apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity
cloudstack/tools/appliance/definitions/systemvmtemplate/postinstall.sh
Rohit Yadav 7d2ffe063d systemvms: use Debian http redirector for apt repos 
Picked in parts from https://github.com/apache/cloudstack/pull/103/files

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
2015-03-11 13:22:09 +05:30

288 lines
9.8 KiB
Bash
Raw Blame History

# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
set -x
ROOTPW=password
HOSTNAME=systemvm
CLOUDSTACK_RELEASE=4.5.0
add_backports () {
sed -i '/backports/d' /etc/apt/sources.list
echo 'deb http://http.debian.net/debian/ wheezy-backports main' >> /etc/apt/sources.list
apt-get update
}
install_packages() {
DEBIAN_FRONTEND=noninteractive
DEBIAN_PRIORITY=critical
# Basic packages
apt-get --no-install-recommends -q -y --force-yes install rsyslog logrotate cron chkconfig insserv net-tools ifupdown vim-tiny netbase iptables
apt-get --no-install-recommends -q -y --force-yes install openssh-server openssl e2fsprogs dhcp3-client tcpdump socat wget
# apt-get --no-install-recommends -q -y --force-yes install grub-legacy
apt-get --no-install-recommends -q -y --force-yes install python bzip2 sed gawk diffutils grep gzip less tar telnet ftp rsync traceroute psmisc lsof procps inetutils-ping iputils-arping httping
apt-get --no-install-recommends -q -y --force-yes install dnsutils zip unzip ethtool uuid file iproute acpid virt-what sudo
# sysstat
echo 'sysstat sysstat/enable boolean true' | debconf-set-selections
apt-get --no-install-recommends -q -y --force-yes install sysstat
# apache
apt-get --no-install-recommends -q -y --force-yes install apache2 ssl-cert
# dnsmasq
apt-get --no-install-recommends -q -y --force-yes install dnsmasq dnsmasq-utils
# nfs client
apt-get --no-install-recommends -q -y --force-yes install nfs-common
# nfs irqbalance
apt-get --no-install-recommends -q -y --force-yes install irqbalance
# cifs client
apt-get --no-install-recommends -q -y --force-yes install samba-common
apt-get --no-install-recommends -q -y --force-yes install cifs-utils
# vpn stuff
apt-get --no-install-recommends -q -y --force-yes install xl2tpd bcrelay ppp ipsec-tools tdb-tools
echo "openswan openswan/install_x509_certificate boolean false" | debconf-set-selections
echo "openswan openswan/install_x509_certificate seen true" | debconf-set-selections
apt-get --no-install-recommends -q -y --force-yes install openswan=1:2.6.37-3
apt-mark hold openswan
# xenstore utils
apt-get --no-install-recommends -q -y --force-yes install xenstore-utils libxenstore3.0
# keepalived and conntrackd for redundant router
apt-get --no-install-recommends -q -y --force-yes install keepalived conntrackd ipvsadm libnetfilter-conntrack3 libnl1
# ipcalc
apt-get --no-install-recommends -q -y --force-yes install ipcalc
apt-get update
# java
apt-get --no-install-recommends -q -y --force-yes install openjdk-7-jre-headless
echo "iptables-persistent iptables-persistent/autosave_v4 boolean true" | debconf-set-selections
echo "iptables-persistent iptables-persistent/autosave_v6 boolean true" | debconf-set-selections
apt-get --no-install-recommends -q -y --force-yes install iptables-persistent
#libraries required for rdp client (Hyper-V)
apt-get --no-install-recommends -q -y --force-yes install libtcnative-1 libssl-dev libapr1-dev
# vmware tools
apt-get --no-install-recommends -q -y --force-yes install open-vm-tools
# commented installaion of vmware-tools as we are using the opensource open-vm-tools:
# apt-get --no-install-recommends -q -y --force-yes install build-essential linux-headers-`uname -r`
# df -h
# PREVDIR=$PWD
# cd /opt
# wget http://people.apache.org/~bhaisaab/cloudstack/VMwareTools-9.2.1-818201.tar.gz
# tar xzf VMwareTools-9.2.1-818201.tar.gz
# rm VMwareTools-*.tar.gz
# cd vmware-tools-distrib
# ./vmware-install.pl -d
# cd $PREV
# rm -fr /opt/vmware-tools-distrib
# apt-get -q -y --force-yes purge build-essential
apt-get --no-install-recommends -q -y --force-yes install haproxy
apt-get --no-install-recommends -q -y --force-yes install radvd
# do a final update and upgrade
apt-get clean
apt-get update
apt-get -y --force-yes upgrade
}
setup_accounts() {
# Setup sudo to allow no-password sudo for "admin"
groupadd -r admin
# Create a 'cloud' user if it's not there
id cloud
if [[ $? -ne 0 ]]
then
useradd -G admin cloud
else
usermod -a -G admin cloud
fi
echo "root:$ROOTPW" | chpasswd
echo "cloud:`openssl rand -base64 32`" | chpasswd
sed -i -e '/Defaults\s\+env_reset/a Defaults\texempt_group=admin' /etc/sudoers
sed -i -e 's/%admin ALL=(ALL) ALL/%admin ALL=NOPASSWD:/bin/chmod, /bin/cp, /bin/mkdir, /bin/mount, /bin/umount/g' /etc/sudoers
# Disable password based authentication via ssh, this will take effect on next reboot
sed -i -e 's/^.*PasswordAuthentication .*$/PasswordAuthentication no/g' /etc/ssh/sshd_config
# Secure ~/.ssh
mkdir -p /home/cloud/.ssh
chmod 700 /home/cloud/.ssh
}
fix_nameserver() {
# Replace /etc/resolv.conf also
cat > /etc/resolv.conf << EOF
nameserver 8.8.8.8
nameserver 8.8.4.4
EOF
}
fix_inittab() {
# Fix inittab
cat >> /etc/inittab << EOF
vc:2345:respawn:/sbin/getty 38400 hvc0
EOF
}
fix_acpid() {
# Fix acpid
mkdir -p /etc/acpi/events
cat >> /etc/acpi/events/power << EOF
event=button/power.*
action=/usr/local/sbin/power.sh "%e"
EOF
cat >> /usr/local/sbin/power.sh << EOF
#!/bin/bash
/sbin/poweroff
EOF
chmod a+x /usr/local/sbin/power.sh
}
fix_hostname() {
# Fix hostname in openssh-server generated keys
sed -i "s/root@\(.*\)$/root@$HOSTNAME/g" /etc/ssh/ssh_host_*.pub
# Fix hostname to override one provided by dhcp during vm build
echo "$HOSTNAME" > /etc/hostname
hostname $HOSTNAME
# Delete entry in /etc/hosts derived from dhcp
sed -i '/127.0.1.1/d' /etc/hosts
}
fix_locale() {
cat >> /etc/default/locale << EOF
LANG=en_US.UTF-8
LC_ALL=en_US.UTF-8
EOF
cat >> /etc/locale.gen << EOF
en_US.UTF-8 UTF-8
EOF
locale-gen en_US.UTF-8
}
# This is actually a bug in the conntrackd package. The comment in the conf file says stats logging is off by default but the parameter is set to on.
# After a couple weeks logrotate will rotate the conntrackd-stats.log file ans start conntracking even if we don't want it to (on non-redundant routers for instance).
fix_conntrackd() {
sed -i '/Stats {/,/}/ s/LogFile on/LogFile off/' /etc/conntrackd/conntrackd.conf
rm -f /var/log/conntrackd-stats.log
}
fix_vhdutil() {
wget --no-check-certificate http://download.cloud.com.s3.amazonaws.com/tools/vhd-util -O /bin/vhd-util
chmod a+x /bin/vhd-util
}
# Preload these module otherwise the sysctl settings will not be set, and pasive ftp will not work.
fix_modules() {
cat >> /etc/modules << EOF
nf_conntrack_ipv4
nf_conntrack
nf_conntrack_ftp
nf_nat_ftp
EOF
}
do_fixes() {
fix_nameserver
fix_inittab
fix_acpid
fix_hostname
fix_locale
fix_conntrackd
fix_vhdutil
fix_modules
}
configure_apache2() {
# Enable ssl, rewrite and auth
a2enmod ssl rewrite auth_basic auth_digest
a2ensite default-ssl
# Backup stock apache configuration since we may modify it in Secondary Storage VM
cp /etc/apache2/sites-available/default /etc/apache2/sites-available/default.orig
cp /etc/apache2/sites-available/default-ssl /etc/apache2/sites-available/default-ssl.orig
sed -i 's/SSLProtocol all -SSLv2$/SSLProtocol all -SSLv2 -SSLv3/g' /etc/apache2/mods-available/ssl.conf
}
configure_services() {
mkdir -p /var/www/html
mkdir -p /opt/cloud/bin
mkdir -p /var/cache/cloud
mkdir -p /usr/share/cloud
mkdir -p /usr/local/cloud
mkdir -p /root/.ssh
# Fix haproxy directory issue
mkdir -p /var/lib/haproxy
# Get config files from master
snapshot_url="https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=snapshot;h=refs/heads/4.5;sf=tgz"
snapshot_dir="/opt/cloudstack*"
cd /opt
wget --no-check-certificate $snapshot_url -O cloudstack.tar.gz
tar -zxvf cloudstack.tar.gz
cp -rv $snapshot_dir/systemvm/patches/debian/config/* /
cp -rv $snapshot_dir/systemvm/patches/debian/vpn/* /
mkdir -p /usr/share/cloud/
cd $snapshot_dir/systemvm/patches/debian/config
tar -cvf /usr/share/cloud/cloud-scripts.tar *
cd $snapshot_dir/systemvm/patches/debian/vpn
tar -rvf /usr/share/cloud/cloud-scripts.tar *
cd /opt
rm -fr $snapshot_dir cloudstack.tar.gz
chkconfig --add cloud-early-config
chkconfig cloud-early-config on
chkconfig --add cloud-passwd-srvr
chkconfig cloud-passwd-srvr off
chkconfig --add cloud
chkconfig cloud off
chkconfig xl2tpd off
chkconfig radvd off
}
do_signature() {
mkdir -p /var/cache/cloud/
gzip -c /usr/share/cloud/cloud-scripts.tar > /usr/share/cloud/cloud-scripts.tgz
md5sum /usr/share/cloud/cloud-scripts.tgz | awk '{print $1}' > /var/cache/cloud/cloud-scripts-signature
echo "Cloudstack Release $CLOUDSTACK_RELEASE $(date)" > /etc/cloudstack-release
}
begin=$(date +%s)
echo "*************ADDING BACKPORTS********************"
add_backports
echo "*************INSTALLING PACKAGES********************"
install_packages
echo "*************DONE INSTALLING PACKAGES********************"
setup_accounts
echo "*************DONE ACCOUNT SETUP********************"
configure_services
configure_apache2
echo "*************DONE SETTING UP SERVICES********************"
do_fixes
echo "*************DONE FIXING CONFIGURATION********************"
do_signature
fin=$(date +%s)
t=$((fin-begin))
echo "Signed systemvm build, finished building systemvm appliance in $t seconds"
Reference in New Issue View Git Blame Copy Permalink