coreos-liveiso-autologin-generator

#!/bin/bash

set -euo pipefail

# Generators don't have logging right now
# https://github.com/systemd/systemd/issues/15638
exec 1>/dev/kmsg; exec 2>&1

UNIT_DIR="${1:-/tmp}"

have_karg() {
    local arg="$1"
    local cmdline=( $(</proc/cmdline) )
    local i
    for i in "${cmdline[@]}"; do
        if [[ "$i" =~ "$arg=" ]]; then
            return 0
        fi
    done
    return 1
}

write_dropin() {
    local service="$1"; shift
    local args="$1"; shift

    local out_dir="${UNIT_DIR}/${service}.d"
    mkdir -p "${out_dir}"

    # /tmp isn't r/w yet, and the shell needs to cache the here-document
    TMPDIR=/run
    cat > "${out_dir}/10-autologin.conf" <<EOF
[Service]
ExecStart=
ExecStart=-/sbin/agetty --autologin core -o '-p -f core' ${args} %I \$TERM
EOF
}

quiet_kernel_console_messages() {
    cat <<'EOF' > /etc/sysctl.d/20-coreos-autologin-kernel-printk.conf
# Raise console message logging level from DEBUG (7) to WARNING (4)
# so that kernel debug message don't get interspersed on the console
# that
# may frustrate a user trying to interactively do an install with
# nmtui and coreos-installer.
kernel.printk=4
EOF
}

write_interactive_live_motd() {
    # Write motd to a tmp file and not directly to /etc/motd because
    # SELinux denies write from init_t to etc_t
    cat <<EOF > /run/interactive-live-motd

###########################################################################
Welcome to the CoreOS live environment. This system is running completely
from memory, making it a good candidate for hardware discovery and
installing persistently to disk. Here is an example of running an install
to disk via coreos-installer:

curl -O https://example.com/example.ign
sudo coreos-installer install /dev/sda --ignition-file ./example.ign

You may configure networking via 'sudo nmcli' or 'sudo nmtui' and have
that configuration persist into the installed system by passing the
'--copy-network' argument to 'coreos-installer install'. Please run
'coreos-installer install --help' for more information on the possible
install options.
###########################################################################

EOF
    # Create coreos-cp-interactive-live-motd.service to copy over the motd in
    # place. Note this intentionally overwrites the existing motd, which is
    # blank on FCOS and populated on RHCOS.
    service="coreos-cp-interactive-live-motd.service"
    cat <<EOF > "${UNIT_DIR}/${service}"
# generated by coreos-liveiso-autologin-generator
[Unit]
Description=Copy CoreOS Interactive Live MOTD
Before=systemd-user-sessions.service
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/bin/cp -v /run/interactive-live-motd /etc/motd
EOF
    mkdir -p "${UNIT_DIR}/multi-user.target.wants"
    ln -sf "../${service}" "${UNIT_DIR}/multi-user.target.wants/"
}

# Only allow automatic autologin on live systems
if [ ! -e /run/ostree-live ]; then
    exit 0
fi

# Autologin on ISO boots but not PXE boots.  The only way to tell the
# difference is a kernel argument.
if ! have_karg coreos.liveiso; then
    exit 0
fi

# If the user supplied an Ignition config, they have the ability to enable
# autologin themselves.  Don't automatically render them insecure, since
# they might be running in production and booting via e.g. IPMI.

# This is a hack for RHCOS Ignition which doesn't have
# https://github.com/coreos/ignition/pull/958. This works because right now both
# RHCOS and FCOS unconditionally bake in a base config. Once RHCOS moves to
# Ignition v2, we can drop this and just leave the else block.
ign_basecfg_msg=$(journalctl -q MESSAGE_ID=57124006b5c94805b77ce473e92a8aeb IGNITION_CONFIG_TYPE=base)
if [ -z "${ign_basecfg_msg}" ]; then
    if [ -e /run/ignition.json ]; then
        exit 0
    fi
else
    # See https://github.com/coreos/ignition/pull/958 for the MESSAGE_ID source.
    ign_usercfg_msg=$(journalctl -q MESSAGE_ID=57124006b5c94805b77ce473e92a8aeb IGNITION_CONFIG_TYPE=user)
    if [ -n "${ign_usercfg_msg}" ]; then
        exit 0
    fi
fi

write_dropin "getty@.service"        "--noclear"
# Also autologin on serial console if someone enables that
write_dropin "serial-getty@.service" "--keep-baud 115200,38400,9600"

# When the installer runs a lot of things happen on the system (audit
# messages from running via sudo, re-reading partition table messages,
# mounting filesystem messages, etc.). Quieting the verbosity of the
# kernel console will help us keep our sanity.
quiet_kernel_console_messages


# Write an motd that will let the user know about the live environment
# and what is possible.
write_interactive_live_motd
	#!/bin/bash

	set -euo pipefail

	# Generators don't have logging right now
	# https://github.com/systemd/systemd/issues/15638
	exec 1>/dev/kmsg; exec 2>&1

	UNIT_DIR="${1:-/tmp}"

	have_karg() {
	local arg="$1"
	local cmdline=( $(</proc/cmdline) )
	local i
	for i in "${cmdline[@]}"; do
	if [[ "$i" =~ "$arg=" ]]; then
	return 0
	fi
	done
	return 1
	}

	write_dropin() {
	local service="$1"; shift
	local args="$1"; shift

	local out_dir="${UNIT_DIR}/${service}.d"
	mkdir -p "${out_dir}"

	# /tmp isn't r/w yet, and the shell needs to cache the here-document
	TMPDIR=/run
	cat > "${out_dir}/10-autologin.conf" <<EOF
	[Service]
	ExecStart=
	ExecStart=-/sbin/agetty --autologin core -o '-p -f core' ${args} %I \$TERM
	EOF
	}

	quiet_kernel_console_messages() {
	cat <<'EOF' > /etc/sysctl.d/20-coreos-autologin-kernel-printk.conf
	# Raise console message logging level from DEBUG (7) to WARNING (4)
	# so that kernel debug message don't get interspersed on the console
	# that
	# may frustrate a user trying to interactively do an install with
	# nmtui and coreos-installer.
	kernel.printk=4
	EOF
	}

	write_interactive_live_motd() {
	# Write motd to a tmp file and not directly to /etc/motd because
	# SELinux denies write from init_t to etc_t
	cat <<EOF > /run/interactive-live-motd

	###########################################################################
	Welcome to the CoreOS live environment. This system is running completely
	from memory, making it a good candidate for hardware discovery and
	installing persistently to disk. Here is an example of running an install
	to disk via coreos-installer:

	curl -O https://example.com/example.ign
	sudo coreos-installer install /dev/sda --ignition-file ./example.ign

	You may configure networking via 'sudo nmcli' or 'sudo nmtui' and have
	that configuration persist into the installed system by passing the
	'--copy-network' argument to 'coreos-installer install'. Please run
	'coreos-installer install --help' for more information on the possible
	install options.
	###########################################################################

	EOF
	# Create coreos-cp-interactive-live-motd.service to copy over the motd in
	# place. Note this intentionally overwrites the existing motd, which is
	# blank on FCOS and populated on RHCOS.
	service="coreos-cp-interactive-live-motd.service"
	cat <<EOF > "${UNIT_DIR}/${service}"
	# generated by coreos-liveiso-autologin-generator
	[Unit]
	Description=Copy CoreOS Interactive Live MOTD
	Before=systemd-user-sessions.service
	[Service]
	Type=oneshot
	RemainAfterExit=yes
	ExecStart=/bin/cp -v /run/interactive-live-motd /etc/motd
	EOF
	mkdir -p "${UNIT_DIR}/multi-user.target.wants"
	ln -sf "../${service}" "${UNIT_DIR}/multi-user.target.wants/"
	}

	# Only allow automatic autologin on live systems
	if [ ! -e /run/ostree-live ]; then
	exit 0
	fi

	# Autologin on ISO boots but not PXE boots. The only way to tell the
	# difference is a kernel argument.
	if ! have_karg coreos.liveiso; then
	exit 0
	fi

	# If the user supplied an Ignition config, they have the ability to enable
	# autologin themselves. Don't automatically render them insecure, since
	# they might be running in production and booting via e.g. IPMI.

	# This is a hack for RHCOS Ignition which doesn't have
	# https://github.com/coreos/ignition/pull/958. This works because right now both
	# RHCOS and FCOS unconditionally bake in a base config. Once RHCOS moves to
	# Ignition v2, we can drop this and just leave the else block.
	ign_basecfg_msg=$(journalctl -q MESSAGE_ID=57124006b5c94805b77ce473e92a8aeb IGNITION_CONFIG_TYPE=base)
	if [ -z "${ign_basecfg_msg}" ]; then
	if [ -e /run/ignition.json ]; then
	exit 0
	fi
	else
	# See https://github.com/coreos/ignition/pull/958 for the MESSAGE_ID source.
	ign_usercfg_msg=$(journalctl -q MESSAGE_ID=57124006b5c94805b77ce473e92a8aeb IGNITION_CONFIG_TYPE=user)
	if [ -n "${ign_usercfg_msg}" ]; then
	exit 0
	fi
	fi

	write_dropin "getty@.service" "--noclear"
	# Also autologin on serial console if someone enables that
	write_dropin "serial-getty@.service" "--keep-baud 115200,38400,9600"

	# When the installer runs a lot of things happen on the system (audit
	# messages from running via sudo, re-reading partition table messages,
	# mounting filesystem messages, etc.). Quieting the verbosity of the
	# kernel console will help us keep our sanity.
	quiet_kernel_console_messages


	# Write an motd that will let the user know about the live environment
	# and what is possible.
	write_interactive_live_motd