stx-metal: add kickstart fixes for poky-stx

[pti/rtp.git] / meta-stx / conf / distro / files / ks / poky_stx_aio_ks.cfg

%pre
# This file defines functions that can be used in %pre and %post kickstart sections, by including:
# . /tmp/ks-functions.sh
#

cat <<END_FUNCTIONS >/tmp/ks-functions.sh
#
# Copyright (c) 2019 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#

function get_by_path()
{
    local disk=\$(cd /dev ; readlink -f \$1)
    for p in /dev/disk/by-path/*; do
        if [ "\$disk" = "\$(readlink -f \$p)" ]; then
            echo \$p
            return
        fi
    done
}

function get_disk()
{
    echo \$(cd /dev ; readlink -f \$1)
}

function report_pre_failure_with_msg()
{
    local msg=\$1
    echo -e '\n\nInstallation failed.\n'
    echo "\$msg"

    exit 1
}

function report_post_failure_with_msg()
{
    local msg=\$1
    cat <<EOF >> /etc/motd

Installation failed.
\$msg

EOF
    echo "\$msg" >/etc/platform/installation_failed

    echo -e '\n\nInstallation failed.\n'
    echo "\$msg"

    exit 1
}

function report_post_failure_with_logfile()
{
    local logfile=\$1
    cat <<EOF >> /etc/motd

Installation failed.
Please see \$logfile for details of failure

EOF
    echo \$logfile >/etc/platform/installation_failed

    echo -e '\n\nInstallation failed.\n'
    cat \$logfile

    exit 1
}

function get_http_port()
{
    echo \$(cat /proc/cmdline |xargs -n1 echo |grep '^inst.repo=' | sed -r 's#^[^/]*://[^/]*:([0-9]*)/.*#\1#')
}

END_FUNCTIONS

%end

%post
# This file defines functions that can be used in %pre and %post kickstart sections, by including:
# . /tmp/ks-functions.sh
#

cat <<END_FUNCTIONS >/tmp/ks-functions.sh
#
# Copyright (c) 2019 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#

function get_by_path()
{
    local disk=\$(cd /dev ; readlink -f \$1)
    for p in /dev/disk/by-path/*; do
        if [ "\$disk" = "\$(readlink -f \$p)" ]; then
            echo \$p
            return
        fi
    done
}

function get_disk()
{
    echo \$(cd /dev ; readlink -f \$1)
}

function report_pre_failure_with_msg()
{
    local msg=\$1
    echo -e '\n\nInstallation failed.\n'
    echo "\$msg"

    exit 1
}

function report_post_failure_with_msg()
{
    local msg=\$1
    cat <<EOF >> /etc/motd

Installation failed.
\$msg

EOF
    echo "\$msg" >/etc/platform/installation_failed

    echo -e '\n\nInstallation failed.\n'
    echo "\$msg"

    exit 1
}

function report_post_failure_with_logfile()
{
    local logfile=\$1
    cat <<EOF >> /etc/motd

Installation failed.
Please see \$logfile for details of failure

EOF
    echo \$logfile >/etc/platform/installation_failed

    echo -e '\n\nInstallation failed.\n'
    cat \$logfile

    exit 1
}

function get_http_port()
{
    echo \$(cat /proc/cmdline |xargs -n1 echo |grep '^inst.repo=' | sed -r 's#^[^/]*://[^/]*:([0-9]*)/.*#\1#')
}

END_FUNCTIONS

%end

# Template from: pre_common_head.cfg
%pre --erroronfail

# Source common functions
. /tmp/ks-functions.sh

# First, parse /proc/cmdline to find the boot args
set -- `cat /proc/cmdline`
for I in $*; do case "$I" in *=*) eval $I 2>/dev/null;; esac; done

append=
if [ -n "$console" ] ; then
    append="console=$console"
fi

if [ -n "$security_profile" ]; then
    append="$append security_profile=$security_profile"
fi

#### SECURITY PROFILE HANDLING (Pre Installation) ####
if [ -n "$security_profile" ] && [ "$security_profile" == "extended" ]; then
    # IMA specific boot options:
    # Enable Kernel auditing
    append="$append audit=1"
else
    # we need to blacklist the IMA and Integrity Modules
    # on standard security profile
    append="$append module_blacklist=integrity,ima"
    
    # Disable Kernel auditing in Standard Security Profile mode
    append="$append audit=0"
fi

if [ -n "$tboot" ]; then
    append="$append tboot=$tboot"
else
    append="$append tboot=false"
fi

boot_device_arg=
if [ -n "$boot_device" ] ; then
    boot_device_arg="--boot-drive=$(get_by_path $boot_device)"
fi

echo "bootloader --location=mbr $boot_device_arg --timeout=5 --append=\"$append\"" > /tmp/bootloader-include

echo "timezone --nontp --utc UTC" >/tmp/timezone-include
%end

##############################################################
# pre script for poky-stx
##############################################################
%pre
mkdir -p /run/install/repo
cp installer-config/* /run/install/repo/
rm -f /run/install/repo/Packages
ln -sf /Packages /run/install/repo/Packages
%end

##############################################################
# Main kickstart
##############################################################
#version=DEVEL
install
lang en_US.UTF-8
keyboard us

# System timezone
%include /tmp/timezone-include

# Root password
rootpw --iscrypted $6$ArDcm/wSNLJLT2OP$QdWX6kMUgBVsiibukLBLtLfRDVz0n49BQ1svT7hPEQJASvKnqkEL5zc5kqUMMzXzLrj80z6YX9DmYTD0Ysxn.1

selinux --disabled
authconfig --enableshadow --passalgo=sha512
firewall --service=ssh

# Use text mode install
text

# Use CDROM installation media
cdrom

# Run the Setup Agent on first boot
firstboot --enable

# System services
services --enabled="lvm2-monitor.service"

# Do not configure the X Window System
skipx

# The following is the partition information you requested
# Note that any partitions you deleted are not expressed
# here so unless you clear all partitions first, this is
# not guaranteed to work
zerombr

# Disk layout from %pre
%include /tmp/part-include

# Bootloader parms from %pre
%include /tmp/bootloader-include

#reboot --eject

%packages
#@^stx-image-aio
%end

################################################################
# End of Main
################################################################

# Template from: pre_disk_setup_common.cfg
%pre --erroronfail

# Source common functions
. /tmp/ks-functions.sh

# This is a really fancy way of finding the first usable disk for the
# install and not stomping on the USB device if it comes up first

# First, parse /proc/cmdline to find the boot args
set -- `cat /proc/cmdline`
for I in $*; do case "$I" in *=*) eval $I 2>/dev/null;; esac; done

# Find either the ISO or USB device first chopping off partition
ISO_DEV=`readlink /dev/disk/by-label/oe_iso_boot`
sdev=`echo $ISO_DEV | sed -e 's/.$//'`
if [ -e /dev/disk/by-label/$sdev ] ; then
    ISO_DEV=$sdev
fi
USB_DEV=`readlink /dev/disk/by-label/wr_usb_boot`
sdev=`echo $USB_DEV | sed -e 's/.$//'`
if [ -e /dev/disk/by-label/$sdev ] ; then
    USB_DEV=$sdev
fi

# Temporary, until lab pxelinux.cfg files are updated to specify install devices
if [ -z "$rootfs_device" -o -z "$boot_device" ]
then
    INST_HDD=""
    # Prefer a vd* device if this is kvm/qemu
    for e in vda vdb sda sdb nvme0n1; do
        if [ -e /dev/$e -a "$ISO_DEV" != "../../$e" -a "$USB_DEV" != "../../$e" ] ; then
            INST_HDD=$e
            break
        fi
    done

    # Set variables to $INST_HDD if not set
    rootfs_device=${rootfs_device:-$INST_HDD}
    boot_device=${boot_device:-$INST_HDD}
fi

# Convert to by-path
orig_rootfs_device=$rootfs_device
rootfs_device=$(get_by_path $rootfs_device)

orig_boot_device=$boot_device
boot_device=$(get_by_path $boot_device)

if [ ! -e "$rootfs_device" -o ! -e "$boot_device" ] ; then
    # Touch this file to prevent Anaconda from dying an ungraceful death
    touch /tmp/part-include

    report_pre_failure_with_msg "ERROR: Specified installation ($orig_rootfs_device) or boot ($orig_boot_device) device is invalid."
fi

# Ensure specified device is not a USB drive
udevadm info --query=property --name=$rootfs_device |grep -q '^ID_BUS=usb' || \
    udevadm info --query=property --name=$boot_device |grep -q '^ID_BUS=usb'
if [ $? -eq 0 ]; then
    # Touch this file to prevent Anaconda from dying an ungraceful death
    touch /tmp/part-include

    report_pre_failure_with_msg "ERROR: Specified installation ($orig_rootfs_device) or boot ($orig_boot_device) device is a USB drive."
fi

# Deactivate existing volume groups to avoid Anaconda issues with pre-existing groups
vgs --noheadings -o vg_name | xargs --no-run-if-empty -n 1 vgchange -an

# Remove volumes and group for cgts-vg, if any
lvremove --force cgts-vg
pvs --select 'vg_name=cgts-vg' --noheadings -o pv_name | xargs --no-run-if-empty pvremove --force --force --yes
vgs --select 'vg_name=cgts-vg' --noheadings -o vg_name | xargs --no-run-if-empty vgremove --force

ONLYUSE_HDD=""
if [ "$(curl -sf http://pxecontroller:6385/v1/upgrade/$(hostname)/in_upgrade 2>/dev/null)" = "true" ]; then
    # In an upgrade, only wipe the disk with the rootfs and boot partition
    echo "In upgrade, wiping only $rootfs_device"
    WIPE_HDD="$(get_disk $rootfs_device)"
    ONLYUSE_HDD="$(basename $(get_disk $rootfs_device))"
    if [ "$(get_disk $rootfs_device)" != "$(get_disk $boot_device)" ]; then
        WIPE_HDD="$WIPE_HDD,$(get_disk $boot_device)"
        ONLYUSE_HDD="$ONLYUSE_HDD,$(basename $(get_disk $boot_device))"
    fi
else
    # Make a list of all the hard drives that are to be wiped
    WIPE_HDD=""
    # Partition type OSD has a unique globally identifier
    part_type_guid_str="Partition GUID code"
    CEPH_OSD_GUID="4FBD7E29-9D25-41B8-AFD0-062C0CEFF05D"

    # Check if we wipe OSDs
    if [ "$(curl -sf http://pxecontroller:6385/v1/ihosts/wipe_osds 2>/dev/null)" = "true" ]; then
        echo "Wipe OSD data."
        WIPE_CEPH_OSDS="true"
    else
        echo "Skip Ceph OSD data wipe."
        WIPE_CEPH_OSDS="false"
    fi

    for f in /dev/disk/by-path/*
    do
        dev=$(readlink -f $f)
        lsblk --nodeps --pairs $dev | grep -q 'TYPE="disk"'
        if [ $? -ne 0 ]
        then
            continue
        fi

        # Avoid wiping USB drives
        udevadm info --query=property --name=$dev |grep -q '^ID_BUS=usb' && continue

        # Avoid wiping ceph osds if sysinv tells us so
        if [ ${WIPE_CEPH_OSDS} == "false" ]; then
            wipe_dev="true"
            part_numbers=( `parted -s $dev print | awk '$1 == "Number" {i=1; next}; i {print $1}'` )
            # Scanning the partitions looking for CEPH OSDs and
            # skipping any disk found with such partitions
            for part_number in "${part_numbers[@]}"; do
                sgdisk_part_info=$(flock $dev sgdisk -i $part_number $dev)
                part_type_guid=$(echo "$sgdisk_part_info" | grep "$part_type_guid_str" | awk '{print $4;}')
                if [ "$part_type_guid" == $CEPH_OSD_GUID ]; then
                    echo "OSD found on $dev, skipping wipe"
                    wipe_dev="false"
                    break
                fi
            done
            if [ "$wipe_dev" == "false" ]; then
                continue
            fi
        fi

        # Add device to the wipe list
        devname=$(basename $dev)
        if [ -e $dev -a "$ISO_DEV" != "../../$devname" -a "$USB_DEV" != "../../$devname" ]; then
            if [ -n "$WIPE_HDD" ]; then
                WIPE_HDD=$WIPE_HDD,$dev
            else
                WIPE_HDD=$dev
            fi
        fi
    done
    echo "Not in upgrade, wiping disks: $WIPE_HDD"
fi

for dev in ${WIPE_HDD//,/ }
do
    # Clearing previous GPT tables or LVM data
    # Delete the first few bytes at the start and end of the partition. This is required with
    # GPT partitions, they save partition info at the start and the end of the block.
    # Do this for each partition on the disk, as well.
    partitions=$(lsblk -rip $dev -o TYPE,NAME |awk '$1 == "part" {print $2}')
    for p in $partitions $dev
    do
        echo "Pre-wiping $p from kickstart"
        dd if=/dev/zero of=$p bs=512 count=34
        dd if=/dev/zero of=$p bs=512 count=34 seek=$((`blockdev --getsz $p` - 34))
    done
done

# Check for remaining cgts-vg PVs, which could potentially happen
# in an upgrade where we're not wiping all disks.
# If we ever create other volume groups from kickstart in the future,
# include them in this search as well.
partitions=$(pvs --select 'vg_name=cgts-vg' -o pv_name --noheading | grep -v '\[unknown\]')
for p in $partitions
do
    echo "Pre-wiping $p from kickstart (cgts-vg present)"
    dd if=/dev/zero of=$p bs=512 count=34
    dd if=/dev/zero of=$p bs=512 count=34 seek=$((`blockdev --getsz $p` - 34))
done

let -i gb=1024*1024*1024

cat<<EOF>/tmp/part-include
clearpart --all --drives=$WIPE_HDD --initlabel
EOF

if [ -n "$ONLYUSE_HDD" ]; then
    cat<<EOF>>/tmp/part-include
ignoredisk --only-use=$ONLYUSE_HDD
EOF
fi

if [ -d /sys/firmware/efi ] ; then
    cat<<EOF>>/tmp/part-include
part /boot/efi --fstype=efi --size=300 --ondrive=$(get_disk $boot_device)
EOF
else
    cat<<EOF>>/tmp/part-include
part biosboot --asprimary --fstype=biosboot --size=1 --ondrive=$(get_disk $boot_device)
EOF
fi


# Template from: pre_disk_aio.cfg

## NOTE: updates to partition sizes need to be also reflected in
##  - stx-config/.../sysinv/conductor/manager.py:create_controller_filesystems()
##  - stx-config/.../sysinv/common/constants.py
##
## NOTE: When adding partitions, we currently have a max of 4 primary partitions.
##       If more than 4 partitions are required, we can use a max of 3 --asprimary,
##       to allow 1 primary logical partition with extended partitions
##
## NOTE: Max default PV size must align with the default controllerfs sizes
##
## BACKUP_OVERHEAD = 20
##
## Physical install (for disks over 240GB)
##  - DB size is doubled to allow for upgrades
##
## DEFAULT_IMAGE_STOR_SIZE = 10
## DEFAULT_DATABASE_STOR_SIZE = 20
## DEFAULT_IMG_CONVERSION_STOR_SIZE = 20
## BACKUP = DEFAULT_DATABASE_STOR_SIZE + DEFAULT_IMAGE_STOR_SIZE
##                                     + BACKUP_OVERHEAD = 50
## LOG_VOL_SIZE = 8192
## SCRATCH_VOL_SIZE = 8192
## RABBIT = 2048
## PLATFORM = 2048
## ANCHOR = 1024
## EXTENSION = 1024
## GNOCCHI = 5120
## DOCKER = 30720
## DOCKER_DIST = 16384
## ETCD = 5120
## CEPH_MON = 20480
## KUBELET_VOL_SIZE = 10240
## RESERVED_PE = 16 (based on pesize=32768)
##
## CGCS_PV_SIZE = 10240 + 2*20480 + 20480 + 51200 + 8196 + 8196 + 2048 +
##                2048 + 1024 + 1024 + 5120 + 30720 + 16384 + 5120 +
##                20480 + 10240 + 16 = 233496
##
## small install - (for disks below 240GB)
##  - DB size is doubled to allow for upgrades
##
## DEFAULT_SMALL_IMAGE_STOR_SIZE = 10
## DEFAULT_SMALL_DATABASE_STOR_SIZE = 10
## DEFAULT_SMALL_IMG_CONVERSION_STOR_SIZE = 10
## DEFAULT_SMALL_BACKUP_STOR_SIZE = 40
##
## LOG_VOL_SIZE = 8192
## SCRATCH_VOL_SIZE = 8192
## RABBIT = 2048
## PLATFORM = 2048
## ANCHOR = 1024
## EXTENSION = 1024
## GNOCCHI = 5120
## DOCKER = 30720
## DOCKER_DIST = 16384
## ETCD = 5120
## CEPH_MON = 20480
## KUBELET_VOL_SIZE = 10240
## RESERVED_PE = 16 (based on pesize=32768)
##
##
## CGCS_PV_SIZE = 10240 + 2*10240 + 10240 + 40960 + 8192 + 8192 + 2048 +
##                2048 + 1024 + 1024 + 5120 + 30720 + 16384 + 5120 +
##                20480 + 10240 + 16 = 192528
##
## NOTE: To maintain upgrade compatability within the volume group, keep the
## undersized LOG_VOL_SIZE and SCRATCH_VOL_SIZE, but size the minimally size
## physical volume correctly.
##
##  R4 AIO installations:
##  - R4 (case #1): /boot (0.5G), / (20G),
##                  cgts-vg PV (239G), /local_pv (239G)
##  - R4 (case #2): /boot (0.5G), / (20G),
##                  cgts-vg PV (239G), cgts-vg (239G)
##
##  Upgrade migration will start with R5 install and create a partition to align
##  above so filesystems within the volume group will be able to maintain their
##  sizes in R5
##    - R5 install  : /boot (0.5G), / (20G),
##                    cgts-vg PV (142G), un-partitioned (336G)
##    - R5 (case #1): /boot (0.5G), / (20G),
##                    cgts-vg PV (142G), cgts-vg PV (97G), unpartitioned (239G)
##    - R5 (case #2): /boot (0.5G), / (20G),
##                    cgts-vg PV (142G), cgts-vg PV (336G)
##

sz=$(blockdev --getsize64 $(get_disk $rootfs_device))
if [ $sz -le $((240*$gb)) ] ; then
    # Round CGCS_PV_SIZE to the closest upper value that can be divided by 1024.
    # 192528/1024=188.01. CGCS_PV_SIZE=189*1024=193536. Using a disk with a
    # size under 189GiB will fail.
    CGCS_PV_SIZE=193536
else
    # Round CGCS_PV_SIZE to the closest upper value that can be divided by 1024.
    # 233496/1024=228.02. CGCS_PV_SIZE=229*1024=234496.
    CGCS_PV_SIZE=234496
fi

ROOTFS_SIZE=20000
LOG_VOL_SIZE=8000
SCRATCH_VOL_SIZE=8000

ROOTFS_OPTIONS="defaults"
profile_mode=`cat /proc/cmdline |xargs -n1 echo |grep security_profile= | grep extended`
if [ -n "$profile_mode" ]; then
   # Enable iversion labelling for rootfs when IMA is enabled
   ROOTFS_OPTIONS="${ROOTFS_OPTIONS},iversion"
fi

cat<<EOF>>/tmp/part-include
part /boot --fstype=ext4 --asprimary --size=500 --ondrive=$(get_disk $rootfs_device) --fsoptions="$ROOTFS_OPTIONS"
part pv.253004 --grow --size=500 --maxsize=$CGCS_PV_SIZE --ondrive=$(get_disk $rootfs_device)
volgroup cgts-vg --pesize=32768 pv.253004
logvol /var/log --fstype=ext4 --vgname=cgts-vg --size=$LOG_VOL_SIZE --name=log-lv
logvol /scratch --fstype=ext4 --vgname=cgts-vg --size=$SCRATCH_VOL_SIZE --name=scratch-lv
part / --fstype=ext4 --asprimary --size=$ROOTFS_SIZE --ondrive=$(get_disk $rootfs_device) --fsoptions="$ROOTFS_OPTIONS"
EOF

%end


# Template from: post_platform_conf_aio.cfg
%post --erroronfail

# Source common functions
. /tmp/ks-functions.sh

# Set the security profile mode
secprofile="standard"
profile_mode=`cat /proc/cmdline |xargs -n1 echo |grep security_profile= | grep extended`
if [ -n "$profile_mode" ]; then
   secprofile="extended"
fi

mkdir -p -m 0775 /etc/platform
cat <<EOF > /etc/platform/platform.conf
nodetype=controller
subfunction=controller,worker
system_type=All-in-one
security_profile=$secprofile
EOF

%end

######################################
# workarounds or fixes for poky-stx
######################################
%post --erroronfail

# Add extra users and groups
SYSADMIN_P="4SuW8cnXFyxsk"
groupadd -f -g 345 sys_protected
useradd -m -g sys_protected -G root -d /home/sysadmin -p ${SYSADMIN_P} -s /bin/sh sysadmin

groupadd -r -g 128 nscd
useradd -M -o -r -d / -s /sbin/nologin -c 'NSCD Daemon' -u 28 -g nscd nscd

useradd -p '' patching
groupadd patching
usermod -a -G patching patching

useradd -p '' nfv
groupadd nfv
usermod -a -G nfv nfv

usermod -a -G sys_protected sysadmin
usermod -a -G sys_protected sysinv
usermod -a -G sys_protected www
usermod -a -G sys_protected nfv
usermod -a -G sys_protected patching
usermod -a -G sys_protected haproxy
usermod -a -G snmpd fm
usermod -P root root

# Extend path variable for sysadmin
echo 'PATH=/sbin:/usr/sbin:$PATH' >> /home/sysadmin/.bashrc
chown sysadmin:sys_protected /home/sysadmin/.bashrc

# Avoid duplicate with systemd-fstab-generator
sed -i "s|\(^.*/dev/root\)|#\1|" /etc/fstab

%end

%post --nochroot
# installer images for pxe-network-installer
mkdir -p /mnt/sysimage/pxeboot/rel-19.12
cp -P /boot/installer-initrd* /mnt/sysimage/pxeboot/rel-19.12/
cp /boot/bzImage /mnt/sysimage/pxeboot/rel-19.12/installer-bzImage_1.0
ln -s installer-bzImage_1.0 /mnt/sysimage/pxeboot/rel-19.12/installer-bzImage

if [ -f /media/realroot/efi.img ]; then
  cp /media/realroot/efi.img /mnt/sysimage/pxeboot/rel-19.12/efiboot.img
fi

%end


# Template from: post_common.cfg
%post --erroronfail

# Source common functions
. /tmp/ks-functions.sh

# Turn off locale support for i18n if is not installed
if [ ! -d /usr/share/i18n ] ; then
   rm -f /etc/sysconfig/i18n
fi
# Unset the hostname
rm /etc/hostname

# If using a serial install make sure to add a getty on the tty1
conarg=`cat /proc/cmdline |xargs -n1 echo |grep console= |grep ttyS`
if [ -n "$conarg" ] ; then
   echo "1:2345:respawn:/sbin/mingetty tty1" >> /etc/inittab
fi

#### SECURITY PROFILE HANDLING (Post Installation) ####
# Check if the Security profile mode is enabled
# and load the appropriate kernel modules
secprofile=`cat /proc/cmdline |xargs -n1 echo |grep security_profile= | grep extended`
if [ -n "$secprofile" ]; then
   echo "In Extended Security profile mode. Loading IMA kernel module"
   systemctl enable auditd.service
   # Add the securityfs mount for the IMA Runtime measurement list
   echo "securityfs     /sys/kernel/security    securityfs    defaults,nodev 0 0" >> /etc/fstab
else
   # Disable audit daemon in the Standard Security Profile
   systemctl disable auditd
fi

. /etc/platform/platform.conf

# Delete the CentOS yum repo files
rm -f /etc/yum.repos.d/CentOS-*

# Create platform yum repo file
mkdir -p /etc/yum.repos.d
cat >/etc/yum.repos.d/platform.repo <<EOF
[platform-base]
name=platform-base
baseurl=http://controller:${http_port:-8080}/feed/rel-19.12
gpgcheck=0
enabled=1

[platform-updates]
name=platform-updates
baseurl=http://controller:${http_port:-8080}/updates/rel-19.12
gpgcheck=0
enabled=1
EOF

# Persist the boot device naming as UDEV rules so that if the network device
# order changes post-install that we will still be able to DHCP from the
# correct interface to reach the active controller.  For most nodes only the
# management/boot interface needs to be persisted but because we require both
# controllers to be identically configured and controller-0 and controller-1
# are installed differently (e.g., controller-0 from USB and controller-1 from
# network) it is not possible to know which interface to persist for
# controller-0.  The simplest solution is to persist all interfaces.
#
mkdir -p /etc/udev/rules.d
echo "# Persisted network interfaces from anaconda installer" > /etc/udev/rules.d/70-persistent-net.rules
for dir in /sys/class/net/*; do
    if [ -e ${dir}/device ]; then
       dev=$(basename ${dir})
       mac_address=$(cat /sys/class/net/${dev}/address)
       echo "ACTION==\"add\", SUBSYSTEM==\"net\", DRIVERS==\"?*\", ATTR{address}==\"${mac_address}\", NAME=\"${dev}\"" >> /etc/udev/rules.d/70-persistent-net.rules
    fi
done

# Mark the sysadmin password as expired immediately
chage -d 0 sysadmin

# Lock the root password
#passwd -l root

# Enable tmpfs mount for /tmp
# delete /var/tmp so that it can similinked in
rm -rf /var/tmp
systemctl enable tmp.mount

# Disable firewall
systemctl disable firewalld

# Disable libvirtd
systemctl disable libvirtd.service

# Enable rsyncd
systemctl enable rsyncd.service

# Allow root to run sudo from a non-tty (for scripts running as root that run sudo cmds)
echo 'Defaults:root !requiretty' > /etc/sudoers.d/root

# Make fstab just root read/writable
chmod 600 /etc/fstab

# Create first_boot flag
touch /etc/platform/.first_boot

%end

# Template from: post_kernel_aio_and_worker.cfg
%post --erroronfail

# Source common functions
. /tmp/ks-functions.sh

# Source the generated platform.conf
. /etc/platform/platform.conf

# Update grub with custom kernel bootargs
source /etc/init.d/cpumap_functions.sh
n_cpus=$(cat /proc/cpuinfo 2>/dev/null | \
  awk '/^[pP]rocessor/ { n +=1 } END { print (n>0) ? n : 1}')
n_numa=$(ls -d /sys/devices/system/node/node* 2>/dev/null | wc -l)
KERN_OPTS=" iommu=pt usbcore.autosuspend=-1"

KERN_OPTS="${KERN_OPTS} hugepagesz=2M hugepages=0 default_hugepagesz=2M"

# If this is an all-in-one system, we need at least 4 CPUs
if [ "$system_type" = "All-in-one" -a ${n_cpus} -lt 4 ]; then
    report_post_failure_with_msg "ERROR: At least 4 CPUs are required for controller+worker node."
fi

# Add kernel options for cpu isolation / affinity
if [ ${n_cpus} -gt 1 ]
then
  base_cpulist=$(platform_expanded_cpu_list)
  base_cpumap=$(cpulist_to_cpumap ${base_cpulist} ${n_cpus})
  avp_cpulist=$(vswitch_expanded_cpu_list)
  norcu_cpumap=$(invert_cpumap ${base_cpumap} ${n_cpus})
  norcu_cpulist=$(cpumap_to_cpulist ${norcu_cpumap} ${n_cpus})

  if [[ "$subfunction" =~ lowlatency ]]; then
    KERN_OPTS="${KERN_OPTS} isolcpus=${norcu_cpulist}"
    KERN_OPTS="${KERN_OPTS} nohz_full=${norcu_cpulist}"
  else
    KERN_OPTS="${KERN_OPTS} isolcpus=${avp_cpulist}"
  fi
  KERN_OPTS="${KERN_OPTS} rcu_nocbs=${norcu_cpulist}"
  KERN_OPTS="${KERN_OPTS} kthread_cpus=${base_cpulist}"
  KERN_OPTS="${KERN_OPTS} irqaffinity=${base_cpulist}"
  # Update vswitch.conf
  sed -i "s/^VSWITCH_CPU_LIST=.*/VSWITCH_CPU_LIST=\"${avp_cpulist}\"/" /etc/vswitch/vswitch.conf
fi

# Add kernel options to ensure an selinux is disabled
KERN_OPTS="${KERN_OPTS} selinux=0 enforcing=0"

# Add kernel options to set NMI watchdog
if [[ "$subfunction" =~ lowlatency ]]; then
  KERN_OPTS="${KERN_OPTS} nmi_watchdog=0 softlockup_panic=0"
else
  KERN_OPTS="${KERN_OPTS} nmi_watchdog=panic,1 softlockup_panic=1"
fi

if [[ "$(dmidecode -s system-product-name)" =~ ^ProLiant.*Gen8$ ]]; then
  KERN_OPTS="${KERN_OPTS} intel_iommu=on,eth_no_rmrr"
else
  KERN_OPTS="${KERN_OPTS} intel_iommu=on"
fi

# Add kernel option to disable biosdevname if enabled
# As this may already be in GRUB_CMDLINE_LINUX, only add if it is not already present
grep -q '^GRUB_CMDLINE_LINUX=.*biosdevname=0' /etc/default/grub
if [ $? -ne 0 ]; then
  KERN_OPTS="${KERN_OPTS} biosdevname=0"
fi

# Add kernel options to disable kvm-intel.eptad on Broadwell
# Broadwell: Model: 79, Model name: Intel(R) Xeon(R) CPU E5-2699 v4 @ 2.20GHz
if grep -q -E "^model\s+:\s+79$" /proc/cpuinfo
then
  KERN_OPTS="${KERN_OPTS} kvm-intel.eptad=0"
fi

# k8s updates:
#KERN_OPTS="${KERN_OPTS} cgroup_disable=memory"
KERN_OPTS="${KERN_OPTS} user_namespace.enable=1"

# Add kernel option to avoid jiffies_lock contention on real-time kernel
if [[ "$subfunction" =~ lowlatency ]]; then
  KERN_OPTS="${KERN_OPTS} skew_tick=1"
fi

# If the installer asked us to use security related kernel params, use
# them in the grub line as well (until they can be configured via puppet)
grep -q 'nopti' /proc/cmdline
if [ $? -eq 0 ]; then
    KERN_OPTS="${KERN_OPTS} nopti"
fi
grep -q 'nospectre_v2' /proc/cmdline
if [ $? -eq 0 ]; then
    KERN_OPTS="${KERN_OPTS} nospectre_v2"
fi

perl -pi -e 's/(GRUB_CMDLINE_LINUX=.*)\"/\1'"$KERN_OPTS"'\"/g' /etc/default/grub

if [ -d /sys/firmware/efi ] ; then
  grub-mkconfig -o /boot/efi/EFI/centos/grub.cfg
else
  grub-mkconfig -o /boot/grub/grub.cfg
fi

%end


# Template from: post_lvm_pv_on_rootfs.cfg
%post --erroronfail

# Source common functions
. /tmp/ks-functions.sh

# uncomment the global_filter line in lvm.conf
perl -0777 -i.bak -pe 's:(# This configuration option has an automatic default value\.\n)\t# global_filter:$1        global_filter:m' /etc/lvm/lvm.conf

# Determine which disk we created our PV on (i.e. the root disk)
ROOTDISK=$(get_by_path $(pvdisplay --select 'vg_name=cgts-vg' -C -o pv_name --noheadings))
if [ -z "$ROOTDISK" ]; then
    report_post_failure_with_msg "ERROR: failed to identify rootdisk via pvdisplay"
fi
# Edit the LVM config so LVM only looks for LVs on the root disk
sed -i "s#^\( *\)global_filter = \[.*#\1global_filter = [ \"a|${ROOTDISK}|\", \"r|.*|\" ]#" /etc/lvm/lvm.conf
%end


# Template from: post_system_aio.cfg
%post --erroronfail

# Source common functions
. /tmp/ks-functions.sh

# Source the generated platform.conf
. /etc/platform/platform.conf

## Reserve more memory for base processes since the controller has higher
## memory requirements but cap it to better handle systems with large
## amounts of memory
TOTALMEM=$(grep MemTotal /proc/meminfo | awk '{print int($2/1024)}')

if [ -e /sys/devices/system/node/node0 ]; then
  RESERVEDMEM=$(grep MemTotal /sys/devices/system/node/node0/meminfo | awk '{printf "%d\n", $4/1024}')
else
  RESERVEDMEM=$(grep MemTotal /proc/meminfo | awk '{print int($2/1024/4)}')
fi

if [ ${RESERVEDMEM} -lt 6144 ]; then
    RESERVEDMEM=6144
elif [ ${RESERVEDMEM} -gt 14500 ]; then
    RESERVEDMEM=14500
elif [ ${RESERVEDMEM} -gt 8192 ]; then
    RESERVEDMEM=8192
fi

sed -i -e "s#\(WORKER_BASE_RESERVED\)=.*#\1=(\"node0:${RESERVEDMEM}MB:1\" \"node1:2000MB:0\" \"node2:2000MB:0\" \"node3:2000MB:0\")#g" /etc/platform/worker_reserved.conf

# Update WORKER_CPU_LIST
N_CPUS=$(cat /proc/cpuinfo 2>/dev/null | awk '/^[pP]rocessor/ { n +=1 } END { print (n>0) ? n : 1}')
sed -i "s/^WORKER_CPU_LIST=.*/WORKER_CPU_LIST=\"0-$((N_CPUS-1))\"/" /etc/platform/worker_reserved.conf

%end


# Template from: post_usb_controller.cfg
%pre --erroronfail

# Source common functions
. /tmp/ks-functions.sh

if [ -d /mnt/install/source ]; then
    srcdir=/mnt/install/source
else
    srcdir=/run/install/repo
fi

touch /tmp/repo-include

if [ -d ${srcdir}/patches ]; then
    echo "repo --name=updates --baseurl=file://${srcdir}/patches/" > /tmp/repo-include
fi

%end

# Repository arguments from %pre
%include /tmp/repo-include

%post --erroronfail

# Source common functions
. /tmp/ks-functions.sh

mgmt_dev=none

# Persist the boot device to the platform configuration. This will get
# overwritten when config_controller is run.
echo management_interface=$mgmt_dev >> /etc/platform/platform.conf

# persist the default http port number to platform configuration. This
# will get overwritten when config_controller is run.
echo http_port=8080 >> /etc/platform/platform.conf

# Build networking scripts
cat << EOF > /etc/sysconfig/network-scripts/ifcfg-lo
DEVICE=lo
IPADDR=127.0.0.1
NETMASK=255.0.0.0
NETWORK=127.0.0.0
BROADCAST=127.255.255.255
ONBOOT=yes
IPV6_AUTOCONF=no
NAME=loopback
EOF

%end


# Note, this section is different and replaced with a wget
# if doing the initial install off the network
%post --nochroot
if [ -d /mnt/install/source ]; then
    srcdir=/mnt/install/source
else
    srcdir=/run/install/repo
fi

if [ -d $srcdir/Packages ] ; then
    mkdir -p /mnt/sysimage/www/pages/feed/rel-19.12
    cp -r $srcdir/Packages/* /mnt/sysimage/www/pages/feed/rel-19.12/
    cp $srcdir/*.cfg /mnt/sysimage/www/pages/feed/rel-19.12
fi

if [ -d $srcdir/patches ]; then
    mkdir -p /mnt/sysimage/www/pages/updates/rel-19.12
    cp -r $srcdir/patches/Packages /mnt/sysimage/www/pages/updates/rel-19.12/Packages
    cp -r $srcdir/patches/repodata /mnt/sysimage/www/pages/updates/rel-19.12/repodata
    mkdir -p /mnt/sysimage/opt/patching
    cp -r $srcdir/patches/metadata /mnt/sysimage/opt/patching/metadata
    mkdir -p /mnt/sysimage/opt/patching/packages/19.12
    
    find /mnt/sysimage/www/pages/updates/rel-19.12/Packages -name '*.rpm' \
        | xargs --no-run-if-empty -I files cp --preserve=all files /mnt/sysimage/opt/patching/packages/19.12/
fi

# Create a uuid specific to this installation
INSTALL_UUID=`uuidgen`
echo $INSTALL_UUID > /mnt/sysimage/www/pages/feed/rel-19.12/install_uuid
echo "INSTALL_UUID=$INSTALL_UUID" >> /mnt/sysimage/etc/platform/platform.conf
%end

%post

# This is a USB install, so set ONBOOT=yes for network devices.
# Doing this in the %post so we don't unintentionally setup a
# network device during the installation.
for f in /etc/sysconfig/network-scripts/ifcfg-*; do
    if grep -q '^ONBOOT=' ${f}; then
        sed -i 's/^ONBOOT=.*/ONBOOT=yes/' ${f}
    else
        echo "ONBOOT=yes" >> ${f}
    fi
    if grep -q '^IPV6_AUTOCONF=' ${f}; then
        sed -i 's/^IPV6_AUTOCONF=.*/IPV6_AUTOCONF=no/' ${f}
    else
        echo "IPV6_AUTOCONF=no" >> ${f}
    fi
done

%end


# Template from: post_usb_addon.cfg
%pre --erroronfail
if [ -d /mnt/install/source ]; then
    srcdir=/mnt/install/source
else
    srcdir=/run/install/repo
fi

if [ -f ${srcdir}/ks-addon.cfg ]; then
    cp ${srcdir}/ks-addon.cfg /tmp/
else
    cat <<EOF > /tmp/ks-addon.cfg
# No custom addon included
EOF
fi
%end

%post --nochroot
if [ -d /mnt/install/source ]; then
    srcdir=/mnt/install/source
else
    srcdir=/run/install/repo
fi

# Store the ks-addon.cfg for debugging
mkdir -p /mnt/sysimage/var/log/anaconda
cp /tmp/ks-addon.cfg /mnt/sysimage/var/log/anaconda/
%end

%post --erroronfail

# Source common functions
. /tmp/ks-functions.sh

%include /tmp/ks-addon.cfg

%end