Skip to content

Commit 98c0a4f

Browse files
committed
CLOUDSTACK-1066: Fix FIXMEs, rename script to postinstall.sh
Signed-off-by: Rohit Yadav <bhaisaab@apache.org>
1 parent 4b268c4 commit 98c0a4f

4 files changed

Lines changed: 89 additions & 235 deletions

File tree

tools/appliance/definitions/systemvmtemplate/cloudstack-packages.sh

Lines changed: 0 additions & 158 deletions
This file was deleted.

tools/appliance/definitions/systemvmtemplate/definition.rb

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -37,7 +37,7 @@
3737
:shutdown_cmd => "halt -p",
3838
:postinstall_files => [
3939
"base.sh",
40-
"cloudstack-packages.sh",
40+
"postinstall.sh",
4141
"cleanup.sh",
4242
"zerodisk.sh"
4343
],

tools/appliance/definitions/systemvmtemplate/postinstall.sh

Lines changed: 85 additions & 76 deletions
Original file line numberDiff line numberDiff line change
@@ -15,55 +15,21 @@
1515
# specific language governing permissions and limitations
1616
# under the License.
1717

18-
set -e
1918
set -x
2019

21-
IMAGENAME=systemvm
22-
LOCATION=/var/lib/images/systemvm
23-
PASSWORD=password
20+
ROOTPW=password
2421
HOSTNAME=systemvm
25-
SIZE=2048
26-
DEBIAN_MIRROR=ftp.us.debian.org/debian
27-
MINIMIZE=true
28-
CLOUDSTACK_RELEASE=4.1.0
29-
30-
init() {
31-
# Update the box
32-
apt-get -y update
33-
apt-get -y install linux-headers-$(uname -r) build-essential
34-
apt-get -y install zlib1g-dev libssl-dev libreadline-gplv2-dev
35-
apt-get -y install curl unzip
36-
apt-get clean
37-
38-
# Set up sudo
39-
echo 'vagrant ALL=NOPASSWD:ALL' > /etc/sudoers.d/vagrant
40-
41-
# Tweak sshd to prevent DNS resolution (speed up logins)
42-
echo 'UseDNS no' >> /etc/ssh/sshd_config
43-
44-
# Remove 5s grub timeout to speed up booting
45-
echo <<EOF > /etc/default/grub
46-
# If you change this file, run 'update-grub' afterwards to update
47-
# /boot/grub/grub.cfg.
48-
49-
GRUB_DEFAULT=0
50-
GRUB_TIMEOUT=0
51-
GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
52-
GRUB_CMDLINE_LINUX_DEFAULT="quiet"
53-
GRUB_CMDLINE_LINUX="debian-installer=en_US"
54-
EOF
55-
56-
update-grub
57-
}
22+
CLOUDSTACK_RELEASE=4.2.0
5823

5924
install_packages() {
6025
DEBIAN_FRONTEND=noninteractive
6126
DEBIAN_PRIORITY=critical
6227

6328
#basic stuff
64-
apt-get --no-install-recommends -q -y --force-yes install rsyslog logrotate cron chkconfig insserv net-tools ifupdown vim-tiny netbase iptables openssh-server grub-legacy e2fsprogs dhcp3-client dnsmasq tcpdump socat wget python bzip2 sed gawk diff grep gzip less tar telnet ftp rsync traceroute psmisc lsof procps monit inetutils-ping iputils-arping httping dnsutils zip unzip ethtool uuid file iproute acpid iptables-persistent virt-what sudo
65-
#fix hostname in openssh-server generated keys
66-
sed -i "s/root@\(.*\)$/root@systemvm/g" etc/ssh/ssh_host_*.pub
29+
apt-get --no-install-recommends -q -y --force-yes install rsyslog logrotate cron chkconfig insserv net-tools ifupdown vim-tiny netbase iptables
30+
apt-get --no-install-recommends -q -y --force-yes install openssh-server openssl grub-legacy e2fsprogs dhcp3-client dnsmasq tcpdump socat wget
31+
apt-get --no-install-recommends -q -y --force-yes install python bzip2 sed gawk diffutils grep gzip less tar telnet ftp rsync traceroute psmisc lsof procps monit inetutils-ping iputils-arping httping
32+
apt-get --no-install-recommends -q -y --force-yes install dnsutils zip unzip ethtool uuid file iproute acpid virt-what sudo
6733

6834
#sysstat
6935
echo 'sysstat sysstat/enable boolean true' | debconf-set-selections
@@ -76,72 +42,115 @@ install_packages() {
7642
apt-get --no-install-recommends -q -y --force-yes install dnsmasq
7743
#nfs client
7844
apt-get --no-install-recommends -q -y --force-yes install nfs-common
45+
7946
#vpn stuff
80-
apt-get --no-install-recommends -q -y --force-yes install xl2tpd openswan bcrelay ppp ipsec-tools tdb-tools
47+
apt-get --no-install-recommends -q -y --force-yes install xl2tpd bcrelay ppp ipsec-tools tdb-tools
48+
echo "openswan openswan/install_x509_certificate boolean false" | debconf-set-selections
49+
echo "openswan openswan/install_x509_certificate seen true" | debconf-set-selections
50+
apt-get --no-install-recommends -q -y --force-yes install openswan
51+
8152
#vmware tools
8253
apt-get --no-install-recommends -q -y --force-yes install open-vm-tools
8354
#xenstore utils
8455
apt-get --no-install-recommends -q -y --force-yes install xenstore-utils libxenstore3.0
85-
#keepalived and conntrackd
56+
#keepalived and conntrackd for redundant router
8657
apt-get --no-install-recommends -q -y --force-yes install keepalived conntrackd ipvsadm libnetfilter-conntrack3 libnl1
8758
#ipcalc
8859
apt-get --no-install-recommends -q -y --force-yes install ipcalc
8960
#java
9061
apt-get --no-install-recommends -q -y --force-yes install default-jre-headless
9162

63+
echo "iptables-persistent iptables-persistent/autosave_v4 boolean true" | debconf-set-selections
64+
echo "iptables-persistent iptables-persistent/autosave_v6 boolean true" | debconf-set-selections
65+
apt-get --no-install-recommends -q -y --force-yes install iptables-persistent
66+
}
67+
68+
setup_accounts() {
9269
# Setup sudo to allow no-password sudo for "admin"
9370
groupadd -r admin
94-
usermod -a -G admin cloud
95-
echo "root:password" | chpasswd
71+
#create a 'cloud' user
72+
useradd -G admin cloud
73+
echo "root:$ROOTPW" | chpasswd
74+
echo "cloud:`openssl rand -base64 32`" | chpasswd
9675
sed -i -e '/Defaults\s\+env_reset/a Defaults\texempt_group=admin' /etc/sudoers
9776
sed -i -e 's/%admin ALL=(ALL) ALL/%admin ALL=NOPASSWD:ALL/g' /etc/sudoers
98-
99-
mkdir /home/cloud/.ssh
77+
# Disable password based authentication via ssh, this will take effect on next reboot
78+
sed -i -e 's/^.*PasswordAuthentication .*$/PasswordAuthentication no/g' /etc/ssh/sshd_config
79+
# Secure ~/.ssh
80+
mkdir -p /home/cloud/.ssh
10081
chmod 700 /home/cloud/.ssh
101-
10282
}
10383

104-
cleanup() {
105-
# Clean up
106-
apt-get -y remove linux-headers-$(uname -r) build-essential
107-
apt-get -y autoremove
84+
fix_nameserver() {
85+
#replace /etc/resolv.conf also
86+
cat > /etc/resolv.conf << EOF
87+
nameserver 8.8.8.8
88+
nameserver 4.4.4.4
89+
EOF
10890

109-
# Removing leftover leases and persistent rules
110-
echo "cleaning up dhcp leases"
111-
rm /var/lib/dhcp/*
91+
}
11292

113-
# Make sure Udev doesn't block our network
114-
echo "cleaning up udev rules"
115-
rm /etc/udev/rules.d/70-persistent-net.rules
116-
mkdir /etc/udev/rules.d/70-persistent-net.rules
117-
rm -rf /dev/.udev/
118-
rm /lib/udev/rules.d/75-persistent-net-generator.rules
93+
do_fixes() {
94+
#fix hostname in openssh-server generated keys
95+
sed -i "s/root@\(.*\)$/root@$HOSTNAME/g" /etc/ssh/ssh_host_*.pub
96+
#fix hostname to override one provided by dhcp during vm build
97+
echo "$HOSTNAME" > /etc/hostname
98+
hostname $HOSTNAME
99+
#delete entry in /etc/hosts derived from dhcp
100+
sed -i '/127.0.1.1/d' /etc/hosts
101+
102+
fix_nameserver
103+
}
119104

120-
echo "Adding a 2 sec delay to the interface up, to make the dhclient happy"
121-
echo "pre-up sleep 2" >> /etc/network/interfaces
105+
configure_apache2() {
106+
#enable ssl, rewrite and auth
107+
a2enmod ssl rewrite auth_basic auth_digest
108+
a2ensite default-ssl
109+
#backup stock apache configuration since we may modify it in Secondary Storage VM
110+
cp /etc/apache2/sites-available/default /etc/apache2/sites-available/default.orig
111+
cp /etc/apache2/sites-available/default-ssl /etc/apache2/sites-available/default-ssl.orig
122112
}
123113

124-
finalize() {
125-
# Zero out the free space to save space in the final image:
126-
dd if=/dev/zero of=/EMPTY bs=1M
127-
rm -f /EMPTY
114+
configure_services() {
115+
mkdir -p /var/www/html
116+
mkdir -p /opt/cloud/bin
117+
mkdir -p /var/cache/cloud
118+
mkdir -p /usr/share/cloud
119+
mkdir -p /usr/local/cloud
120+
mkdir -p /root/.ssh
121+
#Fix haproxy directory issue
122+
mkdir -p /var/lib/haproxy
123+
124+
wget 'https://git-wip-us.apache.org/repos/asf?p=incubator-cloudstack.git;a=blob_plain;f=patches/systemvm/debian/config/etc/init.d/cloud-early-config;hb=HEAD' -O /etc/init.d/cloud-early-config
125+
chkconfig --add cloud-early-config
126+
chkconfig cloud-early-config on
127+
wget 'https://git-wip-us.apache.org/repos/asf?p=incubator-cloudstack.git;a=blob_plain;f=patches/systemvm/debian/config/etc/init.d/cloud-passwd-srvr;hb=HEAD' -O /etc/init.d/cloud-passwd-srvr
128+
chkconfig --add cloud-passwd-srvr
129+
chkconfig cloud-passwd-srvr off
130+
wget 'https://git-wip-us.apache.org/repos/asf?p=incubator-cloudstack.git;a=blob_plain;f=patches/systemvm/debian/config/etc/init.d/cloud;hb=HEAD' -O /etc/init.d/cloud
131+
chkconfig --add cloud
132+
chkconfig cloud off
133+
chkconfig monit off
134+
chkconfig xl2tpd off
128135
}
129136

137+
do_signature() {
138+
mkdir -p /var/cache/cloud/
139+
touch /var/cache/cloud/cloud-scripts-signature
140+
#FIXME: signature should be generated from scripts package that can get updated
141+
echo "Cloudstack Release $CLOUDSTACK_RELEASE $(date)" > /etc/cloudstack-release
142+
}
130143

131-
echo "*************STARTING POSTINST SCRIPT********************"
132144
begin=$(date +%s)
133145

134-
echo "*************INITIALIZING BASE SYSTEM********************"
135-
init
136-
137146
echo "*************INSTALLING PACKAGES********************"
138147
install_packages
139-
140-
echo "*************CLEANING UP********************"
141-
cleanup
142-
143-
echo "*************FINALIZING IMAGE********************"
144-
finalize
148+
echo "*************DONE INSTALLING PACKAGES********************"
149+
setup_accounts
150+
configure_apache2
151+
configure_services
152+
do_fixes
153+
do_signature
145154

146155
fin=$(date +%s)
147156
t=$((fin-begin))

tools/appliance/definitions/systemvmtemplate/zerodisk.sh

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,3 +4,6 @@ rm -f /root/*
44
# Zero out the free space to save space in the final image:
55
dd if=/dev/zero of=/EMPTY bs=1M
66
rm -f /EMPTY
7+
8+
# Shutdown the appliance, now export it to required image format
9+
shutdown -h now

0 commit comments

Comments
 (0)