williamcaban · January 27, 2021 14:24
diff --git a/15-generate-big-iso.sh b/15-generate-big-iso.sh
 #!/bin/bash
 source ~/set-environment

 ADDING_NODES=${1:-"add-nodes"}
 USE_RENDERED=${2:-"true"}

 # path to rhcos-live iso
 export RHCOS_LIVE=~/images/rhcos-live.x86_64.iso

 if [ ! -f rhcos-live.x86_64.iso ]; then
  if [ -f ${RHCOS_LIVE} ]; then
    echo "Taking copy of live ISO"
    cp ${RHCOS_LIVE} .
  else
    echo "Can not fine live ISO on local directory or ${RHCOS_LIVE}"
    exit 1
  fi 
 fi

 show_usage(){
  echo -e "$0   [new|add-nodes][true|false]"
  echo -e "\t new: create Live ISO images for new deployment using UPI based ignition files"
  echo -e "\t add-nodes: create Live ISO image to add nodes out of rendered MCP or from existing UPI base ignition file"
  echo -e "\t add-nodes true : will use rendered ignition files from api-int (default behaviour)"
  echo -e "\t add-nodes false: will use UPI base ignition file"
 }

 COREOSINSTALLER="podman run --privileged --rm --env-host -v /dev:/dev -v /run/udev:/run/udev -v $PWD:/data -w /data quay.io/coreos/coreos-installer:release"

 generate_iso(){
  role=$1
  echo "Generating ISO image for $role"
  rm -f ./${CLUSTER_NAME}-$role.iso
  bash create-ign-for-live-iso.sh
  $COREOSINSTALLER iso ignition embed -fi iso.ign -o /data/${CLUSTER_NAME}-$role.iso rhcos-live.x86_64.iso
  cp -f ./${CLUSTER_NAME}-$role.iso /opt/nginx/html/${CLUSTER_NAME}-$role.iso
 }

 if [ $ADDING_NODES == "add-nodes" ]; then
  echo "Using 'add-nodes' flows"
  # If doing live ISOs for adding nodes to an existing control plane
  for MCP_NAME in ${MCP_RWN[*]}; do
    if [ $USE_RENDERED == "false" ]; then
      echo "Using existing worker.ign as base for new MCP"
      # Creating base Ign for MCPs
      sed "s/worker/${role}/g" ~/${CLUSTER_NAME}/worker.ign > config.ign
    else
      # Pulling rendered MCP
      echo "Using rendered MCP as source ignition file"
      curl -o preconfig.ign -H "Accept: application/vnd.coreos.ignition+json; version=3.1.0" -Lk https://api-int.${CLUSTER_NAME}.${BASE_DOMAIN}:22623/config/$MCP
      # Inject console password (unix1234)
      cat preconfig.ign | jq '.passwd.users[0] += {"passwordHash": "$1$f9F1p5ap$VIFGF2QHttm6xPeGMh/YA/"}' > config.ign
      generate_iso $MCP_NAME
    fi
  done
 elif [ $ADDING_NODES == "new" ]; then
  # If doing local profiles for new UPI install
  MCP_LIST=( bootstrap master worker )
  for MCP_NAME in ${MCP_LIST[*]}; do 
    cp ~/${CLUSTER_NAME}/${MCP_NAME}.ign config.ign
    generate_iso $MCP_NAME
  done
 else
  echo "Not a valid option"
  show_usage
  exit 1
 fi
diff --git a/create-ign-for-live-iso.sh b/create-ign-for-live-iso.sh
 #!/bin/bash

 SSH_KEY_PATH=~/.ssh/id_rsa.pub
 IGN_ISO_TEMPLATE=iso.ign.template
 IGN_ISO_OUTPUT=iso.ign
 IGN_NODE_CONFIG=config.ign
 LIVE_ISO_SCRIPT=live-iso.sh

 if [[ ! -f "$SSH_KEY_PATH" ]]; then
    echo "Missing ssh public key $SSH_KEY_PATH"
    exit 1
 fi

 if [[ ! -f "$IGN_ISO_TEMPLATE" ]]; then
    echo "Missing $IGN_ISO_TEMPLATE"
    exit 1
 fi

 if [[ -f "$IGN_NODE_CONFIG" ]]; then
    ignition_file=$(cat "$IGN_NODE_CONFIG" | base64 -w0)
 else
    echo "Missing $IGN_NODE_CONFIG"
    exit 1
 fi

 if [[ -f "$LIVE_ISO_SCRIPT" ]]; then
    iso_script=$(cat "$LIVE_ISO_SCRIPT" | base64 -w0)
 else
    echo "Missing $LIVE_ISO_SCRIPT"
    exit 1
 fi

 # Load SSH as valid JSON file and merge it
 SSH_KEY=$( echo "{'passwd':{'users':[{'name':'core','sshAuthorizedKeys':['$(cat ~/.ssh/id_rsa.pub)']}]}}" | sed 's/'\''/"/g' )
 cat iso.ign.template | jq -s ".[0] * $SSH_KEY" > $IGN_ISO_OUTPUT-ssh

 # Embed node ignition file (this procedure work around the size of rendered ign files)
 IGNITION_FILE=$ignition_file
 IGN_EMBED_JSON=$( echo "{'source':'data:text/plain;charset=utf-8;base64,$IGNITION_FILE'}" | sed 's/'\''/"/g'  )
 echo "
 {'storage': {
    'files':[     {
                'contents': {
                    'source': 'data:text/plain;charset=utf-8;base64,$IGNITION_FILE',
                    'verification': {}
                },
                'filesystem': 'root',
                'mode': 420,
                'overwrite': true,
                'path': '/root/config.ign'
            }
        ]
    }
 } " | sed 's/'\''/"/g' | jq -c . > foo.json 

 jq -s '.[0].storage.files[1]=.[1].storage.files[0] | .[0]' $IGN_ISO_OUTPUT-ssh foo.json | jq -c . > $IGN_ISO_OUTPUT-ign

 # embed ISO script (assuming small script, otherwise previous procedure required)
 ISO_SCRIPT=$iso_script
 sed "s/ISO_SCRIPT/$iso_script/g" $IGN_ISO_OUTPUT-ign >  $IGN_ISO_OUTPUT

 #
 # END OF FILE
 #
diff --git a/iso.ign.template b/iso.ign.template
 {
    "ignition": {
        "config": {},
        "version": "3.0.0"
    },
    "networkd": {},
    "passwd": {
        "users": [
            {
                "name": "core",
                "sshAuthorizedKeys": [
                    "$SSH_KEY"
                ],
                "passwordHash": "$1$f9F1p5ap$VIFGF2QHttm6xPeGMh/YA/"
            }
        ]
    },
    "storage": {
        "files": [
            {
                "contents": {
                    "source": "data:,auto-installer",
                    "verification": {}
                },
                "filesystem": "root",
                "mode": 420,
                "overwrite": true,
                "path": "/etc/hostname"
            },
            {
                "contents": {
                    "source": "data:text/plain;charset=utf-8;base64,IGNITION_FILE",
                    "verification": {}
                },
                "filesystem": "root",
                "mode": 420,
                "overwrite": true,
                "path": "/root/config.ign"
            },
            {
                "contents": {
                    "source": "data:text/plain;charset=utf-8;base64,ISO_SCRIPT",
                    "verification": {}
                },
                "filesystem": "root",
                "mode": 448,
                "path": "/usr/local/bin/first.sh"
            }
        ]
    },
    "systemd": {
        "units": [
            {
                "contents": "[Service]\nType=oneshot\nExecStart=/usr/local/bin/first.sh\n[Install]\nWantedBy=multi-user.target\n",
                "enabled": true,
                "name": "first-boot.service"
            }
        ]
    }
 }
diff --git a/live-iso.sh b/live-iso.sh
 #!/bin/bash
 firstboot_args='console=tty0 rd.neednet=1'
 #KERNEL_ARGS="ip=<node-ip>::<default-gw>:<mask>:<hostname>:<nic>:none:<dns>"

 # Remove any existing VGs and PVs
 for vg in $(vgs -o name --noheadings) ; do vgremove -y $vg ; done
 for pv in $(pvs -o name --noheadings) ; do pvremove -y $pv ; done

 if [ -b /dev/nvme2n1 ]; then
  install_device='/dev/nvme2n1'
 elif [ -b /dev/sdb ] && [ "$(lsblk /dev/sdb)" != "" ] ; then
  install_device='/dev/sdb'
 else
  # when prefered block device not detected
  # use the first block device
  first_block_dev=$(lsblk -lpdn -o NAME | head -n1)
  if [[ $first_block_dev ]]; then
    install_device=$first_block_dev
  else
    echo "Can't find block device for installation"
    exit 1
  fi
 fi

 #cmd="coreos-installer install --firstboot-args=\"${firstboot_args}\" --append-karg=\"${KERNEL_ARGS}\" --ignition=/root/config.ign ${install_device}"
 cmd="coreos-installer install --firstboot-args=\"${firstboot_args} ${KERNEL_ARGS}\" --ignition=/root/config.ign ${install_device}"
 bash -c "$cmd"
 if [ "$?" == "0" ] ; then
  echo "Install Succeeded!"
  reboot
 else
  echo "Install Failed!"
  exit 1
 fi
	#!/bin/bash
	source ~/set-environment

	ADDING_NODES=${1:-"add-nodes"}
	USE_RENDERED=${2:-"true"}

	# path to rhcos-live iso
	export RHCOS_LIVE=~/images/rhcos-live.x86_64.iso

	if [ ! -f rhcos-live.x86_64.iso ]; then
	if [ -f ${RHCOS_LIVE} ]; then
	echo "Taking copy of live ISO"
	cp ${RHCOS_LIVE} .
	else
	echo "Can not fine live ISO on local directory or ${RHCOS_LIVE}"
	exit 1
	fi
	fi

	show_usage(){
	echo -e "$0 [new\|add-nodes][true\|false]"
	echo -e "\t new: create Live ISO images for new deployment using UPI based ignition files"
	echo -e "\t add-nodes: create Live ISO image to add nodes out of rendered MCP or from existing UPI base ignition file"
	echo -e "\t add-nodes true : will use rendered ignition files from api-int (default behaviour)"
	echo -e "\t add-nodes false: will use UPI base ignition file"
	}

	COREOSINSTALLER="podman run --privileged --rm --env-host -v /dev:/dev -v /run/udev:/run/udev -v $PWD:/data -w /data quay.io/coreos/coreos-installer:release"

	generate_iso(){
	role=$1
	echo "Generating ISO image for $role"
	rm -f ./${CLUSTER_NAME}-$role.iso
	bash create-ign-for-live-iso.sh
	$COREOSINSTALLER iso ignition embed -fi iso.ign -o /data/${CLUSTER_NAME}-$role.iso rhcos-live.x86_64.iso
	cp -f ./${CLUSTER_NAME}-$role.iso /opt/nginx/html/${CLUSTER_NAME}-$role.iso
	}

	if [ $ADDING_NODES == "add-nodes" ]; then
	echo "Using 'add-nodes' flows"
	# If doing live ISOs for adding nodes to an existing control plane
	for MCP_NAME in ${MCP_RWN[*]}; do
	if [ $USE_RENDERED == "false" ]; then
	echo "Using existing worker.ign as base for new MCP"
	# Creating base Ign for MCPs
	sed "s/worker/${role}/g" ~/${CLUSTER_NAME}/worker.ign > config.ign
	else
	# Pulling rendered MCP
	echo "Using rendered MCP as source ignition file"
	curl -o preconfig.ign -H "Accept: application/vnd.coreos.ignition+json; version=3.1.0" -Lk https://api-int.${CLUSTER_NAME}.${BASE_DOMAIN}:22623/config/$MCP
	# Inject console password (unix1234)
	cat preconfig.ign \| jq '.passwd.users[0] += {"passwordHash": "$1$f9F1p5ap$VIFGF2QHttm6xPeGMh/YA/"}' > config.ign
	generate_iso $MCP_NAME
	fi
	done
	elif [ $ADDING_NODES == "new" ]; then
	# If doing local profiles for new UPI install
	MCP_LIST=( bootstrap master worker )
	for MCP_NAME in ${MCP_LIST[*]}; do
	cp ~/${CLUSTER_NAME}/${MCP_NAME}.ign config.ign
	generate_iso $MCP_NAME
	done
	else
	echo "Not a valid option"
	show_usage
	exit 1
	fi
	#!/bin/bash

	SSH_KEY_PATH=~/.ssh/id_rsa.pub
	IGN_ISO_TEMPLATE=iso.ign.template
	IGN_ISO_OUTPUT=iso.ign
	IGN_NODE_CONFIG=config.ign
	LIVE_ISO_SCRIPT=live-iso.sh

	if [[ ! -f "$SSH_KEY_PATH" ]]; then
	echo "Missing ssh public key $SSH_KEY_PATH"
	exit 1
	fi

	if [[ ! -f "$IGN_ISO_TEMPLATE" ]]; then
	echo "Missing $IGN_ISO_TEMPLATE"
	exit 1
	fi

	if [[ -f "$IGN_NODE_CONFIG" ]]; then
	ignition_file=$(cat "$IGN_NODE_CONFIG" \| base64 -w0)
	else
	echo "Missing $IGN_NODE_CONFIG"
	exit 1
	fi

	if [[ -f "$LIVE_ISO_SCRIPT" ]]; then
	iso_script=$(cat "$LIVE_ISO_SCRIPT" \| base64 -w0)
	else
	echo "Missing $LIVE_ISO_SCRIPT"
	exit 1
	fi

	# Load SSH as valid JSON file and merge it
	SSH_KEY=$( echo "{'passwd':{'users':[{'name':'core','sshAuthorizedKeys':['$(cat ~/.ssh/id_rsa.pub)']}]}}" \| sed 's/'\''/"/g' )
	cat iso.ign.template \| jq -s ".[0] * $SSH_KEY" > $IGN_ISO_OUTPUT-ssh

	# Embed node ignition file (this procedure work around the size of rendered ign files)
	IGNITION_FILE=$ignition_file
	IGN_EMBED_JSON=$( echo "{'source':'data:text/plain;charset=utf-8;base64,$IGNITION_FILE'}" \| sed 's/'\''/"/g' )
	echo "
	{'storage': {
	'files':[ {
	'contents': {
	'source': 'data:text/plain;charset=utf-8;base64,$IGNITION_FILE',
	'verification': {}
	},
	'filesystem': 'root',
	'mode': 420,
	'overwrite': true,
	'path': '/root/config.ign'
	}
	]
	}
	} " \| sed 's/'\''/"/g' \| jq -c . > foo.json

	jq -s '.[0].storage.files[1]=.[1].storage.files[0] \| .[0]' $IGN_ISO_OUTPUT-ssh foo.json \| jq -c . > $IGN_ISO_OUTPUT-ign

	# embed ISO script (assuming small script, otherwise previous procedure required)
	ISO_SCRIPT=$iso_script
	sed "s/ISO_SCRIPT/$iso_script/g" $IGN_ISO_OUTPUT-ign > $IGN_ISO_OUTPUT

	#
	# END OF FILE
	#
	{
	"ignition": {
	"config": {},
	"version": "3.0.0"
	},
	"networkd": {},
	"passwd": {
	"users": [
	{
	"name": "core",
	"sshAuthorizedKeys": [
	"$SSH_KEY"
	],
	"passwordHash": "$1$f9F1p5ap$VIFGF2QHttm6xPeGMh/YA/"
	}
	]
	},
	"storage": {
	"files": [
	{
	"contents": {
	"source": "data:,auto-installer",
	"verification": {}
	},
	"filesystem": "root",
	"mode": 420,
	"overwrite": true,
	"path": "/etc/hostname"
	},
	{
	"contents": {
	"source": "data:text/plain;charset=utf-8;base64,IGNITION_FILE",
	"verification": {}
	},
	"filesystem": "root",
	"mode": 420,
	"overwrite": true,
	"path": "/root/config.ign"
	},
	{
	"contents": {
	"source": "data:text/plain;charset=utf-8;base64,ISO_SCRIPT",
	"verification": {}
	},
	"filesystem": "root",
	"mode": 448,
	"path": "/usr/local/bin/first.sh"
	}
	]
	},
	"systemd": {
	"units": [
	{
	"contents": "[Service]\nType=oneshot\nExecStart=/usr/local/bin/first.sh\n[Install]\nWantedBy=multi-user.target\n",
	"enabled": true,
	"name": "first-boot.service"
	}
	]
	}
	}
	#!/bin/bash
	firstboot_args='console=tty0 rd.neednet=1'
	#KERNEL_ARGS="ip=<node-ip>::<default-gw>:<mask>:<hostname>:<nic>:none:<dns>"

	# Remove any existing VGs and PVs
	for vg in $(vgs -o name --noheadings) ; do vgremove -y $vg ; done
	for pv in $(pvs -o name --noheadings) ; do pvremove -y $pv ; done

	if [ -b /dev/nvme2n1 ]; then
	install_device='/dev/nvme2n1'
	elif [ -b /dev/sdb ] && [ "$(lsblk /dev/sdb)" != "" ] ; then
	install_device='/dev/sdb'
	else
	# when prefered block device not detected
	# use the first block device
	first_block_dev=$(lsblk -lpdn -o NAME \| head -n1)
	if [[ $first_block_dev ]]; then
	install_device=$first_block_dev
	else
	echo "Can't find block device for installation"
	exit 1
	fi
	fi

	#cmd="coreos-installer install --firstboot-args=\"${firstboot_args}\" --append-karg=\"${KERNEL_ARGS}\" --ignition=/root/config.ign ${install_device}"
	cmd="coreos-installer install --firstboot-args=\"${firstboot_args} ${KERNEL_ARGS}\" --ignition=/root/config.ign ${install_device}"
	bash -c "$cmd"
	if [ "$?" == "0" ] ; then
	echo "Install Succeeded!"
	reboot
	else
	echo "Install Failed!"
	exit 1
	fi