2 # This file defines functions that can be used in %pre and %post kickstart sections, by including:
3 # . /tmp/ks-functions.sh
6 cat <<END_FUNCTIONS >/tmp/ks-functions.sh
8 # Copyright (c) 2019 Wind River Systems, Inc.
10 # SPDX-License-Identifier: Apache-2.0
13 function get_by_path()
15 local disk=\$(cd /dev ; readlink -f \$1)
16 for p in /dev/disk/by-path/*; do
17 if [ "\$disk" = "\$(readlink -f \$p)" ]; then
26 echo \$(cd /dev ; readlink -f \$1)
29 function report_pre_failure_with_msg()
32 echo -e '\n\nInstallation failed.\n'
38 function report_post_failure_with_msg()
41 cat <<EOF >> /etc/motd
47 echo "\$msg" >/etc/platform/installation_failed
49 echo -e '\n\nInstallation failed.\n'
55 function report_post_failure_with_logfile()
58 cat <<EOF >> /etc/motd
61 Please see \$logfile for details of failure
64 echo \$logfile >/etc/platform/installation_failed
66 echo -e '\n\nInstallation failed.\n'
72 function get_http_port()
74 echo \$(cat /proc/cmdline |xargs -n1 echo |grep '^inst.repo=' | sed -r 's#^[^/]*://[^/]*:([0-9]*)/.*#\1#')
82 # This file defines functions that can be used in %pre and %post kickstart sections, by including:
83 # . /tmp/ks-functions.sh
86 cat <<END_FUNCTIONS >/tmp/ks-functions.sh
88 # Copyright (c) 2019 Wind River Systems, Inc.
90 # SPDX-License-Identifier: Apache-2.0
93 function get_by_path()
95 local disk=\$(cd /dev ; readlink -f \$1)
96 for p in /dev/disk/by-path/*; do
97 if [ "\$disk" = "\$(readlink -f \$p)" ]; then
106 echo \$(cd /dev ; readlink -f \$1)
109 function report_pre_failure_with_msg()
112 echo -e '\n\nInstallation failed.\n'
118 function report_post_failure_with_msg()
121 cat <<EOF >> /etc/motd
127 echo "\$msg" >/etc/platform/installation_failed
129 echo -e '\n\nInstallation failed.\n'
135 function report_post_failure_with_logfile()
138 cat <<EOF >> /etc/motd
141 Please see \$logfile for details of failure
144 echo \$logfile >/etc/platform/installation_failed
146 echo -e '\n\nInstallation failed.\n'
152 function get_http_port()
154 echo \$(cat /proc/cmdline |xargs -n1 echo |grep '^inst.repo=' | sed -r 's#^[^/]*://[^/]*:([0-9]*)/.*#\1#')
161 # Template from: pre_common_head.cfg
164 # Source common functions
165 . /tmp/ks-functions.sh
167 # First, parse /proc/cmdline to find the boot args
168 set -- `cat /proc/cmdline`
169 for I in $*; do case "$I" in *=*) eval $I 2>/dev/null;; esac; done
172 if [ -n "$console" ] ; then
173 append="console=$console"
176 if [ -n "$security_profile" ]; then
177 append="$append security_profile=$security_profile"
180 #### SECURITY PROFILE HANDLING (Pre Installation) ####
181 if [ -n "$security_profile" ] && [ "$security_profile" == "extended" ]; then
182 # IMA specific boot options:
183 # Enable Kernel auditing
184 append="$append audit=1"
186 # we need to blacklist the IMA and Integrity Modules
187 # on standard security profile
188 append="$append module_blacklist=integrity,ima"
190 # Disable Kernel auditing in Standard Security Profile mode
191 append="$append audit=0"
194 if [ -n "$tboot" ]; then
195 append="$append tboot=$tboot"
197 append="$append tboot=false"
201 if [ -n "$boot_device" ] ; then
202 boot_device_arg="--boot-drive=$(get_by_path $boot_device)"
205 echo "bootloader --location=mbr $boot_device_arg --timeout=5 --append=\"$append\"" > /tmp/bootloader-include
207 echo "timezone --nontp --utc UTC" >/tmp/timezone-include
210 ##############################################################
212 ##############################################################
219 %include /tmp/timezone-include
222 rootpw --iscrypted $6$ArDcm/wSNLJLT2OP$QdWX6kMUgBVsiibukLBLtLfRDVz0n49BQ1svT7hPEQJASvKnqkEL5zc5kqUMMzXzLrj80z6YX9DmYTD0Ysxn.1
225 authconfig --enableshadow --passalgo=sha512
226 firewall --service=ssh
228 # Use text mode install
231 # Use CDROM installation media
234 # Run the Setup Agent on first boot
238 services --enabled="lvm2-monitor.service"
240 # Do not configure the X Window System
243 # The following is the partition information you requested
244 # Note that any partitions you deleted are not expressed
245 # here so unless you clear all partitions first, this is
246 # not guaranteed to work
249 # Disk layout from %pre
250 %include /tmp/part-include
252 # Bootloader parms from %pre
253 %include /tmp/bootloader-include
261 ################################################################
263 ################################################################
265 # Template from: pre_disk_setup_common.cfg
268 # Source common functions
269 . /tmp/ks-functions.sh
271 # This is a really fancy way of finding the first usable disk for the
272 # install and not stomping on the USB device if it comes up first
274 # First, parse /proc/cmdline to find the boot args
275 set -- `cat /proc/cmdline`
276 for I in $*; do case "$I" in *=*) eval $I 2>/dev/null;; esac; done
278 # Find either the ISO or USB device first chopping off partition
279 ISO_DEV=`readlink /dev/disk/by-label/oe_iso_boot`
280 sdev=`echo $ISO_DEV | sed -e 's/.$//'`
281 if [ -e /dev/disk/by-label/$sdev ] ; then
284 USB_DEV=`readlink /dev/disk/by-label/wr_usb_boot`
285 sdev=`echo $USB_DEV | sed -e 's/.$//'`
286 if [ -e /dev/disk/by-label/$sdev ] ; then
290 # Temporary, until lab pxelinux.cfg files are updated to specify install devices
291 if [ -z "$rootfs_device" -o -z "$boot_device" ]
294 # Prefer a vd* device if this is kvm/qemu
295 for e in vda vdb sda sdb nvme0n1; do
296 if [ -e /dev/$e -a "$ISO_DEV" != "../../$e" -a "$USB_DEV" != "../../$e" ] ; then
302 # Set variables to $INST_HDD if not set
303 rootfs_device=${rootfs_device:-$INST_HDD}
304 boot_device=${boot_device:-$INST_HDD}
308 orig_rootfs_device=$rootfs_device
309 rootfs_device=$(get_by_path $rootfs_device)
311 orig_boot_device=$boot_device
312 boot_device=$(get_by_path $boot_device)
314 if [ ! -e "$rootfs_device" -o ! -e "$boot_device" ] ; then
315 # Touch this file to prevent Anaconda from dying an ungraceful death
316 touch /tmp/part-include
318 report_pre_failure_with_msg "ERROR: Specified installation ($orig_rootfs_device) or boot ($orig_boot_device) device is invalid."
321 # Ensure specified device is not a USB drive
322 udevadm info --query=property --name=$rootfs_device |grep -q '^ID_BUS=usb' || \
323 udevadm info --query=property --name=$boot_device |grep -q '^ID_BUS=usb'
324 if [ $? -eq 0 ]; then
325 # Touch this file to prevent Anaconda from dying an ungraceful death
326 touch /tmp/part-include
328 report_pre_failure_with_msg "ERROR: Specified installation ($orig_rootfs_device) or boot ($orig_boot_device) device is a USB drive."
331 # Deactivate existing volume groups to avoid Anaconda issues with pre-existing groups
332 vgs --noheadings -o vg_name | xargs --no-run-if-empty -n 1 vgchange -an
334 # Remove volumes and group for cgts-vg, if any
335 lvremove --force cgts-vg
336 pvs --select 'vg_name=cgts-vg' --noheadings -o pv_name | xargs --no-run-if-empty pvremove --force --force --yes
337 vgs --select 'vg_name=cgts-vg' --noheadings -o vg_name | xargs --no-run-if-empty vgremove --force
340 if [ "$(curl -sf http://pxecontroller:6385/v1/upgrade/$(hostname)/in_upgrade 2>/dev/null)" = "true" ]; then
341 # In an upgrade, only wipe the disk with the rootfs and boot partition
342 echo "In upgrade, wiping only $rootfs_device"
343 WIPE_HDD="$(get_disk $rootfs_device)"
344 ONLYUSE_HDD="$(basename $(get_disk $rootfs_device))"
345 if [ "$(get_disk $rootfs_device)" != "$(get_disk $boot_device)" ]; then
346 WIPE_HDD="$WIPE_HDD,$(get_disk $boot_device)"
347 ONLYUSE_HDD="$ONLYUSE_HDD,$(basename $(get_disk $boot_device))"
350 # Make a list of all the hard drives that are to be wiped
352 # Partition type OSD has a unique globally identifier
353 part_type_guid_str="Partition GUID code"
354 CEPH_OSD_GUID="4FBD7E29-9D25-41B8-AFD0-062C0CEFF05D"
356 # Check if we wipe OSDs
357 if [ "$(curl -sf http://pxecontroller:6385/v1/ihosts/wipe_osds 2>/dev/null)" = "true" ]; then
358 echo "Wipe OSD data."
359 WIPE_CEPH_OSDS="true"
361 echo "Skip Ceph OSD data wipe."
362 WIPE_CEPH_OSDS="false"
365 for f in /dev/disk/by-path/*
367 dev=$(readlink -f $f)
368 lsblk --nodeps --pairs $dev | grep -q 'TYPE="disk"'
374 # Avoid wiping USB drives
375 udevadm info --query=property --name=$dev |grep -q '^ID_BUS=usb' && continue
377 # Avoid wiping ceph osds if sysinv tells us so
378 if [ ${WIPE_CEPH_OSDS} == "false" ]; then
380 part_numbers=( `parted -s $dev print | awk '$1 == "Number" {i=1; next}; i {print $1}'` )
381 # Scanning the partitions looking for CEPH OSDs and
382 # skipping any disk found with such partitions
383 for part_number in "${part_numbers[@]}"; do
384 sgdisk_part_info=$(flock $dev sgdisk -i $part_number $dev)
385 part_type_guid=$(echo "$sgdisk_part_info" | grep "$part_type_guid_str" | awk '{print $4;}')
386 if [ "$part_type_guid" == $CEPH_OSD_GUID ]; then
387 echo "OSD found on $dev, skipping wipe"
392 if [ "$wipe_dev" == "false" ]; then
397 # Add device to the wipe list
398 devname=$(basename $dev)
399 if [ -e $dev -a "$ISO_DEV" != "../../$devname" -a "$USB_DEV" != "../../$devname" ]; then
400 if [ -n "$WIPE_HDD" ]; then
401 WIPE_HDD=$WIPE_HDD,$dev
407 echo "Not in upgrade, wiping disks: $WIPE_HDD"
410 for dev in ${WIPE_HDD//,/ }
412 # Clearing previous GPT tables or LVM data
413 # Delete the first few bytes at the start and end of the partition. This is required with
414 # GPT partitions, they save partition info at the start and the end of the block.
415 # Do this for each partition on the disk, as well.
416 partitions=$(lsblk -rip $dev -o TYPE,NAME |awk '$1 == "part" {print $2}')
417 for p in $partitions $dev
419 echo "Pre-wiping $p from kickstart"
420 dd if=/dev/zero of=$p bs=512 count=34
421 dd if=/dev/zero of=$p bs=512 count=34 seek=$((`blockdev --getsz $p` - 34))
425 # Check for remaining cgts-vg PVs, which could potentially happen
426 # in an upgrade where we're not wiping all disks.
427 # If we ever create other volume groups from kickstart in the future,
428 # include them in this search as well.
429 partitions=$(pvs --select 'vg_name=cgts-vg' -o pv_name --noheading | grep -v '\[unknown\]')
432 echo "Pre-wiping $p from kickstart (cgts-vg present)"
433 dd if=/dev/zero of=$p bs=512 count=34
434 dd if=/dev/zero of=$p bs=512 count=34 seek=$((`blockdev --getsz $p` - 34))
437 let -i gb=1024*1024*1024
439 cat<<EOF>/tmp/part-include
440 clearpart --all --drives=$WIPE_HDD --initlabel
443 if [ -n "$ONLYUSE_HDD" ]; then
444 cat<<EOF>>/tmp/part-include
445 ignoredisk --only-use=$ONLYUSE_HDD
449 if [ -d /sys/firmware/efi ] ; then
450 cat<<EOF>>/tmp/part-include
451 part /boot/efi --fstype=efi --size=300 --ondrive=$(get_disk $boot_device)
454 cat<<EOF>>/tmp/part-include
455 part biosboot --asprimary --fstype=biosboot --size=1 --ondrive=$(get_disk $boot_device)
460 # Template from: pre_disk_aio.cfg
462 ## NOTE: updates to partition sizes need to be also reflected in
463 ## - stx-config/.../sysinv/conductor/manager.py:create_controller_filesystems()
464 ## - stx-config/.../sysinv/common/constants.py
466 ## NOTE: When adding partitions, we currently have a max of 4 primary partitions.
467 ## If more than 4 partitions are required, we can use a max of 3 --asprimary,
468 ## to allow 1 primary logical partition with extended partitions
470 ## NOTE: Max default PV size must align with the default controllerfs sizes
472 ## BACKUP_OVERHEAD = 20
474 ## Physical install (for disks over 240GB)
475 ## - DB size is doubled to allow for upgrades
477 ## DEFAULT_IMAGE_STOR_SIZE = 10
478 ## DEFAULT_DATABASE_STOR_SIZE = 20
479 ## DEFAULT_IMG_CONVERSION_STOR_SIZE = 20
480 ## BACKUP = DEFAULT_DATABASE_STOR_SIZE + DEFAULT_IMAGE_STOR_SIZE
481 ## + BACKUP_OVERHEAD = 50
482 ## LOG_VOL_SIZE = 8192
483 ## SCRATCH_VOL_SIZE = 8192
490 ## DOCKER_DIST = 16384
493 ## KUBELET_VOL_SIZE = 10240
494 ## RESERVED_PE = 16 (based on pesize=32768)
496 ## CGCS_PV_SIZE = 10240 + 2*20480 + 20480 + 51200 + 8196 + 8196 + 2048 +
497 ## 2048 + 1024 + 1024 + 5120 + 30720 + 16384 + 5120 +
498 ## 20480 + 10240 + 16 = 233496
500 ## small install - (for disks below 240GB)
501 ## - DB size is doubled to allow for upgrades
503 ## DEFAULT_SMALL_IMAGE_STOR_SIZE = 10
504 ## DEFAULT_SMALL_DATABASE_STOR_SIZE = 10
505 ## DEFAULT_SMALL_IMG_CONVERSION_STOR_SIZE = 10
506 ## DEFAULT_SMALL_BACKUP_STOR_SIZE = 40
508 ## LOG_VOL_SIZE = 8192
509 ## SCRATCH_VOL_SIZE = 8192
516 ## DOCKER_DIST = 16384
519 ## KUBELET_VOL_SIZE = 10240
520 ## RESERVED_PE = 16 (based on pesize=32768)
523 ## CGCS_PV_SIZE = 10240 + 2*10240 + 10240 + 40960 + 8192 + 8192 + 2048 +
524 ## 2048 + 1024 + 1024 + 5120 + 30720 + 16384 + 5120 +
525 ## 20480 + 10240 + 16 = 192528
527 ## NOTE: To maintain upgrade compatability within the volume group, keep the
528 ## undersized LOG_VOL_SIZE and SCRATCH_VOL_SIZE, but size the minimally size
529 ## physical volume correctly.
531 ## R4 AIO installations:
532 ## - R4 (case #1): /boot (0.5G), / (20G),
533 ## cgts-vg PV (239G), /local_pv (239G)
534 ## - R4 (case #2): /boot (0.5G), / (20G),
535 ## cgts-vg PV (239G), cgts-vg (239G)
537 ## Upgrade migration will start with R5 install and create a partition to align
538 ## above so filesystems within the volume group will be able to maintain their
540 ## - R5 install : /boot (0.5G), / (20G),
541 ## cgts-vg PV (142G), un-partitioned (336G)
542 ## - R5 (case #1): /boot (0.5G), / (20G),
543 ## cgts-vg PV (142G), cgts-vg PV (97G), unpartitioned (239G)
544 ## - R5 (case #2): /boot (0.5G), / (20G),
545 ## cgts-vg PV (142G), cgts-vg PV (336G)
548 sz=$(blockdev --getsize64 $(get_disk $rootfs_device))
549 if [ $sz -le $((240*$gb)) ] ; then
550 # Round CGCS_PV_SIZE to the closest upper value that can be divided by 1024.
551 # 192528/1024=188.01. CGCS_PV_SIZE=189*1024=193536. Using a disk with a
552 # size under 189GiB will fail.
555 # Round CGCS_PV_SIZE to the closest upper value that can be divided by 1024.
556 # 233496/1024=228.02. CGCS_PV_SIZE=229*1024=234496.
562 SCRATCH_VOL_SIZE=8000
564 ROOTFS_OPTIONS="defaults"
565 profile_mode=`cat /proc/cmdline |xargs -n1 echo |grep security_profile= | grep extended`
566 if [ -n "$profile_mode" ]; then
567 # Enable iversion labelling for rootfs when IMA is enabled
568 ROOTFS_OPTIONS="${ROOTFS_OPTIONS},iversion"
571 cat<<EOF>>/tmp/part-include
572 part /boot --fstype=ext4 --asprimary --size=500 --ondrive=$(get_disk $rootfs_device) --fsoptions="$ROOTFS_OPTIONS"
573 part pv.253004 --grow --size=500 --maxsize=$CGCS_PV_SIZE --ondrive=$(get_disk $rootfs_device)
574 volgroup cgts-vg --pesize=32768 pv.253004
575 logvol /var/log --fstype=ext4 --vgname=cgts-vg --size=$LOG_VOL_SIZE --name=log-lv
576 logvol /scratch --fstype=ext4 --vgname=cgts-vg --size=$SCRATCH_VOL_SIZE --name=scratch-lv
577 part / --fstype=ext4 --asprimary --size=$ROOTFS_SIZE --ondrive=$(get_disk $rootfs_device) --fsoptions="$ROOTFS_OPTIONS"
583 # Template from: post_platform_conf_aio.cfg
586 # Source common functions
587 . /tmp/ks-functions.sh
589 # Set the security profile mode
590 secprofile="standard"
591 profile_mode=`cat /proc/cmdline |xargs -n1 echo |grep security_profile= | grep extended`
592 if [ -n "$profile_mode" ]; then
593 secprofile="extended"
596 mkdir -p -m 0775 /etc/platform
597 cat <<EOF > /etc/platform/platform.conf
599 subfunction=controller,worker
600 system_type=All-in-one
601 security_profile=$secprofile
606 ######################################
607 # workarounds or fixes for poky-stx
608 ######################################
611 # Add extra users and groups
612 SYSADMIN_P="4SuW8cnXFyxsk"
613 groupadd -f -g 345 sys_protected
614 useradd -m -g sys_protected -G root -d /home/sysadmin -p ${SYSADMIN_P} -s /bin/sh sysadmin
616 groupadd -r -g 128 nscd
617 useradd -M -o -r -d / -s /sbin/nologin -c 'NSCD Daemon' -u 28 -g nscd nscd
621 usermod -a -G ceph ceph
623 useradd -p '' patching
625 usermod -a -G patching patching
629 usermod -a -G nfv nfv
631 usermod -a -G sys_protected sysadmin
632 usermod -a -G sys_protected sysinv
633 usermod -a -G sys_protected www
634 usermod -a -G sys_protected nfv
635 usermod -a -G sys_protected patching
636 usermod -a -G sys_protected haproxy
639 # Extend path variable for sysadmin
640 echo 'PATH=/sbin:/usr/sbin:$PATH' >> /home/sysadmin/.bashrc
641 chown sysadmin:sys_protected /home/sysadmin/.bashrc
643 # Avoid duplicate with systemd-fstab-generator
644 sed -i "s|\(^.*/dev/root\)|#\1|" /etc/fstab
649 # Template from: post_common.cfg
652 # Source common functions
653 . /tmp/ks-functions.sh
655 # Turn off locale support for i18n if is not installed
656 if [ ! -d /usr/share/i18n ] ; then
657 rm -f /etc/sysconfig/i18n
662 # If using a serial install make sure to add a getty on the tty1
663 conarg=`cat /proc/cmdline |xargs -n1 echo |grep console= |grep ttyS`
664 if [ -n "$conarg" ] ; then
665 echo "1:2345:respawn:/sbin/mingetty tty1" >> /etc/inittab
668 #### SECURITY PROFILE HANDLING (Post Installation) ####
669 # Check if the Security profile mode is enabled
670 # and load the appropriate kernel modules
671 secprofile=`cat /proc/cmdline |xargs -n1 echo |grep security_profile= | grep extended`
672 if [ -n "$secprofile" ]; then
673 echo "In Extended Security profile mode. Loading IMA kernel module"
674 systemctl enable auditd.service
675 # Add the securityfs mount for the IMA Runtime measurement list
676 echo "securityfs /sys/kernel/security securityfs defaults,nodev 0 0" >> /etc/fstab
678 # Disable audit daemon in the Standard Security Profile
679 systemctl disable auditd
682 . /etc/platform/platform.conf
683 # Configure smart package manager channels
684 rm -rf /var/lib/smart
686 /usr/bin/smart channel -y \
687 --add rpmdb type=rpm-sys name="RPM Database"
688 /usr/bin/smart channel -y \
689 --add base type=rpm-md name="Base" baseurl=http://controller:${http_port:-8080}/feed/rel-19.12
690 /usr/bin/smart channel -y \
691 --add updates type=rpm-md name="Patches" baseurl=http://controller:${http_port:-8080}/updates/rel-19.12
693 # Configure smart to use rpm --nolinktos option
694 /usr/bin/smart config --set rpm-nolinktos=true
696 # Configure smart to use rpm --nosignature option
697 /usr/bin/smart config --set rpm-check-signatures=false
699 # Delete the CentOS yum repo files
700 rm -f /etc/yum.repos.d/CentOS-*
702 # Persist the boot device naming as UDEV rules so that if the network device
703 # order changes post-install that we will still be able to DHCP from the
704 # correct interface to reach the active controller. For most nodes only the
705 # management/boot interface needs to be persisted but because we require both
706 # controllers to be identically configured and controller-0 and controller-1
707 # are installed differently (e.g., controller-0 from USB and controller-1 from
708 # network) it is not possible to know which interface to persist for
709 # controller-0. The simplest solution is to persist all interfaces.
711 mkdir -p /etc/udev/rules.d
712 echo "# Persisted network interfaces from anaconda installer" > /etc/udev/rules.d/70-persistent-net.rules
713 for dir in /sys/class/net/*; do
714 if [ -e ${dir}/device ]; then
715 dev=$(basename ${dir})
716 mac_address=$(cat /sys/class/net/${dev}/address)
717 echo "ACTION==\"add\", SUBSYSTEM==\"net\", DRIVERS==\"?*\", ATTR{address}==\"${mac_address}\", NAME=\"${dev}\"" >> /etc/udev/rules.d/70-persistent-net.rules
721 # Mark the sysadmin password as expired immediately
724 # Lock the root password
727 # Enable tmpfs mount for /tmp
728 # delete /var/tmp so that it can similinked in
730 systemctl enable tmp.mount
732 # Disable automount of /dev/hugepages
733 systemctl mask dev-hugepages.mount
736 systemctl disable firewalld
739 systemctl disable libvirtd.service
742 systemctl enable rsyncd.service
744 # Allow root to run sudo from a non-tty (for scripts running as root that run sudo cmds)
745 echo 'Defaults:root !requiretty' > /etc/sudoers.d/root
747 # Make fstab just root read/writable
750 # Create first_boot flag
751 touch /etc/platform/.first_boot
755 # Template from: post_kernel_aio_and_worker.cfg
758 # Source common functions
759 . /tmp/ks-functions.sh
761 # Source the generated platform.conf
762 . /etc/platform/platform.conf
764 # Update grub with custom kernel bootargs
765 source /etc/init.d/cpumap_functions.sh
766 n_cpus=$(cat /proc/cpuinfo 2>/dev/null | \
767 awk '/^[pP]rocessor/ { n +=1 } END { print (n>0) ? n : 1}')
768 n_numa=$(ls -d /sys/devices/system/node/node* 2>/dev/null | wc -l)
769 KERN_OPTS=" iommu=pt usbcore.autosuspend=-1"
771 KERN_OPTS="${KERN_OPTS} hugepagesz=2M hugepages=0 default_hugepagesz=2M"
773 # If this is an all-in-one system, we need at least 4 CPUs
774 if [ "$system_type" = "All-in-one" -a ${n_cpus} -lt 4 ]; then
775 report_post_failure_with_msg "ERROR: At least 4 CPUs are required for controller+worker node."
778 # Add kernel options for cpu isolation / affinity
779 if [ ${n_cpus} -gt 1 ]
781 base_cpulist=$(platform_expanded_cpu_list)
782 base_cpumap=$(cpulist_to_cpumap ${base_cpulist} ${n_cpus})
783 avp_cpulist=$(vswitch_expanded_cpu_list)
784 norcu_cpumap=$(invert_cpumap ${base_cpumap} ${n_cpus})
785 norcu_cpulist=$(cpumap_to_cpulist ${norcu_cpumap} ${n_cpus})
787 if [[ "$subfunction" =~ lowlatency ]]; then
788 KERN_OPTS="${KERN_OPTS} isolcpus=${norcu_cpulist}"
789 KERN_OPTS="${KERN_OPTS} nohz_full=${norcu_cpulist}"
791 KERN_OPTS="${KERN_OPTS} isolcpus=${avp_cpulist}"
793 KERN_OPTS="${KERN_OPTS} rcu_nocbs=${norcu_cpulist}"
794 KERN_OPTS="${KERN_OPTS} kthread_cpus=${base_cpulist}"
795 KERN_OPTS="${KERN_OPTS} irqaffinity=${base_cpulist}"
796 # Update vswitch.conf
797 sed -i "s/^VSWITCH_CPU_LIST=.*/VSWITCH_CPU_LIST=\"${avp_cpulist}\"/" /etc/vswitch/vswitch.conf
800 # Add kernel options to ensure an selinux is disabled
801 KERN_OPTS="${KERN_OPTS} selinux=0 enforcing=0"
803 # Add kernel options to set NMI watchdog
804 if [[ "$subfunction" =~ lowlatency ]]; then
805 KERN_OPTS="${KERN_OPTS} nmi_watchdog=0 softlockup_panic=0"
807 KERN_OPTS="${KERN_OPTS} nmi_watchdog=panic,1 softlockup_panic=1"
810 if [[ "$(dmidecode -s system-product-name)" =~ ^ProLiant.*Gen8$ ]]; then
811 KERN_OPTS="${KERN_OPTS} intel_iommu=on,eth_no_rmrr"
813 KERN_OPTS="${KERN_OPTS} intel_iommu=on"
816 # Add kernel option to disable biosdevname if enabled
817 # As this may already be in GRUB_CMDLINE_LINUX, only add if it is not already present
818 grep -q '^GRUB_CMDLINE_LINUX=.*biosdevname=0' /etc/default/grub
819 if [ $? -ne 0 ]; then
820 KERN_OPTS="${KERN_OPTS} biosdevname=0"
823 # Add kernel options to disable kvm-intel.eptad on Broadwell
824 # Broadwell: Model: 79, Model name: Intel(R) Xeon(R) CPU E5-2699 v4 @ 2.20GHz
825 if grep -q -E "^model\s+:\s+79$" /proc/cpuinfo
827 KERN_OPTS="${KERN_OPTS} kvm-intel.eptad=0"
831 #KERN_OPTS="${KERN_OPTS} cgroup_disable=memory"
832 KERN_OPTS="${KERN_OPTS} user_namespace.enable=1"
834 # Add kernel option to avoid jiffies_lock contention on real-time kernel
835 if [[ "$subfunction" =~ lowlatency ]]; then
836 KERN_OPTS="${KERN_OPTS} skew_tick=1"
839 # If the installer asked us to use security related kernel params, use
840 # them in the grub line as well (until they can be configured via puppet)
841 grep -q 'nopti' /proc/cmdline
842 if [ $? -eq 0 ]; then
843 KERN_OPTS="${KERN_OPTS} nopti"
845 grep -q 'nospectre_v2' /proc/cmdline
846 if [ $? -eq 0 ]; then
847 KERN_OPTS="${KERN_OPTS} nospectre_v2"
850 perl -pi -e 's/(GRUB_CMDLINE_LINUX=.*)\"/\1'"$KERN_OPTS"'\"/g' /etc/default/grub
852 if [ -d /sys/firmware/efi ] ; then
853 grub-mkconfig -o /boot/efi/EFI/centos/grub.cfg
855 grub-mkconfig -o /boot/grub/grub.cfg
861 # Template from: post_lvm_pv_on_rootfs.cfg
864 # Source common functions
865 . /tmp/ks-functions.sh
867 # uncomment the global_filter line in lvm.conf
868 perl -0777 -i.bak -pe 's:(# This configuration option has an automatic default value\.\n)\t# global_filter:$1 global_filter:m' /etc/lvm/lvm.conf
870 # Determine which disk we created our PV on (i.e. the root disk)
871 ROOTDISK=$(get_by_path $(pvdisplay --select 'vg_name=cgts-vg' -C -o pv_name --noheadings))
872 if [ -z "$ROOTDISK" ]; then
873 report_post_failure_with_msg "ERROR: failed to identify rootdisk via pvdisplay"
875 # Edit the LVM config so LVM only looks for LVs on the root disk
876 sed -i "s#^\( *\)global_filter = \[.*#\1global_filter = [ \"a|${ROOTDISK}|\", \"r|.*|\" ]#" /etc/lvm/lvm.conf
880 # Template from: post_system_aio.cfg
883 # Source common functions
884 . /tmp/ks-functions.sh
886 # Source the generated platform.conf
887 . /etc/platform/platform.conf
889 ## Reserve more memory for base processes since the controller has higher
890 ## memory requirements but cap it to better handle systems with large
892 TOTALMEM=$(grep MemTotal /proc/meminfo | awk '{print int($2/1024)}')
894 if [ -e /sys/devices/system/node/node0 ]; then
895 RESERVEDMEM=$(grep MemTotal /sys/devices/system/node/node0/meminfo | awk '{printf "%d\n", $4/1024}')
897 RESERVEDMEM=$(grep MemTotal /proc/meminfo | awk '{print int($2/1024/4)}')
900 if [ ${RESERVEDMEM} -lt 6144 ]; then
902 elif [ ${RESERVEDMEM} -gt 14500 ]; then
904 elif [ ${RESERVEDMEM} -gt 8192 ]; then
908 sed -i -e "s#\(WORKER_BASE_RESERVED\)=.*#\1=(\"node0:${RESERVEDMEM}MB:1\" \"node1:2000MB:0\" \"node2:2000MB:0\" \"node3:2000MB:0\")#g" /etc/platform/worker_reserved.conf
910 # Update WORKER_CPU_LIST
911 N_CPUS=$(cat /proc/cpuinfo 2>/dev/null | awk '/^[pP]rocessor/ { n +=1 } END { print (n>0) ? n : 1}')
912 sed -i "s/^WORKER_CPU_LIST=.*/WORKER_CPU_LIST=\"0-$((N_CPUS-1))\"/" /etc/platform/worker_reserved.conf
917 # Template from: post_usb_controller.cfg
920 # Source common functions
921 . /tmp/ks-functions.sh
923 if [ -d /mnt/install/source ]; then
924 srcdir=/mnt/install/source
926 srcdir=/run/install/repo
929 touch /tmp/repo-include
931 if [ -d ${srcdir}/patches ]; then
932 echo "repo --name=updates --baseurl=file://${srcdir}/patches/" > /tmp/repo-include
937 # Repository arguments from %pre
938 %include /tmp/repo-include
942 # Source common functions
943 . /tmp/ks-functions.sh
947 # Persist the boot device to the platform configuration. This will get
948 # overwritten when config_controller is run.
949 echo management_interface=$mgmt_dev >> /etc/platform/platform.conf
951 # persist the default http port number to platform configuration. This
952 # will get overwritten when config_controller is run.
953 echo http_port=8080 >> /etc/platform/platform.conf
955 # Build networking scripts
956 cat << EOF > /etc/sysconfig/network-scripts/ifcfg-lo
961 BROADCAST=127.255.255.255
970 # Note, this section is different and replaced with a wget
971 # if doing the initial install off the network
973 if [ -d /mnt/install/source ]; then
974 srcdir=/mnt/install/source
976 srcdir=/run/install/repo
979 if [ -d $srcdir/Packages ] ; then
980 mkdir -p /mnt/sysimage/www/pages/feed/rel-19.12
981 cp -r $srcdir/Packages /mnt/sysimage/www/pages/feed/rel-19.12/Packages
982 cp -r $srcdir/repodata /mnt/sysimage/www/pages/feed/rel-19.12/repodata
983 cp $srcdir/*.cfg /mnt/sysimage/www/pages/feed/rel-19.12
986 if [ -d $srcdir/patches ]; then
987 mkdir -p /mnt/sysimage/www/pages/updates/rel-19.12
988 cp -r $srcdir/patches/Packages /mnt/sysimage/www/pages/updates/rel-19.12/Packages
989 cp -r $srcdir/patches/repodata /mnt/sysimage/www/pages/updates/rel-19.12/repodata
990 mkdir -p /mnt/sysimage/opt/patching
991 cp -r $srcdir/patches/metadata /mnt/sysimage/opt/patching/metadata
992 mkdir -p /mnt/sysimage/opt/patching/packages/19.12
994 find /mnt/sysimage/www/pages/updates/rel-19.12/Packages -name '*.rpm' \
995 | xargs --no-run-if-empty -I files cp --preserve=all files /mnt/sysimage/opt/patching/packages/19.12/
998 # Create a uuid specific to this installation
999 INSTALL_UUID=`uuidgen`
1000 echo $INSTALL_UUID > /mnt/sysimage/www/pages/feed/rel-19.12/install_uuid
1001 echo "INSTALL_UUID=$INSTALL_UUID" >> /mnt/sysimage/etc/platform/platform.conf
1006 # This is a USB install, so set ONBOOT=yes for network devices.
1007 # Doing this in the %post so we don't unintentionally setup a
1008 # network device during the installation.
1009 for f in /etc/sysconfig/network-scripts/ifcfg-*; do
1010 if grep -q '^ONBOOT=' ${f}; then
1011 sed -i 's/^ONBOOT=.*/ONBOOT=yes/' ${f}
1013 echo "ONBOOT=yes" >> ${f}
1015 if grep -q '^IPV6_AUTOCONF=' ${f}; then
1016 sed -i 's/^IPV6_AUTOCONF=.*/IPV6_AUTOCONF=no/' ${f}
1018 echo "IPV6_AUTOCONF=no" >> ${f}
1025 # Template from: post_usb_addon.cfg
1027 if [ -d /mnt/install/source ]; then
1028 srcdir=/mnt/install/source
1030 srcdir=/run/install/repo
1033 if [ -f ${srcdir}/ks-addon.cfg ]; then
1034 cp ${srcdir}/ks-addon.cfg /tmp/
1036 cat <<EOF > /tmp/ks-addon.cfg
1037 # No custom addon included
1043 if [ -d /mnt/install/source ]; then
1044 srcdir=/mnt/install/source
1046 srcdir=/run/install/repo
1049 # Store the ks-addon.cfg for debugging
1050 mkdir -p /mnt/sysimage/var/log/anaconda
1051 cp /tmp/ks-addon.cfg /mnt/sysimage/var/log/anaconda/
1056 # Source common functions
1057 . /tmp/ks-functions.sh
1059 %include /tmp/ks-addon.cfg