rm -rf ${vdir}/etc/yum.conf ${vdir}/etc/yum.repos.d
# Tweaking services
+# turn OFF firstboot if present, might cause the node to hang
+chroot ${vdir} /sbin/chkconfig firstboot off || :
# NOTE: we're enabling util-vserver to allow it to help shutdown all slices
# before rebooting. This has been problematic in the past
-chroot ${vdir} /sbin/chkconfig util-vserver on
-# enabling network; it ends up turned off starting with fedora9, probably related to NetworkManager
-chroot ${vdir} /sbin/chkconfig network on
+chroot ${vdir} /sbin/chkconfig util-vserver off || :
+# enabling network as it ends up turned off on systems that come with NetworkManager, starting with fedora9
+chroot ${vdir} /sbin/chkconfig network on || :
+# and turn off NetworkManager if present, as it quite obviously messes with network
+chroot ${vdir} /sbin/chkconfig NetworkManager off || :
-# turn OFF firstboot if present, might cause the node to hang
-chroot ${vdir} /sbin/chkconfig firstboot off || :
# turn OFF vservers-default ; this is to automatically restart vservers, let nm do that
chroot ${vdir} /sbin/chkconfig vservers-default off || :
# turn ON vprocunhide ; is required with kernels that have CONFIG_VSERVER_PROC_SECURE enabled
# which is the case for our k32 kernel
-chroot ${vdir} /sbin/chkconfig vprocunhide on || :
+# chroot ${vdir} /sbin/chkconfig vprocunhide on || :
+
+chroot ${vdir} /sbin/chkconfig fprobe-ulog on || :
+
+# turn off cgconfig
+chroot ${vdir} /sbin/chkconfig cgconfig off || :
+
+# turn ON lxc-reference.
+chroot ${vdir} /sbin/chkconfig lxc-reference on || :
# turn OFF selinux if set
-if [ -f ${vdir}/etc/sysconfig/selinux ] ; then
- selinuxrpm=$(chroot ${vdir} rpm -qf /etc/sysconfig/selinux)
- chroot ${vdir} rpm -e --nodeps ${rpm}
-fi
+# this may happen accidentally if you mention too much stuff in bootstrapfs.pkgs
+for file in /etc/sysconfig/selinux /sbin/load_policy; do
+ [ -f ${vdir}/${file} ] || { echo "$file not found in $vdir - fine" ; continue; }
+ selinuxrpm=$(chroot ${vdir} rpm -qf ${file})
+ if [ -z "$selinuxrpm" ] ; then
+ echo "SElinux: warning : could not rpm for file $file"
+ else
+ echo "Force-removing package ${selinuxrpm}"
+ chroot ${vdir} rpm -e --nodeps ${selinuxrpm}
+ fi
+done
# Disable splaying of cron.
echo > ${vdir}/etc/sysconfig/crontab
chroot ${vdir} rpm -qa --qf '%{name}.%{arch}\n' | grep 'i[36]86$' | xargs chroot ${vdir} rpm -e
fi
+# Add a logrotate script for btmp, which logs failed ssh logins, which can
+# grow unbounded on public plnodes and fill the root fs.
+cat <<EOF > ${vdir}/etc/logrotate.d/btmp
+/var/log/btmp {
+ weekly
+ minsize 1M
+ create 0600 root utmp
+ rotate 2
+ compress
+ notifempty
+}
+EOF
+
# NOTE: This is added to relieve one site's Cisco router configuration that
# fails to recognize the host once the arping is sent out.
# NOTE: this is pretty fragile, and fails on fedora 10 that as of today (oct. 20 2009)