Revision 98d3bf5b
Added by Jan Loeser about 2 months ago
app/views/unattended/provisioning_templates/user_data/preseed_autoinstall_cloud_init.erb | ||
---|---|---|
realname_to_create = host_param('realname_to_create') || username_to_create
|
||
password_to_create = host_param('password_to_create') || @host.root_pass
|
||
enable_auto_update = (host_param_true?('package_upgrade') && !host_param('kt_activation_keys'))
|
||
os_major = @host.operatingsystem.major.to_i
|
||
os_minor = @host.operatingsystem.minor.to_i
|
||
-%>
|
||
#cloud-config
|
||
autoinstall:
|
||
... | ... | |
allow-pw: true
|
||
install-server: true
|
||
updates: security
|
||
<%= indent(2) { @host.diskLayout } -%>
|
||
<%= indent(2) { @host.diskLayout } %>
|
||
<%= indent(2) { snippet_if_exists(template_name + " custom root") } -%>
|
||
late-commands:
|
||
<%= indent(2) { snippet 'preseed_autoinstall_clevis_tang_wrapper' if host_param('disk_enc_tang_servers') && os_major >= 22 && os_minor >= 3 } %>
|
||
- wget -Y off <%= @static ? "'#{foreman_url('finish', static: 'true')}'" : foreman_url('finish') %> -O /target/tmp/finish.sh
|
||
- curtin in-target -- chmod +x /tmp/finish.sh
|
||
- curtin in-target -- /tmp/finish.sh
|
Also available in: Unified diff
Fixes #36885 - Add Clevis/Tang disk encryption template
For disk encryption Clevis/Tang is often used. This commit introduces
partition templates for Kickstart and Autoinstall taking care of disk
encryption and a snippet responsible for binding the LUKS device via
Clevis to a given Tang server.
The default partition template encrypts the disk with a passphrase which
can be provided via `disk_enc_passphrase` host parameter. If no host
parameter is provided, the default passphrase is 'linux'.
If, in addition, `disk_enc_tang_servers` host parameter is provided
(can be one address as string or multiple addresses as array), the LUKS
device will be bind to these Tang servers using Clevis. In this case,
the passphrase will be removed.
This commit targets the Red Hat family and Ubuntu operating system.