#!/bin/sh

set -e
set -x

if ! [ -r /etc/openstack-cluster-installer/openstack-cluster-installer.conf ] ; then
	echo "Could not load /etc/openstack-cluster-installer/openstack-cluster-installer.conf"
	echo "Copy it from your OCI install if you're trying to build a foreign arch live image."
	exit 1
else
	TMPFILE=$(mktemp -t openstack-cluster-installer.XXXXXX)
	cat /etc/openstack-cluster-installer/openstack-cluster-installer.conf | grep -v '^\[' >${TMPFILE}
	. ${TMPFILE}
	rm ${TMPFILE}
fi

if [ -x ./openstack-cluster-installer-build-live-image-clean ] ; then
	./openstack-cluster-installer-build-live-image-clean
else
	openstack-cluster-installer-build-live-image-clean
fi

if ! [ -r /usr/share/openstack-pkg-tools/pkgos_func ] ; then
	echo "Could not read /usr/share/openstack-pkg-tools/pkgos_func."
	exit 1
fi
. /usr/share/openstack-pkg-tools/pkgos_func

ARCH=$(uname -m)

for i in $@ ; do
	case "${1}" in
	"--pxe-server-ip")
		if [ -z "${2}" ] ; then echo "Parameter for option --pxe-server-ip is missing" > /dev/stderr ; DO_EXIT="yes" ; fi
		OTCI_PXE_SERVER_IP=${2}
		shift
		shift
		;;
	"--debian-mirror-addr")
		if [ -z "${2}" ] ; then echo "Parameter for option --debian-mirror-addr is missing" > /dev/stderr ; DO_EXIT="yes" ; fi
		OTCI_DEB_MIRROR_ADDR=${2}
		shift
		shift
		;;
	"--debian-security-mirror-addr")
		if [ -z "${2}" ] ; then echo "Parameter for option --debian-mirror-addr is missing" > /dev/stderr ; DO_EXIT="yes" ; fi
		OTCI_DEB_SECURITY_MIRROR_ADDR=${2}
		shift
		shift
	;;
	*)
		;;
	esac
done

if [ -z "${OTCI_PXE_SERVER_IP}" ] ; then
	DEFROUTE_IF=`awk '{ if ( $2 == "00000000" ) print $1 }' /proc/net/route`
	if [ -n "${DEFROUTE_IF}" ] ; then
		if [ -x /bin/ip ] ; then
			DEFROUTE_IP=`LC_ALL=C ip addr show "${DEFROUTE_IF}" | grep inet | head -n 1 | awk '{print $2}' | cut -d/ -f1 | grep -E '^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$'`
		else
			DEFROUTE_IP=`hostname -i | grep -E '^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$'`
		fi
	fi
	if [ -n "${DEFROUTE_IP}" ] ; then
		OTCI_PXE_SERVER_IP=${DEFROUTE_IP}
	else
		OTCI_PXE_SERVER_IP=$(ipcalc ${OPENSTACK_CLUSTER_NETWORK} | grep HostMin | awk '{print $2}')
	fi
        echo "No --pxe-server-ip given, using ${OTCI_PXE_SERVER_IP} as default." > /dev/stderr
        OTCI_PXE_SERVER_IP=${OTCI_PXE_SERVER_IP}
fi

if [ -z "${OTCI_DEB_MIRROR_ADDR}" ] ; then
	echo "No Debian mirror address given, using ${debian_mirror} as default."
	OTCI_DEB_MIRROR_ADDR=${debian_mirror}
fi
if [ -z "${OTCI_DEB_SECURITY_MIRROR_ADDR}" ] ; then
	echo "No security mriror address given, using ${debian_security_mirror} as default."
	OTCI_DEB_SECURITY_MIRROR_ADDR=${debian_security_mirror}
fi

if [ "${DO_EXIT}" = "yes" ] ; then
	echo "Parameters not validated: will exit now!" > /dev/stderr
	echo "Example call: $0 --pxe-server-ip ${OTCI_PXE_SERVER_IP} --debian-mirror-addr http://${OTCI_PXE_SERVER_IP}:9999/debian" > /dev/stderr
	exit 1
fi

##################################################################
### Create the SSH root ca for signing the live image host key ###
##################################################################
# Create the ssh CA key, which we push into the image, so the
# image can sign host keys on boot. This isn't very safe to do
# that, but that's still safer than randomly trusting SSH host keys
# of new machines.
mkdir -p /etc/openstack-cluster-installer/live-image-ssh-host-key
if ! [ -e /etc/openstack-cluster-installer/live-image-ssh-host-key/ca ] ; then
	ssh-keygen -P '' -f /etc/openstack-cluster-installer/live-image-ssh-host-key/ca
fi
# Make sure that the ca.pub is in OCI's /etc/ssh/ssh_known_hosts
CA_PUBKEY_CONTENT=$(cat /etc/openstack-cluster-installer/live-image-ssh-host-key/ca.pub)
if ! grep -q "${CA_PUBKEY_CONTENT}" /etc/ssh/ssh_known_hosts ] ; then
	echo "@cert-authority * ${CA_PUBKEY_CONTENT}" >>/etc/ssh/ssh_known_hosts
fi
# Push the CA key-pair in the live image, so that it can be used
# to sign the host key at boot time.
mkdir -p config/includes.chroot/root/ssh-ca
cp /etc/openstack-cluster-installer/live-image-ssh-host-key/ca config/includes.chroot/root/ssh-ca
cp /etc/openstack-cluster-installer/live-image-ssh-host-key/ca.pub config/includes.chroot/root/ssh-ca

########################################################
### Manage the ssh authorized_keys of the live image ###
########################################################
if [ -e /etc/openstack-cluster-installer/id_rsa.pub ] ; then
	echo "Will use existing /etc/openstack-cluster-installer/id_rsa.pub file"
else
	echo "No ssh key found, generating one"
	ssh-keygen -b 4096 -t rsa -f /etc/openstack-cluster-installer/id_rsa -q -N ""
fi
# If there's no /etc/openstack-cluster-installer/authorized_keys, then
# we create one with the OCI public key, and what's already in
# /root/.ssh/authorized_keys
if ! [ -e /etc/openstack-cluster-installer/authorized_keys ] ; then
	cat /etc/openstack-cluster-installer/id_rsa.pub >/etc/openstack-cluster-installer/authorized_keys
	if [ -e /root/.ssh/authorized_keys ] ; then
		cat /root/.ssh/authorized_keys >>/etc/openstack-cluster-installer/authorized_keys
	fi
	chown www-data:www-data /etc/openstack-cluster-installer/id_rsa*
fi


# Copy the configured /root/.ssh/authorized_keys in the live image
mkdir -p config/includes.chroot/root/.ssh/
chmod 700 config/includes.chroot/root/.ssh/
cp /etc/openstack-cluster-installer/authorized_keys config/includes.chroot/root/.ssh/authorized_keys
chmod 600 config/includes.chroot/root/.ssh/authorized_keys

#######################################################
### Configure the default Debian repos in the image ###
#######################################################
# Add our repository with updated openstack-debian-images and lshw
mkdir -p config/archives/
if [ "${use_debian_dot_net_backport}" = "yes" ] ; then
	if [ "${ARCH}" != "aarch64" ] ; then
		echo "deb http://${debian_release}-${openstack_release}.debian.net/debian ${debian_release}-${openstack_release}-backports main
deb http://${debian_release}-${openstack_release}.debian.net/debian ${debian_release}-${openstack_release}-backports-nochange main
" >config/archives/${debian_release}-${openstack_release}.list.chroot
		echo "deb http://${debian_release}-${openstack_release}.debian.net/debian ${debian_release}-${openstack_release}-backports main
deb http://${debian_release}-${openstack_release}.debian.net/debian ${debian_release}-${openstack_release}-backports-nochange main
" >config/archives/${debian_release}-${openstack_release}.list.binary
		cp /etc/openstack-cluster-installer/oci-repository-key.asc config/archives/${debian_release}-${openstack_release}.key.chroot
		cp /etc/openstack-cluster-installer/oci-repository-key.asc config/archives/${debian_release}-${openstack_release}.key.binary

		mkdir -p config/includes.chroot/etc/apt/sources.list.d
		echo "deb http://${debian_release}-${openstack_release}.debian.net/debian ${debian_release}-${openstack_release}-backports main
deb http://${debian_release}-${openstack_release}.debian.net/debian ${debian_release}-${openstack_release}-backports-nochange main
" >config/includes.chroot/etc/apt/sources.list.d/${debian_release}-${openstack_release}.list
	else
		# arm64 stuff are hosted only os osbpo.debian.net
		echo "deb http://osbpo.debian.net/debian ${debian_release}-${openstack_release}-backports main
deb http://osbpo.debian.net/debian ${debian_release}-${openstack_release}-backports-nochange main
" >config/archives/${debian_release}-${openstack_release}.list.chroot
		echo "deb http://osbpo.debian.net/debian ${debian_release}-${openstack_release}-backports main
deb http://osbpo.debian.net/debian ${debian_release}-${openstack_release}-backports-nochange main
" >config/archives/${debian_release}-${openstack_release}.list.binary
		cp /etc/openstack-cluster-installer/oci-repository-key.asc config/archives/${debian_release}-${openstack_release}.key.chroot
		cp /etc/openstack-cluster-installer/oci-repository-key.asc config/archives/${debian_release}-${openstack_release}.key.binary

		mkdir -p config/includes.chroot/etc/apt/sources.list.d
		echo "deb http://osbpo.debian.net/debian ${debian_release}-${openstack_release}-backports main
deb http://osbpo.debian.net/debian ${debian_release}-${openstack_release}-backports-nochange main
" >config/includes.chroot/etc/apt/sources.list.d/${debian_release}-${openstack_release}.list
	fi
fi

if [ "${debian_release}" = "stretch" ] || [ "${debian_release}" = "buster" ] || [ "${debian_release}" = "bullseye" ] ; then
	NON_FREE_SUITES="contrib non-free"
else
	NON_FREE_SUITES="contrib non-free non-free-firmware"
fi

echo "deb ${OTCI_DEB_MIRROR_ADDR} ${debian_release} ${NON_FREE_SUITES}
deb-src ${OTCI_DEB_MIRROR_ADDR} ${debian_release} ${NON_FREE_SUITES}
" >config/archives/contrib-non-free.list.chroot

echo "deb ${OTCI_DEB_MIRROR_ADDR} ${debian_release} ${NON_FREE_SUITES}
deb-src ${OTCI_DEB_MIRROR_ADDR} ${debian_release} ${NON_FREE_SUITES}
" >config/archives/contrib-non-free.list.binary

if [ "${live_image_setup_backports_repo}" = "yes" ] ; then
	if [ "${live_image_setup_nonfree_repo}" = "yes" ] ; then
		BPO_NON_FREE_ADDME=" contrib non-free"
	else
		BPO_NON_FREE_ADDME=""
	fi
	if echo $debian_archived_backports_list | grep -q ${debian_release} ; then
		my_backport_repo_url=$debian_archive_mirror
	else
		my_backport_repo_url=${OTCI_DEB_MIRROR_ADDR}
	fi
	echo "deb ${my_backport_repo_url} ${debian_release}-backports main${BPO_NON_FREE_ADDME}
deb-src ${my_backport_repo_url} ${debian_release}-backports main${BPO_NON_FREE_ADDME}
" >config/archives/debian-backports.list.chroot
	echo "deb ${my_backport_repo_url} ${debian_release}-backports main${BPO_NON_FREE_ADDME}
deb-src ${my_backport_repo_url} ${debian_release}-backports main${BPO_NON_FREE_ADDME}
" >config/archives/debian-backports.list.binary

	if [ "${live_image_setup_nonfree_repo}" = "yes" ] && [ "${live_image_install_nonfree_firmware_from_backports}" = "yes" ] ; then
		mkdir -p config/hooks/live
		echo "#!/bin/sh
set -e

apt-get update
apt-get install -t ${debian_release}-backports -y ${live_image_install_firmware_from_backports_list} || true
# Fallsback to non-backport if the pacakge is not available
apt-get install -y ${live_image_install_firmware_from_backports_list} || true
" >config/hooks/live/install-nonfree-firmware-from-backports.hook.chroot
		chmod +x config/hooks/live/install-nonfree-firmware-from-backports.hook.chroot
		cp config/hooks/live/install-nonfree-firmware-from-backports.hook.chroot config/hooks/live/install-nonfree-firmware-from-backports.hook.binary
	fi
	if [ "${live_image_install_kernel_from_backports}" = "yes" ] ; then
		mkdir -p config/hooks/live
		echo "#!/bin/sh
set -e

apt-get update
apt-get install -t ${debian_release}-backports -y linux-image-amd64 || true
" >config/hooks/live/install-kernel-from-backports.hook.chroot
		chmod +x config/hooks/live/install-kernel-from-backports.hook.chroot
		cp config/hooks/live/install-kernel-from-backports.hook.chroot config/hooks/live/install-kernel-from-backports.hook.binary
	fi
fi

if [ "${install_buildd_incoming}" = "yes" ] ; then
        echo "deb ${debian_incoming_buildd} buildd-sid main
deb-src ${debian_incoming_buildd} buildd-sid main
" >config/archives/incoming-buildd.list.chroot
        echo "deb ${debian_incoming_buildd} buildd-sid main
deb-src ${debian_incoming_buildd} buildd-sid main
" >config/archives/incoming-buildd.list.binary
fi

# Install keyring, if configured
if [ -n "${debian_keyring_package}" ]; then
	cd config/archives
	apt-get download ${debian_keyring_package}
	cd ../..
fi

# Add the IP of the PXE server in a configuration file
# for later use during the install process
mkdir -p config/includes.chroot/etc/oci
echo ${OTCI_PXE_SERVER_IP} >config/includes.chroot/etc/oci/pxe-server-ip

echo ${openstack_release} >config/includes.chroot/etc/oci_openstack_release
echo ${debian_release} >config/includes.chroot/etc/oci_debian_release
echo ${use_debian_dot_net_backport} >config/includes.chroot/etc/oci_use_debian_dot_net_backport
echo ${use_debian_official_backports} >config/includes.chroot/etc/oci_use_debian_official_backports
echo ${debian_archive_mirror} >config/includes.chroot/etc/oci_debian_archive_mirror
echo ${debian_archived_backports_list} >config/includes.chroot/etc/oci_debian_archived_backports_list
echo ${install_buildd_incoming} >config/includes.chroot/etc/oci_use_incoming_build
echo ${debian_incoming_buildd} >config/includes.chroot/etc/oci_incoming_buildd_url
echo ${OTCI_DEB_MIRROR_ADDR} >config/includes.chroot/etc/oci_debian_mirror

# Ceph backport stuff
echo ${install_ceph_upstream_repo} >config/includes.chroot/etc/oci_install_ceph_upstream_repo
echo ${debian_mirror_ceph} >config/includes.chroot/etc/oci_debian_mirror_ceph
echo ${pin_ceph_from_stable_backports} >config/includes.chroot/etc/oci_ceph_from_stable_backports
echo ${ceph_use_osbpo} >config/includes.chroot/etc/oci_ceph_use_osbpo
echo ${ceph_osbpo_release} >config/includes.chroot/etc/oci_ceph_osbpo_release

echo ${production_system_setup_backports_repo} >config/includes.chroot/etc/oci/production_system_setup_backports_repo
echo ${production_system_setup_nonfree_repo} >config/includes.chroot/etc/oci/production_system_setup_nonfree_repo
echo ${production_system_install_nonfree_firmware_from_backports} >config/includes.chroot/etc/oci/production_system_install_nonfree_firmware_from_backports
echo ${production_system_install_firmware_from_backports_list} >config/includes.chroot/etc/oci/production_system_install_firmware_from_backports_list

############################################################
### Customize the PXE Linux splash screen with OCI's svg ###
############################################################
cp -auxf /usr/share/live/build/bootloaders config/
cp /usr/share/openstack-cluster-installer/splash.svg config/bootloaders/extlinux
cp /usr/share/openstack-cluster-installer/splash.svg config/bootloaders/grub-legacy
cp /usr/share/openstack-cluster-installer/splash.svg config/bootloaders/grub-pc
cp /usr/share/openstack-cluster-installer/splash.svg config/bootloaders/isolinux
cp /usr/share/openstack-cluster-installer/splash.svg config/bootloaders/pxelinux
cp /usr/share/openstack-cluster-installer/splash.svg config/bootloaders/syslinux

# Customize root and user ~/.screenrc
mkdir -p config/includes.chroot/root
echo "startup_message off
defscrollback 5000
caption always \"%{= kw}%-w%{= BW}%n %t%{-}%+w %-= @%H  -  %d.%m.%Y  - %c\"
termcapinfo xterm 'Co#256:AB=\E[48;5;%dm:AF=\E[38;5;%dm'
defbce on
term screen-256color
termcapinfo konsole-256color ti@:te@" >config/includes.chroot/root/.screenrc

mkdir -p config/includes.chroot/home/user
echo "startup_message off
defscrollback 5000
caption always \"%{= kw}%-w%{= BW}%n %t%{-}%+w %-= @%H  -  %d.%m.%Y  - %c\"
termcapinfo xterm 'Co#256:AB=\E[48;5;%dm:AF=\E[38;5;%dm'
defbce on
term screen-256color
termcapinfo konsole-256color ti@:te@" >config/includes.chroot/home/user/.screenrc

# and /root/.bashrc and /home/user/.bashrc
echo "# ~/.bashrc: executed by bash(1) for non-login shells.

export LS_OPTIONS='--color=auto'
eval \"\$(dircolors)\"
alias ls='ls \${LS_OPTIONS}'

SYSTEM_SERIAL_NUM=\$(oci-system-serial)

  BLUE=\"\\[\\033[1;34m\\]\"
 LGRAY=\"\\[\\033[0;37m\\]\"
NO_COL=\"\\[\\033[0m\\]\"
 LBLUE=\"\\[\\033[1;36m\\]\"
   RED=\"\\[\\033[1;31m\\]\"

export PS1=\${RED}'\\u'\${LGRAY}@\${BLUE}\${SYSTEM_SERIAL_NUM}\${LGRAY}'>_'\${NO_COL}' \\w # '

alias ssh='ssh -A -X'

if [ -f /etc/bash_completion ]; then
	. /etc/bash_completion
fi

export PAGER=most
" > config/includes.chroot/root/.bashrc

echo "HISTCONTROL=ignoreboth
shopt -s histappend
HISTSIZE=1000
HISTFILESIZE=2000
shopt -s checkwinsize

export LS_OPTIONS='--color=auto'
eval \"\$(dircolors)\"
alias ls='ls \${LS_OPTIONS}'

SYSTEM_SERIAL_NUM=\$(cat /etc/oci/system_serial_num)

  BLUE=\"\\[\\033[1;34m\\]\"
 LGRAY=\"\\[\\033[0;37m\\]\"
NO_COL=\"\\[\\033[0m\\]\"
 LBLUE=\"\\[\\033[1;36m\\]\"
   RED=\"\\[\\033[1;31m\\]\"
 GREEN=\"\\[\\033[1;32m\\]\"
export PS1=\${GREEN}'\\u'\${LGRAY}@\${BLUE}\${SYSTEM_SERIAL_NUM}\${LGRAY}'>_'\${NO_COL}' \\w # '
export PAGER=most
" >config/includes.chroot/home/user/.bashrc

mkdir -p config/includes.chroot/etc/network
echo "auto lo
iface lo inet loopback

auto eth0
iface eth0 inet dhcp" >config/includes.chroot/etc/network/interfaces

###############################
### Live image package list ###
###############################
mkdir -p config/package-lists
echo "bash-completion
bc
bind9-host
curl
dmidecode
debootstrap
dosfstools
firmware-linux-free
firmware-misc-nonfree
gnupg2
ipcalc
ipmitool
iproute2
joe
jq
kbd
kpartx
lldpd
less
lshw
lvm2
mbr
mdadm
most
net-tools
nmap
openssh-server
openssh-client
openstack-cluster-installer-agent
openstack-debian-images
openstack-pkg-tools
parted
pciutils
plymouth
qemu-utils
screen
syslinux-common
tcpdump
util-linux
vim
wget
xfsprogs" > config/package-lists/openstack.list.chroot

if [ "${ARCH}" != "aarch64" ] ; then
	echo "
extlinux
firmware-bnx2
firmware-bnx2x
firmware-qlogic
ilorest
" >> config/package-lists/openstack.list.chroot
fi

##################################
### Lenovo OneCli installation ###
##################################
pkgos_inifile get /etc/openstack-cluster-installer/openstack-cluster-installer.conf onecli live_image_install_onecli
LIVE_IMAGE_INSTALL_ONECLI=$RET
if [ "${LIVE_IMAGE_INSTALL_ONECLI}" = "yes" ] && [ "${ARCH}" != "aarch64" ] ; then
	mkdir -p config/archives
	# This is infomanial's own custom (reprepro) repository
	echo "-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1

mQINBFdVSl8BEADReopiCpFyJOHNu2xW/tnTDanHQOIvMiWdVZVS8pUcQVhmyQ53
Wkwf/R/tUabqCmR8up/mf/rCENbEc43tEb7cuuOFbXYocDmwuxUrhOW3APfpgMJL
1GPjeMywBQUs8VuJReu3ZchJiROWC1RuOTpVfREuY9DyRbTTqYvXyvwqGIfq+fP4
CY3oq/PN1PlqsqTfP58ENFMlW9BHje0Za1Ruwi/mI0yc5gNSYjFjstag77MQOIFv
J9M+hgevMN0qHPDc2DiRmT2hsQ1rZah8G2LfzxbQxjSKifJZ2Jfcrpys6gLAOC9O
6JAs86qqnhd59Pl+MdDsOcKQDFkFWpZJk4KadrJzDGa9XoZusVxfGPt0vbAPx/UW
Q56jiVUSFoHeX2VVAJu5AhoMWz+k3YaWV37SAyF4oceVh2Um7G/NM+isXqG+8iN7
UuqV9AiTWydnNGf0oYwBBmEZXIXqRhfIJZVv99qfRnjEHvxD2kgYGk+GWOSym2Ap
FOERQUdSh2N8DT52JlrwR4zYbHEBf6+E3WY47oWCUtyCr4OyePCbX9ShmlhHsEnS
YpdmgtOU1NfMAN7xgByXgLxl28s6F0IXsRPdUauekMCqJxVfboxN81WQOOmuqLGS
qUgCr1M/1BlQDxbTfJQ4QtOFLarcf2pfx3Y15BRzSoEq/5Ll3DAUKUep3QARAQAB
tD1JbmZvbWFuaWFrIEFyY2hpdmUgQXV0b21hdGljIFNpZ25pbmcgS2V5IDxhcHRA
aW5mb21hbmlhay5jb20+iQI+BBMBCAAoAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIe
AQIXgAUCZl2BrwUJEsqeOwAKCRAo1l7/kzHEiVBYD/0e29tSqbQhkQmRcaYIRo/9
IPIdXmybvY0FxPDMvlrF2pBMbt9GNII05Ry0PZT4Dxn+bSc1rd8OSC1yC+JNzU+i
JDIwPEkG4pn+1JQm92S7zv8w+1oP3FokVnMcn0eQG7ydfYfKNf4ejs+y9c3ySpjl
37d6N1WXgp6NQwxOtpyOXalCjJZwdaMQCE776SGyt0GljrXOsX+NX2KgcjqTbP/S
uHGzYYZFtCLopFWANQl7rJEyR1sJP22O+lPEMaLmr2SteDSb86v9Bdk3vJsad1dY
YhqzF3v6TKmOZJlmpWoBN1Dn81qZn2HvIfPYfpica4KthoYeSQKk0OiyqH1lP1ae
2VnXAqgR16Y7H/8W9B4mu7Ru0OPQRETx+8O+FeYbKjwEeVoxYMbhEuuZeRAAI4Q7
5MQRLqYUwCy8vaknASaQQq2JVq7kDLIkBO+jGYoLb3rZxaPvoTRZbgnFVwbeHVzj
xLDyc5gYxwRxrzAm7lgw8LXC2Ud+DxxC5+tOZsmqHZe5nk9fepx/nbd1gJoTMktr
HeO7egYMLc+UK4A6vsmJyCXk7bu+ESYhaDUQG6cpc02+H4En9SYXQFawZvlBynh0
V6+fCvZSbOkD2VtsYIOld+6w87Tp7XpqxIG28tM++7S4bLKvL8GTpehqJ12F9Okx
Le8vV2BUt/Mm2vtOPeATyA==
=U0Ko
-----END PGP PUBLIC KEY BLOCK-----" >config/archives/onecli.key.chroot

	pkgos_inifile get /etc/openstack-cluster-installer/openstack-cluster-installer.conf onecli onecli_repo
	ONECLI_REPO=$RET
	pkgos_inifile get /etc/openstack-cluster-installer/openstack-cluster-installer.conf onecli onecli_force_debian_suite
	ONECLI_FORCE_DEBIAN_SUITE=$RET
	if [ "${ONECLI_FORCE_DEBIAN_SUITE}" = "yes" ] ; then
		pkgos_inifile get /etc/openstack-cluster-installer/openstack-cluster-installer.conf onecli onecli_debian_suite
		ONECLI_DEBIAN_SUITE=$RET
	else
		ONECLI_DEBIAN_SUITE=${debian_release}
	fi
	echo "deb ${ONECLI_REPO} ${ONECLI_DEBIAN_SUITE} main" >config/archives/onecli.list.chroot
	echo "deb ${ONECLI_REPO} ${ONECLI_DEBIAN_SUITE} main" >config/archives/onecli.list.binary
	echo "onecli" >config/package-lists/onecli.list.chroot
	pkgos_inifile get /etc/openstack-cluster-installer/openstack-cluster-installer.conf onecli target_install_onecli
	ONECLI_IN_TARGET=${RET}
	if [ "${ONECLI_IN_TARGET}" ] ; then
		echo "yes" >config/includes.chroot/etc/oci/setup-onecli-intarget
		cp config/archives/onecli.key.chroot config/includes.chroot/etc/oci/setup-onecli-intarget-key
		echo "deb ${ONECLI_REPO} ${ONECLI_DEBIAN_SUITE} main" >config/includes.chroot/etc/oci/setup-onecli-intarget-repo
	fi
fi

#################################
### Dell perccli installation ###
#################################
pkgos_inifile get /etc/openstack-cluster-installer/openstack-cluster-installer.conf perccli live_image_install_perccli
LIVE_IMAGE_INSTALL_PERCCLI=$RET
if [ "${LIVE_IMAGE_INSTALL_PERCCLI}" = "yes" ] && [ "${ARCH}" != "aarch64" ] ; then
	mkdir -p config/archives
	# This is infomanial's own custom (reprepro) repository
	echo "-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1

mQINBFdVSl8BEADReopiCpFyJOHNu2xW/tnTDanHQOIvMiWdVZVS8pUcQVhmyQ53
Wkwf/R/tUabqCmR8up/mf/rCENbEc43tEb7cuuOFbXYocDmwuxUrhOW3APfpgMJL
1GPjeMywBQUs8VuJReu3ZchJiROWC1RuOTpVfREuY9DyRbTTqYvXyvwqGIfq+fP4
CY3oq/PN1PlqsqTfP58ENFMlW9BHje0Za1Ruwi/mI0yc5gNSYjFjstag77MQOIFv
J9M+hgevMN0qHPDc2DiRmT2hsQ1rZah8G2LfzxbQxjSKifJZ2Jfcrpys6gLAOC9O
6JAs86qqnhd59Pl+MdDsOcKQDFkFWpZJk4KadrJzDGa9XoZusVxfGPt0vbAPx/UW
Q56jiVUSFoHeX2VVAJu5AhoMWz+k3YaWV37SAyF4oceVh2Um7G/NM+isXqG+8iN7
UuqV9AiTWydnNGf0oYwBBmEZXIXqRhfIJZVv99qfRnjEHvxD2kgYGk+GWOSym2Ap
FOERQUdSh2N8DT52JlrwR4zYbHEBf6+E3WY47oWCUtyCr4OyePCbX9ShmlhHsEnS
YpdmgtOU1NfMAN7xgByXgLxl28s6F0IXsRPdUauekMCqJxVfboxN81WQOOmuqLGS
qUgCr1M/1BlQDxbTfJQ4QtOFLarcf2pfx3Y15BRzSoEq/5Ll3DAUKUep3QARAQAB
tD1JbmZvbWFuaWFrIEFyY2hpdmUgQXV0b21hdGljIFNpZ25pbmcgS2V5IDxhcHRA
aW5mb21hbmlhay5jb20+iQI+BBMBCAAoAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIe
AQIXgAUCZl2BrwUJEsqeOwAKCRAo1l7/kzHEiVBYD/0e29tSqbQhkQmRcaYIRo/9
IPIdXmybvY0FxPDMvlrF2pBMbt9GNII05Ry0PZT4Dxn+bSc1rd8OSC1yC+JNzU+i
JDIwPEkG4pn+1JQm92S7zv8w+1oP3FokVnMcn0eQG7ydfYfKNf4ejs+y9c3ySpjl
37d6N1WXgp6NQwxOtpyOXalCjJZwdaMQCE776SGyt0GljrXOsX+NX2KgcjqTbP/S
uHGzYYZFtCLopFWANQl7rJEyR1sJP22O+lPEMaLmr2SteDSb86v9Bdk3vJsad1dY
YhqzF3v6TKmOZJlmpWoBN1Dn81qZn2HvIfPYfpica4KthoYeSQKk0OiyqH1lP1ae
2VnXAqgR16Y7H/8W9B4mu7Ru0OPQRETx+8O+FeYbKjwEeVoxYMbhEuuZeRAAI4Q7
5MQRLqYUwCy8vaknASaQQq2JVq7kDLIkBO+jGYoLb3rZxaPvoTRZbgnFVwbeHVzj
xLDyc5gYxwRxrzAm7lgw8LXC2Ud+DxxC5+tOZsmqHZe5nk9fepx/nbd1gJoTMktr
HeO7egYMLc+UK4A6vsmJyCXk7bu+ESYhaDUQG6cpc02+H4En9SYXQFawZvlBynh0
V6+fCvZSbOkD2VtsYIOld+6w87Tp7XpqxIG28tM++7S4bLKvL8GTpehqJ12F9Okx
Le8vV2BUt/Mm2vtOPeATyA==
=U0Ko
-----END PGP PUBLIC KEY BLOCK-----" >config/archives/perccli.key.chroot
	pkgos_inifile get /etc/openstack-cluster-installer/openstack-cluster-installer.conf perccli perccli_repo
	PERCCLI_REPO=$RET
	pkgos_inifile get /etc/openstack-cluster-installer/openstack-cluster-installer.conf perccli perccli_force_debian_suite
	PERCCLI_FORCE_DEBIAN_SUITE=$RET
	if [ "${PERCCLI_FORCE_DEBIAN_SUITE}" = "yes" ] ; then
		pkgos_inifile get /etc/openstack-cluster-installer/openstack-cluster-installer.conf perccli perccli_debian_suite
		PERCCLI_DEBIAN_SUITE=$RET
	else
		PERCCLI_DEBIAN_SUITE=${debian_release}
	fi
	echo "deb ${PERCCLI_REPO} ${PERCCLI_DEBIAN_SUITE} main" >config/archives/perccli.list.chroot
	echo "deb ${PERCCLI_REPO} ${PERCCLI_DEBIAN_SUITE} main" >config/archives/perccli.list.binary
	echo "perccli" >config/package-lists/perccli.list.chroot
	pkgos_inifile get /etc/openstack-cluster-installer/openstack-cluster-installer.conf perccli target_install_perccli
	PERCCLI_IN_TARGET=${RET}
	if [ "${PERCCLI_IN_TARGET}" ] ; then
		echo "yes" >config/includes.chroot/etc/oci/setup-perccli-intarget
		cp config/archives/perccli.key.chroot config/includes.chroot/etc/oci/setup-perccli-intarget-key
		echo "deb ${PERCCLI_REPO} ${PERCCLI_DEBIAN_SUITE} main" >config/includes.chroot/etc/oci/setup-perccli-intarget-repo
	fi
fi

########################################
### LSI logic's MegaCli installation ###
########################################
# Check if we need to install megacli in the Live environment
# This is non-free, but this is a necessary evil, since that's
# a very common needed tool on servers.
pkgos_inifile get /etc/openstack-cluster-installer/openstack-cluster-installer.conf megacli live_image_install_megacli
LIVE_IMAGE_INSTALL_MEGACLI=$RET
if [ "${LIVE_IMAGE_INSTALL_MEGACLI}" = "yes" ] && [ "${ARCH}" != "aarch64" ] ; then
	mkdir -p config/archives
	echo "-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.12 (GNU/Linux)

mQENBFHwGLoBCADGXHFostxbz4UzGFYtmox4pvyN1gMhq2KCuQ6f+FESa4HTd9L6
XVhXWPCad3cdxBIls+41+AdZTWxWMu7DUdy8nMU1Ikfw6JeHcSx97G5BdxBVMjK4
iMGfPdLfDgWf4BQ2h0dnTEWobt31WaqgNiNjNrKktqbymmF94pwYkwL53ydIA4zl
8ZQRZooFigkS9WdoKjh30Pv/SWakILSLcSQFHK0dvSkeGd1NxT9dMNPAXXqLom4+
7kCc0s04sS+0DwW16b0Hpb46mtsR9kzOnrE/Smj24uOGzNZen0oCc2Y7bfZlyaN+
RlTkWEze7lemc4Byup/QWkhT0Er8F8uxexy5ABEBAAG0PEhXUmFpZCAoaHR0cDov
L2h3cmFpZC5sZS12ZXJ0Lm5ldCkgPHJvb3RAaHdyYWlkLmxlLXZlcnQubmV0PokB
OAQTAQIAIgUCUfAYugIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQYAUh
DiOz07Rc4Af+N3dEZZHzLNVTjQ0+fCyeg8/flWOkR8DhP10cyoJhSHFTZRdXVshn
kP4VmmUycVeURh76DmrIRe/9Oyca6aGXccRMqvq+HMgBPVwD5qNhcJPIuzqEvmlO
6UIeW2ydil/v1pWu740fGntyFRQcsfqjReVPXw9K588F7MDMyL+31vLm6aorLSzR
hvLhOmGisTs0wg2Oz9f4muauRy6cpQPw/Zi/P/F4WkQYscbHrSbhszj6OIg/vftR
UbZ7QB26/+40B0ag4JzLpmj3scFxf/WdUl5LXazqhsbkurk7huV41BNKXi1+BS3c
x6pFzWEHpiuG1j7U/nScGzEQpsMlUW9D+rkBDQRR8Bi6AQgAuhH1H0VLwcROI/5n
9yTxSbTIZbyhUan3raAbit3pgo0zLagfUtp3vULVnm5ISqQcYFGLZoE1MUkmjGOL
38W0lsIiZTaKOKXxBbLlPhhrvlXnNWAG/S1wnq7K+DV179KCTkUzaLRDbHvv999j
9odBRtAkiTnCfHTMCN4AhydEejNxtlzJo4E5FecH4reimLI5euUdTltgCjixrbsa
KbQftYpSMdXnLy2+00QZoXu0U/h4WZcMhOSEEiyGP9BY6m5G76n03HIeQ6eALDFu
ryAgO+SB9rBrm/VN0kR/TZq0iA3uzLHC7zCw2aImipkr+rIuJOku0wH9MyowBbia
bQtnCQARAQABiQEfBBgBAgAJBQJR8Bi6AhsMAAoJEGAFIQ4js9O0d5YH/3fNQgsC
LvD0g2wdoksv5bG9CUOi9Bs0JHqI0LhXmPvMsbDojZ+zZle7KWNfK2227mWhmoG1
WLujJSmTtxhEO1fXIdYjlDfk2uLJKuFi2wQX9n8dFDUmKY3CUJgeVZof1uQ/5C3D
O06CcuOtf2d/+iijuW112aV1q1hoQqw71ojTET0iIV6lD/0i1eEBSSe1Ohb9yTGR
VxTVrB78zU9hih4/Oq8wJT/Fv25aO1MDSc26CXAg0JA6IWvKal3BSPNhtz4L4FIg
lXleArf9oJqxDO3TsV5zcLyxsIuRuxyP0+AKdSQUqv0dFi4Jf79OmvOmgwydhHjY
+f7quLbwiiDmPbU=
=Yv6D
-----END PGP PUBLIC KEY BLOCK-----" >config/archives/megacli.key.chroot
	pkgos_inifile get /etc/openstack-cluster-installer/openstack-cluster-installer.conf megacli megacli_repo
	MEGACLI_REPO=$RET
	pkgos_inifile get /etc/openstack-cluster-installer/openstack-cluster-installer.conf megacli megacli_force_debian_suite
	MEGACLI_FORCE_DEBIAN_SUITE=$RET
	if [ "${MEGACLI_FORCE_DEBIAN_SUITE}" = "yes" ] ; then
		pkgos_inifile get /etc/openstack-cluster-installer/openstack-cluster-installer.conf megacli megacli_debian_suite
		MEGACLI_DEBIAN_SUITE=$RET
	else
		MEGACLI_DEBIAN_SUITE=${debian_release}
	fi
	echo "deb ${MEGACLI_REPO} ${MEGACLI_DEBIAN_SUITE} main" >config/archives/megacli.list.chroot
	echo "deb ${MEGACLI_REPO} ${MEGACLI_DEBIAN_SUITE} main" >config/archives/megacli.list.binary
	echo "megacli
smartmontools" >config/package-lists/megacli.list.chroot
	pkgos_inifile get /etc/openstack-cluster-installer/openstack-cluster-installer.conf megacli target_install_megacli
	MEGACLI_IN_TARGET=${RET}
	if [ "${MEGACLI_IN_TARGET}" ] ; then
		cp config/archives/megacli.key.chroot config/includes.chroot/etc/oci/setup-megacli-intarget-key
		echo "deb ${MEGACLI_REPO} ${MEGACLI_DEBIAN_SUITE} main" >config/includes.chroot/etc/oci/setup-megacli-intarget-repo
	fi
	# We don't need the megacli services in the live env.
	mkdir -p config/hooks/live
	echo "#!/bin/sh

set -e

systemctl disable megaclisas-statusd.service || true
systemctl disable megaraidsas-statusd.service || true
systemctl disable megaraid-statusd.service || true
" >config/hooks/live/0080_disable_megacli_services
	chmod +x config/hooks/live/0080_disable_megacli_services
fi

pkgos_inifile get /etc/openstack-cluster-installer/openstack-cluster-installer.conf network USE_HTTP_PROXY
USE_HTTP_PROXY=$RET
if [ "${USE_HTTP_PROXY}" = "yes" ] ; then
	pkgos_inifile get /etc/openstack-cluster-installer/openstack-cluster-installer.conf network HTTP_PROXY_ADDR
	mkdir -p config/includes.chroot/etc/oci
	echo $RET >config/includes.chroot/etc/oci/http_proxy_addr
fi

#################
### HPE tools ###
#################
pkgos_inifile get /etc/openstack-cluster-installer/openstack-cluster-installer.conf hpe live_image_install_hpe
LIVE_IMAGE_INSTALL_HPE=$RET
pkgos_inifile get /etc/openstack-cluster-installer/openstack-cluster-installer.conf hpe hpe_repo
HPE_REPO=$RET
if [ "${LIVE_IMAGE_INSTALL_HPE}" = "yes" ] && [ "${ARCH}" != "aarch64" ] ; then
	if [ -n "${HPE_REPO}" ] ; then
		echo "-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.12 (GNU/Linux)

mQENBFZp0LkBCACXajRw3b4x7G7dulNYj0hUID4BtVFq/MjEb6PHckTxGxZDoQRX
RK54tiTFA9wq3b4P3yEFnOjbjRoI0d7Ls67FADugFO+cDCtsV9yuDlaYP/U/h2nX
N0R4AdYbsVd5yr6xr+GAy66Hmx5jFH3kbC+zJpOcI0tU9hcyU7gjbxu6KQ1ypI2Q
VRKf8sRBJXgmkOlbYx35ZUMFcmVxrLJXvUuxmAVXgT9f5M3Z3rsGt/ab+/+1TFSb
RsaqHsIPE0QH8ikqW4IeDQAo1T99pCdf7FWr45KFFTo7O4AZdLMWVgqeFHaSoZxJ
307VIINsWiwQoPp0tfU5NOOOwB1Sv3x9QgFtABEBAAG0P0hld2xldHQgUGFja2Fy
ZCBFbnRlcnByaXNlIENvbXBhbnkgUlNBLTIwNDgtMjUgPHNpZ25ocEBocGUuY29t
PokBPQQTAQIAJwUCVmnQuQIbLwUJEswDAAYLCQgHAwIGFQgCCQoLAxYCAQIeAQIX
gAAKCRDCCK3eJsK3l9G+B/0ekblsBeN+xHIJ28pvo2aGb2KtWBwbT1ugI+aIS17K
UQyHZJUQH+ZeRLvosuoiQEdcGIqmOxi2hVhSCQAOV1LAonY16ACveA5DFAEBz1+a
WQyx6sOLLEAVX1VqGlBXxh3XLEUWOhlAf1gZPNtHsmURTUy2h1Lv/Yoj8KLyuK2n
DmrLOS3Ro+RqWocaJfvAgXKgt6Fq/ChDUHOnar7lGswzMsbE/yzLJ7He4y89ImK+
2ktR5HhDuxqgCe9CWH6Q/1WGhUa0hZ3nbluq7maa+kPe2g7JcRzPH/nJuDCAOZ7U
6mHE8j0kMQMYjgaYEx2wc02aQRmPyxhbDLjSbtjomXRr
=voON
-----END PGP PUBLIC KEY BLOCK-----
" >config/archives/hpe.key.chroot

		pkgos_inifile get /etc/openstack-cluster-installer/openstack-cluster-installer.conf hpe hpe_force_debian_suite
		HPE_FORCE_DEBIAN_SUITE=$RET
		if [ "${HPE_FORCE_DEBIAN_SUITE}" = "yes" ] ; then
			pkgos_inifile get /etc/openstack-cluster-installer/openstack-cluster-installer.conf hpe hpe_debian_suite
			HPE_DEBIAN_SUITE=$RET
		else
			HPE_DEBIAN_SUITE=${debian_release}
		fi

		if [ "${HPE_DEBIAN_SUITE}" = "buster" ] ; then
			HPE_DEBIAN_SUITE=${HPE_DEBIAN_SUITE}/current-gen10
		else
			HPE_DEBIAN_SUITE=${HPE_DEBIAN_SUITE}/current
		fi

                echo "deb ${HPE_REPO} ${HPE_DEBIAN_SUITE} non-free" >config/archives/hpe.list.chroot
                echo "deb ${HPE_REPO} ${HPE_DEBIAN_SUITE} non-free" >config/archives/hpe.list.binary
		mkdir -p config/package-lists
		echo "hponcfg
ssacli
storcli" >config/package-lists/hpe.list.chroot
		# Echo a quick script to activate IPMI over LAN
		echo '<RIBCL VERSION="2.0">
  <LOGIN USER_LOGIN="admin" PASSWORD="password">
    <RIB_INFO mode="write">
      <MOD_GLOBAL_SETTINGS>
        <IPMI_DCMI_OVER_LAN_ENABLED VALUE="Y"/>
      </MOD_GLOBAL_SETTINGS>
    </RIB_INFO>
  </LOGIN>
</RIBCL>' >config/includes.chroot/etc/oci/hpe-activate-ipmi-over-lan.xml
		# Make sure installing storcli also includes a symlink in /usr/bin
		mkdir -p config/includes.chroot/usr/bin
		ln -s /opt/MegaRAID/storcli/storcli64 config/includes.chroot/usr/bin/storcli64
	fi
fi

pkgos_inifile get /etc/openstack-cluster-installer/openstack-cluster-installer.conf hpe target_install_hpe
INTARGET_INSTALL_HPE=$RET
if [ "${INTARGET_INSTALL_HPE}" = "yes" ] && [ -n "${HPE_REPO}" ]; then
	echo "yes" >config/includes.chroot/etc/oci/setup-hpe-intarget
	echo ${HPE_REPO} >config/includes.chroot/etc/oci/setup-hpe-intarget-repo

	pkgos_inifile get /etc/openstack-cluster-installer/openstack-cluster-installer.conf hpe hpe_force_debian_suite
	HPE_FORCE_DEBIAN_SUITE=$RET
	if [ "${HPE_FORCE_DEBIAN_SUITE}" = "yes" ] ; then
		pkgos_inifile get /etc/openstack-cluster-installer/openstack-cluster-installer.conf hpe hpe_debian_suite
		HPE_DEBIAN_SUITE=$RET
	else
		HPE_DEBIAN_SUITE=${debian_release}
	fi
	echo -n ${HPE_DEBIAN_SUITE} >config/includes.chroot/etc/oci/setup-hpe-intarget-suite
fi

########################################
### Dell iDRAC / racadm installation ###
########################################
# Check if we should install Dell's iDRAC tools (ie: rackadm)
pkgos_inifile get /etc/openstack-cluster-installer/openstack-cluster-installer.conf dellipmi live_image_install_dell_ipmi
LIVE_IMAGE_INSTALL_DELL_IPMI=$RET
if [ "${LIVE_IMAGE_INSTALL_DELL_IPMI}" = "yes" ] && [ "${ARCH}" != "aarch64" ] ; then
	pkgos_inifile get /etc/openstack-cluster-installer/openstack-cluster-installer.conf dellipmi dell_ipmi_repo
	DELL_IPMI_REPO=$RET
	if [ -n "${DELL_IPMI_REPO}" ] ; then
		echo "-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBE9RLYYBEADEAmJvn2y182B6ZUr+u9I29f2ue87p6HQreVvPbTjiXG4z2/k0
l/Ov0DLImXFckaeVSSrqjFnEGUd3DiRr9pPb1FqxOseHRZv5IgjCTKZyj9Jvu6bx
U9WL8u4+GIsFzrgS5G44g1g5eD4Li4sV46pNBTp8d7QEF4e2zg9xk2mcZKaT+STl
O0Q2WKI7qN8PAoGd1SfyW4XDsyfaMrJKmIJTgUxe9sHGj+UmTf86ZIKYh4pRzUQC
WBOxMd4sPgqVfwwykg/y2CQjrorZcnUNdWucZkeXR0+UCR6WbDtmGfvN5H3htTfm
Nl84Rwzvk4NT/By4bHy0nnX+WojeKuygCZrxfpSqJWOKhQeH+YHKm1oVqg95jvCl
vBYTtDNkpJDbt4eBAaVhuEPwjCBsfff/bxGCrzocoKlh0+hgWDrr2S9ePdrwv+rv
2cgYfUcXEHltD5Ryz3u5LpiC5zDzNYGFfV092xbpG/B9YJz5GGj8VKMslRhYpUjA
IpBDlYhOJ+0uVAAKPeeZGBuFx0A1y/9iutERinPx8B9jYjO9iETzhKSHCWEov/yp
X6k17T8IHfVj4TSwL6xTIYFGtYXIzhInBXa/aUPIpMjwt5OpMVaJpcgHxLam6xPN
FYulIjKAD07FJ3U83G2fn9W0lmr11hVsFIMvo9JpQq9aryr9CRoAvRv7OwARAQAB
tGBEZWxsIEluYy4sIFBHUkUgMjAxMiAoUEcgUmVsZWFzZSBFbmdpbmVlcmluZyBC
dWlsZCBHcm91cCAyMDEyKSA8UEdfUmVsZWFzZV9FbmdpbmVlcmluZ0BEZWxsLmNv
bT6JAjcEEwEKACEFAk9RLYYCGwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AACgkQ
EoVJFDTYeG9eBw//asbM4KRxBfFi9RmzRNitOiFEN1FqTbE5ujjN+9m9OEb+tB3Z
Fxv0bEPb2kUdpEwtMq6CgC5n8UcLbe5TF82Ho8r2mVYNRh5RltdvAtDK2pQxCOh+
i2b9im6GoIZa1HWNkKvKiW0dmiYYBvWlu78iQ8JpIixRIHXwEdd1nQIgWxjVix11
VDr+hEXPRFRMIyRzMteiq2w/XNTUZAh275BaZTmLdMLoYPhHO99AkYgsca9DK9f0
z7SYBmxgrKAs9uoNnroo4UxodjCFZHDu+UG2efP7SvJnq9v6XaC7ZxqBG8AObEsw
qGaLv9AN3t4oLjWhrAIoNWwIM1LWpYLmKjFYlLHaf30MYhJ8J7GHzgxANnkOP4g0
RiXeYNLcNvsZGXZ61/KzuvE6YcsGXSMVKRVaxLWkgS559OSjEcQV1TD65b+bttIe
EEYmcS8jLKL+q2T1qTKnmD6VuNCtZwlsxjR5wHnxORjumtC5kbkt1lxjb0l2gNvT
3ccA6FEWKS/uvtleQDeGFEA6mrKEGoD4prQwljPV0MZwyzWqclOlM7g21i/+SUj8
ND2Iw0dCs4LvHkf4F1lNdV3QB41ZQGrbQqcCcJFm3qRsYhi4dg8+24j3bNrSHjxo
sGtcmOLv15jXA1bxyXHkn0HPG6PZ27dogsJnAD1GXEH2S8yhJclYuL0JE0C5Ag0E
T1Ev4QEQANlcF8dbXMa6vXSmznnESEotJ2ORmvr5R1zEgqQJOZ9DyML9RAc0dmt7
IwgwUNX+EfY8LhXLKvHWrj2mBXm261A9SU8ijQOPHFAg/SYyP16JqfSx2jsvWGBI
jEXF4Z3SW/JD0yBNAXlWLWRGn3dx4cHyxmeGjCAc/6t322Tyi5XLtwKGxA/vEHeu
GmTuKzNIEnWZbdnqALcrT/xK6PGjDo45VKx8mzLal/mncXmvaNVEyld8MMwQfkYJ
HvZXwpWYXaWTgAiMMm+yEd0gaBZJRPBSCETYz9bENePWEMnrd9I65pRl4X27stDQ
91yO2dIdfamVqti436ZvLc0L4EZ7HWtjN53vgXobxMzz4/6eH71BRJujG1yYEk2J
1DUJKV1WUfV8Ow0TsJVNQRM/L9v8imSMdiR12BjzHismReMvaeAWfUL7Q1tgwvkZ
EFtt3sl8o0eoB39R8xP4p1ZApJFRj6N3ryCTVQw536QFGEb+C51MdJbXFSDTRHFl
BFVsrSE6PxB24RaQ+37w3lQZp/yCoGqA57S5VVIAjAll4Yl347WmNX9THogjhhzu
LkXW+wNGIPX9SnZopVAfuc4hj0TljVa6rbYtiw6HZNmvvr1/vSQMuAyl+HkEmqaA
hDgVknb3MQqUQmzeO/WtgSqYSLb7pPwDKYy7I1BojNiOt+qMj6P5ABEBAAGJAh4E
GAEKAAkFAk9RL+ECGwwACgkQEoVJFDTYeG/6mA/4q6DTSLwgKDiVYIRpqacUwQLy
SufOoAxGSEde8vGRpcGEC+kWt1aqIiE4jdlxFH7Cq5SnwojKpcBLIAvIYk6x9wof
z5cx10s5XHq1Ja2jKJV2IPT5ZdJqWBc+M8K5LJelemYRZoe50aT0jbN5YFRUkuU0
cZZyqv98tZzTYO9hdG4sH4gSZg4OOmUtnP1xwSqLWdDf0RpnjDuxMwJM4m6G3Uba
Q4w1K8hvUtZo9uC9+lLHq4eP9gcxnvi7Xg6mI3UXAXiLYXXWNY09kYXQ/jjrpLxv
WIPwk6zb02jsuD08j4THp5kU4nfujj/GklerGJJp1ypIOEwV4+xckAeKGUBIHOpy
Qq1fn5bz8IituSF3xSxdT2qfMGsoXmvfo2l8T9QdmPydb4ZGYhv24GFQZoyMAATL
bfPmKvXJAqomSbp0RUjeRCom7dbD1FfLRbtpRD73zHarBhYYZNLDMls3IIQTFuRv
NeJ7XfGwhkSE4rtY91J93eM77xNr4sXeYG+RQx4y5Hz99Q/gLas2celP6Zp8Y4OE
CdveX3BA0ytI8L02wkoJ8ixZnpGskMl4A0UYI4w4jZ/zdqdpc9wPhkPj9j+eF2UI
nzWOavuCXNmQz1WkLP/qlR8DchJtUKlgZq9ThshK4gTESNnmxzdpR6pYJGbEDdFy
ZFe5xHRWSlrC3WTbzg==
=buqa
-----END PGP PUBLIC KEY BLOCK-----
" >config/archives/dell-ipmi.key.chroot
		echo "deb ${DELL_IPMI_REPO} stretch main" >config/archives/dell-ipmi.list.chroot
		echo "deb ${DELL_IPMI_REPO} stretch main" >config/archives/dell-ipmi.list.binary
		mkdir -p config/includes.chroot/opt/dell/srvadmin/lib/openmanage
		touch config/includes.chroot/opt/dell/srvadmin/lib/openmanage/IGNORE_GENERATION
		echo "dirmngr
iproute2
libopenipmi0" > config/package-lists/dell-ipmi.list.chroot

		# Add modules to be loaded at boot time
		echo "ipmi_msghandler
ipmi_devintf
ipmi_si
srvadmin-deng
srvadmin-isvc" >config/includes.chroot/etc/modules

		# Create .ipc directories (to enable LCD, BMC communication)
		mkdir -p config/includes.chroot/opt/dell/srvadmin/shared/.ipc
		mkdir -p config/includes.chroot/opt/dell/srvadmin/hapi/bin/.ipc

		# make_omreg_dot_cfg
		mkdir -p config/includes.chroot/opt/dell/srvadmin/etc
		echo "suptlib.installpath=/opt/dell/srvadmin/
suptlib.logpath=/opt/dell/srvadmin/var/log/openmanage
suptlib.vardatapath=/opt/dell/srvadmin/var/lib/openmanage
suptlib.inipath=/opt/dell/srvadmin/etc/srvadmin-deng

OMDataEngine.omilcore.version=8.4.0
OMDataEngine.configtool=/opt/dell/srvadmin/sbin/dcecfg
OMDataEngine.installpath=/opt/dell/srvadmin/
OMDataEngine.logpath=/opt/dell/srvadmin/var/log/openmanage
OMDataEngine.vardatapath=/opt/dell/srvadmin/var/lib/openmanage
OMDataEngine.inipath=/opt/dell/srvadmin/etc/srvadmin-deng
OMDataEngine.startsnmpd=true

hapi.omilcore.version=8.4.0
hapi.configtool=/opt/dell/srvadmin/sbin/dchcfg
hapi.installpath=/opt/dell/srvadmin/
hapi.logpath=/opt/dell/srvadmin/var/log/openmanage
hapi.vardatapath=/opt/dell/srvadmin/var/lib/openmanage
hapi.inipath=/opt/dell/srvadmin/etc/srvadmin-hapi

openmanage.openipmi.kernel.2.6.x.ver_min_major=33
openmanage.openipmi.kernel.2.6.x.ver_min_minor=13
openmanage.openipmi.kernel.ver_min_major=2
openmanage.openipmi.kernel.ver_min_minor=6
openmanage.openipmi.kernel.ver_min_patch=15
openmanage.openipmi.rhel3.ver_min_major=35
openmanage.openipmi.rhel3.ver_min_minor=13
openmanage.openipmi.rhel4.ver_min_major=33
openmanage.openipmi.rhel4.ver_min_minor=13


Instrumentation.omilcore.version=8.4.0
Instrumentation.configtool=/opt/dell/srvadmin/sbin/dcicfg
Instrumentation.installpath=/opt/dell/srvadmin/
Instrumentation.logpath=/opt/dell/srvadmin/var/lib/openmanage
Instrumentation.vardatapath=/opt/dell/srvadmin/var/log/openmanage
Instrumentation.inipath=/opt/dell/srvadmin/etc/srvadmin-isvc
openmanage.version=8.4.0
openmanage.release=1
openmanage.archtype=64
openmanage.omilcore.installpath=/opt/dell/srvadmin
openmanage.omilcore.omiverdbpath=/opt/dell/srvadmin/var/lib/srvadmin-omilcore/
openmanage.funcs=/opt/dell/srvadmin/lib64/srvadmin-omilcore/Funcs.sh
openmanage.syslistfile=/opt/dell/srvadmin/share/srvadmin-omilcore/syslist.txt
openmanage.8gsyslistfile=/opt/dell/srvadmin/share/srvadmin-omilcore/8gsyslist.txt
openmanage.9gsyslistfile=/opt/dell/srvadmin/share/srvadmin-omilcore/9gsyslist.txt
openmanage.idracsyslistfile=/opt/dell/srvadmin/share/srvadmin-omilcore/idracsyslist.txt
openmanage.openipmi.syslisttypesfile=/opt/dell/srvadmin/share/srvadmin-omilcore/syslisttypes.txt
rac5.inipath=/opt/dell/srvadmin/etc/srvadmin-isvc
" >config/includes.chroot/opt/dell/srvadmin/etc/omreg.cfg
		# Add Dell library path to ld config
		echo "/opt/dell/toolkit/lib" >config/includes.chroot/etc/ld.so.conf
		echo "yes" >config/includes.chroot/etc/oci/setup-dell-ipmi-intarget

		# This tells oci-agent-report-status to install the Dell IPMI repo
		# on first boot of the live image.
		echo "yes" >config/includes.chroot/etc/oci/live-image-dell-ipmi
		# And this tells it where to find it.
		echo "${dell_ipmi_repo}" >config/includes.chroot/etc/oci/setup-dell-ipmi-intarget-repo

		# This, for a reason, fails... :(
		mkdir -p config/includes.chroot/etc/apt/sources.list.d
	fi
fi

# Add serial console
mkdir -p config/includes.chroot/etc/systemd/system/getty.target.wants
echo "#  SPDX-License-Identifier: LGPL-2.1+
#
#  This file is part of systemd.
#
#  systemd is free software; you can redistribute it and/or modify it
#  under the terms of the GNU Lesser General Public License as published by
#  the Free Software Foundation; either version 2.1 of the License, or
#  (at your option) any later version.

[Unit]
Description=Serial Getty on %I
Documentation=man:agetty(8) man:systemd-getty-generator(8)
Documentation=http://0pointer.de/blog/projects/serial-console.html
BindsTo=dev-%i.device
After=dev-%i.device systemd-user-sessions.service plymouth-quit-wait.service getty-pre.target
After=rc-local.service

# If additional gettys are spawned during boot then we should make
# sure that this is synchronized before getty.target, even though
# getty.target didn't actually pull it in.
Before=getty.target
IgnoreOnIsolate=yes

# IgnoreOnIsolate causes issues with sulogin, if someone isolates
# rescue.target or starts rescue.service from multi-user.target or
# graphical.target.
Conflicts=rescue.service
Before=rescue.service

[Service]
# The '-o' option value tells agetty to replace 'login' arguments with an
# option to preserve environment (-p), followed by '--' for safety, and then
# the entered username.
ExecStart=-/sbin/agetty --autologin root --keep-baud 9600 %I \$TERM
Type=idle
Restart=always
UtmpIdentifier=%I
TTYPath=/dev/%I
TTYReset=yes
TTYVHangup=yes
KillMode=process
IgnoreSIGPIPE=no
SendSIGHUP=yes

[Install]
WantedBy=getty.target
" >config/includes.chroot/etc/systemd/system/serial-getty@ttyS1.service
cp config/includes.chroot/etc/systemd/system/serial-getty@ttyS1.service config/includes.chroot/etc/systemd/system/serial-getty@ttyS0.service
ln -s ../serial-getty@ttyS1.service config/includes.chroot/etc/systemd/system/getty.target.wants/serial-getty@ttyS1.service
ln -s ../serial-getty@ttyS0.service config/includes.chroot/etc/systemd/system/getty.target.wants/serial-getty@ttyS0.service

# Configure autologin for tty0
mkdir -p config/includes.chroot/etc/systemd/system/getty@.service.d
echo "[Service]\nExecStart=\nExecStart=-/sbin/agetty --autologin root --noclear %I \$TERM" >config/includes.chroot/etc/systemd/system/getty@.service.d/root-autologin.conf

# Copy the customization by the user
if [ -d /etc/openstack-cluster-installer/live-image-additions ] ; then
	if [ -n "$(ls /etc/openstack-cluster-installer/live-image-additions)" ] ; then
		if [ -r /etc/openstack-cluster-installer/oci-firmware-upgrade-config.json ] ; then
			mkdir -p config/includes.chroot/etc/oci
			cp /etc/openstack-cluster-installer/oci-firmware-upgrade-config.json config/includes.chroot/etc/oci/
			cp -auxf /etc/openstack-cluster-installer/live-image-additions/* config/includes.chroot/
		fi
	fi
fi
	
# Configure debootstrap to trust our archive keyring
if [ -n "${debian_keyring_file}" ]; then
	export DEBOOTSTRAP_OPTIONS="${DEBOOTSTRAP_OPTIONS} --keyring=${debian_keyring_file}"
fi

lb clean
lb config --mirror-binary http://${OTCI_PXE_SERVER_IP}:9999/debian -b netboot --bootappend-live "boot=live iomem=relaxed console=tty0 console=ttyS0,115200 console=ttyS1,115200 earlyprintk=ttyS1,115200 consoleblank=0 systemd.show_status=true components url=http://${OTCI_PXE_SERVER_IP} fetch=http://${OTCI_PXE_SERVER_IP}/openstack-cluster-installer/filesystem.squashfs" --net-root-path /var/lib/openstack-cluster-installer --net-root-server ${OTCI_PXE_SERVER_IP}

# Change the default mirror in the config
if [ -n "${OTCI_DEB_MIRROR_ADDR}" ] ; then
	for i in LB_PARENT_MIRROR_BOOTSTRAP LB_PARENT_MIRROR_CHROOT LB_PARENT_MIRROR_DEBIAN_INSTALLER LB_MIRROR_BOOTSTRAP LB_MIRROR_CHROOT LB_MIRROR_DEBIAN_INSTALLER \
		LB_PARENT_MIRROR_BINARY LB_MIRROR_BINARY ; do
		sed -i 's|^'${i}'=.*|'${i}'="'${OTCI_DEB_MIRROR_ADDR}'"|' config/bootstrap
	done
fi

# Change the default security mirror in the config
if [ -n "${OTCI_DEB_SECURITY_MIRROR_ADDR}" ] ; then
	for i in LB_PARENT_MIRROR_CHROOT_SECURITY LB_PARENT_MIRROR_BINARY_SECURITY LB_MIRROR_CHROOT_SECURITY LB_MIRROR_BINARY_SECURITY ; do
		sed -i 's|^'${i}'=.*|'${i}'="'${OTCI_DEB_SECURITY_MIRROR_ADDR}'"|' config/bootstrap
	done
fi

sed -i 's/^LB_BOOTLOADERS=.*/LB_BOOTLOADERS="syslinux"/' config/binary

# Fix the default syslinux timeout to 20 seconds
sed -i "s/timeout 0/timeout 20/" config/bootloaders/isolinux/isolinux.cfg
sed -i "s/timeout 0/timeout 20/" config/bootloaders/pxelinux/pxelinux.cfg/default
sed -i "s/timeout 0/timeout 20/" config/bootloaders/syslinux/syslinux.cfg
sed -i "s/timeout 0/timeout 20/" config/bootloaders/extlinux/extlinux.conf

sed -i s/ftp.debian.org/${OTCI_PXE_SERVER_IP}:9999/ config/bootstrap

# Customize the distribution name
sed -i "s#LB_DEBIAN_INSTALLER_DISTRIBUTION=.*#LB_DEBIAN_INSTALLER_DISTRIBUTION=\"${debian_release}\"#" config/binary
sed -i "s#LB_ISO_VOLUME=.*#LB_ISO_VOLUME=\"Debian ${debian_release} \$(date +%Y%m%d-%H:%M)\"#" config/binary
if [ -e config/build ] ; then
	sed -i "s#Distribution: .*#Distribution: ${debian_release}#" config/build
fi
sed -i "s#LB_DISTRIBUTION=.*#LB_DISTRIBUTION=\"${debian_release}\"#" config/bootstrap
sed -i "s#LB_PARENT_DISTRIBUTION=.*#LB_PARENT_DISTRIBUTION=\"${debian_release}\"#" config/bootstrap
sed -i "s#LB_PARENT_DEBIAN_INSTALLER_DISTRIBUTION=.*#LB_PARENT_DEBIAN_INSTALLER_DISTRIBUTION=\"${debian_release}\"#" config/bootstrap

# New names to tweak starting with Bullseye
sed -i "s#LB_DISTRIBUTION_CHROOT=.*#LB_DISTRIBUTION_CHROOT=\"${debian_release}\"#" config/bootstrap
sed -i "s#LB_PARENT_DISTRIBUTION_CHROOT=.*#LB_PARENT_DISTRIBUTION_CHROOT=\"${debian_release}\"#" config/bootstrap
sed -i "s#LB_DISTRIBUTION_BINARY=.*#LB_DISTRIBUTION_BINARY=\"${debian_release}\"#" config/bootstrap
sed -i "s#LB_PARENT_DISTRIBUTION_BINARY=.*#LB_PARENT_DISTRIBUTION_BINARY=\"${debian_release}\"#" config/bootstrap

# Disable security and updates if using Sid
if [ "${debian_release}" = "sid" ] ; then
	sed -i "s#LB_SECURITY=.*#LB_SECURITY=\"false\"#" config/chroot
	sed -i "s#LB_UPDATES=.*#LB_UPDATES=\"false\"#" config/chroot
fi

lb build

# Copy the tftp stuff
mkdir -p /var/lib/openstack-cluster-installer/tftp
cp -r tftpboot/* /var/lib/openstack-cluster-installer/tftp
mkdir -p /var/lib/openstack-cluster-installer/tftp/live
cp -auxf tftpboot/live/vmlinuz* tftpboot/live/initrd* /var/lib/openstack-cluster-installer/tftp/live
cp binary/live/filesystem.squashfs /var/lib/openstack-cluster-installer

# Copy it also to the web path, so it works over iPXE
mkdir -p /usr/share/openstack-cluster-installer/live
cp -auxf tftpboot/live/vmlinuz* tftpboot/live/initrd* /usr/share/openstack-cluster-installer/live

# Add the UEFI files
mkdir -p /var/lib/openstack-cluster-installer/tftp/efi64
cp /usr/lib/ipxe/undionly.kpxe /usr/share/openstack-cluster-installer/
if [ -d /usr/lib/SYSLINUX.EFI/efi64 ] ; then
	cp /usr/lib/SYSLINUX.EFI/efi64/* /var/lib/openstack-cluster-installer/tftp/efi64
fi
if [ -d /usr/lib/syslinux/modules/efi64 ] ; then
	cp /usr/lib/syslinux/modules/efi64/* /var/lib/openstack-cluster-installer/tftp/efi64
fi

# Create the ipxe-boot-script, needed for ipxe support.
echo "#!ipxe

chain tftp://${OTCI_PXE_SERVER_IP}/lpxelinux.0
" > /var/lib/openstack-cluster-installer/tftp/ipxe-boot-script

cp /usr/lib/PXELINUX/lpxelinux.0 /var/lib/openstack-cluster-installer/tftp

##############################################
### Grub + SHIM install in the TFTP folder ###
##############################################
# Copy shim + grub, so we can support secure boot.
# Note: these files aren't available in all arch,
# so this must be conditional copies.
if [ -e /usr/lib/shim/shimx64.efi.signed ] ; then
	cp /usr/lib/shim/shimx64.efi.signed /var/lib/openstack-cluster-installer/tftp/
fi
if [ -e /usr/lib/grub/x86_64-efi-signed/grubnetx64.efi.signed ] ; then
	cp /usr/lib/grub/x86_64-efi-signed/grubnetx64.efi.signed /var/lib/openstack-cluster-installer/tftp/grubx64.efi
fi
mkdir -p /var/lib/openstack-cluster-installer/tftp/grub
echo "set menu_color_normal=white/black
set menu_color_highlight=black/light-gray
set timeout=5


if [ \$grub_cpu = x86_64 ]; then
	menuentry \"OpenStack cluster installer\" {
	    linux    live/vmlinuz boot=live iomem=relaxed console=tty0 console=ttyS0,115200 console=ttyS1,115200 earlyprintk=ttyS1,115200 consoleblank=0 systemd.show_status=true components url=http://${OTCI_PXE_SERVER_IP} fetch=http://${OTCI_PXE_SERVER_IP}/openstack-cluster-installer/filesystem.squashfs
	    initrd   live/initrd.img
	}
elif [ \$grub_cpu = arm64 ]; then
	menuentry \"OpenStack cluster installer\" {
	    linux    live/vmlinuz-arm64 boot=live iomem=relaxed console=tty0 console=ttyS0,115200 console=ttyS1,115200 earlyprintk=ttyS1,115200 consoleblank=0 systemd.show_status=true components url=http://${OTCI_PXE_SERVER_IP} fetch=http://${OTCI_PXE_SERVER_IP}/openstack-cluster-installer/filesystem_arm64.squashfs
	    initrd   live/initrd-arm64.img
	}
fi
" >/var/lib/openstack-cluster-installer/tftp/grub/grub.cfg

###############################################################################
### Customization of syslinux to load the kernel over http rather than tftp ###
###############################################################################
# Patch live.cfg so that it uses http instead of tftp for loading the
# kernel and initrd, which is much faster.

# No PXELINUX in arm64, so no live.cfg
if [ "${ARCH}" != "aarch64" ] ; then
	sed -i 's#linux /live/vmlinuz#linux http://'${OTCI_PXE_SERVER_IP}'/openstack-cluster-installer/tftp/live/vmlinuz#' /var/lib/openstack-cluster-installer/tftp/live.cfg
	sed -i 's#initrd /live/initrd.img#initrd http://'${OTCI_PXE_SERVER_IP}'/openstack-cluster-installer/tftp/live/initrd.img#' /var/lib/openstack-cluster-installer/tftp/live.cfg
fi

# Set the syslinux menu type.
# The menu.c32 is needed for the non-vesa menu type.
# Let's copy it in the tftp folder, always...
cp chroot/usr/lib/syslinux/modules/bios/menu.c32 /var/lib/openstack-cluster-installer/tftp

# No PXELINUX in arm64
if [ "${ARCH}" != "aarch64" ] ; then
	if [ "${force_syslinux_text_menu}" = "yes" ] ; then
		sed -i 's/default vesamenu.c32/default menu.c32/' /var/lib/openstack-cluster-installer/tftp/pxelinux.cfg/default
	else
	        sed -i 's/default menu.c32/default vesamenu.c32/' /var/lib/openstack-cluster-installer/tftp/pxelinux.cfg/default
	fi
fi

# Hack the initrd file to remove drivers
if [ "${remove_drivers_from_initrd}" = "yes" ] ; then
	TMPDIR=$(mktemp --directory)
	INITRD_PATH=/var/lib/openstack-cluster-installer/tftp/live/initrd.img
	MYCWD=$(pwd)

	cd ${TMPDIR}
	# Uncompress the initrd
	zcat ${INITRD_PATH} | cpio -idmv
	for i in ${remove_drivers_from_initrd_list} ; do
		rm lib/modules/*/kernel/drivers/net/ethernet/${i}
	done
	find . | cpio --create --format='newc' | gzip -9 >${INITRD_PATH}
	rm -rf ${TMPDIR}
	cd ${MYCWD}
fi

echo "All done, your OCI Live image is ready..."
