles/default/kickstart.custom: -------------------------------------------------------------------------------- 1 | # Any custom kickstart additions may go here. It may be required to 2 | # modify base kickstart file to change certain portions, but adding 3 | # custom content to this file allows for most convenient way to 4 | # refresh to a newer base profile if desired. 5 | # Two common example customizations are provided: 6 | #firewall --disabled 7 | #selinux --disabled 8 | -------------------------------------------------------------------------------- /confluent_osdeploy/el8/profiles/default/packagelist: -------------------------------------------------------------------------------- 1 | @^minimal-environment 2 | #-kernel-uek # This can opt out of the UEK for the relevant distribution 3 | bind-utils 4 | chrony 5 | pciutils 6 | python3 7 | rsync 8 | tar 9 | -iwl*-firmware 10 | -------------------------------------------------------------------------------- /confluent_osdeploy/el8/profiles/default/partitioning: -------------------------------------------------------------------------------- 1 | clearpart --all --initlabel 2 | ignoredisk --only-use %%INSTALLDISK%% 3 | autopart --nohome %%LUKSHOOK%% 4 | 5 | -------------------------------------------------------------------------------- /confluent_osdeploy/el8/profiles/default/profile.yaml: -------------------------------------------------------------------------------- 1 | label: %%DISTRO%% %%VERSION%% %%ARCH%% (Default Profile) 2 | kernelargs: quiet # These arguments are passed to the installer 3 | #installedargs: example # These arguments would be added to the installed system 4 | -------------------------------------------------------------------------------- /confluent_osdeploy/el8/profiles/default/scripts/firstboot.custom: -------------------------------------------------------------------------------- 1 | . /etc/confluent/functions 2 | # This is a convenient place to keep customizations separate from modifying the stock scripts 3 | # While modification of the stock scripts is fine, it may be easier to rebase to a newer 4 | # stock profile if the '.custom' files are used. 5 | -------------------------------------------------------------------------------- /confluent_osdeploy/el8/profiles/default/scripts/firstboot.d/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xcat2/confluent/6a90e1cc77d3e7e67982fe172cd210da56424a3f/confluent_osdeploy/el8/profiles/default/scripts/firstboot.d/.gitignore -------------------------------------------------------------------------------- /confluent_osdeploy/el8/profiles/default/scripts/firstboot.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=First Boot Process 3 | Requires=network-online.target 4 | After=network-online.target 5 | 6 | [Service] 7 | ExecStart=/opt/confluent/bin/firstboot.sh 8 | 9 | [Install] 10 | WantedBy=multi-user.target 11 | 12 | -------------------------------------------------------------------------------- /confluent_osdeploy/el8/profiles/default/scripts/infiniband/mofed.post: -------------------------------------------------------------------------------- 1 | # To use this script, rename or copy the mofed image to either ofed.tgz or ofed.iso 2 | # and modify the script below if wanting to use the iso instead of tgz 3 | 4 | # It checks for mellanox devices and opts not to install, so this script could be added 5 | # to a general profile without causing mofed to install on non-mellanox systems 6 | . /etc/confluent/functions 7 | if lspci -d 15b3:: -n |grep 15b3 > /dev/null; then 8 | # Uncomment the following three lines and comment out the next 9 | # two lines to use the .iso instead of the tgz packaging 10 | #fetch_remote infiniband/mofed.iso 11 | #mkdir MLNX_OFED 12 | #mount -o loop infiniband/mofed.iso MLNX_OFED 13 | fetch_remote infiniband/mofed.tgz 14 | tar xf infiniband/mofed.tgz 15 | # The rest is common between tar and iso 16 | cd MLNX_OFED* 17 | ./mlnxofedinstall --force --without-32bit 18 | fi 19 | 20 | -------------------------------------------------------------------------------- /confluent_osdeploy/el8/profiles/default/scripts/infiniband/mofed.pre: -------------------------------------------------------------------------------- 1 | # Add needed base packages to the install 2 | cat << EOF >> /tmp/addonpackages 3 | gcc-gfortran 4 | kernel-modules-extra 5 | lsof 6 | perl 7 | pkgconf-pkg-config 8 | tcl 9 | tcsh 10 | tk 11 | EOF 12 | -------------------------------------------------------------------------------- /confluent_osdeploy/el8/profiles/default/scripts/post.custom: -------------------------------------------------------------------------------- 1 | . /etc/confluent/functions 2 | # This is a convenient place to keep customizations separate from modifying the stock scripts 3 | # While modification of the stock scripts is fine, it may be easier to rebase to a newer 4 | # stock profile if the '.custom' files are used. 5 | 6 | # An example for installing OFED for infiniband follows (see the file for more detail): 7 | #run_remote infiniband/mofed.post 8 | -------------------------------------------------------------------------------- /confluent_osdeploy/el8/profiles/default/scripts/post.d/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xcat2/confluent/6a90e1cc77d3e7e67982fe172cd210da56424a3f/confluent_osdeploy/el8/profiles/default/scripts/post.d/.gitignore -------------------------------------------------------------------------------- /confluent_osdeploy/el8/profiles/default/scripts/pre.custom: -------------------------------------------------------------------------------- 1 | . /tmp/functions 2 | # This is a convenient place to keep customizations separate from modifying the stock scripts 3 | # While modification of the stock scripts is fine, it may be easier to rebase to a newer 4 | # stock profile if the '.custom' files are used. 5 | # 6 | #Here is an example to locally configure the platform BMC according 7 | #to confluent configuration so that the BMC would be on the correct 8 | #network: 9 | #run_remote_python configbmc -c 10 | 11 | #Some addons improve efficiency by adding dependencies during install 12 | #here is an example for adding OFED install prereqs to the install 13 | #run_remote infiniband/mofed.pre 14 | -------------------------------------------------------------------------------- /confluent_osdeploy/el8/profiles/default/scripts/pre.d/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xcat2/confluent/6a90e1cc77d3e7e67982fe172cd210da56424a3f/confluent_osdeploy/el8/profiles/default/scripts/pre.d/.gitignore -------------------------------------------------------------------------------- /confluent_osdeploy/el8/profiles/default/scripts/prechroot.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # This script runs after install is complete, but inside the installer 4 | # environment. This is useful for carrying work done in pre/during the 5 | # installer into the installed environment. 6 | 7 | # It is almost certainly more useful to use post.sh or firstboot.sh 8 | # for customization, which will run in a more normal mechanism 9 | 10 | nodename=$(grep ^NODENAME /etc/confluent/confluent.info|awk '{print $2}') 11 | export confluent_mgr confluent_profile nodename 12 | cp -a /etc/confluent /mnt/sysimage/etc 13 | mkdir -p /mnt/sysimage/opt/confluent/bin 14 | cp /opt/confluent/bin/apiclient /mnt/sysimage/opt/confluent/bin/ 15 | chmod -R og-rwx /mnt/sysimage/etc/confluent 16 | cp /tmp/functions /mnt/sysimage/etc/confluent/ 17 | hostnamectl set-hostname $nodename 18 | cp /etc/hostname /mnt/sysimage/etc/hostname 19 | . /tmp/functions 20 | if [ -f /tmp/cryptboot ]; then 21 | cp /tmp/cryptboot /mnt/sysimage/tmp/ 22 | fi 23 | mkdir -p /mnt/sysimage/var/log/confluent 24 | mv /tmp/confluent-pre.log /mnt/sysimage/var/log/confluent 25 | echo Port 2222 >> /etc/ssh/sshd_config.anaconda 26 | echo Port 22 >> /etc/ssh/sshd_config.anaconda 27 | echo Match LocalPort 22 >> /etc/ssh/sshd_config.anaconda 28 | echo " ChrootDirectory /mnt/sysimage" >> /etc/ssh/sshd_config.anaconda 29 | kill -HUP $(cat /run/sshd.pid) 30 | 31 | # Preserve the ssh setup work done for the installer 32 | # by copying into the target system and setting up 33 | # host based authentication 34 | run_remote setupssh.sh 35 | -------------------------------------------------------------------------------- /confluent_osdeploy/el8/profiles/default/scripts/setupssh.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | targssh=/mnt/sysimage/etc/ssh/sshd_config 3 | if [ -d /mnt/sysimage/etc/ssh/sshd_config.d/ ]; then 4 | targssh=/mnt/sysimage/etc/ssh/sshd_config.d/90-confluent.conf 5 | fi 6 | grep HostCert /etc/ssh/sshd_config.anaconda >> $targssh 7 | echo HostbasedAuthentication yes >> $targssh 8 | echo HostbasedUsesNameFromPacketOnly yes >> $targssh 9 | echo IgnoreRhosts no >> $targssh 10 | sshconf=/mnt/sysimage/etc/ssh/ssh_config 11 | if [ -d /mnt/sysimage/etc/ssh/ssh_config.d/ ]; then 12 | sshconf=/mnt/sysimage/etc/ssh/ssh_config.d/01-confluent.conf 13 | fi 14 | echo 'Host *' >> $sshconf 15 | echo ' HostbasedAuthentication yes' >> $sshconf 16 | echo ' EnableSSHKeysign yes' >> $sshconf 17 | echo ' HostbasedKeyTypes *ed25519*' >> $sshconf 18 | 19 | cp /etc/ssh/ssh_host_* /mnt/sysimage/etc/ssh/ 20 | mkdir /mnt/sysimage/root/.ssh/ 21 | chmod 700 /mnt/sysimage/root/.ssh/ 22 | cp /root/.ssh/authorized_keys /mnt/sysimage/root/.ssh/ 23 | chmod 600 /mnt/sysimage/root/.ssh/authorized_keys 24 | cp /etc/ssh/ssh_known_hosts /mnt/sysimage/etc/ssh/ 25 | curl -f -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $(cat /etc/confluent/confluent.apikey)" https://$confluent_mgr/confluent-api/self/nodelist > /tmp/allnodes 26 | cp /tmp/allnodes /mnt/sysimage/etc/ssh/shosts.equiv 27 | cp /tmp/allnodes /mnt/sysimage/root/.shosts 28 | -------------------------------------------------------------------------------- /confluent_osdeploy/el8/profiles/default/scripts/tpm_luks.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | cryptdisk=$(blkid -t TYPE="crypto_LUKS"|sed -e s/:.*//) 3 | clevis luks bind -f -d $cryptdisk -k - tpm2 '{}' < /etc/confluent/luks.key 4 | chmod 000 /etc/confluent/luks.key 5 | #cryptsetup luksRemoveKey $cryptdisk < /etc/confluent/confluent.apikey 6 | -------------------------------------------------------------------------------- /confluent_osdeploy/el9-diskless/profiles/default/scripts/firstboot.custom: -------------------------------------------------------------------------------- 1 | . /etc/confluent/functions 2 | # This is a convenient place to keep customizations separate from modifying the stock scripts 3 | # While modification of the stock scripts is fine, it may be easier to rebase to a newer 4 | # stock profile if the '.custom' files are used. 5 | -------------------------------------------------------------------------------- /confluent_osdeploy/el9-diskless/profiles/default/scripts/firstboot.d/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xcat2/confluent/6a90e1cc77d3e7e67982fe172cd210da56424a3f/confluent_osdeploy/el9-diskless/profiles/default/scripts/firstboot.d/.gitignore -------------------------------------------------------------------------------- /confluent_osdeploy/el9-diskless/profiles/default/scripts/firstboot.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=First Boot Process 3 | Requires=network-online.target 4 | After=network-online.target 5 | 6 | [Service] 7 | ExecStart=/opt/confluent/bin/firstboot.sh 8 | 9 | [Install] 10 | WantedBy=multi-user.target 11 | 12 | -------------------------------------------------------------------------------- /confluent_osdeploy/el9-diskless/profiles/default/scripts/onboot.custom: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xcat2/confluent/6a90e1cc77d3e7e67982fe172cd210da56424a3f/confluent_osdeploy/el9-diskless/profiles/default/scripts/onboot.custom -------------------------------------------------------------------------------- /confluent_osdeploy/el9-diskless/profiles/default/scripts/onboot.d/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xcat2/confluent/6a90e1cc77d3e7e67982fe172cd210da56424a3f/confluent_osdeploy/el9-diskless/profiles/default/scripts/onboot.d/.gitignore -------------------------------------------------------------------------------- /confluent_osdeploy/el9-diskless/profiles/default/scripts/onboot.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Confluent onboot hook 3 | Requires=network-online.target 4 | After=network-online.target 5 | 6 | [Service] 7 | ExecStart=/opt/confluent/bin/onboot.sh 8 | 9 | [Install] 10 | WantedBy=multi-user.target 11 | 12 | -------------------------------------------------------------------------------- /confluent_osdeploy/el9-diskless/profiles/default/scripts/post.d/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xcat2/confluent/6a90e1cc77d3e7e67982fe172cd210da56424a3f/confluent_osdeploy/el9-diskless/profiles/default/scripts/post.d/.gitignore -------------------------------------------------------------------------------- /confluent_osdeploy/esxi7/profiles/hypervisor/initprofile.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | -------------------------------------------------------------------------------- /confluent_osdeploy/esxi7/profiles/hypervisor/kickstart: -------------------------------------------------------------------------------- 1 | accepteula 2 | clearpart --firstdisk --overwritevmfs 3 | install --firstdisk --overwritevmfs 4 | %include /tmp/ksnet 5 | %include /tmp/rootpw 6 | reboot 7 | %post --interpreter=busybox 8 | localcli network firewall unload 9 | STATUP=$(mktemp) 10 | echo '{"status": "complete"}' > $STATUP 11 | /opt/confluent/bin/apiclient /confluent-api/self/updatestatus $STATUP 12 | -------------------------------------------------------------------------------- /confluent_osdeploy/esxi7/profiles/hypervisor/profile.yaml: -------------------------------------------------------------------------------- 1 | label: VMware ESXi %%VERSION%% Hypervisor 2 | ostype: esxi 3 | kernelargs: runweasel 4 | -------------------------------------------------------------------------------- /confluent_osdeploy/esxi7/profiles/hypervisor/scripts/modinstall: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | mv /etc/confluent/confluent.deploycfg /etc/confluent/confluent.newdeploycfg 3 | /opt/confluent/bin/apiclient /confluent-public/os/$profile/scripts/makeksnet >> /tmp/makeksnet 4 | mv /etc/confluent/confluent.newdeploycfg /etc/confluent/confluent.deploycfg 5 | chmod +x /tmp/makeksnet 6 | /tmp/makeksnet > /tmp/ksnet 7 | rootpw=$(grep ^rootpassword: /etc/confluent/confluent.deploycfg|sed -e 's/^rootpassword: //') 8 | echo rootpw --iscrypted $rootpw > /tmp/rootpw 9 | export BOOT_CMDLINE=ks=/etc/confluent/ks.cfg 10 | -------------------------------------------------------------------------------- /confluent_osdeploy/genesis/initramfs/usr/lib/dracut/hooks/cmdline/10-genesis.sh: -------------------------------------------------------------------------------- 1 | root=1 2 | rootok=1 3 | netroot=genesis 4 | clear 5 | mount -t cgroup2 cgroup2 /sys/fs/cgroup 6 | mount -t efivarfs efivarfs /sys/firmware/efi/efivars 7 | echo PS1="'"'[genesis running on \H \w]$ '"'" >> ~/.bashrc 8 | echo PS1="'"'[genesis running on \H \w]$ '"'" >> ~/.bash_profile 9 | mkdir -p /etc/ssh 10 | mkdir -p /var/tmp/ 11 | mkdir -p /var/empty/sshd 12 | sed -i '/^root:/d' /etc/passwd 13 | echo root:x:0:0::/:/bin/bash >> /etc/passwd 14 | echo sshd:x:30:30:SSH User:/var/empty/sshd:/sbin/nologin >> /etc/passwd 15 | tmux new-session -d bash /opt/confluent/bin/rungenesis 16 | while :; do 17 | sleep 86400 18 | done 19 | -------------------------------------------------------------------------------- /confluent_osdeploy/genesis/profiles/default/ansible/onboot.d/README.txt: -------------------------------------------------------------------------------- 1 | Ansible playbooks ending in .yml or .yaml that are placed into this directory will be executed at the 2 | appropriate phase of the install process. 3 | 4 | Alternatively, plays may be placed in /var/lib/confluent/private/os//ansible/. 5 | This prevents public clients from being able to read the plays, which is not necessary for them to function, 6 | and may protect them from divulging material contained in the plays or associated roles. 7 | 8 | The 'hosts' may be omitted, and if included will be ignored, replaced with the host that is specifically 9 | requesting the playbooks be executed. 10 | 11 | Also, the playbooks will be executed on the deployment server. Hence it may be slower in aggregate than 12 | running content under scripts/ which ask much less of the deployment server 13 | 14 | Here is an example of what a playbook would look like broadly: 15 | 16 | - name: Example 17 | gather_facts: no 18 | tasks: 19 | - name: Example1 20 | lineinfile: 21 | path: /etc/hosts 22 | line: 1.2.3.4 test1 23 | create: yes 24 | - name: Example2 25 | lineinfile: 26 | path: /etc/hosts 27 | line: 1.2.3.5 test2 28 | create: yes 29 | 30 | -------------------------------------------------------------------------------- /confluent_osdeploy/genesis/profiles/default/profile.yaml: -------------------------------------------------------------------------------- 1 | label: Genesis 2 | kernelargs: quiet 3 | -------------------------------------------------------------------------------- /confluent_osdeploy/genesis/profiles/default/scripts/onboot.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | . /etc/confluent/functions 3 | # This runs whenever this genesis profile boots for customization 4 | # purposes 5 | 6 | # run_remote and run_remote_python are available to download scripts and 7 | # execute them. 8 | 9 | # This will induce server side processing of the syncfile contents if 10 | # present 11 | run_remote_python syncfileclient 12 | 13 | run_remote_parts onboot.d 14 | 15 | 16 | # Induce execution of remote configuration, e.g. ansible plays in ansible/onboot.d/ 17 | run_remote_config onboot 18 | 19 | # This is an example to request the BMC be configured on the network 20 | # according to how confluent has things configured: 21 | # run_remote_python configbmc -c 22 | -------------------------------------------------------------------------------- /confluent_osdeploy/rhvh4/initramfs/usr/lib/dracut/hooks/cmdline/01-confluent.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo -n "" >> /tmp/net.ifaces 3 | cat /tls/*.0 >> /etc/pki/tls/certs/ca-bundle.crt 4 | if ! grep console= /proc/cmdline >& /dev/null; then 5 | autocons=$(/opt/confluent/bin/autocons) 6 | if [ -n "$autocons" ]; then 7 | echo console=$autocons |sed -e 's!/dev/!!' >> /tmp/01-autocons.conf 8 | autocons=${autocons%,*} 9 | echo $autocons > /tmp/01-autocons.devnode 10 | echo "Detected firmware specified console at $(cat /tmp/01-autocons.conf)" > $autocons 11 | echo "Initializing auto detected console when installer starts" > $autocons 12 | fi 13 | fi 14 | . /lib/anaconda-lib.sh 15 | wait_for_kickstart 16 | -------------------------------------------------------------------------------- /confluent_osdeploy/rhvh4/initramfs/usr/lib/dracut/hooks/initqueue/finished/confluent.sh: -------------------------------------------------------------------------------- 1 | [ -e /tmp/confluent.initq ] 2 | -------------------------------------------------------------------------------- /confluent_osdeploy/rhvh4/initramfs/usr/lib/dracut/hooks/pre-pivot/01-confluent.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | BUNDLENAME=/sysroot/etc/pki/tls/certs/ca-bundle.crt 3 | while [ -h $BUNDLENAME ]; do 4 | BUNDLENAME=/sysroot/$(readlink $BUNDLENAME) 5 | done 6 | 7 | cat /etc/pki/tls/certs/ca-bundle.crt > $BUNDLENAME 8 | mkdir -p /sysroot/etc/confluent/ 9 | cp -a /tls /sysroot/etc/confluent 10 | cp -a /etc/confluent/* /sysroot/etc/confluent/ 11 | sed -i 's/install::/install:*:/' /sysroot/etc/shadow 12 | sed -i 's/root::/root:*:/' /sysroot/etc/shadow 13 | mkdir -p /sysroot/root/.ssh 14 | #chmod 700 /sysroot/root/.ssh 15 | cat /ssh/*pubkey > /sysroot/root/.ssh/authorized_keys 16 | #chmod 600 /sysroot/root/.ssh/authorized_keys 17 | mkdir -p /sysroot/etc/ssh/ 18 | for i in /ssh/*.ca; do 19 | echo '@cert-authority *' $(cat $i) >> /sysroot/etc/ssh/ssh_known_hosts 20 | done 21 | cp /opt/confluent/bin/apiclient /sysroot/etc/confluent 22 | -------------------------------------------------------------------------------- /confluent_osdeploy/rhvh4/profiles/default/initprofile.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | sed -i 's/centos/CentOS/; s/rhel/Red Hat Enterprise Linux/' $2/profile.yaml 3 | ln -s $1/images/pxeboot/vmlinuz $2/boot/kernel && \ 4 | ln -s $1/images/pxeboot/initrd.img $2/boot/initramfs/distribution 5 | mkdir -p $2/boot/efi/boot && \ 6 | ln -s $1/EFI/BOOT/BOOTX64.EFI $1/EFI/BOOT/grubx64.efi $2/boot/efi/boot/ 7 | ln -s $(find $1 -name '*host-image*rpm') $2/image.rpm 8 | 9 | -------------------------------------------------------------------------------- /confluent_osdeploy/rhvh4/profiles/default/kickstart.custom: -------------------------------------------------------------------------------- 1 | # Any custom kickstart additions may go here. It may be required to 2 | # modify base kickstart file to change certain portions, but adding 3 | # custom content to this file allows for most convenient way to 4 | # refresh to a newer base profile if desired. 5 | -------------------------------------------------------------------------------- /confluent_osdeploy/rhvh4/profiles/default/profile.yaml: -------------------------------------------------------------------------------- 1 | label: %%DISTRO%% %%VERSION%% %%ARCH%% (Default Profile) 2 | kernelargs: quiet 3 | #installedargs: example # These arguments would be added to the installed system 4 | -------------------------------------------------------------------------------- /confluent_osdeploy/rhvh4/profiles/default/scripts/firstboot.custom: -------------------------------------------------------------------------------- 1 | . /etc/confluent/functions 2 | # This is a convenient place to keep customizations separate from modifying the stock scripts 3 | # While modification of the stock scripts is fine, it may be easier to rebase to a newer 4 | # stock profile if the '.custom' files are used. 5 | -------------------------------------------------------------------------------- /confluent_osdeploy/rhvh4/profiles/default/scripts/firstboot.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=First Boot Process 3 | Requires=network-online.target 4 | After=network-online.target 5 | 6 | [Service] 7 | ExecStart=/etc/confluent/firstboot.sh 8 | 9 | [Install] 10 | WantedBy=multi-user.target 11 | 12 | -------------------------------------------------------------------------------- /confluent_osdeploy/rhvh4/profiles/default/scripts/firstboot.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # This script is executed on the first boot after install has 4 | # completed. It is best to edit the middle of the file as 5 | # noted below so custom commands are executed before 6 | # the script notifies confluent that install is fully complete. 7 | 8 | nodename=$(grep ^NODENAME /etc/confluent/confluent.info|awk '{print $2}') 9 | apikey=$(cat /etc/confluent/confluent.apikey) 10 | mgr=$(grep ^deploy_server: /etc/confluent/confluent.deploycfg|awk '{print $2}') 11 | profile=$(grep ^profile: /etc/confluent/confluent.deploycfg|awk '{print $2}') 12 | cat /etc/confluent/tls/*.pem >> /etc/pki/tls/certs/ca-bundle.crt 13 | export nodename mgr profile 14 | . /etc/confluent/functions 15 | while ! ping -c 1 $confluent_mgr >& /dev/null; do 16 | sleep 1 17 | done 18 | 19 | 20 | run_remote firstboot.custom 21 | 22 | 23 | curl -X POST -d 'status: complete' -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $apikey" https://$mgr/confluent-api/self/updatestatus 24 | systemctl disable firstboot 25 | rm /etc/systemd/system/firstboot.service 26 | -------------------------------------------------------------------------------- /confluent_osdeploy/rhvh4/profiles/default/scripts/functions: -------------------------------------------------------------------------------- 1 | run_remote() { 2 | requestedcmd="'$*'" 3 | echo 4 | echo '---------------------------------------------------------------------------' 5 | echo Running $requestedcmd from https://$mgr/confluent-public/os/$profile/scripts/ 6 | tmpdir=$(mktemp -d) 7 | echo Executing in $tmpdir 8 | cd $tmpdir 9 | curl -f -sS https://$mgr/confluent-public/os/$profile/scripts/$1 > $1 10 | if [ $? != 0 ]; then echo $requestedcmd failed to download; return 1; fi 11 | chmod +x $1 12 | cmd=$1 13 | if [ -x /usr/bin/chcon ]; then 14 | chcon system_u:object_r:bin_t:s0 $cmd 15 | fi 16 | shift 17 | ./$cmd $* 18 | retcode=$? 19 | echo "$requestedcmd exited with code $retcode" 20 | cd - > /dev/null 21 | return $retcode 22 | } 23 | 24 | run_remote_python() { 25 | echo 26 | echo '---------------------------------------------------------------------------' 27 | echo Running python script "'$*'" from https://$mgr/confluent-public/os/$profile/scripts/ 28 | tmpdir=$(mktemp -d) 29 | echo Executing in $tmpdir 30 | cd $tmpdir 31 | curl -f -sS https://$mgr/confluent-public/os/$profile/scripts/$1 > $1 32 | if [ $? != 0 ]; then echo "'$*'" failed to download; return 1; fi 33 | /usr/libexec/platform-python $* 34 | retcode=$? 35 | echo "'$*' exited with code $retcode" 36 | cd - > /dev/null 37 | return $retcode 38 | } 39 | -------------------------------------------------------------------------------- /confluent_osdeploy/rhvh4/profiles/default/scripts/post.custom: -------------------------------------------------------------------------------- 1 | . /etc/confluent/functions 2 | # This is a convenient place to keep customizations separate from modifying the stock scripts 3 | # While modification of the stock scripts is fine, it may be easier to rebase to a newer 4 | # stock profile if the '.custom' files are used. 5 | -------------------------------------------------------------------------------- /confluent_osdeploy/rhvh4/profiles/default/scripts/post.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # need to copy over ssh key info 3 | nodename=$(grep ^NODENAME /etc/confluent/confluent.info|awk '{print $2}') 4 | apikey=$(cat /etc/confluent/confluent.apikey) 5 | 6 | chmod 700 /etc/confluent 7 | chmod og-rwx /etc/confluent/* 8 | 9 | export mgr profile nodename 10 | . /etc/confluent/functions 11 | 12 | curl -X POST -d 'status: staged' -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $apikey" https://$mgr/confluent-api/self/updatestatus 13 | 14 | 15 | if [ -f /tmp/cryptboot ]; then 16 | run_remote tpm_luks.sh 17 | fi 18 | # This script will execute in the installed system, but using the installer kernel prior to reboot. 19 | # This is an appropriate place to run post install activities that do not require the actual installed 20 | # kernel to run. For example adding drivers that would be needed for first boot to run cleanly. 21 | # If, for example, there is a post script that has a dependency on a driver or filesystem that 22 | # cannot work until booting into the installer, use firstboot.sh instead 23 | 24 | # run_remote will download and execute from /var/lib/confluent/public/os//scripts/ directory 25 | # run_remote_python will use the appropriate python interpreter path to run the specified script 26 | # A post.custom is provided to more conveniently hold customizations, see the post.custom file. 27 | 28 | # run_remote example.sh 29 | # run_remote_python example.py 30 | run_remote post.custom 31 | -------------------------------------------------------------------------------- /confluent_osdeploy/rhvh4/profiles/default/scripts/pre.custom: -------------------------------------------------------------------------------- 1 | . /tmp/functions 2 | # This is a convenient place to keep customizations separate from modifying the stock scripts 3 | # While modification of the stock scripts is fine, it may be easier to rebase to a newer 4 | # stock profile if the '.custom' files are used. 5 | -------------------------------------------------------------------------------- /confluent_osdeploy/rhvh4/profiles/default/scripts/prechroot.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # This script runs after install is complete, but inside the installer 4 | # environment. This is useful for carrying work done in pre/during the 5 | # installer into the installed environment. 6 | 7 | # It is almost certainly more useful to use post.sh or firstboot.sh 8 | # for customization, which will run in a more normal mechanism 9 | 10 | nodename=$(grep ^NODENAME /etc/confluent/confluent.info|awk '{print $2}') 11 | export mgr profile nodename 12 | cp -a /etc/confluent /mnt/sysimage/etc 13 | cp /tmp/functions /mnt/sysimage/etc/confluent/ 14 | . /tmp/functions 15 | cp /tmp/cryptboot /mnt/sysimage/tmp/ 16 | 17 | # Preserve the ssh setup work done for the installer 18 | # by copying into the target system and setting up 19 | # host based authentication 20 | run_remote setupssh.sh 21 | -------------------------------------------------------------------------------- /confluent_osdeploy/rhvh4/profiles/default/scripts/setupssh.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | grep HostCert /etc/ssh/sshd_config.anaconda >> /mnt/sysimage/etc/ssh/sshd_config 3 | echo HostbasedAuthentication yes >> /mnt/sysimage/etc/ssh/sshd_config 4 | echo HostbasedUsesNameFromPacketOnly yes >> /mnt/sysimage/etc/ssh/sshd_config 5 | echo IgnoreRhosts no >> /mnt/sysimage/etc/ssh/sshd_config 6 | sshconf=/mnt/sysimage/etc/ssh/ssh_config 7 | if [ -d /mnt/sysimage/etc/ssh/ssh_config.d/ ]; then 8 | sshconf=/mnt/sysimage/etc/ssh/ssh_config.d/01-confluent.conf 9 | fi 10 | echo 'Host *' >> $sshconf 11 | echo ' HostbasedAuthentication yes' >> $sshconf 12 | echo ' EnableSSHKeysign yes' >> $sshconf 13 | echo ' HostbasedKeyTypes *ed25519*' >> $sshconf 14 | 15 | cp /etc/ssh/ssh_host_* /mnt/sysimage/etc/ssh/ 16 | mkdir /mnt/sysimage/root/.ssh/ 17 | chmod 700 /mnt/sysimage/root/.ssh/ 18 | cp /root/.ssh/authorized_keys /mnt/sysimage/root/.ssh/ 19 | chmod 600 /mnt/sysimage/root/.ssh/authorized_keys 20 | cp /etc/ssh/ssh_known_hosts /mnt/sysimage/etc/ssh/ 21 | curl -f -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $(cat /etc/confluent/confluent.apikey)" https://$mgr/confluent-api/self/nodelist > /tmp/allnodes 22 | cp /tmp/allnodes /mnt/sysimage/etc/ssh/shosts.equiv 23 | cp /tmp/allnodes /mnt/sysimage/root/.shosts 24 | -------------------------------------------------------------------------------- /confluent_osdeploy/rhvh4/profiles/default/scripts/tpm_luks.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | cryptdisk=$(blkid -t TYPE="crypto_LUKS"|sed -e s/:.*//) 3 | clevis luks bind -f -d $cryptdisk -k - tpm2 '{}' < /etc/confluent/confluent.apikey 4 | cryptsetup luksRemoveKey $cryptdisk < /etc/confluent/confluent.apikey 5 | -------------------------------------------------------------------------------- /confluent_osdeploy/suse15-diskless/profiles/default/scripts/onboot.custom: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xcat2/confluent/6a90e1cc77d3e7e67982fe172cd210da56424a3f/confluent_osdeploy/suse15-diskless/profiles/default/scripts/onboot.custom -------------------------------------------------------------------------------- /confluent_osdeploy/suse15-diskless/profiles/default/scripts/onboot.d/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xcat2/confluent/6a90e1cc77d3e7e67982fe172cd210da56424a3f/confluent_osdeploy/suse15-diskless/profiles/default/scripts/onboot.d/.gitignore -------------------------------------------------------------------------------- /confluent_osdeploy/suse15-diskless/profiles/default/scripts/onboot.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Confluent onboot hook 3 | Requires=network-online.target 4 | After=network-online.target 5 | 6 | [Service] 7 | ExecStart=/opt/confluent/bin/onboot.sh 8 | 9 | [Install] 10 | WantedBy=multi-user.target 11 | 12 | -------------------------------------------------------------------------------- /confluent_osdeploy/suse15/initramfs/etc/linuxrc.d/01-confluent: -------------------------------------------------------------------------------- 1 | Install: exec:/opt/confluent/bin/suseagent 2 | -------------------------------------------------------------------------------- /confluent_osdeploy/suse15/profiles/hpc/ansible/firstboot.d/README.txt: -------------------------------------------------------------------------------- 1 | Ansible playbooks ending in .yml or .yaml that are placed into this directory will be executed at the 2 | appropriate phase of the install process. 3 | 4 | Alternatively, plays may be placed in /var/lib/confluent/private/os//ansible/. 5 | This prevents public clients from being able to read the plays, which is not necessary for them to function, 6 | and may protect them from divulging material contained in the plays or associated roles. 7 | 8 | The 'hosts' may be omitted, and if included will be ignored, replaced with the host that is specifically 9 | requesting the playbooks be executed. 10 | 11 | Also, the playbooks will be executed on the deployment server. Hence it may be slower in aggregate than 12 | running content under scripts/ which ask much less of the deployment server 13 | 14 | Here is an example of what a playbook would look like broadly: 15 | 16 | - name: Example 17 | gather_facts: no 18 | tasks: 19 | - name: Example1 20 | lineinfile: 21 | path: /etc/hosts 22 | line: 1.2.3.4 test1 23 | create: yes 24 | - name: Example2 25 | lineinfile: 26 | path: /etc/hosts 27 | line: 1.2.3.5 test2 28 | create: yes 29 | 30 | -------------------------------------------------------------------------------- /confluent_osdeploy/suse15/profiles/hpc/ansible/post.d/README.txt: -------------------------------------------------------------------------------- 1 | Ansible playbooks ending in .yml or .yaml that are placed into this directory will be executed at the 2 | appropriate phase of the install process. 3 | 4 | Alternatively, plays may be placed in /var/lib/confluent/private/os//ansible/. 5 | This prevents public clients from being able to read the plays, which is not necessary for them to function, 6 | and may protect them from divulging material contained in the plays or associated roles. 7 | 8 | The 'hosts' may be omitted, and if included will be ignored, replaced with the host that is specifically 9 | requesting the playbooks be executed. 10 | 11 | Also, the playbooks will be executed on the deployment server. Hence it may be slower in aggregate than 12 | running content under scripts/ which ask much less of the deployment server 13 | 14 | Here is an example of what a playbook would look like broadly: 15 | 16 | - name: Example 17 | gather_facts: no 18 | tasks: 19 | - name: Example1 20 | lineinfile: 21 | path: /etc/hosts 22 | line: 1.2.3.4 test1 23 | create: yes 24 | - name: Example2 25 | lineinfile: 26 | path: /etc/hosts 27 | line: 1.2.3.5 test2 28 | create: yes 29 | 30 | -------------------------------------------------------------------------------- /confluent_osdeploy/suse15/profiles/hpc/initprofile.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # WARNING 3 | # be careful when editing files here as this script is called 4 | # in parallel to other copy operations, so changes to files can be lost 5 | discnum=$(basename $1) 6 | if [ "$discnum" != 1 ]; then exit 0; fi 7 | if [ -e $2/boot/kernel ]; then exit 0; fi 8 | profile=$(basename $2) 9 | 10 | if [[ $profile =~ ^sle.* ]]; then 11 | if ls $1/Product-* >& /dev/null; then 12 | ln -s $1 $2/product 13 | else 14 | ln -s ${1%1}2 $2/product 15 | fi 16 | fi 17 | sed -i 's/sle 15/SUSE Linux Enterprise 15/; s/opensuse_leap/openSUSE Leap/' $2/profile.yaml 18 | ln -s $1/boot/x86_64/loader/linux $2/boot/kernel && \ 19 | ln -s $1/boot/x86_64/loader/initrd $2/boot/initramfs/distribution && \ 20 | mkdir -p $2/boot/efi/boot && \ 21 | ln -s $1/EFI/BOOT/bootx64.efi $1/EFI/BOOT/grub.efi $2/boot/efi/boot/ 22 | if [[ $profile =~ ^sle.* ]]; then 23 | ln -s autoyast.sle $2/autoyast 24 | else 25 | ln -s autoyast.leap $2/autoyast 26 | fi 27 | -------------------------------------------------------------------------------- /confluent_osdeploy/suse15/profiles/hpc/profile.yaml: -------------------------------------------------------------------------------- 1 | label: %%DISTRO%% %%VERSION%% %%ARCH%% (Default Profile) 2 | kernelargs: quiet # These arguments are passed to the installer 3 | #installedargs: example # These arguments would be added to the installed system 4 | -------------------------------------------------------------------------------- /confluent_osdeploy/suse15/profiles/hpc/scripts/firstboot.custom: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # This script runs at the end of the final boot 4 | 5 | . /etc/confluent/functions 6 | 7 | # Custom scripts may go here 8 | # run_remote example.sh 9 | # run_remote_python example.py 10 | -------------------------------------------------------------------------------- /confluent_osdeploy/suse15/profiles/hpc/scripts/firstboot.d/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xcat2/confluent/6a90e1cc77d3e7e67982fe172cd210da56424a3f/confluent_osdeploy/suse15/profiles/hpc/scripts/firstboot.d/.gitignore -------------------------------------------------------------------------------- /confluent_osdeploy/suse15/profiles/hpc/scripts/post.custom: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # This script runs at the end of install in the installed system 4 | # but still under the installer kernel. 5 | 6 | # This is a good place to run most customizations that do not have any 7 | # dependency upon the install target kernel being active. 8 | 9 | # If there are dependencies on the kernel (drivers or special filesystems) 10 | # then firstboot.sh would be the script to customize. 11 | 12 | . /etc/confluent/functions 13 | 14 | # Examples: 15 | # run_remote script.sh 16 | # run_remote_python script.py 17 | -------------------------------------------------------------------------------- /confluent_osdeploy/suse15/profiles/hpc/scripts/post.d/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xcat2/confluent/6a90e1cc77d3e7e67982fe172cd210da56424a3f/confluent_osdeploy/suse15/profiles/hpc/scripts/post.d/.gitignore -------------------------------------------------------------------------------- /confluent_osdeploy/suse15/profiles/hpc/scripts/post.d/10-remove-online-repos.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/bash 2 | # remove online repos 3 | grep -lE "baseurl=https?://download.opensuse.org" /etc/zypp/repos.d/*repo | xargs rm -- 4 | -------------------------------------------------------------------------------- /confluent_osdeploy/suse15/profiles/hpc/scripts/pre.d/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xcat2/confluent/6a90e1cc77d3e7e67982fe172cd210da56424a3f/confluent_osdeploy/suse15/profiles/hpc/scripts/pre.d/.gitignore -------------------------------------------------------------------------------- /confluent_osdeploy/suse15/profiles/hpc/scripts/prechroot.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # This script runs when install is finished, but while the installer 4 | # is still running, with the to-be-booted system mounted in /mnt 5 | 6 | # carry over deployment configuration and api key for OS install action 7 | confluent_mgr=$(grep ^deploy_server /etc/confluent/confluent.deploycfg|awk '{print $2}') 8 | confluent_profile=$(grep ^profile: /etc/confluent/confluent.deploycfg|sed -e 's/^profile: //') 9 | nodename=$(grep ^NODENAME /etc/confluent/confluent.info|awk '{print $2}') 10 | export confluent_mgr confluent_profile nodename 11 | mkdir -p /mnt/etc/confluent 12 | chmod 700 /mnt/etc/confluent 13 | cp /tmp/functions /mnt/etc/confluent/ 14 | . /tmp/functions 15 | cp -a /etc/confluent/* /mnt/etc/confluent/ 16 | cp -a /tls /mnt/etc/confluent/ 17 | cp -a /tls/* /mnt/var/lib/ca-certificates/openssl 18 | cp -a /tls/* /mnt/var/lib/ca-certificates/pem 19 | cp -a /tls/*.pem /mnt/etc/pki/trust/anchors 20 | cat /tls/*.pem > /mnt/etc/confluent/ca.pem 21 | mkdir -p /mnt/opt/confluent/bin 22 | cp /opt/confluent/bin/apiclient /mnt/opt/confluent/bin/ 23 | 24 | run_remote setupssh.sh 25 | 26 | echo Port 22 >> /etc/ssh/sshd_config 27 | echo Port 2222 >> /etc/ssh/sshd_config 28 | echo Match LocalPort 22 >> /etc/ssh/sshd_config 29 | echo " ChrootDirectory /mnt" >> /etc/ssh/sshd_config 30 | kill -HUP $(cat /run/sshd.pid) 31 | mkdir -p /mnt/var/log/confluent 32 | cp /tmp/confluent*log /mnt/var/log/confluent 33 | 34 | -------------------------------------------------------------------------------- /confluent_osdeploy/suse15/profiles/server/ansible/firstboot.d/README.txt: -------------------------------------------------------------------------------- 1 | Ansible playbooks ending in .yml or .yaml that are placed into this directory will be executed at the 2 | appropriate phase of the install process. 3 | 4 | Alternatively, plays may be placed in /var/lib/confluent/private/os//ansible/. 5 | This prevents public clients from being able to read the plays, which is not necessary for them to function, 6 | and may protect them from divulging material contained in the plays or associated roles. 7 | 8 | The 'hosts' may be omitted, and if included will be ignored, replaced with the host that is specifically 9 | requesting the playbooks be executed. 10 | 11 | Also, the playbooks will be executed on the deployment server. Hence it may be slower in aggregate than 12 | running content under scripts/ which ask much less of the deployment server 13 | 14 | Here is an example of what a playbook would look like broadly: 15 | 16 | - name: Example 17 | gather_facts: no 18 | tasks: 19 | - name: Example1 20 | lineinfile: 21 | path: /etc/hosts 22 | line: 1.2.3.4 test1 23 | create: yes 24 | - name: Example2 25 | lineinfile: 26 | path: /etc/hosts 27 | line: 1.2.3.5 test2 28 | create: yes 29 | 30 | -------------------------------------------------------------------------------- /confluent_osdeploy/suse15/profiles/server/ansible/post.d/README.txt: -------------------------------------------------------------------------------- 1 | Ansible playbooks ending in .yml or .yaml that are placed into this directory will be executed at the 2 | appropriate phase of the install process. 3 | 4 | Alternatively, plays may be placed in /var/lib/confluent/private/os//ansible/. 5 | This prevents public clients from being able to read the plays, which is not necessary for them to function, 6 | and may protect them from divulging material contained in the plays or associated roles. 7 | 8 | The 'hosts' may be omitted, and if included will be ignored, replaced with the host that is specifically 9 | requesting the playbooks be executed. 10 | 11 | Also, the playbooks will be executed on the deployment server. Hence it may be slower in aggregate than 12 | running content under scripts/ which ask much less of the deployment server 13 | 14 | Here is an example of what a playbook would look like broadly: 15 | 16 | - name: Example 17 | gather_facts: no 18 | tasks: 19 | - name: Example1 20 | lineinfile: 21 | path: /etc/hosts 22 | line: 1.2.3.4 test1 23 | create: yes 24 | - name: Example2 25 | lineinfile: 26 | path: /etc/hosts 27 | line: 1.2.3.5 test2 28 | create: yes 29 | 30 | -------------------------------------------------------------------------------- /confluent_osdeploy/suse15/profiles/server/initprofile.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # WARNING 3 | # be careful when editing files here as this script is called 4 | # in parallel to other copy operations, so changes to files can be lost 5 | discnum=$(basename $1) 6 | if [ "$discnum" != 1 ]; then exit 0; fi 7 | if [ -e $2/boot/kernel ]; then exit 0; fi 8 | profile=$(basename $2) 9 | 10 | if [[ $profile =~ ^sle.* ]]; then 11 | if ls $1/Product-* >& /dev/null; then 12 | ln -s $1 $2/product 13 | else 14 | ln -s ${1%1}2 $2/product 15 | fi 16 | fi 17 | sed -i 's/sle 15/SUSE Linux Enterprise 15/; s/opensuse_leap/openSUSE Leap/' $2/profile.yaml 18 | ln -s $1/boot/x86_64/loader/linux $2/boot/kernel && \ 19 | ln -s $1/boot/x86_64/loader/initrd $2/boot/initramfs/distribution && \ 20 | mkdir -p $2/boot/efi/boot && \ 21 | ln -s $1/EFI/BOOT/bootx64.efi $1/EFI/BOOT/grub.efi $2/boot/efi/boot/ 22 | if [[ $profile =~ ^sle.* ]]; then 23 | ln -s autoyast.sle $2/autoyast 24 | else 25 | ln -s autoyast.leap $2/autoyast 26 | fi 27 | -------------------------------------------------------------------------------- /confluent_osdeploy/suse15/profiles/server/profile.yaml: -------------------------------------------------------------------------------- 1 | label: %%DISTRO%% %%VERSION%% %%ARCH%% (Default Profile) 2 | kernelargs: quiet # These arguments are passed to the installer 3 | #installedargs: example # These arguments would be added to the installed system 4 | -------------------------------------------------------------------------------- /confluent_osdeploy/suse15/profiles/server/scripts/firstboot.custom: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # This script runs at the end of the final boot 4 | 5 | . /etc/confluent/functions 6 | 7 | # Custom scripts may go here 8 | # run_remote example.sh 9 | # run_remote_python example.py 10 | -------------------------------------------------------------------------------- /confluent_osdeploy/suse15/profiles/server/scripts/firstboot.d/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xcat2/confluent/6a90e1cc77d3e7e67982fe172cd210da56424a3f/confluent_osdeploy/suse15/profiles/server/scripts/firstboot.d/.gitignore -------------------------------------------------------------------------------- /confluent_osdeploy/suse15/profiles/server/scripts/post.custom: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # This script runs at the end of install in the installed system 4 | # but still under the installer kernel. 5 | 6 | # This is a good place to run most customizations that do not have any 7 | # dependency upon the install target kernel being active. 8 | 9 | # If there are dependencies on the kernel (drivers or special filesystems) 10 | # then firstboot.sh would be the script to customize. 11 | 12 | . /etc/confluent/functions 13 | 14 | # Examples: 15 | # run_remote script.sh 16 | # run_remote_python script.py 17 | -------------------------------------------------------------------------------- /confluent_osdeploy/suse15/profiles/server/scripts/post.d/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xcat2/confluent/6a90e1cc77d3e7e67982fe172cd210da56424a3f/confluent_osdeploy/suse15/profiles/server/scripts/post.d/.gitignore -------------------------------------------------------------------------------- /confluent_osdeploy/suse15/profiles/server/scripts/post.d/10-remove-online-repos.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/bash 2 | # remove online repos 3 | grep -lE "baseurl=https?://download.opensuse.org" /etc/zypp/repos.d/*repo | xargs rm -- 4 | -------------------------------------------------------------------------------- /confluent_osdeploy/suse15/profiles/server/scripts/pre.d/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xcat2/confluent/6a90e1cc77d3e7e67982fe172cd210da56424a3f/confluent_osdeploy/suse15/profiles/server/scripts/pre.d/.gitignore -------------------------------------------------------------------------------- /confluent_osdeploy/suse15/profiles/server/scripts/prechroot.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # This script runs when install is finished, but while the installer 4 | # is still running, with the to-be-booted system mounted in /mnt 5 | 6 | # carry over deployment configuration and api key for OS install action 7 | confluent_mgr=$(grep ^deploy_server /etc/confluent/confluent.deploycfg|awk '{print $2}') 8 | confluent_profile=$(grep ^profile: /etc/confluent/confluent.deploycfg|sed -e 's/^profile: //') 9 | nodename=$(grep ^NODENAME /etc/confluent/confluent.info|awk '{print $2}') 10 | export confluent_mgr confluent_profile nodename 11 | mkdir -p /mnt/etc/confluent 12 | chmod 700 /mnt/etc/confluent 13 | cp /tmp/functions /mnt/etc/confluent/ 14 | . /tmp/functions 15 | cp -a /etc/confluent/* /mnt/etc/confluent/ 16 | cp -a /tls /mnt/etc/confluent/ 17 | cp -a /tls/* /mnt/var/lib/ca-certificates/openssl 18 | cp -a /tls/* /mnt/var/lib/ca-certificates/pem 19 | cp -a /tls/*.pem /mnt/etc/pki/trust/anchors 20 | cat /tls/*.pem > /mnt/etc/confluent/ca.pem 21 | mkdir -p /mnt/opt/confluent/bin 22 | cp /opt/confluent/bin/apiclient /mnt/opt/confluent/bin/ 23 | 24 | run_remote setupssh.sh 25 | 26 | echo Port 22 >> /etc/ssh/sshd_config 27 | echo Port 2222 >> /etc/ssh/sshd_config 28 | echo Match LocalPort 22 >> /etc/ssh/sshd_config 29 | echo " ChrootDirectory /mnt" >> /etc/ssh/sshd_config 30 | kill -HUP $(cat /run/sshd.pid) 31 | mkdir -p /mnt/var/log/confluent 32 | cp /tmp/confluent*log /mnt/var/log/confluent 33 | 34 | -------------------------------------------------------------------------------- /confluent_osdeploy/ubuntu18.04/profiles/default/initprofile.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | sed -i 's/label: ubuntu/label: Ubuntu/' $2/profile.yaml && \ 3 | ln -s $1/install/hwe-netboot/ubuntu-installer/amd64/linux $2/boot/kernel && \ 4 | ln -s $1/install/hwe-netboot/ubuntu-installer/amd64/initrd.gz $2/boot/initramfs/distribution && \ 5 | mkdir -p $2/boot/efi/boot && \ 6 | ln -s $1/EFI/BOOT/* $2/boot/efi/boot 7 | 8 | -------------------------------------------------------------------------------- /confluent_osdeploy/ubuntu18.04/profiles/default/preseed.cfg: -------------------------------------------------------------------------------- 1 | d-i anna/choose_modules string openssh-server-udeb 2 | d-i partman-auto/method string regular 3 | d-i partman-lvm/device_remove_lvm boolean true 4 | d-i partman-md/device_remove_md boolean true 5 | d-i partman-auto/expert_recipe_file string /tmp/partitionfile 6 | d-i partman/confirm_write_new_label boolean true 7 | d-i partman/choose_partition select finish 8 | d-i partman/confirm boolean true 9 | d-i partman/confirm_nooverwrite boolean true 10 | d-i passwd/make-user boolean false 11 | d-i clock-setup/utc boolean true 12 | d-i apt-setup/multiverse boolean false 13 | d-i apt-setup/universe boolean false 14 | d-i apt-setup/backports boolean false 15 | d-i apt-setup/updates boolean false 16 | d-i grub-installer/only_debian boolean true 17 | tasksel tasksel/first multiselect standard 18 | d-i pkgsel/include string openssh-server curl 19 | d-i pkgsel/update-policy select none 20 | d-i pkgsel/updatedb boolean false 21 | d-i finish-install/reboot_in_progress note 22 | -------------------------------------------------------------------------------- /confluent_osdeploy/ubuntu18.04/profiles/default/profile.yaml: -------------------------------------------------------------------------------- 1 | label: %%DISTRO%% %%VERSION%% %%ARCH%% (Default Profile) 2 | kernelargs: quiet osprofile=%%PROFILE%% 3 | #installedargs: example # These arguments would be added to the installed system 4 | -------------------------------------------------------------------------------- /confluent_osdeploy/ubuntu18.04/profiles/default/scripts/firstboot.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=First Boot Process 3 | Requires=network-online.target 4 | After=network-online.target 5 | 6 | [Service] 7 | ExecStart=/opt/confluent/bin/firstboot.sh 8 | 9 | [Install] 10 | WantedBy=multi-user.target 11 | 12 | -------------------------------------------------------------------------------- /confluent_osdeploy/ubuntu18.04/profiles/default/scripts/firstboot.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo "Confluent first boot is running" 3 | HOME=$(getent passwd $(whoami)|cut -d: -f 6) 4 | export HOME 5 | #cp -a /etc/confluent/ssh/* /etc/ssh/ 6 | #systemctl restart sshd 7 | rootpw=$(grep ^rootpassword: /etc/confluent/confluent.deploycfg |awk '{print $2}') 8 | if [ ! -z "$rootpw" -a "$rootpw" != "null" ]; then 9 | echo root:$rootpw | chpasswd -e 10 | fi 11 | nodename=$(grep ^NODENAME: /etc/confluent/confluent.info | awk '{print $2}') 12 | confluent_apikey=$(cat /etc/confluent/confluent.apikey) 13 | confluent_mgr=$(grep ^deploy_server: /etc/confluent/confluent.deploycfg |awk '{print $2}') 14 | while ! ping -c 1 $confluent_mgr >& /dev/null; do 15 | sleep 1 16 | done 17 | source /etc/confluent/functions 18 | 19 | run_remote_parts firstboot.d 20 | run_remote_config firstboot.d 21 | systemctl disable firstboot 22 | curl -f -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $confluent_apikey" -X POST -d "status: complete" https://$confluent_mgr/confluent-api/self/updatestatus 23 | -------------------------------------------------------------------------------- /confluent_osdeploy/ubuntu18.04/profiles/default/scripts/prechroot.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | mount -o bind /sys /target/sys 3 | mount -o bind /dev /target/dev 4 | mount -o bind /dev/pts /target/dev/pts 5 | mount -o bind /proc /target/proc 6 | mount -o bind /dev/pts /target/dev/pts 7 | mount -o bind /run /target/run 8 | cp -a /etc/confluent /target/etc/confluent 9 | cp -a /opt/confluent /target/opt/confluent 10 | mv /tmp/post.sh /target/tmp/ 11 | cp -a /ssh /tls /target/tmp 12 | cat /tls/*.pem >> /target/etc/confluent/ca.pem 13 | cp -a /etc/ssh/ssh_host_* /target/etc/ssh/ 14 | grep HostCertificate /etc/ssh/sshd_config >> /target/etc/ssh/sshd_config 15 | echo Port 2222 >> /etc/ssh/sshd_config 16 | kill -HUP $(ps |grep -v grep|grep sshd|grep /usr|sed -e s/' root.*//') 17 | chroot /target bash /tmp/post.sh 18 | -------------------------------------------------------------------------------- /confluent_osdeploy/ubuntu20.04-diskless/initramfs/conf/conf.d/confluent: -------------------------------------------------------------------------------- 1 | if ! grep console= /proc/cmdline > /dev/null; then 2 | mkdir -p /custom-installation 3 | /opt/confluent/bin/autocons > /custom-installation/autocons.info 4 | cons=$(cat /custom-installation/autocons.info) 5 | if [ ! -z "$cons" ]; then 6 | echo "Auto-detected serial console: $cons" > ${cons%,*} 7 | fi 8 | fi 9 | echo . /scripts/init-premount/confluent >> /scripts/init-premount/ORDER 10 | -------------------------------------------------------------------------------- /confluent_osdeploy/ubuntu20.04-diskless/profiles/default/scripts/firstboot.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=First Boot Process 3 | Requires=network-online.target 4 | After=network-online.target 5 | 6 | [Service] 7 | ExecStart=/opt/confluent/bin/firstboot.sh 8 | 9 | [Install] 10 | WantedBy=multi-user.target 11 | 12 | -------------------------------------------------------------------------------- /confluent_osdeploy/ubuntu20.04-diskless/profiles/default/scripts/onboot.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Confluent onboot hook 3 | Requires=network-online.target 4 | After=network-online.target 5 | 6 | [Service] 7 | ExecStart=/opt/confluent/bin/onboot.sh 8 | 9 | [Install] 10 | WantedBy=multi-user.target 11 | 12 | -------------------------------------------------------------------------------- /confluent_osdeploy/ubuntu20.04/initramfs/conf/conf.d/confluent: -------------------------------------------------------------------------------- 1 | if ! grep console= /proc/cmdline > /dev/null; then 2 | /opt/confluent/bin/autocons > /custom-installation/autocons.info 3 | cons=$(cat /custom-installation/autocons.info) 4 | if [ ! -z "$cons" ]; then 5 | echo "Auto-detected serial console: $cons" > ${cons%,*} 6 | fi 7 | fi 8 | echo /scripts/init-premount/confluent >> /scripts/init-premount/ORDER 9 | -------------------------------------------------------------------------------- /confluent_osdeploy/ubuntu20.04/initramfs/custom-installation/post.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | deploycfg=/custom-installation/confluent/confluent.deploycfg 3 | confluent_mgr=$(grep ^deploy_server $deploycfg|awk '{print $2}') 4 | confluent_profile=$(grep ^profile: $deploycfg|awk '{print $2}') 5 | export deploycfg confluent_mgr confluent_profile 6 | curl -f https://$confluent_mgr/confluent-public/os/$confluent_profile/scripts/post.sh > /tmp/post.sh 7 | bash /tmp/post.sh 8 | true 9 | -------------------------------------------------------------------------------- /confluent_osdeploy/ubuntu20.04/initramfs/custom-installation/pre.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | deploycfg=/custom-installation/confluent/confluent.deploycfg 3 | confluent_mgr=$(grep ^deploy_server $deploycfg|awk '{print $2}') 4 | confluent_profile=$(grep ^profile: $deploycfg|awk '{print $2}') 5 | curl -f https://$confluent_mgr/confluent-public/os/$confluent_profile/scripts/pre.sh > /tmp/pre.sh 6 | . /tmp/pre.sh 7 | -------------------------------------------------------------------------------- /confluent_osdeploy/ubuntu20.04/profiles/default/autoinstall/meta-data: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xcat2/confluent/6a90e1cc77d3e7e67982fe172cd210da56424a3f/confluent_osdeploy/ubuntu20.04/profiles/default/autoinstall/meta-data -------------------------------------------------------------------------------- /confluent_osdeploy/ubuntu20.04/profiles/default/autoinstall/user-data: -------------------------------------------------------------------------------- 1 | #cloud-config 2 | autoinstall: 3 | version: 1 4 | early-commands: 5 | - /custom-installation/pre.sh 6 | late-commands: 7 | - /custom-installation/post.sh 8 | ssh: 9 | install-server: true 10 | storage: 11 | layout: 12 | name: lvm 13 | match: 14 | path: "%%INSTALLDISK%%" 15 | user-data: 16 | runcmd: 17 | - /etc/confluent/firstboot.sh 18 | -------------------------------------------------------------------------------- /confluent_osdeploy/ubuntu20.04/profiles/default/initprofile.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | sed -i 's/label: ubuntu/label: Ubuntu/' $2/profile.yaml && \ 3 | ln -s $1/casper/vmlinuz $2/boot/kernel && \ 4 | ln -s $1/casper/initrd $2/boot/initramfs/distribution && \ 5 | mkdir -p $2/boot/efi/boot && \ 6 | ln -s $1/EFI/BOOT/* $2/boot/efi/boot 7 | 8 | -------------------------------------------------------------------------------- /confluent_osdeploy/ubuntu20.04/profiles/default/profile.yaml: -------------------------------------------------------------------------------- 1 | label: %%DISTRO%% %%VERSION%% %%ARCH%% (Default Profile) 2 | kernelargs: quiet osprofile=%%PROFILE%% 3 | #installedargs: example # These arguments would be added to the installed system 4 | -------------------------------------------------------------------------------- /confluent_osdeploy/ubuntu20.04/profiles/default/scripts/firstboot.d/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xcat2/confluent/6a90e1cc77d3e7e67982fe172cd210da56424a3f/confluent_osdeploy/ubuntu20.04/profiles/default/scripts/firstboot.d/.gitignore -------------------------------------------------------------------------------- /confluent_osdeploy/ubuntu20.04/profiles/default/scripts/post.d/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xcat2/confluent/6a90e1cc77d3e7e67982fe172cd210da56424a3f/confluent_osdeploy/ubuntu20.04/profiles/default/scripts/post.d/.gitignore -------------------------------------------------------------------------------- /confluent_osdeploy/ubuntu22.04-diskless: -------------------------------------------------------------------------------- 1 | ubuntu20.04-diskless -------------------------------------------------------------------------------- /confluent_osdeploy/ubuntu22.04/initramfs/conf/conf.d/confluent: -------------------------------------------------------------------------------- 1 | if ! grep console= /proc/cmdline > /dev/null; then 2 | /opt/confluent/bin/autocons > /custom-installation/autocons.info 3 | cons=$(cat /custom-installation/autocons.info) 4 | if [ ! -z "$cons" ]; then 5 | echo "Auto-detected serial console: $cons" > ${cons%,*} 6 | fi 7 | fi 8 | echo /scripts/init-premount/confluent >> /scripts/init-premount/ORDER 9 | -------------------------------------------------------------------------------- /confluent_osdeploy/ubuntu22.04/initramfs/custom-installation/post.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | deploycfg=/custom-installation/confluent/confluent.deploycfg 3 | confluent_mgr=$(grep ^deploy_server $deploycfg|awk '{print $2}') 4 | confluent_profile=$(grep ^profile: $deploycfg|awk '{print $2}') 5 | export deploycfg confluent_mgr confluent_profile 6 | curl -f https://$confluent_mgr/confluent-public/os/$confluent_profile/scripts/post.sh > /tmp/post.sh 7 | bash /tmp/post.sh 8 | true 9 | -------------------------------------------------------------------------------- /confluent_osdeploy/ubuntu22.04/initramfs/custom-installation/pre.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | deploycfg=/custom-installation/confluent/confluent.deploycfg 3 | confluent_mgr=$(grep ^deploy_server $deploycfg|awk '{print $2}') 4 | confluent_profile=$(grep ^profile: $deploycfg|awk '{print $2}') 5 | curl -f https://$confluent_mgr/confluent-public/os/$confluent_profile/scripts/pre.sh > /tmp/pre.sh 6 | . /tmp/pre.sh 7 | -------------------------------------------------------------------------------- /confluent_osdeploy/ubuntu22.04/profiles/default/ansible/firstboot.d/README.txt: -------------------------------------------------------------------------------- 1 | Ansible playbooks ending in .yml or .yaml that are placed into this directory will be executed at the 2 | appropriate phase of the install process. 3 | 4 | Alternatively, plays may be placed in /var/lib/confluent/private/os//ansible/. 5 | This prevents public clients from being able to read the plays, which is not necessary for them to function, 6 | and may protect them from divulging material contained in the plays or associated roles. 7 | 8 | The 'hosts' may be omitted, and if included will be ignored, replaced with the host that is specifically 9 | requesting the playbooks be executed. 10 | 11 | Also, the playbooks will be executed on the deployment server. Hence it may be slower in aggregate than 12 | running content under scripts/ which ask much less of the deployment server 13 | 14 | Here is an example of what a playbook would look like broadly: 15 | 16 | - name: Example 17 | gather_facts: no 18 | tasks: 19 | - name: Example1 20 | lineinfile: 21 | path: /etc/hosts 22 | line: 1.2.3.4 test1 23 | create: yes 24 | - name: Example2 25 | lineinfile: 26 | path: /etc/hosts 27 | line: 1.2.3.5 test2 28 | create: yes 29 | 30 | -------------------------------------------------------------------------------- /confluent_osdeploy/ubuntu22.04/profiles/default/ansible/post.d/README.txt: -------------------------------------------------------------------------------- 1 | Ansible playbooks ending in .yml or .yaml that are placed into this directory will be executed at the 2 | appropriate phase of the install process. 3 | 4 | Alternatively, plays may be placed in /var/lib/confluent/private/os//ansible/. 5 | This prevents public clients from being able to read the plays, which is not necessary for them to function, 6 | and may protect them from divulging material contained in the plays or associated roles. 7 | 8 | The 'hosts' may be omitted, and if included will be ignored, replaced with the host that is specifically 9 | requesting the playbooks be executed. 10 | 11 | Also, the playbooks will be executed on the deployment server. Hence it may be slower in aggregate than 12 | running content under scripts/ which ask much less of the deployment server 13 | 14 | Here is an example of what a playbook would look like broadly: 15 | 16 | - name: Example 17 | gather_facts: no 18 | tasks: 19 | - name: Example1 20 | lineinfile: 21 | path: /etc/hosts 22 | line: 1.2.3.4 test1 23 | create: yes 24 | - name: Example2 25 | lineinfile: 26 | path: /etc/hosts 27 | line: 1.2.3.5 test2 28 | create: yes 29 | 30 | -------------------------------------------------------------------------------- /confluent_osdeploy/ubuntu22.04/profiles/default/autoinstall/meta-data: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xcat2/confluent/6a90e1cc77d3e7e67982fe172cd210da56424a3f/confluent_osdeploy/ubuntu22.04/profiles/default/autoinstall/meta-data -------------------------------------------------------------------------------- /confluent_osdeploy/ubuntu22.04/profiles/default/autoinstall/user-data: -------------------------------------------------------------------------------- 1 | #cloud-config 2 | autoinstall: 3 | # The following can help an Ubuntu system skip install-time updates 4 | # Only uncomment if you know you really want to do this or plan to manage the updates 5 | # a different way. 6 | # 7 | # updates: security 8 | # apt: 9 | # disable_suites: [security] 10 | # fallback: offline-install 11 | version: 1 12 | early-commands: 13 | - /custom-installation/pre.sh 14 | late-commands: 15 | - /custom-installation/post.sh 16 | ssh: 17 | install-server: true 18 | storage: 19 | layout: 20 | name: lvm 21 | match: 22 | path: "%%INSTALLDISK%%" 23 | user-data: 24 | runcmd: 25 | - /etc/confluent/firstboot.sh 26 | -------------------------------------------------------------------------------- /confluent_osdeploy/ubuntu22.04/profiles/default/initprofile.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | sed -i 's/label: ubuntu/label: Ubuntu/' $2/profile.yaml && \ 3 | ln -s $1/casper/vmlinuz $2/boot/kernel && \ 4 | ln -s $1/casper/initrd $2/boot/initramfs/distribution && \ 5 | mkdir -p $2/boot/efi/boot && \ 6 | if [ -d $1/EFI/boot/ ]; then 7 | ln -s $1/EFI/boot/* $2/boot/efi/boot 8 | elif [ -d $1/efi/boot/ ]; then 9 | ln -s $1/efi/boot/* $2/boot/efi/boot 10 | else 11 | echo "Unrecogrized boot contents in media" >&2 12 | exit 1 13 | fi 14 | 15 | -------------------------------------------------------------------------------- /confluent_osdeploy/ubuntu22.04/profiles/default/profile.yaml: -------------------------------------------------------------------------------- 1 | label: %%DISTRO%% %%VERSION%% %%ARCH%% (Default Profile) 2 | kernelargs: quiet osprofile=%%PROFILE%% 3 | #installedargs: example # These arguments would be added to the installed system 4 | -------------------------------------------------------------------------------- /confluent_osdeploy/ubuntu22.04/profiles/default/scripts/addcrypt: -------------------------------------------------------------------------------- 1 | import yaml 2 | import os 3 | 4 | ainst = {} 5 | with open('/autoinstall.yaml', 'r') as allin: 6 | ainst = yaml.safe_load(allin) 7 | 8 | ainst['storage']['layout']['password'] = os.environ['lukspass'] 9 | 10 | with open('/autoinstall.yaml', 'w') as allout: 11 | yaml.safe_dump(ainst, allout) 12 | 13 | -------------------------------------------------------------------------------- /confluent_osdeploy/ubuntu22.04/profiles/default/scripts/firstboot.d/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xcat2/confluent/6a90e1cc77d3e7e67982fe172cd210da56424a3f/confluent_osdeploy/ubuntu22.04/profiles/default/scripts/firstboot.d/.gitignore -------------------------------------------------------------------------------- /confluent_osdeploy/ubuntu22.04/profiles/default/scripts/firstboot.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo "Confluent first boot is running" 3 | HOME=$(getent passwd $(whoami)|cut -d: -f 6) 4 | export HOME 5 | ( 6 | exec >> /var/log/confluent/confluent-firstboot.log 7 | exec 2>> /var/log/confluent/confluent-firstboot.log 8 | chmod 600 /var/log/confluent/confluent-firstboot.log 9 | cp -a /etc/confluent/ssh/* /etc/ssh/ 10 | systemctl restart ssh 11 | rootpw=$(grep ^rootpassword: /etc/confluent/confluent.deploycfg |awk '{print $2}') 12 | if [ ! -z "$rootpw" -a "$rootpw" != "null" ]; then 13 | echo root:$rootpw | chpasswd -e 14 | fi 15 | nodename=$(grep ^NODENAME: /etc/confluent/confluent.info | awk '{print $2}') 16 | confluent_apikey=$(cat /etc/confluent/confluent.apikey) 17 | confluent_mgr=$(grep ^deploy_server: /etc/confluent/confluent.deploycfg |awk '{print $2}') 18 | while ! ping -c 1 $confluent_mgr >& /dev/null; do 19 | sleep 1 20 | done 21 | hostnamectl set-hostname $(grep ^NODENAME: /etc/confluent/confluent.info | awk '{print $2}') 22 | touch /etc/cloud/cloud-init.disabled 23 | source /etc/confluent/functions 24 | confluent_profile=$(grep ^profile: /etc/confluent/confluent.deploycfg|awk '{print $2}') 25 | export confluent_mgr confluent_profile 26 | run_remote_parts firstboot.d 27 | run_remote_config firstboot.d 28 | curl --capath /etc/confluent/tls -f -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $confluent_apikey" -X POST -d "status: complete" https://$confluent_mgr/confluent-api/self/updatestatus 29 | ) & 30 | tail --pid $! -n 0 -F /var/log/confluent/confluent-post.log > /dev/console 31 | -------------------------------------------------------------------------------- /confluent_osdeploy/ubuntu22.04/profiles/default/scripts/mergetime: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | import yaml 3 | import os 4 | 5 | ainst = {} 6 | with open('/autoinstall.yaml', 'r') as allin: 7 | ainst = yaml.safe_load(allin) 8 | 9 | tz = None 10 | ntps = [] 11 | with open('/etc/confluent/confluent.deploycfg', 'r') as confluentdeploycfg: 12 | dcfg = yaml.safe_load(confluentdeploycfg) 13 | tz = dcfg['timezone'] 14 | ntps = dcfg.get('ntpservers', []) 15 | 16 | if ntps and not ainst.get('ntp', None): 17 | ainst['ntp'] = {} 18 | ainst['ntp']['enabled'] = True 19 | ainst['ntp']['servers'] = ntps 20 | 21 | if tz and not ainst.get('timezone'): 22 | ainst['timezone'] = tz 23 | 24 | with open('/autoinstall.yaml', 'w') as allout: 25 | yaml.safe_dump(ainst, allout) 26 | 27 | -------------------------------------------------------------------------------- /confluent_osdeploy/ubuntu22.04/profiles/default/scripts/post.d/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xcat2/confluent/6a90e1cc77d3e7e67982fe172cd210da56424a3f/confluent_osdeploy/ubuntu22.04/profiles/default/scripts/post.d/.gitignore -------------------------------------------------------------------------------- /confluent_osdeploy/ubuntu22.04/profiles/default/scripts/pre.d/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xcat2/confluent/6a90e1cc77d3e7e67982fe172cd210da56424a3f/confluent_osdeploy/ubuntu22.04/profiles/default/scripts/pre.d/.gitignore -------------------------------------------------------------------------------- /confluent_osdeploy/ubuntu22.04/profiles/default/scripts/systemdecrypt: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | case $1 in 3 | prereqs) 4 | echo 5 | exit 0 6 | ;; 7 | esac 8 | 9 | systemdecryptnow() { 10 | . /usr/lib/cryptsetup/functions 11 | local CRYPTTAB_SOURCE=$(awk '{print $2}' /systemdecrypt/crypttab) 12 | local CRYPTTAB_NAME=$(awk '{print $1}' /systemdecrypt/crypttab) 13 | crypttab_resolve_source 14 | /lib/systemd/systemd-cryptsetup attach "${CRYPTTAB_NAME}" "${CRYPTTAB_SOURCE}" none tpm2-device=auto 15 | } 16 | 17 | systemdecryptnow 18 | -------------------------------------------------------------------------------- /confluent_osdeploy/ubuntu22.04/profiles/default/scripts/systemdecrypt-hook: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | case "$1" in 3 | prereqs) 4 | echo 5 | exit 0 6 | ;; 7 | esac 8 | 9 | . /usr/share/initramfs-tools/hook-functions 10 | mkdir -p $DESTDIR/systemdecrypt 11 | copy_exec /lib/systemd/systemd-cryptsetup /lib/systemd 12 | for i in /lib/x86_64-linux-gnu/libtss2* 13 | do 14 | copy_exec ${i} /lib/x86_64-linux-gnu 15 | done 16 | if [ -f /lib/x86_64-linux-gnu/cryptsetup/libcryptsetup-token-systemd-tpm2.so ]; then 17 | mkdir -p $DESTDIR/lib/x86_64-linux-gnu/cryptsetup 18 | copy_exec /lib/x86_64-linux-gnu/cryptsetup/libcryptsetup-token-systemd-tpm2.so /lib/x86_64-linux-gnu/cryptsetup 19 | fi 20 | mkdir -p $DESTDIR/scripts/local-top 21 | 22 | echo /scripts/local-top/systemdecrypt >> $DESTDIR/scripts/local-top/ORDER 23 | 24 | if [ -f $DESTDIR/cryptroot/crypttab ]; then 25 | mv $DESTDIR/cryptroot/crypttab $DESTDIR/systemdecrypt/crypttab 26 | fi 27 | -------------------------------------------------------------------------------- /confluent_osdeploy/ubuntu24.04: -------------------------------------------------------------------------------- 1 | ubuntu22.04 -------------------------------------------------------------------------------- /confluent_osdeploy/ubuntu24.04-diskless: -------------------------------------------------------------------------------- 1 | ubuntu20.04-diskless -------------------------------------------------------------------------------- /confluent_osdeploy/utils/Makefile: -------------------------------------------------------------------------------- 1 | CC := gcc 2 | CFLAGS := -Os 3 | TARGETS := copernicus autocons start_root confluent_imginfo 4 | 5 | all: $(TARGETS) clortho urlmount 6 | 7 | urlmount: urlmount.c 8 | $(CC) $(CFLAGS) -o $@ $^ -D_FILE_OFFSET_BITS=64 -lcurl -lm -lfuse -lpthread 9 | strip -s $@ 10 | 11 | clortho: clortho.c sha-256.c 12 | $(CC) $(CFLAGS) -o $@ $^ -lcrypt 13 | strip -s $@ 14 | 15 | $(TARGETS): % : %.c 16 | $(CC) $(CFLAGS) -o $@ $^ 17 | strip -s $@ 18 | 19 | clean: 20 | rm $(TARGETS) clortho urlmount 21 | -------------------------------------------------------------------------------- /confluent_osdeploy/utils/confusebox/Makefile: -------------------------------------------------------------------------------- 1 | all: confusebox 2 | 3 | confusebox: *.go 4 | go build -ldflags "-w -s" -gcflags=all="-l" -trimpath 5 | upx --brute confusebox 6 | 7 | clean: 8 | rm confusebox 9 | -------------------------------------------------------------------------------- /confluent_osdeploy/utils/confusebox/genpasshmac.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "bytes" 5 | "github.com/go-crypt/crypt/algorithm/shacrypt" 6 | "os" 7 | "crypto/rand" 8 | "encoding/base64" 9 | "crypto/hmac" 10 | "crypto/sha256" 11 | ) 12 | 13 | func genpasshmac(hmackeyfile string) (string, string, string, error) { 14 | randbytes := make([]byte, 36) 15 | _, err := rand.Read(randbytes) 16 | if err != nil { 17 | panic(err) 18 | } 19 | password := base64.StdEncoding.EncodeToString(randbytes) 20 | hasher, err := shacrypt.New(shacrypt.WithVariant(shacrypt.VariantSHA256), shacrypt.WithIterations(5000)) 21 | if err != nil { 22 | panic(err) 23 | } 24 | 25 | digest, err := hasher.Hash(password) 26 | if err != nil { 27 | panic(err) 28 | } 29 | cryptpass := digest.Encode() 30 | hmackey, err := os.ReadFile(hmackeyfile) 31 | if err != nil { return "", "", "", err } 32 | keylines := bytes.Split(hmackey, []byte("\n")) 33 | if bytes.Contains(keylines[0], []byte("apitoken:")) { 34 | keyparts := bytes.Split(keylines[0], []byte(" ")) 35 | hmackey = keyparts[1] 36 | } 37 | 38 | hmacer := hmac.New(sha256.New, hmackey) 39 | hmacer.Write([]byte(cryptpass)) 40 | hmacresult := hmacer.Sum(nil) 41 | hmacout := base64.StdEncoding.EncodeToString(hmacresult) 42 | return password, cryptpass, hmacout, nil 43 | } 44 | 45 | -------------------------------------------------------------------------------- /confluent_osdeploy/utils/confusebox/go.mod: -------------------------------------------------------------------------------- 1 | module confusebox 2 | 3 | go 1.23.6 4 | 5 | require github.com/go-crypt/crypt v0.3.3 6 | 7 | require github.com/go-crypt/x v0.3.4 // indirect 8 | -------------------------------------------------------------------------------- /confluent_osdeploy/utils/confusebox/go.sum: -------------------------------------------------------------------------------- 1 | github.com/go-crypt/crypt v0.3.3 h1:mBSh8U+vwDm3V+UHNMQqsxV0clzlvKbLcJXcafYFpCs= 2 | github.com/go-crypt/crypt v0.3.3/go.mod h1:ex5C1b58/tzCW6/rJfcdf5Y2TjgzmWVtX57sjpN3pUQ= 3 | github.com/go-crypt/x v0.3.4 h1:zgpaI55VOAbkkRup9+tLaZ02IWTV/xz63tohoY0t9+Y= 4 | github.com/go-crypt/x v0.3.4/go.mod h1:+uHWqfzD3S6YWxm18/Qp+4VcuBb0Le9dGUhX0zaWicU= 5 | -------------------------------------------------------------------------------- /confluent_osdeploy/utils/goapiclient/go.mod: -------------------------------------------------------------------------------- 1 | module confluentapiclient 2 | 3 | go 1.22 4 | 5 | toolchain go1.23.6 6 | -------------------------------------------------------------------------------- /confluent_osdeploy/utils/goapiclient/go.sum: -------------------------------------------------------------------------------- 1 | github.com/go-crypt/crypt v0.3.2 h1:I4i0u2g8X9bxCXIjvv19BDVXqQbddDQrURCJrOyyJos= 2 | github.com/go-crypt/crypt v0.3.2/go.mod h1:U0YhpCizEtaVC4gVfUUN0qGn1Z6+e3at+B5uLYx/sV0= 3 | github.com/go-crypt/x v0.3.2 h1:m2wn2+8tp28V4yDiW5NSTiyNSXnCoTs1R1+H+cAJA3M= 4 | github.com/go-crypt/x v0.3.2/go.mod h1:uelN9rbD2e2eqE8KA26B9R6OQ0TdM6msWdPsoMM1ZFk= 5 | -------------------------------------------------------------------------------- /confluent_osdeploy/utils/gopasshmac/go.mod: -------------------------------------------------------------------------------- 1 | module genpasshmac 2 | 3 | go 1.22 4 | 5 | toolchain go1.23.6 6 | 7 | require ( 8 | github.com/go-crypt/crypt v0.3.2 // indirect 9 | github.com/go-crypt/x v0.3.2 // indirect 10 | ) 11 | -------------------------------------------------------------------------------- /confluent_osdeploy/utils/gopasshmac/go.sum: -------------------------------------------------------------------------------- 1 | github.com/go-crypt/crypt v0.3.2 h1:I4i0u2g8X9bxCXIjvv19BDVXqQbddDQrURCJrOyyJos= 2 | github.com/go-crypt/crypt v0.3.2/go.mod h1:U0YhpCizEtaVC4gVfUUN0qGn1Z6+e3at+B5uLYx/sV0= 3 | github.com/go-crypt/x v0.3.2 h1:m2wn2+8tp28V4yDiW5NSTiyNSXnCoTs1R1+H+cAJA3M= 4 | github.com/go-crypt/x v0.3.2/go.mod h1:uelN9rbD2e2eqE8KA26B9R6OQ0TdM6msWdPsoMM1ZFk= 5 | -------------------------------------------------------------------------------- /confluent_osdeploy/utils/start_root.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #define __USE_GNU 5 | #include 6 | int main(int argc, char* argv[]) { 7 | unshare(CLONE_NEWNS); 8 | mount("/dev", "/sysroot/dev", NULL, MS_MOVE, NULL); 9 | mount("/proc", "/sysroot/proc", NULL, MS_MOVE, NULL); 10 | mount("/sys", "/sysroot/sys", NULL, MS_MOVE, NULL); 11 | mount("/run", "/sysroot/run", NULL, MS_MOVE, NULL); 12 | if (chdir("/sysroot") < 0) { fprintf(stderr, "Unable to chdir!\n"); } 13 | mount("/sysroot", "/", NULL, MS_MOVE, NULL); 14 | if (chroot(".") < 0) { fprintf(stderr, "Failed to chroot!\n"); } 15 | if (chdir("/") < 0) { fprintf(stderr, "Unable to chdir after chroot!\n"); } 16 | execl("/sbin/init", "/sbin/init", NULL); 17 | } 18 | -------------------------------------------------------------------------------- /confluent_perl/example.pl: -------------------------------------------------------------------------------- 1 | # vim: tabstop=4 shiftwidth=4 softtabstop=4 2 | 3 | # Copyright 2014 IBM Corporation 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | use strict; 17 | use warnings; 18 | 19 | use Confluent::Client; 20 | 21 | my $client = Confluent::Client->new(); 22 | $client->read('/nodes/n1/power/state'); 23 | my $data = $client->next_result(); 24 | while ($data) { 25 | if (exists $data->{state}) { 26 | print $data->{state}->{value} . "\n"; 27 | } 28 | $data = $client->next_result(); 29 | } 30 | -------------------------------------------------------------------------------- /confluent_server/MANIFEST.in: -------------------------------------------------------------------------------- 1 | include pam/* 2 | include sysvinit/* 3 | include systemd/* 4 | include sysctl/* 5 | -------------------------------------------------------------------------------- /confluent_server/bin/confluent: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python2 2 | # vim: tabstop=4 shiftwidth=4 softtabstop=4 3 | 4 | # Copyright 2014 IBM Corporation 5 | # 6 | # Licensed under the Apache License, Version 2.0 (the "License"); 7 | # you may not use this file except in compliance with the License. 8 | # You may obtain a copy of the License at 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, software 13 | # distributed under the License is distributed on an "AS IS" BASIS, 14 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | # See the License for the specific language governing permissions and 16 | # limitations under the License. 17 | 18 | import sys 19 | import os 20 | path = os.path.dirname(os.path.realpath(__file__)) 21 | path = os.path.realpath(os.path.join(path, '..', 'lib', 'python')) 22 | if path.startswith('/opt'): 23 | # if installed into system path, do not muck with things 24 | sys.path.append(path) 25 | import confluent.main 26 | 27 | #import cProfile 28 | #import time 29 | #p = cProfile.Profile(time.clock) 30 | #p.enable() 31 | #try: 32 | import multiprocessing 33 | if __name__ == '__main__': 34 | multiprocessing.freeze_support() 35 | confluent.main.run(sys.argv) 36 | #except: 37 | # pass 38 | #p.disable() 39 | #p.print_stats(sort='cumulative') 40 | #p.print_stats(sort='time') 41 | -------------------------------------------------------------------------------- /confluent_server/bin/confluentsrv.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python2 2 | # vim: tabstop=4 shiftwidth=4 softtabstop=4 3 | 4 | # Copyright 2014 IBM Corporation 5 | # 6 | # Licensed under the Apache License, Version 2.0 (the "License"); 7 | # you may not use this file except in compliance with the License. 8 | # You may obtain a copy of the License at 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, software 13 | # distributed under the License is distributed on an "AS IS" BASIS, 14 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | # See the License for the specific language governing permissions and 16 | # limitations under the License. 17 | 18 | import sys 19 | import os 20 | path = os.path.dirname(os.path.realpath(__file__)) 21 | path = os.path.realpath(os.path.join(path, '..', 'lib', 'python')) 22 | if path.startswith('/opt'): 23 | # if installed into system path, do not muck with things 24 | sys.path.append(path) 25 | import confluent.main 26 | 27 | #import cProfile 28 | #import time 29 | #p = cProfile.Profile(time.clock) 30 | #p.enable() 31 | #try: 32 | import multiprocessing 33 | if __name__ == '__main__': 34 | multiprocessing.freeze_support() 35 | confluent.main.run() 36 | #except: 37 | # pass 38 | #p.disable() 39 | #p.print_stats(sort='cumulative') 40 | #p.print_stats(sort='time') 41 | -------------------------------------------------------------------------------- /confluent_server/bin/createcert.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | umask 0077 3 | openssl ecparam -name secp384r1 -genkey -out /etc/confluent/privkey.pem 4 | openssl req -new -x509 -key /etc/confluent/privkey.pem -days 760 -out /etc/confluent/srvcert.pem -subj /CN=$(hostname) 5 | -------------------------------------------------------------------------------- /confluent_server/buildrpm: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | cd `dirname $0` 3 | if [ -x ./makeman ]; then 4 | ./makeman 5 | fi 6 | ./makesetup 7 | VERSION=`cat VERSION` 8 | PKGNAME=$(basename $(pwd)) 9 | python3 setup.py sdist > /dev/null 2>&1 10 | cp dist/*.tar.gz ~/rpmbuild/SOURCES 11 | sed -e 's/#VERSION#/'$VERSION/ $PKGNAME.spec.tmpl > ~/rpmbuild/SPECS/$PKGNAME.spec 12 | rpmbuild -ba ~/rpmbuild/SPECS/$PKGNAME.spec 2> /dev/null |grep ^Wrote: 13 | if [ $? -ne 0 ]; then 14 | echo "[ERROR] rpmbuild returned non-zero, run: rpmbuild -ba ~/rpmbuild/SPECS/$PKGNAME.spec" 15 | exit 1 16 | else 17 | # Clean up the generated files in this directory 18 | rm -rf $PKGNAME.egg-info dist setup.py 19 | fi 20 | exit 0 21 | -------------------------------------------------------------------------------- /confluent_server/confluent/collective/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xcat2/confluent/6a90e1cc77d3e7e67982fe172cd210da56424a3f/confluent_server/confluent/collective/__init__.py -------------------------------------------------------------------------------- /confluent_server/confluent/config/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xcat2/confluent/6a90e1cc77d3e7e67982fe172cd210da56424a3f/confluent_server/confluent/config/__init__.py -------------------------------------------------------------------------------- /confluent_server/confluent/discovery/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xcat2/confluent/6a90e1cc77d3e7e67982fe172cd210da56424a3f/confluent_server/confluent/discovery/__init__.py -------------------------------------------------------------------------------- /confluent_server/confluent/discovery/handlers/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xcat2/confluent/6a90e1cc77d3e7e67982fe172cd210da56424a3f/confluent_server/confluent/discovery/handlers/__init__.py -------------------------------------------------------------------------------- /confluent_server/confluent/discovery/handlers/pxe.py: -------------------------------------------------------------------------------- 1 | # Copyright 2017 Lenovo 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # This contains functionality for passive detection and, one day, active 16 | # response to pxe 17 | 18 | 19 | import confluent.discovery.handlers.generic as generic 20 | 21 | class NodeHandler(generic.NodeHandler): 22 | https_supported = False 23 | is_enclosure = False 24 | devname = 'PXE' 25 | 26 | def __init__(self, info, configmanager): 27 | self._ipaddr = '' 28 | self.cfm = configmanager 29 | 30 | @property 31 | def cert_fail_reason(self): 32 | return 'unsupported' 33 | 34 | @property 35 | def https_cert(self): 36 | return None 37 | 38 | def config(self, nodename): 39 | return 40 | -------------------------------------------------------------------------------- /confluent_server/confluent/discovery/protocols/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xcat2/confluent/6a90e1cc77d3e7e67982fe172cd210da56424a3f/confluent_server/confluent/discovery/protocols/__init__.py -------------------------------------------------------------------------------- /confluent_server/confluent/interface/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xcat2/confluent/6a90e1cc77d3e7e67982fe172cd210da56424a3f/confluent_server/confluent/interface/__init__.py -------------------------------------------------------------------------------- /confluent_server/confluent/networking/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xcat2/confluent/6a90e1cc77d3e7e67982fe172cd210da56424a3f/confluent_server/confluent/networking/__init__.py -------------------------------------------------------------------------------- /confluent_server/confluent/plugin.py: -------------------------------------------------------------------------------- 1 | # vim: tabstop=4 shiftwidth=4 softtabstop=4 2 | 3 | # Copyright 2014 IBM Corporation 4 | # Copyright 2015-2018 Lenovo 5 | # 6 | # Licensed under the Apache License, Version 2.0 (the "License"); 7 | # you may not use this file except in compliance with the License. 8 | # You may obtain a copy of the License at 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, software 13 | # distributed under the License is distributed on an "AS IS" BASIS, 14 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | # See the License for the specific language governing permissions and 16 | # limitations under the License. 17 | 18 | 19 | class PluginCollection(object): 20 | def __init__(self, routedict, maxdepth=1): 21 | self.routeinfo = routedict 22 | self.maxdepth = maxdepth 23 | 24 | -------------------------------------------------------------------------------- /confluent_server/confluent/plugins/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xcat2/confluent/6a90e1cc77d3e7e67982fe172cd210da56424a3f/confluent_server/confluent/plugins/__init__.py -------------------------------------------------------------------------------- /confluent_server/confluent/plugins/configuration/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xcat2/confluent/6a90e1cc77d3e7e67982fe172cd210da56424a3f/confluent_server/confluent/plugins/configuration/__init__.py -------------------------------------------------------------------------------- /confluent_server/confluent/plugins/console/ikvm.py: -------------------------------------------------------------------------------- 1 | # vim: tabstop=4 shiftwidth=4 softtabstop=4 2 | 3 | # Copyright 2024 Lenovo 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | 18 | # This provides linkage between vinz and confluent, with support 19 | # for getting session authorization from the BMC 20 | 21 | import confluent.vinzmanager as vinzmanager 22 | import confluent.messages as msg 23 | 24 | 25 | def create(nodes, element, configmanager, inputdata): 26 | for node in nodes: 27 | url = vinzmanager.get_url(node, inputdata) 28 | yield msg.ChildCollection(url) 29 | 30 | 31 | def update(nodes, element, configmanager, inputdata): 32 | for node in nodes: 33 | url = vinzmanager.get_url(node, inputdata) 34 | yield msg.ChildCollection(url) 35 | -------------------------------------------------------------------------------- /confluent_server/confluent/plugins/hardwaremanagement/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xcat2/confluent/6a90e1cc77d3e7e67982fe172cd210da56424a3f/confluent_server/confluent/plugins/hardwaremanagement/__init__.py -------------------------------------------------------------------------------- /confluent_server/confluent/userutil.py: -------------------------------------------------------------------------------- 1 | from ctypes import * 2 | from ctypes.util import find_library 3 | import confluent.util as util 4 | import grp 5 | import pwd 6 | import os 7 | libc = cdll.LoadLibrary(find_library('c')) 8 | _getgrouplist = libc.getgrouplist 9 | _getgrouplist.restype = c_int32 10 | 11 | 12 | class TooSmallException(Exception): 13 | def __init__(self, count): 14 | self.count = count 15 | super(TooSmallException, self).__init__() 16 | 17 | 18 | def getgrouplist(name, gid, ng=32): 19 | _getgrouplist.argtypes = [c_char_p, c_uint, POINTER(c_uint * ng), POINTER(c_int)] 20 | glist = (c_uint * ng)() 21 | nglist = c_int(ng) 22 | if not isinstance(name, bytes): 23 | name = name.encode('utf-8') 24 | count = _getgrouplist(name, gid, byref(glist), byref(nglist)) 25 | if count < 0: 26 | raise TooSmallException(nglist.value) 27 | for gidx in range(count): 28 | gent = glist[gidx] 29 | yield grp.getgrgid(gent).gr_name 30 | 31 | 32 | def grouplist(username): 33 | username = util.stringify(username) 34 | pent = pwd.getpwnam(username) 35 | try: 36 | groups = getgrouplist(pent.pw_name, pent.pw_gid) 37 | except TooSmallException as e: 38 | groups = getgrouplist(pent.pw_name, pent.pw_gid, e.count) 39 | return list(groups) 40 | 41 | if __name__ == '__main__': 42 | import sys 43 | print(repr(grouplist(sys.argv[1]))) 44 | 45 | -------------------------------------------------------------------------------- /confluent_server/confluentdbgcli.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python2 2 | # vim: tabstop=4 shiftwidth=4 softtabstop=4 3 | 4 | # Copyright 2014 IBM Corporation 5 | # Copyright 2015-2016 Lenovo 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | 19 | import readline 20 | import socket 21 | 22 | connection = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM) 23 | self.connection.connect('/var/run/confluent/dbg.sock') 24 | 25 | readline.parse_and_bind("tab: complete") 26 | readline.parse_and_bind("set bell-style none") 27 | 28 | -------------------------------------------------------------------------------- /confluent_server/confluentsrv.spec: -------------------------------------------------------------------------------- 1 | # -*- mode: python -*- 2 | 3 | block_cipher = None 4 | 5 | 6 | a = Analysis(['c:/Python27/Scripts/confluentsrv.py'], 7 | pathex=[], 8 | hiddenimports=['pyghmi.constants', 'pyghmi.exceptions', 'pyghmi.ipmi.console', 'pyghmi.ipmi.private.constants', 'pyghmi.ipmi.private', 'pyghmi.ipmi.private.session', 'pyghmi.ipmi.command', 'pyghmi.ipmi.events', 'pyghmi.ipmi.fru', 'pyghmi.ipmi.private.spd', 'pyghmi.ipmi.oem.lookup', 'pyghmi.ipmi.oem.generic', 'pyghmi.ipmi.oem.lenovo', 'pyghmi.ipmi.private.util', 'pyghmi.ipmi.sdr'], 9 | hookspath=None, 10 | runtime_hooks=None, 11 | excludes=None, 12 | cipher=block_cipher) 13 | pyz = PYZ(a.pure, 14 | cipher=block_cipher) 15 | exe = EXE(pyz, 16 | a.scripts, 17 | exclude_binaries=True, 18 | name='confluentsrv.exe', 19 | debug=False, 20 | strip=None, 21 | upx=True, 22 | console=True ) 23 | coll = COLLECT(exe, 24 | a.binaries, 25 | a.zipfiles, 26 | a.datas, 27 | Tree('confluent/plugins', prefix='confluent/plugins'), 28 | strip=None, 29 | upx=True, 30 | name='confluentsrv') 31 | -------------------------------------------------------------------------------- /confluent_server/dbgtools/processhangtraces.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python2 2 | 3 | # Copyright 2017 Lenovo 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | import sys 18 | 19 | threadtraces = {} 20 | 21 | with open(sys.argv[1]) as tracefile: 22 | traces = tracefile.read() 23 | currtrace = None 24 | for line in traces.split("\n"): 25 | if line.startswith("Thread trace:"): 26 | if currtrace is not None: 27 | if currtrace not in threadtraces: 28 | threadtraces[currtrace] = 0 29 | threadtraces[currtrace] += 1 30 | currtrace = '' 31 | elif currtrace is not None: 32 | currtrace += line + '\n' 33 | for trace in sorted(threadtraces, key=lambda x: threadtraces[x]): 34 | print('Following stack seen {0} times'.format(threadtraces[trace])) 35 | print(trace) 36 | -------------------------------------------------------------------------------- /confluent_server/makesetup: -------------------------------------------------------------------------------- 1 | cd `dirname $0` 2 | VERSION=`git describe|cut -d- -f 1` 3 | NUMCOMMITS=`git describe|cut -d- -f 2` 4 | if [ "$NUMCOMMITS" != "$VERSION" ]; then 5 | LASTNUM=$(echo $VERSION|rev|cut -d . -f 1|rev) 6 | LASTNUM=$((LASTNUM+1)) 7 | FIRSTPART=$(echo $VERSION|rev|cut -d . -f 2- |rev) 8 | VERSION=${FIRSTPART}.${LASTNUM} 9 | VERSION=$VERSION.dev$NUMCOMMITS+`git describe|cut -d- -f 3` 10 | fi 11 | echo $VERSION > VERSION 12 | sed -e "s/#VERSION#/$VERSION/" setup.py.tmpl > setup.py 13 | if [ -f confluent/client.py ]; then 14 | echo '__version__ = "'$VERSION'"' > confluent/__init__.py 15 | fi 16 | cp ../LICENSE . 17 | -------------------------------------------------------------------------------- /confluent_server/requirements.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xcat2/confluent/6a90e1cc77d3e7e67982fe172cd210da56424a3f/confluent_server/requirements.txt -------------------------------------------------------------------------------- /confluent_server/setup.py.tmpl: -------------------------------------------------------------------------------- 1 | from setuptools import setup 2 | import os 3 | 4 | setup( 5 | name='confluent_server', 6 | version='#VERSION#', 7 | author='Lenovo', 8 | author_email='jjohnson2@lenovo.com', 9 | url='https://github.com/lenovo/confluent/', 10 | license='Apache-2.0', 11 | description='confluent systems management server', 12 | long_description='confluent systems management server', 13 | platforms=['Linux'], 14 | packages=['confluent', 'confluent/config', 'confluent/interface', 15 | 'confluent/discovery/', 16 | 'confluent/discovery/protocols/', 17 | 'confluent/discovery/handlers/', 18 | 'confluent/networking/', 19 | 'confluent/plugins/hardwaremanagement/', 20 | 'confluent/plugins/deployment/', 21 | 'confluent/plugins/console/', 22 | 'confluent/plugins/info/', 23 | 'confluent/plugins/shell/', 24 | 'confluent/collective/', 25 | 'confluent/plugins/configuration/'], 26 | scripts=['bin/confluent', 'bin/confluent_selfcheck', 'bin/confluentdbutil', 'bin/collective', 'bin/osdeploy'], 27 | data_files=[('/etc/init.d', ['sysvinit/confluent']), 28 | ('/usr/lib/sysctl.d', ['sysctl/confluent.conf']), 29 | ('/opt/confluent/share/licenses/confluent_server', ['LICENSE', 'COPYRIGHT']), 30 | ('/usr/lib/systemd/system', ['systemd/confluent.service']), 31 | ('/opt/confluent/lib/python/confluent/plugins/console/', [])], 32 | 33 | ) 34 | -------------------------------------------------------------------------------- /confluent_server/sysctl/confluent.conf: -------------------------------------------------------------------------------- 1 | # Increase available receive buffers for discovery scans 2 | net.core.rmem_max = 2097152 3 | -------------------------------------------------------------------------------- /confluent_server/systemd/confluent.service: -------------------------------------------------------------------------------- 1 | # IBM(c) 2015 Apache 2.0 2 | # Lenovo(c) 2020 Apache 2.0 3 | [Unit] 4 | Description=Confluent hardware manager 5 | 6 | [Service] 7 | Type=forking 8 | #PIDFile=/var/run/confluent/pid 9 | RuntimeDirectory=confluent 10 | CacheDirectory=confluent 11 | LogsDirectory=confluent 12 | ConfigurationDirectory=confluent 13 | ExecStart=/opt/confluent/bin/confluent 14 | ExecStop=/opt/confluent/bin/confetty shutdown / 15 | Restart=on-failure 16 | AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_SETUID CAP_SETGID CAP_CHOWN CAP_NET_RAW 17 | User=confluent 18 | Group=confluent 19 | #DevicePolicy=closed # fuse filesystem requires us to interact with /dev/fuse 20 | ProtectControlGroups=true 21 | ProtectSystem=true 22 | 23 | [Install] 24 | WantedBy=multi-user.target 25 | 26 | -------------------------------------------------------------------------------- /confluent_server/sysvinit/confluent: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # IBM(c) 2014 Apache 2.0 3 | # chkconfig: 345 85 60 4 | # description: Confluent hardware manager 5 | 6 | ### BEGIN INIT INFO 7 | # Provides: confluent 8 | # Default-Start: 3 4 5 9 | # Default-Stop: 0 1 2 6 10 | ### END INIT INFO 11 | if [ -f /etc/init.d/functions ]; then 12 | . /etc/init.d/functions 13 | LOG_SUCCESS=success 14 | LOG_FAILURE=failure 15 | elif [ -f /lib/lsb/init-functions ]; then 16 | . /lib/lsb/init-functions 17 | LOG_SUCCESS=log_success_msg 18 | LOG_FAILURE=log_failure_msg 19 | else 20 | echo "Unknown platform" 21 | exit 1 22 | fi 23 | 24 | confluent=/opt/confluent/bin/confluent 25 | confetty=/opt/confluent/bin/confetty 26 | 27 | stop() { 28 | echo -n 'Stopping Confluent: ' 29 | if [ -S /var/run/confluent/api.sock ]; then 30 | $confetty shutdown / 31 | fi 32 | $LOG_SUCCESS 33 | echo 34 | return 35 | } 36 | 37 | start() { 38 | echo -n 'Starting Confluent: ' 39 | $confluent 40 | if [ $? -eq 0 ]; then 41 | $LOG_SUCCESS 42 | echo 43 | return 0 44 | else 45 | $LOG_FAILURE 46 | echo 47 | return 1 48 | fi 49 | } 50 | 51 | case $1 in 52 | restart) 53 | stop 54 | start 55 | ;; 56 | start) 57 | start 58 | ;; 59 | stop) 60 | stop 61 | ;; 62 | status) 63 | status_of_proc -p /var/run/confluent/pid $confluent 64 | ;; 65 | esac 66 | 67 | -------------------------------------------------------------------------------- /confluent_vtbufferd/COPYING.tmt: -------------------------------------------------------------------------------- 1 | Copyright (c) 2017 Rob King 2 | All rights reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without 5 | modification, are permitted provided that the following conditions are met: 6 | * Redistributions of source code must retain the above copyright 7 | notice, this list of conditions and the following disclaimer. 8 | * Redistributions in binary form must reproduce the above copyright 9 | notice, this list of conditions and the following disclaimer in the 10 | documentation and/or other materials provided with the distribution. 11 | * Neither the name of the copyright holder nor the 12 | names of contributors may be used to endorse or promote products 13 | derived from this software without specific prior written permission. 14 | -------------------------------------------------------------------------------- /confluent_vtbufferd/Makefile: -------------------------------------------------------------------------------- 1 | vtbufferd: vtbufferd.c tmt.c 2 | gcc -O3 --std=gnu11 -o vtbufferd vtbufferd.c tmt.c 3 | 4 | clean: 5 | rm -f vtbufferd 6 | 7 | install: 8 | mkdir -p $(DESTDIR)/opt/confluent/bin 9 | $(INSTALL) -s vtbufferd $(DESTDIR)/opt/confluent/bin 10 | 11 | -------------------------------------------------------------------------------- /confluent_vtbufferd/builddeb: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -x 3 | cd `dirname $0` 4 | PKGNAME=$(basename $(pwd)) 5 | DPKGNAME=$(basename $(pwd) | sed -e s/_/-/) 6 | OPKGNAME=$(basename $(pwd) | sed -e s/_/-/) 7 | DSCARGS="--with-python3=True --with-python2=False" 8 | VERSION=`git describe|cut -d- -f 1` 9 | NUMCOMMITS=`git describe|cut -d- -f 2` 10 | if [ "$NUMCOMMITS" != "$VERSION" ]; then 11 | LASTNUM=$(echo $VERSION|rev|cut -d . -f 1|rev) 12 | LASTNUM=$((LASTNUM+1)) 13 | FIRSTPART=$(echo $VERSION|rev|cut -d . -f 2- |rev) 14 | VERSION=${FIRSTPART}.${LASTNUM} 15 | VERSION=$VERSION~dev$NUMCOMMITS+`git describe|cut -d- -f 3` 16 | fi 17 | cd .. 18 | rm -rf /tmp/confluent 19 | mkdir -p /tmp/confluent # $DPKGNAME 20 | cp -a * .git /tmp/confluent # $DPKGNAME 21 | cd /tmp/confluent 22 | mv $PKGNAME $DPKGNAME-${VERSION} 23 | sed -i s/%%VERSION%%/$VERSION/ $DPKGNAME-${VERSION}/debian/changelog 24 | tar cvzf ${DPKGNAME}_${VERSION}.orig.tar.gz $DPKGNAME-${VERSION} 25 | cd $DPKGNAME-${VERSION} 26 | debuild --no-lintian -us -uc 27 | if [ ! -z "$1" ]; then 28 | mv /tmp/confluent/${DPKGNAME}_${VERSION}*.deb $1/ 29 | fi 30 | exit 0 31 | -------------------------------------------------------------------------------- /confluent_vtbufferd/buildrpm: -------------------------------------------------------------------------------- 1 | VERSION=`git describe|cut -d- -f 1` 2 | NUMCOMMITS=`git describe|cut -d- -f 2` 3 | if [ "$NUMCOMMITS" != "$VERSION" ]; then 4 | LASTNUM=$(echo $VERSION|rev|cut -d . -f 1|rev) 5 | LASTNUM=$((LASTNUM+1)) 6 | FIRSTPART=$(echo $VERSION|rev|cut -d . -f 2- |rev) 7 | VERSION=${FIRSTPART}.${LASTNUM} 8 | VERSION=$VERSION~dev$NUMCOMMITS+`git describe|cut -d- -f 3` 9 | fi 10 | mkdir -p dist/confluent_vtbufferd-$VERSION 11 | cp ../LICENSE NOTICE *.c *.h Makefile dist/confluent_vtbufferd-$VERSION 12 | cd dist 13 | tar czf confluent_vtbufferd-$VERSION.tar.gz confluent_vtbufferd-$VERSION 14 | cd - 15 | cp dist/confluent_vtbufferd-$VERSION.tar.gz ~/rpmbuild/SOURCES 16 | sed -e 's/#VERSION#/'$VERSION/ confluent_vtbufferd.spec.tmpl > ~/rpmbuild/SPECS/confluent_vtbufferd.spec 17 | rpmbuild -ba ~/rpmbuild/SPECS/confluent_vtbufferd.spec 2> /dev/null |grep ^Wrote: 18 | if [ $? -ne 0 ]; then 19 | echo "[ERROR] rpmbuild returned non-zero, run: rpmbuild -ba ~/rpmbuild/SPECS/confluent_vtbufferd.spec" 20 | exit 1 21 | else 22 | # Clean up the generated files in this directory 23 | rm -rf dist 24 | fi 25 | 26 | 27 | -------------------------------------------------------------------------------- /confluent_vtbufferd/confluent_vtbufferd.spec.tmpl: -------------------------------------------------------------------------------- 1 | %define name confluent_vtbufferd 2 | %define version #VERSION# 3 | %define release 1 4 | %define debug_package %{nil} 5 | %define _build_id_links none 6 | 7 | Summary: Console buffer manager for confluent 8 | Name: %{name} 9 | Version: %{version} 10 | Release: %{release} 11 | Source0: %{name}-%{version}.tar.gz 12 | License: Apache2 13 | Group: Development/Libraries 14 | Vendor: Lenovo HPC Organization 15 | Url: https://github.com/lenovo/confluent/ 16 | 17 | %description 18 | Service for managing in-memory VT emulation for confluent. 19 | 20 | %prep 21 | %setup -n %{name}-%{version} -n %{name}-%{version} 22 | 23 | 24 | %build 25 | make 26 | 27 | %install 28 | mkdir -p $RPM_BUILD_ROOT/opt/confluent/bin $RPM_BUILD_ROOT/opt/confluent/share/licenses/vtbufferd 29 | cp vtbufferd $RPM_BUILD_ROOT/opt/confluent/bin/ 30 | cp NOTICE $RPM_BUILD_ROOT/opt/confluent/share/licenses/vtbufferd 31 | cp LICENSE $RPM_BUILD_ROOT/opt/confluent/share/licenses/vtbufferd 32 | 33 | %files 34 | /opt/confluent/bin/vtbufferd 35 | %license /opt/confluent/share/licenses/vtbufferd/NOTICE 36 | %license /opt/confluent/share/licenses/vtbufferd/LICENSE 37 | -------------------------------------------------------------------------------- /confluent_vtbufferd/debian/changelog: -------------------------------------------------------------------------------- 1 | confluent-vtbufferd (%%VERSION%%-1) UNRELEASED; urgency=medium 2 | 3 | * Initial release. 4 | 5 | -- Lenovo HPC Team Thu, 01 Jul 2021 19:57:36 +0000 6 | 7 | -------------------------------------------------------------------------------- /confluent_vtbufferd/debian/compat: -------------------------------------------------------------------------------- 1 | 12 2 | -------------------------------------------------------------------------------- /confluent_vtbufferd/debian/control: -------------------------------------------------------------------------------- 1 | Source: confluent-vtbufferd 2 | Maintainer: HPC Team 3 | Section: misc 4 | Priority: optional 5 | Standards-Version: 4.5.0 6 | Build-Depends: debhelper (>= 12) 7 | 8 | Package: confluent-vtbufferd 9 | Architecture: any 10 | Depends: ${shlibs:Depends}, ${misc:Depends} 11 | Description: VT buffers for confluent service 12 | Provides VT consoles in memory for redraw on connections. 13 | 14 | -------------------------------------------------------------------------------- /confluent_vtbufferd/debian/copyright: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xcat2/confluent/6a90e1cc77d3e7e67982fe172cd210da56424a3f/confluent_vtbufferd/debian/copyright -------------------------------------------------------------------------------- /confluent_vtbufferd/debian/format: -------------------------------------------------------------------------------- 1 | 3.0 (quilt) 2 | -------------------------------------------------------------------------------- /confluent_vtbufferd/debian/rules: -------------------------------------------------------------------------------- 1 | #!/usr/bin/make -f 2 | %: 3 | dh $@ 4 | -------------------------------------------------------------------------------- /confluent_web/COPYING: -------------------------------------------------------------------------------- 1 | Refer to each individual file for licensing terms 2 | -------------------------------------------------------------------------------- /confluent_web/consoles.html: -------------------------------------------------------------------------------- 1 | Console demo 2 | 3 | 4 | 5 | 6 | 7 | 8 |
9 | 10 | -------------------------------------------------------------------------------- /container/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM almalinux:8 2 | RUN ["yum", "-y", "update"] 3 | RUN ["rpm", "-ivh", "https://hpc.lenovo.com/yum/latest/el8/x86_64/lenovo-hpc-yum-1-1.x86_64.rpm"] 4 | RUN ["yum", "-y", "install", "lenovo-confluent", "tftp-server", "openssh-clients", "openssl", "vim-enhanced", "iproute"] 5 | ADD runconfluent.sh /bin/ 6 | CMD ["/bin/bash", "/bin/runconfluent.sh"] 7 | 8 | -------------------------------------------------------------------------------- /container/runconfluent.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | rm -f /var/run/confluent/pid /run/confluent/pid >& /dev/null 3 | /opt/confluent/bin/confluent -f 4 | -------------------------------------------------------------------------------- /doc/SocketProtocol.txt: -------------------------------------------------------------------------------- 1 | The socket protocol is intended for high performance at the expense of a 2 | non-standardized approach. The thinking is that with http so well supported, 3 | the socket protocol is empowered to do whatever is needed. 4 | 5 | All data across the wire is TLV values. 6 | 7 | A shorter single byte TLV variant was considered for lower overhead for things 8 | like single character, but in every case where throughput efficiency would 9 | matter is probably padded to 16 byte boundaries anyway due to block ciphers. 10 | 11 | (all data has a 4 byte TLV for now) 12 | Four byte TLs: (msb: 0b0) 13 | Type=TL & 0b01111111000000000000000000000000 >> 24: 14 | Length= TL & 0b111111111111111111111111 15 | 0: text string 16 | 1: json data 17 | 18 | (msb: 0b1 is reserved), probably never to be needed 19 | -------------------------------------------------------------------------------- /genesis/97genesis/cmdline.sh: -------------------------------------------------------------------------------- 1 | root=1 2 | rootok=1 3 | netroot=xcat 4 | clear 5 | echo PS1="'"'[genesis running on \H \w]$ '"'" >> ~/.bashrc 6 | echo PS1="'"'[genesis running on \H \w]$ '"'" >> ~/.bash_profile 7 | mkdir -p /etc/ssh 8 | mkdir -p /var/tmp/ 9 | mkdir -p /var/empty/sshd 10 | sed -i '/^root:x/d' /etc/passwd 11 | echo root:x:0:0::/:/bin/bash >> /etc/passwd 12 | echo sshd:x:30:30:SSH User:/var/empty/sshd:/sbin/nologin >> /etc/passwd 13 | /usr/lib/systemd/systemd-udevd --daemon 14 | udevadm trigger 15 | udevadm trigger --type=devices --action=add 16 | udevadm settle 17 | tmux -L console new-session /bin/rungenesis 18 | -------------------------------------------------------------------------------- /genesis/97genesis/install-gui: -------------------------------------------------------------------------------- 1 | dracut_install /usr/bin/sway /usr/bin/foot 2 | dracut_install swaynag swaymsg 3 | cp -a /etc/sway $initdir/etc/sway 4 | cp -a /usr/share/X11 $initdir/usr/share/X11 5 | cp -a /usr/share/fonts $initdir/usr/share/fonts 6 | dracut_install /usr/share/glvnd/egl_vendor.d/50_mesa.json 7 | dracut_install seatd seatd-launch 8 | if [ -e /usr/lib/x86_64-linux-gnu/libEGL_mesa.so.0 ]; then 9 | dracut_install /usr/lib/x86_64-linux-gnu/libEGL_mesa.so.0 10 | fi 11 | if [ -e /usr/lib/sysusers.d/seatd.conf ]; then 12 | dracut_install /usr/lib/sysusers.d/seatd.conf 13 | fi 14 | if grep Ubuntu /etc/os-release > /dev/null; then 15 | dracut_install /usr/share/libinput/* /etc/fonts/fonts.conf /etc/fonts/conf.d/* /usr/bin/libinput /usr/libexec/libinput/* /usr/bin/lsof 16 | dracut_install /usr/lib/udev/hwdb.d/60-input-id.hwdb 17 | dracut_install /usr/lib/udev/libinput-fuzz-to-zero 18 | dracut_install /usr/lib/udev/libinput-fuzz-extract 19 | dracut_install /usr/lib/udev/libinput-device-group 20 | dracut_install /usr/lib/udev/rules.d/60-input-id.rules 21 | dracut_install /usr/lib/udev/rules.d/90-libinput-fuzz-override.rules 22 | dracut_install /usr/lib/udev/rules.d/80-libinput-device-groups.rules 23 | dracut_install /usr/lib/udev/rules.d/60-persistent-input.rules 24 | fi 25 | -------------------------------------------------------------------------------- /genesis/97genesis/install-locale: -------------------------------------------------------------------------------- 1 | if [ -e /usr/lib/locale/locale-archive ]; then 2 | dracut_install /usr/lib/locale/locale-archive 3 | fi 4 | if [ -d /usr/lib/locale/en_US.utf8 ]; then 5 | dracut_install /usr/lib/locale/en_US.utf8/LC_ADDRESS 6 | dracut_install /usr/lib/locale/en_US.utf8/LC_COLLATE 7 | dracut_install /usr/lib/locale/en_US.utf8/LC_CTYPE 8 | dracut_install /usr/lib/locale/en_US.utf8/LC_IDENTIFICATION 9 | dracut_install /usr/lib/locale/en_US.utf8/LC_MEASUREMENT 10 | dracut_install /usr/lib/locale/en_US.utf8/LC_MESSAGES 11 | dracut_install /usr/lib/locale/en_US.utf8/LC_MESSAGES/SYS_LC_MESSAGES 12 | dracut_install /usr/lib/locale/en_US.utf8/LC_MONETARY 13 | dracut_install /usr/lib/locale/en_US.utf8/LC_NAME 14 | dracut_install /usr/lib/locale/en_US.utf8/LC_NUMERIC 15 | dracut_install /usr/lib/locale/en_US.utf8/LC_PAPER 16 | dracut_install /usr/lib/locale/en_US.utf8/LC_TELEPHONE 17 | dracut_install /usr/lib/locale/en_US.utf8/LC_TIME 18 | dracut_install /usr/share/locale/locale.alias 19 | fi 20 | -------------------------------------------------------------------------------- /genesis/97genesis/installkernel: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | if grep Ubuntu /etc/os-release > /dev/null; then # must include specific drivers 3 | instmods hid usbhid hid_generic xhci_pci xhci_pci_renesas 4 | instmods virtio_gpu ast bochs dmi_sysfs 5 | instmods nls_iso8859-1 6 | fi 7 | instmods virtio_net 8 | instmods e1000 e1000e igb sfc mlx5_ib mlx5_core mlx4_en cxgb3 cxgb4 tg3 bnx2 bnx2x bna ixgb ixgbe qlge mptsas mpt2sas mpt3sas megaraid_sas ahci xhci-hcd sd_mod pmcraid be2net vfat ext3 ext4 usb_storage scsi_wait_scan ipmi_si ipmi_devintf qlcnic xfs 9 | instmods nvme 10 | instmods cdc_ether r8152 11 | instmods mptctl 12 | instmods mlx4_ib mlx5_ub ib_umad ib_ipoib 13 | instmods ice i40e hfi1 bnxt_en qed qede 14 | instmods dm-mod dm-log raid0 raid1 raid10 raid456 dm-raid dm-thin-pool dm-crypt dm-snapshot linear dm-era 15 | -------------------------------------------------------------------------------- /genesis/97genesis/module-setup.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/bash 2 | 3 | # called by dracut 4 | check() { 5 | return 0 6 | } 7 | install() { 8 | . $moddir/install-base 9 | if [ -x /usr/bin/sway ]; then 10 | . $moddir/install-gui 11 | fi 12 | 13 | . $moddir/install-locale 14 | if [ -d /usr/lib64/python3.13/ ]; then 15 | . $moddir/install-python313 16 | elif [ -d /usr/lib/python3.12/ ]; then 17 | . $moddir/install-python312 18 | elif [ -d /usr/lib64/python3.9/ ]; then 19 | . $moddir/install-python39 20 | 21 | fi 22 | } 23 | 24 | installkernel() { 25 | . $moddir/installkernel 26 | } 27 | 28 | -------------------------------------------------------------------------------- /genesis/confluent-genesis.spec: -------------------------------------------------------------------------------- 1 | %define arch x86_64 2 | Version: 3.13.0 3 | Release: 1 4 | Name: confluent-genesis-%{arch} 5 | BuildArch: noarch 6 | Summary: Genesis servicing image for confluent 7 | Source0: confluent-genesis.tar 8 | URL: https://github.com/lenovo/confluent 9 | AutoReq: false 10 | AutoProv: false 11 | License: Various 12 | 13 | %Description 14 | A small linux environment to proved a servicing image to boot systems into if needed. 15 | 16 | %prep 17 | 18 | %build 19 | 20 | %install 21 | mkdir -p $RPM_BUILD_ROOT 22 | cd $RPM_BUILD_ROOT 23 | mkdir -p opt/confluent/genesis/%{arch} 24 | cd opt/confluent/genesis/%{arch} 25 | tar xvf %{SOURCE0} 26 | find . -type d -exec chmod o+rx {} + 27 | find . -type f -exec chmod o+r {} + 28 | find . -type f -exec chmod -x {} + 29 | 30 | %files 31 | /opt/confluent/genesis/%{arch}/rpmlist 32 | /opt/confluent/genesis/%{arch}/boot/efi/boot/BOOTX64.EFI 33 | /opt/confluent/genesis/%{arch}/boot/efi/boot/grubx64.efi 34 | /opt/confluent/genesis/%{arch}/boot/initramfs/distribution 35 | /opt/confluent/genesis/%{arch}/boot/kernel 36 | -------------------------------------------------------------------------------- /genesis/firefox/firefoxlibs: -------------------------------------------------------------------------------- 1 | usr/lib64/libgtk-3.so.0 2 | usr/lib64/libgdk-3.so.0 3 | usr/lib64/libcairo-gobject.so.2 4 | usr/lib64/libgdk_pixbuf-2.0.so.0 5 | usr/lib64/libatk-1.0.so.0 6 | usr/lib64/libepoxy.so.0 7 | usr/lib64/libXi.so.6 8 | usr/lib64/libatk-bridge-2.0.so.0 9 | usr/lib64/libcloudproviders.so.0 10 | usr/lib64/libtracker-sparql-3.0.so.0 11 | usr/lib64/libXfixes.so.3 12 | usr/lib64/libgdk_pixbuf-2.0.so.0 13 | usr/lib64/libcairo-gobject.so.2 14 | usr/lib64/libepoxy.so.0 15 | usr/lib64/libwayland-egl.so.1 16 | usr/lib64/libXi.so.6 17 | usr/lib64/libXcursor.so.1 18 | usr/lib64/libXdamage.so.1 19 | usr/lib64/libXfixes.so.3 20 | usr/lib64/libXcomposite.so.1 21 | usr/lib64/libXrandr.so.2 22 | usr/lib64/libXinerama.so.1 23 | usr/lib64/libjpeg.so.62 24 | usr/lib64/libatspi.so.0 25 | usr/lib64/libdbus-1.so.3 26 | usr/lib64/libjson-glib-1.0.so.0 27 | usr/lib64/libasound.so.2 28 | usr/lib64/libplc4.so 29 | usr/lib64/libssl3.so 30 | usr/lib64/libsmime3.so 31 | usr/lib64/libnss3.so 32 | usr/lib64/libnssutil3.so 33 | usr/lib64/libwebp.so.7 34 | usr/lib64/libwebpdemux.so.2 35 | usr/lib64/libvpx.so.9 36 | usr/lib64/libX11-xcb.so.1 37 | usr/lib64/libplds4.so 38 | usr/lib64/libplds4.so 39 | usr/lib64/libplds4.so 40 | usr/lib64/libsharpyuv.so.0 41 | usr/lib64/libsoftokn3.so 42 | etc/alternatives/libnssckbi.so.x86_64 43 | usr/lib64/pkcs11/p11-kit-trust.so 44 | etc/pki 45 | usr/share/pki 46 | usr/lib64/libnssckbi.so 47 | usr/lib64/libtasn1.so.6 48 | usr/lib64/libtasn1.so.6.6.4 49 | usr/lib64/libnspr4.so 50 | -------------------------------------------------------------------------------- /genesis/firefox/makelayer.sh: -------------------------------------------------------------------------------- 1 | cd $(dirname $0) 2 | mydir=$(pwd) 3 | cd - 4 | cd / 5 | tar -czvhf /tmp/firefox.tgz usr/bin/firefox usr/lib64/firefox $(cat $mydir/firefoxlibs) 6 | cd - 7 | -------------------------------------------------------------------------------- /imgutil/builddeb: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | VERSION=`git describe|cut -d- -f 1` 3 | NUMCOMMITS=`git describe|cut -d- -f 2` 4 | if [ "$NUMCOMMITS" != "$VERSION" ]; then 5 | LASTNUM=$(echo $VERSION|rev|cut -d . -f 1|rev) 6 | LASTNUM=$((LASTNUM+1)) 7 | FIRSTPART=$(echo $VERSION|rev|cut -d . -f 2- |rev) 8 | VERSION=${FIRSTPART}.${LASTNUM} 9 | VERSION=$VERSION~dev$NUMCOMMITS+`git describe|cut -d- -f 3` 10 | fi 11 | mkdir -p /tmp/confluent-imgutil 12 | cp -a * /tmp/confluent-imgutil 13 | cp ../LICENSE /tmp/confluent-imgutil 14 | cd /tmp/confluent-imgutil 15 | rm -rf deb/confluent_imgutil_$VERSION/ 16 | mkdir -p deb/confluent_imgutil_$VERSION/DEBIAN/ 17 | mkdir -p deb/confluent_imgutil_$VERSION/opt/confluent/lib/imgutil 18 | mkdir -p deb/confluent_imgutil_$VERSION/opt/confluent/bin 19 | mv imgutil deb/confluent_imgutil_$VERSION/opt/confluent/bin/ 20 | chmod a+x deb/confluent_imgutil_$VERSION/opt/confluent/bin/imgutil 21 | mv ubuntu* suse15 el7 el9 el8 deb/confluent_imgutil_$VERSION/opt/confluent/lib/imgutil/ 22 | mkdir -p deb/confluent_imgutil_$VERSION/opt/confluent/share/licenses/confluent_imgutil 23 | cp LICENSE deb/confluent_imgutil_$VERSION/opt/confluent/share/licenses/confluent_imgutil 24 | sed -e 's/#VERSION#/'$VERSION/ control.tmpl > deb/confluent_imgutil_$VERSION/DEBIAN/control 25 | dpkg-deb --build deb/confluent_imgutil_$VERSION 26 | if [ ! -z "$1" ]; then 27 | mv deb/confluent_imgutil_$VERSION.deb $1 28 | fi 29 | -------------------------------------------------------------------------------- /imgutil/buildrpm: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | VERSION=`git describe|cut -d- -f 1` 3 | NUMCOMMITS=`git describe|cut -d- -f 2` 4 | if [ "$NUMCOMMITS" != "$VERSION" ]; then 5 | LASTNUM=$(echo $VERSION|rev|cut -d . -f 1|rev) 6 | LASTNUM=$((LASTNUM+1)) 7 | FIRSTPART=$(echo $VERSION|rev|cut -d . -f 2- |rev) 8 | VERSION=${FIRSTPART}.${LASTNUM} 9 | VERSION=$VERSION~dev$NUMCOMMITS+`git describe|cut -d- -f 3` 10 | fi 11 | sed -e "s/#VERSION#/$VERSION/" confluent_imgutil.spec.tmpl > confluent_imgutil.spec 12 | cp ../LICENSE . 13 | cd .. 14 | tar Jcvf confluent_imgutil.tar.xz imgutil 15 | mv confluent_imgutil.tar.xz ~/rpmbuild/SOURCES/ 16 | cd - 17 | rpmbuild -ba confluent_imgutil.spec 18 | -------------------------------------------------------------------------------- /imgutil/confluent_imgutil.spec.tmpl: -------------------------------------------------------------------------------- 1 | Name: confluent_imgutil 2 | Version: #VERSION# 3 | Release: 1 4 | Summary: Confluent OS imaging utility 5 | License: Apache2 6 | URL: https://hpc.lenovo.com/ 7 | Source: confluent_imgutil.tar.xz 8 | BuildArch: noarch 9 | BuildRoot: /tmp/ 10 | %if "%{dist}" == ".el8" 11 | Requires: squashfs-tools cpio 12 | %else 13 | %if "%{dist}" == ".el9" 14 | Requires: squashfs-tools cpio 15 | %else 16 | %if "%{dist}" == ".el7" 17 | Requires: squashfs-tools cpio 18 | %else 19 | Requires: squashfs 20 | %endif 21 | %endif 22 | %endif 23 | 24 | 25 | %description 26 | Utility for generating, modifying, and packing confluent deployment 27 | images for diskless boot. 28 | 29 | %prep 30 | %setup -n imgutil 31 | 32 | %build 33 | mkdir -p opt/confluent/lib/imgutil 34 | mkdir -p opt/confluent/bin 35 | mv imgutil opt/confluent/bin/ 36 | chmod a+x opt/confluent/bin/imgutil 37 | mv ubuntu* suse15 el7 el9 el8 opt/confluent/lib/imgutil/ 38 | mkdir -p opt/confluent/share/licenses/confluent_imgutil 39 | cp LICENSE opt/confluent/share/licenses/confluent_imgutil 40 | 41 | %install 42 | cp -a opt %{buildroot}/ 43 | 44 | %files 45 | /opt/confluent/bin/imgutil 46 | /opt/confluent/lib/imgutil 47 | %license /opt/confluent/share/licenses/confluent_imgutil/LICENSE 48 | -------------------------------------------------------------------------------- /imgutil/control.tmpl: -------------------------------------------------------------------------------- 1 | Package: confluent-imgutil 2 | Version: #VERSION# 3 | Section: base 4 | Priority: optional 5 | Maintainer: Jarrod Johnson 6 | Description: Web frontend for confluent server 7 | Architecture: all 8 | Depends: debootstrap 9 | 10 | -------------------------------------------------------------------------------- /imgutil/el7/dracut/installkernel: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | instmods nfsv3 nfs_acl nfsv4 dns_resolver lockd fscache sunrpc 3 | instmods e1000 e1000e igb sfc mlx5_ib mlx5_core mlx4_en cxgb3 cxgb4 tg3 bnx2 bnx2x bna ixgb ixgbe qlge mptsas mpt2sas mpt3sas megaraid_sas ahci xhci-hcd sd_mod pmcraid be2net vfat ext3 ext4 usb_storage scsi_wait_scan ipmi_si ipmi_devintf qlcnic xfs 4 | instmods nvme 5 | instmods cdc_ether 6 | instmods mptctl 7 | instmods mlx4_ib mlx5_ub ib_umad ib_ipoib 8 | instmods ice i40e hfi1 bnxt_en qed qede 9 | instmods dm-mod dm-log raid0 raid1 raid10 raid456 dm-raid dm-thin-pool dm-crypt dm-snapshot linear dm-era 10 | # nfs root and optionally gocryptfs 11 | instmods fuse overlay squashfs loop zram 12 | instmods aesni_intel drbg 13 | -------------------------------------------------------------------------------- /imgutil/el7/pkglist: -------------------------------------------------------------------------------- 1 | yum 2 | hostname 3 | irqbalance 4 | less 5 | sssd-client 6 | NetworkManager 7 | nfs-utils 8 | numactl-libs 9 | passwd 10 | rootfiles 11 | sudo 12 | tuned 13 | yum 14 | initscripts 15 | xfsprogs 16 | e2fsprogs 17 | fuse-libs 18 | libnl3 19 | chrony kernel net-tools nfs-utils openssh-server rsync tar util-linux python3 tar dracut dracut-network ethtool parted openssl dhclient openssh-clients bash vim-minimal rpm iputils lvm2 efibootmgr shim-x64.x86_64 grub2-efi-x64 attr 20 | -------------------------------------------------------------------------------- /imgutil/el8/dracut/installkernel: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | instmods nfsv3 nfs_acl nfsv4 dns_resolver lockd fscache sunrpc 3 | instmods e1000 e1000e igb sfc mlx5_ib mlx5_core mlx4_en cxgb3 cxgb4 tg3 bnx2 bnx2x bna ixgb ixgbe qlge mptsas mpt2sas mpt3sas megaraid_sas ahci xhci-hcd sd_mod pmcraid be2net vfat ext3 ext4 usb_storage scsi_wait_scan ipmi_si ipmi_devintf qlcnic xfs 4 | instmods nvme 5 | instmods cdc_ether r8152 6 | instmods r8169 7 | instmods vmxnet3 virtio_net 8 | instmods mptctl 9 | instmods mlx4_ib mlx5_ub ib_umad ib_ipoib 10 | instmods ice i40e hfi1 bnxt_en qed qede 11 | instmods dm-mod dm-log raid0 raid1 raid10 raid456 dm-raid dm-thin-pool dm-crypt dm-snapshot linear dm-era 12 | # nfs root and optionally gocryptfs 13 | instmods fuse overlay squashfs loop zram 14 | -------------------------------------------------------------------------------- /imgutil/el8/pkglist: -------------------------------------------------------------------------------- 1 | dnf 2 | hostname 3 | irqbalance 4 | less 5 | sssd-client 6 | NetworkManager 7 | nfs-utils 8 | numactl-libs 9 | passwd 10 | rootfiles 11 | sudo 12 | tuned 13 | yum 14 | initscripts 15 | tpm2-tools 16 | xfsprogs 17 | e2fsprogs 18 | fuse-libs 19 | libnl3 20 | chrony kernel net-tools nfs-utils openssh-server rsync tar util-linux python3 tar dracut dracut-network ethtool parted openssl dhclient openssh-clients bash vim-minimal rpm iputils lvm2 efibootmgr shim-x64.x86_64 grub2-efi-x64 attr 21 | -------------------------------------------------------------------------------- /imgutil/el8/pkglist.aarch64: -------------------------------------------------------------------------------- 1 | dnf 2 | hostname 3 | irqbalance 4 | less 5 | sssd-client 6 | NetworkManager 7 | nfs-utils 8 | numactl-libs 9 | passwd 10 | rootfiles 11 | sudo 12 | tuned 13 | yum 14 | initscripts 15 | tpm2-tools 16 | xfsprogs 17 | e2fsprogs 18 | fuse-libs 19 | libnl3 20 | chrony kernel net-tools nfs-utils openssh-server rsync tar util-linux python3 tar dracut dracut-network ethtool parted openssl dhclient openssh-clients bash vim-minimal rpm iputils lvm2 efibootmgr shim-aa64 grub2-efi-aa64 attr 21 | -------------------------------------------------------------------------------- /imgutil/el9/dracut/installkernel: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | instmods nfsv3 nfs_acl nfsv4 dns_resolver lockd fscache sunrpc 3 | instmods e1000 e1000e igb sfc mlx5_ib mlx5_core mlx4_en cxgb3 cxgb4 tg3 bnx2 bnx2x bna ixgb ixgbe qlge mptsas mpt2sas mpt3sas megaraid_sas ahci xhci-hcd sd_mod pmcraid be2net vfat ext3 ext4 usb_storage scsi_wait_scan ipmi_si ipmi_devintf qlcnic xfs 4 | instmods nvme 5 | instmods cdc_ether r8152 6 | instmods r8169 7 | instmods vmxnet3 virtio_net 8 | instmods mptctl 9 | instmods mlx4_ib mlx5_ub ib_umad ib_ipoib 10 | instmods ice i40e hfi1 bnxt_en qed qede 11 | instmods dm-mod dm-log raid0 raid1 raid10 raid456 dm-raid dm-thin-pool dm-crypt dm-snapshot linear dm-era 12 | # nfs root and optionally gocryptfs 13 | instmods fuse overlay squashfs loop zram 14 | -------------------------------------------------------------------------------- /imgutil/el9/pkglist: -------------------------------------------------------------------------------- 1 | dnf 2 | hostname 3 | irqbalance 4 | less 5 | sssd-client 6 | NetworkManager 7 | nfs-utils 8 | numactl-libs 9 | passwd 10 | rootfiles 11 | sudo 12 | tuned 13 | yum 14 | initscripts 15 | tpm2-tools 16 | xfsprogs 17 | e2fsprogs 18 | fuse-libs 19 | libnl3 20 | chrony kernel net-tools nfs-utils openssh-server rsync tar util-linux python3 tar dracut dracut-network ethtool parted openssl dhclient openssh-clients bash vim-minimal rpm iputils lvm2 efibootmgr shim-x64.x86_64 grub2-efi-x64 attr 21 | -------------------------------------------------------------------------------- /imgutil/el9/pkglist.aarch64: -------------------------------------------------------------------------------- 1 | dnf 2 | hostname 3 | irqbalance 4 | less 5 | sssd-client 6 | NetworkManager 7 | nfs-utils 8 | numactl-libs 9 | passwd 10 | rootfiles 11 | sudo 12 | tuned 13 | yum 14 | initscripts 15 | tpm2-tools 16 | xfsprogs 17 | e2fsprogs 18 | fuse-libs 19 | libnl3 20 | chrony kernel net-tools nfs-utils openssh-server rsync tar util-linux python3 tar dracut dracut-network ethtool parted openssl dhclient openssh-clients bash vim-minimal rpm iputils lvm2 efibootmgr shim-aa64 grub2-efi-aa64 attr 21 | -------------------------------------------------------------------------------- /imgutil/suse15/dracut/installkernel: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | instmods nfsv3 nfs_acl nfsv4 dns_resolver lockd fscache sunrpc 3 | instmods e1000 e1000e igb sfc mlx5_ib mlx5_core mlx4_en cxgb3 cxgb4 tg3 bnx2 bnx2x bna ixgb ixgbe qlge mptsas mpt2sas mpt3sas megaraid_sas ahci xhci-hcd sd_mod pmcraid be2net vfat ext3 ext4 usb_storage scsi_wait_scan ipmi_si ipmi_devintf qlcnic xfs 4 | instmods nvme 5 | instmods cdc_ether r8152 6 | instmods mptctl 7 | instmods mlx4_ib mlx5_ub ib_umad ib_ipoib 8 | instmods ice i40e hfi1 bnxt_en qed qede 9 | instmods dm-mod dm-log raid0 raid1 raid10 raid456 dm-raid dm-thin-pool dm-crypt dm-snapshot linear dm-era 10 | # nfs root and optionally gocryptfs 11 | instmods fuse overlay squashfs loop zram 12 | -------------------------------------------------------------------------------- /imgutil/suse15/pkglist: -------------------------------------------------------------------------------- 1 | hostname 2 | curl 3 | irqbalance 4 | less 5 | sudo 6 | tuned 7 | xfsprogs 8 | e2fsprogs 9 | chrony net-tools rsync tar util-linux python3 tar dracut ethtool parted openssl bash rpm iputils lvm2 efibootmgr attr 10 | dhcp-client 11 | zypper 12 | grub2-x86_64-efi 13 | libfuse2 14 | openssh 15 | shim 16 | kernel-default 17 | tpm2.0-tools 18 | wicked 19 | vim 20 | -------------------------------------------------------------------------------- /imgutil/ubuntu/initramfs-tools/conf.d/confluent.conf: -------------------------------------------------------------------------------- 1 | MODULES=list 2 | COMPRESS=xz 3 | FRAMEBUFFER=n 4 | CONFLUENTDISKLESS=y 5 | -------------------------------------------------------------------------------- /imgutil/ubuntu/pkglist: -------------------------------------------------------------------------------- 1 | linux-generic 2 | shim-signed 3 | grub-efi-amd64-bin 4 | busybox-initramfs 5 | busybox-static 6 | curl 7 | efibootmgr 8 | fuse 9 | gawk 10 | cpio 11 | distro-info 12 | dmidecode 13 | initramfs-tools 14 | initramfs-tools-bin 15 | initramfs-tools-core 16 | lvm2 17 | lshw 18 | lsof 19 | mdadm 20 | openssh-client 21 | openssh-server 22 | openssh-sftp-server 23 | pci.ids 24 | pciutils 25 | psmisc 26 | rsync 27 | squashfs-tools 28 | strace 29 | tcpdump 30 | tmux 31 | ubuntu-server 32 | ubuntu-standard 33 | usb.ids 34 | usbutils 35 | vim 36 | uuid-runtime 37 | wget 38 | xfsprogs 39 | bind9-host 40 | bind9-libs 41 | bind9-dnsutils 42 | libmaxminddb0 43 | libuv1 44 | dbus-user-session 45 | tpm2-tools 46 | -------------------------------------------------------------------------------- /imgutil/ubuntu20.04: -------------------------------------------------------------------------------- 1 | ubuntu -------------------------------------------------------------------------------- /imgutil/ubuntu22.04: -------------------------------------------------------------------------------- 1 | ubuntu -------------------------------------------------------------------------------- /imgutil/ubuntu24.04: -------------------------------------------------------------------------------- 1 | ubuntu -------------------------------------------------------------------------------- /misc/adoptnode.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | TARGNODE=$1 3 | TARGPROF=$2 4 | if [ -z "$TARGNODE" ] ; then 5 | echo "Target node must be specified" 6 | exit 1 7 | fi 8 | if [ -z "$TARGPROF" ]; then 9 | echo "Target profile must be specified" 10 | exit 1 11 | fi 12 | nodedefine $TARGNODE deployment.apiarmed=once deployment.profile=$TARGPROF deployment.useinsecureprotocols= deployment.pendingprofile=$TARGPROF 13 | cat /var/lib/confluent/public/site/ssh/*pubkey | ssh $TARGNODE "mkdir -p /root/.ssh/; cat - >> /root/.ssh/authorized_keys" 14 | ssh $TARGNODE mkdir -p /etc/confluent /opt/confluent/bin 15 | cat /var/lib/confluent/public/site/tls/*.pem | ssh $TARGNODE "cat - >> /etc/confluent/ca.pem" 16 | cat /var/lib/confluent/public/site/tls/*.pem | ssh $TARGNODE "cat - >> /etc/pki/ca-trust/source/anchors/confluent.pem" 17 | nodeattrib $TARGNODE id.uuid=$(ssh $TARGNODE cat /sys/devices/virtual/dmi/id/product_uuid) 18 | scp prepadopt.sh $TARGNODE:/tmp/ 19 | scp finalizeadopt.sh $TARGNODE:/tmp/ 20 | ssh $TARGNODE bash /tmp/prepadopt.sh $TARGNODE $TARGPROF 21 | nodeattrib $TARGNODE deployment.pendingprofile= 22 | nodeapply $TARGNODE -k 23 | ssh $TARGNODE sh /tmp/finalizeadopt.sh 24 | -------------------------------------------------------------------------------- /misc/disablepasscomplexity.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python2 2 | import pyghmi.util.webclient as webclient 3 | import json 4 | import os 5 | import sys 6 | 7 | missingargs = False 8 | if 'XCCUSER' not in os.environ: 9 | print('Must set XCCUSER environment variable') 10 | missingargs = True 11 | if 'XCCPASS' not in os.environ: 12 | print('Must set XCCPASS environment variable') 13 | missingargs = True 14 | if missingargs: 15 | sys.exit(1) 16 | 17 | w = webclient.SecureHTTPConnection(sys.argv[1], 443, verifycallback=lambda x: True) 18 | w.connect() 19 | adata = json.dumps({'username': os.environ['XCCUSER'], 'password': os.environ['XCCPASS']}) 20 | headers = {'Connection': 'keep-alive', 'Content-Type': 'application/json'} 21 | w.request('POST', '/api/login', adata, headers) 22 | rsp = w.getresponse() 23 | if rsp.status == 200: 24 | rspdata = json.loads(rsp.read()) 25 | w.set_header('Content-Type', 'application/json') 26 | w.set_header('Authorization', 'Bearer ' + rspdata['access_token']) 27 | if '_csrf_token' in w.cookies: 28 | w.set_header('X-XSRF-TOKEN', w.cookies['_csrf_token']) 29 | print(repr(w.grab_json_response('/api/dataset', { 30 | 'USER_GlobalPassComplexRequired': '0', 31 | }))) 32 | 33 | -------------------------------------------------------------------------------- /misc/finalizeadopt.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | if ! grep ^HostbasedAuthentication /etc/ssh/sshd_config > /dev/null; then 3 | echo HostbasedAuthentication yes >> /etc/ssh/sshd_config 4 | echo HostbasedUsesNameFromPacketOnly yes >> /etc/ssh/sshd_config 5 | echo IgnoreRhosts no >> /etc/ssh/sshd_config 6 | fi 7 | for certfile in /etc/ssh/*cert*; do 8 | if ! grep $certfile /etc/ssh/sshd_config > /dev/null; then 9 | echo HostCertificate $certfile >> /etc/ssh/sshd_config 10 | fi 11 | done 12 | if [ -d /etc/ssh/ssh_config.d/ ]; then 13 | cat > /etc/ssh/ssh_config.d/01-confluent.conf << EOF 14 | Host * 15 | HostbasedAuthentication yes 16 | EnableSSHKeysign yes 17 | HostbasedKeyTypes *ed25519* 18 | EOF 19 | else 20 | if ! grep EnableSSHKeysign /etc/ssh/ssh_config > /dev/null; then 21 | cat >> /etc/ssh/ssh_config << EOF 22 | Host * 23 | HostbasedAuthentication yes 24 | EnableSSHKeysign yes 25 | # HostbasedKeyTypes *ed25519* 26 | EOF 27 | fi 28 | fi 29 | restorecon -r /etc/ssh 30 | restorecon /root/.shosts 31 | 32 | systemctl restart sshd 33 | -------------------------------------------------------------------------------- /misc/forceinventory.py: -------------------------------------------------------------------------------- 1 | import pyghmi.ipmi.command as cmd 2 | import sys 3 | import os 4 | # alternatively, the following ipmi raw sequence: 5 | # 0x3a 0xc4 0x3 0x0 0x21 0x1 0x9d 0x2f 0x76 0x32 0x2f 0x69 0x62 0x6d 0x63 0x2f 0x75 0x65 0x66 0x69 0x2f 0x66 0x6f 0x72 0x63 0x65 0x2d 0x69 0x6e 0x76 0x65 0x6e 0x74 0x6f 0x72 0x79 0x11 0x1 6 | 7 | c = cmd.Command(sys.argv[1], os.environ['XCCUSER'], os.environ['XCCPASS'], verifycallback=lambda x: True) 8 | c.oem_init() 9 | c._oem.immhandler.set_property('/v2/ibmc/uefi/force-inventory', 1) 10 | -------------------------------------------------------------------------------- /misc/getpass.py: -------------------------------------------------------------------------------- 1 | import confluent.config.configmanager as cfm 2 | import sys 3 | c = cfm.ConfigManager(None) 4 | cfg = c.get_node_attributes(sys.argv[1], 'secret.*', decrypt=True) 5 | for node in cfg: 6 | for attr in cfg[node]: 7 | val = cfg[node][attr]['value'] 8 | if not isinstance(val, str): 9 | val = val.decode('utf8') 10 | print('{}: {}'.format(attr, val)) 11 | -------------------------------------------------------------------------------- /misc/getusbnicaddr: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | import glob 3 | import os 4 | import select 5 | import socket 6 | 7 | 8 | def scan_nic(nicidx): 9 | srvs = {} 10 | s6 = socket.socket(socket.AF_INET6, socket.SOCK_DGRAM) 11 | s6.setsockopt(socket.IPPROTO_IPV6, socket.IPV6_V6ONLY, 1) 12 | s6.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEPORT, 1) 13 | s6.bind(('::', 0)) 14 | msg = b'M-SEARCH * HTTP/1.1\r\nHOST: [ff02::c]:1900\r\nMAN: "ssdp:discover"\r\nST: urn:dmtf-org:service:redfish-rest:1\r\nMX: 3\r\n\r\n' 15 | s6.setsockopt(socket.IPPROTO_IPV6, socket.IPV6_MULTICAST_IF, nicidx) 16 | s6.sendto(msg, ('ff02::c', 1900)) 17 | (rsp, peer) = s6.recvfrom(9000) 18 | print('{}%{}'.format(peer[0], nicidx)) 19 | 20 | if __name__ == '__main__': 21 | for nic in glob.glob('/sys/class/net/*'): 22 | nic = os.path.basename(nic) 23 | try: 24 | driver = os.readlink('/sys/class/net/{}/device/driver/module'.format(nic)) 25 | except: 26 | continue 27 | if 'cdc_ether' not in driver: 28 | continue 29 | idx = int(open('/sys/class/net/{}/ifindex'.format(nic)).read()) 30 | break 31 | scan_nic(idx) 32 | -------------------------------------------------------------------------------- /misc/grabscreenshot.py: -------------------------------------------------------------------------------- 1 | import base64 2 | import pyghmi.redfish.command as ic 3 | import pyghmi.util.webclient as webclient 4 | import sys 5 | import os 6 | import time 7 | 8 | def iterm_draw(databuf): 9 | datalen = len(databuf) 10 | data = base64.b64encode(databuf).decode('utf8') 11 | sys.stdout.write( 12 | '\x1b]1337;File=inline=1;size={}:'.format(datalen)) 13 | sys.stdout.write(data) 14 | sys.stdout.write('\a') 15 | sys.stdout.write('\n') 16 | sys.stdout.flush() 17 | 18 | 19 | i = ic.Command(sys.argv[1], os.environ['XCCUSER'], os.environ['XCCPASS'], verifycallback=lambda x: True) 20 | i.get_health() 21 | #url = '/download/Mini_ScreenShot.png?t={}'.format(int(time.time()*1000)) 22 | i.oem.wc.grab_json_response('/api/providers/rp_screenshot') 23 | url = '/download/HostScreenShot.png' 24 | fd = webclient.FileDownloader(i.oem.wc, url, sys.argv[2]) 25 | fd.start() 26 | fd.join() 27 | if sys.argv[3]: 28 | imgdata = open(sys.argv[2], 'rb').read() 29 | iterm_draw(imgdata) 30 | 31 | 32 | -------------------------------------------------------------------------------- /misc/installcert.py: -------------------------------------------------------------------------------- 1 | import argparse 2 | import pyghmi.redfish.command as cmd 3 | import os 4 | import sys 5 | 6 | ap = argparse.ArgumentParser(description='Certificate Generate') 7 | ap.add_argument('xcc', help='XCC address') 8 | ap.add_argument('cert', help='Certificate in PEM format') 9 | args = ap.parse_args() 10 | 11 | cert = open(args.cert, 'r').read() 12 | c = cmd.Command(args.xcc, os.environ['XCCUSER'], os.environ['XCCPASS'], 13 | verifycallback=lambda x: True) 14 | overview = c._do_web_request('/redfish/v1/') 15 | cs = overview.get('CertificateService', {}).get('@odata.id', None) 16 | if cs: 17 | csinfo = c._do_web_request(cs) 18 | gcsr = csinfo.get('Actions', {}).get('#CertificateService.ReplaceCertificate', {}).get('target', None) 19 | if gcsr: 20 | repcertargs = { 21 | 'CertificateUri': { '@odata.id': '/redfish/v1/Managers/1/NetworkProtocol/HTTPS/Certificates/1' }, 22 | 'CertificateType': 'PEM', 23 | 'CertificateString': cert } 24 | print(repr(c._do_web_request(gcsr, repcertargs))) 25 | sys.exit(0) 26 | 27 | #CertificateService.ReplaceCertificate 28 | wc = c.oem.wc 29 | cert = open(args.cert, 'rb').read() 30 | res = wc.grab_json_response_with_status('/api/function', {'Sec_ImportCert': '0,1,0,0,,{0}'.format(cert)}) 31 | print(repr(res)) 32 | -------------------------------------------------------------------------------- /misc/installxcccert.py: -------------------------------------------------------------------------------- 1 | import argparse 2 | import pyghmi.redfish.command as cmd 3 | import os 4 | import sys 5 | 6 | ap = argparse.ArgumentParser(description='Certificate Generate') 7 | ap.add_argument('xcc', help='XCC address') 8 | ap.add_argument('cert', help='Certificate in PEM format') 9 | args = ap.parse_args() 10 | 11 | c = cmd.Command(args.xcc, os.environ['XCCUSER'], os.environ['XCCPASS'], 12 | verifycallback=lambda x: True) 13 | wc = c.oem.wc 14 | rawcert = open(args.cert, 'r').read() 15 | cert = '' 16 | incert = False 17 | for line in rawcert.split('\n'): 18 | if incert or '-----BEGIN CERTIFICATE-----' in line: 19 | incert = True 20 | cert += line + '\n' 21 | res = wc.grab_json_response_with_status('/api/function', {'Sec_ImportCert': '0,1,0,0,,{0}'.format(cert)}) 22 | print(repr(res)) 23 | -------------------------------------------------------------------------------- /misc/mac2lla.py: -------------------------------------------------------------------------------- 1 | def mac_to_lladdr(mac): 2 | macpieces = [] 3 | mac = mac.replace('-', ':') 4 | for byte in mac.split(':'): 5 | macpieces.append(int(byte, 16)) 6 | macpieces[0] = macpieces[0] ^ 2 7 | llapieces = [(macpieces[0] << 8) + macpieces[1], (macpieces[2] << 8) + 0xff, 0xfe00 + macpieces[3], (macpieces[4] << 8) + macpieces[5]] 8 | return 'fe80::{:x}:{:x}:{:x}:{:x}'.format(*llapieces) 9 | 10 | if __name__ == '__main__': 11 | import sys 12 | print(mac_to_lladdr(sys.argv[1])) 13 | -------------------------------------------------------------------------------- /misc/mofed/install_mofed: -------------------------------------------------------------------------------- 1 | # To use this script, rename or copy the mofed image to either ofed.tgz or ofed.iso 2 | # and modify the script below if wanting to use the iso instead of tgz 3 | 4 | # It checks for mellanox devices and opts not to install, so this script could be added 5 | # to a general profile without causing mofed to install on non-mellanox systems 6 | . /etc/confluent/functions 7 | if lspci -d 15b3:: -n |grep 15b3 > /dev/null; then 8 | # Uncomment the following three lines and comment out the next 9 | # two lines to use the .iso instead of the tgz packaging 10 | #fetch_remote ofed/ofed.iso 11 | #mkdir MLNX_OFED 12 | #mount -o loop ofed.iso MLNX_OFED 13 | fetch_remote mofed/mofed.tgz 14 | tar xf mofed.tgz 15 | # The rest is common between tar and iso 16 | cd MLNX_OFED* 17 | mount -o loop ofed 18 | ./mlnxofedinstall --force 19 | fi 20 | -------------------------------------------------------------------------------- /misc/prepadopt.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | TARGNODE=$1 3 | TARGPROF=$2 4 | TMPDIR=$(mktemp -d) 5 | cd $TMPDIR 6 | DEPLOYSRV=$(echo $SSH_CLIENT|awk '{print $1}') 7 | UDEPLOYSRV=$DEPLOYSRV 8 | if [[ "$DEPLOYSRV" = *":"* ]]; then 9 | UDEPLOYSRV="[$DEPLOYSRV]" 10 | fi 11 | update-ca-trust 12 | mkdir -p /etc/confluent 13 | curl -sg https://$UDEPLOYSRV/confluent-public/os/$TARGPROF/boot/initramfs/addons.cpio > addons.cpio 14 | curl -sg https://$UDEPLOYSRV/confluent-public/os/$TARGPROF/scripts/functions > /etc/confluent/functions 15 | cpio -dumi < addons.cpio 16 | systemctl status firewalld >& /dev/null && FWACTIVE=1 17 | if [ "$FWACTIVE" == 1 ]; then systemctl stop firewalld; fi 18 | opt/confluent/bin/copernicus > /etc/confluent/confluent.info 19 | opt/confluent/bin/clortho $TARGNODE $DEPLOYSRV > /etc/confluent/confluent.apikey 20 | if [ "$FWACTIVE" == 1 ]; then systemctl start firewalld; fi 21 | cp opt/confluent/bin/apiclient /opt/confluent/bin 22 | curl -sg -H "CONFLUENT_APIKEY: $(cat /etc/confluent/confluent.apikey)" -H "CONFLUENT_NODENAME: $TARGNODE" https://$UDEPLOYSRV/confluent-api/self/deploycfg2 > /etc/confluent/confluent.deploycfg 23 | # python3 /opt/confluent/bin/apiclient /confluent-api/self/deploycfg2 > /etc/confluent/confluent.deploycfg 24 | cd - 25 | echo rm -rf $TMPDIR 26 | -------------------------------------------------------------------------------- /misc/setinitalpwd.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python2 2 | import pyghmi.util.webclient as webclient 3 | import json 4 | import os 5 | import sys 6 | 7 | missingargs = False 8 | if 'XCCPASS' not in os.environ: 9 | print('Must set XCCPASS environment variable') 10 | missingargs = True 11 | if missingargs: 12 | sys.exit(1) 13 | 14 | w = webclient.SecureHTTPConnection(sys.argv[1], 443, verifycallback=lambda x: True) 15 | w.connect() 16 | adata = json.dumps({'username': 'USERID', 'password': 'PASSW0RD'}) 17 | headers = {'Connection': 'keep-alive', 'Content-Type': 'application/json'} 18 | w.request('POST', '/api/login', adata, headers) 19 | rsp = w.getresponse() 20 | if rsp.status == 200: 21 | rspdata = json.loads(rsp.read()) 22 | w.set_header('Content-Type', 'application/json') 23 | w.set_header('Authorization', 'Bearer ' + rspdata['access_token']) 24 | if '_csrf_token' in w.cookies: 25 | w.set_header('X-XSRF-TOKEN', w.cookies['_csrf_token']) 26 | if rspdata.get('pwchg_required', False): 27 | print(repr(w.grab_json_response('/api/function', {'USER_UserPassChange': os.environ['XCCPASS']}))) 28 | print(repr(w.grab_json_response('/api/dataset', { 29 | 'USER_GlobalPassExpWarningPeriod': '0', 30 | 'USER_GlobalPassExpPeriod': '0', 31 | 'USER_GlobalMinPassReuseCycle': '0', 32 | 'USER_GlobalMinPassReuseCycle': '0', 33 | 'USER_GlobalMinPassChgInt': '0', 34 | }))) 35 | #print(repr(w.grab_json_response('/api/function', {'USER_UserPassChange': '1,' + os.environ['XCCPASS']}))) 36 | 37 | -------------------------------------------------------------------------------- /misc/setupssh.sh: -------------------------------------------------------------------------------- 1 | [ -f /lib/confluent/functions ] && . /lib/confluent/functions 2 | [ -f /etc/confluent/functions ] && . /etc/confluent/functions 3 | [ -f /opt/confluent/bin/apiclient ] && confapiclient=/opt/confluent/bin/apiclient 4 | [ -f /etc/confluent/apiclient ] && confapiclient=/etc/confluent/apiclient 5 | for pubkey in /etc/ssh/ssh_host*key.pub; do 6 | certfile=${pubkey/.pub/-cert.pub} 7 | rm $certfile 8 | confluentpython $confapiclient /confluent-api/self/sshcert $pubkey -o $certfile 9 | done 10 | TMPDIR=$(mktemp -d) 11 | cd $TMPDIR 12 | confluentpython $confapiclient /confluent-public/site/initramfs.tgz -o initramfs.tgz 13 | tar xf initramfs.tgz 14 | for ca in ssh/*.ca; do 15 | LINE=$(cat $ca) 16 | cp -af /etc/ssh/ssh_known_hosts /etc/ssh/ssh_known_hosts.new 17 | grep -v "$LINE" /etc/ssh/ssh_known_hosts > /etc/ssh/ssh_known_hosts.new 18 | echo '@cert-authority *' $LINE >> /etc/ssh/ssh_known_hosts.new 19 | mv /etc/ssh/ssh_known_hosts.new /etc/ssh/ssh_known_hosts 20 | done 21 | for pubkey in ssh/*.*pubkey; do 22 | LINE=$(cat $pubkey) 23 | cp -af /root/.ssh/authorized_keys /root/.ssh/authorized_keys.new 24 | grep -v "$LINE" /root/.ssh/authorized_keys > /root/.ssh/authorized_keys.new 25 | echo "$LINE" >> /root/.ssh/authorized_keys.new 26 | mv /root/.ssh/authorized_keys.new /root/.ssh/authorized_keys 27 | done 28 | confluentpython $confapiclient /confluent-api/self/nodelist | sed -e 's/^- //' > /etc/ssh/shosts.equiv 29 | cat /etc/ssh/shosts.equiv > /root/.shosts 30 | cd - 31 | rm -rf $TMPDIR 32 | -------------------------------------------------------------------------------- /misc/snakeidentify.py: -------------------------------------------------------------------------------- 1 | import argparse 2 | import confluent.client as cli 3 | import sys 4 | import time 5 | c = cli.Command() 6 | nodes = [] 7 | ap = argparse.ArgumentParser(description='Snake identify light through nodes') 8 | ap.add_argument('noderange', help='Noderange to iterate through') 9 | ap.add_argument('-d', '--duration', type=float, help='How long to have each system illuminated') 10 | args = ap.parse_args() 11 | 12 | def runit(itera): 13 | for rsp in itera: 14 | if 'error' in rsp: 15 | sys.stderr.write('{0}\n'.format(repr(rsp))) 16 | 17 | for ret in c.read('/noderange/{0}/nodes/'.format(args.noderange)): 18 | node = ret.get('item', {}).get('href', None) 19 | if node: 20 | node = node.replace('/', '') 21 | nodes.append(node) 22 | else: 23 | print(repr(ret)) 24 | if not nodes: 25 | sys.exit(1) 26 | lastnode = None 27 | interval = args.duration 28 | if interval: 29 | interval = interval / 2 30 | else: 31 | interval = 0.25 32 | while True: 33 | for node in nodes: 34 | print('Lighting {0}'.format(node)) 35 | runit(c.update('/nodes/{0}/identify'.format(node), {'identify': 'on'})) 36 | time.sleep(interval) 37 | if lastnode: 38 | runit(c.update('/nodes/{0}/identify'.format(lastnode), {'identify': 'off'})) 39 | lastnode = node 40 | time.sleep(interval) 41 | 42 | -------------------------------------------------------------------------------- /misc/ssdpscan.py: -------------------------------------------------------------------------------- 1 | 2 | from select import select 3 | import socket 4 | import sys 5 | import socket 6 | 7 | def scan_nicname(nicname): 8 | idx = int(open('/sys/class/net/{}/ifindex'.format(nicname)).read()) 9 | return scan_nic(idx) 10 | 11 | def scan_nic(nicidx): 12 | known_peers = {} 13 | srvs = {} 14 | s6 = socket.socket(socket.AF_INET6, socket.SOCK_DGRAM) 15 | s6.setsockopt(socket.IPPROTO_IPV6, socket.IPV6_V6ONLY, 1) 16 | s6.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEPORT, 1) 17 | s6.bind(('::', 0)) 18 | msg = b'M-SEARCH * HTTP/1.1\r\nHOST: [ff02::c]:1900\r\nMAN: "ssdp:discover"\r\nST: urn:dmtf-org:service:redfish-rest:1\r\nMX: 3\r\n\r\n' 19 | s6.setsockopt(socket.IPPROTO_IPV6, socket.IPV6_MULTICAST_IF, nicidx) 20 | x = [False,] 21 | tries=5 22 | s6.sendto(msg, ('ff02::c', 1900)) 23 | x = select((s6,), (), (), 3.0) 24 | while x[0]: 25 | (rsp, peer) = s6.recvfrom(9000) 26 | x = select((s6,), (), (), 0.5) 27 | if peer in known_peers: 28 | continue 29 | known_peers[peer] = 1 30 | if '%' not in peer[0]: 31 | peer = list(peer) 32 | peer[0] = '{}%{}'.format(peer[0], nicidx) 33 | print("Received Redfish response from {}".format(peer[0])) 34 | 35 | 36 | 37 | def main(): 38 | scan_nicname(sys.argv[1]) 39 | 40 | 41 | if __name__ == '__main__': 42 | main() 43 | -------------------------------------------------------------------------------- /misc/swraid: -------------------------------------------------------------------------------- 1 | DEVICES="/dev/sda /dev/sdb" 2 | RAIDLEVEL=1 3 | mdadm --detail /dev/md*|grep 'Version : 1.0' >& /dev/null || ( 4 | lvm vgchange -a n 5 | mdadm -S -s 6 | NUMDEVS=$(for dev in $DEVICES; do 7 | echo wipefs -a $dev 8 | done|wc -l) 9 | for dev in $DEVICES; do 10 | wipefs -a $dev 11 | done 12 | # must use older metadata format to leave disks looking normal for uefi 13 | mdadm -C /dev/md/raid $DEVICES -n $NUMDEVS -e 1.0 -l $RAIDLEVEL 14 | # shut and restart array to prime things for anaconda 15 | mdadm -S -s 16 | mdadm --assemble --scan 17 | ) 18 | readlink /dev/md/raid|sed -e 's/.*\///' > /tmp/installdisk 19 | 20 | -------------------------------------------------------------------------------- /misc/tpmnotes: -------------------------------------------------------------------------------- 1 | TPM 2 DA (Dictionary Attack) protection triggers on 'unclean' reboots. 2 | 3 | If it has been tripped already: 4 | echo 5 > /sys/class/tpm/tpm0/ppi/request 5 | 6 | Then reboot to resume normal operation 7 | 8 | To configure DA: 9 | tpm2_dictionarylockout --setup-parameters --max-tries=4294967295 --clear-lockout 10 | 11 | Further, TPMA_OBJECT_NODA attribute may be useful, see https://github.com/systemd/systemd/issues/20668 12 | -------------------------------------------------------------------------------- /misc/vroc: -------------------------------------------------------------------------------- 1 | DEVICES="/dev/sda /dev/sdb" 2 | RAIDLEVEL=1 3 | mdadm --detail /dev/md* | grep imsm >& /dev/null && exit 0 4 | lvm vgchange -a n 5 | mdadm -S -s 6 | NUMDEVS=$(for dev in $DEVICES; do 7 | echo wipefs -a $dev 8 | done|wc -l) 9 | for dev in $DEVICES; do 10 | wipefs -a $dev 11 | done 12 | mdadm -C /dev/md/imsm0 $DEVICES -n $NUMDEVS -e imsm 13 | mdadm -C /dev/md/md0_0 /dev/md/imsm0 -n $NUMDEVS -l $RAIDLEVEL 14 | mdadm -S -s 15 | mdadm --assemble --scan 16 | -------------------------------------------------------------------------------- /misc/xcatstateless/initramfs/usr/lib/dracut/hooks/cmdline/01-confluent.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | mkdir -p /etc/pki/tls/certs 3 | echo -n "" >> /tmp/net.ifaces 4 | cat /tls/*.0 >> /etc/pki/tls/certs/ca-bundle.crt 5 | if ! grep console= /proc/cmdline >& /dev/null; then 6 | autocons=$(/opt/confluent/bin/autocons) 7 | if [ -n "$autocons" ]; then 8 | echo console=$autocons |sed -e 's!/dev/!!' >> /tmp/01-autocons.conf 9 | autocons=${autocons%,*} 10 | echo $autocons > /tmp/01-autocons.devnode 11 | echo "Detected firmware specified console at $(cat /tmp/01-autocons.conf)" > $autocons 12 | echo "Modify profile.yaml and run updateboot to have nodeconsole work by adding console=$(cat /tmp/01-autocons.conf)" > $autocons 13 | fi 14 | fi 15 | if grep console=ttyS /proc/cmdline >& /dev/null; then 16 | echo "Serial console has been requested in the kernel arguments, the local video may not show progress" > /dev/tty1 17 | fi 18 | 19 | -------------------------------------------------------------------------------- /misc/xcatstateless/scripts/earlyboot.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | mgr=$(grep ^deploy_server: /etc/confluent/confluent.deploycfg|awk '{print $2}') 4 | profile=$(grep ^profile: /etc/confluent/confluent.deploycfg|awk '{print $2}') 5 | nodename=$(grep ^NODENAME: /etc/confluent/confluent.info|awk '{print $2}') 6 | export mgr profile nodename 7 | curl -sSf https://$mgr/confluent-public/os/$profile/scripts/functions > /tmp/functions 8 | . /tmp/functions 9 | 10 | run_remote setupssh.sh 11 | 12 | -------------------------------------------------------------------------------- /misc/xcatstateless/scripts/functions: -------------------------------------------------------------------------------- 1 | run_remote() { 2 | requestedcmd="'$*'" 3 | echo 4 | echo '---------------------------------------------------------------------------' 5 | echo Running $requestedcmd from https://$mgr/confluent-public/os/$profile/scripts/ 6 | tmpdir=$(mktemp -d) 7 | echo Executing in $tmpdir 8 | cd $tmpdir 9 | curl -f -sS https://$mgr/confluent-public/os/$profile/scripts/$1 > $1 10 | if [ $? != 0 ]; then echo $requestedcmd failed to download; return 1; fi 11 | chmod +x $1 12 | cmd=$1 13 | if [ -x /usr/bin/chcon ]; then 14 | chcon system_u:object_r:bin_t:s0 $cmd >& /dev/null 15 | fi 16 | shift 17 | ./$cmd $* 18 | retcode=$? 19 | echo "$requestedcmd exited with code $retcode" 20 | cd - > /dev/null 21 | return $retcode 22 | } 23 | 24 | run_remote_python() { 25 | echo 26 | echo '---------------------------------------------------------------------------' 27 | echo Running python script "'$*'" from https://$mgr/confluent-public/os/$profile/scripts/ 28 | tmpdir=$(mktemp -d) 29 | echo Executing in $tmpdir 30 | cd $tmpdir 31 | curl -f -sS https://$mgr/confluent-public/os/$profile/scripts/$1 > $1 32 | if [ $? != 0 ]; then echo "'$*'" failed to download; return 1; fi 33 | /usr/libexec/platform-python $* 34 | retcode=$? 35 | echo "'$*' exited with code $retcode" 36 | cd - > /dev/null 37 | return $retcode 38 | } 39 | -------------------------------------------------------------------------------- /misc/xcatstateless/scripts/setupssh.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | rm /etc/ssh/*host*key* >& /dev/null 4 | ssh-keygen -A 5 | /usr/libexec/platform-python /etc/confluent/apiclient >& /dev/null 6 | for pubkey in /etc/ssh/ssh_host*key.pub; do 7 | certfile=${pubkey/.pub/-cert.pub} 8 | /usr/libexec/platform-python /etc/confluent/apiclient /confluent-api/self/sshcert $pubkey > $certfile 9 | echo HostCertificate $certfile >> /etc/ssh/sshd_config 10 | done 11 | 12 | echo HostbasedAuthentication yes >> /etc/ssh/sshd_config 13 | echo HostbasedUsesNameFromPacketOnly yes >> /etc/ssh/sshd_config 14 | echo IgnoreRhosts no >> /etc/ssh/sshd_config 15 | if [ -d /etc/ssh/ssh_config.d/ ]; then 16 | sshconf=/etc/ssh/ssh_config.d/01-confluent.conf 17 | fi 18 | echo 'Host *' >> $sshconf 19 | echo ' HostbasedAuthentication yes' >> $sshconf 20 | echo ' EnableSSHKeysign yes' >> $sshconf 21 | echo ' HostbasedKeyTypes *ed25519*' >> $sshconf 22 | 23 | curl -Ssf -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $(cat /etc/confluent/confluent.apikey)" https://$mgr/confluent-api/self/nodelist > /tmp/allnodes 24 | cp /tmp/allnodes /etc/ssh/shosts.equiv 25 | cp /tmp/allnodes /root/.shosts 26 | rm /tmp/allnodes 27 | 28 | --------------------------------------------------------------------------------