Created
April 29, 2014 00:48
-
-
Save chiradeep/11388137 to your computer and use it in GitHub Desktop.
post-install for a debian wheezy lxc container that installs stuff necessary for a systemvm
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Licensed to the Apache Software Foundation (ASF) under one | |
# or more contributor license agreements. See the NOTICE file | |
# distributed with this work for additional information | |
# regarding copyright ownership. The ASF licenses this file | |
# to you under the Apache License, Version 2.0 (the | |
# "License"); you may not use this file except in compliance | |
# with the License. You may obtain a copy of the License at | |
# | |
# http://www.apache.org/licenses/LICENSE-2.0 | |
# | |
# Unless required by applicable law or agreed to in writing, | |
# software distributed under the License is distributed on an | |
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | |
# KIND, either express or implied. See the License for the | |
# specific language governing permissions and limitations | |
# under the License. | |
set -x | |
ROOTPW=password | |
HOSTNAME=systemvm | |
CLOUDSTACK_RELEASE=4.4.0 | |
add_backports () { | |
sed -i '/backports/d' /etc/apt/sources.list | |
echo 'deb http://http.us.debian.org/debian wheezy-backports main' >> /etc/apt/sources.list | |
apt-get update | |
} | |
install_packages() { | |
DEBIAN_FRONTEND=noninteractive | |
DEBIAN_PRIORITY=critical | |
# Basic packages | |
apt-get --no-install-recommends -q -y --force-yes install rsyslog logrotate cron chkconfig insserv net-tools ifupdown vim-tiny netbase iptables | |
apt-get --no-install-recommends -q -y --force-yes install openssh-server openssl e2fsprogs dhcp3-client tcpdump socat wget | |
apt-get --no-install-recommends -q -y --force-yes install python bzip2 sed gawk diffutils grep gzip less tar telnet ftp rsync traceroute psmisc lsof procps inetutils-ping iputils-arping httping | |
apt-get --no-install-recommends -q -y --force-yes install dnsutils zip unzip ethtool uuid file iproute virt-what sudo | |
# sysstat | |
echo 'sysstat sysstat/enable boolean true' | debconf-set-selections | |
apt-get --no-install-recommends -q -y --force-yes install sysstat | |
# apache | |
apt-get --no-install-recommends -q -y --force-yes install apache2 ssl-cert | |
# dnsmasq | |
apt-get --no-install-recommends -q -y --force-yes install dnsmasq dnsmasq-utils | |
# nfs client | |
apt-get --no-install-recommends -q -y --force-yes install nfs-common | |
# vpn stuff | |
apt-get --no-install-recommends -q -y --force-yes install xl2tpd bcrelay ppp ipsec-tools tdb-tools | |
echo "openswan openswan/install_x509_certificate boolean false" | debconf-set-selections | |
echo "openswan openswan/install_x509_certificate seen true" | debconf-set-selections | |
apt-get --no-install-recommends -q -y --force-yes install openswan | |
# keepalived and conntrackd for redundant router | |
apt-get --no-install-recommends -q -y --force-yes install keepalived conntrackd ipvsadm libnetfilter-conntrack3 libnl1 | |
# ipcalc | |
apt-get --no-install-recommends -q -y --force-yes install ipcalc | |
apt-get update | |
# java | |
apt-get --no-install-recommends -q -y --force-yes install openjdk-7-jre-headless | |
echo "iptables-persistent iptables-persistent/autosave_v4 boolean true" | debconf-set-selections | |
echo "iptables-persistent iptables-persistent/autosave_v6 boolean true" | debconf-set-selections | |
apt-get --no-install-recommends -q -y --force-yes install iptables-persistent | |
apt-get --no-install-recommends -q -y --force-yes install haproxy | |
#32 bit architecture support:: not required for 32 bit template | |
dpkg --add-architecture i386 | |
apt-get update | |
apt-get --no-install-recommends -q -y --force-yes install links:i386 libuuid1:i386 | |
apt-get --no-install-recommends -q -y --force-yes install radvd | |
} | |
setup_accounts() { | |
# Setup sudo to allow no-password sudo for "admin" | |
groupadd -r admin | |
# Create a 'cloud' user if it's not there | |
id cloud | |
if [[ $? -ne 0 ]] | |
then | |
useradd -G admin cloud | |
else | |
usermod -a -G admin cloud | |
fi | |
echo "root:$ROOTPW" | chpasswd | |
echo "cloud:`openssl rand -base64 32`" | chpasswd | |
sed -i -e '/Defaults\s\+env_reset/a Defaults\texempt_group=admin' /etc/sudoers | |
sed -i -e 's/%admin ALL=(ALL) ALL/%admin ALL=NOPASSWD:/bin/chmod, /bin/cp, /bin/mkdir, /bin/mount, /bin/umount/g' /etc/sudoers | |
# Disable password based authentication via ssh, this will take effect on next reboot | |
sed -i -e 's/^.*PasswordAuthentication .*$/PasswordAuthentication no/g' /etc/ssh/sshd_config | |
# Secure ~/.ssh | |
mkdir -p /home/cloud/.ssh | |
chmod 700 /home/cloud/.ssh | |
} | |
fix_nameserver() { | |
# Replace /etc/resolv.conf also | |
cat > /etc/resolv.conf << EOF | |
nameserver 8.8.8.8 | |
nameserver 8.8.4.4 | |
EOF | |
} | |
fix_hostname() { | |
# Fix hostname in openssh-server generated keys | |
sed -i "s/root@\(.*\)$/root@$HOSTNAME/g" /etc/ssh/ssh_host_*.pub | |
# Fix hostname to override one provided by dhcp during vm build | |
echo "$HOSTNAME" > /etc/hostname | |
hostname $HOSTNAME | |
# Delete entry in /etc/hosts derived from dhcp | |
sed -i '/127.0.1.1/d' /etc/hosts | |
} | |
fix_locale() { | |
cat >> /etc/default/locale << EOF | |
LANG=en_US.UTF-8 | |
LC_ALL=en_US.UTF-8 | |
EOF | |
cat >> /etc/locale.gen << EOF | |
en_US.UTF-8 UTF-8 | |
EOF | |
locale-gen en_US.UTF-8 | |
} | |
do_fixes() { | |
fix_nameserver | |
fix_hostname | |
fix_locale | |
} | |
configure_apache2() { | |
# Enable ssl, rewrite and auth | |
a2enmod ssl rewrite auth_basic auth_digest | |
a2ensite default-ssl | |
# Backup stock apache configuration since we may modify it in Secondary Storage VM | |
cp /etc/apache2/sites-available/default /etc/apache2/sites-available/default.orig | |
cp /etc/apache2/sites-available/default-ssl /etc/apache2/sites-available/default-ssl.orig | |
} | |
configure_services() { | |
mkdir -p /var/www/html | |
mkdir -p /opt/cloud/bin | |
mkdir -p /var/cache/cloud | |
mkdir -p /usr/share/cloud | |
mkdir -p /usr/local/cloud | |
mkdir -p /root/.ssh | |
# Fix haproxy directory issue | |
mkdir -p /var/lib/haproxy | |
# Get config files from master | |
snapshot_url="https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=snapshot;h=HEAD;sf=tgz" | |
snapshot_dir="/opt/cloudstack*" | |
cd /opt | |
wget --no-check-certificate $snapshot_url -O cloudstack.tar.gz | |
tar -zxvf cloudstack.tar.gz --wildcards 'cloudstack-HEAD-???????/systemvm' | |
cp -rv $snapshot_dir/systemvm/patches/debian/config/* / | |
cp -rv $snapshot_dir/systemvm/patches/debian/vpn/* / | |
mkdir -p /usr/share/cloud/ | |
cd $snapshot_dir/systemvm/patches/debian/config | |
tar -cvf /usr/share/cloud/cloud-scripts.tar * | |
cd $snapshot_dir/systemvm/patches/debian/vpn | |
tar -rvf /usr/share/cloud/cloud-scripts.tar * | |
cd /opt | |
rm -fr $snapshot_dir cloudstack.tar.gz | |
chkconfig --add cloud-early-config | |
chkconfig cloud-early-config on | |
chkconfig --add cloud-passwd-srvr | |
chkconfig cloud-passwd-srvr off | |
chkconfig --add cloud | |
chkconfig cloud off | |
chkconfig xl2tpd off | |
chkconfig radvd off | |
} | |
do_signature() { | |
mkdir -p /var/cache/cloud/ | |
gzip -c /usr/share/cloud/cloud-scripts.tar > /usr/share/cloud/cloud-scripts.tgz | |
md5sum /usr/share/cloud/cloud-scripts.tgz | awk '{print $1}' > /var/cache/cloud/cloud-scripts-signature | |
echo "Cloudstack Release $CLOUDSTACK_RELEASE $(date)" > /etc/cloudstack-release | |
} | |
begin=$(date +%s) | |
echo "*************ADDING BACKPORTS********************" | |
add_backports | |
echo "*************INSTALLING PACKAGES********************" | |
install_packages | |
echo "*************DONE INSTALLING PACKAGES********************" | |
setup_accounts | |
echo "*************DONE ACCOUNT SETUP********************" | |
configure_services | |
configure_apache2 | |
echo "*************DONE SETTING UP SERVICES********************" | |
do_fixes | |
echo "*************DONE FIXING CONFIGURATION********************" | |
do_signature | |
fin=$(date +%s) | |
t=$((fin-begin)) | |
echo "Signed systemvm build, finished building systemvm appliance in $t seconds" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment