Jean-Gabriel Gill-Couture
57c3b01e66
Some checks failed
Run Check Script / check (pull_request) Failing after 36s
93 lines
2.9 KiB
Django/Jinja
93 lines
2.9 KiB
Django/Jinja
# =================================================================
|
|
# Harmony Discovery Agent - Kickstart File (inventory.kickstart)
|
|
# =================================================================
|
|
#
|
|
# This Kickstart file configures the CentOS Stream 9 live environment.
|
|
# It does NOT install to disk. It sets up SSH for remote access
|
|
# and downloads and runs the harmony-inventory-agent.
|
|
#
|
|
|
|
# --- System Configuration
|
|
lang en_US.UTF-8
|
|
keyboard --xlayouts='us'
|
|
timezone America/New_York --isUtc
|
|
|
|
# --- Network Configuration
|
|
# Ensure the network is activated using DHCP.
|
|
network --bootproto=dhcp --device=link --activate
|
|
|
|
# --- Security Configuration
|
|
# Disable the firewall for this isolated provisioning network.
|
|
firewall --disabled
|
|
# Disable SELinux for simplicity in the live environment.
|
|
selinux --disabled
|
|
# Disable password-based root login for security.
|
|
rootpw --lock
|
|
|
|
# --- Service Configuration
|
|
# Ensure the SSH daemon is enabled.
|
|
services --enabled="sshd"
|
|
|
|
# We are running a live environment, so no disk partitioning.
|
|
# The 'liveimg' command would be used here if booting from a squashfs,
|
|
# but since we are booting from kernel/initrd, we just use the %post.
|
|
|
|
# Do not run the graphical initial setup wizard.
|
|
firstboot --disable
|
|
|
|
# --- Post-Boot Scripting
|
|
# This section runs after the live environment has booted into RAM.
|
|
%post --log=/root/ks-post.log
|
|
|
|
echo "Harmony Kickstart: Post-boot script started."
|
|
|
|
# 1. Configure SSH Access
|
|
# Create the .ssh directory and set correct permissions.
|
|
echo " - Setting up SSH authorized_keys..."
|
|
mkdir -p /root/.ssh
|
|
chmod 700 /root/.ssh
|
|
|
|
# Download the public key and place it in authorized_keys.
|
|
curl -sSL "http://{{ gateway_ip }}:8080/{{ cluster_pubkey_filename }}" -o /root/.ssh/authorized_keys
|
|
chmod 600 /root/.ssh/authorized_keys
|
|
|
|
# SELinux context is handled by 'selinux --disabled' above,
|
|
# but if SELinux were enabled, this would be essential:
|
|
# restorecon -R /root/.ssh
|
|
|
|
# 2. Download the Harmony Inventory Agent
|
|
echo " - Downloading harmony-inventory-agent..."
|
|
curl -sSL "http://{{ gateway_ip }}:8080/{{ harmony_inventory_agent }}" -o /usr/local/bin/harmony-inventory-agent
|
|
chmod +x /usr/local/bin/harmony-inventory-agent
|
|
|
|
# 3. Create a systemd service to run the agent persistently
|
|
echo " - Creating systemd service for the agent..."
|
|
cat > /etc/systemd/system/harmony-agent.service << EOF
|
|
[Unit]
|
|
Description=Harmony Inventory Agent
|
|
After=network-online.target
|
|
Wants=network-online.target
|
|
|
|
[Service]
|
|
ExecStart=/usr/local/bin/harmony-inventory-agent
|
|
Restart=always
|
|
RestartSec=5
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
EOF
|
|
|
|
# 4. Enable and start the service
|
|
echo " - Enabling and starting harmony-agent.service..."
|
|
systemctl daemon-reload
|
|
systemctl enable --now harmony-agent.service
|
|
|
|
echo "Harmony Kickstart: Post-boot script finished. The inventory agent is running."
|
|
|
|
curl localhost:8080/inventory | tee -a /tmp/harmony_inventory.json
|
|
|
|
%end
|
|
|
|
# Do not automatically reboot or poweroff.
|
|
# The machine should remain running for inventory scraping.
|