#!/bin/bash vdir=$1 if [ -z "${vdir}" ] ; then echo "ERROR: $0" echo "Provide the directory of the root filesystem to operate on" exit fi # Cleanup yum config entirely, waiting for the config files to populate this rm -rf ${vdir}/etc/yum.conf ${vdir}/etc/yum.repos.d # Tweaking services # turn OFF firstboot if present, might cause the node to hang chroot ${vdir} /sbin/chkconfig firstboot off || : # NOTE: we're enabling util-vserver to allow it to help shutdown all slices # before rebooting. This has been problematic in the past chroot ${vdir} /sbin/chkconfig util-vserver on || : # enabling network as it ends up turned off on systems that come with NetworkManager, starting with fedora9 chroot ${vdir} /sbin/chkconfig network on || : # and turn off NetworkManager if present, as it quite obviously messes with network chroot ${vdir} /sbin/chkconfig NetworkManager off || : # turn OFF vservers-default ; this is to automatically restart vservers, let nm do that chroot ${vdir} /sbin/chkconfig vservers-default off || : # turn ON vprocunhide ; is required with kernels that have CONFIG_VSERVER_PROC_SECURE enabled # which is the case for our k32 kernel chroot ${vdir} /sbin/chkconfig vprocunhide on || : # turn OFF selinux if set # this may happen accidentally if you mention too much stuff in bootstrapfs.pkgs for file in /etc/sysconfig/selinux /sbin/load_policy; do [ -f ${vdir}/${file} ] || { echo "$file not found in $vdir - fine" ; continue; } selinuxrpm=$(chroot ${vdir} rpm -qf ${file}) if [ -z "$selinuxrpm" ] ; then echo "SElinux: warning : could not rpm for file $file" else echo "Force-removing package ${selinuxrpm}" chroot ${vdir} rpm -e --nodeps ${selinuxrpm} fi done # Disable splaying of cron. echo > ${vdir}/etc/sysconfig/crontab # Add site_admin account chroot ${vdir} /usr/sbin/useradd -p "" -u 502 -m site_admin # Remove 32bit packages from 64bit system (http://wiki.centos.org/FAQ/General#head-357346ff0bf7c14b0849c3bcce39677aaca528e9) # use rpm instead of yum as /proc is not mounted at that poing if echo ${vdir} | grep -q x86_64 ; then chroot ${vdir} rpm -qa --qf '%{name}.%{arch}\n' | grep 'i[36]86$' | xargs chroot ${vdir} rpm -e fi # Add a logrotate script for btmp, which logs failed ssh logins, which can # grow unbounded on public plnodes and fill the root fs. cat < ${vdir}/etc/logrotate.d/btmp /var/log/btmp { weekly minsize 1M create 0600 root utmp rotate 2 compress notifempty } EOF # NOTE: Force package into crucial-rpm-list for NodeUpdate echo "nodebase" > ${vdir}/etc/planetlab/crucial-rpm-list cat < /tmp/nodebase.spec Summary: Dummy Package for initial nodebase Name: nodebase Version: 0.1 Release: 0 Group: System Environment/Base License: Apache 2.0 BuildArch: noarch %description This meta-package with no content allows 'yum update' to work on the m-lab nodebase. %files EOF rpmbuild -bb /tmp/nodebase.spec cp /root/rpmbuild/RPMS/noarch/nodebase-0.1-0.noarch.rpm ${vdir}/root/ chroot ${vdir} rpm -ihv /root/nodebase-0.1-0.noarch.rpm