-# documentation for the values below may be found at
-# https://cloudinit.readthedocs.io/en/latest/topics/modules.html
-function create_userdata {
- name="$1"
- username="$2"
- password="$3"
- COMPUTE_NODE_FQDN="$name.akraino.icn.org"
-
- # validate that the user isn't expecting the deprecated
- # COMPUTE_NODE_PASSWORD to be used
- if [ "$password" != "${COMPUTE_NODE_PASSWORD:-$password}" ]; then
- cat <<EOF
-COMPUTE_NODE_PASSWORD "$COMPUTE_NODE_PASSWORD" not equal to nodes.json $name password "$password".
-Unset COMPUTE_NODE_PASSWORD and retry.
-EOF
- exit 1
- fi
-
- printf "#cloud-config\n" > $name-userdata.yaml
- if [ -n "$password" ]; then
- if [ -n "$username" ]; then
- passwd=$(mkpasswd --method=SHA-512 --rounds 4096 "$password")
- printf "users:" >> $name-userdata.yaml
- printf "\n - name: ""%s" "$username" >> $name-userdata.yaml
- printf "\n lock_passwd: False" >> $name-userdata.yaml # necessary to allow password login
- printf "\n passwd: ""%s" "$passwd" >> $name-userdata.yaml
- printf "\n sudo: \"ALL=(ALL) NOPASSWD:ALL\"" >> $name-userdata.yaml
- else
- printf "password: ""%s" "$password" >> $name-userdata.yaml
- fi
- printf "\nchpasswd: {expire: False}\n" >> $name-userdata.yaml
- printf "ssh_pwauth: True\n" >> $name-userdata.yaml
- fi
-
- if [ -n "$COMPUTE_NODE_FQDN" ]; then
- printf "fqdn: ""%s" "$COMPUTE_NODE_FQDN" >> $name-userdata.yaml
- printf "\n" >> $name-userdata.yaml
- fi
- printf "disable_root: false\n" >> $name-userdata.yaml
- printf "ssh_authorized_keys:\n - " >> $name-userdata.yaml
-
- if [ ! -f $HOME/.ssh/id_rsa.pub ]; then
- yes y | ssh-keygen -t rsa -N "" -f $HOME/.ssh/id_rsa
- fi
-
- cat $HOME/.ssh/id_rsa.pub >> $name-userdata.yaml
- cloud_init_scripts >> $name-userdata.yaml
- printf "\n" >> $name-userdata.yaml
-}
-
-create_networkdata() {
- name="$1"
- node_networkdata $name > $name-networkdata.json
-}
-
-function cloud_init_scripts {
- # set_dhcp_indentifier.sh:
- # The IP address assigned to the provisioning NIC will change
- # due to IPA using the MAC address as the client ID and systemd
- # using a different ID. Tell systemd to use the MAC as the
- # client ID. We can't do this in the network data as only the
- # JSON format is supported by metal3, and the JSON format does
- # not support the dhcp-identifier field.
- # set_kernel_cmdline.sh:
- # The "intel_iommu=on iommu=pt" kernel command line is necessary
- # for QAT support.
- cat << 'EOF'
-write_files:
-- path: /var/lib/cloud/scripts/per-instance/set_dhcp_identifier.sh
- owner: root:root
- permissions: '0777'
- content: |
- #!/usr/bin/env bash
- set -eux -o pipefail
- sed -i -e '/dhcp4: true$/!b' -e 'h;s/\S.*/dhcp-identifier: mac/;H;g' /etc/netplan/50-cloud-init.yaml
- netplan apply
-- path: /var/lib/cloud/scripts/per-instance/set_kernel_cmdline.sh
- owner: root:root
- permissions: '0777'
- content: |
- #!/usr/bin/env bash
- set -eux -o pipefail
- grub_file=${1:-"/etc/default/grub"}
- kernel_parameters="intel_iommu=on iommu=pt"
- sed -i~ "/^GRUB_CMDLINE_LINUX=/{h;s/\(=\".*\)\"/\1 ${kernel_parameters}\"/};\${x;/^$/{s//GRUB_CMDLINE_LINUX=\"${kernel_parameters}\"/;H};x}" "$grub_file"
- update-grub
- reboot
-EOF
-}
-
-function apply_userdata_credential {
- name="$1"
- cat <<EOF > ./$name-user-data-credential.yaml
-apiVersion: v1
-data:
- userData: $(base64 -w 0 $name-userdata.yaml)
-kind: Secret
-metadata:
- name: $name-user-data
- namespace: metal3
-type: Opaque
-EOF
- kubectl apply -n metal3 -f $name-user-data-credential.yaml
-}
-
-apply_networkdata_credential() {
- name="$1"
- cat <<EOF > ./$name-network-data-credential.yaml
-apiVersion: v1
-data:
- networkData: $(base64 -w 0 $name-networkdata.json)
-kind: Secret
-metadata:
- name: $name-network-data
- namespace: metal3
-type: Opaque
-EOF
- kubectl apply -n metal3 -f $name-network-data-credential.yaml
-}
-