--- /dev/null
+#!/bin/bash
+
+vdir=$1
+if [ -z "${vdir}" ] ; then
+ echo "ERROR: $0"
+ echo "Provide the directory of the root filesystem to operate on"
+ exit
+fi
+
+# Cleanup yum config entirely, waiting for the config files to populate this
+rm -rf ${vdir}/etc/yum.conf ${vdir}/etc/yum.repos.d
+
+# Tweaking services
+# turn OFF firstboot if present, might cause the node to hang
+chroot ${vdir} /sbin/chkconfig firstboot off || :
+# NOTE: we're enabling util-vserver to allow it to help shutdown all slices
+# before rebooting. This has been problematic in the past
+chroot ${vdir} /sbin/chkconfig util-vserver on || :
+# enabling network as it ends up turned off on systems that come with NetworkManager, starting with fedora9
+chroot ${vdir} /sbin/chkconfig network on || :
+# and turn off NetworkManager if present, as it quite obviously messes with network
+chroot ${vdir} /sbin/chkconfig NetworkManager off || :
+
+# turn OFF vservers-default ; this is to automatically restart vservers, let nm do that
+chroot ${vdir} /sbin/chkconfig vservers-default off || :
+# turn ON vprocunhide ; is required with kernels that have CONFIG_VSERVER_PROC_SECURE enabled
+# which is the case for our k32 kernel
+chroot ${vdir} /sbin/chkconfig vprocunhide on || :
+
+# turn OFF selinux if set
+# this may happen accidentally if you mention too much stuff in bootstrapfs.pkgs
+for file in /etc/sysconfig/selinux /sbin/load_policy; do
+ [ -f ${vdir}/${file} ] || { echo "$file not found in $vdir - fine" ; continue; }
+ selinuxrpm=$(chroot ${vdir} rpm -qf ${file})
+ if [ -z "$selinuxrpm" ] ; then
+ echo "SElinux: warning : could not rpm for file $file"
+ else
+ echo "Force-removing package ${selinuxrpm}"
+ chroot ${vdir} rpm -e --nodeps ${selinuxrpm}
+ fi
+done
+
+# Disable splaying of cron.
+echo > ${vdir}/etc/sysconfig/crontab
+
+# Add site_admin account
+chroot ${vdir} /usr/sbin/useradd -p "" -u 502 -m site_admin
+
+# Remove 32bit packages from 64bit system (http://wiki.centos.org/FAQ/General#head-357346ff0bf7c14b0849c3bcce39677aaca528e9)
+# use rpm instead of yum as /proc is not mounted at that poing
+if echo ${vdir} | grep -q x86_64 ; then
+ chroot ${vdir} rpm -qa --qf '%{name}.%{arch}\n' | grep 'i[36]86$' | xargs chroot ${vdir} rpm -e
+fi
+
+# Add a logrotate script for btmp, which logs failed ssh logins, which can
+# grow unbounded on public plnodes and fill the root fs.
+cat <<EOF > ${vdir}/etc/logrotate.d/btmp
+/var/log/btmp {
+ weekly
+ minsize 1M
+ create 0600 root utmp
+ rotate 2
+ compress
+ notifempty
+}
+EOF
+
+# NOTE: This is added to relieve one site's Cisco router configuration that
+# fails to recognize the host once the arping is sent out.
+# NOTE: this is pretty fragile, and fails on fedora 10 that as of today (oct. 20 2009)
+# has initscripts-8.86.3-1.i386 which reads almost identical but with /sbin/arping instead
+# NOTE: this might work with fedora8 and centos5
+# the other distros will probably just fail to add this patch
+cat <<\EOF | patch -d ${vdir}/etc/sysconfig/network-scripts/
+--- ifup-eth 2008-07-08 13:19:49.000000000 -0400
++++ ifup-eth-orig 2008-07-08 13:20:02.000000000 -0400
+@@ -263,10 +263,10 @@
+ fi
+
+ if ! LC_ALL=C ip addr ls ${REALDEVICE} | LC_ALL=C grep -q "${IPADDR}/${PREFIX}" ; then
+- if ! arping -q -c 2 -w 3 -D -I ${REALDEVICE} ${IPADDR} ; then
+- echo $"Error, some other host already uses address ${IPADDR}."
+- exit 1
+- fi
++ #if ! arping -q -c 2 -w 3 -D -I ${REALDEVICE} ${IPADDR} ; then
++ # echo $"Error, some other host already uses address ${IPADDR}."
++ # exit 1
++ #fi
+ if ! ip addr add ${IPADDR}/${PREFIX} \
+ brd ${BROADCAST:-+} dev ${REALDEVICE} ${SCOPE} label ${DEVICE}; then
+ echo $"Error adding address ${IPADDR} for ${DEVICE}."
+EOF