From 815d7f0215e7035cd23214cab1ac9c9300834bd1 Mon Sep 17 00:00:00 2001 From: Jackie Huang Date: Tue, 2 Jun 2020 21:07:55 +0800 Subject: [PATCH] platform-kickstarts: add do_deploy to deploy ks files - Add do_deploy to deploy the generated ks files so that these can be the input of anaconda build. - Change the ISO image to also use the ks files generated by platform-kickstarts so we don't need to maintain another copies of these files and remove them from conf/distro/files/ks Issue-ID: INF-149 Signed-off-by: Jackie Huang Change-Id: If6e329f76b855663edead687f87e68c5b12c3350 --- meta-stx/conf/distro/files/ks/aio_ks.cfg | 1019 ------------------ .../conf/distro/files/ks/aio_lowlatency_ks.cfg | 1018 ------------------ meta-stx/conf/distro/files/ks/controller_ks.cfg | 835 --------------- .../conf/distro/files/ks/net_controller_ks.cfg | 937 ---------------- .../conf/distro/files/ks/net_smallsystem_ks.cfg | 1121 -------------------- .../files/ks/net_smallsystem_lowlatency_ks.cfg | 1120 ------------------- meta-stx/conf/distro/files/ks/net_storage_ks.cfg | 861 --------------- meta-stx/conf/distro/files/ks/net_worker_ks.cfg | 939 ---------------- .../distro/files/ks/net_worker_lowlatency_ks.cfg | 938 ---------------- meta-stx/conf/distro/files/ks/poky_stx_aio_ks.cfg | 1078 ------------------- .../recipes-core/images/stx-image-aio-installer.bb | 24 +- .../recipes-core/stx-metal/platform-kickstarts.inc | 9 + 12 files changed, 21 insertions(+), 9878 deletions(-) delete mode 100644 meta-stx/conf/distro/files/ks/aio_ks.cfg delete mode 100644 meta-stx/conf/distro/files/ks/aio_lowlatency_ks.cfg delete mode 100644 meta-stx/conf/distro/files/ks/controller_ks.cfg delete mode 100644 meta-stx/conf/distro/files/ks/net_controller_ks.cfg delete mode 100644 meta-stx/conf/distro/files/ks/net_smallsystem_ks.cfg delete mode 100644 meta-stx/conf/distro/files/ks/net_smallsystem_lowlatency_ks.cfg delete mode 100644 meta-stx/conf/distro/files/ks/net_storage_ks.cfg delete mode 100644 meta-stx/conf/distro/files/ks/net_worker_ks.cfg delete mode 100644 meta-stx/conf/distro/files/ks/net_worker_lowlatency_ks.cfg delete mode 100644 meta-stx/conf/distro/files/ks/poky_stx_aio_ks.cfg diff --git a/meta-stx/conf/distro/files/ks/aio_ks.cfg b/meta-stx/conf/distro/files/ks/aio_ks.cfg deleted file mode 100644 index c1edfc9..0000000 --- a/meta-stx/conf/distro/files/ks/aio_ks.cfg +++ /dev/null @@ -1,1019 +0,0 @@ -# -# Copyright (c) 2019 Wind River Systems, Inc. -# SPDX-License-Identifier: Apache-2.0 -# - -%pre -# This file defines functions that can be used in %pre and %post kickstart sections, by including: -# . /tmp/ks-functions.sh -# - -cat </tmp/ks-functions.sh -# -# Copyright (c) 2019 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# - -function get_by_path() -{ - local disk=\$(cd /dev ; readlink -f \$1) - for p in /dev/disk/by-path/*; do - if [ "\$disk" = "\$(readlink -f \$p)" ]; then - echo \$p - return - fi - done -} - -function get_disk() -{ - echo \$(cd /dev ; readlink -f \$1) -} - -function report_pre_failure_with_msg() -{ - local msg=\$1 - echo -e '\n\nInstallation failed.\n' - echo "\$msg" - - exit 1 -} - -function report_post_failure_with_msg() -{ - local msg=\$1 - cat <> /etc/motd - -Installation failed. -\$msg - -EOF - echo "\$msg" >/etc/platform/installation_failed - - echo -e '\n\nInstallation failed.\n' - echo "\$msg" - - exit 1 -} - -function report_post_failure_with_logfile() -{ - local logfile=\$1 - cat <> /etc/motd - -Installation failed. -Please see \$logfile for details of failure - -EOF - echo \$logfile >/etc/platform/installation_failed - - echo -e '\n\nInstallation failed.\n' - cat \$logfile - - exit 1 -} - -function get_http_port() -{ - echo \$(cat /proc/cmdline |xargs -n1 echo |grep '^inst.repo=' | sed -r 's#^[^/]*://[^/]*:([0-9]*)/.*#\1#') -} - -END_FUNCTIONS - -%end - -%post -# This file defines functions that can be used in %pre and %post kickstart sections, by including: -# . /tmp/ks-functions.sh -# - -cat </tmp/ks-functions.sh -# -# Copyright (c) 2019 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# - -function get_by_path() -{ - local disk=\$(cd /dev ; readlink -f \$1) - for p in /dev/disk/by-path/*; do - if [ "\$disk" = "\$(readlink -f \$p)" ]; then - echo \$p - return - fi - done -} - -function get_disk() -{ - echo \$(cd /dev ; readlink -f \$1) -} - -function report_pre_failure_with_msg() -{ - local msg=\$1 - echo -e '\n\nInstallation failed.\n' - echo "\$msg" - - exit 1 -} - -function report_post_failure_with_msg() -{ - local msg=\$1 - cat <> /etc/motd - -Installation failed. -\$msg - -EOF - echo "\$msg" >/etc/platform/installation_failed - - echo -e '\n\nInstallation failed.\n' - echo "\$msg" - - exit 1 -} - -function report_post_failure_with_logfile() -{ - local logfile=\$1 - cat <> /etc/motd - -Installation failed. -Please see \$logfile for details of failure - -EOF - echo \$logfile >/etc/platform/installation_failed - - echo -e '\n\nInstallation failed.\n' - cat \$logfile - - exit 1 -} - -function get_http_port() -{ - echo \$(cat /proc/cmdline |xargs -n1 echo |grep '^inst.repo=' | sed -r 's#^[^/]*://[^/]*:([0-9]*)/.*#\1#') -} - -END_FUNCTIONS - -%end - - -# Template from: pre_common_head.cfg -%pre --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -# First, parse /proc/cmdline to find the boot args -set -- `cat /proc/cmdline` -for I in $*; do case "$I" in *=*) eval $I 2>/dev/null;; esac; done - -append= -if [ -n "$console" ] ; then - append="console=$console" -fi - -if [ -n "$security_profile" ]; then - append="$append security_profile=$security_profile" -fi - -#### SECURITY PROFILE HANDLING (Pre Installation) #### -if [ -n "$security_profile" ] && [ "$security_profile" == "extended" ]; then - # IMA specific boot options: - # Enable Kernel auditing - append="$append audit=1" -else - # we need to blacklist the IMA and Integrity Modules - # on standard security profile - append="$append module_blacklist=integrity,ima" - - # Disable Kernel auditing in Standard Security Profile mode - append="$append audit=0" -fi - -if [ -n "$tboot" ]; then - append="$append tboot=$tboot" -else - append="$append tboot=false" -fi - -boot_device_arg= -if [ -n "$boot_device" ] ; then - boot_device_arg="--boot-drive=$(get_by_path $boot_device)" -fi - -echo "bootloader --location=mbr $boot_device_arg --timeout=5 --append=\"$append\"" > /tmp/bootloader-include - -echo "timezone --nontp --utc UTC" >/tmp/timezone-include -%end - -#version=DEVEL -install -lang en_US.UTF-8 -keyboard us -%include /tmp/timezone-include -# set to 'x' so we can use shadow password -rootpw --iscrypted x -selinux --disabled -authconfig --enableshadow --passalgo=sha512 -firewall --service=ssh - -# The following is the partition information you requested -# Note that any partitions you deleted are not expressed -# here so unless you clear all partitions first, this is -# not guaranteed to work -zerombr - -# Disk layout from %pre -%include /tmp/part-include -# Bootloader parms from %pre -%include /tmp/bootloader-include - -reboot --eject - - -# Template from: pre_pkglist.cfg -%packages -@core -@base --kernel-module-igb-uio-rt --kernel-module-wrs-avp-rt --kernel-rt --kernel-rt-kvm --kernel-rt-tools --kernel-rt-tools-libs --kmod-drbd-rt --kmod-e1000e-rt --kmod-i40e-rt --kmod-ixgbe-rt --kmod-tpm-rt --mlnx-ofa_kernel --mlnx-ofa_kernel-rt --mlnx-ofa_kernel-rt-modules --qat16-rt -@platform-controller-worker -@updates-controller-worker -%end - - -# Template from: pre_disk_setup_common.cfg -%pre --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -# This is a really fancy way of finding the first usable disk for the -# install and not stomping on the USB device if it comes up first - -# First, parse /proc/cmdline to find the boot args -set -- `cat /proc/cmdline` -for I in $*; do case "$I" in *=*) eval $I 2>/dev/null;; esac; done - -# Find either the ISO or USB device first chopping off partition -ISO_DEV=`readlink /dev/disk/by-label/oe_iso_boot` -sdev=`echo $ISO_DEV | sed -e 's/.$//'` -if [ -e /dev/disk/by-label/$sdev ] ; then - ISO_DEV=$sdev -fi -USB_DEV=`readlink /dev/disk/by-label/wr_usb_boot` -sdev=`echo $USB_DEV | sed -e 's/.$//'` -if [ -e /dev/disk/by-label/$sdev ] ; then - USB_DEV=$sdev -fi - -# Temporary, until lab pxelinux.cfg files are updated to specify install devices -if [ -z "$rootfs_device" -o -z "$boot_device" ] -then - INST_HDD="" - # Prefer a vd* device if this is kvm/qemu - for e in vda vdb sda sdb nvme0n1; do - if [ -e /dev/$e -a "$ISO_DEV" != "../../$e" -a "$USB_DEV" != "../../$e" ] ; then - INST_HDD=$e - break - fi - done - - # Set variables to $INST_HDD if not set - rootfs_device=${rootfs_device:-$INST_HDD} - boot_device=${boot_device:-$INST_HDD} -fi - -# Convert to by-path -orig_rootfs_device=$rootfs_device -rootfs_device=$(get_by_path $rootfs_device) - -orig_boot_device=$boot_device -boot_device=$(get_by_path $boot_device) - -if [ ! -e "$rootfs_device" -o ! -e "$boot_device" ] ; then - # Touch this file to prevent Anaconda from dying an ungraceful death - touch /tmp/part-include - - report_pre_failure_with_msg "ERROR: Specified installation ($orig_rootfs_device) or boot ($orig_boot_device) device is invalid." -fi - -# Ensure specified device is not a USB drive -udevadm info --query=property --name=$rootfs_device |grep -q '^ID_BUS=usb' || \ - udevadm info --query=property --name=$boot_device |grep -q '^ID_BUS=usb' -if [ $? -eq 0 ]; then - # Touch this file to prevent Anaconda from dying an ungraceful death - touch /tmp/part-include - - report_pre_failure_with_msg "ERROR: Specified installation ($orig_rootfs_device) or boot ($orig_boot_device) device is a USB drive." -fi - -# Deactivate existing volume groups to avoid Anaconda issues with pre-existing groups -vgs --noheadings -o vg_name | xargs --no-run-if-empty -n 1 vgchange -an - -# Remove volumes and group for cgts-vg, if any -lvremove --force cgts-vg -pvs --select 'vg_name=cgts-vg' --noheadings -o pv_name | xargs --no-run-if-empty pvremove --force --force --yes -vgs --select 'vg_name=cgts-vg' --noheadings -o vg_name | xargs --no-run-if-empty vgremove --force - -ONLYUSE_HDD="" -if [ "$(curl -sf http://pxecontroller:6385/v1/upgrade/$(hostname)/in_upgrade 2>/dev/null)" = "true" ]; then - # In an upgrade, only wipe the disk with the rootfs and boot partition - echo "In upgrade, wiping only $rootfs_device" - WIPE_HDD="$(get_disk $rootfs_device)" - ONLYUSE_HDD="$(basename $(get_disk $rootfs_device))" - if [ "$(get_disk $rootfs_device)" != "$(get_disk $boot_device)" ]; then - WIPE_HDD="$WIPE_HDD,$(get_disk $boot_device)" - ONLYUSE_HDD="$ONLYUSE_HDD,$(basename $(get_disk $boot_device))" - fi -else - # Make a list of all the hard drives that are to be wiped - WIPE_HDD="" - # Partition type OSD has a unique globally identifier - part_type_guid_str="Partition GUID code" - CEPH_OSD_GUID="4FBD7E29-9D25-41B8-AFD0-062C0CEFF05D" - - # Check if we wipe OSDs - if [ "$(curl -sf http://pxecontroller:6385/v1/ihosts/wipe_osds 2>/dev/null)" = "true" ]; then - echo "Wipe OSD data." - WIPE_CEPH_OSDS="true" - else - echo "Skip Ceph OSD data wipe." - WIPE_CEPH_OSDS="false" - fi - - for f in /dev/disk/by-path/* - do - dev=$(readlink -f $f) - lsblk --nodeps --pairs $dev | grep -q 'TYPE="disk"' - if [ $? -ne 0 ] - then - continue - fi - - # Avoid wiping USB drives - udevadm info --query=property --name=$dev |grep -q '^ID_BUS=usb' && continue - - # Avoid wiping ceph osds if sysinv tells us so - if [ ${WIPE_CEPH_OSDS} == "false" ]; then - wipe_dev="true" - part_numbers=( `parted -s $dev print | awk '$1 == "Number" {i=1; next}; i {print $1}'` ) - # Scanning the partitions looking for CEPH OSDs and - # skipping any disk found with such partitions - for part_number in "${part_numbers[@]}"; do - sgdisk_part_info=$(flock $dev sgdisk -i $part_number $dev) - part_type_guid=$(echo "$sgdisk_part_info" | grep "$part_type_guid_str" | awk '{print $4;}') - if [ "$part_type_guid" == $CEPH_OSD_GUID ]; then - echo "OSD found on $dev, skipping wipe" - wipe_dev="false" - break - fi - done - if [ "$wipe_dev" == "false" ]; then - continue - fi - fi - - # Add device to the wipe list - devname=$(basename $dev) - if [ -e $dev -a "$ISO_DEV" != "../../$devname" -a "$USB_DEV" != "../../$devname" ]; then - if [ -n "$WIPE_HDD" ]; then - WIPE_HDD=$WIPE_HDD,$dev - else - WIPE_HDD=$dev - fi - fi - done - echo "Not in upgrade, wiping disks: $WIPE_HDD" -fi - -for dev in ${WIPE_HDD//,/ } -do - # Clearing previous GPT tables or LVM data - # Delete the first few bytes at the start and end of the partition. This is required with - # GPT partitions, they save partition info at the start and the end of the block. - # Do this for each partition on the disk, as well. - partitions=$(lsblk -rip $dev -o TYPE,NAME |awk '$1 == "part" {print $2}') - for p in $partitions $dev - do - echo "Pre-wiping $p from kickstart" - dd if=/dev/zero of=$p bs=512 count=34 - dd if=/dev/zero of=$p bs=512 count=34 seek=$((`blockdev --getsz $p` - 34)) - done -done - -# Check for remaining cgts-vg PVs, which could potentially happen -# in an upgrade where we're not wiping all disks. -# If we ever create other volume groups from kickstart in the future, -# include them in this search as well. -partitions=$(pvs --select 'vg_name=cgts-vg' -o pv_name --noheading | grep -v '\[unknown\]') -for p in $partitions -do - echo "Pre-wiping $p from kickstart (cgts-vg present)" - dd if=/dev/zero of=$p bs=512 count=34 - dd if=/dev/zero of=$p bs=512 count=34 seek=$((`blockdev --getsz $p` - 34)) -done - -let -i gb=1024*1024*1024 - -cat</tmp/part-include -clearpart --all --drives=$WIPE_HDD --initlabel -EOF - -if [ -n "$ONLYUSE_HDD" ]; then - cat<>/tmp/part-include -ignoredisk --only-use=$ONLYUSE_HDD -EOF -fi - -if [ -d /sys/firmware/efi ] ; then - cat<>/tmp/part-include -part /boot/efi --fstype=efi --size=300 --ondrive=$(get_disk $boot_device) -EOF -else - cat<>/tmp/part-include -part biosboot --asprimary --fstype=biosboot --size=1 --ondrive=$(get_disk $boot_device) -EOF -fi - - -# Template from: pre_disk_aio.cfg - -## NOTE: updates to partition sizes need to be also reflected in -## - stx-config/.../sysinv/conductor/manager.py:create_controller_filesystems() -## - stx-config/.../sysinv/common/constants.py -## -## NOTE: When adding partitions, we currently have a max of 4 primary partitions. -## If more than 4 partitions are required, we can use a max of 3 --asprimary, -## to allow 1 primary logical partition with extended partitions -## -## NOTE: Max default PV size must align with the default controllerfs sizes -## -## BACKUP_OVERHEAD = 20 -## -## Physical install (for disks over 240GB) -## - DB size is doubled to allow for upgrades -## -## DEFAULT_IMAGE_STOR_SIZE = 10 -## DEFAULT_DATABASE_STOR_SIZE = 20 -## DEFAULT_IMG_CONVERSION_STOR_SIZE = 20 -## BACKUP = DEFAULT_DATABASE_STOR_SIZE + DEFAULT_IMAGE_STOR_SIZE -## + BACKUP_OVERHEAD = 50 -## LOG_VOL_SIZE = 8192 -## SCRATCH_VOL_SIZE = 8192 -## RABBIT = 2048 -## PLATFORM = 2048 -## ANCHOR = 1024 -## EXTENSION = 1024 -## GNOCCHI = 5120 -## DOCKER = 30720 -## DOCKER_DIST = 16384 -## ETCD = 5120 -## CEPH_MON = 20480 -## KUBELET_VOL_SIZE = 10240 -## RESERVED_PE = 16 (based on pesize=32768) -## -## CGCS_PV_SIZE = 10240 + 2*20480 + 20480 + 51200 + 8196 + 8196 + 2048 + -## 2048 + 1024 + 1024 + 5120 + 30720 + 16384 + 5120 + -## 20480 + 10240 + 16 = 233496 -## -## small install - (for disks below 240GB) -## - DB size is doubled to allow for upgrades -## -## DEFAULT_SMALL_IMAGE_STOR_SIZE = 10 -## DEFAULT_SMALL_DATABASE_STOR_SIZE = 10 -## DEFAULT_SMALL_IMG_CONVERSION_STOR_SIZE = 10 -## DEFAULT_SMALL_BACKUP_STOR_SIZE = 40 -## -## LOG_VOL_SIZE = 8192 -## SCRATCH_VOL_SIZE = 8192 -## RABBIT = 2048 -## PLATFORM = 2048 -## ANCHOR = 1024 -## EXTENSION = 1024 -## GNOCCHI = 5120 -## DOCKER = 30720 -## DOCKER_DIST = 16384 -## ETCD = 5120 -## CEPH_MON = 20480 -## KUBELET_VOL_SIZE = 10240 -## RESERVED_PE = 16 (based on pesize=32768) -## -## -## CGCS_PV_SIZE = 10240 + 2*10240 + 10240 + 40960 + 8192 + 8192 + 2048 + -## 2048 + 1024 + 1024 + 5120 + 30720 + 16384 + 5120 + -## 20480 + 10240 + 16 = 192528 -## -## NOTE: To maintain upgrade compatability within the volume group, keep the -## undersized LOG_VOL_SIZE and SCRATCH_VOL_SIZE, but size the minimally size -## physical volume correctly. -## -## R4 AIO installations: -## - R4 (case #1): /boot (0.5G), / (20G), -## cgts-vg PV (239G), /local_pv (239G) -## - R4 (case #2): /boot (0.5G), / (20G), -## cgts-vg PV (239G), cgts-vg (239G) -## -## Upgrade migration will start with R5 install and create a partition to align -## above so filesystems within the volume group will be able to maintain their -## sizes in R5 -## - R5 install : /boot (0.5G), / (20G), -## cgts-vg PV (142G), un-partitioned (336G) -## - R5 (case #1): /boot (0.5G), / (20G), -## cgts-vg PV (142G), cgts-vg PV (97G), unpartitioned (239G) -## - R5 (case #2): /boot (0.5G), / (20G), -## cgts-vg PV (142G), cgts-vg PV (336G) -## - -sz=$(blockdev --getsize64 $(get_disk $rootfs_device)) -if [ $sz -le $((240*$gb)) ] ; then - # Round CGCS_PV_SIZE to the closest upper value that can be divided by 1024. - # 192528/1024=188.01. CGCS_PV_SIZE=189*1024=193536. Using a disk with a - # size under 189GiB will fail. - CGCS_PV_SIZE=193536 -else - # Round CGCS_PV_SIZE to the closest upper value that can be divided by 1024. - # 233496/1024=228.02. CGCS_PV_SIZE=229*1024=234496. - CGCS_PV_SIZE=234496 -fi - -ROOTFS_SIZE=20000 -LOG_VOL_SIZE=8000 -SCRATCH_VOL_SIZE=8000 - -ROOTFS_OPTIONS="defaults" -profile_mode=`cat /proc/cmdline |xargs -n1 echo |grep security_profile= | grep extended` -if [ -n "$profile_mode" ]; then - # Enable iversion labelling for rootfs when IMA is enabled - ROOTFS_OPTIONS="${ROOTFS_OPTIONS},iversion" -fi - -cat<>/tmp/part-include -part /boot --fstype=ext4 --asprimary --size=500 --ondrive=$(get_disk $rootfs_device) --fsoptions="$ROOTFS_OPTIONS" -part pv.253004 --grow --size=500 --maxsize=$CGCS_PV_SIZE --ondrive=$(get_disk $rootfs_device) -volgroup cgts-vg --pesize=32768 pv.253004 -logvol /var/log --fstype=ext4 --vgname=cgts-vg --size=$LOG_VOL_SIZE --name=log-lv -logvol /scratch --fstype=ext4 --vgname=cgts-vg --size=$SCRATCH_VOL_SIZE --name=scratch-lv -part / --fstype=ext4 --asprimary --size=$ROOTFS_SIZE --ondrive=$(get_disk $rootfs_device) --fsoptions="$ROOTFS_OPTIONS" -EOF - -%end - - -# Template from: post_platform_conf_aio.cfg -%post --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -# Set the security profile mode -secprofile="standard" -profile_mode=`cat /proc/cmdline |xargs -n1 echo |grep security_profile= | grep extended` -if [ -n "$profile_mode" ]; then - secprofile="extended" -fi - -mkdir -p -m 0775 /etc/platform -cat < /etc/platform/platform.conf -nodetype=controller -subfunction=controller,worker -system_type=All-in-one -security_profile=$secprofile -EOF - -%end - - -# Template from: post_common.cfg -%post --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -# Turn off locale support for i18n if is not installed -if [ ! -d /usr/share/i18n ] ; then - rm -f /etc/sysconfig/i18n -fi -# Unset the hostname -rm /etc/hostname - -# If using a serial install make sure to add a getty on the tty1 -conarg=`cat /proc/cmdline |xargs -n1 echo |grep console= |grep ttyS` -if [ -n "$conarg" ] ; then - echo "1:2345:respawn:/sbin/mingetty tty1" >> /etc/inittab -fi - -#### SECURITY PROFILE HANDLING (Post Installation) #### -# Check if the Security profile mode is enabled -# and load the appropriate kernel modules -secprofile=`cat /proc/cmdline |xargs -n1 echo |grep security_profile= | grep extended` -if [ -n "$secprofile" ]; then - echo "In Extended Security profile mode. Loading IMA kernel module" - systemctl enable auditd.service - # Add the securityfs mount for the IMA Runtime measurement list - echo "securityfs /sys/kernel/security securityfs defaults,nodev 0 0" >> /etc/fstab -else - # Disable audit daemon in the Standard Security Profile - systemctl disable auditd -fi - -. /etc/platform/platform.conf -# Configure smart package manager channels -rm -rf /var/lib/smart -mkdir /var/lib/smart -/usr/bin/smart channel -y \ - --add rpmdb type=rpm-sys name="RPM Database" -/usr/bin/smart channel -y \ - --add base type=rpm-md name="Base" baseurl=http://controller:${http_port:-8080}/feed/rel-19.12 -/usr/bin/smart channel -y \ - --add updates type=rpm-md name="Patches" baseurl=http://controller:${http_port:-8080}/updates/rel-19.12 - -# Configure smart to use rpm --nolinktos option -/usr/bin/smart config --set rpm-nolinktos=true - -# Configure smart to use rpm --nosignature option -/usr/bin/smart config --set rpm-check-signatures=false - -# Delete the CentOS yum repo files -rm -f /etc/yum.repos.d/CentOS-* - -# Persist the boot device naming as UDEV rules so that if the network device -# order changes post-install that we will still be able to DHCP from the -# correct interface to reach the active controller. For most nodes only the -# management/boot interface needs to be persisted but because we require both -# controllers to be identically configured and controller-0 and controller-1 -# are installed differently (e.g., controller-0 from USB and controller-1 from -# network) it is not possible to know which interface to persist for -# controller-0. The simplest solution is to persist all interfaces. -# -mkdir -p /etc/udev/rules.d -echo "# Persisted network interfaces from anaconda installer" > /etc/udev/rules.d/70-persistent-net.rules -for dir in /sys/class/net/*; do - if [ -e ${dir}/device ]; then - dev=$(basename ${dir}) - mac_address=$(cat /sys/class/net/${dev}/address) - echo "ACTION==\"add\", SUBSYSTEM==\"net\", DRIVERS==\"?*\", ATTR{address}==\"${mac_address}\", NAME=\"${dev}\"" >> /etc/udev/rules.d/70-persistent-net.rules - fi -done - -# Mark the sysadmin password as expired immediately -chage -d 0 sysadmin - -# Lock the root password -passwd -l root - -# Enable tmpfs mount for /tmp -# delete /var/tmp so that it can similinked in -rm -rf /var/tmp -systemctl enable tmp.mount - -# Disable automount of /dev/hugepages -systemctl mask dev-hugepages.mount - -# Disable firewall -systemctl disable firewalld - -# Disable libvirtd -systemctl disable libvirtd.service - -# Enable rsyncd -systemctl enable rsyncd.service - -# Allow root to run sudo from a non-tty (for scripts running as root that run sudo cmds) -echo 'Defaults:root !requiretty' > /etc/sudoers.d/root - -# Make fstab just root read/writable -chmod 600 /etc/fstab - -# Create first_boot flag -touch /etc/platform/.first_boot - -%end - -# Template from: post_kernel_aio_and_worker.cfg -%post --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -# Source the generated platform.conf -. /etc/platform/platform.conf - -# Update grub with custom kernel bootargs -source /etc/init.d/cpumap_functions.sh -n_cpus=$(cat /proc/cpuinfo 2>/dev/null | \ - awk '/^[pP]rocessor/ { n +=1 } END { print (n>0) ? n : 1}') -n_numa=$(ls -d /sys/devices/system/node/node* 2>/dev/null | wc -l) -KERN_OPTS=" iommu=pt usbcore.autosuspend=-1" - -KERN_OPTS="${KERN_OPTS} hugepagesz=2M hugepages=0 default_hugepagesz=2M" - -# If this is an all-in-one system, we need at least 4 CPUs -if [ "$system_type" = "All-in-one" -a ${n_cpus} -lt 4 ]; then - report_post_failure_with_msg "ERROR: At least 4 CPUs are required for controller+worker node." -fi - -# Add kernel options for cpu isolation / affinity -if [ ${n_cpus} -gt 1 ] -then - base_cpulist=$(platform_expanded_cpu_list) - base_cpumap=$(cpulist_to_cpumap ${base_cpulist} ${n_cpus}) - avp_cpulist=$(vswitch_expanded_cpu_list) - norcu_cpumap=$(invert_cpumap ${base_cpumap} ${n_cpus}) - norcu_cpulist=$(cpumap_to_cpulist ${norcu_cpumap} ${n_cpus}) - - if [[ "$subfunction" =~ lowlatency ]]; then - KERN_OPTS="${KERN_OPTS} isolcpus=${norcu_cpulist}" - KERN_OPTS="${KERN_OPTS} nohz_full=${norcu_cpulist}" - else - KERN_OPTS="${KERN_OPTS} isolcpus=${avp_cpulist}" - fi - KERN_OPTS="${KERN_OPTS} rcu_nocbs=${norcu_cpulist}" - KERN_OPTS="${KERN_OPTS} kthread_cpus=${base_cpulist}" - KERN_OPTS="${KERN_OPTS} irqaffinity=${base_cpulist}" - # Update vswitch.conf - sed -i "s/^VSWITCH_CPU_LIST=.*/VSWITCH_CPU_LIST=\"${avp_cpulist}\"/" /etc/vswitch/vswitch.conf -fi - -# Add kernel options to ensure an selinux is disabled -KERN_OPTS="${KERN_OPTS} selinux=0 enforcing=0" - -# Add kernel options to set NMI watchdog -if [[ "$subfunction" =~ lowlatency ]]; then - KERN_OPTS="${KERN_OPTS} nmi_watchdog=0 softlockup_panic=0" -else - KERN_OPTS="${KERN_OPTS} nmi_watchdog=panic,1 softlockup_panic=1" -fi - -if [[ "$(dmidecode -s system-product-name)" =~ ^ProLiant.*Gen8$ ]]; then - KERN_OPTS="${KERN_OPTS} intel_iommu=on,eth_no_rmrr" -else - KERN_OPTS="${KERN_OPTS} intel_iommu=on" -fi - -# Add kernel option to disable biosdevname if enabled -# As this may already be in GRUB_CMDLINE_LINUX, only add if it is not already present -grep -q '^GRUB_CMDLINE_LINUX=.*biosdevname=0' /etc/default/grub -if [ $? -ne 0 ]; then - KERN_OPTS="${KERN_OPTS} biosdevname=0" -fi - -# Add kernel options to disable kvm-intel.eptad on Broadwell -# Broadwell: Model: 79, Model name: Intel(R) Xeon(R) CPU E5-2699 v4 @ 2.20GHz -if grep -q -E "^model\s+:\s+79$" /proc/cpuinfo -then - KERN_OPTS="${KERN_OPTS} kvm-intel.eptad=0" -fi - -# k8s updates: -#KERN_OPTS="${KERN_OPTS} cgroup_disable=memory" -KERN_OPTS="${KERN_OPTS} user_namespace.enable=1" - -# Add kernel option to avoid jiffies_lock contention on real-time kernel -if [[ "$subfunction" =~ lowlatency ]]; then - KERN_OPTS="${KERN_OPTS} skew_tick=1" -fi - -# If the installer asked us to use security related kernel params, use -# them in the grub line as well (until they can be configured via puppet) -grep -q 'nopti' /proc/cmdline -if [ $? -eq 0 ]; then - KERN_OPTS="${KERN_OPTS} nopti" -fi -grep -q 'nospectre_v2' /proc/cmdline -if [ $? -eq 0 ]; then - KERN_OPTS="${KERN_OPTS} nospectre_v2" -fi - -perl -pi -e 's/(GRUB_CMDLINE_LINUX=.*)\"/\1'"$KERN_OPTS"'\"/g' /etc/default/grub - -if [ -d /sys/firmware/efi ] ; then - grub2-mkconfig -o /boot/efi/EFI/centos/grub.cfg -else - grub2-mkconfig -o /boot/grub2/grub.cfg -fi - -%end - - -# Template from: post_lvm_pv_on_rootfs.cfg -%post --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -# uncomment the global_filter line in lvm.conf -perl -0777 -i.bak -pe 's:(# This configuration option has an automatic default value\.\n)\t# global_filter:$1 global_filter:m' /etc/lvm/lvm.conf - -# Determine which disk we created our PV on (i.e. the root disk) -ROOTDISK=$(get_by_path $(pvdisplay --select 'vg_name=cgts-vg' -C -o pv_name --noheadings)) -if [ -z "$ROOTDISK" ]; then - report_post_failure_with_msg "ERROR: failed to identify rootdisk via pvdisplay" -fi -# Edit the LVM config so LVM only looks for LVs on the root disk -sed -i "s#^\( *\)global_filter = \[.*#\1global_filter = [ \"a|${ROOTDISK}|\", \"r|.*|\" ]#" /etc/lvm/lvm.conf -%end - - -# Template from: post_system_aio.cfg -%post --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -# Source the generated platform.conf -. /etc/platform/platform.conf - -## Reserve more memory for base processes since the controller has higher -## memory requirements but cap it to better handle systems with large -## amounts of memory -TOTALMEM=$(grep MemTotal /proc/meminfo | awk '{print int($2/1024)}') - -if [ -e /sys/devices/system/node/node0 ]; then - RESERVEDMEM=$(grep MemTotal /sys/devices/system/node/node0/meminfo | awk '{printf "%d\n", $4/1024}') -else - RESERVEDMEM=$(grep MemTotal /proc/meminfo | awk '{print int($2/1024/4)}') -fi - -if [ ${RESERVEDMEM} -lt 6144 ]; then - RESERVEDMEM=6144 -elif [ ${RESERVEDMEM} -gt 14500 ]; then - RESERVEDMEM=14500 -elif [ ${RESERVEDMEM} -gt 8192 ]; then - RESERVEDMEM=8192 -fi - -sed -i -e "s#\(WORKER_BASE_RESERVED\)=.*#\1=(\"node0:${RESERVEDMEM}MB:1\" \"node1:2000MB:0\" \"node2:2000MB:0\" \"node3:2000MB:0\")#g" /etc/platform/worker_reserved.conf - -# Update WORKER_CPU_LIST -N_CPUS=$(cat /proc/cpuinfo 2>/dev/null | awk '/^[pP]rocessor/ { n +=1 } END { print (n>0) ? n : 1}') -sed -i "s/^WORKER_CPU_LIST=.*/WORKER_CPU_LIST=\"0-$((N_CPUS-1))\"/" /etc/platform/worker_reserved.conf - -%end - - -# Template from: post_usb_controller.cfg -%pre --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -if [ -d /mnt/install/source ]; then - srcdir=/mnt/install/source -else - srcdir=/run/install/repo -fi - -touch /tmp/repo-include - -if [ -d ${srcdir}/patches ]; then - echo "repo --name=updates --baseurl=file://${srcdir}/patches/" > /tmp/repo-include -fi - -%end - -# Repository arguments from %pre -%include /tmp/repo-include - -%post --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -mgmt_dev=none - -# Persist the boot device to the platform configuration. This will get -# overwritten when config_controller is run. -echo management_interface=$mgmt_dev >> /etc/platform/platform.conf - -# persist the default http port number to platform configuration. This -# will get overwritten when config_controller is run. -echo http_port=8080 >> /etc/platform/platform.conf - -# Build networking scripts -cat << EOF > /etc/sysconfig/network-scripts/ifcfg-lo -DEVICE=lo -IPADDR=127.0.0.1 -NETMASK=255.0.0.0 -NETWORK=127.0.0.0 -BROADCAST=127.255.255.255 -ONBOOT=yes -IPV6_AUTOCONF=no -NAME=loopback -EOF - -%end - - -# Note, this section is different and replaced with a wget -# if doing the initial install off the network -%post --nochroot -if [ -d /mnt/install/source ]; then - srcdir=/mnt/install/source -else - srcdir=/run/install/repo -fi - -if [ -d $srcdir/Packages ] ; then - mkdir -p /mnt/sysimage/www/pages/feed/rel-19.12 - cp -r $srcdir/Packages /mnt/sysimage/www/pages/feed/rel-19.12/Packages - cp -r $srcdir/repodata /mnt/sysimage/www/pages/feed/rel-19.12/repodata - cp $srcdir/*.cfg /mnt/sysimage/www/pages/feed/rel-19.12 -fi - -if [ -d $srcdir/patches ]; then - mkdir -p /mnt/sysimage/www/pages/updates/rel-19.12 - cp -r $srcdir/patches/Packages /mnt/sysimage/www/pages/updates/rel-19.12/Packages - cp -r $srcdir/patches/repodata /mnt/sysimage/www/pages/updates/rel-19.12/repodata - mkdir -p /mnt/sysimage/opt/patching - cp -r $srcdir/patches/metadata /mnt/sysimage/opt/patching/metadata - mkdir -p /mnt/sysimage/opt/patching/packages/19.12 - - find /mnt/sysimage/www/pages/updates/rel-19.12/Packages -name '*.rpm' \ - | xargs --no-run-if-empty -I files cp --preserve=all files /mnt/sysimage/opt/patching/packages/19.12/ -fi - -# Create a uuid specific to this installation -INSTALL_UUID=`uuidgen` -echo $INSTALL_UUID > /mnt/sysimage/www/pages/feed/rel-19.12/install_uuid -echo "INSTALL_UUID=$INSTALL_UUID" >> /mnt/sysimage/etc/platform/platform.conf -%end - -%post - -# This is a USB install, so set ONBOOT=yes for network devices. -# Doing this in the %post so we don't unintentionally setup a -# network device during the installation. -for f in /etc/sysconfig/network-scripts/ifcfg-*; do - if grep -q '^ONBOOT=' ${f}; then - sed -i 's/^ONBOOT=.*/ONBOOT=yes/' ${f} - else - echo "ONBOOT=yes" >> ${f} - fi - if grep -q '^IPV6_AUTOCONF=' ${f}; then - sed -i 's/^IPV6_AUTOCONF=.*/IPV6_AUTOCONF=no/' ${f} - else - echo "IPV6_AUTOCONF=no" >> ${f} - fi -done - -%end - - -# Template from: post_usb_addon.cfg -%pre --erroronfail -if [ -d /mnt/install/source ]; then - srcdir=/mnt/install/source -else - srcdir=/run/install/repo -fi - -if [ -f ${srcdir}/ks-addon.cfg ]; then - cp ${srcdir}/ks-addon.cfg /tmp/ -else - cat < /tmp/ks-addon.cfg -# No custom addon included -EOF -fi -%end - -%post --nochroot -if [ -d /mnt/install/source ]; then - srcdir=/mnt/install/source -else - srcdir=/run/install/repo -fi - -# Store the ks-addon.cfg for debugging -mkdir -p /mnt/sysimage/var/log/anaconda -cp /tmp/ks-addon.cfg /mnt/sysimage/var/log/anaconda/ -%end - -%post --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -%include /tmp/ks-addon.cfg - -%end diff --git a/meta-stx/conf/distro/files/ks/aio_lowlatency_ks.cfg b/meta-stx/conf/distro/files/ks/aio_lowlatency_ks.cfg deleted file mode 100644 index 9b2c0e4..0000000 --- a/meta-stx/conf/distro/files/ks/aio_lowlatency_ks.cfg +++ /dev/null @@ -1,1018 +0,0 @@ -# -# Copyright (c) 2019 Wind River Systems, Inc. -# SPDX-License-Identifier: Apache-2.0 -# - -%pre -# This file defines functions that can be used in %pre and %post kickstart sections, by including: -# . /tmp/ks-functions.sh -# - -cat </tmp/ks-functions.sh -# -# Copyright (c) 2019 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# - -function get_by_path() -{ - local disk=\$(cd /dev ; readlink -f \$1) - for p in /dev/disk/by-path/*; do - if [ "\$disk" = "\$(readlink -f \$p)" ]; then - echo \$p - return - fi - done -} - -function get_disk() -{ - echo \$(cd /dev ; readlink -f \$1) -} - -function report_pre_failure_with_msg() -{ - local msg=\$1 - echo -e '\n\nInstallation failed.\n' - echo "\$msg" - - exit 1 -} - -function report_post_failure_with_msg() -{ - local msg=\$1 - cat <> /etc/motd - -Installation failed. -\$msg - -EOF - echo "\$msg" >/etc/platform/installation_failed - - echo -e '\n\nInstallation failed.\n' - echo "\$msg" - - exit 1 -} - -function report_post_failure_with_logfile() -{ - local logfile=\$1 - cat <> /etc/motd - -Installation failed. -Please see \$logfile for details of failure - -EOF - echo \$logfile >/etc/platform/installation_failed - - echo -e '\n\nInstallation failed.\n' - cat \$logfile - - exit 1 -} - -function get_http_port() -{ - echo \$(cat /proc/cmdline |xargs -n1 echo |grep '^inst.repo=' | sed -r 's#^[^/]*://[^/]*:([0-9]*)/.*#\1#') -} - -END_FUNCTIONS - -%end - -%post -# This file defines functions that can be used in %pre and %post kickstart sections, by including: -# . /tmp/ks-functions.sh -# - -cat </tmp/ks-functions.sh -# -# Copyright (c) 2019 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# - -function get_by_path() -{ - local disk=\$(cd /dev ; readlink -f \$1) - for p in /dev/disk/by-path/*; do - if [ "\$disk" = "\$(readlink -f \$p)" ]; then - echo \$p - return - fi - done -} - -function get_disk() -{ - echo \$(cd /dev ; readlink -f \$1) -} - -function report_pre_failure_with_msg() -{ - local msg=\$1 - echo -e '\n\nInstallation failed.\n' - echo "\$msg" - - exit 1 -} - -function report_post_failure_with_msg() -{ - local msg=\$1 - cat <> /etc/motd - -Installation failed. -\$msg - -EOF - echo "\$msg" >/etc/platform/installation_failed - - echo -e '\n\nInstallation failed.\n' - echo "\$msg" - - exit 1 -} - -function report_post_failure_with_logfile() -{ - local logfile=\$1 - cat <> /etc/motd - -Installation failed. -Please see \$logfile for details of failure - -EOF - echo \$logfile >/etc/platform/installation_failed - - echo -e '\n\nInstallation failed.\n' - cat \$logfile - - exit 1 -} - -function get_http_port() -{ - echo \$(cat /proc/cmdline |xargs -n1 echo |grep '^inst.repo=' | sed -r 's#^[^/]*://[^/]*:([0-9]*)/.*#\1#') -} - -END_FUNCTIONS - -%end - - -# Template from: pre_common_head.cfg -%pre --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -# First, parse /proc/cmdline to find the boot args -set -- `cat /proc/cmdline` -for I in $*; do case "$I" in *=*) eval $I 2>/dev/null;; esac; done - -append= -if [ -n "$console" ] ; then - append="console=$console" -fi - -if [ -n "$security_profile" ]; then - append="$append security_profile=$security_profile" -fi - -#### SECURITY PROFILE HANDLING (Pre Installation) #### -if [ -n "$security_profile" ] && [ "$security_profile" == "extended" ]; then - # IMA specific boot options: - # Enable Kernel auditing - append="$append audit=1" -else - # we need to blacklist the IMA and Integrity Modules - # on standard security profile - append="$append module_blacklist=integrity,ima" - - # Disable Kernel auditing in Standard Security Profile mode - append="$append audit=0" -fi - -if [ -n "$tboot" ]; then - append="$append tboot=$tboot" -else - append="$append tboot=false" -fi - -boot_device_arg= -if [ -n "$boot_device" ] ; then - boot_device_arg="--boot-drive=$(get_by_path $boot_device)" -fi - -echo "bootloader --location=mbr $boot_device_arg --timeout=5 --append=\"$append\"" > /tmp/bootloader-include - -echo "timezone --nontp --utc UTC" >/tmp/timezone-include -%end - -#version=DEVEL -install -lang en_US.UTF-8 -keyboard us -%include /tmp/timezone-include -# set to 'x' so we can use shadow password -rootpw --iscrypted x -selinux --disabled -authconfig --enableshadow --passalgo=sha512 -firewall --service=ssh - -# The following is the partition information you requested -# Note that any partitions you deleted are not expressed -# here so unless you clear all partitions first, this is -# not guaranteed to work -zerombr - -# Disk layout from %pre -%include /tmp/part-include -# Bootloader parms from %pre -%include /tmp/bootloader-include - -reboot --eject - - -# Template from: pre_pkglist_lowlatency.cfg -%packages -@core -@base --kernel-module-igb-uio --kernel-module-wrs-avp --kernel --kernel-tools --kernel-tools-libs --kmod-drbd --kmod-e1000e --kmod-i40e --kmod-ixgbe --kmod-tpm --mlnx-ofa_kernel --mlnx-ofa_kernel-rt --mlnx-ofa_kernel-modules --qat16 -@platform-controller-worker-lowlatency -@updates-controller-worker-lowlatency -%end - - -# Template from: pre_disk_setup_common.cfg -%pre --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -# This is a really fancy way of finding the first usable disk for the -# install and not stomping on the USB device if it comes up first - -# First, parse /proc/cmdline to find the boot args -set -- `cat /proc/cmdline` -for I in $*; do case "$I" in *=*) eval $I 2>/dev/null;; esac; done - -# Find either the ISO or USB device first chopping off partition -ISO_DEV=`readlink /dev/disk/by-label/oe_iso_boot` -sdev=`echo $ISO_DEV | sed -e 's/.$//'` -if [ -e /dev/disk/by-label/$sdev ] ; then - ISO_DEV=$sdev -fi -USB_DEV=`readlink /dev/disk/by-label/wr_usb_boot` -sdev=`echo $USB_DEV | sed -e 's/.$//'` -if [ -e /dev/disk/by-label/$sdev ] ; then - USB_DEV=$sdev -fi - -# Temporary, until lab pxelinux.cfg files are updated to specify install devices -if [ -z "$rootfs_device" -o -z "$boot_device" ] -then - INST_HDD="" - # Prefer a vd* device if this is kvm/qemu - for e in vda vdb sda sdb nvme0n1; do - if [ -e /dev/$e -a "$ISO_DEV" != "../../$e" -a "$USB_DEV" != "../../$e" ] ; then - INST_HDD=$e - break - fi - done - - # Set variables to $INST_HDD if not set - rootfs_device=${rootfs_device:-$INST_HDD} - boot_device=${boot_device:-$INST_HDD} -fi - -# Convert to by-path -orig_rootfs_device=$rootfs_device -rootfs_device=$(get_by_path $rootfs_device) - -orig_boot_device=$boot_device -boot_device=$(get_by_path $boot_device) - -if [ ! -e "$rootfs_device" -o ! -e "$boot_device" ] ; then - # Touch this file to prevent Anaconda from dying an ungraceful death - touch /tmp/part-include - - report_pre_failure_with_msg "ERROR: Specified installation ($orig_rootfs_device) or boot ($orig_boot_device) device is invalid." -fi - -# Ensure specified device is not a USB drive -udevadm info --query=property --name=$rootfs_device |grep -q '^ID_BUS=usb' || \ - udevadm info --query=property --name=$boot_device |grep -q '^ID_BUS=usb' -if [ $? -eq 0 ]; then - # Touch this file to prevent Anaconda from dying an ungraceful death - touch /tmp/part-include - - report_pre_failure_with_msg "ERROR: Specified installation ($orig_rootfs_device) or boot ($orig_boot_device) device is a USB drive." -fi - -# Deactivate existing volume groups to avoid Anaconda issues with pre-existing groups -vgs --noheadings -o vg_name | xargs --no-run-if-empty -n 1 vgchange -an - -# Remove volumes and group for cgts-vg, if any -lvremove --force cgts-vg -pvs --select 'vg_name=cgts-vg' --noheadings -o pv_name | xargs --no-run-if-empty pvremove --force --force --yes -vgs --select 'vg_name=cgts-vg' --noheadings -o vg_name | xargs --no-run-if-empty vgremove --force - -ONLYUSE_HDD="" -if [ "$(curl -sf http://pxecontroller:6385/v1/upgrade/$(hostname)/in_upgrade 2>/dev/null)" = "true" ]; then - # In an upgrade, only wipe the disk with the rootfs and boot partition - echo "In upgrade, wiping only $rootfs_device" - WIPE_HDD="$(get_disk $rootfs_device)" - ONLYUSE_HDD="$(basename $(get_disk $rootfs_device))" - if [ "$(get_disk $rootfs_device)" != "$(get_disk $boot_device)" ]; then - WIPE_HDD="$WIPE_HDD,$(get_disk $boot_device)" - ONLYUSE_HDD="$ONLYUSE_HDD,$(basename $(get_disk $boot_device))" - fi -else - # Make a list of all the hard drives that are to be wiped - WIPE_HDD="" - # Partition type OSD has a unique globally identifier - part_type_guid_str="Partition GUID code" - CEPH_OSD_GUID="4FBD7E29-9D25-41B8-AFD0-062C0CEFF05D" - - # Check if we wipe OSDs - if [ "$(curl -sf http://pxecontroller:6385/v1/ihosts/wipe_osds 2>/dev/null)" = "true" ]; then - echo "Wipe OSD data." - WIPE_CEPH_OSDS="true" - else - echo "Skip Ceph OSD data wipe." - WIPE_CEPH_OSDS="false" - fi - - for f in /dev/disk/by-path/* - do - dev=$(readlink -f $f) - lsblk --nodeps --pairs $dev | grep -q 'TYPE="disk"' - if [ $? -ne 0 ] - then - continue - fi - - # Avoid wiping USB drives - udevadm info --query=property --name=$dev |grep -q '^ID_BUS=usb' && continue - - # Avoid wiping ceph osds if sysinv tells us so - if [ ${WIPE_CEPH_OSDS} == "false" ]; then - wipe_dev="true" - part_numbers=( `parted -s $dev print | awk '$1 == "Number" {i=1; next}; i {print $1}'` ) - # Scanning the partitions looking for CEPH OSDs and - # skipping any disk found with such partitions - for part_number in "${part_numbers[@]}"; do - sgdisk_part_info=$(flock $dev sgdisk -i $part_number $dev) - part_type_guid=$(echo "$sgdisk_part_info" | grep "$part_type_guid_str" | awk '{print $4;}') - if [ "$part_type_guid" == $CEPH_OSD_GUID ]; then - echo "OSD found on $dev, skipping wipe" - wipe_dev="false" - break - fi - done - if [ "$wipe_dev" == "false" ]; then - continue - fi - fi - - # Add device to the wipe list - devname=$(basename $dev) - if [ -e $dev -a "$ISO_DEV" != "../../$devname" -a "$USB_DEV" != "../../$devname" ]; then - if [ -n "$WIPE_HDD" ]; then - WIPE_HDD=$WIPE_HDD,$dev - else - WIPE_HDD=$dev - fi - fi - done - echo "Not in upgrade, wiping disks: $WIPE_HDD" -fi - -for dev in ${WIPE_HDD//,/ } -do - # Clearing previous GPT tables or LVM data - # Delete the first few bytes at the start and end of the partition. This is required with - # GPT partitions, they save partition info at the start and the end of the block. - # Do this for each partition on the disk, as well. - partitions=$(lsblk -rip $dev -o TYPE,NAME |awk '$1 == "part" {print $2}') - for p in $partitions $dev - do - echo "Pre-wiping $p from kickstart" - dd if=/dev/zero of=$p bs=512 count=34 - dd if=/dev/zero of=$p bs=512 count=34 seek=$((`blockdev --getsz $p` - 34)) - done -done - -# Check for remaining cgts-vg PVs, which could potentially happen -# in an upgrade where we're not wiping all disks. -# If we ever create other volume groups from kickstart in the future, -# include them in this search as well. -partitions=$(pvs --select 'vg_name=cgts-vg' -o pv_name --noheading | grep -v '\[unknown\]') -for p in $partitions -do - echo "Pre-wiping $p from kickstart (cgts-vg present)" - dd if=/dev/zero of=$p bs=512 count=34 - dd if=/dev/zero of=$p bs=512 count=34 seek=$((`blockdev --getsz $p` - 34)) -done - -let -i gb=1024*1024*1024 - -cat</tmp/part-include -clearpart --all --drives=$WIPE_HDD --initlabel -EOF - -if [ -n "$ONLYUSE_HDD" ]; then - cat<>/tmp/part-include -ignoredisk --only-use=$ONLYUSE_HDD -EOF -fi - -if [ -d /sys/firmware/efi ] ; then - cat<>/tmp/part-include -part /boot/efi --fstype=efi --size=300 --ondrive=$(get_disk $boot_device) -EOF -else - cat<>/tmp/part-include -part biosboot --asprimary --fstype=biosboot --size=1 --ondrive=$(get_disk $boot_device) -EOF -fi - - -# Template from: pre_disk_aio.cfg - -## NOTE: updates to partition sizes need to be also reflected in -## - stx-config/.../sysinv/conductor/manager.py:create_controller_filesystems() -## - stx-config/.../sysinv/common/constants.py -## -## NOTE: When adding partitions, we currently have a max of 4 primary partitions. -## If more than 4 partitions are required, we can use a max of 3 --asprimary, -## to allow 1 primary logical partition with extended partitions -## -## NOTE: Max default PV size must align with the default controllerfs sizes -## -## BACKUP_OVERHEAD = 20 -## -## Physical install (for disks over 240GB) -## - DB size is doubled to allow for upgrades -## -## DEFAULT_IMAGE_STOR_SIZE = 10 -## DEFAULT_DATABASE_STOR_SIZE = 20 -## DEFAULT_IMG_CONVERSION_STOR_SIZE = 20 -## BACKUP = DEFAULT_DATABASE_STOR_SIZE + DEFAULT_IMAGE_STOR_SIZE -## + BACKUP_OVERHEAD = 50 -## LOG_VOL_SIZE = 8192 -## SCRATCH_VOL_SIZE = 8192 -## RABBIT = 2048 -## PLATFORM = 2048 -## ANCHOR = 1024 -## EXTENSION = 1024 -## GNOCCHI = 5120 -## DOCKER = 30720 -## DOCKER_DIST = 16384 -## ETCD = 5120 -## CEPH_MON = 20480 -## KUBELET_VOL_SIZE = 10240 -## RESERVED_PE = 16 (based on pesize=32768) -## -## CGCS_PV_SIZE = 10240 + 2*20480 + 20480 + 51200 + 8196 + 8196 + 2048 + -## 2048 + 1024 + 1024 + 5120 + 30720 + 16384 + 5120 + -## 20480 + 10240 + 16 = 233496 -## -## small install - (for disks below 240GB) -## - DB size is doubled to allow for upgrades -## -## DEFAULT_SMALL_IMAGE_STOR_SIZE = 10 -## DEFAULT_SMALL_DATABASE_STOR_SIZE = 10 -## DEFAULT_SMALL_IMG_CONVERSION_STOR_SIZE = 10 -## DEFAULT_SMALL_BACKUP_STOR_SIZE = 40 -## -## LOG_VOL_SIZE = 8192 -## SCRATCH_VOL_SIZE = 8192 -## RABBIT = 2048 -## PLATFORM = 2048 -## ANCHOR = 1024 -## EXTENSION = 1024 -## GNOCCHI = 5120 -## DOCKER = 30720 -## DOCKER_DIST = 16384 -## ETCD = 5120 -## CEPH_MON = 20480 -## KUBELET_VOL_SIZE = 10240 -## RESERVED_PE = 16 (based on pesize=32768) -## -## -## CGCS_PV_SIZE = 10240 + 2*10240 + 10240 + 40960 + 8192 + 8192 + 2048 + -## 2048 + 1024 + 1024 + 5120 + 30720 + 16384 + 5120 + -## 20480 + 10240 + 16 = 192528 -## -## NOTE: To maintain upgrade compatability within the volume group, keep the -## undersized LOG_VOL_SIZE and SCRATCH_VOL_SIZE, but size the minimally size -## physical volume correctly. -## -## R4 AIO installations: -## - R4 (case #1): /boot (0.5G), / (20G), -## cgts-vg PV (239G), /local_pv (239G) -## - R4 (case #2): /boot (0.5G), / (20G), -## cgts-vg PV (239G), cgts-vg (239G) -## -## Upgrade migration will start with R5 install and create a partition to align -## above so filesystems within the volume group will be able to maintain their -## sizes in R5 -## - R5 install : /boot (0.5G), / (20G), -## cgts-vg PV (142G), un-partitioned (336G) -## - R5 (case #1): /boot (0.5G), / (20G), -## cgts-vg PV (142G), cgts-vg PV (97G), unpartitioned (239G) -## - R5 (case #2): /boot (0.5G), / (20G), -## cgts-vg PV (142G), cgts-vg PV (336G) -## - -sz=$(blockdev --getsize64 $(get_disk $rootfs_device)) -if [ $sz -le $((240*$gb)) ] ; then - # Round CGCS_PV_SIZE to the closest upper value that can be divided by 1024. - # 192528/1024=188.01. CGCS_PV_SIZE=189*1024=193536. Using a disk with a - # size under 189GiB will fail. - CGCS_PV_SIZE=193536 -else - # Round CGCS_PV_SIZE to the closest upper value that can be divided by 1024. - # 233496/1024=228.02. CGCS_PV_SIZE=229*1024=234496. - CGCS_PV_SIZE=234496 -fi - -ROOTFS_SIZE=20000 -LOG_VOL_SIZE=8000 -SCRATCH_VOL_SIZE=8000 - -ROOTFS_OPTIONS="defaults" -profile_mode=`cat /proc/cmdline |xargs -n1 echo |grep security_profile= | grep extended` -if [ -n "$profile_mode" ]; then - # Enable iversion labelling for rootfs when IMA is enabled - ROOTFS_OPTIONS="${ROOTFS_OPTIONS},iversion" -fi - -cat<>/tmp/part-include -part /boot --fstype=ext4 --asprimary --size=500 --ondrive=$(get_disk $rootfs_device) --fsoptions="$ROOTFS_OPTIONS" -part pv.253004 --grow --size=500 --maxsize=$CGCS_PV_SIZE --ondrive=$(get_disk $rootfs_device) -volgroup cgts-vg --pesize=32768 pv.253004 -logvol /var/log --fstype=ext4 --vgname=cgts-vg --size=$LOG_VOL_SIZE --name=log-lv -logvol /scratch --fstype=ext4 --vgname=cgts-vg --size=$SCRATCH_VOL_SIZE --name=scratch-lv -part / --fstype=ext4 --asprimary --size=$ROOTFS_SIZE --ondrive=$(get_disk $rootfs_device) --fsoptions="$ROOTFS_OPTIONS" -EOF - -%end - - -# Template from: post_platform_conf_aio_lowlatency.cfg -%post --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -# Set the security profile mode -secprofile="standard" -profile_mode=`cat /proc/cmdline |xargs -n1 echo |grep security_profile= | grep extended` -if [ -n "$profile_mode" ]; then - secprofile="extended" -fi - -mkdir -p -m 0775 /etc/platform -cat < /etc/platform/platform.conf -nodetype=controller -subfunction=controller,worker,lowlatency -system_type=All-in-one -security_profile=$secprofile -EOF - -%end - - -# Template from: post_common.cfg -%post --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -# Turn off locale support for i18n if is not installed -if [ ! -d /usr/share/i18n ] ; then - rm -f /etc/sysconfig/i18n -fi -# Unset the hostname -rm /etc/hostname - -# If using a serial install make sure to add a getty on the tty1 -conarg=`cat /proc/cmdline |xargs -n1 echo |grep console= |grep ttyS` -if [ -n "$conarg" ] ; then - echo "1:2345:respawn:/sbin/mingetty tty1" >> /etc/inittab -fi - -#### SECURITY PROFILE HANDLING (Post Installation) #### -# Check if the Security profile mode is enabled -# and load the appropriate kernel modules -secprofile=`cat /proc/cmdline |xargs -n1 echo |grep security_profile= | grep extended` -if [ -n "$secprofile" ]; then - echo "In Extended Security profile mode. Loading IMA kernel module" - systemctl enable auditd.service - # Add the securityfs mount for the IMA Runtime measurement list - echo "securityfs /sys/kernel/security securityfs defaults,nodev 0 0" >> /etc/fstab -else - # Disable audit daemon in the Standard Security Profile - systemctl disable auditd -fi - -. /etc/platform/platform.conf -# Configure smart package manager channels -rm -rf /var/lib/smart -mkdir /var/lib/smart -/usr/bin/smart channel -y \ - --add rpmdb type=rpm-sys name="RPM Database" -/usr/bin/smart channel -y \ - --add base type=rpm-md name="Base" baseurl=http://controller:${http_port:-8080}/feed/rel-19.12 -/usr/bin/smart channel -y \ - --add updates type=rpm-md name="Patches" baseurl=http://controller:${http_port:-8080}/updates/rel-19.12 - -# Configure smart to use rpm --nolinktos option -/usr/bin/smart config --set rpm-nolinktos=true - -# Configure smart to use rpm --nosignature option -/usr/bin/smart config --set rpm-check-signatures=false - -# Delete the CentOS yum repo files -rm -f /etc/yum.repos.d/CentOS-* - -# Persist the boot device naming as UDEV rules so that if the network device -# order changes post-install that we will still be able to DHCP from the -# correct interface to reach the active controller. For most nodes only the -# management/boot interface needs to be persisted but because we require both -# controllers to be identically configured and controller-0 and controller-1 -# are installed differently (e.g., controller-0 from USB and controller-1 from -# network) it is not possible to know which interface to persist for -# controller-0. The simplest solution is to persist all interfaces. -# -mkdir -p /etc/udev/rules.d -echo "# Persisted network interfaces from anaconda installer" > /etc/udev/rules.d/70-persistent-net.rules -for dir in /sys/class/net/*; do - if [ -e ${dir}/device ]; then - dev=$(basename ${dir}) - mac_address=$(cat /sys/class/net/${dev}/address) - echo "ACTION==\"add\", SUBSYSTEM==\"net\", DRIVERS==\"?*\", ATTR{address}==\"${mac_address}\", NAME=\"${dev}\"" >> /etc/udev/rules.d/70-persistent-net.rules - fi -done - -# Mark the sysadmin password as expired immediately -chage -d 0 sysadmin - -# Lock the root password -passwd -l root - -# Enable tmpfs mount for /tmp -# delete /var/tmp so that it can similinked in -rm -rf /var/tmp -systemctl enable tmp.mount - -# Disable automount of /dev/hugepages -systemctl mask dev-hugepages.mount - -# Disable firewall -systemctl disable firewalld - -# Disable libvirtd -systemctl disable libvirtd.service - -# Enable rsyncd -systemctl enable rsyncd.service - -# Allow root to run sudo from a non-tty (for scripts running as root that run sudo cmds) -echo 'Defaults:root !requiretty' > /etc/sudoers.d/root - -# Make fstab just root read/writable -chmod 600 /etc/fstab - -# Create first_boot flag -touch /etc/platform/.first_boot - -%end - -# Template from: post_kernel_aio_and_worker.cfg -%post --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -# Source the generated platform.conf -. /etc/platform/platform.conf - -# Update grub with custom kernel bootargs -source /etc/init.d/cpumap_functions.sh -n_cpus=$(cat /proc/cpuinfo 2>/dev/null | \ - awk '/^[pP]rocessor/ { n +=1 } END { print (n>0) ? n : 1}') -n_numa=$(ls -d /sys/devices/system/node/node* 2>/dev/null | wc -l) -KERN_OPTS=" iommu=pt usbcore.autosuspend=-1" - -KERN_OPTS="${KERN_OPTS} hugepagesz=2M hugepages=0 default_hugepagesz=2M" - -# If this is an all-in-one system, we need at least 4 CPUs -if [ "$system_type" = "All-in-one" -a ${n_cpus} -lt 4 ]; then - report_post_failure_with_msg "ERROR: At least 4 CPUs are required for controller+worker node." -fi - -# Add kernel options for cpu isolation / affinity -if [ ${n_cpus} -gt 1 ] -then - base_cpulist=$(platform_expanded_cpu_list) - base_cpumap=$(cpulist_to_cpumap ${base_cpulist} ${n_cpus}) - avp_cpulist=$(vswitch_expanded_cpu_list) - norcu_cpumap=$(invert_cpumap ${base_cpumap} ${n_cpus}) - norcu_cpulist=$(cpumap_to_cpulist ${norcu_cpumap} ${n_cpus}) - - if [[ "$subfunction" =~ lowlatency ]]; then - KERN_OPTS="${KERN_OPTS} isolcpus=${norcu_cpulist}" - KERN_OPTS="${KERN_OPTS} nohz_full=${norcu_cpulist}" - else - KERN_OPTS="${KERN_OPTS} isolcpus=${avp_cpulist}" - fi - KERN_OPTS="${KERN_OPTS} rcu_nocbs=${norcu_cpulist}" - KERN_OPTS="${KERN_OPTS} kthread_cpus=${base_cpulist}" - KERN_OPTS="${KERN_OPTS} irqaffinity=${base_cpulist}" - # Update vswitch.conf - sed -i "s/^VSWITCH_CPU_LIST=.*/VSWITCH_CPU_LIST=\"${avp_cpulist}\"/" /etc/vswitch/vswitch.conf -fi - -# Add kernel options to ensure an selinux is disabled -KERN_OPTS="${KERN_OPTS} selinux=0 enforcing=0" - -# Add kernel options to set NMI watchdog -if [[ "$subfunction" =~ lowlatency ]]; then - KERN_OPTS="${KERN_OPTS} nmi_watchdog=0 softlockup_panic=0" -else - KERN_OPTS="${KERN_OPTS} nmi_watchdog=panic,1 softlockup_panic=1" -fi - -if [[ "$(dmidecode -s system-product-name)" =~ ^ProLiant.*Gen8$ ]]; then - KERN_OPTS="${KERN_OPTS} intel_iommu=on,eth_no_rmrr" -else - KERN_OPTS="${KERN_OPTS} intel_iommu=on" -fi - -# Add kernel option to disable biosdevname if enabled -# As this may already be in GRUB_CMDLINE_LINUX, only add if it is not already present -grep -q '^GRUB_CMDLINE_LINUX=.*biosdevname=0' /etc/default/grub -if [ $? -ne 0 ]; then - KERN_OPTS="${KERN_OPTS} biosdevname=0" -fi - -# Add kernel options to disable kvm-intel.eptad on Broadwell -# Broadwell: Model: 79, Model name: Intel(R) Xeon(R) CPU E5-2699 v4 @ 2.20GHz -if grep -q -E "^model\s+:\s+79$" /proc/cpuinfo -then - KERN_OPTS="${KERN_OPTS} kvm-intel.eptad=0" -fi - -# k8s updates: -#KERN_OPTS="${KERN_OPTS} cgroup_disable=memory" -KERN_OPTS="${KERN_OPTS} user_namespace.enable=1" - -# Add kernel option to avoid jiffies_lock contention on real-time kernel -if [[ "$subfunction" =~ lowlatency ]]; then - KERN_OPTS="${KERN_OPTS} skew_tick=1" -fi - -# If the installer asked us to use security related kernel params, use -# them in the grub line as well (until they can be configured via puppet) -grep -q 'nopti' /proc/cmdline -if [ $? -eq 0 ]; then - KERN_OPTS="${KERN_OPTS} nopti" -fi -grep -q 'nospectre_v2' /proc/cmdline -if [ $? -eq 0 ]; then - KERN_OPTS="${KERN_OPTS} nospectre_v2" -fi - -perl -pi -e 's/(GRUB_CMDLINE_LINUX=.*)\"/\1'"$KERN_OPTS"'\"/g' /etc/default/grub - -if [ -d /sys/firmware/efi ] ; then - grub2-mkconfig -o /boot/efi/EFI/centos/grub.cfg -else - grub2-mkconfig -o /boot/grub2/grub.cfg -fi - -%end - - -# Template from: post_lvm_pv_on_rootfs.cfg -%post --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -# uncomment the global_filter line in lvm.conf -perl -0777 -i.bak -pe 's:(# This configuration option has an automatic default value\.\n)\t# global_filter:$1 global_filter:m' /etc/lvm/lvm.conf - -# Determine which disk we created our PV on (i.e. the root disk) -ROOTDISK=$(get_by_path $(pvdisplay --select 'vg_name=cgts-vg' -C -o pv_name --noheadings)) -if [ -z "$ROOTDISK" ]; then - report_post_failure_with_msg "ERROR: failed to identify rootdisk via pvdisplay" -fi -# Edit the LVM config so LVM only looks for LVs on the root disk -sed -i "s#^\( *\)global_filter = \[.*#\1global_filter = [ \"a|${ROOTDISK}|\", \"r|.*|\" ]#" /etc/lvm/lvm.conf -%end - - -# Template from: post_system_aio.cfg -%post --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -# Source the generated platform.conf -. /etc/platform/platform.conf - -## Reserve more memory for base processes since the controller has higher -## memory requirements but cap it to better handle systems with large -## amounts of memory -TOTALMEM=$(grep MemTotal /proc/meminfo | awk '{print int($2/1024)}') - -if [ -e /sys/devices/system/node/node0 ]; then - RESERVEDMEM=$(grep MemTotal /sys/devices/system/node/node0/meminfo | awk '{printf "%d\n", $4/1024}') -else - RESERVEDMEM=$(grep MemTotal /proc/meminfo | awk '{print int($2/1024/4)}') -fi - -if [ ${RESERVEDMEM} -lt 6144 ]; then - RESERVEDMEM=6144 -elif [ ${RESERVEDMEM} -gt 14500 ]; then - RESERVEDMEM=14500 -elif [ ${RESERVEDMEM} -gt 8192 ]; then - RESERVEDMEM=8192 -fi - -sed -i -e "s#\(WORKER_BASE_RESERVED\)=.*#\1=(\"node0:${RESERVEDMEM}MB:1\" \"node1:2000MB:0\" \"node2:2000MB:0\" \"node3:2000MB:0\")#g" /etc/platform/worker_reserved.conf - -# Update WORKER_CPU_LIST -N_CPUS=$(cat /proc/cpuinfo 2>/dev/null | awk '/^[pP]rocessor/ { n +=1 } END { print (n>0) ? n : 1}') -sed -i "s/^WORKER_CPU_LIST=.*/WORKER_CPU_LIST=\"0-$((N_CPUS-1))\"/" /etc/platform/worker_reserved.conf - -%end - - -# Template from: post_usb_controller.cfg -%pre --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -if [ -d /mnt/install/source ]; then - srcdir=/mnt/install/source -else - srcdir=/run/install/repo -fi - -touch /tmp/repo-include - -if [ -d ${srcdir}/patches ]; then - echo "repo --name=updates --baseurl=file://${srcdir}/patches/" > /tmp/repo-include -fi - -%end - -# Repository arguments from %pre -%include /tmp/repo-include - -%post --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -mgmt_dev=none - -# Persist the boot device to the platform configuration. This will get -# overwritten when config_controller is run. -echo management_interface=$mgmt_dev >> /etc/platform/platform.conf - -# persist the default http port number to platform configuration. This -# will get overwritten when config_controller is run. -echo http_port=8080 >> /etc/platform/platform.conf - -# Build networking scripts -cat << EOF > /etc/sysconfig/network-scripts/ifcfg-lo -DEVICE=lo -IPADDR=127.0.0.1 -NETMASK=255.0.0.0 -NETWORK=127.0.0.0 -BROADCAST=127.255.255.255 -ONBOOT=yes -IPV6_AUTOCONF=no -NAME=loopback -EOF - -%end - - -# Note, this section is different and replaced with a wget -# if doing the initial install off the network -%post --nochroot -if [ -d /mnt/install/source ]; then - srcdir=/mnt/install/source -else - srcdir=/run/install/repo -fi - -if [ -d $srcdir/Packages ] ; then - mkdir -p /mnt/sysimage/www/pages/feed/rel-19.12 - cp -r $srcdir/Packages /mnt/sysimage/www/pages/feed/rel-19.12/Packages - cp -r $srcdir/repodata /mnt/sysimage/www/pages/feed/rel-19.12/repodata - cp $srcdir/*.cfg /mnt/sysimage/www/pages/feed/rel-19.12 -fi - -if [ -d $srcdir/patches ]; then - mkdir -p /mnt/sysimage/www/pages/updates/rel-19.12 - cp -r $srcdir/patches/Packages /mnt/sysimage/www/pages/updates/rel-19.12/Packages - cp -r $srcdir/patches/repodata /mnt/sysimage/www/pages/updates/rel-19.12/repodata - mkdir -p /mnt/sysimage/opt/patching - cp -r $srcdir/patches/metadata /mnt/sysimage/opt/patching/metadata - mkdir -p /mnt/sysimage/opt/patching/packages/19.12 - - find /mnt/sysimage/www/pages/updates/rel-19.12/Packages -name '*.rpm' \ - | xargs --no-run-if-empty -I files cp --preserve=all files /mnt/sysimage/opt/patching/packages/19.12/ -fi - -# Create a uuid specific to this installation -INSTALL_UUID=`uuidgen` -echo $INSTALL_UUID > /mnt/sysimage/www/pages/feed/rel-19.12/install_uuid -echo "INSTALL_UUID=$INSTALL_UUID" >> /mnt/sysimage/etc/platform/platform.conf -%end - -%post - -# This is a USB install, so set ONBOOT=yes for network devices. -# Doing this in the %post so we don't unintentionally setup a -# network device during the installation. -for f in /etc/sysconfig/network-scripts/ifcfg-*; do - if grep -q '^ONBOOT=' ${f}; then - sed -i 's/^ONBOOT=.*/ONBOOT=yes/' ${f} - else - echo "ONBOOT=yes" >> ${f} - fi - if grep -q '^IPV6_AUTOCONF=' ${f}; then - sed -i 's/^IPV6_AUTOCONF=.*/IPV6_AUTOCONF=no/' ${f} - else - echo "IPV6_AUTOCONF=no" >> ${f} - fi -done - -%end - - -# Template from: post_usb_addon.cfg -%pre --erroronfail -if [ -d /mnt/install/source ]; then - srcdir=/mnt/install/source -else - srcdir=/run/install/repo -fi - -if [ -f ${srcdir}/ks-addon.cfg ]; then - cp ${srcdir}/ks-addon.cfg /tmp/ -else - cat < /tmp/ks-addon.cfg -# No custom addon included -EOF -fi -%end - -%post --nochroot -if [ -d /mnt/install/source ]; then - srcdir=/mnt/install/source -else - srcdir=/run/install/repo -fi - -# Store the ks-addon.cfg for debugging -mkdir -p /mnt/sysimage/var/log/anaconda -cp /tmp/ks-addon.cfg /mnt/sysimage/var/log/anaconda/ -%end - -%post --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -%include /tmp/ks-addon.cfg - -%end diff --git a/meta-stx/conf/distro/files/ks/controller_ks.cfg b/meta-stx/conf/distro/files/ks/controller_ks.cfg deleted file mode 100644 index 6e1c504..0000000 --- a/meta-stx/conf/distro/files/ks/controller_ks.cfg +++ /dev/null @@ -1,835 +0,0 @@ -# -# Copyright (c) 2019 Wind River Systems, Inc. -# SPDX-License-Identifier: Apache-2.0 -# - -%pre -# This file defines functions that can be used in %pre and %post kickstart sections, by including: -# . /tmp/ks-functions.sh -# - -cat </tmp/ks-functions.sh -# -# Copyright (c) 2019 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# - -function get_by_path() -{ - local disk=\$(cd /dev ; readlink -f \$1) - for p in /dev/disk/by-path/*; do - if [ "\$disk" = "\$(readlink -f \$p)" ]; then - echo \$p - return - fi - done -} - -function get_disk() -{ - echo \$(cd /dev ; readlink -f \$1) -} - -function report_pre_failure_with_msg() -{ - local msg=\$1 - echo -e '\n\nInstallation failed.\n' - echo "\$msg" - - exit 1 -} - -function report_post_failure_with_msg() -{ - local msg=\$1 - cat <> /etc/motd - -Installation failed. -\$msg - -EOF - echo "\$msg" >/etc/platform/installation_failed - - echo -e '\n\nInstallation failed.\n' - echo "\$msg" - - exit 1 -} - -function report_post_failure_with_logfile() -{ - local logfile=\$1 - cat <> /etc/motd - -Installation failed. -Please see \$logfile for details of failure - -EOF - echo \$logfile >/etc/platform/installation_failed - - echo -e '\n\nInstallation failed.\n' - cat \$logfile - - exit 1 -} - -function get_http_port() -{ - echo \$(cat /proc/cmdline |xargs -n1 echo |grep '^inst.repo=' | sed -r 's#^[^/]*://[^/]*:([0-9]*)/.*#\1#') -} - -END_FUNCTIONS - -%end - -%post -# This file defines functions that can be used in %pre and %post kickstart sections, by including: -# . /tmp/ks-functions.sh -# - -cat </tmp/ks-functions.sh -# -# Copyright (c) 2019 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# - -function get_by_path() -{ - local disk=\$(cd /dev ; readlink -f \$1) - for p in /dev/disk/by-path/*; do - if [ "\$disk" = "\$(readlink -f \$p)" ]; then - echo \$p - return - fi - done -} - -function get_disk() -{ - echo \$(cd /dev ; readlink -f \$1) -} - -function report_pre_failure_with_msg() -{ - local msg=\$1 - echo -e '\n\nInstallation failed.\n' - echo "\$msg" - - exit 1 -} - -function report_post_failure_with_msg() -{ - local msg=\$1 - cat <> /etc/motd - -Installation failed. -\$msg - -EOF - echo "\$msg" >/etc/platform/installation_failed - - echo -e '\n\nInstallation failed.\n' - echo "\$msg" - - exit 1 -} - -function report_post_failure_with_logfile() -{ - local logfile=\$1 - cat <> /etc/motd - -Installation failed. -Please see \$logfile for details of failure - -EOF - echo \$logfile >/etc/platform/installation_failed - - echo -e '\n\nInstallation failed.\n' - cat \$logfile - - exit 1 -} - -function get_http_port() -{ - echo \$(cat /proc/cmdline |xargs -n1 echo |grep '^inst.repo=' | sed -r 's#^[^/]*://[^/]*:([0-9]*)/.*#\1#') -} - -END_FUNCTIONS - -%end - - -# Template from: pre_common_head.cfg -%pre --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -# First, parse /proc/cmdline to find the boot args -set -- `cat /proc/cmdline` -for I in $*; do case "$I" in *=*) eval $I 2>/dev/null;; esac; done - -append= -if [ -n "$console" ] ; then - append="console=$console" -fi - -if [ -n "$security_profile" ]; then - append="$append security_profile=$security_profile" -fi - -#### SECURITY PROFILE HANDLING (Pre Installation) #### -if [ -n "$security_profile" ] && [ "$security_profile" == "extended" ]; then - # IMA specific boot options: - # Enable Kernel auditing - append="$append audit=1" -else - # we need to blacklist the IMA and Integrity Modules - # on standard security profile - append="$append module_blacklist=integrity,ima" - - # Disable Kernel auditing in Standard Security Profile mode - append="$append audit=0" -fi - -if [ -n "$tboot" ]; then - append="$append tboot=$tboot" -else - append="$append tboot=false" -fi - -boot_device_arg= -if [ -n "$boot_device" ] ; then - boot_device_arg="--boot-drive=$(get_by_path $boot_device)" -fi - -echo "bootloader --location=mbr $boot_device_arg --timeout=5 --append=\"$append\"" > /tmp/bootloader-include - -echo "timezone --nontp --utc UTC" >/tmp/timezone-include -%end - -#version=DEVEL -install -lang en_US.UTF-8 -keyboard us -%include /tmp/timezone-include -# set to 'x' so we can use shadow password -rootpw --iscrypted x -selinux --disabled -authconfig --enableshadow --passalgo=sha512 -firewall --service=ssh - -# The following is the partition information you requested -# Note that any partitions you deleted are not expressed -# here so unless you clear all partitions first, this is -# not guaranteed to work -zerombr - -# Disk layout from %pre -%include /tmp/part-include -# Bootloader parms from %pre -%include /tmp/bootloader-include - -reboot --eject - - -# Template from: pre_pkglist.cfg -%packages -@core -@base --kernel-module-igb-uio-rt --kernel-module-wrs-avp-rt --kernel-rt --kernel-rt-kvm --kernel-rt-tools --kernel-rt-tools-libs --kmod-drbd-rt --kmod-e1000e-rt --kmod-i40e-rt --kmod-ixgbe-rt --kmod-tpm-rt --mlnx-ofa_kernel --mlnx-ofa_kernel-rt --mlnx-ofa_kernel-rt-modules --qat16-rt -@platform-controller -@updates-controller -%end - - -# Template from: pre_disk_setup_common.cfg -%pre --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -# This is a really fancy way of finding the first usable disk for the -# install and not stomping on the USB device if it comes up first - -# First, parse /proc/cmdline to find the boot args -set -- `cat /proc/cmdline` -for I in $*; do case "$I" in *=*) eval $I 2>/dev/null;; esac; done - -# Find either the ISO or USB device first chopping off partition -ISO_DEV=`readlink /dev/disk/by-label/oe_iso_boot` -sdev=`echo $ISO_DEV | sed -e 's/.$//'` -if [ -e /dev/disk/by-label/$sdev ] ; then - ISO_DEV=$sdev -fi -USB_DEV=`readlink /dev/disk/by-label/wr_usb_boot` -sdev=`echo $USB_DEV | sed -e 's/.$//'` -if [ -e /dev/disk/by-label/$sdev ] ; then - USB_DEV=$sdev -fi - -# Temporary, until lab pxelinux.cfg files are updated to specify install devices -if [ -z "$rootfs_device" -o -z "$boot_device" ] -then - INST_HDD="" - # Prefer a vd* device if this is kvm/qemu - for e in vda vdb sda sdb nvme0n1; do - if [ -e /dev/$e -a "$ISO_DEV" != "../../$e" -a "$USB_DEV" != "../../$e" ] ; then - INST_HDD=$e - break - fi - done - - # Set variables to $INST_HDD if not set - rootfs_device=${rootfs_device:-$INST_HDD} - boot_device=${boot_device:-$INST_HDD} -fi - -# Convert to by-path -orig_rootfs_device=$rootfs_device -rootfs_device=$(get_by_path $rootfs_device) - -orig_boot_device=$boot_device -boot_device=$(get_by_path $boot_device) - -if [ ! -e "$rootfs_device" -o ! -e "$boot_device" ] ; then - # Touch this file to prevent Anaconda from dying an ungraceful death - touch /tmp/part-include - - report_pre_failure_with_msg "ERROR: Specified installation ($orig_rootfs_device) or boot ($orig_boot_device) device is invalid." -fi - -# Ensure specified device is not a USB drive -udevadm info --query=property --name=$rootfs_device |grep -q '^ID_BUS=usb' || \ - udevadm info --query=property --name=$boot_device |grep -q '^ID_BUS=usb' -if [ $? -eq 0 ]; then - # Touch this file to prevent Anaconda from dying an ungraceful death - touch /tmp/part-include - - report_pre_failure_with_msg "ERROR: Specified installation ($orig_rootfs_device) or boot ($orig_boot_device) device is a USB drive." -fi - -# Deactivate existing volume groups to avoid Anaconda issues with pre-existing groups -vgs --noheadings -o vg_name | xargs --no-run-if-empty -n 1 vgchange -an - -# Remove volumes and group for cgts-vg, if any -lvremove --force cgts-vg -pvs --select 'vg_name=cgts-vg' --noheadings -o pv_name | xargs --no-run-if-empty pvremove --force --force --yes -vgs --select 'vg_name=cgts-vg' --noheadings -o vg_name | xargs --no-run-if-empty vgremove --force - -ONLYUSE_HDD="" -if [ "$(curl -sf http://pxecontroller:6385/v1/upgrade/$(hostname)/in_upgrade 2>/dev/null)" = "true" ]; then - # In an upgrade, only wipe the disk with the rootfs and boot partition - echo "In upgrade, wiping only $rootfs_device" - WIPE_HDD="$(get_disk $rootfs_device)" - ONLYUSE_HDD="$(basename $(get_disk $rootfs_device))" - if [ "$(get_disk $rootfs_device)" != "$(get_disk $boot_device)" ]; then - WIPE_HDD="$WIPE_HDD,$(get_disk $boot_device)" - ONLYUSE_HDD="$ONLYUSE_HDD,$(basename $(get_disk $boot_device))" - fi -else - # Make a list of all the hard drives that are to be wiped - WIPE_HDD="" - # Partition type OSD has a unique globally identifier - part_type_guid_str="Partition GUID code" - CEPH_OSD_GUID="4FBD7E29-9D25-41B8-AFD0-062C0CEFF05D" - - # Check if we wipe OSDs - if [ "$(curl -sf http://pxecontroller:6385/v1/ihosts/wipe_osds 2>/dev/null)" = "true" ]; then - echo "Wipe OSD data." - WIPE_CEPH_OSDS="true" - else - echo "Skip Ceph OSD data wipe." - WIPE_CEPH_OSDS="false" - fi - - for f in /dev/disk/by-path/* - do - dev=$(readlink -f $f) - lsblk --nodeps --pairs $dev | grep -q 'TYPE="disk"' - if [ $? -ne 0 ] - then - continue - fi - - # Avoid wiping USB drives - udevadm info --query=property --name=$dev |grep -q '^ID_BUS=usb' && continue - - # Avoid wiping ceph osds if sysinv tells us so - if [ ${WIPE_CEPH_OSDS} == "false" ]; then - wipe_dev="true" - part_numbers=( `parted -s $dev print | awk '$1 == "Number" {i=1; next}; i {print $1}'` ) - # Scanning the partitions looking for CEPH OSDs and - # skipping any disk found with such partitions - for part_number in "${part_numbers[@]}"; do - sgdisk_part_info=$(flock $dev sgdisk -i $part_number $dev) - part_type_guid=$(echo "$sgdisk_part_info" | grep "$part_type_guid_str" | awk '{print $4;}') - if [ "$part_type_guid" == $CEPH_OSD_GUID ]; then - echo "OSD found on $dev, skipping wipe" - wipe_dev="false" - break - fi - done - if [ "$wipe_dev" == "false" ]; then - continue - fi - fi - - # Add device to the wipe list - devname=$(basename $dev) - if [ -e $dev -a "$ISO_DEV" != "../../$devname" -a "$USB_DEV" != "../../$devname" ]; then - if [ -n "$WIPE_HDD" ]; then - WIPE_HDD=$WIPE_HDD,$dev - else - WIPE_HDD=$dev - fi - fi - done - echo "Not in upgrade, wiping disks: $WIPE_HDD" -fi - -for dev in ${WIPE_HDD//,/ } -do - # Clearing previous GPT tables or LVM data - # Delete the first few bytes at the start and end of the partition. This is required with - # GPT partitions, they save partition info at the start and the end of the block. - # Do this for each partition on the disk, as well. - partitions=$(lsblk -rip $dev -o TYPE,NAME |awk '$1 == "part" {print $2}') - for p in $partitions $dev - do - echo "Pre-wiping $p from kickstart" - dd if=/dev/zero of=$p bs=512 count=34 - dd if=/dev/zero of=$p bs=512 count=34 seek=$((`blockdev --getsz $p` - 34)) - done -done - -# Check for remaining cgts-vg PVs, which could potentially happen -# in an upgrade where we're not wiping all disks. -# If we ever create other volume groups from kickstart in the future, -# include them in this search as well. -partitions=$(pvs --select 'vg_name=cgts-vg' -o pv_name --noheading | grep -v '\[unknown\]') -for p in $partitions -do - echo "Pre-wiping $p from kickstart (cgts-vg present)" - dd if=/dev/zero of=$p bs=512 count=34 - dd if=/dev/zero of=$p bs=512 count=34 seek=$((`blockdev --getsz $p` - 34)) -done - -let -i gb=1024*1024*1024 - -cat</tmp/part-include -clearpart --all --drives=$WIPE_HDD --initlabel -EOF - -if [ -n "$ONLYUSE_HDD" ]; then - cat<>/tmp/part-include -ignoredisk --only-use=$ONLYUSE_HDD -EOF -fi - -if [ -d /sys/firmware/efi ] ; then - cat<>/tmp/part-include -part /boot/efi --fstype=efi --size=300 --ondrive=$(get_disk $boot_device) -EOF -else - cat<>/tmp/part-include -part biosboot --asprimary --fstype=biosboot --size=1 --ondrive=$(get_disk $boot_device) -EOF -fi - - -# Template from: pre_disk_controller.cfg - -## NOTE: updates to partition sizes need to be also reflected in -## _controller_filesystem_limits() in sysinv/api/controllers/v1/istorconfig.py - -ROOTFS_SIZE=20000 -LOG_VOL_SIZE=8000 -SCRATCH_VOL_SIZE=8000 - -ROOTFS_OPTIONS="defaults" -profile_mode=`cat /proc/cmdline |xargs -n1 echo |grep security_profile= | grep extended` -if [ -n "$profile_mode" ]; then - # Enable iversion labelling for rootfs when IMA is enabled - ROOTFS_OPTIONS="${ROOTFS_OPTIONS},iversion" -fi - -cat<>/tmp/part-include -part /boot --fstype=ext4 --asprimary --size=500 --ondrive=$(get_disk $rootfs_device) --fsoptions="$ROOTFS_OPTIONS" -part pv.253004 --grow --asprimary --size=500 --ondrive=$(get_disk $rootfs_device) -volgroup cgts-vg --pesize=32768 pv.253004 -logvol /var/log --fstype=ext4 --vgname=cgts-vg --size=$LOG_VOL_SIZE --name=log-lv -logvol /scratch --fstype=ext4 --vgname=cgts-vg --size=$SCRATCH_VOL_SIZE --name=scratch-lv -part / --fstype=ext4 --asprimary --size=$ROOTFS_SIZE --ondrive=$(get_disk $rootfs_device) --fsoptions="$ROOTFS_OPTIONS" - -EOF - -%end - - -# Template from: post_platform_conf_controller.cfg -%post --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -# Set the security profile mode -secprofile="standard" -profile_mode=`cat /proc/cmdline |xargs -n1 echo |grep security_profile= | grep extended` -if [ -n "$profile_mode" ]; then - secprofile="extended" -fi - -mkdir -p -m 0775 /etc/platform -cat < /etc/platform/platform.conf -nodetype=controller -subfunction=controller -system_type=Standard -security_profile=$secprofile -EOF - -%end - - -# Template from: post_common.cfg -%post --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -# Turn off locale support for i18n if is not installed -if [ ! -d /usr/share/i18n ] ; then - rm -f /etc/sysconfig/i18n -fi -# Unset the hostname -rm /etc/hostname - -# If using a serial install make sure to add a getty on the tty1 -conarg=`cat /proc/cmdline |xargs -n1 echo |grep console= |grep ttyS` -if [ -n "$conarg" ] ; then - echo "1:2345:respawn:/sbin/mingetty tty1" >> /etc/inittab -fi - -#### SECURITY PROFILE HANDLING (Post Installation) #### -# Check if the Security profile mode is enabled -# and load the appropriate kernel modules -secprofile=`cat /proc/cmdline |xargs -n1 echo |grep security_profile= | grep extended` -if [ -n "$secprofile" ]; then - echo "In Extended Security profile mode. Loading IMA kernel module" - systemctl enable auditd.service - # Add the securityfs mount for the IMA Runtime measurement list - echo "securityfs /sys/kernel/security securityfs defaults,nodev 0 0" >> /etc/fstab -else - # Disable audit daemon in the Standard Security Profile - systemctl disable auditd -fi - -. /etc/platform/platform.conf -# Configure smart package manager channels -rm -rf /var/lib/smart -mkdir /var/lib/smart -/usr/bin/smart channel -y \ - --add rpmdb type=rpm-sys name="RPM Database" -/usr/bin/smart channel -y \ - --add base type=rpm-md name="Base" baseurl=http://controller:${http_port:-8080}/feed/rel-19.12 -/usr/bin/smart channel -y \ - --add updates type=rpm-md name="Patches" baseurl=http://controller:${http_port:-8080}/updates/rel-19.12 - -# Configure smart to use rpm --nolinktos option -/usr/bin/smart config --set rpm-nolinktos=true - -# Configure smart to use rpm --nosignature option -/usr/bin/smart config --set rpm-check-signatures=false - -# Delete the CentOS yum repo files -rm -f /etc/yum.repos.d/CentOS-* - -# Persist the boot device naming as UDEV rules so that if the network device -# order changes post-install that we will still be able to DHCP from the -# correct interface to reach the active controller. For most nodes only the -# management/boot interface needs to be persisted but because we require both -# controllers to be identically configured and controller-0 and controller-1 -# are installed differently (e.g., controller-0 from USB and controller-1 from -# network) it is not possible to know which interface to persist for -# controller-0. The simplest solution is to persist all interfaces. -# -mkdir -p /etc/udev/rules.d -echo "# Persisted network interfaces from anaconda installer" > /etc/udev/rules.d/70-persistent-net.rules -for dir in /sys/class/net/*; do - if [ -e ${dir}/device ]; then - dev=$(basename ${dir}) - mac_address=$(cat /sys/class/net/${dev}/address) - echo "ACTION==\"add\", SUBSYSTEM==\"net\", DRIVERS==\"?*\", ATTR{address}==\"${mac_address}\", NAME=\"${dev}\"" >> /etc/udev/rules.d/70-persistent-net.rules - fi -done - -# Mark the sysadmin password as expired immediately -chage -d 0 sysadmin - -# Lock the root password -passwd -l root - -# Enable tmpfs mount for /tmp -# delete /var/tmp so that it can similinked in -rm -rf /var/tmp -systemctl enable tmp.mount - -# Disable automount of /dev/hugepages -systemctl mask dev-hugepages.mount - -# Disable firewall -systemctl disable firewalld - -# Disable libvirtd -systemctl disable libvirtd.service - -# Enable rsyncd -systemctl enable rsyncd.service - -# Allow root to run sudo from a non-tty (for scripts running as root that run sudo cmds) -echo 'Defaults:root !requiretty' > /etc/sudoers.d/root - -# Make fstab just root read/writable -chmod 600 /etc/fstab - -# Create first_boot flag -touch /etc/platform/.first_boot - -%end - -# Template from: post_kernel_controller.cfg -%post --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -## Custom kernel options -KERN_OPTS=" intel_iommu=off usbcore.autosuspend=-1" - -## Setup the loop module to support up to 15 partitions so that we can enable the -## customer to manually resize images if needed. -## -KERN_OPTS="${KERN_OPTS} loop.max_part=15" - -## Add kernel options to ensure an selinux is disabled -KERN_OPTS="${KERN_OPTS} selinux=0 enforcing=0" - -# Add kernel options to ensure NMI watchdog is enabled, if supported -KERN_OPTS="${KERN_OPTS} nmi_watchdog=panic,1 softlockup_panic=1" - -# Add kernel option to disable biosdevname if enabled -# As this may already be in GRUB_CMDLINE_LINUX, only add if it is not already present -grep -q '^GRUB_CMDLINE_LINUX=.*biosdevname=0' /etc/default/grub -if [ $? -ne 0 ]; then - KERN_OPTS="${KERN_OPTS} biosdevname=0" -fi - -# k8s updates -#KERN_OPTS="${KERN_OPTS} cgroup_disable=memory" -KERN_OPTS="${KERN_OPTS} user_namespace.enable=1" - -# If the installer asked us to use security related kernel params, use -# them in the grub line as well (until they can be configured via puppet) -grep -q 'nopti' /proc/cmdline -if [ $? -eq 0 ]; then - KERN_OPTS="${KERN_OPTS} nopti" -fi -grep -q 'nospectre_v2' /proc/cmdline -if [ $? -eq 0 ]; then - KERN_OPTS="${KERN_OPTS} nospectre_v2" -fi - -perl -pi -e 's/(GRUB_CMDLINE_LINUX=.*)\"/\1'"$KERN_OPTS"'\"/g' /etc/default/grub - -if [ -d /sys/firmware/efi ] ; then - grub2-mkconfig -o /boot/efi/EFI/centos/grub.cfg -else - grub2-mkconfig -o /boot/grub2/grub.cfg -fi - -%end - - -# Template from: post_lvm_pv_on_rootfs.cfg -%post --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -# uncomment the global_filter line in lvm.conf -perl -0777 -i.bak -pe 's:(# This configuration option has an automatic default value\.\n)\t# global_filter:$1 global_filter:m' /etc/lvm/lvm.conf - -# Determine which disk we created our PV on (i.e. the root disk) -ROOTDISK=$(get_by_path $(pvdisplay --select 'vg_name=cgts-vg' -C -o pv_name --noheadings)) -if [ -z "$ROOTDISK" ]; then - report_post_failure_with_msg "ERROR: failed to identify rootdisk via pvdisplay" -fi -# Edit the LVM config so LVM only looks for LVs on the root disk -sed -i "s#^\( *\)global_filter = \[.*#\1global_filter = [ \"a|${ROOTDISK}|\", \"r|.*|\" ]#" /etc/lvm/lvm.conf -%end - - -# Template from: post_usb_controller.cfg -%pre --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -if [ -d /mnt/install/source ]; then - srcdir=/mnt/install/source -else - srcdir=/run/install/repo -fi - -touch /tmp/repo-include - -if [ -d ${srcdir}/patches ]; then - echo "repo --name=updates --baseurl=file://${srcdir}/patches/" > /tmp/repo-include -fi - -%end - -# Repository arguments from %pre -%include /tmp/repo-include - -%post --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -mgmt_dev=none - -# Persist the boot device to the platform configuration. This will get -# overwritten when config_controller is run. -echo management_interface=$mgmt_dev >> /etc/platform/platform.conf - -# persist the default http port number to platform configuration. This -# will get overwritten when config_controller is run. -echo http_port=8080 >> /etc/platform/platform.conf - -# Build networking scripts -cat << EOF > /etc/sysconfig/network-scripts/ifcfg-lo -DEVICE=lo -IPADDR=127.0.0.1 -NETMASK=255.0.0.0 -NETWORK=127.0.0.0 -BROADCAST=127.255.255.255 -ONBOOT=yes -IPV6_AUTOCONF=no -NAME=loopback -EOF - -%end - - -# Note, this section is different and replaced with a wget -# if doing the initial install off the network -%post --nochroot -if [ -d /mnt/install/source ]; then - srcdir=/mnt/install/source -else - srcdir=/run/install/repo -fi - -if [ -d $srcdir/Packages ] ; then - mkdir -p /mnt/sysimage/www/pages/feed/rel-19.12 - cp -r $srcdir/Packages /mnt/sysimage/www/pages/feed/rel-19.12/Packages - cp -r $srcdir/repodata /mnt/sysimage/www/pages/feed/rel-19.12/repodata - cp $srcdir/*.cfg /mnt/sysimage/www/pages/feed/rel-19.12 -fi - -if [ -d $srcdir/patches ]; then - mkdir -p /mnt/sysimage/www/pages/updates/rel-19.12 - cp -r $srcdir/patches/Packages /mnt/sysimage/www/pages/updates/rel-19.12/Packages - cp -r $srcdir/patches/repodata /mnt/sysimage/www/pages/updates/rel-19.12/repodata - mkdir -p /mnt/sysimage/opt/patching - cp -r $srcdir/patches/metadata /mnt/sysimage/opt/patching/metadata - mkdir -p /mnt/sysimage/opt/patching/packages/19.12 - - find /mnt/sysimage/www/pages/updates/rel-19.12/Packages -name '*.rpm' \ - | xargs --no-run-if-empty -I files cp --preserve=all files /mnt/sysimage/opt/patching/packages/19.12/ -fi - -# Create a uuid specific to this installation -INSTALL_UUID=`uuidgen` -echo $INSTALL_UUID > /mnt/sysimage/www/pages/feed/rel-19.12/install_uuid -echo "INSTALL_UUID=$INSTALL_UUID" >> /mnt/sysimage/etc/platform/platform.conf -%end - -%post - -# This is a USB install, so set ONBOOT=yes for network devices. -# Doing this in the %post so we don't unintentionally setup a -# network device during the installation. -for f in /etc/sysconfig/network-scripts/ifcfg-*; do - if grep -q '^ONBOOT=' ${f}; then - sed -i 's/^ONBOOT=.*/ONBOOT=yes/' ${f} - else - echo "ONBOOT=yes" >> ${f} - fi - if grep -q '^IPV6_AUTOCONF=' ${f}; then - sed -i 's/^IPV6_AUTOCONF=.*/IPV6_AUTOCONF=no/' ${f} - else - echo "IPV6_AUTOCONF=no" >> ${f} - fi -done - -%end - - -# Template from: post_usb_addon.cfg -%pre --erroronfail -if [ -d /mnt/install/source ]; then - srcdir=/mnt/install/source -else - srcdir=/run/install/repo -fi - -if [ -f ${srcdir}/ks-addon.cfg ]; then - cp ${srcdir}/ks-addon.cfg /tmp/ -else - cat < /tmp/ks-addon.cfg -# No custom addon included -EOF -fi -%end - -%post --nochroot -if [ -d /mnt/install/source ]; then - srcdir=/mnt/install/source -else - srcdir=/run/install/repo -fi - -# Store the ks-addon.cfg for debugging -mkdir -p /mnt/sysimage/var/log/anaconda -cp /tmp/ks-addon.cfg /mnt/sysimage/var/log/anaconda/ -%end - -%post --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -%include /tmp/ks-addon.cfg - -%end diff --git a/meta-stx/conf/distro/files/ks/net_controller_ks.cfg b/meta-stx/conf/distro/files/ks/net_controller_ks.cfg deleted file mode 100644 index c51c2b0..0000000 --- a/meta-stx/conf/distro/files/ks/net_controller_ks.cfg +++ /dev/null @@ -1,937 +0,0 @@ -# -# Copyright (c) 2019 Wind River Systems, Inc. -# SPDX-License-Identifier: Apache-2.0 -# - -%pre -# This file defines functions that can be used in %pre and %post kickstart sections, by including: -# . /tmp/ks-functions.sh -# - -cat </tmp/ks-functions.sh -# -# Copyright (c) 2019 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# - -function get_by_path() -{ - local disk=\$(cd /dev ; readlink -f \$1) - for p in /dev/disk/by-path/*; do - if [ "\$disk" = "\$(readlink -f \$p)" ]; then - echo \$p - return - fi - done -} - -function get_disk() -{ - echo \$(cd /dev ; readlink -f \$1) -} - -function report_pre_failure_with_msg() -{ - local msg=\$1 - echo -e '\n\nInstallation failed.\n' - echo "\$msg" - - exit 1 -} - -function report_post_failure_with_msg() -{ - local msg=\$1 - cat <> /etc/motd - -Installation failed. -\$msg - -EOF - echo "\$msg" >/etc/platform/installation_failed - - echo -e '\n\nInstallation failed.\n' - echo "\$msg" - - exit 1 -} - -function report_post_failure_with_logfile() -{ - local logfile=\$1 - cat <> /etc/motd - -Installation failed. -Please see \$logfile for details of failure - -EOF - echo \$logfile >/etc/platform/installation_failed - - echo -e '\n\nInstallation failed.\n' - cat \$logfile - - exit 1 -} - -function get_http_port() -{ - echo \$(cat /proc/cmdline |xargs -n1 echo |grep '^inst.repo=' | sed -r 's#^[^/]*://[^/]*:([0-9]*)/.*#\1#') -} - -END_FUNCTIONS - -%end - -%post -# This file defines functions that can be used in %pre and %post kickstart sections, by including: -# . /tmp/ks-functions.sh -# - -cat </tmp/ks-functions.sh -# -# Copyright (c) 2019 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# - -function get_by_path() -{ - local disk=\$(cd /dev ; readlink -f \$1) - for p in /dev/disk/by-path/*; do - if [ "\$disk" = "\$(readlink -f \$p)" ]; then - echo \$p - return - fi - done -} - -function get_disk() -{ - echo \$(cd /dev ; readlink -f \$1) -} - -function report_pre_failure_with_msg() -{ - local msg=\$1 - echo -e '\n\nInstallation failed.\n' - echo "\$msg" - - exit 1 -} - -function report_post_failure_with_msg() -{ - local msg=\$1 - cat <> /etc/motd - -Installation failed. -\$msg - -EOF - echo "\$msg" >/etc/platform/installation_failed - - echo -e '\n\nInstallation failed.\n' - echo "\$msg" - - exit 1 -} - -function report_post_failure_with_logfile() -{ - local logfile=\$1 - cat <> /etc/motd - -Installation failed. -Please see \$logfile for details of failure - -EOF - echo \$logfile >/etc/platform/installation_failed - - echo -e '\n\nInstallation failed.\n' - cat \$logfile - - exit 1 -} - -function get_http_port() -{ - echo \$(cat /proc/cmdline |xargs -n1 echo |grep '^inst.repo=' | sed -r 's#^[^/]*://[^/]*:([0-9]*)/.*#\1#') -} - -END_FUNCTIONS - -%end - - -# Template from: pre_common_head.cfg -%pre --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -# First, parse /proc/cmdline to find the boot args -set -- `cat /proc/cmdline` -for I in $*; do case "$I" in *=*) eval $I 2>/dev/null;; esac; done - -append= -if [ -n "$console" ] ; then - append="console=$console" -fi - -if [ -n "$security_profile" ]; then - append="$append security_profile=$security_profile" -fi - -#### SECURITY PROFILE HANDLING (Pre Installation) #### -if [ -n "$security_profile" ] && [ "$security_profile" == "extended" ]; then - # IMA specific boot options: - # Enable Kernel auditing - append="$append audit=1" -else - # we need to blacklist the IMA and Integrity Modules - # on standard security profile - append="$append module_blacklist=integrity,ima" - - # Disable Kernel auditing in Standard Security Profile mode - append="$append audit=0" -fi - -if [ -n "$tboot" ]; then - append="$append tboot=$tboot" -else - append="$append tboot=false" -fi - -boot_device_arg= -if [ -n "$boot_device" ] ; then - boot_device_arg="--boot-drive=$(get_by_path $boot_device)" -fi - -echo "bootloader --location=mbr $boot_device_arg --timeout=5 --append=\"$append\"" > /tmp/bootloader-include - -echo "timezone --nontp --utc UTC" >/tmp/timezone-include -%end - -#version=DEVEL -install -lang en_US.UTF-8 -keyboard us -%include /tmp/timezone-include -# set to 'x' so we can use shadow password -rootpw --iscrypted x -selinux --disabled -authconfig --enableshadow --passalgo=sha512 -firewall --service=ssh - -# The following is the partition information you requested -# Note that any partitions you deleted are not expressed -# here so unless you clear all partitions first, this is -# not guaranteed to work -zerombr - -# Disk layout from %pre -%include /tmp/part-include -# Bootloader parms from %pre -%include /tmp/bootloader-include - -reboot --eject - - -# Template from: pre_net_common.cfg -%pre - -# Setup ntp.conf and sync time -cat </etc/ntp_kickstart.conf -server pxecontroller -EOF - -/usr/sbin/ntpd -g -q -n -c /etc/ntp_kickstart.conf -if [ $? -eq 0 ]; then - /sbin/hwclock --systohc --utc -fi - -%end - - -# Template from: pre_pkglist.cfg -%packages -@core -@base --kernel-module-igb-uio-rt --kernel-module-wrs-avp-rt --kernel-rt --kernel-rt-kvm --kernel-rt-tools --kernel-rt-tools-libs --kmod-drbd-rt --kmod-e1000e-rt --kmod-i40e-rt --kmod-ixgbe-rt --kmod-tpm-rt --mlnx-ofa_kernel --mlnx-ofa_kernel-rt --mlnx-ofa_kernel-rt-modules --qat16-rt -@platform-controller -@updates-controller -%end - - -# Template from: pre_disk_setup_common.cfg -%pre --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -# This is a really fancy way of finding the first usable disk for the -# install and not stomping on the USB device if it comes up first - -# First, parse /proc/cmdline to find the boot args -set -- `cat /proc/cmdline` -for I in $*; do case "$I" in *=*) eval $I 2>/dev/null;; esac; done - -# Find either the ISO or USB device first chopping off partition -ISO_DEV=`readlink /dev/disk/by-label/oe_iso_boot` -sdev=`echo $ISO_DEV | sed -e 's/.$//'` -if [ -e /dev/disk/by-label/$sdev ] ; then - ISO_DEV=$sdev -fi -USB_DEV=`readlink /dev/disk/by-label/wr_usb_boot` -sdev=`echo $USB_DEV | sed -e 's/.$//'` -if [ -e /dev/disk/by-label/$sdev ] ; then - USB_DEV=$sdev -fi - -# Temporary, until lab pxelinux.cfg files are updated to specify install devices -if [ -z "$rootfs_device" -o -z "$boot_device" ] -then - INST_HDD="" - # Prefer a vd* device if this is kvm/qemu - for e in vda vdb sda sdb nvme0n1; do - if [ -e /dev/$e -a "$ISO_DEV" != "../../$e" -a "$USB_DEV" != "../../$e" ] ; then - INST_HDD=$e - break - fi - done - - # Set variables to $INST_HDD if not set - rootfs_device=${rootfs_device:-$INST_HDD} - boot_device=${boot_device:-$INST_HDD} -fi - -# Convert to by-path -orig_rootfs_device=$rootfs_device -rootfs_device=$(get_by_path $rootfs_device) - -orig_boot_device=$boot_device -boot_device=$(get_by_path $boot_device) - -if [ ! -e "$rootfs_device" -o ! -e "$boot_device" ] ; then - # Touch this file to prevent Anaconda from dying an ungraceful death - touch /tmp/part-include - - report_pre_failure_with_msg "ERROR: Specified installation ($orig_rootfs_device) or boot ($orig_boot_device) device is invalid." -fi - -# Ensure specified device is not a USB drive -udevadm info --query=property --name=$rootfs_device |grep -q '^ID_BUS=usb' || \ - udevadm info --query=property --name=$boot_device |grep -q '^ID_BUS=usb' -if [ $? -eq 0 ]; then - # Touch this file to prevent Anaconda from dying an ungraceful death - touch /tmp/part-include - - report_pre_failure_with_msg "ERROR: Specified installation ($orig_rootfs_device) or boot ($orig_boot_device) device is a USB drive." -fi - -# Deactivate existing volume groups to avoid Anaconda issues with pre-existing groups -vgs --noheadings -o vg_name | xargs --no-run-if-empty -n 1 vgchange -an - -# Remove volumes and group for cgts-vg, if any -lvremove --force cgts-vg -pvs --select 'vg_name=cgts-vg' --noheadings -o pv_name | xargs --no-run-if-empty pvremove --force --force --yes -vgs --select 'vg_name=cgts-vg' --noheadings -o vg_name | xargs --no-run-if-empty vgremove --force - -ONLYUSE_HDD="" -if [ "$(curl -sf http://pxecontroller:6385/v1/upgrade/$(hostname)/in_upgrade 2>/dev/null)" = "true" ]; then - # In an upgrade, only wipe the disk with the rootfs and boot partition - echo "In upgrade, wiping only $rootfs_device" - WIPE_HDD="$(get_disk $rootfs_device)" - ONLYUSE_HDD="$(basename $(get_disk $rootfs_device))" - if [ "$(get_disk $rootfs_device)" != "$(get_disk $boot_device)" ]; then - WIPE_HDD="$WIPE_HDD,$(get_disk $boot_device)" - ONLYUSE_HDD="$ONLYUSE_HDD,$(basename $(get_disk $boot_device))" - fi -else - # Make a list of all the hard drives that are to be wiped - WIPE_HDD="" - # Partition type OSD has a unique globally identifier - part_type_guid_str="Partition GUID code" - CEPH_OSD_GUID="4FBD7E29-9D25-41B8-AFD0-062C0CEFF05D" - - # Check if we wipe OSDs - if [ "$(curl -sf http://pxecontroller:6385/v1/ihosts/wipe_osds 2>/dev/null)" = "true" ]; then - echo "Wipe OSD data." - WIPE_CEPH_OSDS="true" - else - echo "Skip Ceph OSD data wipe." - WIPE_CEPH_OSDS="false" - fi - - for f in /dev/disk/by-path/* - do - dev=$(readlink -f $f) - lsblk --nodeps --pairs $dev | grep -q 'TYPE="disk"' - if [ $? -ne 0 ] - then - continue - fi - - # Avoid wiping USB drives - udevadm info --query=property --name=$dev |grep -q '^ID_BUS=usb' && continue - - # Avoid wiping ceph osds if sysinv tells us so - if [ ${WIPE_CEPH_OSDS} == "false" ]; then - wipe_dev="true" - part_numbers=( `parted -s $dev print | awk '$1 == "Number" {i=1; next}; i {print $1}'` ) - # Scanning the partitions looking for CEPH OSDs and - # skipping any disk found with such partitions - for part_number in "${part_numbers[@]}"; do - sgdisk_part_info=$(flock $dev sgdisk -i $part_number $dev) - part_type_guid=$(echo "$sgdisk_part_info" | grep "$part_type_guid_str" | awk '{print $4;}') - if [ "$part_type_guid" == $CEPH_OSD_GUID ]; then - echo "OSD found on $dev, skipping wipe" - wipe_dev="false" - break - fi - done - if [ "$wipe_dev" == "false" ]; then - continue - fi - fi - - # Add device to the wipe list - devname=$(basename $dev) - if [ -e $dev -a "$ISO_DEV" != "../../$devname" -a "$USB_DEV" != "../../$devname" ]; then - if [ -n "$WIPE_HDD" ]; then - WIPE_HDD=$WIPE_HDD,$dev - else - WIPE_HDD=$dev - fi - fi - done - echo "Not in upgrade, wiping disks: $WIPE_HDD" -fi - -for dev in ${WIPE_HDD//,/ } -do - # Clearing previous GPT tables or LVM data - # Delete the first few bytes at the start and end of the partition. This is required with - # GPT partitions, they save partition info at the start and the end of the block. - # Do this for each partition on the disk, as well. - partitions=$(lsblk -rip $dev -o TYPE,NAME |awk '$1 == "part" {print $2}') - for p in $partitions $dev - do - echo "Pre-wiping $p from kickstart" - dd if=/dev/zero of=$p bs=512 count=34 - dd if=/dev/zero of=$p bs=512 count=34 seek=$((`blockdev --getsz $p` - 34)) - done -done - -# Check for remaining cgts-vg PVs, which could potentially happen -# in an upgrade where we're not wiping all disks. -# If we ever create other volume groups from kickstart in the future, -# include them in this search as well. -partitions=$(pvs --select 'vg_name=cgts-vg' -o pv_name --noheading | grep -v '\[unknown\]') -for p in $partitions -do - echo "Pre-wiping $p from kickstart (cgts-vg present)" - dd if=/dev/zero of=$p bs=512 count=34 - dd if=/dev/zero of=$p bs=512 count=34 seek=$((`blockdev --getsz $p` - 34)) -done - -let -i gb=1024*1024*1024 - -cat</tmp/part-include -clearpart --all --drives=$WIPE_HDD --initlabel -EOF - -if [ -n "$ONLYUSE_HDD" ]; then - cat<>/tmp/part-include -ignoredisk --only-use=$ONLYUSE_HDD -EOF -fi - -if [ -d /sys/firmware/efi ] ; then - cat<>/tmp/part-include -part /boot/efi --fstype=efi --size=300 --ondrive=$(get_disk $boot_device) -EOF -else - cat<>/tmp/part-include -part biosboot --asprimary --fstype=biosboot --size=1 --ondrive=$(get_disk $boot_device) -EOF -fi - - -# Template from: pre_disk_controller.cfg - -## NOTE: updates to partition sizes need to be also reflected in -## _controller_filesystem_limits() in sysinv/api/controllers/v1/istorconfig.py - -ROOTFS_SIZE=20000 -LOG_VOL_SIZE=8000 -SCRATCH_VOL_SIZE=8000 - -ROOTFS_OPTIONS="defaults" -profile_mode=`cat /proc/cmdline |xargs -n1 echo |grep security_profile= | grep extended` -if [ -n "$profile_mode" ]; then - # Enable iversion labelling for rootfs when IMA is enabled - ROOTFS_OPTIONS="${ROOTFS_OPTIONS},iversion" -fi - -cat<>/tmp/part-include -part /boot --fstype=ext4 --asprimary --size=500 --ondrive=$(get_disk $rootfs_device) --fsoptions="$ROOTFS_OPTIONS" -part pv.253004 --grow --asprimary --size=500 --ondrive=$(get_disk $rootfs_device) -volgroup cgts-vg --pesize=32768 pv.253004 -logvol /var/log --fstype=ext4 --vgname=cgts-vg --size=$LOG_VOL_SIZE --name=log-lv -logvol /scratch --fstype=ext4 --vgname=cgts-vg --size=$SCRATCH_VOL_SIZE --name=scratch-lv -part / --fstype=ext4 --asprimary --size=$ROOTFS_SIZE --ondrive=$(get_disk $rootfs_device) --fsoptions="$ROOTFS_OPTIONS" - -EOF - -%end - - -# Template from: post_platform_conf_controller.cfg -%post --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -# Set the security profile mode -secprofile="standard" -profile_mode=`cat /proc/cmdline |xargs -n1 echo |grep security_profile= | grep extended` -if [ -n "$profile_mode" ]; then - secprofile="extended" -fi - -mkdir -p -m 0775 /etc/platform -cat < /etc/platform/platform.conf -nodetype=controller -subfunction=controller -system_type=Standard -security_profile=$secprofile -EOF - -%end - - -# Template from: post_common.cfg -%post --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -# Turn off locale support for i18n if is not installed -if [ ! -d /usr/share/i18n ] ; then - rm -f /etc/sysconfig/i18n -fi -# Unset the hostname -rm /etc/hostname - -# If using a serial install make sure to add a getty on the tty1 -conarg=`cat /proc/cmdline |xargs -n1 echo |grep console= |grep ttyS` -if [ -n "$conarg" ] ; then - echo "1:2345:respawn:/sbin/mingetty tty1" >> /etc/inittab -fi - -#### SECURITY PROFILE HANDLING (Post Installation) #### -# Check if the Security profile mode is enabled -# and load the appropriate kernel modules -secprofile=`cat /proc/cmdline |xargs -n1 echo |grep security_profile= | grep extended` -if [ -n "$secprofile" ]; then - echo "In Extended Security profile mode. Loading IMA kernel module" - systemctl enable auditd.service - # Add the securityfs mount for the IMA Runtime measurement list - echo "securityfs /sys/kernel/security securityfs defaults,nodev 0 0" >> /etc/fstab -else - # Disable audit daemon in the Standard Security Profile - systemctl disable auditd -fi - -. /etc/platform/platform.conf -# Configure smart package manager channels -rm -rf /var/lib/smart -mkdir /var/lib/smart -/usr/bin/smart channel -y \ - --add rpmdb type=rpm-sys name="RPM Database" -/usr/bin/smart channel -y \ - --add base type=rpm-md name="Base" baseurl=http://controller:${http_port:-8080}/feed/rel-19.12 -/usr/bin/smart channel -y \ - --add updates type=rpm-md name="Patches" baseurl=http://controller:${http_port:-8080}/updates/rel-19.12 - -# Configure smart to use rpm --nolinktos option -/usr/bin/smart config --set rpm-nolinktos=true - -# Configure smart to use rpm --nosignature option -/usr/bin/smart config --set rpm-check-signatures=false - -# Delete the CentOS yum repo files -rm -f /etc/yum.repos.d/CentOS-* - -# Persist the boot device naming as UDEV rules so that if the network device -# order changes post-install that we will still be able to DHCP from the -# correct interface to reach the active controller. For most nodes only the -# management/boot interface needs to be persisted but because we require both -# controllers to be identically configured and controller-0 and controller-1 -# are installed differently (e.g., controller-0 from USB and controller-1 from -# network) it is not possible to know which interface to persist for -# controller-0. The simplest solution is to persist all interfaces. -# -mkdir -p /etc/udev/rules.d -echo "# Persisted network interfaces from anaconda installer" > /etc/udev/rules.d/70-persistent-net.rules -for dir in /sys/class/net/*; do - if [ -e ${dir}/device ]; then - dev=$(basename ${dir}) - mac_address=$(cat /sys/class/net/${dev}/address) - echo "ACTION==\"add\", SUBSYSTEM==\"net\", DRIVERS==\"?*\", ATTR{address}==\"${mac_address}\", NAME=\"${dev}\"" >> /etc/udev/rules.d/70-persistent-net.rules - fi -done - -# Mark the sysadmin password as expired immediately -chage -d 0 sysadmin - -# Lock the root password -passwd -l root - -# Enable tmpfs mount for /tmp -# delete /var/tmp so that it can similinked in -rm -rf /var/tmp -systemctl enable tmp.mount - -# Disable automount of /dev/hugepages -systemctl mask dev-hugepages.mount - -# Disable firewall -systemctl disable firewalld - -# Disable libvirtd -systemctl disable libvirtd.service - -# Enable rsyncd -systemctl enable rsyncd.service - -# Allow root to run sudo from a non-tty (for scripts running as root that run sudo cmds) -echo 'Defaults:root !requiretty' > /etc/sudoers.d/root - -# Make fstab just root read/writable -chmod 600 /etc/fstab - -# Create first_boot flag -touch /etc/platform/.first_boot - -%end - -# Template from: post_kernel_controller.cfg -%post --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -## Custom kernel options -KERN_OPTS=" intel_iommu=off usbcore.autosuspend=-1" - -## Setup the loop module to support up to 15 partitions so that we can enable the -## customer to manually resize images if needed. -## -KERN_OPTS="${KERN_OPTS} loop.max_part=15" - -## Add kernel options to ensure an selinux is disabled -KERN_OPTS="${KERN_OPTS} selinux=0 enforcing=0" - -# Add kernel options to ensure NMI watchdog is enabled, if supported -KERN_OPTS="${KERN_OPTS} nmi_watchdog=panic,1 softlockup_panic=1" - -# Add kernel option to disable biosdevname if enabled -# As this may already be in GRUB_CMDLINE_LINUX, only add if it is not already present -grep -q '^GRUB_CMDLINE_LINUX=.*biosdevname=0' /etc/default/grub -if [ $? -ne 0 ]; then - KERN_OPTS="${KERN_OPTS} biosdevname=0" -fi - -# k8s updates -#KERN_OPTS="${KERN_OPTS} cgroup_disable=memory" -KERN_OPTS="${KERN_OPTS} user_namespace.enable=1" - -# If the installer asked us to use security related kernel params, use -# them in the grub line as well (until they can be configured via puppet) -grep -q 'nopti' /proc/cmdline -if [ $? -eq 0 ]; then - KERN_OPTS="${KERN_OPTS} nopti" -fi -grep -q 'nospectre_v2' /proc/cmdline -if [ $? -eq 0 ]; then - KERN_OPTS="${KERN_OPTS} nospectre_v2" -fi - -perl -pi -e 's/(GRUB_CMDLINE_LINUX=.*)\"/\1'"$KERN_OPTS"'\"/g' /etc/default/grub - -if [ -d /sys/firmware/efi ] ; then - grub2-mkconfig -o /boot/efi/EFI/centos/grub.cfg -else - grub2-mkconfig -o /boot/grub2/grub.cfg -fi - -%end - - -# Template from: post_lvm_pv_on_rootfs.cfg -%post --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -# uncomment the global_filter line in lvm.conf -perl -0777 -i.bak -pe 's:(# This configuration option has an automatic default value\.\n)\t# global_filter:$1 global_filter:m' /etc/lvm/lvm.conf - -# Determine which disk we created our PV on (i.e. the root disk) -ROOTDISK=$(get_by_path $(pvdisplay --select 'vg_name=cgts-vg' -C -o pv_name --noheadings)) -if [ -z "$ROOTDISK" ]; then - report_post_failure_with_msg "ERROR: failed to identify rootdisk via pvdisplay" -fi -# Edit the LVM config so LVM only looks for LVs on the root disk -sed -i "s#^\( *\)global_filter = \[.*#\1global_filter = [ \"a|${ROOTDISK}|\", \"r|.*|\" ]#" /etc/lvm/lvm.conf -%end - - -# Template from: post_net_controller.cfg -%post --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -http_port=$(get_http_port) -# Retrieve the installation uuid from the controller we booted from -INSTALL_UUID=`curl -sf http://pxecontroller:${http_port:-8080}/feed/rel-19.12/install_uuid` -if [ $? -ne 0 ] -then - INSTALL_UUID=unknown -fi - -grep -q INSTALL_UUID /etc/platform/platform.conf -if [ $? -ne 0 ]; then - echo "INSTALL_UUID=$INSTALL_UUID" >> /etc/platform/platform.conf -fi - -cd /www/pages -# Sync software repository -feed_url=http://pxecontroller:${http_port:-8080}/feed/ -anaconda_logdir=/var/log/anaconda -mkdir -p $anaconda_logdir - -echo "Mirroring software repository (may take several minutes)..." >/dev/console -wget --recursive --no-parent --no-host-directories --no-clobber --reject 'index.html*' --reject '*.log' $feed_url/ -o $anaconda_logdir/wget-feed-mirror.log \ - || report_post_failure_with_logfile $anaconda_logdir/wget-feed-mirror.log - -# Sync patching repository -updates_url=http://pxecontroller:${http_port:-8080}/updates/ -wget --mirror --no-parent --no-host-directories --reject 'index.html*' --reject '*.log' $updates_url/ -o $anaconda_logdir/wget-updates-mirror.log \ - || report_post_failure_with_logfile $anaconda_logdir/wget-updates-mirror.log -echo "Done" >/dev/console - -shopt -s nullglob - -# Check whether a second release is installed -. /etc/build.info -CURRENT_REL_DIR=rel-${SW_VERSION} -OTHER_REL_DIR= -for REL_DIR in /www/pages/feed/*; do - if [[ ! $REL_DIR =~ "${SW_VERSION}" ]]; then - OTHER_REL_DIR=`basename $REL_DIR` - OTHER_REL_VERSION=${OTHER_REL_DIR:4} - break - fi -done - -# If second release is installed, find the latest version of the installer -# RPM and install the pxeboot files we require to boot hosts with that release. -if [ ! -z "$OTHER_REL_DIR" ]; then - PATCH_RPM=`find /www/pages/updates/${OTHER_REL_DIR}/Packages -name 'pxe-network-installer*' | sort -V | tail -1` - BASE_RPM=`find /www/pages/feed/${OTHER_REL_DIR}/Packages -name 'pxe-network-installer*' | sort -V | tail -1` - - if [ ! -z "$PATCH_RPM" ]; then - INSTALL_RPM=$PATCH_RPM - elif [ ! -z "$BASE_RPM" ]; then - INSTALL_RPM=$BASE_RPM - else - report_post_failure_with_msg "ERROR: Unable to find pxe-network-installer RPM for $OTHER_REL_DIR. Aborting installation." - fi - - echo "Installing pxeboot files for release $OTHER_REL_DIR from $INSTALL_RPM" >/dev/console - TMP_RPM=/tmp/pxe-network-installer - mkdir $TMP_RPM - pushd $TMP_RPM - /usr/bin/rpm2cpio $INSTALL_RPM | cpio -idm \ - || report_post_failure_with_msg "Failed to extract pxe-network-installer" - - cp -r $TMP_RPM/usr / \ - || report_post_failure_with_msg "Failed to copy pxe-network-installer /usr" - cp -r $TMP_RPM/pxeboot/$OTHER_REL_DIR /pxeboot/ \ - || report_post_failure_with_msg "Failed to copy pxe-network-installer /pxeboot/$OTHER_REL_DIR" - cp $TMP_RPM/pxeboot/pxelinux.cfg.files/*-$OTHER_REL_VERSION /pxeboot/pxelinux.cfg.files/ \ - || report_post_failure_with_msg "Failed to copy pxe-network-installer pxelinux.cfg files" - - rm -rf $TMP_RPM -fi - -%end - -# Template from: post_net_common.cfg -%pre --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -http_port=$(get_http_port) -echo "repo --name=base --baseurl=http://pxecontroller:${http_port:-8080}/feed/rel-19.12/" > /tmp/repo-include -echo "repo --name=updates --baseurl=http://pxecontroller:${http_port:-8080}/updates/rel-19.12/" > /tmp/repo-include - -%end - -# Repository arguments from %pre -%include /tmp/repo-include - - -%post --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -# Persist the http port to the platform configuration -echo http_port=$(get_http_port) >> /etc/platform/platform.conf - -# Obtain the boot interface from the PXE boot -BOOTIF=`cat /proc/cmdline |xargs -n1 echo |grep BOOTIF=` -if [ -d /sys/firmware/efi ] ; then - BOOTIF=${BOOTIF#BOOTIF=} -else - BOOTIF=${BOOTIF#BOOTIF=01-} - BOOTIF=${BOOTIF//-/:} -fi - -mgmt_dev=none -mgmt_vlan=0 -if [ -n "$BOOTIF" ] ; then - ndev=`ip link show |grep -B 1 $BOOTIF |head -1 |awk '{print $2}' |sed -e 's/://'` - if [ -n "$ndev" ] ; then - mgmt_dev=$ndev - # Retrieve the management VLAN from sysinv if it exists - mgmt_vlan=`curl -sf http://pxecontroller:6385/v1/isystems/mgmtvlan` - if [ $? -ne 0 ] - then - report_post_failure_with_msg "ERROR: Unable to communicate with System Inventory REST API. Aborting installation." - fi - else - report_post_failure_with_msg "ERROR: Unable to determine mgmt interface from BOOTIF=$BOOTIF." - fi -else - report_post_failure_with_msg "ERROR: BOOTIF is not set. Unable to determine mgmt interface." -fi - -if [ $mgmt_vlan -eq 0 ] ; then - - # Persist the boot device to the platform configuration. This will get - # overwritten later if the management_interface is on a bonded interface. - echo management_interface=$mgmt_dev >> /etc/platform/platform.conf - - # Build networking scripts - cat << EOF > /etc/sysconfig/network-scripts/ifcfg-lo -DEVICE=lo -IPADDR=127.0.0.1 -NETMASK=255.0.0.0 -NETWORK=127.0.0.0 -BROADCAST=127.255.255.255 -ONBOOT=yes -IPV6_AUTOCONF=no -NAME=loopback -EOF - - cat << EOF > /etc/sysconfig/network-scripts/ifcfg-$mgmt_dev -DEVICE=$mgmt_dev -BOOTPROTO=dhcp -ONBOOT=yes -IPV6_AUTOCONF=no -LINKDELAY=20 -EOF - -else - - # Check whether to use inet or inet6 - ipv6_addr=$(dig +short AAAA controller) - if [[ -n "$ipv6_addr" ]] - then - mgmt_address_family=inet6 - ipv6init=yes - dhcpv6c=yes - dhclientargs=-1 - else - mgmt_address_family=inet - ipv6init=no - dhcpv6c=no - dhclientargs= - fi - - # Persist the boot device to the platform configuration. This will get - # overwritten later if the management_interface is on a bonded interface. - echo management_interface=vlan$mgmt_vlan >> /etc/platform/platform.conf - - # Build networking scripts - cat << EOF > /etc/sysconfig/network-scripts/ifcfg-lo -DEVICE=lo -IPADDR=127.0.0.1 -NETMASK=255.0.0.0 -NETWORK=127.0.0.0 -BROADCAST=127.255.255.255 -ONBOOT=yes -IPV6_AUTOCONF=no -NAME=loopback -EOF - - cat << EOF > /etc/sysconfig/network-scripts/ifcfg-$mgmt_dev -DEVICE=$mgmt_dev -BOOTPROTO=none -ONBOOT=yes -IPV6_AUTOCONF=no -LINKDELAY=20 -EOF - - cat << EOF > /etc/sysconfig/network-scripts/ifcfg-vlan$mgmt_vlan -DEVICE=vlan$mgmt_vlan -BOOTPROTO=dhcp -DHCLIENTARGS=$dhclientargs -IPV6INIT=$ipv6init -DHCPV6C=$dhcpv6c -ONBOOT=yes -IPV6_AUTOCONF=no -PHYSDEV=$mgmt_dev -VLAN=yes -LINKDELAY=20 -EOF - - # Reject DHCPOFFER from DHCP server that doesn't send - # wrs-install-uuid option - echo "require wrs-install-uuid;" >>/etc/dhcp/dhclient.conf - echo "require dhcp6.wrs-install-uuid;" >>/etc/dhcp/dhclient.conf - - # Bring up the mgmt vlan so that a dhcp lease is acquired and an address is - # setup prior to the post-install reboot. This is so that the timing of the IP - # address allocation is similar to how normal/non-pxe installation works. - mgmt_iface=vlan$mgmt_vlan - dhclient_family=$([[ $mgmt_address_family == "inet" ]] && echo -4 || echo -6) - ip link add link $mgmt_dev name $mgmt_iface type vlan id $mgmt_vlan - ip link set up dev $mgmt_iface - dhclient $dhclient_family $mgmt_iface || true - -fi - -%end diff --git a/meta-stx/conf/distro/files/ks/net_smallsystem_ks.cfg b/meta-stx/conf/distro/files/ks/net_smallsystem_ks.cfg deleted file mode 100644 index 1b425b0..0000000 --- a/meta-stx/conf/distro/files/ks/net_smallsystem_ks.cfg +++ /dev/null @@ -1,1121 +0,0 @@ -# -# Copyright (c) 2019 Wind River Systems, Inc. -# SPDX-License-Identifier: Apache-2.0 -# - -%pre -# This file defines functions that can be used in %pre and %post kickstart sections, by including: -# . /tmp/ks-functions.sh -# - -cat </tmp/ks-functions.sh -# -# Copyright (c) 2019 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# - -function get_by_path() -{ - local disk=\$(cd /dev ; readlink -f \$1) - for p in /dev/disk/by-path/*; do - if [ "\$disk" = "\$(readlink -f \$p)" ]; then - echo \$p - return - fi - done -} - -function get_disk() -{ - echo \$(cd /dev ; readlink -f \$1) -} - -function report_pre_failure_with_msg() -{ - local msg=\$1 - echo -e '\n\nInstallation failed.\n' - echo "\$msg" - - exit 1 -} - -function report_post_failure_with_msg() -{ - local msg=\$1 - cat <> /etc/motd - -Installation failed. -\$msg - -EOF - echo "\$msg" >/etc/platform/installation_failed - - echo -e '\n\nInstallation failed.\n' - echo "\$msg" - - exit 1 -} - -function report_post_failure_with_logfile() -{ - local logfile=\$1 - cat <> /etc/motd - -Installation failed. -Please see \$logfile for details of failure - -EOF - echo \$logfile >/etc/platform/installation_failed - - echo -e '\n\nInstallation failed.\n' - cat \$logfile - - exit 1 -} - -function get_http_port() -{ - echo \$(cat /proc/cmdline |xargs -n1 echo |grep '^inst.repo=' | sed -r 's#^[^/]*://[^/]*:([0-9]*)/.*#\1#') -} - -END_FUNCTIONS - -%end - -%post -# This file defines functions that can be used in %pre and %post kickstart sections, by including: -# . /tmp/ks-functions.sh -# - -cat </tmp/ks-functions.sh -# -# Copyright (c) 2019 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# - -function get_by_path() -{ - local disk=\$(cd /dev ; readlink -f \$1) - for p in /dev/disk/by-path/*; do - if [ "\$disk" = "\$(readlink -f \$p)" ]; then - echo \$p - return - fi - done -} - -function get_disk() -{ - echo \$(cd /dev ; readlink -f \$1) -} - -function report_pre_failure_with_msg() -{ - local msg=\$1 - echo -e '\n\nInstallation failed.\n' - echo "\$msg" - - exit 1 -} - -function report_post_failure_with_msg() -{ - local msg=\$1 - cat <> /etc/motd - -Installation failed. -\$msg - -EOF - echo "\$msg" >/etc/platform/installation_failed - - echo -e '\n\nInstallation failed.\n' - echo "\$msg" - - exit 1 -} - -function report_post_failure_with_logfile() -{ - local logfile=\$1 - cat <> /etc/motd - -Installation failed. -Please see \$logfile for details of failure - -EOF - echo \$logfile >/etc/platform/installation_failed - - echo -e '\n\nInstallation failed.\n' - cat \$logfile - - exit 1 -} - -function get_http_port() -{ - echo \$(cat /proc/cmdline |xargs -n1 echo |grep '^inst.repo=' | sed -r 's#^[^/]*://[^/]*:([0-9]*)/.*#\1#') -} - -END_FUNCTIONS - -%end - - -# Template from: pre_common_head.cfg -%pre --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -# First, parse /proc/cmdline to find the boot args -set -- `cat /proc/cmdline` -for I in $*; do case "$I" in *=*) eval $I 2>/dev/null;; esac; done - -append= -if [ -n "$console" ] ; then - append="console=$console" -fi - -if [ -n "$security_profile" ]; then - append="$append security_profile=$security_profile" -fi - -#### SECURITY PROFILE HANDLING (Pre Installation) #### -if [ -n "$security_profile" ] && [ "$security_profile" == "extended" ]; then - # IMA specific boot options: - # Enable Kernel auditing - append="$append audit=1" -else - # we need to blacklist the IMA and Integrity Modules - # on standard security profile - append="$append module_blacklist=integrity,ima" - - # Disable Kernel auditing in Standard Security Profile mode - append="$append audit=0" -fi - -if [ -n "$tboot" ]; then - append="$append tboot=$tboot" -else - append="$append tboot=false" -fi - -boot_device_arg= -if [ -n "$boot_device" ] ; then - boot_device_arg="--boot-drive=$(get_by_path $boot_device)" -fi - -echo "bootloader --location=mbr $boot_device_arg --timeout=5 --append=\"$append\"" > /tmp/bootloader-include - -echo "timezone --nontp --utc UTC" >/tmp/timezone-include -%end - -#version=DEVEL -install -lang en_US.UTF-8 -keyboard us -%include /tmp/timezone-include -# set to 'x' so we can use shadow password -rootpw --iscrypted x -selinux --disabled -authconfig --enableshadow --passalgo=sha512 -firewall --service=ssh - -# The following is the partition information you requested -# Note that any partitions you deleted are not expressed -# here so unless you clear all partitions first, this is -# not guaranteed to work -zerombr - -# Disk layout from %pre -%include /tmp/part-include -# Bootloader parms from %pre -%include /tmp/bootloader-include - -reboot --eject - - -# Template from: pre_net_common.cfg -%pre - -# Setup ntp.conf and sync time -cat </etc/ntp_kickstart.conf -server pxecontroller -EOF - -/usr/sbin/ntpd -g -q -n -c /etc/ntp_kickstart.conf -if [ $? -eq 0 ]; then - /sbin/hwclock --systohc --utc -fi - -%end - - -# Template from: pre_pkglist.cfg -%packages -@core -@base --kernel-module-igb-uio-rt --kernel-module-wrs-avp-rt --kernel-rt --kernel-rt-kvm --kernel-rt-tools --kernel-rt-tools-libs --kmod-drbd-rt --kmod-e1000e-rt --kmod-i40e-rt --kmod-ixgbe-rt --kmod-tpm-rt --mlnx-ofa_kernel --mlnx-ofa_kernel-rt --mlnx-ofa_kernel-rt-modules --qat16-rt -@platform-controller-worker -@updates-controller-worker -%end - - -# Template from: pre_disk_setup_common.cfg -%pre --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -# This is a really fancy way of finding the first usable disk for the -# install and not stomping on the USB device if it comes up first - -# First, parse /proc/cmdline to find the boot args -set -- `cat /proc/cmdline` -for I in $*; do case "$I" in *=*) eval $I 2>/dev/null;; esac; done - -# Find either the ISO or USB device first chopping off partition -ISO_DEV=`readlink /dev/disk/by-label/oe_iso_boot` -sdev=`echo $ISO_DEV | sed -e 's/.$//'` -if [ -e /dev/disk/by-label/$sdev ] ; then - ISO_DEV=$sdev -fi -USB_DEV=`readlink /dev/disk/by-label/wr_usb_boot` -sdev=`echo $USB_DEV | sed -e 's/.$//'` -if [ -e /dev/disk/by-label/$sdev ] ; then - USB_DEV=$sdev -fi - -# Temporary, until lab pxelinux.cfg files are updated to specify install devices -if [ -z "$rootfs_device" -o -z "$boot_device" ] -then - INST_HDD="" - # Prefer a vd* device if this is kvm/qemu - for e in vda vdb sda sdb nvme0n1; do - if [ -e /dev/$e -a "$ISO_DEV" != "../../$e" -a "$USB_DEV" != "../../$e" ] ; then - INST_HDD=$e - break - fi - done - - # Set variables to $INST_HDD if not set - rootfs_device=${rootfs_device:-$INST_HDD} - boot_device=${boot_device:-$INST_HDD} -fi - -# Convert to by-path -orig_rootfs_device=$rootfs_device -rootfs_device=$(get_by_path $rootfs_device) - -orig_boot_device=$boot_device -boot_device=$(get_by_path $boot_device) - -if [ ! -e "$rootfs_device" -o ! -e "$boot_device" ] ; then - # Touch this file to prevent Anaconda from dying an ungraceful death - touch /tmp/part-include - - report_pre_failure_with_msg "ERROR: Specified installation ($orig_rootfs_device) or boot ($orig_boot_device) device is invalid." -fi - -# Ensure specified device is not a USB drive -udevadm info --query=property --name=$rootfs_device |grep -q '^ID_BUS=usb' || \ - udevadm info --query=property --name=$boot_device |grep -q '^ID_BUS=usb' -if [ $? -eq 0 ]; then - # Touch this file to prevent Anaconda from dying an ungraceful death - touch /tmp/part-include - - report_pre_failure_with_msg "ERROR: Specified installation ($orig_rootfs_device) or boot ($orig_boot_device) device is a USB drive." -fi - -# Deactivate existing volume groups to avoid Anaconda issues with pre-existing groups -vgs --noheadings -o vg_name | xargs --no-run-if-empty -n 1 vgchange -an - -# Remove volumes and group for cgts-vg, if any -lvremove --force cgts-vg -pvs --select 'vg_name=cgts-vg' --noheadings -o pv_name | xargs --no-run-if-empty pvremove --force --force --yes -vgs --select 'vg_name=cgts-vg' --noheadings -o vg_name | xargs --no-run-if-empty vgremove --force - -ONLYUSE_HDD="" -if [ "$(curl -sf http://pxecontroller:6385/v1/upgrade/$(hostname)/in_upgrade 2>/dev/null)" = "true" ]; then - # In an upgrade, only wipe the disk with the rootfs and boot partition - echo "In upgrade, wiping only $rootfs_device" - WIPE_HDD="$(get_disk $rootfs_device)" - ONLYUSE_HDD="$(basename $(get_disk $rootfs_device))" - if [ "$(get_disk $rootfs_device)" != "$(get_disk $boot_device)" ]; then - WIPE_HDD="$WIPE_HDD,$(get_disk $boot_device)" - ONLYUSE_HDD="$ONLYUSE_HDD,$(basename $(get_disk $boot_device))" - fi -else - # Make a list of all the hard drives that are to be wiped - WIPE_HDD="" - # Partition type OSD has a unique globally identifier - part_type_guid_str="Partition GUID code" - CEPH_OSD_GUID="4FBD7E29-9D25-41B8-AFD0-062C0CEFF05D" - - # Check if we wipe OSDs - if [ "$(curl -sf http://pxecontroller:6385/v1/ihosts/wipe_osds 2>/dev/null)" = "true" ]; then - echo "Wipe OSD data." - WIPE_CEPH_OSDS="true" - else - echo "Skip Ceph OSD data wipe." - WIPE_CEPH_OSDS="false" - fi - - for f in /dev/disk/by-path/* - do - dev=$(readlink -f $f) - lsblk --nodeps --pairs $dev | grep -q 'TYPE="disk"' - if [ $? -ne 0 ] - then - continue - fi - - # Avoid wiping USB drives - udevadm info --query=property --name=$dev |grep -q '^ID_BUS=usb' && continue - - # Avoid wiping ceph osds if sysinv tells us so - if [ ${WIPE_CEPH_OSDS} == "false" ]; then - wipe_dev="true" - part_numbers=( `parted -s $dev print | awk '$1 == "Number" {i=1; next}; i {print $1}'` ) - # Scanning the partitions looking for CEPH OSDs and - # skipping any disk found with such partitions - for part_number in "${part_numbers[@]}"; do - sgdisk_part_info=$(flock $dev sgdisk -i $part_number $dev) - part_type_guid=$(echo "$sgdisk_part_info" | grep "$part_type_guid_str" | awk '{print $4;}') - if [ "$part_type_guid" == $CEPH_OSD_GUID ]; then - echo "OSD found on $dev, skipping wipe" - wipe_dev="false" - break - fi - done - if [ "$wipe_dev" == "false" ]; then - continue - fi - fi - - # Add device to the wipe list - devname=$(basename $dev) - if [ -e $dev -a "$ISO_DEV" != "../../$devname" -a "$USB_DEV" != "../../$devname" ]; then - if [ -n "$WIPE_HDD" ]; then - WIPE_HDD=$WIPE_HDD,$dev - else - WIPE_HDD=$dev - fi - fi - done - echo "Not in upgrade, wiping disks: $WIPE_HDD" -fi - -for dev in ${WIPE_HDD//,/ } -do - # Clearing previous GPT tables or LVM data - # Delete the first few bytes at the start and end of the partition. This is required with - # GPT partitions, they save partition info at the start and the end of the block. - # Do this for each partition on the disk, as well. - partitions=$(lsblk -rip $dev -o TYPE,NAME |awk '$1 == "part" {print $2}') - for p in $partitions $dev - do - echo "Pre-wiping $p from kickstart" - dd if=/dev/zero of=$p bs=512 count=34 - dd if=/dev/zero of=$p bs=512 count=34 seek=$((`blockdev --getsz $p` - 34)) - done -done - -# Check for remaining cgts-vg PVs, which could potentially happen -# in an upgrade where we're not wiping all disks. -# If we ever create other volume groups from kickstart in the future, -# include them in this search as well. -partitions=$(pvs --select 'vg_name=cgts-vg' -o pv_name --noheading | grep -v '\[unknown\]') -for p in $partitions -do - echo "Pre-wiping $p from kickstart (cgts-vg present)" - dd if=/dev/zero of=$p bs=512 count=34 - dd if=/dev/zero of=$p bs=512 count=34 seek=$((`blockdev --getsz $p` - 34)) -done - -let -i gb=1024*1024*1024 - -cat</tmp/part-include -clearpart --all --drives=$WIPE_HDD --initlabel -EOF - -if [ -n "$ONLYUSE_HDD" ]; then - cat<>/tmp/part-include -ignoredisk --only-use=$ONLYUSE_HDD -EOF -fi - -if [ -d /sys/firmware/efi ] ; then - cat<>/tmp/part-include -part /boot/efi --fstype=efi --size=300 --ondrive=$(get_disk $boot_device) -EOF -else - cat<>/tmp/part-include -part biosboot --asprimary --fstype=biosboot --size=1 --ondrive=$(get_disk $boot_device) -EOF -fi - - -# Template from: pre_disk_aio.cfg - -## NOTE: updates to partition sizes need to be also reflected in -## - stx-config/.../sysinv/conductor/manager.py:create_controller_filesystems() -## - stx-config/.../sysinv/common/constants.py -## -## NOTE: When adding partitions, we currently have a max of 4 primary partitions. -## If more than 4 partitions are required, we can use a max of 3 --asprimary, -## to allow 1 primary logical partition with extended partitions -## -## NOTE: Max default PV size must align with the default controllerfs sizes -## -## BACKUP_OVERHEAD = 20 -## -## Physical install (for disks over 240GB) -## - DB size is doubled to allow for upgrades -## -## DEFAULT_IMAGE_STOR_SIZE = 10 -## DEFAULT_DATABASE_STOR_SIZE = 20 -## DEFAULT_IMG_CONVERSION_STOR_SIZE = 20 -## BACKUP = DEFAULT_DATABASE_STOR_SIZE + DEFAULT_IMAGE_STOR_SIZE -## + BACKUP_OVERHEAD = 50 -## LOG_VOL_SIZE = 8192 -## SCRATCH_VOL_SIZE = 8192 -## RABBIT = 2048 -## PLATFORM = 2048 -## ANCHOR = 1024 -## EXTENSION = 1024 -## GNOCCHI = 5120 -## DOCKER = 30720 -## DOCKER_DIST = 16384 -## ETCD = 5120 -## CEPH_MON = 20480 -## KUBELET_VOL_SIZE = 10240 -## RESERVED_PE = 16 (based on pesize=32768) -## -## CGCS_PV_SIZE = 10240 + 2*20480 + 20480 + 51200 + 8196 + 8196 + 2048 + -## 2048 + 1024 + 1024 + 5120 + 30720 + 16384 + 5120 + -## 20480 + 10240 + 16 = 233496 -## -## small install - (for disks below 240GB) -## - DB size is doubled to allow for upgrades -## -## DEFAULT_SMALL_IMAGE_STOR_SIZE = 10 -## DEFAULT_SMALL_DATABASE_STOR_SIZE = 10 -## DEFAULT_SMALL_IMG_CONVERSION_STOR_SIZE = 10 -## DEFAULT_SMALL_BACKUP_STOR_SIZE = 40 -## -## LOG_VOL_SIZE = 8192 -## SCRATCH_VOL_SIZE = 8192 -## RABBIT = 2048 -## PLATFORM = 2048 -## ANCHOR = 1024 -## EXTENSION = 1024 -## GNOCCHI = 5120 -## DOCKER = 30720 -## DOCKER_DIST = 16384 -## ETCD = 5120 -## CEPH_MON = 20480 -## KUBELET_VOL_SIZE = 10240 -## RESERVED_PE = 16 (based on pesize=32768) -## -## -## CGCS_PV_SIZE = 10240 + 2*10240 + 10240 + 40960 + 8192 + 8192 + 2048 + -## 2048 + 1024 + 1024 + 5120 + 30720 + 16384 + 5120 + -## 20480 + 10240 + 16 = 192528 -## -## NOTE: To maintain upgrade compatability within the volume group, keep the -## undersized LOG_VOL_SIZE and SCRATCH_VOL_SIZE, but size the minimally size -## physical volume correctly. -## -## R4 AIO installations: -## - R4 (case #1): /boot (0.5G), / (20G), -## cgts-vg PV (239G), /local_pv (239G) -## - R4 (case #2): /boot (0.5G), / (20G), -## cgts-vg PV (239G), cgts-vg (239G) -## -## Upgrade migration will start with R5 install and create a partition to align -## above so filesystems within the volume group will be able to maintain their -## sizes in R5 -## - R5 install : /boot (0.5G), / (20G), -## cgts-vg PV (142G), un-partitioned (336G) -## - R5 (case #1): /boot (0.5G), / (20G), -## cgts-vg PV (142G), cgts-vg PV (97G), unpartitioned (239G) -## - R5 (case #2): /boot (0.5G), / (20G), -## cgts-vg PV (142G), cgts-vg PV (336G) -## - -sz=$(blockdev --getsize64 $(get_disk $rootfs_device)) -if [ $sz -le $((240*$gb)) ] ; then - # Round CGCS_PV_SIZE to the closest upper value that can be divided by 1024. - # 192528/1024=188.01. CGCS_PV_SIZE=189*1024=193536. Using a disk with a - # size under 189GiB will fail. - CGCS_PV_SIZE=193536 -else - # Round CGCS_PV_SIZE to the closest upper value that can be divided by 1024. - # 233496/1024=228.02. CGCS_PV_SIZE=229*1024=234496. - CGCS_PV_SIZE=234496 -fi - -ROOTFS_SIZE=20000 -LOG_VOL_SIZE=8000 -SCRATCH_VOL_SIZE=8000 - -ROOTFS_OPTIONS="defaults" -profile_mode=`cat /proc/cmdline |xargs -n1 echo |grep security_profile= | grep extended` -if [ -n "$profile_mode" ]; then - # Enable iversion labelling for rootfs when IMA is enabled - ROOTFS_OPTIONS="${ROOTFS_OPTIONS},iversion" -fi - -cat<>/tmp/part-include -part /boot --fstype=ext4 --asprimary --size=500 --ondrive=$(get_disk $rootfs_device) --fsoptions="$ROOTFS_OPTIONS" -part pv.253004 --grow --size=500 --maxsize=$CGCS_PV_SIZE --ondrive=$(get_disk $rootfs_device) -volgroup cgts-vg --pesize=32768 pv.253004 -logvol /var/log --fstype=ext4 --vgname=cgts-vg --size=$LOG_VOL_SIZE --name=log-lv -logvol /scratch --fstype=ext4 --vgname=cgts-vg --size=$SCRATCH_VOL_SIZE --name=scratch-lv -part / --fstype=ext4 --asprimary --size=$ROOTFS_SIZE --ondrive=$(get_disk $rootfs_device) --fsoptions="$ROOTFS_OPTIONS" -EOF - -%end - - -# Template from: post_platform_conf_aio.cfg -%post --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -# Set the security profile mode -secprofile="standard" -profile_mode=`cat /proc/cmdline |xargs -n1 echo |grep security_profile= | grep extended` -if [ -n "$profile_mode" ]; then - secprofile="extended" -fi - -mkdir -p -m 0775 /etc/platform -cat < /etc/platform/platform.conf -nodetype=controller -subfunction=controller,worker -system_type=All-in-one -security_profile=$secprofile -EOF - -%end - - -# Template from: post_common.cfg -%post --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -# Turn off locale support for i18n if is not installed -if [ ! -d /usr/share/i18n ] ; then - rm -f /etc/sysconfig/i18n -fi -# Unset the hostname -rm /etc/hostname - -# If using a serial install make sure to add a getty on the tty1 -conarg=`cat /proc/cmdline |xargs -n1 echo |grep console= |grep ttyS` -if [ -n "$conarg" ] ; then - echo "1:2345:respawn:/sbin/mingetty tty1" >> /etc/inittab -fi - -#### SECURITY PROFILE HANDLING (Post Installation) #### -# Check if the Security profile mode is enabled -# and load the appropriate kernel modules -secprofile=`cat /proc/cmdline |xargs -n1 echo |grep security_profile= | grep extended` -if [ -n "$secprofile" ]; then - echo "In Extended Security profile mode. Loading IMA kernel module" - systemctl enable auditd.service - # Add the securityfs mount for the IMA Runtime measurement list - echo "securityfs /sys/kernel/security securityfs defaults,nodev 0 0" >> /etc/fstab -else - # Disable audit daemon in the Standard Security Profile - systemctl disable auditd -fi - -. /etc/platform/platform.conf -# Configure smart package manager channels -rm -rf /var/lib/smart -mkdir /var/lib/smart -/usr/bin/smart channel -y \ - --add rpmdb type=rpm-sys name="RPM Database" -/usr/bin/smart channel -y \ - --add base type=rpm-md name="Base" baseurl=http://controller:${http_port:-8080}/feed/rel-19.12 -/usr/bin/smart channel -y \ - --add updates type=rpm-md name="Patches" baseurl=http://controller:${http_port:-8080}/updates/rel-19.12 - -# Configure smart to use rpm --nolinktos option -/usr/bin/smart config --set rpm-nolinktos=true - -# Configure smart to use rpm --nosignature option -/usr/bin/smart config --set rpm-check-signatures=false - -# Delete the CentOS yum repo files -rm -f /etc/yum.repos.d/CentOS-* - -# Persist the boot device naming as UDEV rules so that if the network device -# order changes post-install that we will still be able to DHCP from the -# correct interface to reach the active controller. For most nodes only the -# management/boot interface needs to be persisted but because we require both -# controllers to be identically configured and controller-0 and controller-1 -# are installed differently (e.g., controller-0 from USB and controller-1 from -# network) it is not possible to know which interface to persist for -# controller-0. The simplest solution is to persist all interfaces. -# -mkdir -p /etc/udev/rules.d -echo "# Persisted network interfaces from anaconda installer" > /etc/udev/rules.d/70-persistent-net.rules -for dir in /sys/class/net/*; do - if [ -e ${dir}/device ]; then - dev=$(basename ${dir}) - mac_address=$(cat /sys/class/net/${dev}/address) - echo "ACTION==\"add\", SUBSYSTEM==\"net\", DRIVERS==\"?*\", ATTR{address}==\"${mac_address}\", NAME=\"${dev}\"" >> /etc/udev/rules.d/70-persistent-net.rules - fi -done - -# Mark the sysadmin password as expired immediately -chage -d 0 sysadmin - -# Lock the root password -passwd -l root - -# Enable tmpfs mount for /tmp -# delete /var/tmp so that it can similinked in -rm -rf /var/tmp -systemctl enable tmp.mount - -# Disable automount of /dev/hugepages -systemctl mask dev-hugepages.mount - -# Disable firewall -systemctl disable firewalld - -# Disable libvirtd -systemctl disable libvirtd.service - -# Enable rsyncd -systemctl enable rsyncd.service - -# Allow root to run sudo from a non-tty (for scripts running as root that run sudo cmds) -echo 'Defaults:root !requiretty' > /etc/sudoers.d/root - -# Make fstab just root read/writable -chmod 600 /etc/fstab - -# Create first_boot flag -touch /etc/platform/.first_boot - -%end - -# Template from: post_kernel_aio_and_worker.cfg -%post --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -# Source the generated platform.conf -. /etc/platform/platform.conf - -# Update grub with custom kernel bootargs -source /etc/init.d/cpumap_functions.sh -n_cpus=$(cat /proc/cpuinfo 2>/dev/null | \ - awk '/^[pP]rocessor/ { n +=1 } END { print (n>0) ? n : 1}') -n_numa=$(ls -d /sys/devices/system/node/node* 2>/dev/null | wc -l) -KERN_OPTS=" iommu=pt usbcore.autosuspend=-1" - -KERN_OPTS="${KERN_OPTS} hugepagesz=2M hugepages=0 default_hugepagesz=2M" - -# If this is an all-in-one system, we need at least 4 CPUs -if [ "$system_type" = "All-in-one" -a ${n_cpus} -lt 4 ]; then - report_post_failure_with_msg "ERROR: At least 4 CPUs are required for controller+worker node." -fi - -# Add kernel options for cpu isolation / affinity -if [ ${n_cpus} -gt 1 ] -then - base_cpulist=$(platform_expanded_cpu_list) - base_cpumap=$(cpulist_to_cpumap ${base_cpulist} ${n_cpus}) - avp_cpulist=$(vswitch_expanded_cpu_list) - norcu_cpumap=$(invert_cpumap ${base_cpumap} ${n_cpus}) - norcu_cpulist=$(cpumap_to_cpulist ${norcu_cpumap} ${n_cpus}) - - if [[ "$subfunction" =~ lowlatency ]]; then - KERN_OPTS="${KERN_OPTS} isolcpus=${norcu_cpulist}" - KERN_OPTS="${KERN_OPTS} nohz_full=${norcu_cpulist}" - else - KERN_OPTS="${KERN_OPTS} isolcpus=${avp_cpulist}" - fi - KERN_OPTS="${KERN_OPTS} rcu_nocbs=${norcu_cpulist}" - KERN_OPTS="${KERN_OPTS} kthread_cpus=${base_cpulist}" - KERN_OPTS="${KERN_OPTS} irqaffinity=${base_cpulist}" - # Update vswitch.conf - sed -i "s/^VSWITCH_CPU_LIST=.*/VSWITCH_CPU_LIST=\"${avp_cpulist}\"/" /etc/vswitch/vswitch.conf -fi - -# Add kernel options to ensure an selinux is disabled -KERN_OPTS="${KERN_OPTS} selinux=0 enforcing=0" - -# Add kernel options to set NMI watchdog -if [[ "$subfunction" =~ lowlatency ]]; then - KERN_OPTS="${KERN_OPTS} nmi_watchdog=0 softlockup_panic=0" -else - KERN_OPTS="${KERN_OPTS} nmi_watchdog=panic,1 softlockup_panic=1" -fi - -if [[ "$(dmidecode -s system-product-name)" =~ ^ProLiant.*Gen8$ ]]; then - KERN_OPTS="${KERN_OPTS} intel_iommu=on,eth_no_rmrr" -else - KERN_OPTS="${KERN_OPTS} intel_iommu=on" -fi - -# Add kernel option to disable biosdevname if enabled -# As this may already be in GRUB_CMDLINE_LINUX, only add if it is not already present -grep -q '^GRUB_CMDLINE_LINUX=.*biosdevname=0' /etc/default/grub -if [ $? -ne 0 ]; then - KERN_OPTS="${KERN_OPTS} biosdevname=0" -fi - -# Add kernel options to disable kvm-intel.eptad on Broadwell -# Broadwell: Model: 79, Model name: Intel(R) Xeon(R) CPU E5-2699 v4 @ 2.20GHz -if grep -q -E "^model\s+:\s+79$" /proc/cpuinfo -then - KERN_OPTS="${KERN_OPTS} kvm-intel.eptad=0" -fi - -# k8s updates: -#KERN_OPTS="${KERN_OPTS} cgroup_disable=memory" -KERN_OPTS="${KERN_OPTS} user_namespace.enable=1" - -# Add kernel option to avoid jiffies_lock contention on real-time kernel -if [[ "$subfunction" =~ lowlatency ]]; then - KERN_OPTS="${KERN_OPTS} skew_tick=1" -fi - -# If the installer asked us to use security related kernel params, use -# them in the grub line as well (until they can be configured via puppet) -grep -q 'nopti' /proc/cmdline -if [ $? -eq 0 ]; then - KERN_OPTS="${KERN_OPTS} nopti" -fi -grep -q 'nospectre_v2' /proc/cmdline -if [ $? -eq 0 ]; then - KERN_OPTS="${KERN_OPTS} nospectre_v2" -fi - -perl -pi -e 's/(GRUB_CMDLINE_LINUX=.*)\"/\1'"$KERN_OPTS"'\"/g' /etc/default/grub - -if [ -d /sys/firmware/efi ] ; then - grub2-mkconfig -o /boot/efi/EFI/centos/grub.cfg -else - grub2-mkconfig -o /boot/grub2/grub.cfg -fi - -%end - - -# Template from: post_lvm_pv_on_rootfs.cfg -%post --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -# uncomment the global_filter line in lvm.conf -perl -0777 -i.bak -pe 's:(# This configuration option has an automatic default value\.\n)\t# global_filter:$1 global_filter:m' /etc/lvm/lvm.conf - -# Determine which disk we created our PV on (i.e. the root disk) -ROOTDISK=$(get_by_path $(pvdisplay --select 'vg_name=cgts-vg' -C -o pv_name --noheadings)) -if [ -z "$ROOTDISK" ]; then - report_post_failure_with_msg "ERROR: failed to identify rootdisk via pvdisplay" -fi -# Edit the LVM config so LVM only looks for LVs on the root disk -sed -i "s#^\( *\)global_filter = \[.*#\1global_filter = [ \"a|${ROOTDISK}|\", \"r|.*|\" ]#" /etc/lvm/lvm.conf -%end - - -# Template from: post_system_aio.cfg -%post --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -# Source the generated platform.conf -. /etc/platform/platform.conf - -## Reserve more memory for base processes since the controller has higher -## memory requirements but cap it to better handle systems with large -## amounts of memory -TOTALMEM=$(grep MemTotal /proc/meminfo | awk '{print int($2/1024)}') - -if [ -e /sys/devices/system/node/node0 ]; then - RESERVEDMEM=$(grep MemTotal /sys/devices/system/node/node0/meminfo | awk '{printf "%d\n", $4/1024}') -else - RESERVEDMEM=$(grep MemTotal /proc/meminfo | awk '{print int($2/1024/4)}') -fi - -if [ ${RESERVEDMEM} -lt 6144 ]; then - RESERVEDMEM=6144 -elif [ ${RESERVEDMEM} -gt 14500 ]; then - RESERVEDMEM=14500 -elif [ ${RESERVEDMEM} -gt 8192 ]; then - RESERVEDMEM=8192 -fi - -sed -i -e "s#\(WORKER_BASE_RESERVED\)=.*#\1=(\"node0:${RESERVEDMEM}MB:1\" \"node1:2000MB:0\" \"node2:2000MB:0\" \"node3:2000MB:0\")#g" /etc/platform/worker_reserved.conf - -# Update WORKER_CPU_LIST -N_CPUS=$(cat /proc/cpuinfo 2>/dev/null | awk '/^[pP]rocessor/ { n +=1 } END { print (n>0) ? n : 1}') -sed -i "s/^WORKER_CPU_LIST=.*/WORKER_CPU_LIST=\"0-$((N_CPUS-1))\"/" /etc/platform/worker_reserved.conf - -%end - - -# Template from: post_net_controller.cfg -%post --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -http_port=$(get_http_port) -# Retrieve the installation uuid from the controller we booted from -INSTALL_UUID=`curl -sf http://pxecontroller:${http_port:-8080}/feed/rel-19.12/install_uuid` -if [ $? -ne 0 ] -then - INSTALL_UUID=unknown -fi - -grep -q INSTALL_UUID /etc/platform/platform.conf -if [ $? -ne 0 ]; then - echo "INSTALL_UUID=$INSTALL_UUID" >> /etc/platform/platform.conf -fi - -cd /www/pages -# Sync software repository -feed_url=http://pxecontroller:${http_port:-8080}/feed/ -anaconda_logdir=/var/log/anaconda -mkdir -p $anaconda_logdir - -echo "Mirroring software repository (may take several minutes)..." >/dev/console -wget --recursive --no-parent --no-host-directories --no-clobber --reject 'index.html*' --reject '*.log' $feed_url/ -o $anaconda_logdir/wget-feed-mirror.log \ - || report_post_failure_with_logfile $anaconda_logdir/wget-feed-mirror.log - -# Sync patching repository -updates_url=http://pxecontroller:${http_port:-8080}/updates/ -wget --mirror --no-parent --no-host-directories --reject 'index.html*' --reject '*.log' $updates_url/ -o $anaconda_logdir/wget-updates-mirror.log \ - || report_post_failure_with_logfile $anaconda_logdir/wget-updates-mirror.log -echo "Done" >/dev/console - -shopt -s nullglob - -# Check whether a second release is installed -. /etc/build.info -CURRENT_REL_DIR=rel-${SW_VERSION} -OTHER_REL_DIR= -for REL_DIR in /www/pages/feed/*; do - if [[ ! $REL_DIR =~ "${SW_VERSION}" ]]; then - OTHER_REL_DIR=`basename $REL_DIR` - OTHER_REL_VERSION=${OTHER_REL_DIR:4} - break - fi -done - -# If second release is installed, find the latest version of the installer -# RPM and install the pxeboot files we require to boot hosts with that release. -if [ ! -z "$OTHER_REL_DIR" ]; then - PATCH_RPM=`find /www/pages/updates/${OTHER_REL_DIR}/Packages -name 'pxe-network-installer*' | sort -V | tail -1` - BASE_RPM=`find /www/pages/feed/${OTHER_REL_DIR}/Packages -name 'pxe-network-installer*' | sort -V | tail -1` - - if [ ! -z "$PATCH_RPM" ]; then - INSTALL_RPM=$PATCH_RPM - elif [ ! -z "$BASE_RPM" ]; then - INSTALL_RPM=$BASE_RPM - else - report_post_failure_with_msg "ERROR: Unable to find pxe-network-installer RPM for $OTHER_REL_DIR. Aborting installation." - fi - - echo "Installing pxeboot files for release $OTHER_REL_DIR from $INSTALL_RPM" >/dev/console - TMP_RPM=/tmp/pxe-network-installer - mkdir $TMP_RPM - pushd $TMP_RPM - /usr/bin/rpm2cpio $INSTALL_RPM | cpio -idm \ - || report_post_failure_with_msg "Failed to extract pxe-network-installer" - - cp -r $TMP_RPM/usr / \ - || report_post_failure_with_msg "Failed to copy pxe-network-installer /usr" - cp -r $TMP_RPM/pxeboot/$OTHER_REL_DIR /pxeboot/ \ - || report_post_failure_with_msg "Failed to copy pxe-network-installer /pxeboot/$OTHER_REL_DIR" - cp $TMP_RPM/pxeboot/pxelinux.cfg.files/*-$OTHER_REL_VERSION /pxeboot/pxelinux.cfg.files/ \ - || report_post_failure_with_msg "Failed to copy pxe-network-installer pxelinux.cfg files" - - rm -rf $TMP_RPM -fi - -%end - -# Template from: post_net_common.cfg -%pre --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -http_port=$(get_http_port) -echo "repo --name=base --baseurl=http://pxecontroller:${http_port:-8080}/feed/rel-19.12/" > /tmp/repo-include -echo "repo --name=updates --baseurl=http://pxecontroller:${http_port:-8080}/updates/rel-19.12/" > /tmp/repo-include - -%end - -# Repository arguments from %pre -%include /tmp/repo-include - - -%post --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -# Persist the http port to the platform configuration -echo http_port=$(get_http_port) >> /etc/platform/platform.conf - -# Obtain the boot interface from the PXE boot -BOOTIF=`cat /proc/cmdline |xargs -n1 echo |grep BOOTIF=` -if [ -d /sys/firmware/efi ] ; then - BOOTIF=${BOOTIF#BOOTIF=} -else - BOOTIF=${BOOTIF#BOOTIF=01-} - BOOTIF=${BOOTIF//-/:} -fi - -mgmt_dev=none -mgmt_vlan=0 -if [ -n "$BOOTIF" ] ; then - ndev=`ip link show |grep -B 1 $BOOTIF |head -1 |awk '{print $2}' |sed -e 's/://'` - if [ -n "$ndev" ] ; then - mgmt_dev=$ndev - # Retrieve the management VLAN from sysinv if it exists - mgmt_vlan=`curl -sf http://pxecontroller:6385/v1/isystems/mgmtvlan` - if [ $? -ne 0 ] - then - report_post_failure_with_msg "ERROR: Unable to communicate with System Inventory REST API. Aborting installation." - fi - else - report_post_failure_with_msg "ERROR: Unable to determine mgmt interface from BOOTIF=$BOOTIF." - fi -else - report_post_failure_with_msg "ERROR: BOOTIF is not set. Unable to determine mgmt interface." -fi - -if [ $mgmt_vlan -eq 0 ] ; then - - # Persist the boot device to the platform configuration. This will get - # overwritten later if the management_interface is on a bonded interface. - echo management_interface=$mgmt_dev >> /etc/platform/platform.conf - - # Build networking scripts - cat << EOF > /etc/sysconfig/network-scripts/ifcfg-lo -DEVICE=lo -IPADDR=127.0.0.1 -NETMASK=255.0.0.0 -NETWORK=127.0.0.0 -BROADCAST=127.255.255.255 -ONBOOT=yes -IPV6_AUTOCONF=no -NAME=loopback -EOF - - cat << EOF > /etc/sysconfig/network-scripts/ifcfg-$mgmt_dev -DEVICE=$mgmt_dev -BOOTPROTO=dhcp -ONBOOT=yes -IPV6_AUTOCONF=no -LINKDELAY=20 -EOF - -else - - # Check whether to use inet or inet6 - ipv6_addr=$(dig +short AAAA controller) - if [[ -n "$ipv6_addr" ]] - then - mgmt_address_family=inet6 - ipv6init=yes - dhcpv6c=yes - dhclientargs=-1 - else - mgmt_address_family=inet - ipv6init=no - dhcpv6c=no - dhclientargs= - fi - - # Persist the boot device to the platform configuration. This will get - # overwritten later if the management_interface is on a bonded interface. - echo management_interface=vlan$mgmt_vlan >> /etc/platform/platform.conf - - # Build networking scripts - cat << EOF > /etc/sysconfig/network-scripts/ifcfg-lo -DEVICE=lo -IPADDR=127.0.0.1 -NETMASK=255.0.0.0 -NETWORK=127.0.0.0 -BROADCAST=127.255.255.255 -ONBOOT=yes -IPV6_AUTOCONF=no -NAME=loopback -EOF - - cat << EOF > /etc/sysconfig/network-scripts/ifcfg-$mgmt_dev -DEVICE=$mgmt_dev -BOOTPROTO=none -ONBOOT=yes -IPV6_AUTOCONF=no -LINKDELAY=20 -EOF - - cat << EOF > /etc/sysconfig/network-scripts/ifcfg-vlan$mgmt_vlan -DEVICE=vlan$mgmt_vlan -BOOTPROTO=dhcp -DHCLIENTARGS=$dhclientargs -IPV6INIT=$ipv6init -DHCPV6C=$dhcpv6c -ONBOOT=yes -IPV6_AUTOCONF=no -PHYSDEV=$mgmt_dev -VLAN=yes -LINKDELAY=20 -EOF - - # Reject DHCPOFFER from DHCP server that doesn't send - # wrs-install-uuid option - echo "require wrs-install-uuid;" >>/etc/dhcp/dhclient.conf - echo "require dhcp6.wrs-install-uuid;" >>/etc/dhcp/dhclient.conf - - # Bring up the mgmt vlan so that a dhcp lease is acquired and an address is - # setup prior to the post-install reboot. This is so that the timing of the IP - # address allocation is similar to how normal/non-pxe installation works. - mgmt_iface=vlan$mgmt_vlan - dhclient_family=$([[ $mgmt_address_family == "inet" ]] && echo -4 || echo -6) - ip link add link $mgmt_dev name $mgmt_iface type vlan id $mgmt_vlan - ip link set up dev $mgmt_iface - dhclient $dhclient_family $mgmt_iface || true - -fi - -%end diff --git a/meta-stx/conf/distro/files/ks/net_smallsystem_lowlatency_ks.cfg b/meta-stx/conf/distro/files/ks/net_smallsystem_lowlatency_ks.cfg deleted file mode 100644 index 8b136a8..0000000 --- a/meta-stx/conf/distro/files/ks/net_smallsystem_lowlatency_ks.cfg +++ /dev/null @@ -1,1120 +0,0 @@ -# -# Copyright (c) 2019 Wind River Systems, Inc. -# SPDX-License-Identifier: Apache-2.0 -# - -%pre -# This file defines functions that can be used in %pre and %post kickstart sections, by including: -# . /tmp/ks-functions.sh -# - -cat </tmp/ks-functions.sh -# -# Copyright (c) 2019 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# - -function get_by_path() -{ - local disk=\$(cd /dev ; readlink -f \$1) - for p in /dev/disk/by-path/*; do - if [ "\$disk" = "\$(readlink -f \$p)" ]; then - echo \$p - return - fi - done -} - -function get_disk() -{ - echo \$(cd /dev ; readlink -f \$1) -} - -function report_pre_failure_with_msg() -{ - local msg=\$1 - echo -e '\n\nInstallation failed.\n' - echo "\$msg" - - exit 1 -} - -function report_post_failure_with_msg() -{ - local msg=\$1 - cat <> /etc/motd - -Installation failed. -\$msg - -EOF - echo "\$msg" >/etc/platform/installation_failed - - echo -e '\n\nInstallation failed.\n' - echo "\$msg" - - exit 1 -} - -function report_post_failure_with_logfile() -{ - local logfile=\$1 - cat <> /etc/motd - -Installation failed. -Please see \$logfile for details of failure - -EOF - echo \$logfile >/etc/platform/installation_failed - - echo -e '\n\nInstallation failed.\n' - cat \$logfile - - exit 1 -} - -function get_http_port() -{ - echo \$(cat /proc/cmdline |xargs -n1 echo |grep '^inst.repo=' | sed -r 's#^[^/]*://[^/]*:([0-9]*)/.*#\1#') -} - -END_FUNCTIONS - -%end - -%post -# This file defines functions that can be used in %pre and %post kickstart sections, by including: -# . /tmp/ks-functions.sh -# - -cat </tmp/ks-functions.sh -# -# Copyright (c) 2019 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# - -function get_by_path() -{ - local disk=\$(cd /dev ; readlink -f \$1) - for p in /dev/disk/by-path/*; do - if [ "\$disk" = "\$(readlink -f \$p)" ]; then - echo \$p - return - fi - done -} - -function get_disk() -{ - echo \$(cd /dev ; readlink -f \$1) -} - -function report_pre_failure_with_msg() -{ - local msg=\$1 - echo -e '\n\nInstallation failed.\n' - echo "\$msg" - - exit 1 -} - -function report_post_failure_with_msg() -{ - local msg=\$1 - cat <> /etc/motd - -Installation failed. -\$msg - -EOF - echo "\$msg" >/etc/platform/installation_failed - - echo -e '\n\nInstallation failed.\n' - echo "\$msg" - - exit 1 -} - -function report_post_failure_with_logfile() -{ - local logfile=\$1 - cat <> /etc/motd - -Installation failed. -Please see \$logfile for details of failure - -EOF - echo \$logfile >/etc/platform/installation_failed - - echo -e '\n\nInstallation failed.\n' - cat \$logfile - - exit 1 -} - -function get_http_port() -{ - echo \$(cat /proc/cmdline |xargs -n1 echo |grep '^inst.repo=' | sed -r 's#^[^/]*://[^/]*:([0-9]*)/.*#\1#') -} - -END_FUNCTIONS - -%end - - -# Template from: pre_common_head.cfg -%pre --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -# First, parse /proc/cmdline to find the boot args -set -- `cat /proc/cmdline` -for I in $*; do case "$I" in *=*) eval $I 2>/dev/null;; esac; done - -append= -if [ -n "$console" ] ; then - append="console=$console" -fi - -if [ -n "$security_profile" ]; then - append="$append security_profile=$security_profile" -fi - -#### SECURITY PROFILE HANDLING (Pre Installation) #### -if [ -n "$security_profile" ] && [ "$security_profile" == "extended" ]; then - # IMA specific boot options: - # Enable Kernel auditing - append="$append audit=1" -else - # we need to blacklist the IMA and Integrity Modules - # on standard security profile - append="$append module_blacklist=integrity,ima" - - # Disable Kernel auditing in Standard Security Profile mode - append="$append audit=0" -fi - -if [ -n "$tboot" ]; then - append="$append tboot=$tboot" -else - append="$append tboot=false" -fi - -boot_device_arg= -if [ -n "$boot_device" ] ; then - boot_device_arg="--boot-drive=$(get_by_path $boot_device)" -fi - -echo "bootloader --location=mbr $boot_device_arg --timeout=5 --append=\"$append\"" > /tmp/bootloader-include - -echo "timezone --nontp --utc UTC" >/tmp/timezone-include -%end - -#version=DEVEL -install -lang en_US.UTF-8 -keyboard us -%include /tmp/timezone-include -# set to 'x' so we can use shadow password -rootpw --iscrypted x -selinux --disabled -authconfig --enableshadow --passalgo=sha512 -firewall --service=ssh - -# The following is the partition information you requested -# Note that any partitions you deleted are not expressed -# here so unless you clear all partitions first, this is -# not guaranteed to work -zerombr - -# Disk layout from %pre -%include /tmp/part-include -# Bootloader parms from %pre -%include /tmp/bootloader-include - -reboot --eject - - -# Template from: pre_net_common.cfg -%pre - -# Setup ntp.conf and sync time -cat </etc/ntp_kickstart.conf -server pxecontroller -EOF - -/usr/sbin/ntpd -g -q -n -c /etc/ntp_kickstart.conf -if [ $? -eq 0 ]; then - /sbin/hwclock --systohc --utc -fi - -%end - - -# Template from: pre_pkglist_lowlatency.cfg -%packages -@core -@base --kernel-module-igb-uio --kernel-module-wrs-avp --kernel --kernel-tools --kernel-tools-libs --kmod-drbd --kmod-e1000e --kmod-i40e --kmod-ixgbe --kmod-tpm --mlnx-ofa_kernel --mlnx-ofa_kernel-rt --mlnx-ofa_kernel-modules --qat16 -@platform-controller-worker-lowlatency -@updates-controller-worker-lowlatency -%end - - -# Template from: pre_disk_setup_common.cfg -%pre --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -# This is a really fancy way of finding the first usable disk for the -# install and not stomping on the USB device if it comes up first - -# First, parse /proc/cmdline to find the boot args -set -- `cat /proc/cmdline` -for I in $*; do case "$I" in *=*) eval $I 2>/dev/null;; esac; done - -# Find either the ISO or USB device first chopping off partition -ISO_DEV=`readlink /dev/disk/by-label/oe_iso_boot` -sdev=`echo $ISO_DEV | sed -e 's/.$//'` -if [ -e /dev/disk/by-label/$sdev ] ; then - ISO_DEV=$sdev -fi -USB_DEV=`readlink /dev/disk/by-label/wr_usb_boot` -sdev=`echo $USB_DEV | sed -e 's/.$//'` -if [ -e /dev/disk/by-label/$sdev ] ; then - USB_DEV=$sdev -fi - -# Temporary, until lab pxelinux.cfg files are updated to specify install devices -if [ -z "$rootfs_device" -o -z "$boot_device" ] -then - INST_HDD="" - # Prefer a vd* device if this is kvm/qemu - for e in vda vdb sda sdb nvme0n1; do - if [ -e /dev/$e -a "$ISO_DEV" != "../../$e" -a "$USB_DEV" != "../../$e" ] ; then - INST_HDD=$e - break - fi - done - - # Set variables to $INST_HDD if not set - rootfs_device=${rootfs_device:-$INST_HDD} - boot_device=${boot_device:-$INST_HDD} -fi - -# Convert to by-path -orig_rootfs_device=$rootfs_device -rootfs_device=$(get_by_path $rootfs_device) - -orig_boot_device=$boot_device -boot_device=$(get_by_path $boot_device) - -if [ ! -e "$rootfs_device" -o ! -e "$boot_device" ] ; then - # Touch this file to prevent Anaconda from dying an ungraceful death - touch /tmp/part-include - - report_pre_failure_with_msg "ERROR: Specified installation ($orig_rootfs_device) or boot ($orig_boot_device) device is invalid." -fi - -# Ensure specified device is not a USB drive -udevadm info --query=property --name=$rootfs_device |grep -q '^ID_BUS=usb' || \ - udevadm info --query=property --name=$boot_device |grep -q '^ID_BUS=usb' -if [ $? -eq 0 ]; then - # Touch this file to prevent Anaconda from dying an ungraceful death - touch /tmp/part-include - - report_pre_failure_with_msg "ERROR: Specified installation ($orig_rootfs_device) or boot ($orig_boot_device) device is a USB drive." -fi - -# Deactivate existing volume groups to avoid Anaconda issues with pre-existing groups -vgs --noheadings -o vg_name | xargs --no-run-if-empty -n 1 vgchange -an - -# Remove volumes and group for cgts-vg, if any -lvremove --force cgts-vg -pvs --select 'vg_name=cgts-vg' --noheadings -o pv_name | xargs --no-run-if-empty pvremove --force --force --yes -vgs --select 'vg_name=cgts-vg' --noheadings -o vg_name | xargs --no-run-if-empty vgremove --force - -ONLYUSE_HDD="" -if [ "$(curl -sf http://pxecontroller:6385/v1/upgrade/$(hostname)/in_upgrade 2>/dev/null)" = "true" ]; then - # In an upgrade, only wipe the disk with the rootfs and boot partition - echo "In upgrade, wiping only $rootfs_device" - WIPE_HDD="$(get_disk $rootfs_device)" - ONLYUSE_HDD="$(basename $(get_disk $rootfs_device))" - if [ "$(get_disk $rootfs_device)" != "$(get_disk $boot_device)" ]; then - WIPE_HDD="$WIPE_HDD,$(get_disk $boot_device)" - ONLYUSE_HDD="$ONLYUSE_HDD,$(basename $(get_disk $boot_device))" - fi -else - # Make a list of all the hard drives that are to be wiped - WIPE_HDD="" - # Partition type OSD has a unique globally identifier - part_type_guid_str="Partition GUID code" - CEPH_OSD_GUID="4FBD7E29-9D25-41B8-AFD0-062C0CEFF05D" - - # Check if we wipe OSDs - if [ "$(curl -sf http://pxecontroller:6385/v1/ihosts/wipe_osds 2>/dev/null)" = "true" ]; then - echo "Wipe OSD data." - WIPE_CEPH_OSDS="true" - else - echo "Skip Ceph OSD data wipe." - WIPE_CEPH_OSDS="false" - fi - - for f in /dev/disk/by-path/* - do - dev=$(readlink -f $f) - lsblk --nodeps --pairs $dev | grep -q 'TYPE="disk"' - if [ $? -ne 0 ] - then - continue - fi - - # Avoid wiping USB drives - udevadm info --query=property --name=$dev |grep -q '^ID_BUS=usb' && continue - - # Avoid wiping ceph osds if sysinv tells us so - if [ ${WIPE_CEPH_OSDS} == "false" ]; then - wipe_dev="true" - part_numbers=( `parted -s $dev print | awk '$1 == "Number" {i=1; next}; i {print $1}'` ) - # Scanning the partitions looking for CEPH OSDs and - # skipping any disk found with such partitions - for part_number in "${part_numbers[@]}"; do - sgdisk_part_info=$(flock $dev sgdisk -i $part_number $dev) - part_type_guid=$(echo "$sgdisk_part_info" | grep "$part_type_guid_str" | awk '{print $4;}') - if [ "$part_type_guid" == $CEPH_OSD_GUID ]; then - echo "OSD found on $dev, skipping wipe" - wipe_dev="false" - break - fi - done - if [ "$wipe_dev" == "false" ]; then - continue - fi - fi - - # Add device to the wipe list - devname=$(basename $dev) - if [ -e $dev -a "$ISO_DEV" != "../../$devname" -a "$USB_DEV" != "../../$devname" ]; then - if [ -n "$WIPE_HDD" ]; then - WIPE_HDD=$WIPE_HDD,$dev - else - WIPE_HDD=$dev - fi - fi - done - echo "Not in upgrade, wiping disks: $WIPE_HDD" -fi - -for dev in ${WIPE_HDD//,/ } -do - # Clearing previous GPT tables or LVM data - # Delete the first few bytes at the start and end of the partition. This is required with - # GPT partitions, they save partition info at the start and the end of the block. - # Do this for each partition on the disk, as well. - partitions=$(lsblk -rip $dev -o TYPE,NAME |awk '$1 == "part" {print $2}') - for p in $partitions $dev - do - echo "Pre-wiping $p from kickstart" - dd if=/dev/zero of=$p bs=512 count=34 - dd if=/dev/zero of=$p bs=512 count=34 seek=$((`blockdev --getsz $p` - 34)) - done -done - -# Check for remaining cgts-vg PVs, which could potentially happen -# in an upgrade where we're not wiping all disks. -# If we ever create other volume groups from kickstart in the future, -# include them in this search as well. -partitions=$(pvs --select 'vg_name=cgts-vg' -o pv_name --noheading | grep -v '\[unknown\]') -for p in $partitions -do - echo "Pre-wiping $p from kickstart (cgts-vg present)" - dd if=/dev/zero of=$p bs=512 count=34 - dd if=/dev/zero of=$p bs=512 count=34 seek=$((`blockdev --getsz $p` - 34)) -done - -let -i gb=1024*1024*1024 - -cat</tmp/part-include -clearpart --all --drives=$WIPE_HDD --initlabel -EOF - -if [ -n "$ONLYUSE_HDD" ]; then - cat<>/tmp/part-include -ignoredisk --only-use=$ONLYUSE_HDD -EOF -fi - -if [ -d /sys/firmware/efi ] ; then - cat<>/tmp/part-include -part /boot/efi --fstype=efi --size=300 --ondrive=$(get_disk $boot_device) -EOF -else - cat<>/tmp/part-include -part biosboot --asprimary --fstype=biosboot --size=1 --ondrive=$(get_disk $boot_device) -EOF -fi - - -# Template from: pre_disk_aio.cfg - -## NOTE: updates to partition sizes need to be also reflected in -## - stx-config/.../sysinv/conductor/manager.py:create_controller_filesystems() -## - stx-config/.../sysinv/common/constants.py -## -## NOTE: When adding partitions, we currently have a max of 4 primary partitions. -## If more than 4 partitions are required, we can use a max of 3 --asprimary, -## to allow 1 primary logical partition with extended partitions -## -## NOTE: Max default PV size must align with the default controllerfs sizes -## -## BACKUP_OVERHEAD = 20 -## -## Physical install (for disks over 240GB) -## - DB size is doubled to allow for upgrades -## -## DEFAULT_IMAGE_STOR_SIZE = 10 -## DEFAULT_DATABASE_STOR_SIZE = 20 -## DEFAULT_IMG_CONVERSION_STOR_SIZE = 20 -## BACKUP = DEFAULT_DATABASE_STOR_SIZE + DEFAULT_IMAGE_STOR_SIZE -## + BACKUP_OVERHEAD = 50 -## LOG_VOL_SIZE = 8192 -## SCRATCH_VOL_SIZE = 8192 -## RABBIT = 2048 -## PLATFORM = 2048 -## ANCHOR = 1024 -## EXTENSION = 1024 -## GNOCCHI = 5120 -## DOCKER = 30720 -## DOCKER_DIST = 16384 -## ETCD = 5120 -## CEPH_MON = 20480 -## KUBELET_VOL_SIZE = 10240 -## RESERVED_PE = 16 (based on pesize=32768) -## -## CGCS_PV_SIZE = 10240 + 2*20480 + 20480 + 51200 + 8196 + 8196 + 2048 + -## 2048 + 1024 + 1024 + 5120 + 30720 + 16384 + 5120 + -## 20480 + 10240 + 16 = 233496 -## -## small install - (for disks below 240GB) -## - DB size is doubled to allow for upgrades -## -## DEFAULT_SMALL_IMAGE_STOR_SIZE = 10 -## DEFAULT_SMALL_DATABASE_STOR_SIZE = 10 -## DEFAULT_SMALL_IMG_CONVERSION_STOR_SIZE = 10 -## DEFAULT_SMALL_BACKUP_STOR_SIZE = 40 -## -## LOG_VOL_SIZE = 8192 -## SCRATCH_VOL_SIZE = 8192 -## RABBIT = 2048 -## PLATFORM = 2048 -## ANCHOR = 1024 -## EXTENSION = 1024 -## GNOCCHI = 5120 -## DOCKER = 30720 -## DOCKER_DIST = 16384 -## ETCD = 5120 -## CEPH_MON = 20480 -## KUBELET_VOL_SIZE = 10240 -## RESERVED_PE = 16 (based on pesize=32768) -## -## -## CGCS_PV_SIZE = 10240 + 2*10240 + 10240 + 40960 + 8192 + 8192 + 2048 + -## 2048 + 1024 + 1024 + 5120 + 30720 + 16384 + 5120 + -## 20480 + 10240 + 16 = 192528 -## -## NOTE: To maintain upgrade compatability within the volume group, keep the -## undersized LOG_VOL_SIZE and SCRATCH_VOL_SIZE, but size the minimally size -## physical volume correctly. -## -## R4 AIO installations: -## - R4 (case #1): /boot (0.5G), / (20G), -## cgts-vg PV (239G), /local_pv (239G) -## - R4 (case #2): /boot (0.5G), / (20G), -## cgts-vg PV (239G), cgts-vg (239G) -## -## Upgrade migration will start with R5 install and create a partition to align -## above so filesystems within the volume group will be able to maintain their -## sizes in R5 -## - R5 install : /boot (0.5G), / (20G), -## cgts-vg PV (142G), un-partitioned (336G) -## - R5 (case #1): /boot (0.5G), / (20G), -## cgts-vg PV (142G), cgts-vg PV (97G), unpartitioned (239G) -## - R5 (case #2): /boot (0.5G), / (20G), -## cgts-vg PV (142G), cgts-vg PV (336G) -## - -sz=$(blockdev --getsize64 $(get_disk $rootfs_device)) -if [ $sz -le $((240*$gb)) ] ; then - # Round CGCS_PV_SIZE to the closest upper value that can be divided by 1024. - # 192528/1024=188.01. CGCS_PV_SIZE=189*1024=193536. Using a disk with a - # size under 189GiB will fail. - CGCS_PV_SIZE=193536 -else - # Round CGCS_PV_SIZE to the closest upper value that can be divided by 1024. - # 233496/1024=228.02. CGCS_PV_SIZE=229*1024=234496. - CGCS_PV_SIZE=234496 -fi - -ROOTFS_SIZE=20000 -LOG_VOL_SIZE=8000 -SCRATCH_VOL_SIZE=8000 - -ROOTFS_OPTIONS="defaults" -profile_mode=`cat /proc/cmdline |xargs -n1 echo |grep security_profile= | grep extended` -if [ -n "$profile_mode" ]; then - # Enable iversion labelling for rootfs when IMA is enabled - ROOTFS_OPTIONS="${ROOTFS_OPTIONS},iversion" -fi - -cat<>/tmp/part-include -part /boot --fstype=ext4 --asprimary --size=500 --ondrive=$(get_disk $rootfs_device) --fsoptions="$ROOTFS_OPTIONS" -part pv.253004 --grow --size=500 --maxsize=$CGCS_PV_SIZE --ondrive=$(get_disk $rootfs_device) -volgroup cgts-vg --pesize=32768 pv.253004 -logvol /var/log --fstype=ext4 --vgname=cgts-vg --size=$LOG_VOL_SIZE --name=log-lv -logvol /scratch --fstype=ext4 --vgname=cgts-vg --size=$SCRATCH_VOL_SIZE --name=scratch-lv -part / --fstype=ext4 --asprimary --size=$ROOTFS_SIZE --ondrive=$(get_disk $rootfs_device) --fsoptions="$ROOTFS_OPTIONS" -EOF - -%end - - -# Template from: post_platform_conf_aio_lowlatency.cfg -%post --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -# Set the security profile mode -secprofile="standard" -profile_mode=`cat /proc/cmdline |xargs -n1 echo |grep security_profile= | grep extended` -if [ -n "$profile_mode" ]; then - secprofile="extended" -fi - -mkdir -p -m 0775 /etc/platform -cat < /etc/platform/platform.conf -nodetype=controller -subfunction=controller,worker,lowlatency -system_type=All-in-one -security_profile=$secprofile -EOF - -%end - - -# Template from: post_common.cfg -%post --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -# Turn off locale support for i18n if is not installed -if [ ! -d /usr/share/i18n ] ; then - rm -f /etc/sysconfig/i18n -fi -# Unset the hostname -rm /etc/hostname - -# If using a serial install make sure to add a getty on the tty1 -conarg=`cat /proc/cmdline |xargs -n1 echo |grep console= |grep ttyS` -if [ -n "$conarg" ] ; then - echo "1:2345:respawn:/sbin/mingetty tty1" >> /etc/inittab -fi - -#### SECURITY PROFILE HANDLING (Post Installation) #### -# Check if the Security profile mode is enabled -# and load the appropriate kernel modules -secprofile=`cat /proc/cmdline |xargs -n1 echo |grep security_profile= | grep extended` -if [ -n "$secprofile" ]; then - echo "In Extended Security profile mode. Loading IMA kernel module" - systemctl enable auditd.service - # Add the securityfs mount for the IMA Runtime measurement list - echo "securityfs /sys/kernel/security securityfs defaults,nodev 0 0" >> /etc/fstab -else - # Disable audit daemon in the Standard Security Profile - systemctl disable auditd -fi - -. /etc/platform/platform.conf -# Configure smart package manager channels -rm -rf /var/lib/smart -mkdir /var/lib/smart -/usr/bin/smart channel -y \ - --add rpmdb type=rpm-sys name="RPM Database" -/usr/bin/smart channel -y \ - --add base type=rpm-md name="Base" baseurl=http://controller:${http_port:-8080}/feed/rel-19.12 -/usr/bin/smart channel -y \ - --add updates type=rpm-md name="Patches" baseurl=http://controller:${http_port:-8080}/updates/rel-19.12 - -# Configure smart to use rpm --nolinktos option -/usr/bin/smart config --set rpm-nolinktos=true - -# Configure smart to use rpm --nosignature option -/usr/bin/smart config --set rpm-check-signatures=false - -# Delete the CentOS yum repo files -rm -f /etc/yum.repos.d/CentOS-* - -# Persist the boot device naming as UDEV rules so that if the network device -# order changes post-install that we will still be able to DHCP from the -# correct interface to reach the active controller. For most nodes only the -# management/boot interface needs to be persisted but because we require both -# controllers to be identically configured and controller-0 and controller-1 -# are installed differently (e.g., controller-0 from USB and controller-1 from -# network) it is not possible to know which interface to persist for -# controller-0. The simplest solution is to persist all interfaces. -# -mkdir -p /etc/udev/rules.d -echo "# Persisted network interfaces from anaconda installer" > /etc/udev/rules.d/70-persistent-net.rules -for dir in /sys/class/net/*; do - if [ -e ${dir}/device ]; then - dev=$(basename ${dir}) - mac_address=$(cat /sys/class/net/${dev}/address) - echo "ACTION==\"add\", SUBSYSTEM==\"net\", DRIVERS==\"?*\", ATTR{address}==\"${mac_address}\", NAME=\"${dev}\"" >> /etc/udev/rules.d/70-persistent-net.rules - fi -done - -# Mark the sysadmin password as expired immediately -chage -d 0 sysadmin - -# Lock the root password -passwd -l root - -# Enable tmpfs mount for /tmp -# delete /var/tmp so that it can similinked in -rm -rf /var/tmp -systemctl enable tmp.mount - -# Disable automount of /dev/hugepages -systemctl mask dev-hugepages.mount - -# Disable firewall -systemctl disable firewalld - -# Disable libvirtd -systemctl disable libvirtd.service - -# Enable rsyncd -systemctl enable rsyncd.service - -# Allow root to run sudo from a non-tty (for scripts running as root that run sudo cmds) -echo 'Defaults:root !requiretty' > /etc/sudoers.d/root - -# Make fstab just root read/writable -chmod 600 /etc/fstab - -# Create first_boot flag -touch /etc/platform/.first_boot - -%end - -# Template from: post_kernel_aio_and_worker.cfg -%post --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -# Source the generated platform.conf -. /etc/platform/platform.conf - -# Update grub with custom kernel bootargs -source /etc/init.d/cpumap_functions.sh -n_cpus=$(cat /proc/cpuinfo 2>/dev/null | \ - awk '/^[pP]rocessor/ { n +=1 } END { print (n>0) ? n : 1}') -n_numa=$(ls -d /sys/devices/system/node/node* 2>/dev/null | wc -l) -KERN_OPTS=" iommu=pt usbcore.autosuspend=-1" - -KERN_OPTS="${KERN_OPTS} hugepagesz=2M hugepages=0 default_hugepagesz=2M" - -# If this is an all-in-one system, we need at least 4 CPUs -if [ "$system_type" = "All-in-one" -a ${n_cpus} -lt 4 ]; then - report_post_failure_with_msg "ERROR: At least 4 CPUs are required for controller+worker node." -fi - -# Add kernel options for cpu isolation / affinity -if [ ${n_cpus} -gt 1 ] -then - base_cpulist=$(platform_expanded_cpu_list) - base_cpumap=$(cpulist_to_cpumap ${base_cpulist} ${n_cpus}) - avp_cpulist=$(vswitch_expanded_cpu_list) - norcu_cpumap=$(invert_cpumap ${base_cpumap} ${n_cpus}) - norcu_cpulist=$(cpumap_to_cpulist ${norcu_cpumap} ${n_cpus}) - - if [[ "$subfunction" =~ lowlatency ]]; then - KERN_OPTS="${KERN_OPTS} isolcpus=${norcu_cpulist}" - KERN_OPTS="${KERN_OPTS} nohz_full=${norcu_cpulist}" - else - KERN_OPTS="${KERN_OPTS} isolcpus=${avp_cpulist}" - fi - KERN_OPTS="${KERN_OPTS} rcu_nocbs=${norcu_cpulist}" - KERN_OPTS="${KERN_OPTS} kthread_cpus=${base_cpulist}" - KERN_OPTS="${KERN_OPTS} irqaffinity=${base_cpulist}" - # Update vswitch.conf - sed -i "s/^VSWITCH_CPU_LIST=.*/VSWITCH_CPU_LIST=\"${avp_cpulist}\"/" /etc/vswitch/vswitch.conf -fi - -# Add kernel options to ensure an selinux is disabled -KERN_OPTS="${KERN_OPTS} selinux=0 enforcing=0" - -# Add kernel options to set NMI watchdog -if [[ "$subfunction" =~ lowlatency ]]; then - KERN_OPTS="${KERN_OPTS} nmi_watchdog=0 softlockup_panic=0" -else - KERN_OPTS="${KERN_OPTS} nmi_watchdog=panic,1 softlockup_panic=1" -fi - -if [[ "$(dmidecode -s system-product-name)" =~ ^ProLiant.*Gen8$ ]]; then - KERN_OPTS="${KERN_OPTS} intel_iommu=on,eth_no_rmrr" -else - KERN_OPTS="${KERN_OPTS} intel_iommu=on" -fi - -# Add kernel option to disable biosdevname if enabled -# As this may already be in GRUB_CMDLINE_LINUX, only add if it is not already present -grep -q '^GRUB_CMDLINE_LINUX=.*biosdevname=0' /etc/default/grub -if [ $? -ne 0 ]; then - KERN_OPTS="${KERN_OPTS} biosdevname=0" -fi - -# Add kernel options to disable kvm-intel.eptad on Broadwell -# Broadwell: Model: 79, Model name: Intel(R) Xeon(R) CPU E5-2699 v4 @ 2.20GHz -if grep -q -E "^model\s+:\s+79$" /proc/cpuinfo -then - KERN_OPTS="${KERN_OPTS} kvm-intel.eptad=0" -fi - -# k8s updates: -#KERN_OPTS="${KERN_OPTS} cgroup_disable=memory" -KERN_OPTS="${KERN_OPTS} user_namespace.enable=1" - -# Add kernel option to avoid jiffies_lock contention on real-time kernel -if [[ "$subfunction" =~ lowlatency ]]; then - KERN_OPTS="${KERN_OPTS} skew_tick=1" -fi - -# If the installer asked us to use security related kernel params, use -# them in the grub line as well (until they can be configured via puppet) -grep -q 'nopti' /proc/cmdline -if [ $? -eq 0 ]; then - KERN_OPTS="${KERN_OPTS} nopti" -fi -grep -q 'nospectre_v2' /proc/cmdline -if [ $? -eq 0 ]; then - KERN_OPTS="${KERN_OPTS} nospectre_v2" -fi - -perl -pi -e 's/(GRUB_CMDLINE_LINUX=.*)\"/\1'"$KERN_OPTS"'\"/g' /etc/default/grub - -if [ -d /sys/firmware/efi ] ; then - grub2-mkconfig -o /boot/efi/EFI/centos/grub.cfg -else - grub2-mkconfig -o /boot/grub2/grub.cfg -fi - -%end - - -# Template from: post_lvm_pv_on_rootfs.cfg -%post --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -# uncomment the global_filter line in lvm.conf -perl -0777 -i.bak -pe 's:(# This configuration option has an automatic default value\.\n)\t# global_filter:$1 global_filter:m' /etc/lvm/lvm.conf - -# Determine which disk we created our PV on (i.e. the root disk) -ROOTDISK=$(get_by_path $(pvdisplay --select 'vg_name=cgts-vg' -C -o pv_name --noheadings)) -if [ -z "$ROOTDISK" ]; then - report_post_failure_with_msg "ERROR: failed to identify rootdisk via pvdisplay" -fi -# Edit the LVM config so LVM only looks for LVs on the root disk -sed -i "s#^\( *\)global_filter = \[.*#\1global_filter = [ \"a|${ROOTDISK}|\", \"r|.*|\" ]#" /etc/lvm/lvm.conf -%end - - -# Template from: post_system_aio.cfg -%post --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -# Source the generated platform.conf -. /etc/platform/platform.conf - -## Reserve more memory for base processes since the controller has higher -## memory requirements but cap it to better handle systems with large -## amounts of memory -TOTALMEM=$(grep MemTotal /proc/meminfo | awk '{print int($2/1024)}') - -if [ -e /sys/devices/system/node/node0 ]; then - RESERVEDMEM=$(grep MemTotal /sys/devices/system/node/node0/meminfo | awk '{printf "%d\n", $4/1024}') -else - RESERVEDMEM=$(grep MemTotal /proc/meminfo | awk '{print int($2/1024/4)}') -fi - -if [ ${RESERVEDMEM} -lt 6144 ]; then - RESERVEDMEM=6144 -elif [ ${RESERVEDMEM} -gt 14500 ]; then - RESERVEDMEM=14500 -elif [ ${RESERVEDMEM} -gt 8192 ]; then - RESERVEDMEM=8192 -fi - -sed -i -e "s#\(WORKER_BASE_RESERVED\)=.*#\1=(\"node0:${RESERVEDMEM}MB:1\" \"node1:2000MB:0\" \"node2:2000MB:0\" \"node3:2000MB:0\")#g" /etc/platform/worker_reserved.conf - -# Update WORKER_CPU_LIST -N_CPUS=$(cat /proc/cpuinfo 2>/dev/null | awk '/^[pP]rocessor/ { n +=1 } END { print (n>0) ? n : 1}') -sed -i "s/^WORKER_CPU_LIST=.*/WORKER_CPU_LIST=\"0-$((N_CPUS-1))\"/" /etc/platform/worker_reserved.conf - -%end - - -# Template from: post_net_controller.cfg -%post --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -http_port=$(get_http_port) -# Retrieve the installation uuid from the controller we booted from -INSTALL_UUID=`curl -sf http://pxecontroller:${http_port:-8080}/feed/rel-19.12/install_uuid` -if [ $? -ne 0 ] -then - INSTALL_UUID=unknown -fi - -grep -q INSTALL_UUID /etc/platform/platform.conf -if [ $? -ne 0 ]; then - echo "INSTALL_UUID=$INSTALL_UUID" >> /etc/platform/platform.conf -fi - -cd /www/pages -# Sync software repository -feed_url=http://pxecontroller:${http_port:-8080}/feed/ -anaconda_logdir=/var/log/anaconda -mkdir -p $anaconda_logdir - -echo "Mirroring software repository (may take several minutes)..." >/dev/console -wget --recursive --no-parent --no-host-directories --no-clobber --reject 'index.html*' --reject '*.log' $feed_url/ -o $anaconda_logdir/wget-feed-mirror.log \ - || report_post_failure_with_logfile $anaconda_logdir/wget-feed-mirror.log - -# Sync patching repository -updates_url=http://pxecontroller:${http_port:-8080}/updates/ -wget --mirror --no-parent --no-host-directories --reject 'index.html*' --reject '*.log' $updates_url/ -o $anaconda_logdir/wget-updates-mirror.log \ - || report_post_failure_with_logfile $anaconda_logdir/wget-updates-mirror.log -echo "Done" >/dev/console - -shopt -s nullglob - -# Check whether a second release is installed -. /etc/build.info -CURRENT_REL_DIR=rel-${SW_VERSION} -OTHER_REL_DIR= -for REL_DIR in /www/pages/feed/*; do - if [[ ! $REL_DIR =~ "${SW_VERSION}" ]]; then - OTHER_REL_DIR=`basename $REL_DIR` - OTHER_REL_VERSION=${OTHER_REL_DIR:4} - break - fi -done - -# If second release is installed, find the latest version of the installer -# RPM and install the pxeboot files we require to boot hosts with that release. -if [ ! -z "$OTHER_REL_DIR" ]; then - PATCH_RPM=`find /www/pages/updates/${OTHER_REL_DIR}/Packages -name 'pxe-network-installer*' | sort -V | tail -1` - BASE_RPM=`find /www/pages/feed/${OTHER_REL_DIR}/Packages -name 'pxe-network-installer*' | sort -V | tail -1` - - if [ ! -z "$PATCH_RPM" ]; then - INSTALL_RPM=$PATCH_RPM - elif [ ! -z "$BASE_RPM" ]; then - INSTALL_RPM=$BASE_RPM - else - report_post_failure_with_msg "ERROR: Unable to find pxe-network-installer RPM for $OTHER_REL_DIR. Aborting installation." - fi - - echo "Installing pxeboot files for release $OTHER_REL_DIR from $INSTALL_RPM" >/dev/console - TMP_RPM=/tmp/pxe-network-installer - mkdir $TMP_RPM - pushd $TMP_RPM - /usr/bin/rpm2cpio $INSTALL_RPM | cpio -idm \ - || report_post_failure_with_msg "Failed to extract pxe-network-installer" - - cp -r $TMP_RPM/usr / \ - || report_post_failure_with_msg "Failed to copy pxe-network-installer /usr" - cp -r $TMP_RPM/pxeboot/$OTHER_REL_DIR /pxeboot/ \ - || report_post_failure_with_msg "Failed to copy pxe-network-installer /pxeboot/$OTHER_REL_DIR" - cp $TMP_RPM/pxeboot/pxelinux.cfg.files/*-$OTHER_REL_VERSION /pxeboot/pxelinux.cfg.files/ \ - || report_post_failure_with_msg "Failed to copy pxe-network-installer pxelinux.cfg files" - - rm -rf $TMP_RPM -fi - -%end - -# Template from: post_net_common.cfg -%pre --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -http_port=$(get_http_port) -echo "repo --name=base --baseurl=http://pxecontroller:${http_port:-8080}/feed/rel-19.12/" > /tmp/repo-include -echo "repo --name=updates --baseurl=http://pxecontroller:${http_port:-8080}/updates/rel-19.12/" > /tmp/repo-include - -%end - -# Repository arguments from %pre -%include /tmp/repo-include - - -%post --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -# Persist the http port to the platform configuration -echo http_port=$(get_http_port) >> /etc/platform/platform.conf - -# Obtain the boot interface from the PXE boot -BOOTIF=`cat /proc/cmdline |xargs -n1 echo |grep BOOTIF=` -if [ -d /sys/firmware/efi ] ; then - BOOTIF=${BOOTIF#BOOTIF=} -else - BOOTIF=${BOOTIF#BOOTIF=01-} - BOOTIF=${BOOTIF//-/:} -fi - -mgmt_dev=none -mgmt_vlan=0 -if [ -n "$BOOTIF" ] ; then - ndev=`ip link show |grep -B 1 $BOOTIF |head -1 |awk '{print $2}' |sed -e 's/://'` - if [ -n "$ndev" ] ; then - mgmt_dev=$ndev - # Retrieve the management VLAN from sysinv if it exists - mgmt_vlan=`curl -sf http://pxecontroller:6385/v1/isystems/mgmtvlan` - if [ $? -ne 0 ] - then - report_post_failure_with_msg "ERROR: Unable to communicate with System Inventory REST API. Aborting installation." - fi - else - report_post_failure_with_msg "ERROR: Unable to determine mgmt interface from BOOTIF=$BOOTIF." - fi -else - report_post_failure_with_msg "ERROR: BOOTIF is not set. Unable to determine mgmt interface." -fi - -if [ $mgmt_vlan -eq 0 ] ; then - - # Persist the boot device to the platform configuration. This will get - # overwritten later if the management_interface is on a bonded interface. - echo management_interface=$mgmt_dev >> /etc/platform/platform.conf - - # Build networking scripts - cat << EOF > /etc/sysconfig/network-scripts/ifcfg-lo -DEVICE=lo -IPADDR=127.0.0.1 -NETMASK=255.0.0.0 -NETWORK=127.0.0.0 -BROADCAST=127.255.255.255 -ONBOOT=yes -IPV6_AUTOCONF=no -NAME=loopback -EOF - - cat << EOF > /etc/sysconfig/network-scripts/ifcfg-$mgmt_dev -DEVICE=$mgmt_dev -BOOTPROTO=dhcp -ONBOOT=yes -IPV6_AUTOCONF=no -LINKDELAY=20 -EOF - -else - - # Check whether to use inet or inet6 - ipv6_addr=$(dig +short AAAA controller) - if [[ -n "$ipv6_addr" ]] - then - mgmt_address_family=inet6 - ipv6init=yes - dhcpv6c=yes - dhclientargs=-1 - else - mgmt_address_family=inet - ipv6init=no - dhcpv6c=no - dhclientargs= - fi - - # Persist the boot device to the platform configuration. This will get - # overwritten later if the management_interface is on a bonded interface. - echo management_interface=vlan$mgmt_vlan >> /etc/platform/platform.conf - - # Build networking scripts - cat << EOF > /etc/sysconfig/network-scripts/ifcfg-lo -DEVICE=lo -IPADDR=127.0.0.1 -NETMASK=255.0.0.0 -NETWORK=127.0.0.0 -BROADCAST=127.255.255.255 -ONBOOT=yes -IPV6_AUTOCONF=no -NAME=loopback -EOF - - cat << EOF > /etc/sysconfig/network-scripts/ifcfg-$mgmt_dev -DEVICE=$mgmt_dev -BOOTPROTO=none -ONBOOT=yes -IPV6_AUTOCONF=no -LINKDELAY=20 -EOF - - cat << EOF > /etc/sysconfig/network-scripts/ifcfg-vlan$mgmt_vlan -DEVICE=vlan$mgmt_vlan -BOOTPROTO=dhcp -DHCLIENTARGS=$dhclientargs -IPV6INIT=$ipv6init -DHCPV6C=$dhcpv6c -ONBOOT=yes -IPV6_AUTOCONF=no -PHYSDEV=$mgmt_dev -VLAN=yes -LINKDELAY=20 -EOF - - # Reject DHCPOFFER from DHCP server that doesn't send - # wrs-install-uuid option - echo "require wrs-install-uuid;" >>/etc/dhcp/dhclient.conf - echo "require dhcp6.wrs-install-uuid;" >>/etc/dhcp/dhclient.conf - - # Bring up the mgmt vlan so that a dhcp lease is acquired and an address is - # setup prior to the post-install reboot. This is so that the timing of the IP - # address allocation is similar to how normal/non-pxe installation works. - mgmt_iface=vlan$mgmt_vlan - dhclient_family=$([[ $mgmt_address_family == "inet" ]] && echo -4 || echo -6) - ip link add link $mgmt_dev name $mgmt_iface type vlan id $mgmt_vlan - ip link set up dev $mgmt_iface - dhclient $dhclient_family $mgmt_iface || true - -fi - -%end diff --git a/meta-stx/conf/distro/files/ks/net_storage_ks.cfg b/meta-stx/conf/distro/files/ks/net_storage_ks.cfg deleted file mode 100644 index dcac1f2..0000000 --- a/meta-stx/conf/distro/files/ks/net_storage_ks.cfg +++ /dev/null @@ -1,861 +0,0 @@ -# -# Copyright (c) 2019 Wind River Systems, Inc. -# SPDX-License-Identifier: Apache-2.0 -# - -%pre -# This file defines functions that can be used in %pre and %post kickstart sections, by including: -# . /tmp/ks-functions.sh -# - -cat </tmp/ks-functions.sh -# -# Copyright (c) 2019 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# - -function get_by_path() -{ - local disk=\$(cd /dev ; readlink -f \$1) - for p in /dev/disk/by-path/*; do - if [ "\$disk" = "\$(readlink -f \$p)" ]; then - echo \$p - return - fi - done -} - -function get_disk() -{ - echo \$(cd /dev ; readlink -f \$1) -} - -function report_pre_failure_with_msg() -{ - local msg=\$1 - echo -e '\n\nInstallation failed.\n' - echo "\$msg" - - exit 1 -} - -function report_post_failure_with_msg() -{ - local msg=\$1 - cat <> /etc/motd - -Installation failed. -\$msg - -EOF - echo "\$msg" >/etc/platform/installation_failed - - echo -e '\n\nInstallation failed.\n' - echo "\$msg" - - exit 1 -} - -function report_post_failure_with_logfile() -{ - local logfile=\$1 - cat <> /etc/motd - -Installation failed. -Please see \$logfile for details of failure - -EOF - echo \$logfile >/etc/platform/installation_failed - - echo -e '\n\nInstallation failed.\n' - cat \$logfile - - exit 1 -} - -function get_http_port() -{ - echo \$(cat /proc/cmdline |xargs -n1 echo |grep '^inst.repo=' | sed -r 's#^[^/]*://[^/]*:([0-9]*)/.*#\1#') -} - -END_FUNCTIONS - -%end - -%post -# This file defines functions that can be used in %pre and %post kickstart sections, by including: -# . /tmp/ks-functions.sh -# - -cat </tmp/ks-functions.sh -# -# Copyright (c) 2019 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# - -function get_by_path() -{ - local disk=\$(cd /dev ; readlink -f \$1) - for p in /dev/disk/by-path/*; do - if [ "\$disk" = "\$(readlink -f \$p)" ]; then - echo \$p - return - fi - done -} - -function get_disk() -{ - echo \$(cd /dev ; readlink -f \$1) -} - -function report_pre_failure_with_msg() -{ - local msg=\$1 - echo -e '\n\nInstallation failed.\n' - echo "\$msg" - - exit 1 -} - -function report_post_failure_with_msg() -{ - local msg=\$1 - cat <> /etc/motd - -Installation failed. -\$msg - -EOF - echo "\$msg" >/etc/platform/installation_failed - - echo -e '\n\nInstallation failed.\n' - echo "\$msg" - - exit 1 -} - -function report_post_failure_with_logfile() -{ - local logfile=\$1 - cat <> /etc/motd - -Installation failed. -Please see \$logfile for details of failure - -EOF - echo \$logfile >/etc/platform/installation_failed - - echo -e '\n\nInstallation failed.\n' - cat \$logfile - - exit 1 -} - -function get_http_port() -{ - echo \$(cat /proc/cmdline |xargs -n1 echo |grep '^inst.repo=' | sed -r 's#^[^/]*://[^/]*:([0-9]*)/.*#\1#') -} - -END_FUNCTIONS - -%end - - -# Template from: pre_common_head.cfg -%pre --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -# First, parse /proc/cmdline to find the boot args -set -- `cat /proc/cmdline` -for I in $*; do case "$I" in *=*) eval $I 2>/dev/null;; esac; done - -append= -if [ -n "$console" ] ; then - append="console=$console" -fi - -if [ -n "$security_profile" ]; then - append="$append security_profile=$security_profile" -fi - -#### SECURITY PROFILE HANDLING (Pre Installation) #### -if [ -n "$security_profile" ] && [ "$security_profile" == "extended" ]; then - # IMA specific boot options: - # Enable Kernel auditing - append="$append audit=1" -else - # we need to blacklist the IMA and Integrity Modules - # on standard security profile - append="$append module_blacklist=integrity,ima" - - # Disable Kernel auditing in Standard Security Profile mode - append="$append audit=0" -fi - -if [ -n "$tboot" ]; then - append="$append tboot=$tboot" -else - append="$append tboot=false" -fi - -boot_device_arg= -if [ -n "$boot_device" ] ; then - boot_device_arg="--boot-drive=$(get_by_path $boot_device)" -fi - -echo "bootloader --location=mbr $boot_device_arg --timeout=5 --append=\"$append\"" > /tmp/bootloader-include - -echo "timezone --nontp --utc UTC" >/tmp/timezone-include -%end - -#version=DEVEL -install -lang en_US.UTF-8 -keyboard us -%include /tmp/timezone-include -# set to 'x' so we can use shadow password -rootpw --iscrypted x -selinux --disabled -authconfig --enableshadow --passalgo=sha512 -firewall --service=ssh - -# The following is the partition information you requested -# Note that any partitions you deleted are not expressed -# here so unless you clear all partitions first, this is -# not guaranteed to work -zerombr - -# Disk layout from %pre -%include /tmp/part-include -# Bootloader parms from %pre -%include /tmp/bootloader-include - -reboot --eject - - -# Template from: pre_net_common.cfg -%pre - -# Setup ntp.conf and sync time -cat </etc/ntp_kickstart.conf -server pxecontroller -EOF - -/usr/sbin/ntpd -g -q -n -c /etc/ntp_kickstart.conf -if [ $? -eq 0 ]; then - /sbin/hwclock --systohc --utc -fi - -%end - - -# Template from: pre_pkglist.cfg -%packages -@core -@base --kernel-module-igb-uio-rt --kernel-module-wrs-avp-rt --kernel-rt --kernel-rt-kvm --kernel-rt-tools --kernel-rt-tools-libs --kmod-drbd-rt --kmod-e1000e-rt --kmod-i40e-rt --kmod-ixgbe-rt --kmod-tpm-rt --mlnx-ofa_kernel --mlnx-ofa_kernel-rt --mlnx-ofa_kernel-rt-modules --qat16-rt -@platform-storage -@updates-storage -%end - - -# Template from: pre_disk_setup_common.cfg -%pre --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -# This is a really fancy way of finding the first usable disk for the -# install and not stomping on the USB device if it comes up first - -# First, parse /proc/cmdline to find the boot args -set -- `cat /proc/cmdline` -for I in $*; do case "$I" in *=*) eval $I 2>/dev/null;; esac; done - -# Find either the ISO or USB device first chopping off partition -ISO_DEV=`readlink /dev/disk/by-label/oe_iso_boot` -sdev=`echo $ISO_DEV | sed -e 's/.$//'` -if [ -e /dev/disk/by-label/$sdev ] ; then - ISO_DEV=$sdev -fi -USB_DEV=`readlink /dev/disk/by-label/wr_usb_boot` -sdev=`echo $USB_DEV | sed -e 's/.$//'` -if [ -e /dev/disk/by-label/$sdev ] ; then - USB_DEV=$sdev -fi - -# Temporary, until lab pxelinux.cfg files are updated to specify install devices -if [ -z "$rootfs_device" -o -z "$boot_device" ] -then - INST_HDD="" - # Prefer a vd* device if this is kvm/qemu - for e in vda vdb sda sdb nvme0n1; do - if [ -e /dev/$e -a "$ISO_DEV" != "../../$e" -a "$USB_DEV" != "../../$e" ] ; then - INST_HDD=$e - break - fi - done - - # Set variables to $INST_HDD if not set - rootfs_device=${rootfs_device:-$INST_HDD} - boot_device=${boot_device:-$INST_HDD} -fi - -# Convert to by-path -orig_rootfs_device=$rootfs_device -rootfs_device=$(get_by_path $rootfs_device) - -orig_boot_device=$boot_device -boot_device=$(get_by_path $boot_device) - -if [ ! -e "$rootfs_device" -o ! -e "$boot_device" ] ; then - # Touch this file to prevent Anaconda from dying an ungraceful death - touch /tmp/part-include - - report_pre_failure_with_msg "ERROR: Specified installation ($orig_rootfs_device) or boot ($orig_boot_device) device is invalid." -fi - -# Ensure specified device is not a USB drive -udevadm info --query=property --name=$rootfs_device |grep -q '^ID_BUS=usb' || \ - udevadm info --query=property --name=$boot_device |grep -q '^ID_BUS=usb' -if [ $? -eq 0 ]; then - # Touch this file to prevent Anaconda from dying an ungraceful death - touch /tmp/part-include - - report_pre_failure_with_msg "ERROR: Specified installation ($orig_rootfs_device) or boot ($orig_boot_device) device is a USB drive." -fi - -# Deactivate existing volume groups to avoid Anaconda issues with pre-existing groups -vgs --noheadings -o vg_name | xargs --no-run-if-empty -n 1 vgchange -an - -# Remove volumes and group for cgts-vg, if any -lvremove --force cgts-vg -pvs --select 'vg_name=cgts-vg' --noheadings -o pv_name | xargs --no-run-if-empty pvremove --force --force --yes -vgs --select 'vg_name=cgts-vg' --noheadings -o vg_name | xargs --no-run-if-empty vgremove --force - -ONLYUSE_HDD="" -if [ "$(curl -sf http://pxecontroller:6385/v1/upgrade/$(hostname)/in_upgrade 2>/dev/null)" = "true" ]; then - # In an upgrade, only wipe the disk with the rootfs and boot partition - echo "In upgrade, wiping only $rootfs_device" - WIPE_HDD="$(get_disk $rootfs_device)" - ONLYUSE_HDD="$(basename $(get_disk $rootfs_device))" - if [ "$(get_disk $rootfs_device)" != "$(get_disk $boot_device)" ]; then - WIPE_HDD="$WIPE_HDD,$(get_disk $boot_device)" - ONLYUSE_HDD="$ONLYUSE_HDD,$(basename $(get_disk $boot_device))" - fi -else - # Make a list of all the hard drives that are to be wiped - WIPE_HDD="" - # Partition type OSD has a unique globally identifier - part_type_guid_str="Partition GUID code" - CEPH_OSD_GUID="4FBD7E29-9D25-41B8-AFD0-062C0CEFF05D" - - # Check if we wipe OSDs - if [ "$(curl -sf http://pxecontroller:6385/v1/ihosts/wipe_osds 2>/dev/null)" = "true" ]; then - echo "Wipe OSD data." - WIPE_CEPH_OSDS="true" - else - echo "Skip Ceph OSD data wipe." - WIPE_CEPH_OSDS="false" - fi - - for f in /dev/disk/by-path/* - do - dev=$(readlink -f $f) - lsblk --nodeps --pairs $dev | grep -q 'TYPE="disk"' - if [ $? -ne 0 ] - then - continue - fi - - # Avoid wiping USB drives - udevadm info --query=property --name=$dev |grep -q '^ID_BUS=usb' && continue - - # Avoid wiping ceph osds if sysinv tells us so - if [ ${WIPE_CEPH_OSDS} == "false" ]; then - wipe_dev="true" - part_numbers=( `parted -s $dev print | awk '$1 == "Number" {i=1; next}; i {print $1}'` ) - # Scanning the partitions looking for CEPH OSDs and - # skipping any disk found with such partitions - for part_number in "${part_numbers[@]}"; do - sgdisk_part_info=$(flock $dev sgdisk -i $part_number $dev) - part_type_guid=$(echo "$sgdisk_part_info" | grep "$part_type_guid_str" | awk '{print $4;}') - if [ "$part_type_guid" == $CEPH_OSD_GUID ]; then - echo "OSD found on $dev, skipping wipe" - wipe_dev="false" - break - fi - done - if [ "$wipe_dev" == "false" ]; then - continue - fi - fi - - # Add device to the wipe list - devname=$(basename $dev) - if [ -e $dev -a "$ISO_DEV" != "../../$devname" -a "$USB_DEV" != "../../$devname" ]; then - if [ -n "$WIPE_HDD" ]; then - WIPE_HDD=$WIPE_HDD,$dev - else - WIPE_HDD=$dev - fi - fi - done - echo "Not in upgrade, wiping disks: $WIPE_HDD" -fi - -for dev in ${WIPE_HDD//,/ } -do - # Clearing previous GPT tables or LVM data - # Delete the first few bytes at the start and end of the partition. This is required with - # GPT partitions, they save partition info at the start and the end of the block. - # Do this for each partition on the disk, as well. - partitions=$(lsblk -rip $dev -o TYPE,NAME |awk '$1 == "part" {print $2}') - for p in $partitions $dev - do - echo "Pre-wiping $p from kickstart" - dd if=/dev/zero of=$p bs=512 count=34 - dd if=/dev/zero of=$p bs=512 count=34 seek=$((`blockdev --getsz $p` - 34)) - done -done - -# Check for remaining cgts-vg PVs, which could potentially happen -# in an upgrade where we're not wiping all disks. -# If we ever create other volume groups from kickstart in the future, -# include them in this search as well. -partitions=$(pvs --select 'vg_name=cgts-vg' -o pv_name --noheading | grep -v '\[unknown\]') -for p in $partitions -do - echo "Pre-wiping $p from kickstart (cgts-vg present)" - dd if=/dev/zero of=$p bs=512 count=34 - dd if=/dev/zero of=$p bs=512 count=34 seek=$((`blockdev --getsz $p` - 34)) -done - -let -i gb=1024*1024*1024 - -cat</tmp/part-include -clearpart --all --drives=$WIPE_HDD --initlabel -EOF - -if [ -n "$ONLYUSE_HDD" ]; then - cat<>/tmp/part-include -ignoredisk --only-use=$ONLYUSE_HDD -EOF -fi - -if [ -d /sys/firmware/efi ] ; then - cat<>/tmp/part-include -part /boot/efi --fstype=efi --size=300 --ondrive=$(get_disk $boot_device) -EOF -else - cat<>/tmp/part-include -part biosboot --asprimary --fstype=biosboot --size=1 --ondrive=$(get_disk $boot_device) -EOF -fi - - -# Template from: pre_disk_storage.cfg - -sz=$(blockdev --getsize64 $(get_disk $rootfs_device)) -if [ $sz -le $((90*$gb)) ] ; then - LOG_VOL_SIZE=4000 - SCRATCH_VOL_SIZE=4000 - ROOTFS_SIZE=10000 -else - LOG_VOL_SIZE=8000 - SCRATCH_VOL_SIZE=8000 - ROOTFS_SIZE=20000 -fi - -ROOTFS_OPTIONS="defaults" -profile_mode=`cat /proc/cmdline |xargs -n1 echo |grep security_profile= | grep extended` -if [ -n "$profile_mode" ]; then - # Enable iversion labelling for rootfs when IMA is enabled - ROOTFS_OPTIONS="${ROOTFS_OPTIONS},iversion" -fi - -cat<>/tmp/part-include -part /boot --fstype=ext4 --asprimary --size=500 --ondrive=$(get_disk $rootfs_device) --fsoptions="$ROOTFS_OPTIONS" -part pv.253004 --grow --asprimary --size=500 --ondrive=$(get_disk $rootfs_device) -volgroup cgts-vg --pesize=32768 pv.253004 -logvol /var/log --fstype=ext4 --vgname=cgts-vg --size=$LOG_VOL_SIZE --name=log-lv -logvol /scratch --fstype=ext4 --vgname=cgts-vg --size=$SCRATCH_VOL_SIZE --name=scratch-lv -part / --fstype=ext4 --asprimary --size=$ROOTFS_SIZE --ondrive=$(get_disk $rootfs_device) --fsoptions="$ROOTFS_OPTIONS" - -EOF - -%end - - -# Template from: post_platform_conf_storage.cfg -%post --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -# Retrieve the installation uuid from the controller we booted from -http_port=$(get_http_port) -INSTALL_UUID=`curl -sf http://pxecontroller:${http_port:-8080}/feed/rel-19.12/install_uuid` -if [ $? -ne 0 ] -then - INSTALL_UUID=unknown -fi - -# Set the security profile mode -secprofile="standard" -profile_mode=`cat /proc/cmdline |xargs -n1 echo |grep security_profile= | grep extended` -if [ -n "$profile_mode" ]; then - secprofile="extended" -fi - -mkdir -p -m 0775 /etc/platform -cat < /etc/platform/platform.conf -nodetype=storage -subfunction=storage -system_type=Standard -security_profile=$secprofile -INSTALL_UUID=$INSTALL_UUID -EOF - -%end - -# Template from: post_common.cfg -%post --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -# Turn off locale support for i18n if is not installed -if [ ! -d /usr/share/i18n ] ; then - rm -f /etc/sysconfig/i18n -fi -# Unset the hostname -rm /etc/hostname - -# If using a serial install make sure to add a getty on the tty1 -conarg=`cat /proc/cmdline |xargs -n1 echo |grep console= |grep ttyS` -if [ -n "$conarg" ] ; then - echo "1:2345:respawn:/sbin/mingetty tty1" >> /etc/inittab -fi - -#### SECURITY PROFILE HANDLING (Post Installation) #### -# Check if the Security profile mode is enabled -# and load the appropriate kernel modules -secprofile=`cat /proc/cmdline |xargs -n1 echo |grep security_profile= | grep extended` -if [ -n "$secprofile" ]; then - echo "In Extended Security profile mode. Loading IMA kernel module" - systemctl enable auditd.service - # Add the securityfs mount for the IMA Runtime measurement list - echo "securityfs /sys/kernel/security securityfs defaults,nodev 0 0" >> /etc/fstab -else - # Disable audit daemon in the Standard Security Profile - systemctl disable auditd -fi - -. /etc/platform/platform.conf -# Configure smart package manager channels -rm -rf /var/lib/smart -mkdir /var/lib/smart -/usr/bin/smart channel -y \ - --add rpmdb type=rpm-sys name="RPM Database" -/usr/bin/smart channel -y \ - --add base type=rpm-md name="Base" baseurl=http://controller:${http_port:-8080}/feed/rel-19.12 -/usr/bin/smart channel -y \ - --add updates type=rpm-md name="Patches" baseurl=http://controller:${http_port:-8080}/updates/rel-19.12 - -# Configure smart to use rpm --nolinktos option -/usr/bin/smart config --set rpm-nolinktos=true - -# Configure smart to use rpm --nosignature option -/usr/bin/smart config --set rpm-check-signatures=false - -# Delete the CentOS yum repo files -rm -f /etc/yum.repos.d/CentOS-* - -# Persist the boot device naming as UDEV rules so that if the network device -# order changes post-install that we will still be able to DHCP from the -# correct interface to reach the active controller. For most nodes only the -# management/boot interface needs to be persisted but because we require both -# controllers to be identically configured and controller-0 and controller-1 -# are installed differently (e.g., controller-0 from USB and controller-1 from -# network) it is not possible to know which interface to persist for -# controller-0. The simplest solution is to persist all interfaces. -# -mkdir -p /etc/udev/rules.d -echo "# Persisted network interfaces from anaconda installer" > /etc/udev/rules.d/70-persistent-net.rules -for dir in /sys/class/net/*; do - if [ -e ${dir}/device ]; then - dev=$(basename ${dir}) - mac_address=$(cat /sys/class/net/${dev}/address) - echo "ACTION==\"add\", SUBSYSTEM==\"net\", DRIVERS==\"?*\", ATTR{address}==\"${mac_address}\", NAME=\"${dev}\"" >> /etc/udev/rules.d/70-persistent-net.rules - fi -done - -# Mark the sysadmin password as expired immediately -chage -d 0 sysadmin - -# Lock the root password -passwd -l root - -# Enable tmpfs mount for /tmp -# delete /var/tmp so that it can similinked in -rm -rf /var/tmp -systemctl enable tmp.mount - -# Disable automount of /dev/hugepages -systemctl mask dev-hugepages.mount - -# Disable firewall -systemctl disable firewalld - -# Disable libvirtd -systemctl disable libvirtd.service - -# Enable rsyncd -systemctl enable rsyncd.service - -# Allow root to run sudo from a non-tty (for scripts running as root that run sudo cmds) -echo 'Defaults:root !requiretty' > /etc/sudoers.d/root - -# Make fstab just root read/writable -chmod 600 /etc/fstab - -# Create first_boot flag -touch /etc/platform/.first_boot - -%end - -# Template from: post_kernel_storage.cfg -%post --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -## Custom kernel options -KERN_OPTS=" intel_iommu=off usbcore.autosuspend=-1" -## Add kernel options to ensure an selinux is disabled -KERN_OPTS="${KERN_OPTS} selinux=0 enforcing=0" - -# Add kernel options to ensure NMI watchdog is enabled, if supported -KERN_OPTS="${KERN_OPTS} nmi_watchdog=panic,1 softlockup_panic=1" - -# Add kernel option to disable biosdevname if enabled -# As this may already be in GRUB_CMDLINE_LINUX, only add if it is not already present -grep -q '^GRUB_CMDLINE_LINUX=.*biosdevname=0' /etc/default/grub -if [ $? -ne 0 ]; then - KERN_OPTS="${KERN_OPTS} biosdevname=0" -fi - -# k8s updates: -#KERN_OPTS="${KERN_OPTS} cgroup_disable=memory" -KERN_OPTS="${KERN_OPTS} user_namespace.enable=1" - -# If the installer asked us to use security related kernel params, use -# them in the grub line as well (until they can be configured via puppet) -grep -q 'nopti' /proc/cmdline -if [ $? -eq 0 ]; then - KERN_OPTS="${KERN_OPTS} nopti" -fi -grep -q 'nospectre_v2' /proc/cmdline -if [ $? -eq 0 ]; then - KERN_OPTS="${KERN_OPTS} nospectre_v2" -fi - -perl -pi -e 's/(GRUB_CMDLINE_LINUX=.*)\"/\1'"$KERN_OPTS"'\"/g' /etc/default/grub - -if [ -d /sys/firmware/efi ] ; then - grub2-mkconfig -o /boot/efi/EFI/centos/grub.cfg -else - grub2-mkconfig -o /boot/grub2/grub.cfg -fi - -%end - - -# Template from: post_lvm_pv_on_rootfs.cfg -%post --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -# uncomment the global_filter line in lvm.conf -perl -0777 -i.bak -pe 's:(# This configuration option has an automatic default value\.\n)\t# global_filter:$1 global_filter:m' /etc/lvm/lvm.conf - -# Determine which disk we created our PV on (i.e. the root disk) -ROOTDISK=$(get_by_path $(pvdisplay --select 'vg_name=cgts-vg' -C -o pv_name --noheadings)) -if [ -z "$ROOTDISK" ]; then - report_post_failure_with_msg "ERROR: failed to identify rootdisk via pvdisplay" -fi -# Edit the LVM config so LVM only looks for LVs on the root disk -sed -i "s#^\( *\)global_filter = \[.*#\1global_filter = [ \"a|${ROOTDISK}|\", \"r|.*|\" ]#" /etc/lvm/lvm.conf -%end - - -# Template from: post_net_common.cfg -%pre --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -http_port=$(get_http_port) -echo "repo --name=base --baseurl=http://pxecontroller:${http_port:-8080}/feed/rel-19.12/" > /tmp/repo-include -echo "repo --name=updates --baseurl=http://pxecontroller:${http_port:-8080}/updates/rel-19.12/" > /tmp/repo-include - -%end - -# Repository arguments from %pre -%include /tmp/repo-include - - -%post --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -# Persist the http port to the platform configuration -echo http_port=$(get_http_port) >> /etc/platform/platform.conf - -# Obtain the boot interface from the PXE boot -BOOTIF=`cat /proc/cmdline |xargs -n1 echo |grep BOOTIF=` -if [ -d /sys/firmware/efi ] ; then - BOOTIF=${BOOTIF#BOOTIF=} -else - BOOTIF=${BOOTIF#BOOTIF=01-} - BOOTIF=${BOOTIF//-/:} -fi - -mgmt_dev=none -mgmt_vlan=0 -if [ -n "$BOOTIF" ] ; then - ndev=`ip link show |grep -B 1 $BOOTIF |head -1 |awk '{print $2}' |sed -e 's/://'` - if [ -n "$ndev" ] ; then - mgmt_dev=$ndev - # Retrieve the management VLAN from sysinv if it exists - mgmt_vlan=`curl -sf http://pxecontroller:6385/v1/isystems/mgmtvlan` - if [ $? -ne 0 ] - then - report_post_failure_with_msg "ERROR: Unable to communicate with System Inventory REST API. Aborting installation." - fi - else - report_post_failure_with_msg "ERROR: Unable to determine mgmt interface from BOOTIF=$BOOTIF." - fi -else - report_post_failure_with_msg "ERROR: BOOTIF is not set. Unable to determine mgmt interface." -fi - -if [ $mgmt_vlan -eq 0 ] ; then - - # Persist the boot device to the platform configuration. This will get - # overwritten later if the management_interface is on a bonded interface. - echo management_interface=$mgmt_dev >> /etc/platform/platform.conf - - # Build networking scripts - cat << EOF > /etc/sysconfig/network-scripts/ifcfg-lo -DEVICE=lo -IPADDR=127.0.0.1 -NETMASK=255.0.0.0 -NETWORK=127.0.0.0 -BROADCAST=127.255.255.255 -ONBOOT=yes -IPV6_AUTOCONF=no -NAME=loopback -EOF - - cat << EOF > /etc/sysconfig/network-scripts/ifcfg-$mgmt_dev -DEVICE=$mgmt_dev -BOOTPROTO=dhcp -ONBOOT=yes -IPV6_AUTOCONF=no -LINKDELAY=20 -EOF - -else - - # Check whether to use inet or inet6 - ipv6_addr=$(dig +short AAAA controller) - if [[ -n "$ipv6_addr" ]] - then - mgmt_address_family=inet6 - ipv6init=yes - dhcpv6c=yes - dhclientargs=-1 - else - mgmt_address_family=inet - ipv6init=no - dhcpv6c=no - dhclientargs= - fi - - # Persist the boot device to the platform configuration. This will get - # overwritten later if the management_interface is on a bonded interface. - echo management_interface=vlan$mgmt_vlan >> /etc/platform/platform.conf - - # Build networking scripts - cat << EOF > /etc/sysconfig/network-scripts/ifcfg-lo -DEVICE=lo -IPADDR=127.0.0.1 -NETMASK=255.0.0.0 -NETWORK=127.0.0.0 -BROADCAST=127.255.255.255 -ONBOOT=yes -IPV6_AUTOCONF=no -NAME=loopback -EOF - - cat << EOF > /etc/sysconfig/network-scripts/ifcfg-$mgmt_dev -DEVICE=$mgmt_dev -BOOTPROTO=none -ONBOOT=yes -IPV6_AUTOCONF=no -LINKDELAY=20 -EOF - - cat << EOF > /etc/sysconfig/network-scripts/ifcfg-vlan$mgmt_vlan -DEVICE=vlan$mgmt_vlan -BOOTPROTO=dhcp -DHCLIENTARGS=$dhclientargs -IPV6INIT=$ipv6init -DHCPV6C=$dhcpv6c -ONBOOT=yes -IPV6_AUTOCONF=no -PHYSDEV=$mgmt_dev -VLAN=yes -LINKDELAY=20 -EOF - - # Reject DHCPOFFER from DHCP server that doesn't send - # wrs-install-uuid option - echo "require wrs-install-uuid;" >>/etc/dhcp/dhclient.conf - echo "require dhcp6.wrs-install-uuid;" >>/etc/dhcp/dhclient.conf - - # Bring up the mgmt vlan so that a dhcp lease is acquired and an address is - # setup prior to the post-install reboot. This is so that the timing of the IP - # address allocation is similar to how normal/non-pxe installation works. - mgmt_iface=vlan$mgmt_vlan - dhclient_family=$([[ $mgmt_address_family == "inet" ]] && echo -4 || echo -6) - ip link add link $mgmt_dev name $mgmt_iface type vlan id $mgmt_vlan - ip link set up dev $mgmt_iface - dhclient $dhclient_family $mgmt_iface || true - -fi - -%end diff --git a/meta-stx/conf/distro/files/ks/net_worker_ks.cfg b/meta-stx/conf/distro/files/ks/net_worker_ks.cfg deleted file mode 100644 index 79b5ec7..0000000 --- a/meta-stx/conf/distro/files/ks/net_worker_ks.cfg +++ /dev/null @@ -1,939 +0,0 @@ -# -# Copyright (c) 2019 Wind River Systems, Inc. -# SPDX-License-Identifier: Apache-2.0 -# - -%pre -# This file defines functions that can be used in %pre and %post kickstart sections, by including: -# . /tmp/ks-functions.sh -# - -cat </tmp/ks-functions.sh -# -# Copyright (c) 2019 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# - -function get_by_path() -{ - local disk=\$(cd /dev ; readlink -f \$1) - for p in /dev/disk/by-path/*; do - if [ "\$disk" = "\$(readlink -f \$p)" ]; then - echo \$p - return - fi - done -} - -function get_disk() -{ - echo \$(cd /dev ; readlink -f \$1) -} - -function report_pre_failure_with_msg() -{ - local msg=\$1 - echo -e '\n\nInstallation failed.\n' - echo "\$msg" - - exit 1 -} - -function report_post_failure_with_msg() -{ - local msg=\$1 - cat <> /etc/motd - -Installation failed. -\$msg - -EOF - echo "\$msg" >/etc/platform/installation_failed - - echo -e '\n\nInstallation failed.\n' - echo "\$msg" - - exit 1 -} - -function report_post_failure_with_logfile() -{ - local logfile=\$1 - cat <> /etc/motd - -Installation failed. -Please see \$logfile for details of failure - -EOF - echo \$logfile >/etc/platform/installation_failed - - echo -e '\n\nInstallation failed.\n' - cat \$logfile - - exit 1 -} - -function get_http_port() -{ - echo \$(cat /proc/cmdline |xargs -n1 echo |grep '^inst.repo=' | sed -r 's#^[^/]*://[^/]*:([0-9]*)/.*#\1#') -} - -END_FUNCTIONS - -%end - -%post -# This file defines functions that can be used in %pre and %post kickstart sections, by including: -# . /tmp/ks-functions.sh -# - -cat </tmp/ks-functions.sh -# -# Copyright (c) 2019 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# - -function get_by_path() -{ - local disk=\$(cd /dev ; readlink -f \$1) - for p in /dev/disk/by-path/*; do - if [ "\$disk" = "\$(readlink -f \$p)" ]; then - echo \$p - return - fi - done -} - -function get_disk() -{ - echo \$(cd /dev ; readlink -f \$1) -} - -function report_pre_failure_with_msg() -{ - local msg=\$1 - echo -e '\n\nInstallation failed.\n' - echo "\$msg" - - exit 1 -} - -function report_post_failure_with_msg() -{ - local msg=\$1 - cat <> /etc/motd - -Installation failed. -\$msg - -EOF - echo "\$msg" >/etc/platform/installation_failed - - echo -e '\n\nInstallation failed.\n' - echo "\$msg" - - exit 1 -} - -function report_post_failure_with_logfile() -{ - local logfile=\$1 - cat <> /etc/motd - -Installation failed. -Please see \$logfile for details of failure - -EOF - echo \$logfile >/etc/platform/installation_failed - - echo -e '\n\nInstallation failed.\n' - cat \$logfile - - exit 1 -} - -function get_http_port() -{ - echo \$(cat /proc/cmdline |xargs -n1 echo |grep '^inst.repo=' | sed -r 's#^[^/]*://[^/]*:([0-9]*)/.*#\1#') -} - -END_FUNCTIONS - -%end - - -# Template from: pre_common_head.cfg -%pre --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -# First, parse /proc/cmdline to find the boot args -set -- `cat /proc/cmdline` -for I in $*; do case "$I" in *=*) eval $I 2>/dev/null;; esac; done - -append= -if [ -n "$console" ] ; then - append="console=$console" -fi - -if [ -n "$security_profile" ]; then - append="$append security_profile=$security_profile" -fi - -#### SECURITY PROFILE HANDLING (Pre Installation) #### -if [ -n "$security_profile" ] && [ "$security_profile" == "extended" ]; then - # IMA specific boot options: - # Enable Kernel auditing - append="$append audit=1" -else - # we need to blacklist the IMA and Integrity Modules - # on standard security profile - append="$append module_blacklist=integrity,ima" - - # Disable Kernel auditing in Standard Security Profile mode - append="$append audit=0" -fi - -if [ -n "$tboot" ]; then - append="$append tboot=$tboot" -else - append="$append tboot=false" -fi - -boot_device_arg= -if [ -n "$boot_device" ] ; then - boot_device_arg="--boot-drive=$(get_by_path $boot_device)" -fi - -echo "bootloader --location=mbr $boot_device_arg --timeout=5 --append=\"$append\"" > /tmp/bootloader-include - -echo "timezone --nontp --utc UTC" >/tmp/timezone-include -%end - -#version=DEVEL -install -lang en_US.UTF-8 -keyboard us -%include /tmp/timezone-include -# set to 'x' so we can use shadow password -rootpw --iscrypted x -selinux --disabled -authconfig --enableshadow --passalgo=sha512 -firewall --service=ssh - -# The following is the partition information you requested -# Note that any partitions you deleted are not expressed -# here so unless you clear all partitions first, this is -# not guaranteed to work -zerombr - -# Disk layout from %pre -%include /tmp/part-include -# Bootloader parms from %pre -%include /tmp/bootloader-include - -reboot --eject - - -# Template from: pre_net_common.cfg -%pre - -# Setup ntp.conf and sync time -cat </etc/ntp_kickstart.conf -server pxecontroller -EOF - -/usr/sbin/ntpd -g -q -n -c /etc/ntp_kickstart.conf -if [ $? -eq 0 ]; then - /sbin/hwclock --systohc --utc -fi - -%end - - -# Template from: pre_pkglist.cfg -%packages -@core -@base --kernel-module-igb-uio-rt --kernel-module-wrs-avp-rt --kernel-rt --kernel-rt-kvm --kernel-rt-tools --kernel-rt-tools-libs --kmod-drbd-rt --kmod-e1000e-rt --kmod-i40e-rt --kmod-ixgbe-rt --kmod-tpm-rt --mlnx-ofa_kernel --mlnx-ofa_kernel-rt --mlnx-ofa_kernel-rt-modules --qat16-rt -@platform-worker -@updates-worker -%end - - -# Template from: pre_disk_setup_common.cfg -%pre --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -# This is a really fancy way of finding the first usable disk for the -# install and not stomping on the USB device if it comes up first - -# First, parse /proc/cmdline to find the boot args -set -- `cat /proc/cmdline` -for I in $*; do case "$I" in *=*) eval $I 2>/dev/null;; esac; done - -# Find either the ISO or USB device first chopping off partition -ISO_DEV=`readlink /dev/disk/by-label/oe_iso_boot` -sdev=`echo $ISO_DEV | sed -e 's/.$//'` -if [ -e /dev/disk/by-label/$sdev ] ; then - ISO_DEV=$sdev -fi -USB_DEV=`readlink /dev/disk/by-label/wr_usb_boot` -sdev=`echo $USB_DEV | sed -e 's/.$//'` -if [ -e /dev/disk/by-label/$sdev ] ; then - USB_DEV=$sdev -fi - -# Temporary, until lab pxelinux.cfg files are updated to specify install devices -if [ -z "$rootfs_device" -o -z "$boot_device" ] -then - INST_HDD="" - # Prefer a vd* device if this is kvm/qemu - for e in vda vdb sda sdb nvme0n1; do - if [ -e /dev/$e -a "$ISO_DEV" != "../../$e" -a "$USB_DEV" != "../../$e" ] ; then - INST_HDD=$e - break - fi - done - - # Set variables to $INST_HDD if not set - rootfs_device=${rootfs_device:-$INST_HDD} - boot_device=${boot_device:-$INST_HDD} -fi - -# Convert to by-path -orig_rootfs_device=$rootfs_device -rootfs_device=$(get_by_path $rootfs_device) - -orig_boot_device=$boot_device -boot_device=$(get_by_path $boot_device) - -if [ ! -e "$rootfs_device" -o ! -e "$boot_device" ] ; then - # Touch this file to prevent Anaconda from dying an ungraceful death - touch /tmp/part-include - - report_pre_failure_with_msg "ERROR: Specified installation ($orig_rootfs_device) or boot ($orig_boot_device) device is invalid." -fi - -# Ensure specified device is not a USB drive -udevadm info --query=property --name=$rootfs_device |grep -q '^ID_BUS=usb' || \ - udevadm info --query=property --name=$boot_device |grep -q '^ID_BUS=usb' -if [ $? -eq 0 ]; then - # Touch this file to prevent Anaconda from dying an ungraceful death - touch /tmp/part-include - - report_pre_failure_with_msg "ERROR: Specified installation ($orig_rootfs_device) or boot ($orig_boot_device) device is a USB drive." -fi - -# Deactivate existing volume groups to avoid Anaconda issues with pre-existing groups -vgs --noheadings -o vg_name | xargs --no-run-if-empty -n 1 vgchange -an - -# Remove volumes and group for cgts-vg, if any -lvremove --force cgts-vg -pvs --select 'vg_name=cgts-vg' --noheadings -o pv_name | xargs --no-run-if-empty pvremove --force --force --yes -vgs --select 'vg_name=cgts-vg' --noheadings -o vg_name | xargs --no-run-if-empty vgremove --force - -ONLYUSE_HDD="" -if [ "$(curl -sf http://pxecontroller:6385/v1/upgrade/$(hostname)/in_upgrade 2>/dev/null)" = "true" ]; then - # In an upgrade, only wipe the disk with the rootfs and boot partition - echo "In upgrade, wiping only $rootfs_device" - WIPE_HDD="$(get_disk $rootfs_device)" - ONLYUSE_HDD="$(basename $(get_disk $rootfs_device))" - if [ "$(get_disk $rootfs_device)" != "$(get_disk $boot_device)" ]; then - WIPE_HDD="$WIPE_HDD,$(get_disk $boot_device)" - ONLYUSE_HDD="$ONLYUSE_HDD,$(basename $(get_disk $boot_device))" - fi -else - # Make a list of all the hard drives that are to be wiped - WIPE_HDD="" - # Partition type OSD has a unique globally identifier - part_type_guid_str="Partition GUID code" - CEPH_OSD_GUID="4FBD7E29-9D25-41B8-AFD0-062C0CEFF05D" - - # Check if we wipe OSDs - if [ "$(curl -sf http://pxecontroller:6385/v1/ihosts/wipe_osds 2>/dev/null)" = "true" ]; then - echo "Wipe OSD data." - WIPE_CEPH_OSDS="true" - else - echo "Skip Ceph OSD data wipe." - WIPE_CEPH_OSDS="false" - fi - - for f in /dev/disk/by-path/* - do - dev=$(readlink -f $f) - lsblk --nodeps --pairs $dev | grep -q 'TYPE="disk"' - if [ $? -ne 0 ] - then - continue - fi - - # Avoid wiping USB drives - udevadm info --query=property --name=$dev |grep -q '^ID_BUS=usb' && continue - - # Avoid wiping ceph osds if sysinv tells us so - if [ ${WIPE_CEPH_OSDS} == "false" ]; then - wipe_dev="true" - part_numbers=( `parted -s $dev print | awk '$1 == "Number" {i=1; next}; i {print $1}'` ) - # Scanning the partitions looking for CEPH OSDs and - # skipping any disk found with such partitions - for part_number in "${part_numbers[@]}"; do - sgdisk_part_info=$(flock $dev sgdisk -i $part_number $dev) - part_type_guid=$(echo "$sgdisk_part_info" | grep "$part_type_guid_str" | awk '{print $4;}') - if [ "$part_type_guid" == $CEPH_OSD_GUID ]; then - echo "OSD found on $dev, skipping wipe" - wipe_dev="false" - break - fi - done - if [ "$wipe_dev" == "false" ]; then - continue - fi - fi - - # Add device to the wipe list - devname=$(basename $dev) - if [ -e $dev -a "$ISO_DEV" != "../../$devname" -a "$USB_DEV" != "../../$devname" ]; then - if [ -n "$WIPE_HDD" ]; then - WIPE_HDD=$WIPE_HDD,$dev - else - WIPE_HDD=$dev - fi - fi - done - echo "Not in upgrade, wiping disks: $WIPE_HDD" -fi - -for dev in ${WIPE_HDD//,/ } -do - # Clearing previous GPT tables or LVM data - # Delete the first few bytes at the start and end of the partition. This is required with - # GPT partitions, they save partition info at the start and the end of the block. - # Do this for each partition on the disk, as well. - partitions=$(lsblk -rip $dev -o TYPE,NAME |awk '$1 == "part" {print $2}') - for p in $partitions $dev - do - echo "Pre-wiping $p from kickstart" - dd if=/dev/zero of=$p bs=512 count=34 - dd if=/dev/zero of=$p bs=512 count=34 seek=$((`blockdev --getsz $p` - 34)) - done -done - -# Check for remaining cgts-vg PVs, which could potentially happen -# in an upgrade where we're not wiping all disks. -# If we ever create other volume groups from kickstart in the future, -# include them in this search as well. -partitions=$(pvs --select 'vg_name=cgts-vg' -o pv_name --noheading | grep -v '\[unknown\]') -for p in $partitions -do - echo "Pre-wiping $p from kickstart (cgts-vg present)" - dd if=/dev/zero of=$p bs=512 count=34 - dd if=/dev/zero of=$p bs=512 count=34 seek=$((`blockdev --getsz $p` - 34)) -done - -let -i gb=1024*1024*1024 - -cat</tmp/part-include -clearpart --all --drives=$WIPE_HDD --initlabel -EOF - -if [ -n "$ONLYUSE_HDD" ]; then - cat<>/tmp/part-include -ignoredisk --only-use=$ONLYUSE_HDD -EOF -fi - -if [ -d /sys/firmware/efi ] ; then - cat<>/tmp/part-include -part /boot/efi --fstype=efi --size=300 --ondrive=$(get_disk $boot_device) -EOF -else - cat<>/tmp/part-include -part biosboot --asprimary --fstype=biosboot --size=1 --ondrive=$(get_disk $boot_device) -EOF -fi - - -# Template from: pre_disk_worker.cfg -LOG_VOL_SIZE=4000 -SCRATCH_VOL_SIZE=4000 -BOOT_VOL_SIZE=500 - -## LOG_VOL_SIZE = 4096 -## SCRATCH_VOL_SIZE = 4096 -## DOCKER = 30720 -## CEPH_MON = 20480 -## KUBELET_VOL_SIZE = 10240 -## RESERVED_PE = 16 (based on pesize=32768) -## -## CGTS_PV_SIZE = 4096 + 4096 + 30720 + 20480 + 10240 + 16 = 69648 -## -## Round CGTS_PV_SIZE to the closest upper value that can be divided by 1024. -## 69648/1024=68.01. CGTS_PV_SIZE=69*1024=70656. -CGTS_PV_SIZE=70656 - -sz=$(blockdev --getsize64 $(get_disk $rootfs_device)) -if [ $sz -le $((80*$gb)) ] ; then - ## Less than 80GB use a 10GB root partition - ROOTFS_SIZE=10000 -else - ## Use a 20GB root partition - ROOTFS_SIZE=20000 -fi - -ROOTFS_OPTIONS="defaults" -profile_mode=`cat /proc/cmdline |xargs -n1 echo |grep security_profile= | grep extended` -if [ -n "$profile_mode" ]; then - # Enable iversion labelling for rootfs when IMA is enabled - ROOTFS_OPTIONS="${ROOTFS_OPTIONS},iversion" -fi - -cat<>/tmp/part-include -part /boot --fstype=ext4 --asprimary --size=$BOOT_VOL_SIZE --ondrive=$(get_disk $rootfs_device) --fsoptions="$ROOTFS_OPTIONS" -part pv.253004 --asprimary --size=$CGTS_PV_SIZE --ondrive=$(get_disk $rootfs_device) -volgroup cgts-vg --pesize=32768 pv.253004 -logvol /var/log --fstype=ext4 --vgname=cgts-vg --size=$LOG_VOL_SIZE --name=log-lv -logvol /scratch --fstype=ext4 --vgname=cgts-vg --size=$SCRATCH_VOL_SIZE --name=scratch-lv -part / --fstype=ext4 --asprimary --size=$ROOTFS_SIZE --ondrive=$(get_disk $rootfs_device) --fsoptions="$ROOTFS_OPTIONS" - -EOF - -%end - - -# Template from: post_platform_conf_worker.cfg -%post --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -# Retrieve the installation uuid from the controller we booted from -http_port=$(get_http_port) -INSTALL_UUID=`curl -sf http://pxecontroller:${http_port:-8080}/feed/rel-19.12/install_uuid` -if [ $? -ne 0 ] -then - INSTALL_UUID=unknown -fi - -# Set the security profile mode -secprofile="standard" -profile_mode=`cat /proc/cmdline |xargs -n1 echo |grep security_profile= | grep extended` -if [ -n "$profile_mode" ]; then - secprofile="extended" -fi - -mkdir -p -m 0775 /etc/platform -cat < /etc/platform/platform.conf -nodetype=worker -subfunction=worker -system_type=Standard -security_profile=$secprofile -INSTALL_UUID=$INSTALL_UUID -EOF - -# mount the platform directory from the controller -cat >> /etc/fstab <> /etc/inittab -fi - -#### SECURITY PROFILE HANDLING (Post Installation) #### -# Check if the Security profile mode is enabled -# and load the appropriate kernel modules -secprofile=`cat /proc/cmdline |xargs -n1 echo |grep security_profile= | grep extended` -if [ -n "$secprofile" ]; then - echo "In Extended Security profile mode. Loading IMA kernel module" - systemctl enable auditd.service - # Add the securityfs mount for the IMA Runtime measurement list - echo "securityfs /sys/kernel/security securityfs defaults,nodev 0 0" >> /etc/fstab -else - # Disable audit daemon in the Standard Security Profile - systemctl disable auditd -fi - -. /etc/platform/platform.conf -# Configure smart package manager channels -rm -rf /var/lib/smart -mkdir /var/lib/smart -/usr/bin/smart channel -y \ - --add rpmdb type=rpm-sys name="RPM Database" -/usr/bin/smart channel -y \ - --add base type=rpm-md name="Base" baseurl=http://controller:${http_port:-8080}/feed/rel-19.12 -/usr/bin/smart channel -y \ - --add updates type=rpm-md name="Patches" baseurl=http://controller:${http_port:-8080}/updates/rel-19.12 - -# Configure smart to use rpm --nolinktos option -/usr/bin/smart config --set rpm-nolinktos=true - -# Configure smart to use rpm --nosignature option -/usr/bin/smart config --set rpm-check-signatures=false - -# Delete the CentOS yum repo files -rm -f /etc/yum.repos.d/CentOS-* - -# Persist the boot device naming as UDEV rules so that if the network device -# order changes post-install that we will still be able to DHCP from the -# correct interface to reach the active controller. For most nodes only the -# management/boot interface needs to be persisted but because we require both -# controllers to be identically configured and controller-0 and controller-1 -# are installed differently (e.g., controller-0 from USB and controller-1 from -# network) it is not possible to know which interface to persist for -# controller-0. The simplest solution is to persist all interfaces. -# -mkdir -p /etc/udev/rules.d -echo "# Persisted network interfaces from anaconda installer" > /etc/udev/rules.d/70-persistent-net.rules -for dir in /sys/class/net/*; do - if [ -e ${dir}/device ]; then - dev=$(basename ${dir}) - mac_address=$(cat /sys/class/net/${dev}/address) - echo "ACTION==\"add\", SUBSYSTEM==\"net\", DRIVERS==\"?*\", ATTR{address}==\"${mac_address}\", NAME=\"${dev}\"" >> /etc/udev/rules.d/70-persistent-net.rules - fi -done - -# Mark the sysadmin password as expired immediately -chage -d 0 sysadmin - -# Lock the root password -passwd -l root - -# Enable tmpfs mount for /tmp -# delete /var/tmp so that it can similinked in -rm -rf /var/tmp -systemctl enable tmp.mount - -# Disable automount of /dev/hugepages -systemctl mask dev-hugepages.mount - -# Disable firewall -systemctl disable firewalld - -# Disable libvirtd -systemctl disable libvirtd.service - -# Enable rsyncd -systemctl enable rsyncd.service - -# Allow root to run sudo from a non-tty (for scripts running as root that run sudo cmds) -echo 'Defaults:root !requiretty' > /etc/sudoers.d/root - -# Make fstab just root read/writable -chmod 600 /etc/fstab - -# Create first_boot flag -touch /etc/platform/.first_boot - -%end - -# Template from: post_kernel_aio_and_worker.cfg -%post --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -# Source the generated platform.conf -. /etc/platform/platform.conf - -# Update grub with custom kernel bootargs -source /etc/init.d/cpumap_functions.sh -n_cpus=$(cat /proc/cpuinfo 2>/dev/null | \ - awk '/^[pP]rocessor/ { n +=1 } END { print (n>0) ? n : 1}') -n_numa=$(ls -d /sys/devices/system/node/node* 2>/dev/null | wc -l) -KERN_OPTS=" iommu=pt usbcore.autosuspend=-1" - -KERN_OPTS="${KERN_OPTS} hugepagesz=2M hugepages=0 default_hugepagesz=2M" - -# If this is an all-in-one system, we need at least 4 CPUs -if [ "$system_type" = "All-in-one" -a ${n_cpus} -lt 4 ]; then - report_post_failure_with_msg "ERROR: At least 4 CPUs are required for controller+worker node." -fi - -# Add kernel options for cpu isolation / affinity -if [ ${n_cpus} -gt 1 ] -then - base_cpulist=$(platform_expanded_cpu_list) - base_cpumap=$(cpulist_to_cpumap ${base_cpulist} ${n_cpus}) - avp_cpulist=$(vswitch_expanded_cpu_list) - norcu_cpumap=$(invert_cpumap ${base_cpumap} ${n_cpus}) - norcu_cpulist=$(cpumap_to_cpulist ${norcu_cpumap} ${n_cpus}) - - if [[ "$subfunction" =~ lowlatency ]]; then - KERN_OPTS="${KERN_OPTS} isolcpus=${norcu_cpulist}" - KERN_OPTS="${KERN_OPTS} nohz_full=${norcu_cpulist}" - else - KERN_OPTS="${KERN_OPTS} isolcpus=${avp_cpulist}" - fi - KERN_OPTS="${KERN_OPTS} rcu_nocbs=${norcu_cpulist}" - KERN_OPTS="${KERN_OPTS} kthread_cpus=${base_cpulist}" - KERN_OPTS="${KERN_OPTS} irqaffinity=${base_cpulist}" - # Update vswitch.conf - sed -i "s/^VSWITCH_CPU_LIST=.*/VSWITCH_CPU_LIST=\"${avp_cpulist}\"/" /etc/vswitch/vswitch.conf -fi - -# Add kernel options to ensure an selinux is disabled -KERN_OPTS="${KERN_OPTS} selinux=0 enforcing=0" - -# Add kernel options to set NMI watchdog -if [[ "$subfunction" =~ lowlatency ]]; then - KERN_OPTS="${KERN_OPTS} nmi_watchdog=0 softlockup_panic=0" -else - KERN_OPTS="${KERN_OPTS} nmi_watchdog=panic,1 softlockup_panic=1" -fi - -if [[ "$(dmidecode -s system-product-name)" =~ ^ProLiant.*Gen8$ ]]; then - KERN_OPTS="${KERN_OPTS} intel_iommu=on,eth_no_rmrr" -else - KERN_OPTS="${KERN_OPTS} intel_iommu=on" -fi - -# Add kernel option to disable biosdevname if enabled -# As this may already be in GRUB_CMDLINE_LINUX, only add if it is not already present -grep -q '^GRUB_CMDLINE_LINUX=.*biosdevname=0' /etc/default/grub -if [ $? -ne 0 ]; then - KERN_OPTS="${KERN_OPTS} biosdevname=0" -fi - -# Add kernel options to disable kvm-intel.eptad on Broadwell -# Broadwell: Model: 79, Model name: Intel(R) Xeon(R) CPU E5-2699 v4 @ 2.20GHz -if grep -q -E "^model\s+:\s+79$" /proc/cpuinfo -then - KERN_OPTS="${KERN_OPTS} kvm-intel.eptad=0" -fi - -# k8s updates: -#KERN_OPTS="${KERN_OPTS} cgroup_disable=memory" -KERN_OPTS="${KERN_OPTS} user_namespace.enable=1" - -# Add kernel option to avoid jiffies_lock contention on real-time kernel -if [[ "$subfunction" =~ lowlatency ]]; then - KERN_OPTS="${KERN_OPTS} skew_tick=1" -fi - -# If the installer asked us to use security related kernel params, use -# them in the grub line as well (until they can be configured via puppet) -grep -q 'nopti' /proc/cmdline -if [ $? -eq 0 ]; then - KERN_OPTS="${KERN_OPTS} nopti" -fi -grep -q 'nospectre_v2' /proc/cmdline -if [ $? -eq 0 ]; then - KERN_OPTS="${KERN_OPTS} nospectre_v2" -fi - -perl -pi -e 's/(GRUB_CMDLINE_LINUX=.*)\"/\1'"$KERN_OPTS"'\"/g' /etc/default/grub - -if [ -d /sys/firmware/efi ] ; then - grub2-mkconfig -o /boot/efi/EFI/centos/grub.cfg -else - grub2-mkconfig -o /boot/grub2/grub.cfg -fi - -%end - - -# Template from: post_lvm_pv_on_rootfs.cfg -%post --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -# uncomment the global_filter line in lvm.conf -perl -0777 -i.bak -pe 's:(# This configuration option has an automatic default value\.\n)\t# global_filter:$1 global_filter:m' /etc/lvm/lvm.conf - -# Determine which disk we created our PV on (i.e. the root disk) -ROOTDISK=$(get_by_path $(pvdisplay --select 'vg_name=cgts-vg' -C -o pv_name --noheadings)) -if [ -z "$ROOTDISK" ]; then - report_post_failure_with_msg "ERROR: failed to identify rootdisk via pvdisplay" -fi -# Edit the LVM config so LVM only looks for LVs on the root disk -sed -i "s#^\( *\)global_filter = \[.*#\1global_filter = [ \"a|${ROOTDISK}|\", \"r|.*|\" ]#" /etc/lvm/lvm.conf -%end - - -# Template from: post_net_common.cfg -%pre --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -http_port=$(get_http_port) -echo "repo --name=base --baseurl=http://pxecontroller:${http_port:-8080}/feed/rel-19.12/" > /tmp/repo-include -echo "repo --name=updates --baseurl=http://pxecontroller:${http_port:-8080}/updates/rel-19.12/" > /tmp/repo-include - -%end - -# Repository arguments from %pre -%include /tmp/repo-include - - -%post --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -# Persist the http port to the platform configuration -echo http_port=$(get_http_port) >> /etc/platform/platform.conf - -# Obtain the boot interface from the PXE boot -BOOTIF=`cat /proc/cmdline |xargs -n1 echo |grep BOOTIF=` -if [ -d /sys/firmware/efi ] ; then - BOOTIF=${BOOTIF#BOOTIF=} -else - BOOTIF=${BOOTIF#BOOTIF=01-} - BOOTIF=${BOOTIF//-/:} -fi - -mgmt_dev=none -mgmt_vlan=0 -if [ -n "$BOOTIF" ] ; then - ndev=`ip link show |grep -B 1 $BOOTIF |head -1 |awk '{print $2}' |sed -e 's/://'` - if [ -n "$ndev" ] ; then - mgmt_dev=$ndev - # Retrieve the management VLAN from sysinv if it exists - mgmt_vlan=`curl -sf http://pxecontroller:6385/v1/isystems/mgmtvlan` - if [ $? -ne 0 ] - then - report_post_failure_with_msg "ERROR: Unable to communicate with System Inventory REST API. Aborting installation." - fi - else - report_post_failure_with_msg "ERROR: Unable to determine mgmt interface from BOOTIF=$BOOTIF." - fi -else - report_post_failure_with_msg "ERROR: BOOTIF is not set. Unable to determine mgmt interface." -fi - -if [ $mgmt_vlan -eq 0 ] ; then - - # Persist the boot device to the platform configuration. This will get - # overwritten later if the management_interface is on a bonded interface. - echo management_interface=$mgmt_dev >> /etc/platform/platform.conf - - # Build networking scripts - cat << EOF > /etc/sysconfig/network-scripts/ifcfg-lo -DEVICE=lo -IPADDR=127.0.0.1 -NETMASK=255.0.0.0 -NETWORK=127.0.0.0 -BROADCAST=127.255.255.255 -ONBOOT=yes -IPV6_AUTOCONF=no -NAME=loopback -EOF - - cat << EOF > /etc/sysconfig/network-scripts/ifcfg-$mgmt_dev -DEVICE=$mgmt_dev -BOOTPROTO=dhcp -ONBOOT=yes -IPV6_AUTOCONF=no -LINKDELAY=20 -EOF - -else - - # Check whether to use inet or inet6 - ipv6_addr=$(dig +short AAAA controller) - if [[ -n "$ipv6_addr" ]] - then - mgmt_address_family=inet6 - ipv6init=yes - dhcpv6c=yes - dhclientargs=-1 - else - mgmt_address_family=inet - ipv6init=no - dhcpv6c=no - dhclientargs= - fi - - # Persist the boot device to the platform configuration. This will get - # overwritten later if the management_interface is on a bonded interface. - echo management_interface=vlan$mgmt_vlan >> /etc/platform/platform.conf - - # Build networking scripts - cat << EOF > /etc/sysconfig/network-scripts/ifcfg-lo -DEVICE=lo -IPADDR=127.0.0.1 -NETMASK=255.0.0.0 -NETWORK=127.0.0.0 -BROADCAST=127.255.255.255 -ONBOOT=yes -IPV6_AUTOCONF=no -NAME=loopback -EOF - - cat << EOF > /etc/sysconfig/network-scripts/ifcfg-$mgmt_dev -DEVICE=$mgmt_dev -BOOTPROTO=none -ONBOOT=yes -IPV6_AUTOCONF=no -LINKDELAY=20 -EOF - - cat << EOF > /etc/sysconfig/network-scripts/ifcfg-vlan$mgmt_vlan -DEVICE=vlan$mgmt_vlan -BOOTPROTO=dhcp -DHCLIENTARGS=$dhclientargs -IPV6INIT=$ipv6init -DHCPV6C=$dhcpv6c -ONBOOT=yes -IPV6_AUTOCONF=no -PHYSDEV=$mgmt_dev -VLAN=yes -LINKDELAY=20 -EOF - - # Reject DHCPOFFER from DHCP server that doesn't send - # wrs-install-uuid option - echo "require wrs-install-uuid;" >>/etc/dhcp/dhclient.conf - echo "require dhcp6.wrs-install-uuid;" >>/etc/dhcp/dhclient.conf - - # Bring up the mgmt vlan so that a dhcp lease is acquired and an address is - # setup prior to the post-install reboot. This is so that the timing of the IP - # address allocation is similar to how normal/non-pxe installation works. - mgmt_iface=vlan$mgmt_vlan - dhclient_family=$([[ $mgmt_address_family == "inet" ]] && echo -4 || echo -6) - ip link add link $mgmt_dev name $mgmt_iface type vlan id $mgmt_vlan - ip link set up dev $mgmt_iface - dhclient $dhclient_family $mgmt_iface || true - -fi - -%end diff --git a/meta-stx/conf/distro/files/ks/net_worker_lowlatency_ks.cfg b/meta-stx/conf/distro/files/ks/net_worker_lowlatency_ks.cfg deleted file mode 100644 index 1da45a5..0000000 --- a/meta-stx/conf/distro/files/ks/net_worker_lowlatency_ks.cfg +++ /dev/null @@ -1,938 +0,0 @@ -# -# Copyright (c) 2019 Wind River Systems, Inc. -# SPDX-License-Identifier: Apache-2.0 -# - -%pre -# This file defines functions that can be used in %pre and %post kickstart sections, by including: -# . /tmp/ks-functions.sh -# - -cat </tmp/ks-functions.sh -# -# Copyright (c) 2019 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# - -function get_by_path() -{ - local disk=\$(cd /dev ; readlink -f \$1) - for p in /dev/disk/by-path/*; do - if [ "\$disk" = "\$(readlink -f \$p)" ]; then - echo \$p - return - fi - done -} - -function get_disk() -{ - echo \$(cd /dev ; readlink -f \$1) -} - -function report_pre_failure_with_msg() -{ - local msg=\$1 - echo -e '\n\nInstallation failed.\n' - echo "\$msg" - - exit 1 -} - -function report_post_failure_with_msg() -{ - local msg=\$1 - cat <> /etc/motd - -Installation failed. -\$msg - -EOF - echo "\$msg" >/etc/platform/installation_failed - - echo -e '\n\nInstallation failed.\n' - echo "\$msg" - - exit 1 -} - -function report_post_failure_with_logfile() -{ - local logfile=\$1 - cat <> /etc/motd - -Installation failed. -Please see \$logfile for details of failure - -EOF - echo \$logfile >/etc/platform/installation_failed - - echo -e '\n\nInstallation failed.\n' - cat \$logfile - - exit 1 -} - -function get_http_port() -{ - echo \$(cat /proc/cmdline |xargs -n1 echo |grep '^inst.repo=' | sed -r 's#^[^/]*://[^/]*:([0-9]*)/.*#\1#') -} - -END_FUNCTIONS - -%end - -%post -# This file defines functions that can be used in %pre and %post kickstart sections, by including: -# . /tmp/ks-functions.sh -# - -cat </tmp/ks-functions.sh -# -# Copyright (c) 2019 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# - -function get_by_path() -{ - local disk=\$(cd /dev ; readlink -f \$1) - for p in /dev/disk/by-path/*; do - if [ "\$disk" = "\$(readlink -f \$p)" ]; then - echo \$p - return - fi - done -} - -function get_disk() -{ - echo \$(cd /dev ; readlink -f \$1) -} - -function report_pre_failure_with_msg() -{ - local msg=\$1 - echo -e '\n\nInstallation failed.\n' - echo "\$msg" - - exit 1 -} - -function report_post_failure_with_msg() -{ - local msg=\$1 - cat <> /etc/motd - -Installation failed. -\$msg - -EOF - echo "\$msg" >/etc/platform/installation_failed - - echo -e '\n\nInstallation failed.\n' - echo "\$msg" - - exit 1 -} - -function report_post_failure_with_logfile() -{ - local logfile=\$1 - cat <> /etc/motd - -Installation failed. -Please see \$logfile for details of failure - -EOF - echo \$logfile >/etc/platform/installation_failed - - echo -e '\n\nInstallation failed.\n' - cat \$logfile - - exit 1 -} - -function get_http_port() -{ - echo \$(cat /proc/cmdline |xargs -n1 echo |grep '^inst.repo=' | sed -r 's#^[^/]*://[^/]*:([0-9]*)/.*#\1#') -} - -END_FUNCTIONS - -%end - - -# Template from: pre_common_head.cfg -%pre --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -# First, parse /proc/cmdline to find the boot args -set -- `cat /proc/cmdline` -for I in $*; do case "$I" in *=*) eval $I 2>/dev/null;; esac; done - -append= -if [ -n "$console" ] ; then - append="console=$console" -fi - -if [ -n "$security_profile" ]; then - append="$append security_profile=$security_profile" -fi - -#### SECURITY PROFILE HANDLING (Pre Installation) #### -if [ -n "$security_profile" ] && [ "$security_profile" == "extended" ]; then - # IMA specific boot options: - # Enable Kernel auditing - append="$append audit=1" -else - # we need to blacklist the IMA and Integrity Modules - # on standard security profile - append="$append module_blacklist=integrity,ima" - - # Disable Kernel auditing in Standard Security Profile mode - append="$append audit=0" -fi - -if [ -n "$tboot" ]; then - append="$append tboot=$tboot" -else - append="$append tboot=false" -fi - -boot_device_arg= -if [ -n "$boot_device" ] ; then - boot_device_arg="--boot-drive=$(get_by_path $boot_device)" -fi - -echo "bootloader --location=mbr $boot_device_arg --timeout=5 --append=\"$append\"" > /tmp/bootloader-include - -echo "timezone --nontp --utc UTC" >/tmp/timezone-include -%end - -#version=DEVEL -install -lang en_US.UTF-8 -keyboard us -%include /tmp/timezone-include -# set to 'x' so we can use shadow password -rootpw --iscrypted x -selinux --disabled -authconfig --enableshadow --passalgo=sha512 -firewall --service=ssh - -# The following is the partition information you requested -# Note that any partitions you deleted are not expressed -# here so unless you clear all partitions first, this is -# not guaranteed to work -zerombr - -# Disk layout from %pre -%include /tmp/part-include -# Bootloader parms from %pre -%include /tmp/bootloader-include - -reboot --eject - - -# Template from: pre_net_common.cfg -%pre - -# Setup ntp.conf and sync time -cat </etc/ntp_kickstart.conf -server pxecontroller -EOF - -/usr/sbin/ntpd -g -q -n -c /etc/ntp_kickstart.conf -if [ $? -eq 0 ]; then - /sbin/hwclock --systohc --utc -fi - -%end - - -# Template from: pre_pkglist_lowlatency.cfg -%packages -@core -@base --kernel-module-igb-uio --kernel-module-wrs-avp --kernel --kernel-tools --kernel-tools-libs --kmod-drbd --kmod-e1000e --kmod-i40e --kmod-ixgbe --kmod-tpm --mlnx-ofa_kernel --mlnx-ofa_kernel-rt --mlnx-ofa_kernel-modules --qat16 -@platform-worker-lowlatency -@updates-worker-lowlatency -%end - - -# Template from: pre_disk_setup_common.cfg -%pre --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -# This is a really fancy way of finding the first usable disk for the -# install and not stomping on the USB device if it comes up first - -# First, parse /proc/cmdline to find the boot args -set -- `cat /proc/cmdline` -for I in $*; do case "$I" in *=*) eval $I 2>/dev/null;; esac; done - -# Find either the ISO or USB device first chopping off partition -ISO_DEV=`readlink /dev/disk/by-label/oe_iso_boot` -sdev=`echo $ISO_DEV | sed -e 's/.$//'` -if [ -e /dev/disk/by-label/$sdev ] ; then - ISO_DEV=$sdev -fi -USB_DEV=`readlink /dev/disk/by-label/wr_usb_boot` -sdev=`echo $USB_DEV | sed -e 's/.$//'` -if [ -e /dev/disk/by-label/$sdev ] ; then - USB_DEV=$sdev -fi - -# Temporary, until lab pxelinux.cfg files are updated to specify install devices -if [ -z "$rootfs_device" -o -z "$boot_device" ] -then - INST_HDD="" - # Prefer a vd* device if this is kvm/qemu - for e in vda vdb sda sdb nvme0n1; do - if [ -e /dev/$e -a "$ISO_DEV" != "../../$e" -a "$USB_DEV" != "../../$e" ] ; then - INST_HDD=$e - break - fi - done - - # Set variables to $INST_HDD if not set - rootfs_device=${rootfs_device:-$INST_HDD} - boot_device=${boot_device:-$INST_HDD} -fi - -# Convert to by-path -orig_rootfs_device=$rootfs_device -rootfs_device=$(get_by_path $rootfs_device) - -orig_boot_device=$boot_device -boot_device=$(get_by_path $boot_device) - -if [ ! -e "$rootfs_device" -o ! -e "$boot_device" ] ; then - # Touch this file to prevent Anaconda from dying an ungraceful death - touch /tmp/part-include - - report_pre_failure_with_msg "ERROR: Specified installation ($orig_rootfs_device) or boot ($orig_boot_device) device is invalid." -fi - -# Ensure specified device is not a USB drive -udevadm info --query=property --name=$rootfs_device |grep -q '^ID_BUS=usb' || \ - udevadm info --query=property --name=$boot_device |grep -q '^ID_BUS=usb' -if [ $? -eq 0 ]; then - # Touch this file to prevent Anaconda from dying an ungraceful death - touch /tmp/part-include - - report_pre_failure_with_msg "ERROR: Specified installation ($orig_rootfs_device) or boot ($orig_boot_device) device is a USB drive." -fi - -# Deactivate existing volume groups to avoid Anaconda issues with pre-existing groups -vgs --noheadings -o vg_name | xargs --no-run-if-empty -n 1 vgchange -an - -# Remove volumes and group for cgts-vg, if any -lvremove --force cgts-vg -pvs --select 'vg_name=cgts-vg' --noheadings -o pv_name | xargs --no-run-if-empty pvremove --force --force --yes -vgs --select 'vg_name=cgts-vg' --noheadings -o vg_name | xargs --no-run-if-empty vgremove --force - -ONLYUSE_HDD="" -if [ "$(curl -sf http://pxecontroller:6385/v1/upgrade/$(hostname)/in_upgrade 2>/dev/null)" = "true" ]; then - # In an upgrade, only wipe the disk with the rootfs and boot partition - echo "In upgrade, wiping only $rootfs_device" - WIPE_HDD="$(get_disk $rootfs_device)" - ONLYUSE_HDD="$(basename $(get_disk $rootfs_device))" - if [ "$(get_disk $rootfs_device)" != "$(get_disk $boot_device)" ]; then - WIPE_HDD="$WIPE_HDD,$(get_disk $boot_device)" - ONLYUSE_HDD="$ONLYUSE_HDD,$(basename $(get_disk $boot_device))" - fi -else - # Make a list of all the hard drives that are to be wiped - WIPE_HDD="" - # Partition type OSD has a unique globally identifier - part_type_guid_str="Partition GUID code" - CEPH_OSD_GUID="4FBD7E29-9D25-41B8-AFD0-062C0CEFF05D" - - # Check if we wipe OSDs - if [ "$(curl -sf http://pxecontroller:6385/v1/ihosts/wipe_osds 2>/dev/null)" = "true" ]; then - echo "Wipe OSD data." - WIPE_CEPH_OSDS="true" - else - echo "Skip Ceph OSD data wipe." - WIPE_CEPH_OSDS="false" - fi - - for f in /dev/disk/by-path/* - do - dev=$(readlink -f $f) - lsblk --nodeps --pairs $dev | grep -q 'TYPE="disk"' - if [ $? -ne 0 ] - then - continue - fi - - # Avoid wiping USB drives - udevadm info --query=property --name=$dev |grep -q '^ID_BUS=usb' && continue - - # Avoid wiping ceph osds if sysinv tells us so - if [ ${WIPE_CEPH_OSDS} == "false" ]; then - wipe_dev="true" - part_numbers=( `parted -s $dev print | awk '$1 == "Number" {i=1; next}; i {print $1}'` ) - # Scanning the partitions looking for CEPH OSDs and - # skipping any disk found with such partitions - for part_number in "${part_numbers[@]}"; do - sgdisk_part_info=$(flock $dev sgdisk -i $part_number $dev) - part_type_guid=$(echo "$sgdisk_part_info" | grep "$part_type_guid_str" | awk '{print $4;}') - if [ "$part_type_guid" == $CEPH_OSD_GUID ]; then - echo "OSD found on $dev, skipping wipe" - wipe_dev="false" - break - fi - done - if [ "$wipe_dev" == "false" ]; then - continue - fi - fi - - # Add device to the wipe list - devname=$(basename $dev) - if [ -e $dev -a "$ISO_DEV" != "../../$devname" -a "$USB_DEV" != "../../$devname" ]; then - if [ -n "$WIPE_HDD" ]; then - WIPE_HDD=$WIPE_HDD,$dev - else - WIPE_HDD=$dev - fi - fi - done - echo "Not in upgrade, wiping disks: $WIPE_HDD" -fi - -for dev in ${WIPE_HDD//,/ } -do - # Clearing previous GPT tables or LVM data - # Delete the first few bytes at the start and end of the partition. This is required with - # GPT partitions, they save partition info at the start and the end of the block. - # Do this for each partition on the disk, as well. - partitions=$(lsblk -rip $dev -o TYPE,NAME |awk '$1 == "part" {print $2}') - for p in $partitions $dev - do - echo "Pre-wiping $p from kickstart" - dd if=/dev/zero of=$p bs=512 count=34 - dd if=/dev/zero of=$p bs=512 count=34 seek=$((`blockdev --getsz $p` - 34)) - done -done - -# Check for remaining cgts-vg PVs, which could potentially happen -# in an upgrade where we're not wiping all disks. -# If we ever create other volume groups from kickstart in the future, -# include them in this search as well. -partitions=$(pvs --select 'vg_name=cgts-vg' -o pv_name --noheading | grep -v '\[unknown\]') -for p in $partitions -do - echo "Pre-wiping $p from kickstart (cgts-vg present)" - dd if=/dev/zero of=$p bs=512 count=34 - dd if=/dev/zero of=$p bs=512 count=34 seek=$((`blockdev --getsz $p` - 34)) -done - -let -i gb=1024*1024*1024 - -cat</tmp/part-include -clearpart --all --drives=$WIPE_HDD --initlabel -EOF - -if [ -n "$ONLYUSE_HDD" ]; then - cat<>/tmp/part-include -ignoredisk --only-use=$ONLYUSE_HDD -EOF -fi - -if [ -d /sys/firmware/efi ] ; then - cat<>/tmp/part-include -part /boot/efi --fstype=efi --size=300 --ondrive=$(get_disk $boot_device) -EOF -else - cat<>/tmp/part-include -part biosboot --asprimary --fstype=biosboot --size=1 --ondrive=$(get_disk $boot_device) -EOF -fi - - -# Template from: pre_disk_worker.cfg -LOG_VOL_SIZE=4000 -SCRATCH_VOL_SIZE=4000 -BOOT_VOL_SIZE=500 - -## LOG_VOL_SIZE = 4096 -## SCRATCH_VOL_SIZE = 4096 -## DOCKER = 30720 -## CEPH_MON = 20480 -## KUBELET_VOL_SIZE = 10240 -## RESERVED_PE = 16 (based on pesize=32768) -## -## CGTS_PV_SIZE = 4096 + 4096 + 30720 + 20480 + 10240 + 16 = 69648 -## -## Round CGTS_PV_SIZE to the closest upper value that can be divided by 1024. -## 69648/1024=68.01. CGTS_PV_SIZE=69*1024=70656. -CGTS_PV_SIZE=70656 - -sz=$(blockdev --getsize64 $(get_disk $rootfs_device)) -if [ $sz -le $((80*$gb)) ] ; then - ## Less than 80GB use a 10GB root partition - ROOTFS_SIZE=10000 -else - ## Use a 20GB root partition - ROOTFS_SIZE=20000 -fi - -ROOTFS_OPTIONS="defaults" -profile_mode=`cat /proc/cmdline |xargs -n1 echo |grep security_profile= | grep extended` -if [ -n "$profile_mode" ]; then - # Enable iversion labelling for rootfs when IMA is enabled - ROOTFS_OPTIONS="${ROOTFS_OPTIONS},iversion" -fi - -cat<>/tmp/part-include -part /boot --fstype=ext4 --asprimary --size=$BOOT_VOL_SIZE --ondrive=$(get_disk $rootfs_device) --fsoptions="$ROOTFS_OPTIONS" -part pv.253004 --asprimary --size=$CGTS_PV_SIZE --ondrive=$(get_disk $rootfs_device) -volgroup cgts-vg --pesize=32768 pv.253004 -logvol /var/log --fstype=ext4 --vgname=cgts-vg --size=$LOG_VOL_SIZE --name=log-lv -logvol /scratch --fstype=ext4 --vgname=cgts-vg --size=$SCRATCH_VOL_SIZE --name=scratch-lv -part / --fstype=ext4 --asprimary --size=$ROOTFS_SIZE --ondrive=$(get_disk $rootfs_device) --fsoptions="$ROOTFS_OPTIONS" - -EOF - -%end - - -# Template from: post_platform_conf_worker_lowlatency.cfg -%post --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -# Retrieve the installation uuid from the controller we booted from -http_port=$(get_http_port) -INSTALL_UUID=`curl -sf http://pxecontroller:${http_port:-8080}/feed/rel-19.12/install_uuid` -if [ $? -ne 0 ] -then - INSTALL_UUID=unknown -fi - -# Set the security profile mode -secprofile="standard" -profile_mode=`cat /proc/cmdline |xargs -n1 echo |grep security_profile= | grep extended` -if [ -n "$profile_mode" ]; then - secprofile="extended" -fi - -mkdir -p -m 0775 /etc/platform -cat < /etc/platform/platform.conf -nodetype=worker -subfunction=worker,lowlatency -system_type=Standard -security_profile=$secprofile -INSTALL_UUID=$INSTALL_UUID -EOF - -# mount the platform directory from the controller -cat >> /etc/fstab <> /etc/inittab -fi - -#### SECURITY PROFILE HANDLING (Post Installation) #### -# Check if the Security profile mode is enabled -# and load the appropriate kernel modules -secprofile=`cat /proc/cmdline |xargs -n1 echo |grep security_profile= | grep extended` -if [ -n "$secprofile" ]; then - echo "In Extended Security profile mode. Loading IMA kernel module" - systemctl enable auditd.service - # Add the securityfs mount for the IMA Runtime measurement list - echo "securityfs /sys/kernel/security securityfs defaults,nodev 0 0" >> /etc/fstab -else - # Disable audit daemon in the Standard Security Profile - systemctl disable auditd -fi - -. /etc/platform/platform.conf -# Configure smart package manager channels -rm -rf /var/lib/smart -mkdir /var/lib/smart -/usr/bin/smart channel -y \ - --add rpmdb type=rpm-sys name="RPM Database" -/usr/bin/smart channel -y \ - --add base type=rpm-md name="Base" baseurl=http://controller:${http_port:-8080}/feed/rel-19.12 -/usr/bin/smart channel -y \ - --add updates type=rpm-md name="Patches" baseurl=http://controller:${http_port:-8080}/updates/rel-19.12 - -# Configure smart to use rpm --nolinktos option -/usr/bin/smart config --set rpm-nolinktos=true - -# Configure smart to use rpm --nosignature option -/usr/bin/smart config --set rpm-check-signatures=false - -# Delete the CentOS yum repo files -rm -f /etc/yum.repos.d/CentOS-* - -# Persist the boot device naming as UDEV rules so that if the network device -# order changes post-install that we will still be able to DHCP from the -# correct interface to reach the active controller. For most nodes only the -# management/boot interface needs to be persisted but because we require both -# controllers to be identically configured and controller-0 and controller-1 -# are installed differently (e.g., controller-0 from USB and controller-1 from -# network) it is not possible to know which interface to persist for -# controller-0. The simplest solution is to persist all interfaces. -# -mkdir -p /etc/udev/rules.d -echo "# Persisted network interfaces from anaconda installer" > /etc/udev/rules.d/70-persistent-net.rules -for dir in /sys/class/net/*; do - if [ -e ${dir}/device ]; then - dev=$(basename ${dir}) - mac_address=$(cat /sys/class/net/${dev}/address) - echo "ACTION==\"add\", SUBSYSTEM==\"net\", DRIVERS==\"?*\", ATTR{address}==\"${mac_address}\", NAME=\"${dev}\"" >> /etc/udev/rules.d/70-persistent-net.rules - fi -done - -# Mark the sysadmin password as expired immediately -chage -d 0 sysadmin - -# Lock the root password -passwd -l root - -# Enable tmpfs mount for /tmp -# delete /var/tmp so that it can similinked in -rm -rf /var/tmp -systemctl enable tmp.mount - -# Disable automount of /dev/hugepages -systemctl mask dev-hugepages.mount - -# Disable firewall -systemctl disable firewalld - -# Disable libvirtd -systemctl disable libvirtd.service - -# Enable rsyncd -systemctl enable rsyncd.service - -# Allow root to run sudo from a non-tty (for scripts running as root that run sudo cmds) -echo 'Defaults:root !requiretty' > /etc/sudoers.d/root - -# Make fstab just root read/writable -chmod 600 /etc/fstab - -# Create first_boot flag -touch /etc/platform/.first_boot - -%end - -# Template from: post_kernel_aio_and_worker.cfg -%post --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -# Source the generated platform.conf -. /etc/platform/platform.conf - -# Update grub with custom kernel bootargs -source /etc/init.d/cpumap_functions.sh -n_cpus=$(cat /proc/cpuinfo 2>/dev/null | \ - awk '/^[pP]rocessor/ { n +=1 } END { print (n>0) ? n : 1}') -n_numa=$(ls -d /sys/devices/system/node/node* 2>/dev/null | wc -l) -KERN_OPTS=" iommu=pt usbcore.autosuspend=-1" - -KERN_OPTS="${KERN_OPTS} hugepagesz=2M hugepages=0 default_hugepagesz=2M" - -# If this is an all-in-one system, we need at least 4 CPUs -if [ "$system_type" = "All-in-one" -a ${n_cpus} -lt 4 ]; then - report_post_failure_with_msg "ERROR: At least 4 CPUs are required for controller+worker node." -fi - -# Add kernel options for cpu isolation / affinity -if [ ${n_cpus} -gt 1 ] -then - base_cpulist=$(platform_expanded_cpu_list) - base_cpumap=$(cpulist_to_cpumap ${base_cpulist} ${n_cpus}) - avp_cpulist=$(vswitch_expanded_cpu_list) - norcu_cpumap=$(invert_cpumap ${base_cpumap} ${n_cpus}) - norcu_cpulist=$(cpumap_to_cpulist ${norcu_cpumap} ${n_cpus}) - - if [[ "$subfunction" =~ lowlatency ]]; then - KERN_OPTS="${KERN_OPTS} isolcpus=${norcu_cpulist}" - KERN_OPTS="${KERN_OPTS} nohz_full=${norcu_cpulist}" - else - KERN_OPTS="${KERN_OPTS} isolcpus=${avp_cpulist}" - fi - KERN_OPTS="${KERN_OPTS} rcu_nocbs=${norcu_cpulist}" - KERN_OPTS="${KERN_OPTS} kthread_cpus=${base_cpulist}" - KERN_OPTS="${KERN_OPTS} irqaffinity=${base_cpulist}" - # Update vswitch.conf - sed -i "s/^VSWITCH_CPU_LIST=.*/VSWITCH_CPU_LIST=\"${avp_cpulist}\"/" /etc/vswitch/vswitch.conf -fi - -# Add kernel options to ensure an selinux is disabled -KERN_OPTS="${KERN_OPTS} selinux=0 enforcing=0" - -# Add kernel options to set NMI watchdog -if [[ "$subfunction" =~ lowlatency ]]; then - KERN_OPTS="${KERN_OPTS} nmi_watchdog=0 softlockup_panic=0" -else - KERN_OPTS="${KERN_OPTS} nmi_watchdog=panic,1 softlockup_panic=1" -fi - -if [[ "$(dmidecode -s system-product-name)" =~ ^ProLiant.*Gen8$ ]]; then - KERN_OPTS="${KERN_OPTS} intel_iommu=on,eth_no_rmrr" -else - KERN_OPTS="${KERN_OPTS} intel_iommu=on" -fi - -# Add kernel option to disable biosdevname if enabled -# As this may already be in GRUB_CMDLINE_LINUX, only add if it is not already present -grep -q '^GRUB_CMDLINE_LINUX=.*biosdevname=0' /etc/default/grub -if [ $? -ne 0 ]; then - KERN_OPTS="${KERN_OPTS} biosdevname=0" -fi - -# Add kernel options to disable kvm-intel.eptad on Broadwell -# Broadwell: Model: 79, Model name: Intel(R) Xeon(R) CPU E5-2699 v4 @ 2.20GHz -if grep -q -E "^model\s+:\s+79$" /proc/cpuinfo -then - KERN_OPTS="${KERN_OPTS} kvm-intel.eptad=0" -fi - -# k8s updates: -#KERN_OPTS="${KERN_OPTS} cgroup_disable=memory" -KERN_OPTS="${KERN_OPTS} user_namespace.enable=1" - -# Add kernel option to avoid jiffies_lock contention on real-time kernel -if [[ "$subfunction" =~ lowlatency ]]; then - KERN_OPTS="${KERN_OPTS} skew_tick=1" -fi - -# If the installer asked us to use security related kernel params, use -# them in the grub line as well (until they can be configured via puppet) -grep -q 'nopti' /proc/cmdline -if [ $? -eq 0 ]; then - KERN_OPTS="${KERN_OPTS} nopti" -fi -grep -q 'nospectre_v2' /proc/cmdline -if [ $? -eq 0 ]; then - KERN_OPTS="${KERN_OPTS} nospectre_v2" -fi - -perl -pi -e 's/(GRUB_CMDLINE_LINUX=.*)\"/\1'"$KERN_OPTS"'\"/g' /etc/default/grub - -if [ -d /sys/firmware/efi ] ; then - grub2-mkconfig -o /boot/efi/EFI/centos/grub.cfg -else - grub2-mkconfig -o /boot/grub2/grub.cfg -fi - -%end - - -# Template from: post_lvm_pv_on_rootfs.cfg -%post --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -# uncomment the global_filter line in lvm.conf -perl -0777 -i.bak -pe 's:(# This configuration option has an automatic default value\.\n)\t# global_filter:$1 global_filter:m' /etc/lvm/lvm.conf - -# Determine which disk we created our PV on (i.e. the root disk) -ROOTDISK=$(get_by_path $(pvdisplay --select 'vg_name=cgts-vg' -C -o pv_name --noheadings)) -if [ -z "$ROOTDISK" ]; then - report_post_failure_with_msg "ERROR: failed to identify rootdisk via pvdisplay" -fi -# Edit the LVM config so LVM only looks for LVs on the root disk -sed -i "s#^\( *\)global_filter = \[.*#\1global_filter = [ \"a|${ROOTDISK}|\", \"r|.*|\" ]#" /etc/lvm/lvm.conf -%end - - -# Template from: post_net_common.cfg -%pre --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -http_port=$(get_http_port) -echo "repo --name=base --baseurl=http://pxecontroller:${http_port:-8080}/feed/rel-19.12/" > /tmp/repo-include -echo "repo --name=updates --baseurl=http://pxecontroller:${http_port:-8080}/updates/rel-19.12/" > /tmp/repo-include - -%end - -# Repository arguments from %pre -%include /tmp/repo-include - - -%post --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -# Persist the http port to the platform configuration -echo http_port=$(get_http_port) >> /etc/platform/platform.conf - -# Obtain the boot interface from the PXE boot -BOOTIF=`cat /proc/cmdline |xargs -n1 echo |grep BOOTIF=` -if [ -d /sys/firmware/efi ] ; then - BOOTIF=${BOOTIF#BOOTIF=} -else - BOOTIF=${BOOTIF#BOOTIF=01-} - BOOTIF=${BOOTIF//-/:} -fi - -mgmt_dev=none -mgmt_vlan=0 -if [ -n "$BOOTIF" ] ; then - ndev=`ip link show |grep -B 1 $BOOTIF |head -1 |awk '{print $2}' |sed -e 's/://'` - if [ -n "$ndev" ] ; then - mgmt_dev=$ndev - # Retrieve the management VLAN from sysinv if it exists - mgmt_vlan=`curl -sf http://pxecontroller:6385/v1/isystems/mgmtvlan` - if [ $? -ne 0 ] - then - report_post_failure_with_msg "ERROR: Unable to communicate with System Inventory REST API. Aborting installation." - fi - else - report_post_failure_with_msg "ERROR: Unable to determine mgmt interface from BOOTIF=$BOOTIF." - fi -else - report_post_failure_with_msg "ERROR: BOOTIF is not set. Unable to determine mgmt interface." -fi - -if [ $mgmt_vlan -eq 0 ] ; then - - # Persist the boot device to the platform configuration. This will get - # overwritten later if the management_interface is on a bonded interface. - echo management_interface=$mgmt_dev >> /etc/platform/platform.conf - - # Build networking scripts - cat << EOF > /etc/sysconfig/network-scripts/ifcfg-lo -DEVICE=lo -IPADDR=127.0.0.1 -NETMASK=255.0.0.0 -NETWORK=127.0.0.0 -BROADCAST=127.255.255.255 -ONBOOT=yes -IPV6_AUTOCONF=no -NAME=loopback -EOF - - cat << EOF > /etc/sysconfig/network-scripts/ifcfg-$mgmt_dev -DEVICE=$mgmt_dev -BOOTPROTO=dhcp -ONBOOT=yes -IPV6_AUTOCONF=no -LINKDELAY=20 -EOF - -else - - # Check whether to use inet or inet6 - ipv6_addr=$(dig +short AAAA controller) - if [[ -n "$ipv6_addr" ]] - then - mgmt_address_family=inet6 - ipv6init=yes - dhcpv6c=yes - dhclientargs=-1 - else - mgmt_address_family=inet - ipv6init=no - dhcpv6c=no - dhclientargs= - fi - - # Persist the boot device to the platform configuration. This will get - # overwritten later if the management_interface is on a bonded interface. - echo management_interface=vlan$mgmt_vlan >> /etc/platform/platform.conf - - # Build networking scripts - cat << EOF > /etc/sysconfig/network-scripts/ifcfg-lo -DEVICE=lo -IPADDR=127.0.0.1 -NETMASK=255.0.0.0 -NETWORK=127.0.0.0 -BROADCAST=127.255.255.255 -ONBOOT=yes -IPV6_AUTOCONF=no -NAME=loopback -EOF - - cat << EOF > /etc/sysconfig/network-scripts/ifcfg-$mgmt_dev -DEVICE=$mgmt_dev -BOOTPROTO=none -ONBOOT=yes -IPV6_AUTOCONF=no -LINKDELAY=20 -EOF - - cat << EOF > /etc/sysconfig/network-scripts/ifcfg-vlan$mgmt_vlan -DEVICE=vlan$mgmt_vlan -BOOTPROTO=dhcp -DHCLIENTARGS=$dhclientargs -IPV6INIT=$ipv6init -DHCPV6C=$dhcpv6c -ONBOOT=yes -IPV6_AUTOCONF=no -PHYSDEV=$mgmt_dev -VLAN=yes -LINKDELAY=20 -EOF - - # Reject DHCPOFFER from DHCP server that doesn't send - # wrs-install-uuid option - echo "require wrs-install-uuid;" >>/etc/dhcp/dhclient.conf - echo "require dhcp6.wrs-install-uuid;" >>/etc/dhcp/dhclient.conf - - # Bring up the mgmt vlan so that a dhcp lease is acquired and an address is - # setup prior to the post-install reboot. This is so that the timing of the IP - # address allocation is similar to how normal/non-pxe installation works. - mgmt_iface=vlan$mgmt_vlan - dhclient_family=$([[ $mgmt_address_family == "inet" ]] && echo -4 || echo -6) - ip link add link $mgmt_dev name $mgmt_iface type vlan id $mgmt_vlan - ip link set up dev $mgmt_iface - dhclient $dhclient_family $mgmt_iface || true - -fi - -%end diff --git a/meta-stx/conf/distro/files/ks/poky_stx_aio_ks.cfg b/meta-stx/conf/distro/files/ks/poky_stx_aio_ks.cfg deleted file mode 100644 index 4f7cb4d..0000000 --- a/meta-stx/conf/distro/files/ks/poky_stx_aio_ks.cfg +++ /dev/null @@ -1,1078 +0,0 @@ -%pre -# This file defines functions that can be used in %pre and %post kickstart sections, by including: -# . /tmp/ks-functions.sh -# - -cat </tmp/ks-functions.sh -# -# Copyright (c) 2019 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# - -function get_by_path() -{ - local disk=\$(cd /dev ; readlink -f \$1) - for p in /dev/disk/by-path/*; do - if [ "\$disk" = "\$(readlink -f \$p)" ]; then - echo \$p - return - fi - done -} - -function get_disk() -{ - echo \$(cd /dev ; readlink -f \$1) -} - -function report_pre_failure_with_msg() -{ - local msg=\$1 - echo -e '\n\nInstallation failed.\n' - echo "\$msg" - - exit 1 -} - -function report_post_failure_with_msg() -{ - local msg=\$1 - cat <> /etc/motd - -Installation failed. -\$msg - -EOF - echo "\$msg" >/etc/platform/installation_failed - - echo -e '\n\nInstallation failed.\n' - echo "\$msg" - - exit 1 -} - -function report_post_failure_with_logfile() -{ - local logfile=\$1 - cat <> /etc/motd - -Installation failed. -Please see \$logfile for details of failure - -EOF - echo \$logfile >/etc/platform/installation_failed - - echo -e '\n\nInstallation failed.\n' - cat \$logfile - - exit 1 -} - -function get_http_port() -{ - echo \$(cat /proc/cmdline |xargs -n1 echo |grep '^inst.repo=' | sed -r 's#^[^/]*://[^/]*:([0-9]*)/.*#\1#') -} - -END_FUNCTIONS - -%end - -%post -# This file defines functions that can be used in %pre and %post kickstart sections, by including: -# . /tmp/ks-functions.sh -# - -cat </tmp/ks-functions.sh -# -# Copyright (c) 2019 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# - -function get_by_path() -{ - local disk=\$(cd /dev ; readlink -f \$1) - for p in /dev/disk/by-path/*; do - if [ "\$disk" = "\$(readlink -f \$p)" ]; then - echo \$p - return - fi - done -} - -function get_disk() -{ - echo \$(cd /dev ; readlink -f \$1) -} - -function report_pre_failure_with_msg() -{ - local msg=\$1 - echo -e '\n\nInstallation failed.\n' - echo "\$msg" - - exit 1 -} - -function report_post_failure_with_msg() -{ - local msg=\$1 - cat <> /etc/motd - -Installation failed. -\$msg - -EOF - echo "\$msg" >/etc/platform/installation_failed - - echo -e '\n\nInstallation failed.\n' - echo "\$msg" - - exit 1 -} - -function report_post_failure_with_logfile() -{ - local logfile=\$1 - cat <> /etc/motd - -Installation failed. -Please see \$logfile for details of failure - -EOF - echo \$logfile >/etc/platform/installation_failed - - echo -e '\n\nInstallation failed.\n' - cat \$logfile - - exit 1 -} - -function get_http_port() -{ - echo \$(cat /proc/cmdline |xargs -n1 echo |grep '^inst.repo=' | sed -r 's#^[^/]*://[^/]*:([0-9]*)/.*#\1#') -} - -END_FUNCTIONS - -%end - -# Template from: pre_common_head.cfg -%pre --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -# First, parse /proc/cmdline to find the boot args -set -- `cat /proc/cmdline` -for I in $*; do case "$I" in *=*) eval $I 2>/dev/null;; esac; done - -append= -if [ -n "$console" ] ; then - append="console=$console" -fi - -if [ -n "$security_profile" ]; then - append="$append security_profile=$security_profile" -fi - -#### SECURITY PROFILE HANDLING (Pre Installation) #### -if [ -n "$security_profile" ] && [ "$security_profile" == "extended" ]; then - # IMA specific boot options: - # Enable Kernel auditing - append="$append audit=1" -else - # we need to blacklist the IMA and Integrity Modules - # on standard security profile - append="$append module_blacklist=integrity,ima" - - # Disable Kernel auditing in Standard Security Profile mode - append="$append audit=0" -fi - -if [ -n "$tboot" ]; then - append="$append tboot=$tboot" -else - append="$append tboot=false" -fi - -boot_device_arg= -if [ -n "$boot_device" ] ; then - boot_device_arg="--boot-drive=$(get_by_path $boot_device)" -fi - -echo "bootloader --location=mbr $boot_device_arg --timeout=5 --append=\"$append\"" > /tmp/bootloader-include - -echo "timezone --nontp --utc UTC" >/tmp/timezone-include -%end - -############################################################## -# pre script for poky-stx -############################################################## -%pre -mkdir -p /run/install/repo -cp installer-config/* /run/install/repo/ -rm -f /run/install/repo/Packages -ln -sf /Packages /run/install/repo/Packages -%end - -############################################################## -# Main kickstart -############################################################## -#version=DEVEL -install -lang en_US.UTF-8 -keyboard us - -# System timezone -%include /tmp/timezone-include - -# Root password -rootpw --iscrypted $6$ArDcm/wSNLJLT2OP$QdWX6kMUgBVsiibukLBLtLfRDVz0n49BQ1svT7hPEQJASvKnqkEL5zc5kqUMMzXzLrj80z6YX9DmYTD0Ysxn.1 - -selinux --disabled -authconfig --enableshadow --passalgo=sha512 -firewall --service=ssh - -# Use text mode install -text - -# Use CDROM installation media -cdrom - -# Run the Setup Agent on first boot -firstboot --enable - -# System services -services --enabled="lvm2-monitor.service" - -# Do not configure the X Window System -skipx - -# The following is the partition information you requested -# Note that any partitions you deleted are not expressed -# here so unless you clear all partitions first, this is -# not guaranteed to work -zerombr - -# Disk layout from %pre -%include /tmp/part-include - -# Bootloader parms from %pre -%include /tmp/bootloader-include - -#reboot --eject - -%packages -#@^stx-image-aio -%end - -################################################################ -# End of Main -################################################################ - -# Template from: pre_disk_setup_common.cfg -%pre --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -# This is a really fancy way of finding the first usable disk for the -# install and not stomping on the USB device if it comes up first - -# First, parse /proc/cmdline to find the boot args -set -- `cat /proc/cmdline` -for I in $*; do case "$I" in *=*) eval $I 2>/dev/null;; esac; done - -# Find either the ISO or USB device first chopping off partition -ISO_DEV=`readlink /dev/disk/by-label/oe_iso_boot` -sdev=`echo $ISO_DEV | sed -e 's/.$//'` -if [ -e /dev/disk/by-label/$sdev ] ; then - ISO_DEV=$sdev -fi -USB_DEV=`readlink /dev/disk/by-label/wr_usb_boot` -sdev=`echo $USB_DEV | sed -e 's/.$//'` -if [ -e /dev/disk/by-label/$sdev ] ; then - USB_DEV=$sdev -fi - -# Temporary, until lab pxelinux.cfg files are updated to specify install devices -if [ -z "$rootfs_device" -o -z "$boot_device" ] -then - INST_HDD="" - # Prefer a vd* device if this is kvm/qemu - for e in vda vdb sda sdb nvme0n1; do - if [ -e /dev/$e -a "$ISO_DEV" != "../../$e" -a "$USB_DEV" != "../../$e" ] ; then - INST_HDD=$e - break - fi - done - - # Set variables to $INST_HDD if not set - rootfs_device=${rootfs_device:-$INST_HDD} - boot_device=${boot_device:-$INST_HDD} -fi - -# Convert to by-path -orig_rootfs_device=$rootfs_device -rootfs_device=$(get_by_path $rootfs_device) - -orig_boot_device=$boot_device -boot_device=$(get_by_path $boot_device) - -if [ ! -e "$rootfs_device" -o ! -e "$boot_device" ] ; then - # Touch this file to prevent Anaconda from dying an ungraceful death - touch /tmp/part-include - - report_pre_failure_with_msg "ERROR: Specified installation ($orig_rootfs_device) or boot ($orig_boot_device) device is invalid." -fi - -# Ensure specified device is not a USB drive -udevadm info --query=property --name=$rootfs_device |grep -q '^ID_BUS=usb' || \ - udevadm info --query=property --name=$boot_device |grep -q '^ID_BUS=usb' -if [ $? -eq 0 ]; then - # Touch this file to prevent Anaconda from dying an ungraceful death - touch /tmp/part-include - - report_pre_failure_with_msg "ERROR: Specified installation ($orig_rootfs_device) or boot ($orig_boot_device) device is a USB drive." -fi - -# Deactivate existing volume groups to avoid Anaconda issues with pre-existing groups -vgs --noheadings -o vg_name | xargs --no-run-if-empty -n 1 vgchange -an - -# Remove volumes and group for cgts-vg, if any -lvremove --force cgts-vg -pvs --select 'vg_name=cgts-vg' --noheadings -o pv_name | xargs --no-run-if-empty pvremove --force --force --yes -vgs --select 'vg_name=cgts-vg' --noheadings -o vg_name | xargs --no-run-if-empty vgremove --force - -ONLYUSE_HDD="" -if [ "$(curl -sf http://pxecontroller:6385/v1/upgrade/$(hostname)/in_upgrade 2>/dev/null)" = "true" ]; then - # In an upgrade, only wipe the disk with the rootfs and boot partition - echo "In upgrade, wiping only $rootfs_device" - WIPE_HDD="$(get_disk $rootfs_device)" - ONLYUSE_HDD="$(basename $(get_disk $rootfs_device))" - if [ "$(get_disk $rootfs_device)" != "$(get_disk $boot_device)" ]; then - WIPE_HDD="$WIPE_HDD,$(get_disk $boot_device)" - ONLYUSE_HDD="$ONLYUSE_HDD,$(basename $(get_disk $boot_device))" - fi -else - # Make a list of all the hard drives that are to be wiped - WIPE_HDD="" - # Partition type OSD has a unique globally identifier - part_type_guid_str="Partition GUID code" - CEPH_OSD_GUID="4FBD7E29-9D25-41B8-AFD0-062C0CEFF05D" - - # Check if we wipe OSDs - if [ "$(curl -sf http://pxecontroller:6385/v1/ihosts/wipe_osds 2>/dev/null)" = "true" ]; then - echo "Wipe OSD data." - WIPE_CEPH_OSDS="true" - else - echo "Skip Ceph OSD data wipe." - WIPE_CEPH_OSDS="false" - fi - - for f in /dev/disk/by-path/* - do - dev=$(readlink -f $f) - lsblk --nodeps --pairs $dev | grep -q 'TYPE="disk"' - if [ $? -ne 0 ] - then - continue - fi - - # Avoid wiping USB drives - udevadm info --query=property --name=$dev |grep -q '^ID_BUS=usb' && continue - - # Avoid wiping ceph osds if sysinv tells us so - if [ ${WIPE_CEPH_OSDS} == "false" ]; then - wipe_dev="true" - part_numbers=( `parted -s $dev print | awk '$1 == "Number" {i=1; next}; i {print $1}'` ) - # Scanning the partitions looking for CEPH OSDs and - # skipping any disk found with such partitions - for part_number in "${part_numbers[@]}"; do - sgdisk_part_info=$(flock $dev sgdisk -i $part_number $dev) - part_type_guid=$(echo "$sgdisk_part_info" | grep "$part_type_guid_str" | awk '{print $4;}') - if [ "$part_type_guid" == $CEPH_OSD_GUID ]; then - echo "OSD found on $dev, skipping wipe" - wipe_dev="false" - break - fi - done - if [ "$wipe_dev" == "false" ]; then - continue - fi - fi - - # Add device to the wipe list - devname=$(basename $dev) - if [ -e $dev -a "$ISO_DEV" != "../../$devname" -a "$USB_DEV" != "../../$devname" ]; then - if [ -n "$WIPE_HDD" ]; then - WIPE_HDD=$WIPE_HDD,$dev - else - WIPE_HDD=$dev - fi - fi - done - echo "Not in upgrade, wiping disks: $WIPE_HDD" -fi - -for dev in ${WIPE_HDD//,/ } -do - # Clearing previous GPT tables or LVM data - # Delete the first few bytes at the start and end of the partition. This is required with - # GPT partitions, they save partition info at the start and the end of the block. - # Do this for each partition on the disk, as well. - partitions=$(lsblk -rip $dev -o TYPE,NAME |awk '$1 == "part" {print $2}') - for p in $partitions $dev - do - echo "Pre-wiping $p from kickstart" - dd if=/dev/zero of=$p bs=512 count=34 - dd if=/dev/zero of=$p bs=512 count=34 seek=$((`blockdev --getsz $p` - 34)) - done -done - -# Check for remaining cgts-vg PVs, which could potentially happen -# in an upgrade where we're not wiping all disks. -# If we ever create other volume groups from kickstart in the future, -# include them in this search as well. -partitions=$(pvs --select 'vg_name=cgts-vg' -o pv_name --noheading | grep -v '\[unknown\]') -for p in $partitions -do - echo "Pre-wiping $p from kickstart (cgts-vg present)" - dd if=/dev/zero of=$p bs=512 count=34 - dd if=/dev/zero of=$p bs=512 count=34 seek=$((`blockdev --getsz $p` - 34)) -done - -let -i gb=1024*1024*1024 - -cat</tmp/part-include -clearpart --all --drives=$WIPE_HDD --initlabel -EOF - -if [ -n "$ONLYUSE_HDD" ]; then - cat<>/tmp/part-include -ignoredisk --only-use=$ONLYUSE_HDD -EOF -fi - -if [ -d /sys/firmware/efi ] ; then - cat<>/tmp/part-include -part /boot/efi --fstype=efi --size=300 --ondrive=$(get_disk $boot_device) -EOF -else - cat<>/tmp/part-include -part biosboot --asprimary --fstype=biosboot --size=1 --ondrive=$(get_disk $boot_device) -EOF -fi - - -# Template from: pre_disk_aio.cfg - -## NOTE: updates to partition sizes need to be also reflected in -## - stx-config/.../sysinv/conductor/manager.py:create_controller_filesystems() -## - stx-config/.../sysinv/common/constants.py -## -## NOTE: When adding partitions, we currently have a max of 4 primary partitions. -## If more than 4 partitions are required, we can use a max of 3 --asprimary, -## to allow 1 primary logical partition with extended partitions -## -## NOTE: Max default PV size must align with the default controllerfs sizes -## -## BACKUP_OVERHEAD = 20 -## -## Physical install (for disks over 240GB) -## - DB size is doubled to allow for upgrades -## -## DEFAULT_IMAGE_STOR_SIZE = 10 -## DEFAULT_DATABASE_STOR_SIZE = 20 -## DEFAULT_IMG_CONVERSION_STOR_SIZE = 20 -## BACKUP = DEFAULT_DATABASE_STOR_SIZE + DEFAULT_IMAGE_STOR_SIZE -## + BACKUP_OVERHEAD = 50 -## LOG_VOL_SIZE = 8192 -## SCRATCH_VOL_SIZE = 8192 -## RABBIT = 2048 -## PLATFORM = 2048 -## ANCHOR = 1024 -## EXTENSION = 1024 -## GNOCCHI = 5120 -## DOCKER = 30720 -## DOCKER_DIST = 16384 -## ETCD = 5120 -## CEPH_MON = 20480 -## KUBELET_VOL_SIZE = 10240 -## RESERVED_PE = 16 (based on pesize=32768) -## -## CGCS_PV_SIZE = 10240 + 2*20480 + 20480 + 51200 + 8196 + 8196 + 2048 + -## 2048 + 1024 + 1024 + 5120 + 30720 + 16384 + 5120 + -## 20480 + 10240 + 16 = 233496 -## -## small install - (for disks below 240GB) -## - DB size is doubled to allow for upgrades -## -## DEFAULT_SMALL_IMAGE_STOR_SIZE = 10 -## DEFAULT_SMALL_DATABASE_STOR_SIZE = 10 -## DEFAULT_SMALL_IMG_CONVERSION_STOR_SIZE = 10 -## DEFAULT_SMALL_BACKUP_STOR_SIZE = 40 -## -## LOG_VOL_SIZE = 8192 -## SCRATCH_VOL_SIZE = 8192 -## RABBIT = 2048 -## PLATFORM = 2048 -## ANCHOR = 1024 -## EXTENSION = 1024 -## GNOCCHI = 5120 -## DOCKER = 30720 -## DOCKER_DIST = 16384 -## ETCD = 5120 -## CEPH_MON = 20480 -## KUBELET_VOL_SIZE = 10240 -## RESERVED_PE = 16 (based on pesize=32768) -## -## -## CGCS_PV_SIZE = 10240 + 2*10240 + 10240 + 40960 + 8192 + 8192 + 2048 + -## 2048 + 1024 + 1024 + 5120 + 30720 + 16384 + 5120 + -## 20480 + 10240 + 16 = 192528 -## -## NOTE: To maintain upgrade compatability within the volume group, keep the -## undersized LOG_VOL_SIZE and SCRATCH_VOL_SIZE, but size the minimally size -## physical volume correctly. -## -## R4 AIO installations: -## - R4 (case #1): /boot (0.5G), / (20G), -## cgts-vg PV (239G), /local_pv (239G) -## - R4 (case #2): /boot (0.5G), / (20G), -## cgts-vg PV (239G), cgts-vg (239G) -## -## Upgrade migration will start with R5 install and create a partition to align -## above so filesystems within the volume group will be able to maintain their -## sizes in R5 -## - R5 install : /boot (0.5G), / (20G), -## cgts-vg PV (142G), un-partitioned (336G) -## - R5 (case #1): /boot (0.5G), / (20G), -## cgts-vg PV (142G), cgts-vg PV (97G), unpartitioned (239G) -## - R5 (case #2): /boot (0.5G), / (20G), -## cgts-vg PV (142G), cgts-vg PV (336G) -## - -sz=$(blockdev --getsize64 $(get_disk $rootfs_device)) -if [ $sz -le $((240*$gb)) ] ; then - # Round CGCS_PV_SIZE to the closest upper value that can be divided by 1024. - # 192528/1024=188.01. CGCS_PV_SIZE=189*1024=193536. Using a disk with a - # size under 189GiB will fail. - CGCS_PV_SIZE=193536 -else - # Round CGCS_PV_SIZE to the closest upper value that can be divided by 1024. - # 233496/1024=228.02. CGCS_PV_SIZE=229*1024=234496. - CGCS_PV_SIZE=234496 -fi - -ROOTFS_SIZE=20000 -LOG_VOL_SIZE=8000 -SCRATCH_VOL_SIZE=8000 - -ROOTFS_OPTIONS="defaults" -profile_mode=`cat /proc/cmdline |xargs -n1 echo |grep security_profile= | grep extended` -if [ -n "$profile_mode" ]; then - # Enable iversion labelling for rootfs when IMA is enabled - ROOTFS_OPTIONS="${ROOTFS_OPTIONS},iversion" -fi - -cat<>/tmp/part-include -part /boot --fstype=ext4 --asprimary --size=500 --ondrive=$(get_disk $rootfs_device) --fsoptions="$ROOTFS_OPTIONS" -part pv.253004 --grow --size=500 --maxsize=$CGCS_PV_SIZE --ondrive=$(get_disk $rootfs_device) -volgroup cgts-vg --pesize=32768 pv.253004 -logvol /var/log --fstype=ext4 --vgname=cgts-vg --size=$LOG_VOL_SIZE --name=log-lv -logvol /scratch --fstype=ext4 --vgname=cgts-vg --size=$SCRATCH_VOL_SIZE --name=scratch-lv -part / --fstype=ext4 --asprimary --size=$ROOTFS_SIZE --ondrive=$(get_disk $rootfs_device) --fsoptions="$ROOTFS_OPTIONS" -EOF - -%end - - -# Template from: post_platform_conf_aio.cfg -%post --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -# Set the security profile mode -secprofile="standard" -profile_mode=`cat /proc/cmdline |xargs -n1 echo |grep security_profile= | grep extended` -if [ -n "$profile_mode" ]; then - secprofile="extended" -fi - -mkdir -p -m 0775 /etc/platform -cat < /etc/platform/platform.conf -nodetype=controller -subfunction=controller,worker -system_type=All-in-one -security_profile=$secprofile -EOF - -%end - -###################################### -# workarounds or fixes for poky-stx -###################################### -%post --erroronfail - -# Add extra users and groups -SYSADMIN_P="4SuW8cnXFyxsk" -groupadd -f -g 345 sys_protected -useradd -m -g sys_protected -G root -d /home/sysadmin -p ${SYSADMIN_P} -s /bin/sh sysadmin - -groupadd -r -g 128 nscd -useradd -M -o -r -d / -s /sbin/nologin -c 'NSCD Daemon' -u 28 -g nscd nscd - -useradd -p '' patching -groupadd patching -usermod -a -G patching patching - -useradd -p '' nfv -groupadd nfv -usermod -a -G nfv nfv - -usermod -a -G sys_protected sysadmin -usermod -a -G sys_protected sysinv -usermod -a -G sys_protected www -usermod -a -G sys_protected nfv -usermod -a -G sys_protected patching -usermod -a -G sys_protected haproxy -usermod -a -G snmpd fm -usermod -P root root - -# Extend path variable for sysadmin -echo 'PATH=/sbin:/usr/sbin:$PATH' >> /home/sysadmin/.bashrc -chown sysadmin:sys_protected /home/sysadmin/.bashrc - -# Avoid duplicate with systemd-fstab-generator -sed -i "s|\(^.*/dev/root\)|#\1|" /etc/fstab - -%end - -%post --nochroot -# installer images for pxe-network-installer -mkdir -p /mnt/sysimage/pxeboot/rel-19.12 -cp -P /boot/installer-initrd* /mnt/sysimage/pxeboot/rel-19.12/ -cp /boot/bzImage /mnt/sysimage/pxeboot/rel-19.12/installer-bzImage_1.0 -ln -s installer-bzImage_1.0 /mnt/sysimage/pxeboot/rel-19.12/installer-bzImage - -if [ -f /media/realroot/efi.img ]; then - cp /media/realroot/efi.img /mnt/sysimage/pxeboot/rel-19.12/efiboot.img -fi - -%end - - -# Template from: post_common.cfg -%post --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -# Turn off locale support for i18n if is not installed -if [ ! -d /usr/share/i18n ] ; then - rm -f /etc/sysconfig/i18n -fi -# Unset the hostname -rm /etc/hostname - -# If using a serial install make sure to add a getty on the tty1 -conarg=`cat /proc/cmdline |xargs -n1 echo |grep console= |grep ttyS` -if [ -n "$conarg" ] ; then - echo "1:2345:respawn:/sbin/mingetty tty1" >> /etc/inittab -fi - -#### SECURITY PROFILE HANDLING (Post Installation) #### -# Check if the Security profile mode is enabled -# and load the appropriate kernel modules -secprofile=`cat /proc/cmdline |xargs -n1 echo |grep security_profile= | grep extended` -if [ -n "$secprofile" ]; then - echo "In Extended Security profile mode. Loading IMA kernel module" - systemctl enable auditd.service - # Add the securityfs mount for the IMA Runtime measurement list - echo "securityfs /sys/kernel/security securityfs defaults,nodev 0 0" >> /etc/fstab -else - # Disable audit daemon in the Standard Security Profile - systemctl disable auditd -fi - -. /etc/platform/platform.conf - -# Delete the CentOS yum repo files -rm -f /etc/yum.repos.d/CentOS-* - -# Create platform yum repo file -mkdir -p /etc/yum.repos.d -cat >/etc/yum.repos.d/platform.repo < /etc/udev/rules.d/70-persistent-net.rules -for dir in /sys/class/net/*; do - if [ -e ${dir}/device ]; then - dev=$(basename ${dir}) - mac_address=$(cat /sys/class/net/${dev}/address) - echo "ACTION==\"add\", SUBSYSTEM==\"net\", DRIVERS==\"?*\", ATTR{address}==\"${mac_address}\", NAME=\"${dev}\"" >> /etc/udev/rules.d/70-persistent-net.rules - fi -done - -# Mark the sysadmin password as expired immediately -chage -d 0 sysadmin - -# Lock the root password -#passwd -l root - -# Enable tmpfs mount for /tmp -# delete /var/tmp so that it can similinked in -rm -rf /var/tmp -systemctl enable tmp.mount - -# Disable firewall -systemctl disable firewalld - -# Disable libvirtd -systemctl disable libvirtd.service - -# Enable rsyncd -systemctl enable rsyncd.service - -# Allow root to run sudo from a non-tty (for scripts running as root that run sudo cmds) -echo 'Defaults:root !requiretty' > /etc/sudoers.d/root - -# Make fstab just root read/writable -chmod 600 /etc/fstab - -# Create first_boot flag -touch /etc/platform/.first_boot - -%end - -# Template from: post_kernel_aio_and_worker.cfg -%post --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -# Source the generated platform.conf -. /etc/platform/platform.conf - -# Update grub with custom kernel bootargs -source /etc/init.d/cpumap_functions.sh -n_cpus=$(cat /proc/cpuinfo 2>/dev/null | \ - awk '/^[pP]rocessor/ { n +=1 } END { print (n>0) ? n : 1}') -n_numa=$(ls -d /sys/devices/system/node/node* 2>/dev/null | wc -l) -KERN_OPTS=" iommu=pt usbcore.autosuspend=-1" - -KERN_OPTS="${KERN_OPTS} hugepagesz=2M hugepages=0 default_hugepagesz=2M" - -# If this is an all-in-one system, we need at least 4 CPUs -if [ "$system_type" = "All-in-one" -a ${n_cpus} -lt 4 ]; then - report_post_failure_with_msg "ERROR: At least 4 CPUs are required for controller+worker node." -fi - -# Add kernel options for cpu isolation / affinity -if [ ${n_cpus} -gt 1 ] -then - base_cpulist=$(platform_expanded_cpu_list) - base_cpumap=$(cpulist_to_cpumap ${base_cpulist} ${n_cpus}) - avp_cpulist=$(vswitch_expanded_cpu_list) - norcu_cpumap=$(invert_cpumap ${base_cpumap} ${n_cpus}) - norcu_cpulist=$(cpumap_to_cpulist ${norcu_cpumap} ${n_cpus}) - - if [[ "$subfunction" =~ lowlatency ]]; then - KERN_OPTS="${KERN_OPTS} isolcpus=${norcu_cpulist}" - KERN_OPTS="${KERN_OPTS} nohz_full=${norcu_cpulist}" - else - KERN_OPTS="${KERN_OPTS} isolcpus=${avp_cpulist}" - fi - KERN_OPTS="${KERN_OPTS} rcu_nocbs=${norcu_cpulist}" - KERN_OPTS="${KERN_OPTS} kthread_cpus=${base_cpulist}" - KERN_OPTS="${KERN_OPTS} irqaffinity=${base_cpulist}" - # Update vswitch.conf - sed -i "s/^VSWITCH_CPU_LIST=.*/VSWITCH_CPU_LIST=\"${avp_cpulist}\"/" /etc/vswitch/vswitch.conf -fi - -# Add kernel options to ensure an selinux is disabled -KERN_OPTS="${KERN_OPTS} selinux=0 enforcing=0" - -# Add kernel options to set NMI watchdog -if [[ "$subfunction" =~ lowlatency ]]; then - KERN_OPTS="${KERN_OPTS} nmi_watchdog=0 softlockup_panic=0" -else - KERN_OPTS="${KERN_OPTS} nmi_watchdog=panic,1 softlockup_panic=1" -fi - -if [[ "$(dmidecode -s system-product-name)" =~ ^ProLiant.*Gen8$ ]]; then - KERN_OPTS="${KERN_OPTS} intel_iommu=on,eth_no_rmrr" -else - KERN_OPTS="${KERN_OPTS} intel_iommu=on" -fi - -# Add kernel option to disable biosdevname if enabled -# As this may already be in GRUB_CMDLINE_LINUX, only add if it is not already present -grep -q '^GRUB_CMDLINE_LINUX=.*biosdevname=0' /etc/default/grub -if [ $? -ne 0 ]; then - KERN_OPTS="${KERN_OPTS} biosdevname=0" -fi - -# Add kernel options to disable kvm-intel.eptad on Broadwell -# Broadwell: Model: 79, Model name: Intel(R) Xeon(R) CPU E5-2699 v4 @ 2.20GHz -if grep -q -E "^model\s+:\s+79$" /proc/cpuinfo -then - KERN_OPTS="${KERN_OPTS} kvm-intel.eptad=0" -fi - -# k8s updates: -#KERN_OPTS="${KERN_OPTS} cgroup_disable=memory" -KERN_OPTS="${KERN_OPTS} user_namespace.enable=1" - -# Add kernel option to avoid jiffies_lock contention on real-time kernel -if [[ "$subfunction" =~ lowlatency ]]; then - KERN_OPTS="${KERN_OPTS} skew_tick=1" -fi - -# If the installer asked us to use security related kernel params, use -# them in the grub line as well (until they can be configured via puppet) -grep -q 'nopti' /proc/cmdline -if [ $? -eq 0 ]; then - KERN_OPTS="${KERN_OPTS} nopti" -fi -grep -q 'nospectre_v2' /proc/cmdline -if [ $? -eq 0 ]; then - KERN_OPTS="${KERN_OPTS} nospectre_v2" -fi - -perl -pi -e 's/(GRUB_CMDLINE_LINUX=.*)\"/\1'"$KERN_OPTS"'\"/g' /etc/default/grub - -if [ -d /sys/firmware/efi ] ; then - grub-mkconfig -o /boot/efi/EFI/centos/grub.cfg -else - grub-mkconfig -o /boot/grub/grub.cfg -fi - -%end - - -# Template from: post_lvm_pv_on_rootfs.cfg -%post --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -# uncomment the global_filter line in lvm.conf -perl -0777 -i.bak -pe 's:(# This configuration option has an automatic default value\.\n)\t# global_filter:$1 global_filter:m' /etc/lvm/lvm.conf - -# Determine which disk we created our PV on (i.e. the root disk) -ROOTDISK=$(get_by_path $(pvdisplay --select 'vg_name=cgts-vg' -C -o pv_name --noheadings)) -if [ -z "$ROOTDISK" ]; then - report_post_failure_with_msg "ERROR: failed to identify rootdisk via pvdisplay" -fi -# Edit the LVM config so LVM only looks for LVs on the root disk -sed -i "s#^\( *\)global_filter = \[.*#\1global_filter = [ \"a|${ROOTDISK}|\", \"r|.*|\" ]#" /etc/lvm/lvm.conf -%end - - -# Template from: post_system_aio.cfg -%post --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -# Source the generated platform.conf -. /etc/platform/platform.conf - -## Reserve more memory for base processes since the controller has higher -## memory requirements but cap it to better handle systems with large -## amounts of memory -TOTALMEM=$(grep MemTotal /proc/meminfo | awk '{print int($2/1024)}') - -if [ -e /sys/devices/system/node/node0 ]; then - RESERVEDMEM=$(grep MemTotal /sys/devices/system/node/node0/meminfo | awk '{printf "%d\n", $4/1024}') -else - RESERVEDMEM=$(grep MemTotal /proc/meminfo | awk '{print int($2/1024/4)}') -fi - -if [ ${RESERVEDMEM} -lt 6144 ]; then - RESERVEDMEM=6144 -elif [ ${RESERVEDMEM} -gt 14500 ]; then - RESERVEDMEM=14500 -elif [ ${RESERVEDMEM} -gt 8192 ]; then - RESERVEDMEM=8192 -fi - -sed -i -e "s#\(WORKER_BASE_RESERVED\)=.*#\1=(\"node0:${RESERVEDMEM}MB:1\" \"node1:2000MB:0\" \"node2:2000MB:0\" \"node3:2000MB:0\")#g" /etc/platform/worker_reserved.conf - -# Update WORKER_CPU_LIST -N_CPUS=$(cat /proc/cpuinfo 2>/dev/null | awk '/^[pP]rocessor/ { n +=1 } END { print (n>0) ? n : 1}') -sed -i "s/^WORKER_CPU_LIST=.*/WORKER_CPU_LIST=\"0-$((N_CPUS-1))\"/" /etc/platform/worker_reserved.conf - -%end - - -# Template from: post_usb_controller.cfg -%pre --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -if [ -d /mnt/install/source ]; then - srcdir=/mnt/install/source -else - srcdir=/run/install/repo -fi - -touch /tmp/repo-include - -if [ -d ${srcdir}/patches ]; then - echo "repo --name=updates --baseurl=file://${srcdir}/patches/" > /tmp/repo-include -fi - -%end - -# Repository arguments from %pre -%include /tmp/repo-include - -%post --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -mgmt_dev=none - -# Persist the boot device to the platform configuration. This will get -# overwritten when config_controller is run. -echo management_interface=$mgmt_dev >> /etc/platform/platform.conf - -# persist the default http port number to platform configuration. This -# will get overwritten when config_controller is run. -echo http_port=8080 >> /etc/platform/platform.conf - -# Build networking scripts -cat << EOF > /etc/sysconfig/network-scripts/ifcfg-lo -DEVICE=lo -IPADDR=127.0.0.1 -NETMASK=255.0.0.0 -NETWORK=127.0.0.0 -BROADCAST=127.255.255.255 -ONBOOT=yes -IPV6_AUTOCONF=no -NAME=loopback -EOF - -%end - - -# Note, this section is different and replaced with a wget -# if doing the initial install off the network -%post --nochroot -if [ -d /mnt/install/source ]; then - srcdir=/mnt/install/source -else - srcdir=/run/install/repo -fi - -if [ -d $srcdir/Packages ] ; then - mkdir -p /mnt/sysimage/www/pages/feed/rel-19.12 - cp -r $srcdir/Packages/* /mnt/sysimage/www/pages/feed/rel-19.12/ - cp $srcdir/*.cfg /mnt/sysimage/www/pages/feed/rel-19.12 -fi - -if [ -d $srcdir/patches ]; then - mkdir -p /mnt/sysimage/www/pages/updates/rel-19.12 - cp -r $srcdir/patches/Packages /mnt/sysimage/www/pages/updates/rel-19.12/Packages - cp -r $srcdir/patches/repodata /mnt/sysimage/www/pages/updates/rel-19.12/repodata - mkdir -p /mnt/sysimage/opt/patching - cp -r $srcdir/patches/metadata /mnt/sysimage/opt/patching/metadata - mkdir -p /mnt/sysimage/opt/patching/packages/19.12 - - find /mnt/sysimage/www/pages/updates/rel-19.12/Packages -name '*.rpm' \ - | xargs --no-run-if-empty -I files cp --preserve=all files /mnt/sysimage/opt/patching/packages/19.12/ -fi - -# Create a uuid specific to this installation -INSTALL_UUID=`uuidgen` -echo $INSTALL_UUID > /mnt/sysimage/www/pages/feed/rel-19.12/install_uuid -echo "INSTALL_UUID=$INSTALL_UUID" >> /mnt/sysimage/etc/platform/platform.conf -%end - -%post - -# This is a USB install, so set ONBOOT=yes for network devices. -# Doing this in the %post so we don't unintentionally setup a -# network device during the installation. -for f in /etc/sysconfig/network-scripts/ifcfg-*; do - if grep -q '^ONBOOT=' ${f}; then - sed -i 's/^ONBOOT=.*/ONBOOT=yes/' ${f} - else - echo "ONBOOT=yes" >> ${f} - fi - if grep -q '^IPV6_AUTOCONF=' ${f}; then - sed -i 's/^IPV6_AUTOCONF=.*/IPV6_AUTOCONF=no/' ${f} - else - echo "IPV6_AUTOCONF=no" >> ${f} - fi -done - -%end - - -# Template from: post_usb_addon.cfg -%pre --erroronfail -if [ -d /mnt/install/source ]; then - srcdir=/mnt/install/source -else - srcdir=/run/install/repo -fi - -if [ -f ${srcdir}/ks-addon.cfg ]; then - cp ${srcdir}/ks-addon.cfg /tmp/ -else - cat < /tmp/ks-addon.cfg -# No custom addon included -EOF -fi -%end - -%post --nochroot -if [ -d /mnt/install/source ]; then - srcdir=/mnt/install/source -else - srcdir=/run/install/repo -fi - -# Store the ks-addon.cfg for debugging -mkdir -p /mnt/sysimage/var/log/anaconda -cp /tmp/ks-addon.cfg /mnt/sysimage/var/log/anaconda/ -%end - -%post --erroronfail - -# Source common functions -. /tmp/ks-functions.sh - -%include /tmp/ks-addon.cfg - -%end diff --git a/meta-stx/recipes-core/images/stx-image-aio-installer.bb b/meta-stx/recipes-core/images/stx-image-aio-installer.bb index 911e906..83b5602 100644 --- a/meta-stx/recipes-core/images/stx-image-aio-installer.bb +++ b/meta-stx/recipes-core/images/stx-image-aio-installer.bb @@ -51,20 +51,20 @@ IMAGE_ROOTFS_EXTRA_SPACE =" + 102400" inherit core-image stx-anaconda-image -KICKSTART_FILE ?= "${LAYER_PATH_meta-stx}/conf/distro/files/ks/poky_stx_aio_ks.cfg" +DEFAULT_KICKSTART ?= "smallsystem_lowlatency_ks.cfg" +STX_KICKSTART_DIR ?= "${INSTALLER_TARGET_BUILD}/tmp/deploy/images/${MACHINE}/stx-kickstarts/" +KICKSTART_FILE ?= "${STX_KICKSTART_DIR}/${DEFAULT_KICKSTART}" -# Only the ones prefix with poky_stx_ are tested and working KICKSTART_FILE_EXTRA ?= " \ - ${LAYER_PATH_meta-stx}/conf/distro/files/ks/poky_stx_aio_ks.cfg \ - ${LAYER_PATH_meta-stx}/conf/distro/files/ks/aio_ks.cfg \ - ${LAYER_PATH_meta-stx}/conf/distro/files/ks/aio_lowlatency_ks.cfg \ - ${LAYER_PATH_meta-stx}/conf/distro/files/ks/controller_ks.cfg \ - ${LAYER_PATH_meta-stx}/conf/distro/files/ks/net_controller_ks.cfg \ - ${LAYER_PATH_meta-stx}/conf/distro/files/ks/net_smallsystem_ks.cfg \ - ${LAYER_PATH_meta-stx}/conf/distro/files/ks/net_smallsystem_lowlatency_ks.cfg \ - ${LAYER_PATH_meta-stx}/conf/distro/files/ks/net_storage_ks.cfg \ - ${LAYER_PATH_meta-stx}/conf/distro/files/ks/net_worker_ks.cfg \ - ${LAYER_PATH_meta-stx}/conf/distro/files/ks/net_worker_lowlatency_ks.cfg \ + ${STX_KICKSTART_DIR}/smallsystem_ks.cfg \ + ${STX_KICKSTART_DIR}/smallsystem_lowlatency_ks.cfg \ + ${STX_KICKSTART_DIR}/controller_ks.cfg \ + ${STX_KICKSTART_DIR}/net_controller_ks.cfg \ + ${STX_KICKSTART_DIR}/net_smallsystem_ks.cfg \ + ${STX_KICKSTART_DIR}/net_smallsystem_lowlatency_ks.cfg \ + ${STX_KICKSTART_DIR}/net_storage_ks.cfg \ + ${STX_KICKSTART_DIR}/net_worker_ks.cfg \ + ${STX_KICKSTART_DIR}/net_worker_lowlatency_ks.cfg \ " SYSLINUX_CFG_LIVE = "${LAYER_PATH_meta-stx}/conf/distro/files/syslinux.cfg" diff --git a/meta-stx/recipes-core/stx-metal/platform-kickstarts.inc b/meta-stx/recipes-core/stx-metal/platform-kickstarts.inc index d90cc3e..7c59e61 100644 --- a/meta-stx/recipes-core/stx-metal/platform-kickstarts.inc +++ b/meta-stx/recipes-core/stx-metal/platform-kickstarts.inc @@ -23,6 +23,8 @@ feed_dir = "/www/pages/feed/rel-${STX_REL}" DEPENDS += "perl-native" +inherit deploy + do_compile_prepend () { cd ${S}/bsp-files/ ./centos-ks-gen.pl --release ${STX_REL} @@ -40,6 +42,13 @@ do_install_prepend () { install -D -m 0444 extra_cfgs/* ${D}/extra_cfgs } +do_deploy () { + mkdir -p ${DEPLOYDIR}/stx-kickstarts + cp -f ${S}/bsp-files/generated/* ${DEPLOYDIR}/stx-kickstarts +} + +addtask do_deploy after do_compile before do_build + FILES_platform-kickstarts = "${feed_dir}" FILES_platform-kickstarts-pxeboot = "/pxeboot" FILES_platform-kickstarts-extracfgs = "/extra_cfgs" -- 2.16.6