#!/bin/bash # Licensed to the Apache Software Foundation (ASF) under one # or more contributor license agreements. See the NOTICE file # distributed with this work for additional information # regarding copyright ownership. The ASF licenses this file # to you under the Apache License, Version 2.0 (the # "License"); you may not use this file except in compliance # with the License. You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, # software distributed under the License is distributed on an # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY # KIND, either express or implied. See the License for the # specific language governing permissions and limitations # under the License. echo "####################################################" echo " Note there is a new systemvm build script based on " echo " Veewee(Vagrant) under tools/appliance." echo "####################################################" set -e set -x IMAGENAME=systemvm LOCATION=/var/lib/images/systemvm PASSWORD=password #APT_PROXY=192.168.1.115:3142/ APT_PROXY= HOSTNAME=systemvm SIZE=2000 DEBIAN_MIRROR=ftp.us.debian.org/debian MINIMIZE=true CLOUDSTACK_RELEASE=4.0 offset=4096 baseimage() { mkdir -p $LOCATION #dd if=/dev/zero of=$IMAGELOC bs=1M count=$SIZE dd if=/dev/zero of=$IMAGELOC bs=1M seek=$((SIZE - 1)) count=1 loopdev=$(losetup -f) losetup $loopdev $IMAGELOC parted $loopdev -s 'mklabel msdos' parted $loopdev -s 'mkpart primary ext3 4096B -1' sleep 2 losetup -d $loopdev loopdev=$(losetup --show -o $offset -f $IMAGELOC ) mkfs.ext3 -L ROOT $loopdev mkdir -p $MOUNTPOINT tune2fs -c 100 -i 0 $loopdev sleep 2 losetup -d $loopdev mount -o loop,offset=$offset $IMAGELOC $MOUNTPOINT #debootstrap --variant=minbase --keyring=/usr/share/keyrings/debian-archive-keyring.gpg wheezy $MOUNTPOINT http://${APT_PROXY}${DEBIAN_MIRROR} debootstrap --variant=minbase --arch=i386 wheezy $MOUNTPOINT http://${APT_PROXY}${DEBIAN_MIRROR} } fixapt() { if [ "$APT_PROXY" != "" ]; then cat >> etc/apt/apt.conf.d/01proxy << EOF Acquire::http::Proxy "http://${APT_PROXY}"; EOF fi cat > etc/apt/sources.list << EOF deb http://http.debian.net/debian/ wheezy main contrib non-free deb-src http://http.debian.net/debian/ wheezy main contrib non-free deb http://security.debian.org/ wheezy/updates main deb-src http://security.debian.org/ wheezy/updates main deb http://http.debian.net/debian/ wheezy-backports main deb-src http://http.debian.net/debian/ wheezy-backports main EOF cat >> etc/apt/apt.conf << EOF APT::Default-Release "stable"; EOF cat >> etc/apt/preferences << EOF Package: * Pin: release o=Debian,a=stable Pin-Priority: 900 EOF #apt-key exportall | chroot . apt-key add - && chroot . apt-get update && echo "Apt::Install-Recommends 0;" > etc/apt/apt.conf.d/local-recommends cat >> usr/sbin/policy-rc.d << EOF #!/bin/sh exit 101 EOF chmod a+x usr/sbin/policy-rc.d cat >> etc/default/locale << EOF LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 EOF cat >> etc/locale.gen << EOF en_US.UTF-8 UTF-8 EOF DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical export DEBIAN_FRONTEND DEBIAN_PRIORITY chroot . dpkg-reconfigure debconf --frontend=noninteractive chroot . apt-get -q -y install locales } network() { echo "$HOSTNAME" > etc/hostname && cat > etc/hosts << EOF 127.0.0.1 localhost # The following lines are desirable for IPv6 capable hosts ::1 localhost ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters ff02::3 ip6-allhosts EOF cat >> etc/network/interfaces << EOF auto lo eth0 iface lo inet loopback # The primary network interface iface eth0 inet static EOF } install_kernel() { DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical export DEBIAN_FRONTEND DEBIAN_PRIORITY chroot . apt-get -qq -y --force-yes install grub-legacy && cp -av usr/lib/grub/i386-pc boot/grub #for some reason apt-get install grub does not install grub/stage1 etc #loopd=$(losetup -f --show $1) #grub-install $loopd --root-directory=$MOUNTPOINT #losetup -d $loopd grub << EOF && device (hd0) $1 root (hd0,0) setup (hd0) quit EOF # install a kernel image cat > etc/kernel-img.conf << EOF && do_symlinks = yes link_in_boot = yes do_initrd = yes EOF touch /mnt/systemvm/boot/grub/default chroot . apt-get install -qq -y --force-yes linux-image-686-bigmem cat >> etc/kernel-img.conf << EOF postinst_hook = /usr/sbin/update-grub postrm_hook = /usr/sbin/update-grub EOF } fixgrub() { kern=$(basename $(ls boot/vmlinuz-*)) ver=${kern#vmlinuz-} cat > boot/grub/menu.lst << EOF default 0 timeout 2 color cyan/blue white/blue ### BEGIN AUTOMAGIC KERNELS LIST # kopt=root=LABEL=ROOT ro ## ## End Default Options ## title Debian GNU/Linux, kernel $ver root (hd0,0) kernel /boot/$kern root=LABEL=ROOT ro console=tty0 xencons=ttyS0,115200 console=hvc0 quiet initrd /boot/initrd.img-$ver ### END DEBIAN AUTOMAGIC KERNELS LIST EOF (cd boot/grub; ln -s menu.lst grub.conf) } fixinittab() { cat >> etc/inittab << EOF vc:2345:respawn:/sbin/getty 38400 hvc0 EOF } fixfstab() { cat > etc/fstab << EOF # proc /proc proc defaults 0 0 LABEL=ROOT / ext3 errors=remount-ro,sync,noatime 0 1 EOF } fixacpid() { mkdir -p etc/acpi/events cat >> etc/acpi/events/power << EOF event=button/power.* action=/usr/local/sbin/power.sh "%e" EOF cat >> usr/local/sbin/power.sh << EOF #!/bin/bash /sbin/poweroff EOF chmod a+x usr/local/sbin/power.sh } fixiptables() { cat >> etc/modules << EOF nf_conntrack nf_conntrack_ipv4 EOF cat > etc/init.d/iptables-persistent << EOF #!/bin/sh ### BEGIN INIT INFO # Provides: iptables # Required-Start: mountkernfs $local_fs # Required-Stop: $local_fs # Should-Start: cloud-early-config # Default-Start: S # Default-Stop: # Short-Description: Set up iptables rules ### END INIT INFO PATH="/sbin:/bin:/usr/sbin:/usr/bin" # Include config file for iptables-persistent . /etc/iptables/iptables.conf case "\$1" in start) if [ -e /var/run/iptables ]; then echo "iptables is already started!" exit 1 else touch /var/run/iptables fi if [ \$ENABLE_ROUTING -ne 0 ]; then # Enable Routing echo 1 > /proc/sys/net/ipv4/ip_forward fi # Load Modules modprobe -a \$MODULES # Load saved rules if [ -f /etc/iptables/rules ]; then iptables-restore /etc/iptables/rules fi # Restore Default Policies iptables -P INPUT ACCEPT iptables -P FORWARD ACCEPT iptables -P OUTPUT ACCEPT # Flush rules on default tables iptables -F iptables -t nat -F iptables -t mangle -F # Unload previously loaded modules modprobe -r \$MODULES # Disable Routing if enabled if [ \$ENABLE_ROUTING -ne 0 ]; then # Disable Routing echo 0 > /proc/sys/net/ipv4/ip_forward fi ;; restart|force-reload) \$0 stop \$0 start ;; status) echo "Filter Rules:" echo "--------------" iptables -L -v echo "" echo "NAT Rules:" echo "-------------" iptables -t nat -L -v echo "" echo "Mangle Rules:" echo "----------------" iptables -t mangle -L -v ;; *) echo "Usage: \$0 {start|stop|force-stop|restart|force-reload|status}" >&2 exit 1 ;; esac exit 0 EOF chmod a+x etc/init.d/iptables-persistent touch etc/iptables/iptables.conf cat > etc/iptables/iptables.conf << EOF # A basic config file for the /etc/init.d/iptable-persistent script # Should new manually added rules from command line be saved on reboot? Assign to a value different that 0 if you want this enabled. SAVE_NEW_RULES=0 # Modules to load: MODULES="nf_nat_ftp nf_conntrack_ftp" # Enable Routing? ENABLE_ROUTING=1 EOF chmod a+x etc/iptables/iptables.conf } vpn_config() { cp -r ${scriptdir}/vpn/* ./ } packages() { DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical DEBCONF_DB_OVERRIDE=’File{/root/config.dat}’ export DEBIAN_FRONTEND DEBIAN_PRIORITY DEBCONF_DB_OVERRIDE #basic stuff chroot . apt-get --no-install-recommends -q -y --force-yes install rsyslog logrotate cron chkconfig insserv net-tools ifupdown vim-tiny netbase iptables openssh-server grub-legacy e2fsprogs dhcp3-client dnsmasq tcpdump socat wget python bzip2 sed gawk diffutils grep gzip less tar telnet ftp rsync traceroute psmisc lsof procps monit inetutils-ping iputils-arping httping dnsutils zip unzip ethtool uuid file iproute acpid iptables-persistent virt-what sudo #fix hostname in openssh-server generated keys sed -i "s/root@\(.*\)$/root@systemvm/g" etc/ssh/ssh_host_*.pub #sysstat chroot . echo 'sysstat sysstat/enable boolean true' | chroot . debconf-set-selections chroot . apt-get --no-install-recommends -q -y --force-yes install sysstat #apache chroot . apt-get --no-install-recommends -q -y --force-yes install apache2 ssl-cert #haproxy chroot . apt-get --no-install-recommends -q -y --force-yes install haproxy #dnsmasq chroot . apt-get --no-install-recommends -q -y --force-yes install dnsmasq #nfs client chroot . apt-get --no-install-recommends -q -y --force-yes install nfs-common #vpn stuff chroot . apt-get --no-install-recommends -q -y --force-yes install xl2tpd openswan bcrelay ppp ipsec-tools tdb-tools #vmware tools chroot . apt-get --no-install-recommends -q -y --force-yes install open-vm-tools #xenstore utils chroot . apt-get --no-install-recommends -q -y --force-yes install xenstore-utils libxenstore3.0 #keepalived and conntrackd chroot . apt-get --no-install-recommends -q -y --force-yes install keepalived conntrackd ipvsadm libnetfilter-conntrack3 libnl1 #ipcalc chroot . apt-get --no-install-recommends -q -y --force-yes install ipcalc echo "***** getting jre 7 *********" chroot . apt-get --no-install-recommends -q -y install openjdk-7-jre-headless } password() { chroot . echo "root:$PASSWORD" | chroot . chpasswd } apache2() { chroot . a2enmod ssl rewrite auth_basic auth_digest chroot . a2ensite default-ssl cp etc/apache2/sites-available/default etc/apache2/sites-available/default.orig cp etc/apache2/sites-available/default-ssl etc/apache2/sites-available/default-ssl.orig } services() { mkdir -p ./var/www/html mkdir -p ./opt/cloud/bin mkdir -p ./var/cache/cloud mkdir -p ./usr/share/cloud mkdir -p ./usr/local/cloud mkdir -p ./root/.ssh #Fix haproxy directory issue mkdir -p ./var/lib/haproxy /bin/cp -r ${scriptdir}/config/* ./ chroot . chkconfig xl2tpd off chroot . chkconfig --add cloud-early-config chroot . chkconfig cloud-early-config on chroot . chkconfig --add iptables-persistent chroot . chkconfig iptables-persistent off chroot . chkconfig --force --add cloud-passwd-srvr chroot . chkconfig cloud-passwd-srvr off chroot . chkconfig --add cloud chroot . chkconfig cloud off chroot . chkconfig monit off } dhcp_fix() { #deal with virtio DHCP issue, copy and install customized kernel module and iptables mkdir -p tmp cp /tmp/systemvm/xt_CHECKSUM.ko lib/modules/2.6.32-5-686-bigmem/kernel/net/netfilter chroot . depmod -a 2.6.32-5-686-bigmem cp /tmp/systemvm/iptables_1.4.8-3local1checksum1_i386.deb tmp/ chroot . dpkg -i tmp/iptables_1.4.8-3local1checksum1_i386.deb rm tmp/iptables_1.4.8-3local1checksum1_i386.deb } install_xs_tool() { #deal with virtio DHCP issue, copy and install customized kernel module and iptables mkdir -p tmp cp /tmp/systemvm/xe-guest-utilities_5.6.0-595_i386.deb tmp/ chroot . dpkg -i tmp/xe-guest-utilities_5.6.0-595_i386.deb rm tmp/xe-guest-utilities_5.6.0-595_i386.deb } cleanup() { rm -f usr/sbin/policy-rc.d rm -f root/config.dat rm -f etc/apt/apt.conf.d/01proxy if [ "$MINIMIZE" == "true" ] then rm -rf var/cache/apt/* rm -rf var/lib/apt/* rm -rf usr/share/locale/[a-d]* rm -rf usr/share/locale/[f-z]* rm -rf usr/share/doc/* size=$(df $MOUNTPOINT | awk '{print $4}' | grep -v Available) dd if=/dev/zero of=$MOUNTPOINT/zeros.img bs=1M count=$((((size-150000)) / 1000)) rm -f $MOUNTPOINT/zeros.img fi } signature() { (cd ${scriptdir}/config; tar cvf ${MOUNTPOINT}/usr/share/cloud/cloud-scripts.tar *) (cd ${scriptdir}/vpn; tar rvf ${MOUNTPOINT}/usr/share/cloud/cloud-scripts.tar *) gzip -c ${MOUNTPOINT}/usr/share/cloud/cloud-scripts.tar > ${MOUNTPOINT}/usr/share/cloud/cloud-scripts.tgz md5sum ${MOUNTPOINT}/usr/share/cloud/cloud-scripts.tgz |awk '{print $1}' > ${MOUNTPOINT}/var/cache/cloud/cloud-scripts-signature echo "Cloudstack Release $CLOUDSTACK_RELEASE $(date)" > ${MOUNTPOINT}/etc/cloudstack-release } #check grub version grub --version | grep "0.9" > /dev/null if [ $? -ne 0 ] then echo You need grub 0.9x\(grub-legacy\) to use this script! exit 1 fi mkdir -p $IMAGENAME mkdir -p $LOCATION MOUNTPOINT=/mnt/$IMAGENAME/ IMAGELOC=$LOCATION/$IMAGENAME.img scriptdir=$(dirname $PWD/$0) rm -rf /tmp/systemvm mkdir -p /tmp/systemvm #cp ./xt_CHECKSUM.ko /tmp/systemvm #cp ./iptables_1.4.8-3local1checksum1_i386.deb /tmp/systemvm #cp ./xe-guest-utilities_5.6.0-595_i386.deb /tmp/systemvm rm -f $IMAGELOC begin=$(date +%s) echo "*************INSTALLING BASEIMAGE********************" baseimage cp $scriptdir/config.dat $MOUNTPOINT/root/ cd $MOUNTPOINT mount -o bind /proc $MOUNTPOINT/proc mount -o bind /dev $MOUNTPOINT/dev echo "*************CONFIGURING APT********************" fixapt echo "*************DONE CONFIGURING APT********************" echo "*************CONFIGURING NETWORK********************" network echo "*************DONE CONFIGURING NETWORK********************" echo "*************INSTALLING KERNEL********************" install_kernel $IMAGELOC echo "*************DONE INSTALLING KERNEL********************" echo "*************CONFIGURING GRUB********************" fixgrub $IMAGELOC echo "*************DONE CONFIGURING GRUB********************" echo "*************CONFIGURING INITTAB********************" fixinittab echo "*************DONE CONFIGURING INITTAB********************" echo "*************CONFIGURING FSTAB********************" fixfstab echo "*************DONE CONFIGURING FSTAB********************" echo "*************CONFIGURING ACPID********************" fixacpid echo "*************DONE CONFIGURING ACPID********************" echo "*************INSTALLING PACKAGES********************" packages echo "*************DONE INSTALLING PACKAGES********************" echo "*************CONFIGURING IPTABLES********************" fixiptables echo "*************DONE CONFIGURING IPTABLES********************" echo "*************CONFIGURING PASSWORD********************" password echo "*************CONFIGURING SERVICES********************" services echo "*************CONFIGURING APACHE********************" apache2 echo "*************CONFIGURING VPN********************" vpn_config echo "*************FIX DHCP ISSUE********************" #dhcp_fix echo "*************INSTALL XS TOOLS********************" #install_xs_tool echo "*************CLEANING UP********************" cleanup echo "*************GENERATING SIGNATURE********************" signature cd $scriptdir umount $MOUNTPOINT/proc umount $MOUNTPOINT/dev umount $MOUNTPOINT fin=$(date +%s) t=$((fin-begin)) echo "Finished building image $IMAGELOC in $t seconds"