X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=config.planetlab%2Fbootstrapfs.post;h=a11afce9c23b14b59ff788502ad1890ccc7b3996;hb=46939c3c866794940b11d7fdf3abb945b23dc22c;hp=ff4976f87b3abf453e2a41d239d7a0dbe5a9bf00;hpb=a8517bcc1f1ab801a4081891235d2ef42585a26c;p=build.git diff --git a/config.planetlab/bootstrapfs.post b/config.planetlab/bootstrapfs.post index ff4976f8..a11afce9 100644 --- a/config.planetlab/bootstrapfs.post +++ b/config.planetlab/bootstrapfs.post @@ -10,17 +10,42 @@ fi # Cleanup yum config entirely, waiting for the config files to populate this rm -rf ${vdir}/etc/yum.conf ${vdir}/etc/yum.repos.d +# Tweaking services +# turn OFF firstboot if present, might cause the node to hang +chroot ${vdir} /sbin/chkconfig firstboot off || : # NOTE: we're enabling util-vserver to allow it to help shutdown all slices -# before rebooting. This has been problematic in the past. -# Thierry : I'm enabling network since, for some reason, it ends up turned off on fedora9 -for service in network util-vserver; do - chroot ${vdir} /sbin/chkconfig $service on -done +# before rebooting. This has been problematic in the past +chroot ${vdir} /sbin/chkconfig util-vserver off || : +# enabling network as it ends up turned off on systems that come with NetworkManager, starting with fedora9 +chroot ${vdir} /sbin/chkconfig network on || : +# and turn off NetworkManager if present, as it quite obviously messes with network +chroot ${vdir} /sbin/chkconfig NetworkManager off || : + +# turn OFF vservers-default ; this is to automatically restart vservers, let nm do that +chroot ${vdir} /sbin/chkconfig vservers-default off || : +# turn ON vprocunhide ; is required with kernels that have CONFIG_VSERVER_PROC_SECURE enabled +# which is the case for our k32 kernel +# chroot ${vdir} /sbin/chkconfig vprocunhide on || : + +chroot ${vdir} /sbin/chkconfig fprobe-ulog on || : + +# turn off cgconfig +chroot ${vdir} /sbin/chkconfig cgconfig off || : -# Remove unneeded services -# turn off firstboot if present, might cause the node to hang -for service in vprocunhide vservers-default firstboot; do - chroot ${vdir} /sbin/chkconfig $service off || : +# turn ON lxc-reference. +chroot ${vdir} /sbin/chkconfig lxc-reference on || : + +# turn OFF selinux if set +# this may happen accidentally if you mention too much stuff in bootstrapfs.pkgs +for file in /etc/sysconfig/selinux /sbin/load_policy; do + [ -f ${vdir}/${file} ] || { echo "$file not found in $vdir - fine" ; continue; } + selinuxrpm=$(chroot ${vdir} rpm -qf ${file}) + if [ -z "$selinuxrpm" ] ; then + echo "SElinux: warning : could not rpm for file $file" + else + echo "Force-removing package ${selinuxrpm}" + chroot ${vdir} rpm -e --nodeps ${selinuxrpm} + fi done # Disable splaying of cron. @@ -35,10 +60,25 @@ if echo ${vdir} | grep -q x86_64 ; then chroot ${vdir} rpm -qa --qf '%{name}.%{arch}\n' | grep 'i[36]86$' | xargs chroot ${vdir} rpm -e fi +# Add a logrotate script for btmp, which logs failed ssh logins, which can +# grow unbounded on public plnodes and fill the root fs. +cat < ${vdir}/etc/logrotate.d/btmp +/var/log/btmp { + weekly + minsize 1M + create 0600 root utmp + rotate 2 + compress + notifempty +} +EOF + # NOTE: This is added to relieve one site's Cisco router configuration that # fails to recognize the host once the arping is sent out. # NOTE: this is pretty fragile, and fails on fedora 10 that as of today (oct. 20 2009) # has initscripts-8.86.3-1.i386 which reads almost identical but with /sbin/arping instead +# NOTE: this might work with fedora8 and centos5 +# the other distros will probably just fail to add this patch cat <<\EOF | patch -d ${vdir}/etc/sysconfig/network-scripts/ --- ifup-eth 2008-07-08 13:19:49.000000000 -0400 +++ ifup-eth-orig 2008-07-08 13:20:02.000000000 -0400