#!/bin/bash -xe #CACHEURL=http://172.22.0.1/images # Check and set http(s)_proxy. Required for cURL to use a proxy export http_proxy=${http_proxy:-$HTTP_PROXY} export https_proxy=${https_proxy:-$HTTPS_PROXY} export no_proxy=${no_proxy:-$NO_PROXY} if [ -d "/tmp/ironic-certificates" ]; then sha256sum /tmp/ironic-certificates/* > /tmp/certificates.sha256 if cmp "/shared/certificates.sha256" "/tmp/certificates.sha256"; then CERTS_CHANGED=0 else CERTS_CHANGED=1 fi fi # Which image should we use if [ -z "${IPA_BASEURI}" ]; then if cmp "/shared/images.sha256" "/tmp/images.sha256"; then if [ "${CERTS_CHANGED:-0}" = "0" ]; then # everything is the same exit early exit 0 fi fi IMAGE_CHANGED=1 # SLES BASED IPA - ironic-ipa-ramdisk-x86_64 and ironic-ipa-ramdisk-aarch64 packages mkdir -p /shared/html/images if [ -f /tmp/initrd-x86_64.zst ]; then cp /tmp/initrd-x86_64.zst /shared/html/images/ironic-python-agent-x86_64.initramfs cp /tmp/openstack-ironic-image.x86_64*.kernel /shared/html/images/ironic-python-agent-x86_64.kernel fi # Use arm64 as destination for iPXE compatibility if [ -f /tmp/initrd-aarch64.zst ]; then cp /tmp/initrd-aarch64.zst /shared/html/images/ironic-python-agent-arm64.initramfs cp /tmp/openstack-ironic-image.aarch64*.kernel /shared/html/images/ironic-python-agent-arm64.kernel fi cp /tmp/images.sha256 /shared/images.sha256 else FILENAME=ironic-python-agent FILENAME_EXT=.tar FFILENAME=$FILENAME$FILENAME_EXT mkdir -p /shared/html/images /shared/tmp cd /shared/html/images TMPDIR=$(mktemp -d -p /shared/tmp) # If we have a CACHEURL and nothing has yet been downloaded # get header info from the cache ls -l if [ -n "$CACHEURL" ] && [ ! -e $FFILENAME.headers ] ; then curl -g --verbose --fail -O "$CACHEURL/$FFILENAME.headers" || true fi # Download the most recent version of IPA if [ -e $FFILENAME.headers ] ; then ETAG=$(awk '/ETag:/ {print $2}' $FFILENAME.headers | tr -d "\r") cd "$TMPDIR" curl -g --verbose --dump-header $FFILENAME.headers -O "$IPA_BASEURI/$FFILENAME" --header "If-None-Match: $ETAG" || cp /shared/html/images/$FFILENAME.headers . # curl didn't download anything because we have the ETag already # but we don't have it in the images directory # Its in the cache, go get it ETAG=$(awk '/ETag:/ {print $2}' $FFILENAME.headers | tr -d "\"\r") if [ ! -s $FFILENAME ] && [ ! -e "/shared/html/images/$FILENAME-$ETAG/$FFILENAME" ] ; then mv /shared/html/images/$FFILENAME.headers . curl -g --verbose -O "$CACHEURL/$FILENAME-$ETAG/$FFILENAME" fi else cd "$TMPDIR" curl -g --verbose --dump-header $FFILENAME.headers -O "$IPA_BASEURI/$FFILENAME" fi if [ -s $FFILENAME ] ; then tar -xf $FFILENAME xz -d -c -k --fast $FILENAME.initramfs | zstd -c > $FILENAME.initramfs.zstd mv $FILENAME.initramfs.zstd $FILENAME.initramfs ARCH=$(file -b ${FILENAME}.kernel | cut -d ' ' -f 3) if [ "$ARCH" = "x86" ]; then ARCH="x86_64" fi ETAG=$(awk '/ETag:/ {print $2}' $FFILENAME.headers | tr -d "\"\r") cd - chmod 755 "$TMPDIR" mv "$TMPDIR" "$FILENAME-$ETAG" ln -sf "$FILENAME-$ETAG/$FFILENAME.headers" "$FFILENAME.headers" ln -sf "$FILENAME-$ETAG/$FILENAME.initramfs" "$FILENAME-${ARCH,,}.initramfs" ln -sf "$FILENAME-$ETAG/$FILENAME.kernel" "$FILENAME-${ARCH,,}.kernel" IMAGE_CHANGED=1 else rm -rf "$TMPDIR" fi fi if [ "${CERTS_CHANGED:-0}" = "1" ] || [ "${IMAGE_CHANGED:-0}" = "1" ]; then mkdir -p /tmp/ca/tmp-initrd && cd /tmp/ca/tmp-initrd mkdir -p etc/ironic-python-agent.d/ca-certs cp /tmp/ironic-certificates/* etc/ironic-python-agent.d/ca-certs/ for initramfs in /shared/html/images/ironic-python-agent-*.initramfs; do find . | cpio -o -H newc --reproducible | zstd -c >> "${initramfs}" done cp /tmp/certificates.sha256 /shared/certificates.sha256 fi