X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=config.planetlab%2Fbootstrapfs.post;h=79d54fe3c91fd058c058a799ae26009f02f1bd1b;hb=be1729c70f5de989ccf5c6034df1a718b60c4e63;hp=d35618c2eff8946f50a27ee0999f9390fe8d4d48;hpb=2a018def41260698fb3042da2e33ae49efcecdc5;p=build.git

diff --git a/config.planetlab/bootstrapfs.post b/config.planetlab/bootstrapfs.post
index d35618c2..79d54fe3 100644
--- a/config.planetlab/bootstrapfs.post
+++ b/config.planetlab/bootstrapfs.post
@@ -7,9 +7,37 @@ if [ -z "${vdir}" ] ; then
 	exit
 fi
 
-# Remove unneeded services
-for service in util-vserver vprocunhide vservers-default; do
-    chroot ${vdir} /sbin/chkconfig $service off
+# Cleanup yum config entirely, waiting for the config files to populate this
+rm -rf ${vdir}/etc/yum.conf ${vdir}/etc/yum.repos.d
+
+# Tweaking services
+# turn OFF firstboot if present, might cause the node to hang
+chroot ${vdir} /sbin/chkconfig firstboot off || :
+# NOTE: we're enabling util-vserver to allow it to help shutdown all slices
+# before rebooting.  This has been problematic in the past
+chroot ${vdir} /sbin/chkconfig util-vserver on || :
+# enabling network as it ends up turned off on systems that come with NetworkManager, starting with fedora9
+chroot ${vdir} /sbin/chkconfig network on || :
+# and turn off NetworkManager if present, as it quite obviously messes with network
+chroot ${vdir} /sbin/chkconfig NetworkManager off || :
+
+# turn OFF vservers-default ; this is to automatically restart vservers, let nm do that
+chroot ${vdir} /sbin/chkconfig vservers-default off || :
+# turn ON vprocunhide ; is required with kernels that have CONFIG_VSERVER_PROC_SECURE enabled
+# which is the case for our k32 kernel
+chroot ${vdir} /sbin/chkconfig vprocunhide on || :
+
+# turn OFF selinux if set
+# this may happen accidentally if you mention too much stuff in bootstrapfs.pkgs
+for file in /etc/sysconfig/selinux /sbin/load_policy; do
+    [ -f ${vdir}/${file} ] || { echo "$file not found in $vdir - fine" ; continue; }
+    selinuxrpm=$(chroot ${vdir} rpm -qf ${file})
+    if [ -z "$selinuxrpm" ] ; then 
+	echo "SElinux: warning : could not rpm for file $file"
+    else
+	echo "Force-removing package ${selinuxrpm}" 
+	chroot ${vdir} rpm -e --nodeps ${selinuxrpm}
+    fi
 done
 
 # Disable splaying of cron.
@@ -18,18 +46,47 @@ echo > ${vdir}/etc/sysconfig/crontab
 # Add site_admin account
 chroot ${vdir} /usr/sbin/useradd -p "" -u 502 -m site_admin
 
-( cat <<EOF ) | patch -d ${vdir}/etc/init.d/
---- halt        2007-10-08 19:18:54.000000000 +0000
-+++ halt2       2008-05-07 17:52:42.000000000 +0000
-@@ -65,8 +65,10 @@
- # Kill all processes.
- [ "\${BASH+bash}" = bash ] && enable kill
+# Remove 32bit packages from 64bit system (http://wiki.centos.org/FAQ/General#head-357346ff0bf7c14b0849c3bcce39677aaca528e9) 
+# use rpm instead of yum as /proc is not mounted at that poing 
+if echo ${vdir} | grep -q x86_64 ; then
+    chroot ${vdir} rpm -qa --qf '%{name}.%{arch}\n' | grep 'i[36]86$' | xargs chroot ${vdir} rpm -e
+fi
 
-+action $"Sending all VServers the TERM signal..."  ls -d /proc/virtual/[0-9]* | awk -F '/' '{print \$4}' | xargs -I{} /usr/sbin/vkill -s 15 --xid {} -- 0
- action $"Sending all processes the TERM signal..." /sbin/killall5 -15
- sleep 2
-+action $"Sending all VServers the KILL signal..."  ls -d /proc/virtual/[0-9]* | awk -F '/' '{print \$4}' | xargs -I{} /usr/sbin/vkill -s 9 --xid {} -- 0
- action $"Sending all processes the KILL signal..."  /sbin/killall5 -9
+# Add a logrotate script for btmp, which logs failed ssh logins, which can
+# grow unbounded on public plnodes and fill the root fs.
+cat <<EOF > ${vdir}/etc/logrotate.d/btmp
+/var/log/btmp {
+    weekly
+    minsize 1M
+    create 0600 root utmp
+    rotate 2
+    compress
+    notifempty
+}
+EOF
 
- # Write to wtmp file before unmounting /var
+# NOTE:  This is added to relieve one site's Cisco router configuration that
+# fails to recognize the host once the arping is sent out.
+# NOTE: this is pretty fragile, and fails on fedora 10 that as of today (oct. 20 2009) 
+# has initscripts-8.86.3-1.i386 which reads almost identical but with /sbin/arping instead
+# NOTE: this might work with fedora8 and centos5
+# the other distros will probably just fail to add this patch
+cat <<\EOF | patch -d ${vdir}/etc/sysconfig/network-scripts/
+--- ifup-eth	2008-07-08 13:19:49.000000000 -0400
++++ ifup-eth-orig	2008-07-08 13:20:02.000000000 -0400
+@@ -263,10 +263,10 @@
+     fi
+     
+     if ! LC_ALL=C ip addr ls ${REALDEVICE} | LC_ALL=C grep -q "${IPADDR}/${PREFIX}" ; then
+-	 if ! arping -q -c 2 -w 3 -D -I ${REALDEVICE} ${IPADDR} ; then
+-	    echo $"Error, some other host already uses address ${IPADDR}."
+-	    exit 1
+-	 fi
++	 #if ! arping -q -c 2 -w 3 -D -I ${REALDEVICE} ${IPADDR} ; then
++	 #   echo $"Error, some other host already uses address ${IPADDR}."
++	 #   exit 1
++	 #fi
+ 	 if ! ip addr add ${IPADDR}/${PREFIX} \
+ 	    brd ${BROADCAST:-+} dev ${REALDEVICE} ${SCOPE} label ${DEVICE}; then
+ 	    echo $"Error adding address ${IPADDR} for ${DEVICE}."
 EOF