X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=config.planetlab%2Fbootstrapfs.post;h=a11afce9c23b14b59ff788502ad1890ccc7b3996;hb=46939c3c866794940b11d7fdf3abb945b23dc22c;hp=2413251519fbd61d907a1b77665fd221e2f16f49;hpb=cda9ee4297e4e33c12e2ebf8f54c72f77e05bcca;p=build.git diff --git a/config.planetlab/bootstrapfs.post b/config.planetlab/bootstrapfs.post index 24132515..a11afce9 100644 --- a/config.planetlab/bootstrapfs.post +++ b/config.planetlab/bootstrapfs.post @@ -10,16 +10,42 @@ fi # Cleanup yum config entirely, waiting for the config files to populate this rm -rf ${vdir}/etc/yum.conf ${vdir}/etc/yum.repos.d +# Tweaking services +# turn OFF firstboot if present, might cause the node to hang +chroot ${vdir} /sbin/chkconfig firstboot off || : # NOTE: we're enabling util-vserver to allow it to help shutdown all slices -# before rebooting. This has been problematic in the past. -# Thierry : I'm enabling network since, for some reason, it ends up turned off on fedora9 -for service in network util-vserver; do - chroot ${vdir} /sbin/chkconfig $service on -done +# before rebooting. This has been problematic in the past +chroot ${vdir} /sbin/chkconfig util-vserver off || : +# enabling network as it ends up turned off on systems that come with NetworkManager, starting with fedora9 +chroot ${vdir} /sbin/chkconfig network on || : +# and turn off NetworkManager if present, as it quite obviously messes with network +chroot ${vdir} /sbin/chkconfig NetworkManager off || : + +# turn OFF vservers-default ; this is to automatically restart vservers, let nm do that +chroot ${vdir} /sbin/chkconfig vservers-default off || : +# turn ON vprocunhide ; is required with kernels that have CONFIG_VSERVER_PROC_SECURE enabled +# which is the case for our k32 kernel +# chroot ${vdir} /sbin/chkconfig vprocunhide on || : + +chroot ${vdir} /sbin/chkconfig fprobe-ulog on || : + +# turn off cgconfig +chroot ${vdir} /sbin/chkconfig cgconfig off || : + +# turn ON lxc-reference. +chroot ${vdir} /sbin/chkconfig lxc-reference on || : -# Remove unneeded services -for service in vprocunhide vservers-default; do - chroot ${vdir} /sbin/chkconfig $service off +# turn OFF selinux if set +# this may happen accidentally if you mention too much stuff in bootstrapfs.pkgs +for file in /etc/sysconfig/selinux /sbin/load_policy; do + [ -f ${vdir}/${file} ] || { echo "$file not found in $vdir - fine" ; continue; } + selinuxrpm=$(chroot ${vdir} rpm -qf ${file}) + if [ -z "$selinuxrpm" ] ; then + echo "SElinux: warning : could not rpm for file $file" + else + echo "Force-removing package ${selinuxrpm}" + chroot ${vdir} rpm -e --nodeps ${selinuxrpm} + fi done # Disable splaying of cron. @@ -28,8 +54,31 @@ echo > ${vdir}/etc/sysconfig/crontab # Add site_admin account chroot ${vdir} /usr/sbin/useradd -p "" -u 502 -m site_admin +# Remove 32bit packages from 64bit system (http://wiki.centos.org/FAQ/General#head-357346ff0bf7c14b0849c3bcce39677aaca528e9) +# use rpm instead of yum as /proc is not mounted at that poing +if echo ${vdir} | grep -q x86_64 ; then + chroot ${vdir} rpm -qa --qf '%{name}.%{arch}\n' | grep 'i[36]86$' | xargs chroot ${vdir} rpm -e +fi + +# Add a logrotate script for btmp, which logs failed ssh logins, which can +# grow unbounded on public plnodes and fill the root fs. +cat < ${vdir}/etc/logrotate.d/btmp +/var/log/btmp { + weekly + minsize 1M + create 0600 root utmp + rotate 2 + compress + notifempty +} +EOF + # NOTE: This is added to relieve one site's Cisco router configuration that # fails to recognize the host once the arping is sent out. +# NOTE: this is pretty fragile, and fails on fedora 10 that as of today (oct. 20 2009) +# has initscripts-8.86.3-1.i386 which reads almost identical but with /sbin/arping instead +# NOTE: this might work with fedora8 and centos5 +# the other distros will probably just fail to add this patch cat <<\EOF | patch -d ${vdir}/etc/sysconfig/network-scripts/ --- ifup-eth 2008-07-08 13:19:49.000000000 -0400 +++ ifup-eth-orig 2008-07-08 13:20:02.000000000 -0400