exit
fi
+# Cleanup yum config entirely, waiting for the config files to populate this
+rm -rf ${vdir}/etc/yum.conf ${vdir}/etc/yum.repos.d
+
+# Tweaking services
+# turn OFF firstboot if present, might cause the node to hang
+chroot ${vdir} /sbin/chkconfig firstboot off || :
# NOTE: we're enabling util-vserver to allow it to help shutdown all slices
-# before rebooting. This has been problematic in the past.
-# Thierry : I'm enabling network since, for some reason, it ends up turned off on fedora9
-for service in network util-vserver; do
- chroot ${vdir} /sbin/chkconfig $service on
-done
+# before rebooting. This has been problematic in the past
+chroot ${vdir} /sbin/chkconfig util-vserver off || :
+# enabling network as it ends up turned off on systems that come with NetworkManager, starting with fedora9
+chroot ${vdir} /sbin/chkconfig network on || :
+# and turn off NetworkManager if present, as it quite obviously messes with network
+chroot ${vdir} /sbin/chkconfig NetworkManager off || :
+
+# turn OFF vservers-default ; this is to automatically restart vservers, let nm do that
+chroot ${vdir} /sbin/chkconfig vservers-default off || :
+# turn ON vprocunhide ; is required with kernels that have CONFIG_VSERVER_PROC_SECURE enabled
+# which is the case for our k32 kernel
+# chroot ${vdir} /sbin/chkconfig vprocunhide on || :
+
+chroot ${vdir} /sbin/chkconfig fprobe-ulog on || :
+
+# turn off cgconfig
+chroot ${vdir} /sbin/chkconfig cgconfig off || :
-# Remove unneeded services
-for service in vprocunhide vservers-default; do
- chroot ${vdir} /sbin/chkconfig $service off
+# turn ON lxc-reference.
+chroot ${vdir} /sbin/chkconfig lxc-reference on || :
+
+# Change default target.
+chroot ${vdir} ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target || :
+
+# turn OFF selinux if set
+# this may happen accidentally if you mention too much stuff in bootstrapfs.pkgs
+for file in /etc/sysconfig/selinux /sbin/load_policy; do
+ [ -f ${vdir}/${file} ] || { echo "$file not found in $vdir - fine" ; continue; }
+ selinuxrpm=$(chroot ${vdir} rpm -qf ${file})
+ if [ -z "$selinuxrpm" ] ; then
+ echo "SElinux: warning : could not rpm for file $file"
+ else
+ echo "Force-removing package ${selinuxrpm}"
+ chroot ${vdir} rpm -e --nodeps ${selinuxrpm}
+ fi
done
# Disable splaying of cron.
# Add site_admin account
chroot ${vdir} /usr/sbin/useradd -p "" -u 502 -m site_admin
-# NOTE: Removed due to incompatibility between fedora and centos, and b/c we
-# expect that enabling util-vserver above will help with shutdown.
-#
-# : this is added to ensure that processes running within the slices that
-# may have special permissions and other parts of the filesystem engated are
-# killed before shutdown. We experienced hangs when rebooting without this
-# step.
-#( cat <<EOF ) | patch -d ${vdir}/etc/init.d/
-#--- halt 2007-10-08 19:18:54.000000000 +0000
-#+++ halt2 2008-05-07 17:52:42.000000000 +0000
-#@@ -65,8 +65,10 @@
-# # Kill all processes.
-# [ "\${BASH+bash}" = bash ] && enable kill
-#
-#+action $"Sending all VServers the TERM signal..." ls -d /proc/virtual/[0-9]* | awk -F '/' '{print \$4}' | xargs -I{} /usr/sbin/vkill -s 15 --xid {} -- 0
-# action $"Sending all processes the TERM signal..." /sbin/killall5 -15
-# sleep 2
-#+action $"Sending all VServers the KILL signal..." ls -d /proc/virtual/[0-9]* | awk -F '/' '{print \$4}' | xargs -I{} /usr/sbin/vkill -s 9 --xid {} -- 0
-# action $"Sending all processes the KILL signal..." /sbin/killall5 -9
-#
-# # Write to wtmp file before unmounting /var
-#EOF
+# Remove 32bit packages from 64bit system (http://wiki.centos.org/FAQ/General#head-357346ff0bf7c14b0849c3bcce39677aaca528e9)
+# use rpm instead of yum as /proc is not mounted at that poing
+if echo ${vdir} | grep -q x86_64 ; then
+ chroot ${vdir} rpm -qa --qf '%{name}.%{arch}\n' | grep 'i[36]86$' | xargs chroot ${vdir} rpm -e
+fi
+
+# Add a logrotate script for btmp, which logs failed ssh logins, which can
+# grow unbounded on public plnodes and fill the root fs.
+cat <<EOF > ${vdir}/etc/logrotate.d/btmp
+/var/log/btmp {
+ weekly
+ minsize 1M
+ create 0600 root utmp
+ rotate 2
+ compress
+ notifempty
+}
+EOF
# NOTE: This is added to relieve one site's Cisco router configuration that
# fails to recognize the host once the arping is sent out.
+# NOTE: this is pretty fragile, and fails on fedora 10 that as of today (oct. 20 2009)
+# has initscripts-8.86.3-1.i386 which reads almost identical but with /sbin/arping instead
+# NOTE: this might work with fedora8 and centos5
+# the other distros will probably just fail to add this patch
cat <<\EOF | patch -d ${vdir}/etc/sysconfig/network-scripts/
--- ifup-eth 2008-07-08 13:19:49.000000000 -0400
+++ ifup-eth-orig 2008-07-08 13:20:02.000000000 -0400
git://git.onelab.eu / build.git / blobdiff