You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by bh...@apache.org on 2013/02/12 13:59:44 UTC
git commit: refs/heads/master - CLOUDSTACK-1066: Fix FIXMEs,
rename script to postinstall.sh
Updated Branches:
refs/heads/master 4b268c4ae -> 98c0a4fb9
CLOUDSTACK-1066: Fix FIXMEs, rename script to postinstall.sh
Signed-off-by: Rohit Yadav <bh...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/98c0a4fb
Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/98c0a4fb
Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/98c0a4fb
Branch: refs/heads/master
Commit: 98c0a4fb9d242e2ffd5f3b6554cea034946a55cf
Parents: 4b268c4
Author: Rohit Yadav <bh...@apache.org>
Authored: Tue Feb 12 18:28:55 2013 +0530
Committer: Rohit Yadav <bh...@apache.org>
Committed: Tue Feb 12 18:28:55 2013 +0530
----------------------------------------------------------------------
.../systemvmtemplate/cloudstack-packages.sh | 158 --------------
.../definitions/systemvmtemplate/definition.rb | 2 +-
.../definitions/systemvmtemplate/postinstall.sh | 161 ++++++++-------
.../definitions/systemvmtemplate/zerodisk.sh | 3 +
4 files changed, 89 insertions(+), 235 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/98c0a4fb/tools/appliance/definitions/systemvmtemplate/cloudstack-packages.sh
----------------------------------------------------------------------
diff --git a/tools/appliance/definitions/systemvmtemplate/cloudstack-packages.sh b/tools/appliance/definitions/systemvmtemplate/cloudstack-packages.sh
deleted file mode 100644
index 320a515..0000000
--- a/tools/appliance/definitions/systemvmtemplate/cloudstack-packages.sh
+++ /dev/null
@@ -1,158 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-
-ROOTPW=password
-HOSTNAME=systemvm
-CLOUDSTACK_RELEASE=4.2.0
-
-
-install_packages() {
- DEBIAN_FRONTEND=noninteractive
- DEBIAN_PRIORITY=critical
-
- #basic stuff
- apt-get --no-install-recommends -q -y --force-yes install rsyslog logrotate cron chkconfig insserv net-tools ifupdown vim-tiny netbase iptables
- apt-get --no-install-recommends -q -y --force-yes install openssh-server openssl grub-legacy e2fsprogs dhcp3-client dnsmasq tcpdump socat wget
- apt-get --no-install-recommends -q -y --force-yes install python bzip2 sed gawk diffutils grep gzip less tar telnet ftp rsync traceroute psmisc lsof procps monit inetutils-ping iputils-arping httping
- apt-get --no-install-recommends -q -y --force-yes install dnsutils zip unzip ethtool uuid file iproute acpid virt-what sudo
-
- #sysstat
- echo 'sysstat sysstat/enable boolean true' | debconf-set-selections
- apt-get --no-install-recommends -q -y --force-yes install sysstat
- #apache
- apt-get --no-install-recommends -q -y --force-yes install apache2 ssl-cert
- #haproxy
- apt-get --no-install-recommends -q -y --force-yes install haproxy
- #dnsmasq
- apt-get --no-install-recommends -q -y --force-yes install dnsmasq
- #nfs client
- apt-get --no-install-recommends -q -y --force-yes install nfs-common
-
- #vpn stuff
- apt-get --no-install-recommends -q -y --force-yes install xl2tpd bcrelay ppp ipsec-tools tdb-tools
- echo "openswan openswan/install_x509_certificate boolean false" | debconf-set-selections
- echo "openswan openswan/install_x509_certificate seen true" | debconf-set-selections
- apt-get --no-install-recommends -q -y --force-yes install openswan
-
- #vmware tools
- apt-get --no-install-recommends -q -y --force-yes install open-vm-tools
- #xenstore utils
- apt-get --no-install-recommends -q -y --force-yes install xenstore-utils libxenstore3.0
- #keepalived and conntrackd for redundant router
- apt-get --no-install-recommends -q -y --force-yes install keepalived conntrackd ipvsadm libnetfilter-conntrack3 libnl1
- #ipcalc
- apt-get --no-install-recommends -q -y --force-yes install ipcalc
- #java
- apt-get --no-install-recommends -q -y --force-yes install default-jre-headless
-
- echo "iptables-persistent iptables-persistent/autosave_v4 boolean true" | debconf-set-selections
- echo "iptables-persistent iptables-persistent/autosave_v6 boolean true" | debconf-set-selections
- apt-get --no-install-recommends -q -y --force-yes install iptables-persistent
-}
-
-setup_accounts() {
- # Setup sudo to allow no-password sudo for "admin"
- groupadd -r admin
- #create a 'cloud' user
- useradd -G admin cloud
- echo "root:$ROOTPW" | chpasswd
- echo "cloud:`openssl rand -base64 32`" | chpasswd
- #FIXME: disable password auth in sshd (final step, after veewee is done)
- #echo "cloud:password" | chpasswd
- sed -i -e '/Defaults\s\+env_reset/a Defaults\texempt_group=admin' /etc/sudoers
- sed -i -e 's/%admin ALL=(ALL) ALL/%admin ALL=NOPASSWD:ALL/g' /etc/sudoers
-
- mkdir -p /home/cloud/.ssh
- chmod 700 /home/cloud/.ssh
-}
-
-fix_nameserver() {
- #replace /etc/resolv.conf also
- cat > /etc/resolv.conf << EOF
-nameserver 8.8.8.8
-nameserver 4.4.4.4
-EOF
-
-}
-
-do_fixes() {
- #fix hostname in openssh-server generated keys
- sed -i "s/root@\(.*\)$/root@$HOSTNAME/g" /etc/ssh/ssh_host_*.pub
- #fix hostname to override one provided by dhcp during vm build
- echo "$HOSTNAME" > /etc/hostname
- hostname $HOSTNAME
- #delete entry in /etc/hosts derived from dhcp
- sed -i '/127.0.1.1/d' /etc/hosts
-
- #fix_nameserver FIXME needed after veewee finishes
-}
-
-configure_apache2() {
- #enable ssl, rewrite and auth
- a2enmod ssl rewrite auth_basic auth_digest
- a2ensite default-ssl
- #backup stock apache configuration since we may modify it in Secondary Storage VM
- cp /etc/apache2/sites-available/default /etc/apache2/sites-available/default.orig
- cp /etc/apache2/sites-available/default-ssl /etc/apache2/sites-available/default-ssl.orig
-}
-
-configure_services() {
- mkdir -p /var/www/html
- mkdir -p /opt/cloud/bin
- mkdir -p /var/cache/cloud
- mkdir -p /usr/share/cloud
- mkdir -p /usr/local/cloud
- mkdir -p /root/.ssh
- #Fix haproxy directory issue
- mkdir -p /var/lib/haproxy
-
- wget 'https://git-wip-us.apache.org/repos/asf?p=incubator-cloudstack.git;a=blob_plain;f=patches/systemvm/debian/config/etc/init.d/cloud-early-config;hb=HEAD' -O /etc/init.d/cloud-early-config
- chkconfig --add cloud-early-config
- chkconfig cloud-early-config on
- wget 'https://git-wip-us.apache.org/repos/asf?p=incubator-cloudstack.git;a=blob_plain;f=patches/systemvm/debian/config/etc/init.d/cloud-passwd-srvr;hb=HEAD' -O /etc/init.d/cloud-passwd-srvr
- chkconfig --add cloud-passwd-srvr
- chkconfig cloud-passwd-srvr off
- wget 'https://git-wip-us.apache.org/repos/asf?p=incubator-cloudstack.git;a=blob_plain;f=patches/systemvm/debian/config/etc/init.d/cloud;hb=HEAD' -O /etc/init.d/cloud
- chkconfig --add cloud
- chkconfig cloud off
- chkconfig monit off
- chkconfig xl2tpd off
-}
-
-do_signature() {
- mkdir -p /var/cache/cloud/
- touch /var/cache/cloud/cloud-scripts-signature
- #FIXME: signature should be generated from scripts package that can get updated
- echo "Cloudstack Release $CLOUDSTACK_RELEASE $(date)" > /etc/cloudstack-release
-}
-
-begin=$(date +%s)
-
-echo "*************INSTALLING PACKAGES********************"
-install_packages
-echo "*************DONE INSTALLING PACKAGES********************"
-setup_accounts
-configure_apache2
-configure_services
-do_fixes
-do_signature
-
-fin=$(date +%s)
-t=$((fin-begin))
-
-echo "Finished building systemvm appliance in $t seconds"
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/98c0a4fb/tools/appliance/definitions/systemvmtemplate/definition.rb
----------------------------------------------------------------------
diff --git a/tools/appliance/definitions/systemvmtemplate/definition.rb b/tools/appliance/definitions/systemvmtemplate/definition.rb
index 86f5555..a839182 100644
--- a/tools/appliance/definitions/systemvmtemplate/definition.rb
+++ b/tools/appliance/definitions/systemvmtemplate/definition.rb
@@ -37,7 +37,7 @@ Veewee::Definition.declare({
:shutdown_cmd => "halt -p",
:postinstall_files => [
"base.sh",
- "cloudstack-packages.sh",
+ "postinstall.sh",
"cleanup.sh",
"zerodisk.sh"
],
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/98c0a4fb/tools/appliance/definitions/systemvmtemplate/postinstall.sh
----------------------------------------------------------------------
diff --git a/tools/appliance/definitions/systemvmtemplate/postinstall.sh b/tools/appliance/definitions/systemvmtemplate/postinstall.sh
index 4006432..97de81a 100644
--- a/tools/appliance/definitions/systemvmtemplate/postinstall.sh
+++ b/tools/appliance/definitions/systemvmtemplate/postinstall.sh
@@ -15,55 +15,21 @@
# specific language governing permissions and limitations
# under the License.
-set -e
set -x
-IMAGENAME=systemvm
-LOCATION=/var/lib/images/systemvm
-PASSWORD=password
+ROOTPW=password
HOSTNAME=systemvm
-SIZE=2048
-DEBIAN_MIRROR=ftp.us.debian.org/debian
-MINIMIZE=true
-CLOUDSTACK_RELEASE=4.1.0
-
-init() {
- # Update the box
- apt-get -y update
- apt-get -y install linux-headers-$(uname -r) build-essential
- apt-get -y install zlib1g-dev libssl-dev libreadline-gplv2-dev
- apt-get -y install curl unzip
- apt-get clean
-
- # Set up sudo
- echo 'vagrant ALL=NOPASSWD:ALL' > /etc/sudoers.d/vagrant
-
- # Tweak sshd to prevent DNS resolution (speed up logins)
- echo 'UseDNS no' >> /etc/ssh/sshd_config
-
- # Remove 5s grub timeout to speed up booting
- echo <<EOF > /etc/default/grub
-# If you change this file, run 'update-grub' afterwards to update
-# /boot/grub/grub.cfg.
-
-GRUB_DEFAULT=0
-GRUB_TIMEOUT=0
-GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
-GRUB_CMDLINE_LINUX_DEFAULT="quiet"
-GRUB_CMDLINE_LINUX="debian-installer=en_US"
-EOF
-
- update-grub
-}
+CLOUDSTACK_RELEASE=4.2.0
install_packages() {
DEBIAN_FRONTEND=noninteractive
DEBIAN_PRIORITY=critical
#basic stuff
- apt-get --no-install-recommends -q -y --force-yes install rsyslog logrotate cron chkconfig insserv net-tools ifupdown vim-tiny netbase iptables openssh-server grub-legacy e2fsprogs dhcp3-client dnsmasq tcpdump socat wget python bzip2 sed gawk diff grep gzip less tar telnet ftp rsync traceroute psmisc lsof procps monit inetutils-ping iputils-arping httping dnsutils zip unzip ethtool uuid file iproute acpid iptables-persistent virt-what sudo
- #fix hostname in openssh-server generated keys
- sed -i "s/root@\(.*\)$/root@systemvm/g" etc/ssh/ssh_host_*.pub
+ apt-get --no-install-recommends -q -y --force-yes install rsyslog logrotate cron chkconfig insserv net-tools ifupdown vim-tiny netbase iptables
+ apt-get --no-install-recommends -q -y --force-yes install openssh-server openssl grub-legacy e2fsprogs dhcp3-client dnsmasq tcpdump socat wget
+ apt-get --no-install-recommends -q -y --force-yes install python bzip2 sed gawk diffutils grep gzip less tar telnet ftp rsync traceroute psmisc lsof procps monit inetutils-ping iputils-arping httping
+ apt-get --no-install-recommends -q -y --force-yes install dnsutils zip unzip ethtool uuid file iproute acpid virt-what sudo
#sysstat
echo 'sysstat sysstat/enable boolean true' | debconf-set-selections
@@ -76,72 +42,115 @@ install_packages() {
apt-get --no-install-recommends -q -y --force-yes install dnsmasq
#nfs client
apt-get --no-install-recommends -q -y --force-yes install nfs-common
+
#vpn stuff
- apt-get --no-install-recommends -q -y --force-yes install xl2tpd openswan bcrelay ppp ipsec-tools tdb-tools
+ apt-get --no-install-recommends -q -y --force-yes install xl2tpd bcrelay ppp ipsec-tools tdb-tools
+ echo "openswan openswan/install_x509_certificate boolean false" | debconf-set-selections
+ echo "openswan openswan/install_x509_certificate seen true" | debconf-set-selections
+ apt-get --no-install-recommends -q -y --force-yes install openswan
+
#vmware tools
apt-get --no-install-recommends -q -y --force-yes install open-vm-tools
#xenstore utils
apt-get --no-install-recommends -q -y --force-yes install xenstore-utils libxenstore3.0
- #keepalived and conntrackd
+ #keepalived and conntrackd for redundant router
apt-get --no-install-recommends -q -y --force-yes install keepalived conntrackd ipvsadm libnetfilter-conntrack3 libnl1
#ipcalc
apt-get --no-install-recommends -q -y --force-yes install ipcalc
#java
apt-get --no-install-recommends -q -y --force-yes install default-jre-headless
+ echo "iptables-persistent iptables-persistent/autosave_v4 boolean true" | debconf-set-selections
+ echo "iptables-persistent iptables-persistent/autosave_v6 boolean true" | debconf-set-selections
+ apt-get --no-install-recommends -q -y --force-yes install iptables-persistent
+}
+
+setup_accounts() {
# Setup sudo to allow no-password sudo for "admin"
groupadd -r admin
- usermod -a -G admin cloud
- echo "root:password" | chpasswd
+ #create a 'cloud' user
+ useradd -G admin cloud
+ echo "root:$ROOTPW" | chpasswd
+ echo "cloud:`openssl rand -base64 32`" | chpasswd
sed -i -e '/Defaults\s\+env_reset/a Defaults\texempt_group=admin' /etc/sudoers
sed -i -e 's/%admin ALL=(ALL) ALL/%admin ALL=NOPASSWD:ALL/g' /etc/sudoers
-
- mkdir /home/cloud/.ssh
+ # Disable password based authentication via ssh, this will take effect on next reboot
+ sed -i -e 's/^.*PasswordAuthentication .*$/PasswordAuthentication no/g' /etc/ssh/sshd_config
+ # Secure ~/.ssh
+ mkdir -p /home/cloud/.ssh
chmod 700 /home/cloud/.ssh
-
}
-cleanup() {
- # Clean up
- apt-get -y remove linux-headers-$(uname -r) build-essential
- apt-get -y autoremove
+fix_nameserver() {
+ #replace /etc/resolv.conf also
+ cat > /etc/resolv.conf << EOF
+nameserver 8.8.8.8
+nameserver 4.4.4.4
+EOF
- # Removing leftover leases and persistent rules
- echo "cleaning up dhcp leases"
- rm /var/lib/dhcp/*
+}
- # Make sure Udev doesn't block our network
- echo "cleaning up udev rules"
- rm /etc/udev/rules.d/70-persistent-net.rules
- mkdir /etc/udev/rules.d/70-persistent-net.rules
- rm -rf /dev/.udev/
- rm /lib/udev/rules.d/75-persistent-net-generator.rules
+do_fixes() {
+ #fix hostname in openssh-server generated keys
+ sed -i "s/root@\(.*\)$/root@$HOSTNAME/g" /etc/ssh/ssh_host_*.pub
+ #fix hostname to override one provided by dhcp during vm build
+ echo "$HOSTNAME" > /etc/hostname
+ hostname $HOSTNAME
+ #delete entry in /etc/hosts derived from dhcp
+ sed -i '/127.0.1.1/d' /etc/hosts
+
+ fix_nameserver
+}
- echo "Adding a 2 sec delay to the interface up, to make the dhclient happy"
- echo "pre-up sleep 2" >> /etc/network/interfaces
+configure_apache2() {
+ #enable ssl, rewrite and auth
+ a2enmod ssl rewrite auth_basic auth_digest
+ a2ensite default-ssl
+ #backup stock apache configuration since we may modify it in Secondary Storage VM
+ cp /etc/apache2/sites-available/default /etc/apache2/sites-available/default.orig
+ cp /etc/apache2/sites-available/default-ssl /etc/apache2/sites-available/default-ssl.orig
}
-finalize() {
- # Zero out the free space to save space in the final image:
- dd if=/dev/zero of=/EMPTY bs=1M
- rm -f /EMPTY
+configure_services() {
+ mkdir -p /var/www/html
+ mkdir -p /opt/cloud/bin
+ mkdir -p /var/cache/cloud
+ mkdir -p /usr/share/cloud
+ mkdir -p /usr/local/cloud
+ mkdir -p /root/.ssh
+ #Fix haproxy directory issue
+ mkdir -p /var/lib/haproxy
+
+ wget 'https://git-wip-us.apache.org/repos/asf?p=incubator-cloudstack.git;a=blob_plain;f=patches/systemvm/debian/config/etc/init.d/cloud-early-config;hb=HEAD' -O /etc/init.d/cloud-early-config
+ chkconfig --add cloud-early-config
+ chkconfig cloud-early-config on
+ wget 'https://git-wip-us.apache.org/repos/asf?p=incubator-cloudstack.git;a=blob_plain;f=patches/systemvm/debian/config/etc/init.d/cloud-passwd-srvr;hb=HEAD' -O /etc/init.d/cloud-passwd-srvr
+ chkconfig --add cloud-passwd-srvr
+ chkconfig cloud-passwd-srvr off
+ wget 'https://git-wip-us.apache.org/repos/asf?p=incubator-cloudstack.git;a=blob_plain;f=patches/systemvm/debian/config/etc/init.d/cloud;hb=HEAD' -O /etc/init.d/cloud
+ chkconfig --add cloud
+ chkconfig cloud off
+ chkconfig monit off
+ chkconfig xl2tpd off
}
+do_signature() {
+ mkdir -p /var/cache/cloud/
+ touch /var/cache/cloud/cloud-scripts-signature
+ #FIXME: signature should be generated from scripts package that can get updated
+ echo "Cloudstack Release $CLOUDSTACK_RELEASE $(date)" > /etc/cloudstack-release
+}
-echo "*************STARTING POSTINST SCRIPT********************"
begin=$(date +%s)
-echo "*************INITIALIZING BASE SYSTEM********************"
-init
-
echo "*************INSTALLING PACKAGES********************"
install_packages
-
-echo "*************CLEANING UP********************"
-cleanup
-
-echo "*************FINALIZING IMAGE********************"
-finalize
+echo "*************DONE INSTALLING PACKAGES********************"
+setup_accounts
+configure_apache2
+configure_services
+do_fixes
+do_signature
fin=$(date +%s)
t=$((fin-begin))
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/98c0a4fb/tools/appliance/definitions/systemvmtemplate/zerodisk.sh
----------------------------------------------------------------------
diff --git a/tools/appliance/definitions/systemvmtemplate/zerodisk.sh b/tools/appliance/definitions/systemvmtemplate/zerodisk.sh
index 43a8647..6ad4205 100644
--- a/tools/appliance/definitions/systemvmtemplate/zerodisk.sh
+++ b/tools/appliance/definitions/systemvmtemplate/zerodisk.sh
@@ -4,3 +4,6 @@ rm -f /root/*
# Zero out the free space to save space in the final image:
dd if=/dev/zero of=/EMPTY bs=1M
rm -f /EMPTY
+
+# Shutdown the appliance, now export it to required image format
+shutdown -h now