1515# specific language governing permissions and limitations
1616# under the License.
1717
18- set -e
1918set -x
2019
21- IMAGENAME=systemvm
22- LOCATION=/var/lib/images/systemvm
23- PASSWORD=password
20+ ROOTPW=password
2421HOSTNAME=systemvm
25- SIZE=2048
26- DEBIAN_MIRROR=ftp.us.debian.org/debian
27- MINIMIZE=true
28- CLOUDSTACK_RELEASE=4.1.0
29-
30- init () {
31- # Update the box
32- apt-get -y update
33- apt-get -y install linux-headers-$( uname -r) build-essential
34- apt-get -y install zlib1g-dev libssl-dev libreadline-gplv2-dev
35- apt-get -y install curl unzip
36- apt-get clean
37-
38- # Set up sudo
39- echo ' vagrant ALL=NOPASSWD:ALL' > /etc/sudoers.d/vagrant
40-
41- # Tweak sshd to prevent DNS resolution (speed up logins)
42- echo ' UseDNS no' >> /etc/ssh/sshd_config
43-
44- # Remove 5s grub timeout to speed up booting
45- echo << EOF > /etc/default/grub
46- # If you change this file, run 'update-grub' afterwards to update
47- # /boot/grub/grub.cfg.
48-
49- GRUB_DEFAULT=0
50- GRUB_TIMEOUT=0
51- GRUB_DISTRIBUTOR=` lsb_release -i -s 2> /dev/null || echo Debian`
52- GRUB_CMDLINE_LINUX_DEFAULT="quiet"
53- GRUB_CMDLINE_LINUX="debian-installer=en_US"
54- EOF
55-
56- update-grub
57- }
22+ CLOUDSTACK_RELEASE=4.2.0
5823
5924install_packages () {
6025 DEBIAN_FRONTEND=noninteractive
6126 DEBIAN_PRIORITY=critical
6227
6328 # basic stuff
64- apt-get --no-install-recommends -q -y --force-yes install rsyslog logrotate cron chkconfig insserv net-tools ifupdown vim-tiny netbase iptables openssh-server grub-legacy e2fsprogs dhcp3-client dnsmasq tcpdump socat wget python bzip2 sed gawk diff grep gzip less tar telnet ftp rsync traceroute psmisc lsof procps monit inetutils-ping iputils-arping httping dnsutils zip unzip ethtool uuid file iproute acpid iptables-persistent virt-what sudo
65- # fix hostname in openssh-server generated keys
66- sed -i " s/root@\(.*\)$/root@systemvm/g" etc/ssh/ssh_host_* .pub
29+ apt-get --no-install-recommends -q -y --force-yes install rsyslog logrotate cron chkconfig insserv net-tools ifupdown vim-tiny netbase iptables
30+ apt-get --no-install-recommends -q -y --force-yes install openssh-server openssl grub-legacy e2fsprogs dhcp3-client dnsmasq tcpdump socat wget
31+ apt-get --no-install-recommends -q -y --force-yes install python bzip2 sed gawk diffutils grep gzip less tar telnet ftp rsync traceroute psmisc lsof procps monit inetutils-ping iputils-arping httping
32+ apt-get --no-install-recommends -q -y --force-yes install dnsutils zip unzip ethtool uuid file iproute acpid virt-what sudo
6733
6834 # sysstat
6935 echo ' sysstat sysstat/enable boolean true' | debconf-set-selections
@@ -76,72 +42,115 @@ install_packages() {
7642 apt-get --no-install-recommends -q -y --force-yes install dnsmasq
7743 # nfs client
7844 apt-get --no-install-recommends -q -y --force-yes install nfs-common
45+
7946 # vpn stuff
80- apt-get --no-install-recommends -q -y --force-yes install xl2tpd openswan bcrelay ppp ipsec-tools tdb-tools
47+ apt-get --no-install-recommends -q -y --force-yes install xl2tpd bcrelay ppp ipsec-tools tdb-tools
48+ echo " openswan openswan/install_x509_certificate boolean false" | debconf-set-selections
49+ echo " openswan openswan/install_x509_certificate seen true" | debconf-set-selections
50+ apt-get --no-install-recommends -q -y --force-yes install openswan
51+
8152 # vmware tools
8253 apt-get --no-install-recommends -q -y --force-yes install open-vm-tools
8354 # xenstore utils
8455 apt-get --no-install-recommends -q -y --force-yes install xenstore-utils libxenstore3.0
85- # keepalived and conntrackd
56+ # keepalived and conntrackd for redundant router
8657 apt-get --no-install-recommends -q -y --force-yes install keepalived conntrackd ipvsadm libnetfilter-conntrack3 libnl1
8758 # ipcalc
8859 apt-get --no-install-recommends -q -y --force-yes install ipcalc
8960 # java
9061 apt-get --no-install-recommends -q -y --force-yes install default-jre-headless
9162
63+ echo " iptables-persistent iptables-persistent/autosave_v4 boolean true" | debconf-set-selections
64+ echo " iptables-persistent iptables-persistent/autosave_v6 boolean true" | debconf-set-selections
65+ apt-get --no-install-recommends -q -y --force-yes install iptables-persistent
66+ }
67+
68+ setup_accounts () {
9269 # Setup sudo to allow no-password sudo for "admin"
9370 groupadd -r admin
94- usermod -a -G admin cloud
95- echo " root:password" | chpasswd
71+ # create a 'cloud' user
72+ useradd -G admin cloud
73+ echo " root:$ROOTPW " | chpasswd
74+ echo " cloud:` openssl rand -base64 32` " | chpasswd
9675 sed -i -e ' /Defaults\s\+env_reset/a Defaults\texempt_group=admin' /etc/sudoers
9776 sed -i -e ' s/%admin ALL=(ALL) ALL/%admin ALL=NOPASSWD:ALL/g' /etc/sudoers
98-
99- mkdir /home/cloud/.ssh
77+ # Disable password based authentication via ssh, this will take effect on next reboot
78+ sed -i -e ' s/^.*PasswordAuthentication .*$/PasswordAuthentication no/g' /etc/ssh/sshd_config
79+ # Secure ~/.ssh
80+ mkdir -p /home/cloud/.ssh
10081 chmod 700 /home/cloud/.ssh
101-
10282}
10383
104- cleanup () {
105- # Clean up
106- apt-get -y remove linux-headers-$( uname -r) build-essential
107- apt-get -y autoremove
84+ fix_nameserver () {
85+ # replace /etc/resolv.conf also
86+ cat > /etc/resolv.conf << EOF
87+ nameserver 8.8.8.8
88+ nameserver 4.4.4.4
89+ EOF
10890
109- # Removing leftover leases and persistent rules
110- echo " cleaning up dhcp leases"
111- rm /var/lib/dhcp/*
91+ }
11292
113- # Make sure Udev doesn't block our network
114- echo " cleaning up udev rules"
115- rm /etc/udev/rules.d/70-persistent-net.rules
116- mkdir /etc/udev/rules.d/70-persistent-net.rules
117- rm -rf /dev/.udev/
118- rm /lib/udev/rules.d/75-persistent-net-generator.rules
93+ do_fixes () {
94+ # fix hostname in openssh-server generated keys
95+ sed -i " s/root@\(.*\)$/root@$HOSTNAME /g" /etc/ssh/ssh_host_* .pub
96+ # fix hostname to override one provided by dhcp during vm build
97+ echo " $HOSTNAME " > /etc/hostname
98+ hostname $HOSTNAME
99+ # delete entry in /etc/hosts derived from dhcp
100+ sed -i ' /127.0.1.1/d' /etc/hosts
101+
102+ fix_nameserver
103+ }
119104
120- echo " Adding a 2 sec delay to the interface up, to make the dhclient happy"
121- echo " pre-up sleep 2" >> /etc/network/interfaces
105+ configure_apache2 () {
106+ # enable ssl, rewrite and auth
107+ a2enmod ssl rewrite auth_basic auth_digest
108+ a2ensite default-ssl
109+ # backup stock apache configuration since we may modify it in Secondary Storage VM
110+ cp /etc/apache2/sites-available/default /etc/apache2/sites-available/default.orig
111+ cp /etc/apache2/sites-available/default-ssl /etc/apache2/sites-available/default-ssl.orig
122112}
123113
124- finalize () {
125- # Zero out the free space to save space in the final image:
126- dd if=/dev/zero of=/EMPTY bs=1M
127- rm -f /EMPTY
114+ configure_services () {
115+ mkdir -p /var/www/html
116+ mkdir -p /opt/cloud/bin
117+ mkdir -p /var/cache/cloud
118+ mkdir -p /usr/share/cloud
119+ mkdir -p /usr/local/cloud
120+ mkdir -p /root/.ssh
121+ # Fix haproxy directory issue
122+ mkdir -p /var/lib/haproxy
123+
124+ wget ' https://git-wip-us.apache.org/repos/asf?p=incubator-cloudstack.git;a=blob_plain;f=patches/systemvm/debian/config/etc/init.d/cloud-early-config;hb=HEAD' -O /etc/init.d/cloud-early-config
125+ chkconfig --add cloud-early-config
126+ chkconfig cloud-early-config on
127+ wget ' https://git-wip-us.apache.org/repos/asf?p=incubator-cloudstack.git;a=blob_plain;f=patches/systemvm/debian/config/etc/init.d/cloud-passwd-srvr;hb=HEAD' -O /etc/init.d/cloud-passwd-srvr
128+ chkconfig --add cloud-passwd-srvr
129+ chkconfig cloud-passwd-srvr off
130+ wget ' https://git-wip-us.apache.org/repos/asf?p=incubator-cloudstack.git;a=blob_plain;f=patches/systemvm/debian/config/etc/init.d/cloud;hb=HEAD' -O /etc/init.d/cloud
131+ chkconfig --add cloud
132+ chkconfig cloud off
133+ chkconfig monit off
134+ chkconfig xl2tpd off
128135}
129136
137+ do_signature () {
138+ mkdir -p /var/cache/cloud/
139+ touch /var/cache/cloud/cloud-scripts-signature
140+ # FIXME: signature should be generated from scripts package that can get updated
141+ echo " Cloudstack Release $CLOUDSTACK_RELEASE $( date) " > /etc/cloudstack-release
142+ }
130143
131- echo " *************STARTING POSTINST SCRIPT********************"
132144begin=$( date +%s)
133145
134- echo " *************INITIALIZING BASE SYSTEM********************"
135- init
136-
137146echo " *************INSTALLING PACKAGES********************"
138147install_packages
139-
140- echo " *************CLEANING UP******************** "
141- cleanup
142-
143- echo " *************FINALIZING IMAGE******************** "
144- finalize
148+ echo " *************DONE INSTALLING PACKAGES******************** "
149+ setup_accounts
150+ configure_apache2
151+ configure_services
152+ do_fixes
153+ do_signature
145154
146155fin=$( date +%s)
147156t=$(( fin- begin))
0 commit comments