extract related logic into an OkdIpxeScore
Some checks failed
Run Check Script / check (pull_request) Failing after 33s
Some checks failed
Run Check Script / check (pull_request) Failing after 33s
This commit is contained in:
@@ -18,5 +18,4 @@ harmony_macros = { path = "../../harmony_macros" }
|
||||
log = { workspace = true }
|
||||
env_logger = { workspace = true }
|
||||
url = { workspace = true }
|
||||
askama = "0.14.0"
|
||||
serde.workspace = true
|
||||
|
||||
@@ -1,97 +1,24 @@
|
||||
mod topology;
|
||||
|
||||
use std::net::IpAddr;
|
||||
|
||||
use askama::Template;
|
||||
use harmony::{
|
||||
data::{FileContent, FilePath},
|
||||
modules::{dhcp::DhcpScore, http::StaticFilesHttpScore, tftp::TftpScore},
|
||||
score::Score,
|
||||
topology::{HAClusterTopology, Url},
|
||||
};
|
||||
|
||||
use crate::topology::{get_inventory, get_topology};
|
||||
use harmony::modules::okd::ipxe::OkdIpxeScore;
|
||||
|
||||
#[tokio::main]
|
||||
async fn main() {
|
||||
let inventory = get_inventory();
|
||||
let topology = get_topology().await;
|
||||
let gateway_ip = &topology.router.get_gateway();
|
||||
|
||||
let kickstart_filename = "inventory.kickstart";
|
||||
let cluster_pubkey_filename = "cluster_ssh_key.pub";
|
||||
let harmony_inventory_agent = "harmony_inventory_agent";
|
||||
let kickstart_filename = "inventory.kickstart".to_string();
|
||||
let cluster_pubkey_filename = "cluster_ssh_key.pub".to_string();
|
||||
let harmony_inventory_agent = "harmony_inventory_agent".to_string();
|
||||
|
||||
// TODO: this should be a single IPXEScore instead of having the user do this step by step
|
||||
let scores: Vec<Box<dyn Score<HAClusterTopology>>> = vec![
|
||||
Box::new(DhcpScore {
|
||||
host_binding: vec![],
|
||||
next_server: Some(topology.router.get_gateway()),
|
||||
boot_filename: None,
|
||||
filename: Some("undionly.kpxe".to_string()),
|
||||
filename64: Some("ipxe.efi".to_string()),
|
||||
filenameipxe: Some(format!("http://{gateway_ip}:8080/boot.ipxe").to_string()),
|
||||
}),
|
||||
Box::new(TftpScore {
|
||||
files_to_serve: Url::LocalFolder("./data/pxe/okd/tftpboot/".to_string()),
|
||||
}),
|
||||
Box::new(StaticFilesHttpScore {
|
||||
// TODO The current russh based copy is way too slow, check for a lib update or use scp
|
||||
// when available
|
||||
//
|
||||
// For now just run :
|
||||
// scp -r data/pxe/okd/http_files/* root@192.168.1.1:/usr/local/http/
|
||||
//
|
||||
folder_to_serve: None,
|
||||
// folder_to_serve: Some(Url::LocalFolder("./data/pxe/okd/http_files/".to_string())),
|
||||
files: vec![
|
||||
FileContent {
|
||||
path: FilePath::Relative("boot.ipxe".to_string()),
|
||||
content: BootIpxeTpl { gateway_ip }.to_string(),
|
||||
},
|
||||
FileContent {
|
||||
path: FilePath::Relative(kickstart_filename.to_string()),
|
||||
content: InventoryKickstartTpl {
|
||||
gateway_ip,
|
||||
harmony_inventory_agent,
|
||||
cluster_pubkey_filename,
|
||||
}
|
||||
.to_string(),
|
||||
},
|
||||
FileContent {
|
||||
path: FilePath::Relative("fallback.ipxe".to_string()),
|
||||
content: FallbackIpxeTpl {
|
||||
gateway_ip,
|
||||
kickstart_filename,
|
||||
}
|
||||
.to_string(),
|
||||
},
|
||||
],
|
||||
}),
|
||||
];
|
||||
let ipxe_score = OkdIpxeScore {
|
||||
kickstart_filename,
|
||||
harmony_inventory_agent,
|
||||
cluster_pubkey_filename,
|
||||
};
|
||||
|
||||
harmony_cli::run(inventory, topology, scores, None)
|
||||
harmony_cli::run(inventory, topology, vec![Box::new(ipxe_score)], None)
|
||||
.await
|
||||
.unwrap();
|
||||
}
|
||||
|
||||
#[derive(Template)]
|
||||
#[template(path = "boot.ipxe.j2")]
|
||||
struct BootIpxeTpl<'a> {
|
||||
gateway_ip: &'a IpAddr,
|
||||
}
|
||||
|
||||
#[derive(Template)]
|
||||
#[template(path = "fallback.ipxe.j2")]
|
||||
struct FallbackIpxeTpl<'a> {
|
||||
gateway_ip: &'a IpAddr,
|
||||
kickstart_filename: &'a str,
|
||||
}
|
||||
|
||||
#[derive(Template)]
|
||||
#[template(path = "inventory.kickstart.j2")]
|
||||
struct InventoryKickstartTpl<'a> {
|
||||
gateway_ip: &'a IpAddr,
|
||||
cluster_pubkey_filename: &'a str,
|
||||
harmony_inventory_agent: &'a str,
|
||||
}
|
||||
|
||||
@@ -1,5 +1,3 @@
|
||||
use std::{net::IpAddr, sync::Arc};
|
||||
|
||||
use cidr::Ipv4Cidr;
|
||||
use harmony::{
|
||||
hardware::{FirewallGroup, HostCategory, Location, PhysicalHost, SwitchGroup},
|
||||
@@ -10,6 +8,7 @@ use harmony::{
|
||||
use harmony_macros::{ip, ipv4};
|
||||
use harmony_secret::{Secret, SecretManager};
|
||||
use serde::{Deserialize, Serialize};
|
||||
use std::{net::IpAddr, sync::Arc};
|
||||
|
||||
#[derive(Secret, Serialize, Deserialize, Debug, PartialEq)]
|
||||
struct OPNSenseFirewallConfig {
|
||||
|
||||
@@ -1,6 +0,0 @@
|
||||
#!ipxe
|
||||
|
||||
set base-url http://{{ gateway_ip }}:8080
|
||||
set hostfile ${base-url}/byMAC/01-${mac:hexhyp}.ipxe
|
||||
|
||||
chain ${hostfile} || chain ${base-url}/fallback.ipxe
|
||||
@@ -1,40 +0,0 @@
|
||||
#!ipxe
|
||||
|
||||
# =================================================================
|
||||
# Harmony Discovery Agent - Default Boot Script (default.ipxe)
|
||||
# =================================================================
|
||||
#
|
||||
# This script boots the CentOS Stream live environment for the
|
||||
# purpose of hardware inventory. It loads the kernel and initramfs
|
||||
# directly and passes a Kickstart URL for full automation.
|
||||
#
|
||||
|
||||
# --- Configuration
|
||||
# Set the base URL for where the CentOS kernel/initrd are hosted.
|
||||
set os_base_url http://{{gateway_ip}}:8080/os/centos-stream-9
|
||||
# Set the URL for the Kickstart file.
|
||||
set ks_url http://{{ gateway_ip }}:8080/{{ kickstart_filename }}
|
||||
|
||||
# --- Boot Process
|
||||
echo "Harmony: Starting automated node discovery..."
|
||||
echo "Fetching kernel from ${os_base_url}/vmlinuz..."
|
||||
kernel ${os_base_url}/vmlinuz
|
||||
|
||||
echo "Fetching initramfs from ${os_base_url}/initrd.img..."
|
||||
initrd ${os_base_url}/initrd.img
|
||||
|
||||
echo "Configuring kernel boot arguments..."
|
||||
# Kernel Arguments Explained:
|
||||
# - initrd=initrd.img: Specifies the initial ramdisk to use.
|
||||
# - inst.stage2: Points to the OS source. For a live boot, the base URL is sufficient.
|
||||
# - inst.ks: CRITICAL: Points to our Kickstart file for automation.
|
||||
# - ip=dhcp: Ensures the live environment configures its network.
|
||||
# - console=...: Provides boot output on both serial and graphical consoles for debugging.
|
||||
imgargs vmlinuz initrd=initrd.img inst.sshd inst.stage2=${os_base_url} inst.ks=${ks_url} ip=dhcp console=ttyS0,115200 console=tty1
|
||||
|
||||
echo "Booting into CentOS Stream 9 live environment..."
|
||||
boot || goto failed
|
||||
|
||||
:failed
|
||||
echo "Boot failed. Dropping to iPXE shell."
|
||||
shell
|
||||
@@ -1,127 +0,0 @@
|
||||
# --- Pre-Boot Scripting (The Main Goal) ---
|
||||
# This section runs after the live environment has booted into RAM.
|
||||
# It sets up SSH and downloads/runs the harmony-inventory-agent.
|
||||
%pre --log=/root/ks-pre.log
|
||||
|
||||
echo "Harmony Kickstart: Pre-boot script started."
|
||||
|
||||
# 1. Configure SSH Access for Root
|
||||
# Create the .ssh directory and set correct permissions.
|
||||
echo " - Setting up SSH authorized_keys for root..."
|
||||
mkdir -p /root/.ssh
|
||||
chmod 700 /root/.ssh
|
||||
|
||||
# Download the public key from the provisioning server.
|
||||
# The -sS flags make curl silent but show errors. -L follows redirects.
|
||||
curl -vSL "http://{{ gateway_ip }}:8080/{{ cluster_pubkey_filename }}" -o /root/.ssh/authorized_keys
|
||||
if [ $? -ne 0 ]; then
|
||||
echo " - ERROR: Failed to download SSH public key."
|
||||
else
|
||||
echo " - SSH key downloaded successfully."
|
||||
chmod 600 /root/.ssh/authorized_keys
|
||||
fi
|
||||
|
||||
# 2. Download the Harmony Inventory Agent
|
||||
echo " - Downloading harmony-inventory-agent..."
|
||||
curl -vSL "http://{{ gateway_ip }}:8080/{{ harmony_inventory_agent }}" -o /usr/bin/harmony-inventory-agent
|
||||
if [ $? -ne 0 ]; then
|
||||
echo " - ERROR: Failed to download harmony_inventory_agent."
|
||||
else
|
||||
echo " - Agent binary downloaded successfully."
|
||||
chmod +x /usr/bin/harmony-inventory-agent
|
||||
fi
|
||||
|
||||
# 3. Create a systemd service to run the agent persistently.
|
||||
# This is the most robust method to ensure the agent stays running.
|
||||
echo " - Creating systemd service for the agent..."
|
||||
cat > /etc/systemd/system/harmony-agent.service << EOF
|
||||
[Unit]
|
||||
Description=Harmony Inventory Agent
|
||||
After=network-online.target
|
||||
Wants=network-online.target
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
ExecStart=/usr/bin/harmony-inventory-agent
|
||||
Restart=on-failure
|
||||
RestartSec=5
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
EOF
|
||||
|
||||
# 4. Enable and start the service
|
||||
# The 'systemctl' commands will work correctly within the chroot environment of the %pre script.
|
||||
echo " - Enabling and starting harmony-agent.service..."
|
||||
systemctl daemon-reload
|
||||
systemctl enable --now harmony-agent.service
|
||||
|
||||
# Check if the service started correctly
|
||||
systemctl is-active --quiet harmony-agent.service
|
||||
if [ $? -eq 0 ]; then
|
||||
echo " - Harmony Inventory Agent service is now running."
|
||||
else
|
||||
echo " - ERROR: Harmony Inventory Agent service failed to start."
|
||||
fi
|
||||
|
||||
echo "Harmony Kickstart: Pre-boot script finished. The machine is ready for inventory."
|
||||
|
||||
echo "Running cat - to pause system indefinitely"
|
||||
cat -
|
||||
|
||||
%end
|
||||
|
||||
# =================================================================
|
||||
# Harmony Discovery Agent - Kickstart File (NON-INSTALL, LIVE BOOT)
|
||||
# =================================================================
|
||||
#
|
||||
# This file achieves a fully automated, non-interactive boot into a
|
||||
# live CentOS environment. It does NOT install to disk.
|
||||
#
|
||||
|
||||
# --- Automation and Interaction Control ---
|
||||
# Perform the installation in command-line mode. This is critical for
|
||||
# preventing Anaconda from starting a UI and halting for input.
|
||||
cmdline
|
||||
|
||||
# Accept the End User License Agreement to prevent a prompt.
|
||||
eula --agreed
|
||||
|
||||
# --- Core System Configuration (Required by Anaconda) ---
|
||||
# Set keyboard and language. These are mandatory.
|
||||
keyboard --vckeymap=us --xlayouts='us'
|
||||
lang en_US.UTF-8
|
||||
|
||||
# Configure networking. This is essential for the %post script to work.
|
||||
# The --activate flag ensures this device is brought up in the installer environment.
|
||||
network --bootproto=dhcp --device=link --activate
|
||||
|
||||
# Set a locked root password. This is a mandatory command.
|
||||
rootpw --lock
|
||||
|
||||
# Set the timezone. This is a mandatory command.
|
||||
timezone UTC
|
||||
|
||||
# --- Disable Installation-Specific Features ---
|
||||
# CRITICAL: Do not install a bootloader. The --disabled flag prevents
|
||||
# this step and avoids errors about where to install it.
|
||||
bootloader --disabled
|
||||
|
||||
# CRITICAL: Ignore all disks. This prevents Anaconda from stopping at the
|
||||
# "Installation Destination" screen asking where to install.
|
||||
# ignoredisk --drives /dev/sda
|
||||
|
||||
# Do not run the Initial Setup wizard on first boot.
|
||||
firstboot --disable
|
||||
|
||||
# --- Package Selection ---
|
||||
# We are not installing, so this section can be minimal.
|
||||
# An empty %packages section is valid and ensures no time is wasted
|
||||
# resolving dependencies for an installation that will not happen.
|
||||
%packages
|
||||
%end
|
||||
|
||||
|
||||
# IMPORTANT: Do not include a final action command like 'reboot' or 'poweroff'.
|
||||
# The default action is 'halt', which in cmdline mode will leave the system
|
||||
# running in the live environment with the agent active, which is the desired state.
|
||||
Reference in New Issue
Block a user