# # Copyright (c) 2019 Wind River Systems, Inc. # SPDX-License-Identifier: Apache-2.0 # %pre # This file defines functions that can be used in %pre and %post kickstart sections, by including: # . /tmp/ks-functions.sh # cat </tmp/ks-functions.sh # # Copyright (c) 2019 Wind River Systems, Inc. # # SPDX-License-Identifier: Apache-2.0 # function get_by_path() { local disk=\$(cd /dev ; readlink -f \$1) for p in /dev/disk/by-path/*; do if [ "\$disk" = "\$(readlink -f \$p)" ]; then echo \$p return fi done } function get_disk() { echo \$(cd /dev ; readlink -f \$1) } function report_pre_failure_with_msg() { local msg=\$1 echo -e '\n\nInstallation failed.\n' echo "\$msg" exit 1 } function report_post_failure_with_msg() { local msg=\$1 cat <> /etc/motd Installation failed. \$msg EOF echo "\$msg" >/etc/platform/installation_failed echo -e '\n\nInstallation failed.\n' echo "\$msg" exit 1 } function report_post_failure_with_logfile() { local logfile=\$1 cat <> /etc/motd Installation failed. Please see \$logfile for details of failure EOF echo \$logfile >/etc/platform/installation_failed echo -e '\n\nInstallation failed.\n' cat \$logfile exit 1 } function get_http_port() { echo \$(cat /proc/cmdline |xargs -n1 echo |grep '^inst.repo=' | sed -r 's#^[^/]*://[^/]*:([0-9]*)/.*#\1#') } END_FUNCTIONS %end %post # This file defines functions that can be used in %pre and %post kickstart sections, by including: # . /tmp/ks-functions.sh # cat </tmp/ks-functions.sh # # Copyright (c) 2019 Wind River Systems, Inc. # # SPDX-License-Identifier: Apache-2.0 # function get_by_path() { local disk=\$(cd /dev ; readlink -f \$1) for p in /dev/disk/by-path/*; do if [ "\$disk" = "\$(readlink -f \$p)" ]; then echo \$p return fi done } function get_disk() { echo \$(cd /dev ; readlink -f \$1) } function report_pre_failure_with_msg() { local msg=\$1 echo -e '\n\nInstallation failed.\n' echo "\$msg" exit 1 } function report_post_failure_with_msg() { local msg=\$1 cat <> /etc/motd Installation failed. \$msg EOF echo "\$msg" >/etc/platform/installation_failed echo -e '\n\nInstallation failed.\n' echo "\$msg" exit 1 } function report_post_failure_with_logfile() { local logfile=\$1 cat <> /etc/motd Installation failed. Please see \$logfile for details of failure EOF echo \$logfile >/etc/platform/installation_failed echo -e '\n\nInstallation failed.\n' cat \$logfile exit 1 } function get_http_port() { echo \$(cat /proc/cmdline |xargs -n1 echo |grep '^inst.repo=' | sed -r 's#^[^/]*://[^/]*:([0-9]*)/.*#\1#') } END_FUNCTIONS %end # Template from: pre_common_head.cfg %pre --erroronfail # Source common functions . /tmp/ks-functions.sh # First, parse /proc/cmdline to find the boot args set -- `cat /proc/cmdline` for I in $*; do case "$I" in *=*) eval $I 2>/dev/null;; esac; done append= if [ -n "$console" ] ; then append="console=$console" fi if [ -n "$security_profile" ]; then append="$append security_profile=$security_profile" fi #### SECURITY PROFILE HANDLING (Pre Installation) #### if [ -n "$security_profile" ] && [ "$security_profile" == "extended" ]; then # IMA specific boot options: # Enable Kernel auditing append="$append audit=1" else # we need to blacklist the IMA and Integrity Modules # on standard security profile append="$append module_blacklist=integrity,ima" # Disable Kernel auditing in Standard Security Profile mode append="$append audit=0" fi if [ -n "$tboot" ]; then append="$append tboot=$tboot" else append="$append tboot=false" fi boot_device_arg= if [ -n "$boot_device" ] ; then boot_device_arg="--boot-drive=$(get_by_path $boot_device)" fi echo "bootloader --location=mbr $boot_device_arg --timeout=5 --append=\"$append\"" > /tmp/bootloader-include echo "timezone --nontp --utc UTC" >/tmp/timezone-include %end #version=DEVEL install lang en_US.UTF-8 keyboard us %include /tmp/timezone-include # set to 'x' so we can use shadow password rootpw --iscrypted x selinux --disabled authconfig --enableshadow --passalgo=sha512 firewall --service=ssh # The following is the partition information you requested # Note that any partitions you deleted are not expressed # here so unless you clear all partitions first, this is # not guaranteed to work zerombr # Disk layout from %pre %include /tmp/part-include # Bootloader parms from %pre %include /tmp/bootloader-include reboot --eject # Template from: pre_net_common.cfg %pre # Setup ntp.conf and sync time cat </etc/ntp_kickstart.conf server pxecontroller EOF /usr/sbin/ntpd -g -q -n -c /etc/ntp_kickstart.conf if [ $? -eq 0 ]; then /sbin/hwclock --systohc --utc fi %end # Template from: pre_pkglist_lowlatency.cfg %packages @core @base -kernel-module-igb-uio -kernel-module-wrs-avp -kernel -kernel-tools -kernel-tools-libs -kmod-drbd -kmod-e1000e -kmod-i40e -kmod-ixgbe -kmod-tpm -mlnx-ofa_kernel -mlnx-ofa_kernel-rt -mlnx-ofa_kernel-modules -qat16 @platform-worker-lowlatency @updates-worker-lowlatency %end # Template from: pre_disk_setup_common.cfg %pre --erroronfail # Source common functions . /tmp/ks-functions.sh # This is a really fancy way of finding the first usable disk for the # install and not stomping on the USB device if it comes up first # First, parse /proc/cmdline to find the boot args set -- `cat /proc/cmdline` for I in $*; do case "$I" in *=*) eval $I 2>/dev/null;; esac; done # Find either the ISO or USB device first chopping off partition ISO_DEV=`readlink /dev/disk/by-label/oe_iso_boot` sdev=`echo $ISO_DEV | sed -e 's/.$//'` if [ -e /dev/disk/by-label/$sdev ] ; then ISO_DEV=$sdev fi USB_DEV=`readlink /dev/disk/by-label/wr_usb_boot` sdev=`echo $USB_DEV | sed -e 's/.$//'` if [ -e /dev/disk/by-label/$sdev ] ; then USB_DEV=$sdev fi # Temporary, until lab pxelinux.cfg files are updated to specify install devices if [ -z "$rootfs_device" -o -z "$boot_device" ] then INST_HDD="" # Prefer a vd* device if this is kvm/qemu for e in vda vdb sda sdb nvme0n1; do if [ -e /dev/$e -a "$ISO_DEV" != "../../$e" -a "$USB_DEV" != "../../$e" ] ; then INST_HDD=$e break fi done # Set variables to $INST_HDD if not set rootfs_device=${rootfs_device:-$INST_HDD} boot_device=${boot_device:-$INST_HDD} fi # Convert to by-path orig_rootfs_device=$rootfs_device rootfs_device=$(get_by_path $rootfs_device) orig_boot_device=$boot_device boot_device=$(get_by_path $boot_device) if [ ! -e "$rootfs_device" -o ! -e "$boot_device" ] ; then # Touch this file to prevent Anaconda from dying an ungraceful death touch /tmp/part-include report_pre_failure_with_msg "ERROR: Specified installation ($orig_rootfs_device) or boot ($orig_boot_device) device is invalid." fi # Ensure specified device is not a USB drive udevadm info --query=property --name=$rootfs_device |grep -q '^ID_BUS=usb' || \ udevadm info --query=property --name=$boot_device |grep -q '^ID_BUS=usb' if [ $? -eq 0 ]; then # Touch this file to prevent Anaconda from dying an ungraceful death touch /tmp/part-include report_pre_failure_with_msg "ERROR: Specified installation ($orig_rootfs_device) or boot ($orig_boot_device) device is a USB drive." fi # Deactivate existing volume groups to avoid Anaconda issues with pre-existing groups vgs --noheadings -o vg_name | xargs --no-run-if-empty -n 1 vgchange -an # Remove volumes and group for cgts-vg, if any lvremove --force cgts-vg pvs --select 'vg_name=cgts-vg' --noheadings -o pv_name | xargs --no-run-if-empty pvremove --force --force --yes vgs --select 'vg_name=cgts-vg' --noheadings -o vg_name | xargs --no-run-if-empty vgremove --force ONLYUSE_HDD="" if [ "$(curl -sf http://pxecontroller:6385/v1/upgrade/$(hostname)/in_upgrade 2>/dev/null)" = "true" ]; then # In an upgrade, only wipe the disk with the rootfs and boot partition echo "In upgrade, wiping only $rootfs_device" WIPE_HDD="$(get_disk $rootfs_device)" ONLYUSE_HDD="$(basename $(get_disk $rootfs_device))" if [ "$(get_disk $rootfs_device)" != "$(get_disk $boot_device)" ]; then WIPE_HDD="$WIPE_HDD,$(get_disk $boot_device)" ONLYUSE_HDD="$ONLYUSE_HDD,$(basename $(get_disk $boot_device))" fi else # Make a list of all the hard drives that are to be wiped WIPE_HDD="" # Partition type OSD has a unique globally identifier part_type_guid_str="Partition GUID code" CEPH_OSD_GUID="4FBD7E29-9D25-41B8-AFD0-062C0CEFF05D" # Check if we wipe OSDs if [ "$(curl -sf http://pxecontroller:6385/v1/ihosts/wipe_osds 2>/dev/null)" = "true" ]; then echo "Wipe OSD data." WIPE_CEPH_OSDS="true" else echo "Skip Ceph OSD data wipe." WIPE_CEPH_OSDS="false" fi for f in /dev/disk/by-path/* do dev=$(readlink -f $f) lsblk --nodeps --pairs $dev | grep -q 'TYPE="disk"' if [ $? -ne 0 ] then continue fi # Avoid wiping USB drives udevadm info --query=property --name=$dev |grep -q '^ID_BUS=usb' && continue # Avoid wiping ceph osds if sysinv tells us so if [ ${WIPE_CEPH_OSDS} == "false" ]; then wipe_dev="true" part_numbers=( `parted -s $dev print | awk '$1 == "Number" {i=1; next}; i {print $1}'` ) # Scanning the partitions looking for CEPH OSDs and # skipping any disk found with such partitions for part_number in "${part_numbers[@]}"; do sgdisk_part_info=$(flock $dev sgdisk -i $part_number $dev) part_type_guid=$(echo "$sgdisk_part_info" | grep "$part_type_guid_str" | awk '{print $4;}') if [ "$part_type_guid" == $CEPH_OSD_GUID ]; then echo "OSD found on $dev, skipping wipe" wipe_dev="false" break fi done if [ "$wipe_dev" == "false" ]; then continue fi fi # Add device to the wipe list devname=$(basename $dev) if [ -e $dev -a "$ISO_DEV" != "../../$devname" -a "$USB_DEV" != "../../$devname" ]; then if [ -n "$WIPE_HDD" ]; then WIPE_HDD=$WIPE_HDD,$dev else WIPE_HDD=$dev fi fi done echo "Not in upgrade, wiping disks: $WIPE_HDD" fi for dev in ${WIPE_HDD//,/ } do # Clearing previous GPT tables or LVM data # Delete the first few bytes at the start and end of the partition. This is required with # GPT partitions, they save partition info at the start and the end of the block. # Do this for each partition on the disk, as well. partitions=$(lsblk -rip $dev -o TYPE,NAME |awk '$1 == "part" {print $2}') for p in $partitions $dev do echo "Pre-wiping $p from kickstart" dd if=/dev/zero of=$p bs=512 count=34 dd if=/dev/zero of=$p bs=512 count=34 seek=$((`blockdev --getsz $p` - 34)) done done # Check for remaining cgts-vg PVs, which could potentially happen # in an upgrade where we're not wiping all disks. # If we ever create other volume groups from kickstart in the future, # include them in this search as well. partitions=$(pvs --select 'vg_name=cgts-vg' -o pv_name --noheading | grep -v '\[unknown\]') for p in $partitions do echo "Pre-wiping $p from kickstart (cgts-vg present)" dd if=/dev/zero of=$p bs=512 count=34 dd if=/dev/zero of=$p bs=512 count=34 seek=$((`blockdev --getsz $p` - 34)) done let -i gb=1024*1024*1024 cat</tmp/part-include clearpart --all --drives=$WIPE_HDD --initlabel EOF if [ -n "$ONLYUSE_HDD" ]; then cat<>/tmp/part-include ignoredisk --only-use=$ONLYUSE_HDD EOF fi if [ -d /sys/firmware/efi ] ; then cat<>/tmp/part-include part /boot/efi --fstype=efi --size=300 --ondrive=$(get_disk $boot_device) EOF else cat<>/tmp/part-include part biosboot --asprimary --fstype=biosboot --size=1 --ondrive=$(get_disk $boot_device) EOF fi # Template from: pre_disk_worker.cfg LOG_VOL_SIZE=4000 SCRATCH_VOL_SIZE=4000 BOOT_VOL_SIZE=500 ## LOG_VOL_SIZE = 4096 ## SCRATCH_VOL_SIZE = 4096 ## DOCKER = 30720 ## CEPH_MON = 20480 ## KUBELET_VOL_SIZE = 10240 ## RESERVED_PE = 16 (based on pesize=32768) ## ## CGTS_PV_SIZE = 4096 + 4096 + 30720 + 20480 + 10240 + 16 = 69648 ## ## Round CGTS_PV_SIZE to the closest upper value that can be divided by 1024. ## 69648/1024=68.01. CGTS_PV_SIZE=69*1024=70656. CGTS_PV_SIZE=70656 sz=$(blockdev --getsize64 $(get_disk $rootfs_device)) if [ $sz -le $((80*$gb)) ] ; then ## Less than 80GB use a 10GB root partition ROOTFS_SIZE=10000 else ## Use a 20GB root partition ROOTFS_SIZE=20000 fi ROOTFS_OPTIONS="defaults" profile_mode=`cat /proc/cmdline |xargs -n1 echo |grep security_profile= | grep extended` if [ -n "$profile_mode" ]; then # Enable iversion labelling for rootfs when IMA is enabled ROOTFS_OPTIONS="${ROOTFS_OPTIONS},iversion" fi cat<>/tmp/part-include part /boot --fstype=ext4 --asprimary --size=$BOOT_VOL_SIZE --ondrive=$(get_disk $rootfs_device) --fsoptions="$ROOTFS_OPTIONS" part pv.253004 --asprimary --size=$CGTS_PV_SIZE --ondrive=$(get_disk $rootfs_device) volgroup cgts-vg --pesize=32768 pv.253004 logvol /var/log --fstype=ext4 --vgname=cgts-vg --size=$LOG_VOL_SIZE --name=log-lv logvol /scratch --fstype=ext4 --vgname=cgts-vg --size=$SCRATCH_VOL_SIZE --name=scratch-lv part / --fstype=ext4 --asprimary --size=$ROOTFS_SIZE --ondrive=$(get_disk $rootfs_device) --fsoptions="$ROOTFS_OPTIONS" EOF %end # Template from: post_platform_conf_worker_lowlatency.cfg %post --erroronfail # Source common functions . /tmp/ks-functions.sh # Retrieve the installation uuid from the controller we booted from http_port=$(get_http_port) INSTALL_UUID=`curl -sf http://pxecontroller:${http_port:-8080}/feed/rel-19.12/install_uuid` if [ $? -ne 0 ] then INSTALL_UUID=unknown fi # Set the security profile mode secprofile="standard" profile_mode=`cat /proc/cmdline |xargs -n1 echo |grep security_profile= | grep extended` if [ -n "$profile_mode" ]; then secprofile="extended" fi mkdir -p -m 0775 /etc/platform cat < /etc/platform/platform.conf nodetype=worker subfunction=worker,lowlatency system_type=Standard security_profile=$secprofile INSTALL_UUID=$INSTALL_UUID EOF # mount the platform directory from the controller cat >> /etc/fstab <> /etc/inittab fi #### SECURITY PROFILE HANDLING (Post Installation) #### # Check if the Security profile mode is enabled # and load the appropriate kernel modules secprofile=`cat /proc/cmdline |xargs -n1 echo |grep security_profile= | grep extended` if [ -n "$secprofile" ]; then echo "In Extended Security profile mode. Loading IMA kernel module" systemctl enable auditd.service # Add the securityfs mount for the IMA Runtime measurement list echo "securityfs /sys/kernel/security securityfs defaults,nodev 0 0" >> /etc/fstab else # Disable audit daemon in the Standard Security Profile systemctl disable auditd fi . /etc/platform/platform.conf # Configure smart package manager channels rm -rf /var/lib/smart mkdir /var/lib/smart /usr/bin/smart channel -y \ --add rpmdb type=rpm-sys name="RPM Database" /usr/bin/smart channel -y \ --add base type=rpm-md name="Base" baseurl=http://controller:${http_port:-8080}/feed/rel-19.12 /usr/bin/smart channel -y \ --add updates type=rpm-md name="Patches" baseurl=http://controller:${http_port:-8080}/updates/rel-19.12 # Configure smart to use rpm --nolinktos option /usr/bin/smart config --set rpm-nolinktos=true # Configure smart to use rpm --nosignature option /usr/bin/smart config --set rpm-check-signatures=false # Delete the CentOS yum repo files rm -f /etc/yum.repos.d/CentOS-* # Persist the boot device naming as UDEV rules so that if the network device # order changes post-install that we will still be able to DHCP from the # correct interface to reach the active controller. For most nodes only the # management/boot interface needs to be persisted but because we require both # controllers to be identically configured and controller-0 and controller-1 # are installed differently (e.g., controller-0 from USB and controller-1 from # network) it is not possible to know which interface to persist for # controller-0. The simplest solution is to persist all interfaces. # mkdir -p /etc/udev/rules.d echo "# Persisted network interfaces from anaconda installer" > /etc/udev/rules.d/70-persistent-net.rules for dir in /sys/class/net/*; do if [ -e ${dir}/device ]; then dev=$(basename ${dir}) mac_address=$(cat /sys/class/net/${dev}/address) echo "ACTION==\"add\", SUBSYSTEM==\"net\", DRIVERS==\"?*\", ATTR{address}==\"${mac_address}\", NAME=\"${dev}\"" >> /etc/udev/rules.d/70-persistent-net.rules fi done # Mark the sysadmin password as expired immediately chage -d 0 sysadmin # Lock the root password passwd -l root # Enable tmpfs mount for /tmp # delete /var/tmp so that it can similinked in rm -rf /var/tmp systemctl enable tmp.mount # Disable automount of /dev/hugepages systemctl mask dev-hugepages.mount # Disable firewall systemctl disable firewalld # Disable libvirtd systemctl disable libvirtd.service # Enable rsyncd systemctl enable rsyncd.service # Allow root to run sudo from a non-tty (for scripts running as root that run sudo cmds) echo 'Defaults:root !requiretty' > /etc/sudoers.d/root # Make fstab just root read/writable chmod 600 /etc/fstab # Create first_boot flag touch /etc/platform/.first_boot %end # Template from: post_kernel_aio_and_worker.cfg %post --erroronfail # Source common functions . /tmp/ks-functions.sh # Source the generated platform.conf . /etc/platform/platform.conf # Update grub with custom kernel bootargs source /etc/init.d/cpumap_functions.sh n_cpus=$(cat /proc/cpuinfo 2>/dev/null | \ awk '/^[pP]rocessor/ { n +=1 } END { print (n>0) ? n : 1}') n_numa=$(ls -d /sys/devices/system/node/node* 2>/dev/null | wc -l) KERN_OPTS=" iommu=pt usbcore.autosuspend=-1" KERN_OPTS="${KERN_OPTS} hugepagesz=2M hugepages=0 default_hugepagesz=2M" # If this is an all-in-one system, we need at least 4 CPUs if [ "$system_type" = "All-in-one" -a ${n_cpus} -lt 4 ]; then report_post_failure_with_msg "ERROR: At least 4 CPUs are required for controller+worker node." fi # Add kernel options for cpu isolation / affinity if [ ${n_cpus} -gt 1 ] then base_cpulist=$(platform_expanded_cpu_list) base_cpumap=$(cpulist_to_cpumap ${base_cpulist} ${n_cpus}) avp_cpulist=$(vswitch_expanded_cpu_list) norcu_cpumap=$(invert_cpumap ${base_cpumap} ${n_cpus}) norcu_cpulist=$(cpumap_to_cpulist ${norcu_cpumap} ${n_cpus}) if [[ "$subfunction" =~ lowlatency ]]; then KERN_OPTS="${KERN_OPTS} isolcpus=${norcu_cpulist}" KERN_OPTS="${KERN_OPTS} nohz_full=${norcu_cpulist}" else KERN_OPTS="${KERN_OPTS} isolcpus=${avp_cpulist}" fi KERN_OPTS="${KERN_OPTS} rcu_nocbs=${norcu_cpulist}" KERN_OPTS="${KERN_OPTS} kthread_cpus=${base_cpulist}" KERN_OPTS="${KERN_OPTS} irqaffinity=${base_cpulist}" # Update vswitch.conf sed -i "s/^VSWITCH_CPU_LIST=.*/VSWITCH_CPU_LIST=\"${avp_cpulist}\"/" /etc/vswitch/vswitch.conf fi # Add kernel options to ensure an selinux is disabled KERN_OPTS="${KERN_OPTS} selinux=0 enforcing=0" # Add kernel options to set NMI watchdog if [[ "$subfunction" =~ lowlatency ]]; then KERN_OPTS="${KERN_OPTS} nmi_watchdog=0 softlockup_panic=0" else KERN_OPTS="${KERN_OPTS} nmi_watchdog=panic,1 softlockup_panic=1" fi if [[ "$(dmidecode -s system-product-name)" =~ ^ProLiant.*Gen8$ ]]; then KERN_OPTS="${KERN_OPTS} intel_iommu=on,eth_no_rmrr" else KERN_OPTS="${KERN_OPTS} intel_iommu=on" fi # Add kernel option to disable biosdevname if enabled # As this may already be in GRUB_CMDLINE_LINUX, only add if it is not already present grep -q '^GRUB_CMDLINE_LINUX=.*biosdevname=0' /etc/default/grub if [ $? -ne 0 ]; then KERN_OPTS="${KERN_OPTS} biosdevname=0" fi # Add kernel options to disable kvm-intel.eptad on Broadwell # Broadwell: Model: 79, Model name: Intel(R) Xeon(R) CPU E5-2699 v4 @ 2.20GHz if grep -q -E "^model\s+:\s+79$" /proc/cpuinfo then KERN_OPTS="${KERN_OPTS} kvm-intel.eptad=0" fi # k8s updates: #KERN_OPTS="${KERN_OPTS} cgroup_disable=memory" KERN_OPTS="${KERN_OPTS} user_namespace.enable=1" # Add kernel option to avoid jiffies_lock contention on real-time kernel if [[ "$subfunction" =~ lowlatency ]]; then KERN_OPTS="${KERN_OPTS} skew_tick=1" fi # If the installer asked us to use security related kernel params, use # them in the grub line as well (until they can be configured via puppet) grep -q 'nopti' /proc/cmdline if [ $? -eq 0 ]; then KERN_OPTS="${KERN_OPTS} nopti" fi grep -q 'nospectre_v2' /proc/cmdline if [ $? -eq 0 ]; then KERN_OPTS="${KERN_OPTS} nospectre_v2" fi perl -pi -e 's/(GRUB_CMDLINE_LINUX=.*)\"/\1'"$KERN_OPTS"'\"/g' /etc/default/grub if [ -d /sys/firmware/efi ] ; then grub2-mkconfig -o /boot/efi/EFI/centos/grub.cfg else grub2-mkconfig -o /boot/grub2/grub.cfg fi %end # Template from: post_lvm_pv_on_rootfs.cfg %post --erroronfail # Source common functions . /tmp/ks-functions.sh # uncomment the global_filter line in lvm.conf perl -0777 -i.bak -pe 's:(# This configuration option has an automatic default value\.\n)\t# global_filter:$1 global_filter:m' /etc/lvm/lvm.conf # Determine which disk we created our PV on (i.e. the root disk) ROOTDISK=$(get_by_path $(pvdisplay --select 'vg_name=cgts-vg' -C -o pv_name --noheadings)) if [ -z "$ROOTDISK" ]; then report_post_failure_with_msg "ERROR: failed to identify rootdisk via pvdisplay" fi # Edit the LVM config so LVM only looks for LVs on the root disk sed -i "s#^\( *\)global_filter = \[.*#\1global_filter = [ \"a|${ROOTDISK}|\", \"r|.*|\" ]#" /etc/lvm/lvm.conf %end # Template from: post_net_common.cfg %pre --erroronfail # Source common functions . /tmp/ks-functions.sh http_port=$(get_http_port) echo "repo --name=base --baseurl=http://pxecontroller:${http_port:-8080}/feed/rel-19.12/" > /tmp/repo-include echo "repo --name=updates --baseurl=http://pxecontroller:${http_port:-8080}/updates/rel-19.12/" > /tmp/repo-include %end # Repository arguments from %pre %include /tmp/repo-include %post --erroronfail # Source common functions . /tmp/ks-functions.sh # Persist the http port to the platform configuration echo http_port=$(get_http_port) >> /etc/platform/platform.conf # Obtain the boot interface from the PXE boot BOOTIF=`cat /proc/cmdline |xargs -n1 echo |grep BOOTIF=` if [ -d /sys/firmware/efi ] ; then BOOTIF=${BOOTIF#BOOTIF=} else BOOTIF=${BOOTIF#BOOTIF=01-} BOOTIF=${BOOTIF//-/:} fi mgmt_dev=none mgmt_vlan=0 if [ -n "$BOOTIF" ] ; then ndev=`ip link show |grep -B 1 $BOOTIF |head -1 |awk '{print $2}' |sed -e 's/://'` if [ -n "$ndev" ] ; then mgmt_dev=$ndev # Retrieve the management VLAN from sysinv if it exists mgmt_vlan=`curl -sf http://pxecontroller:6385/v1/isystems/mgmtvlan` if [ $? -ne 0 ] then report_post_failure_with_msg "ERROR: Unable to communicate with System Inventory REST API. Aborting installation." fi else report_post_failure_with_msg "ERROR: Unable to determine mgmt interface from BOOTIF=$BOOTIF." fi else report_post_failure_with_msg "ERROR: BOOTIF is not set. Unable to determine mgmt interface." fi if [ $mgmt_vlan -eq 0 ] ; then # Persist the boot device to the platform configuration. This will get # overwritten later if the management_interface is on a bonded interface. echo management_interface=$mgmt_dev >> /etc/platform/platform.conf # Build networking scripts cat << EOF > /etc/sysconfig/network-scripts/ifcfg-lo DEVICE=lo IPADDR=127.0.0.1 NETMASK=255.0.0.0 NETWORK=127.0.0.0 BROADCAST=127.255.255.255 ONBOOT=yes IPV6_AUTOCONF=no NAME=loopback EOF cat << EOF > /etc/sysconfig/network-scripts/ifcfg-$mgmt_dev DEVICE=$mgmt_dev BOOTPROTO=dhcp ONBOOT=yes IPV6_AUTOCONF=no LINKDELAY=20 EOF else # Check whether to use inet or inet6 ipv6_addr=$(dig +short AAAA controller) if [[ -n "$ipv6_addr" ]] then mgmt_address_family=inet6 ipv6init=yes dhcpv6c=yes dhclientargs=-1 else mgmt_address_family=inet ipv6init=no dhcpv6c=no dhclientargs= fi # Persist the boot device to the platform configuration. This will get # overwritten later if the management_interface is on a bonded interface. echo management_interface=vlan$mgmt_vlan >> /etc/platform/platform.conf # Build networking scripts cat << EOF > /etc/sysconfig/network-scripts/ifcfg-lo DEVICE=lo IPADDR=127.0.0.1 NETMASK=255.0.0.0 NETWORK=127.0.0.0 BROADCAST=127.255.255.255 ONBOOT=yes IPV6_AUTOCONF=no NAME=loopback EOF cat << EOF > /etc/sysconfig/network-scripts/ifcfg-$mgmt_dev DEVICE=$mgmt_dev BOOTPROTO=none ONBOOT=yes IPV6_AUTOCONF=no LINKDELAY=20 EOF cat << EOF > /etc/sysconfig/network-scripts/ifcfg-vlan$mgmt_vlan DEVICE=vlan$mgmt_vlan BOOTPROTO=dhcp DHCLIENTARGS=$dhclientargs IPV6INIT=$ipv6init DHCPV6C=$dhcpv6c ONBOOT=yes IPV6_AUTOCONF=no PHYSDEV=$mgmt_dev VLAN=yes LINKDELAY=20 EOF # Reject DHCPOFFER from DHCP server that doesn't send # wrs-install-uuid option echo "require wrs-install-uuid;" >>/etc/dhcp/dhclient.conf echo "require dhcp6.wrs-install-uuid;" >>/etc/dhcp/dhclient.conf # Bring up the mgmt vlan so that a dhcp lease is acquired and an address is # setup prior to the post-install reboot. This is so that the timing of the IP # address allocation is similar to how normal/non-pxe installation works. mgmt_iface=vlan$mgmt_vlan dhclient_family=$([[ $mgmt_address_family == "inet" ]] && echo -4 || echo -6) ip link add link $mgmt_dev name $mgmt_iface type vlan id $mgmt_vlan ip link set up dev $mgmt_iface dhclient $dhclient_family $mgmt_iface || true fi %end