Bare metal installer using Anaconda Kickstart

[jlelli]

I've been developing a proof of concept bare metal installer piggybacking Anaconda kickstart functionality.
It doesn't use almost any of the "core" Anaconda features, but it seems to do what it has to do.
Please have a look, @cgwalters and others.

#Kickstart
cmdline

lang en_US.UTF-8
keyboard us
timezone --utc America/New_York
####################################################
# Not used! Fool anaconda into thinking we actually
# set a root password.
rootpw  arandomone
#####################################################

####################################################
# This is again kind of useless, as we are going to
# dd the sys image anyway later.
####################################################
clearpart --all --drives=notexistent
autopart --nolvm

network --onboot yes --device ens3 --bootproto dhcp --noipv6

%pre --erroronfail --interpreter /bin/bash --log /tmp/ks.log
#!/bin/bash
##########################################################
# Defaults - edit these to tune the installation
##########################################################
IMG_SERVER_ADDRESS=192.168.1.xxx
DEST_DEV=/dev/sda
IMAGE_URL="http://${IMG_SERVER_ADDRESS}/os-img.img.gz"
#SIG_URL="http://${IMG_SERVER_ADDRESS}/os-img.img.gz.sha256sum"

###########################################################
# Hacks galore - kill shell window and show (our) logs
###########################################################
tmux kill-window -t anaconda:shell
tmux kill-window -t anaconda:log

touch /tmp/install.log

tmux new-window -d -n log "tail -F /tmp/install.log"
tmux select-window -t anaconda:log

echo "Installing System Image" >> /tmp/install.log
echo "-----------------------------------" >> /tmp/install.log

############################################################
#Get the image info
############################################################
let retry=0
while true
do
	echo "Getting image info from $IMAGE_URL" >> /tmp/install.log

	curl -sIf $IMAGE_URL >/tmp/image_info 2>&1
	RETCODE=$?
	if [ $RETCODE -ne 0 ]
	then
		if [ $RETCODE -eq 22 -a $retry -lt 5 ]
		then
			# Network isn't up yet, sleep for a sec and retry
			sleep 1
			let retry=$retry+1
			continue
		fi
		exit 1
	else
		IMAGE_SIZE=$(cat /tmp/image_info | awk '/.*Content-Length.*/ {print $2}' | tr -d $'\r')
		TMPFS_MBSIZE=$(($IMAGE_SIZE/(1024*1024)+50))
		echo "Image size is $IMAGE_SIZE" >> /tmp/debug
		echo "tmpfs sized to $TMPFS_MBSIZE MB" >> /tmp/debug
		break;
	fi
	rm -f /tmp/image_url
done

#########################################################
#Create the tmpfs filesystem to store the image
#########################################################
echo "Mounting tmpfs" >> /tmp/debug
mkdir -p /mnt/dl
mount -t tmpfs -o size=${TMPFS_MBSIZE}m tmpfs /mnt/dl

############################################################
#Figure out the signature file type
############################################################
echo "Getting SIG_URL $SIG_URL" >> /tmp/debug
curl -sIf $SIG_URL > /dev/null 2>&1
RETCODE=$?
if [ $RETCODE -ne 0 ]
then
	echo "$SIG_URL not found" >> /tmp/debug
	SIG_URL=$IMAGE_URL.sha256sum
	echo "Getting SIG_URL $SIG_URL" >> /tmp/debug
	curl -sI $SIG_URL > /dev/null 2>&1
	if [ $? -ne 0 ]
	then
		SIG_TYPE=none
	else
		SIG_TYPE=sha
	fi
else
	SIG_TYPE=gpg
fi

echo "SIGNATURE TYPE IS $SIG_TYPE" >> /tmp/debug

#########################################################
#And Get the Image
#########################################################
echo "Downloading install image" >> /tmp/install.log

curl -s -o /mnt/dl/imagefile.gz $IMAGE_URL
if [ $? -ne 0 ]
then
	exit 1
fi

#########################################################
#Get the corresponding signature file
#########################################################
echo "Getting signature $SIG_URL" >> /tmp/install.log
curl -s -o /mnt/dl/imagefile.gz.sig $SIG_URL
if [ $? -ne 0 ]
then
	exit 1
fi

#########################################################
#Validate the integrity of the image
#########################################################
if [ "$SIG_TYPE" != "none" ]
then
	if [ "$SIG_TYPE" == "gpg" ]
	then
		gpg --trusted-key "${GPG_LONG_ID}" --verify /mnt/dl/imagefile.gz.sig >/dev/null 2>&1
		if [ $? -ne 0 ]
		then
			exit 1
		fi
	elif [ "$SIG_TYPE" == "sha" ]
	then
		sed -i -e"s/$/\ \/mnt\/dl\/imagefile\.gz/" /mnt/dl/imagefile.gz.sig
		sha256sum -c /mnt/dl/imagefile.gz.sig
		if [ $? -ne 0 ]
		then
			exit 1
		fi
	else
		sleep 3
	fi
else
	sleep 3
fi

#########################################################
#Wipe any remaining disk labels
#########################################################
dd conv=nocreat count=1024 if=/dev/zero of="${DEST_DEV}" \
        seek=$(($(blockdev --getsz "${DEST_DEV}") - 1024)) status=none

#########################################################
#And Write the image to disk
#########################################################
echo "Writing disk image" >> /tmp/install.log
gzip -dc /mnt/dl/imagefile.gz | dd conv=nocreat of="${DEST_DEV}" bs=1M status=none
udevadm settle

echo "Install complete. Rebooting in 3 seconds..." >> /tmp/install.log
sleep 3
shutdown -r now

%end

[dustymabe]

thanks @jlelli - I added some thoughts to the open discussion in our high level issue tracker with input from this issue.

[cgwalters]

Thanks a ton for posting this!

One thing I think is advantageous about this is that I suspect a number of Red Hat customers will already have PXE setups with Anaconda and the ability to provide kickstarts - so this provides an effective "bridge" between that world and ours.

The thing that is going to require repeated explanation though is that while we're using kickstart files we're not really using Kickstart.

[dustymabe]

Considering #240 (comment) I'm going to close this out.