Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
post-install for a debian wheezy lxc container that installs stuff necessary for a systemvm
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
set -x
ROOTPW=password
HOSTNAME=systemvm
CLOUDSTACK_RELEASE=4.4.0
add_backports () {
sed -i '/backports/d' /etc/apt/sources.list
echo 'deb http://http.us.debian.org/debian wheezy-backports main' >> /etc/apt/sources.list
apt-get update
}
install_packages() {
DEBIAN_FRONTEND=noninteractive
DEBIAN_PRIORITY=critical
# Basic packages
apt-get --no-install-recommends -q -y --force-yes install rsyslog logrotate cron chkconfig insserv net-tools ifupdown vim-tiny netbase iptables
apt-get --no-install-recommends -q -y --force-yes install openssh-server openssl e2fsprogs dhcp3-client tcpdump socat wget
apt-get --no-install-recommends -q -y --force-yes install python bzip2 sed gawk diffutils grep gzip less tar telnet ftp rsync traceroute psmisc lsof procps inetutils-ping iputils-arping httping
apt-get --no-install-recommends -q -y --force-yes install dnsutils zip unzip ethtool uuid file iproute virt-what sudo
# sysstat
echo 'sysstat sysstat/enable boolean true' | debconf-set-selections
apt-get --no-install-recommends -q -y --force-yes install sysstat
# apache
apt-get --no-install-recommends -q -y --force-yes install apache2 ssl-cert
# dnsmasq
apt-get --no-install-recommends -q -y --force-yes install dnsmasq dnsmasq-utils
# nfs client
apt-get --no-install-recommends -q -y --force-yes install nfs-common
# vpn stuff
apt-get --no-install-recommends -q -y --force-yes install xl2tpd bcrelay ppp ipsec-tools tdb-tools
echo "openswan openswan/install_x509_certificate boolean false" | debconf-set-selections
echo "openswan openswan/install_x509_certificate seen true" | debconf-set-selections
apt-get --no-install-recommends -q -y --force-yes install openswan
# keepalived and conntrackd for redundant router
apt-get --no-install-recommends -q -y --force-yes install keepalived conntrackd ipvsadm libnetfilter-conntrack3 libnl1
# ipcalc
apt-get --no-install-recommends -q -y --force-yes install ipcalc
apt-get update
# java
apt-get --no-install-recommends -q -y --force-yes install openjdk-7-jre-headless
echo "iptables-persistent iptables-persistent/autosave_v4 boolean true" | debconf-set-selections
echo "iptables-persistent iptables-persistent/autosave_v6 boolean true" | debconf-set-selections
apt-get --no-install-recommends -q -y --force-yes install iptables-persistent
apt-get --no-install-recommends -q -y --force-yes install haproxy
#32 bit architecture support:: not required for 32 bit template
dpkg --add-architecture i386
apt-get update
apt-get --no-install-recommends -q -y --force-yes install links:i386 libuuid1:i386
apt-get --no-install-recommends -q -y --force-yes install radvd
}
setup_accounts() {
# Setup sudo to allow no-password sudo for "admin"
groupadd -r admin
# Create a 'cloud' user if it's not there
id cloud
if [[ $? -ne 0 ]]
then
useradd -G admin cloud
else
usermod -a -G admin cloud
fi
echo "root:$ROOTPW" | chpasswd
echo "cloud:`openssl rand -base64 32`" | chpasswd
sed -i -e '/Defaults\s\+env_reset/a Defaults\texempt_group=admin' /etc/sudoers
sed -i -e 's/%admin ALL=(ALL) ALL/%admin ALL=NOPASSWD:/bin/chmod, /bin/cp, /bin/mkdir, /bin/mount, /bin/umount/g' /etc/sudoers
# Disable password based authentication via ssh, this will take effect on next reboot
sed -i -e 's/^.*PasswordAuthentication .*$/PasswordAuthentication no/g' /etc/ssh/sshd_config
# Secure ~/.ssh
mkdir -p /home/cloud/.ssh
chmod 700 /home/cloud/.ssh
}
fix_nameserver() {
# Replace /etc/resolv.conf also
cat > /etc/resolv.conf << EOF
nameserver 8.8.8.8
nameserver 8.8.4.4
EOF
}
fix_hostname() {
# Fix hostname in openssh-server generated keys
sed -i "s/root@\(.*\)$/root@$HOSTNAME/g" /etc/ssh/ssh_host_*.pub
# Fix hostname to override one provided by dhcp during vm build
echo "$HOSTNAME" > /etc/hostname
hostname $HOSTNAME
# Delete entry in /etc/hosts derived from dhcp
sed -i '/127.0.1.1/d' /etc/hosts
}
fix_locale() {
cat >> /etc/default/locale << EOF
LANG=en_US.UTF-8
LC_ALL=en_US.UTF-8
EOF
cat >> /etc/locale.gen << EOF
en_US.UTF-8 UTF-8
EOF
locale-gen en_US.UTF-8
}
do_fixes() {
fix_nameserver
fix_hostname
fix_locale
}
configure_apache2() {
# Enable ssl, rewrite and auth
a2enmod ssl rewrite auth_basic auth_digest
a2ensite default-ssl
# Backup stock apache configuration since we may modify it in Secondary Storage VM
cp /etc/apache2/sites-available/default /etc/apache2/sites-available/default.orig
cp /etc/apache2/sites-available/default-ssl /etc/apache2/sites-available/default-ssl.orig
}
configure_services() {
mkdir -p /var/www/html
mkdir -p /opt/cloud/bin
mkdir -p /var/cache/cloud
mkdir -p /usr/share/cloud
mkdir -p /usr/local/cloud
mkdir -p /root/.ssh
# Fix haproxy directory issue
mkdir -p /var/lib/haproxy
# Get config files from master
snapshot_url="https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=snapshot;h=HEAD;sf=tgz"
snapshot_dir="/opt/cloudstack*"
cd /opt
wget --no-check-certificate $snapshot_url -O cloudstack.tar.gz
tar -zxvf cloudstack.tar.gz --wildcards 'cloudstack-HEAD-???????/systemvm'
cp -rv $snapshot_dir/systemvm/patches/debian/config/* /
cp -rv $snapshot_dir/systemvm/patches/debian/vpn/* /
mkdir -p /usr/share/cloud/
cd $snapshot_dir/systemvm/patches/debian/config
tar -cvf /usr/share/cloud/cloud-scripts.tar *
cd $snapshot_dir/systemvm/patches/debian/vpn
tar -rvf /usr/share/cloud/cloud-scripts.tar *
cd /opt
rm -fr $snapshot_dir cloudstack.tar.gz
chkconfig --add cloud-early-config
chkconfig cloud-early-config on
chkconfig --add cloud-passwd-srvr
chkconfig cloud-passwd-srvr off
chkconfig --add cloud
chkconfig cloud off
chkconfig xl2tpd off
chkconfig radvd off
}
do_signature() {
mkdir -p /var/cache/cloud/
gzip -c /usr/share/cloud/cloud-scripts.tar > /usr/share/cloud/cloud-scripts.tgz
md5sum /usr/share/cloud/cloud-scripts.tgz | awk '{print $1}' > /var/cache/cloud/cloud-scripts-signature
echo "Cloudstack Release $CLOUDSTACK_RELEASE $(date)" > /etc/cloudstack-release
}
begin=$(date +%s)
echo "*************ADDING BACKPORTS********************"
add_backports
echo "*************INSTALLING PACKAGES********************"
install_packages
echo "*************DONE INSTALLING PACKAGES********************"
setup_accounts
echo "*************DONE ACCOUNT SETUP********************"
configure_services
configure_apache2
echo "*************DONE SETTING UP SERVICES********************"
do_fixes
echo "*************DONE FIXING CONFIGURATION********************"
do_signature
fin=$(date +%s)
t=$((fin-begin))
echo "Signed systemvm build, finished building systemvm appliance in $t seconds"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.