From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id 58BF91FF15C for ; Wed, 13 Nov 2024 14:59:52 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 0869516ABF; Wed, 13 Nov 2024 14:59:53 +0100 (CET) From: Christoph Heiss To: pve-devel@lists.proxmox.com Date: Wed, 13 Nov 2024 14:59:06 +0100 Message-ID: <20241113135908.1622968-5-c.heiss@proxmox.com> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241113135908.1622968-1-c.heiss@proxmox.com> References: <20241113135908.1622968-1-c.heiss@proxmox.com> MIME-Version: 1.0 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.030 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pve-devel] [RFC PATCH installer 4/5] fix #5579: auto-installer: add optional first-boot hook script X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox VE development discussion Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" Users can specifying an optional file - either fetched from an URL or backed into the ISO - to execute on the first boot after the installation, using the 'proxmox-first-boot' oneshot service. Essentially adds an (optional) `[first-boot]` section to the answer file. If specified, the `source` key must be at least set, which gives the location of the hook script. Signed-off-by: Christoph Heiss --- proxmox-auto-installer/Cargo.toml | 2 +- proxmox-auto-installer/src/answer.rs | 27 ++++++++++++ .../src/bin/proxmox-auto-installer.rs | 42 +++++++++++++++++-- proxmox-auto-installer/src/utils.rs | 15 ++++++- 4 files changed, 80 insertions(+), 6 deletions(-) diff --git a/proxmox-auto-installer/Cargo.toml b/proxmox-auto-installer/Cargo.toml index 21ed538..7e3d90c 100644 --- a/proxmox-auto-installer/Cargo.toml +++ b/proxmox-auto-installer/Cargo.toml @@ -13,7 +13,7 @@ homepage = "https://www.proxmox.com" [dependencies] anyhow.workspace = true log.workspace = true -proxmox-installer-common.workspace = true +proxmox-installer-common = { workspace = true, features = ["http"] } serde = { workspace = true, features = ["derive"] } serde_json.workspace = true serde_plain.workspace = true diff --git a/proxmox-auto-installer/src/answer.rs b/proxmox-auto-installer/src/answer.rs index c23f1f3..23d6878 100644 --- a/proxmox-auto-installer/src/answer.rs +++ b/proxmox-auto-installer/src/answer.rs @@ -22,6 +22,8 @@ pub struct Answer { pub disks: Disks, #[serde(default)] pub posthook: Option, + #[serde(default)] + pub first_boot: Option, } impl Answer { @@ -62,6 +64,31 @@ pub struct PostNotificationHookInfo { pub cert_fingerprint: Option, } +/// Possible sources for the optional first-boot hook script/executable file. +#[derive(Clone, Deserialize, Debug, PartialEq)] +#[serde(rename_all = "kebab-case", deny_unknown_fields)] +pub enum FirstBootHookSourceMode { + /// Fetch the executable file from an URL, specified in the parent. + FromUrl, + /// The executable file has been baked into the ISO at a known location, + /// and should be retrieved from there. + FromIso, +} + +/// Describes from where to fetch the first-boot hook script, either being baked into the ISO or +/// from a URL. +#[derive(Clone, Deserialize, Debug)] +#[serde(rename_all = "kebab-case", deny_unknown_fields)] +pub struct FirstBootHookInfo { + /// Mode how to retrieve the first-boot executable file, either from an URL or from the ISO if + /// it has been baked-in. + pub source: FirstBootHookSourceMode, + /// Retrieve the post-install script from a URL, if source == "from-url". + pub url: Option, + /// SHA256 cert fingerprint if certificate pinning should be used, if source == "from-url". + pub cert_fingerprint: Option, +} + #[derive(Clone, Deserialize, Debug, Default, PartialEq)] #[serde(deny_unknown_fields)] enum NetworkConfigMode { diff --git a/proxmox-auto-installer/src/bin/proxmox-auto-installer.rs b/proxmox-auto-installer/src/bin/proxmox-auto-installer.rs index ea45c29..9d8a2e5 100644 --- a/proxmox-auto-installer/src/bin/proxmox-auto-installer.rs +++ b/proxmox-auto-installer/src/bin/proxmox-auto-installer.rs @@ -1,18 +1,22 @@ use anyhow::{bail, format_err, Result}; use log::{error, info, LevelFilter}; use std::{ - env, + env, fs, io::{BufRead, BufReader, Write}, path::PathBuf, process::ExitCode, }; -use proxmox_installer_common::setup::{ - installer_setup, read_json, spawn_low_level_installer, LocaleInfo, RuntimeInfo, SetupInfo, +use proxmox_installer_common::{ + http, + setup::{ + installer_setup, read_json, spawn_low_level_installer, LocaleInfo, RuntimeInfo, SetupInfo, + }, + FIRST_BOOT_EXEC_NAME, RUNTIME_DIR, }; use proxmox_auto_installer::{ - answer::Answer, + answer::{Answer, FirstBootHookInfo, FirstBootSourceMode}, log::AutoInstLogger, udevinfo::UdevInfo, utils::{parse_answer, LowLevelMessage}, @@ -27,6 +31,31 @@ pub fn init_log() -> Result<()> { .map_err(|err| format_err!(err)) } +fn setup_first_boot_executable(first_boot: &FirstBootHookInfo) -> Result<()> { + let content = match first_boot.source { + FirstBootSourceMode::FromUrl => { + if let Some(url) = &first_boot.url { + info!("Fetching first-boot hook from {url} .."); + Some(http::get(url, first_boot.cert_fingerprint.as_deref())?) + } else { + bail!("first-boot hook source set to URL, but none specified!"); + } + } + FirstBootSourceMode::FromIso => Some(fs::read_to_string(format!( + "/cdrom/{FIRST_BOOT_EXEC_NAME}" + ))?), + }; + + if let Some(content) = content { + Ok(fs::write( + format!("/{RUNTIME_DIR}/{FIRST_BOOT_EXEC_NAME}"), + content, + )?) + } else { + Ok(()) + } +} + fn auto_installer_setup(in_test_mode: bool) -> Result<(Answer, UdevInfo)> { let base_path = if in_test_mode { "./testdir" } else { "/" }; let mut path = PathBuf::from(base_path); @@ -43,6 +72,11 @@ fn auto_installer_setup(in_test_mode: bool) -> Result<(Answer, UdevInfo)> { }; let answer = Answer::try_from_reader(std::io::stdin().lock())?; + + if let Some(first_boot) = &answer.first_boot { + setup_first_boot_executable(first_boot)?; + } + Ok((answer, udev_info)) } diff --git a/proxmox-auto-installer/src/utils.rs b/proxmox-auto-installer/src/utils.rs index 83f3f12..25f537d 100644 --- a/proxmox-auto-installer/src/utils.rs +++ b/proxmox-auto-installer/src/utils.rs @@ -5,7 +5,7 @@ use log::info; use std::{collections::BTreeMap, process::Command}; use crate::{ - answer::{self, Answer}, + answer::{self, Answer, FirstBootSourceMode}, udevinfo::UdevInfo, }; use proxmox_installer_common::{ @@ -320,6 +320,18 @@ fn verify_email_and_root_password_settings(answer: &Answer) -> Result<()> { } } +fn verify_first_boot_settings(answer: &Answer) -> Result<()> { + info!("Verifying first boot settings"); + + if let Some(first_boot) = &answer.first_boot { + if first_boot.source == FirstBootSourceMode::FromUrl && first_boot.url.is_none() { + bail!("first-boot executable source set to URL, but none specified!"); + } + } + + Ok(()) +} + pub fn parse_answer( answer: &Answer, udev_info: &UdevInfo, @@ -336,6 +348,7 @@ pub fn parse_answer( verify_locale_settings(answer, locales)?; verify_email_and_root_password_settings(answer)?; + verify_first_boot_settings(answer)?; let mut config = InstallConfig { autoreboot: 1_usize, -- 2.47.0 _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel