b62b4ca2 |
#!/bin/bash
|
daadf744 |
# This script is run on an Ubuntu VM.
# This script is inserted into the VM by prepare_guest_template.sh
# and is run when that VM boots.
# It customizes a fresh Ubuntu install, so it is ready
# to run stack.sh
#
# This includes installing the XenServer tools,
# creating the user called "stack",
# and shuts down the VM to signal the script has completed
|
0b3804bf |
set -o errexit
set -o nounset |
daadf744 |
set -o xtrace |
ce59d643 |
|
b62b4ca2 |
# Configurable nuggets |
0b3804bf |
GUEST_PASSWORD="$1"
XS_TOOLS_PATH="$2"
STACK_USER="$3" |
d15c8a08 |
DOMZERO_USER="$4"
function setup_domzero_user() {
local username
username="$1"
local key_updater_script
local sudoers_file
key_updater_script="/home/$username/update_authorized_keys.sh"
sudoers_file="/etc/sudoers.d/allow_$username"
# Create user
adduser --disabled-password --quiet "$username" --gecos "$username"
# Give passwordless sudo
cat > $sudoers_file << EOF
$username ALL = NOPASSWD: ALL
EOF
chmod 0440 $sudoers_file
# A script to populate this user's authenticated_keys from xenstore
cat > $key_updater_script << EOF
#!/bin/bash
set -eux
DOMID=\$(sudo xenstore-read domid)
sudo xenstore-exists /local/domain/\$DOMID/authorized_keys/$username
sudo xenstore-read /local/domain/\$DOMID/authorized_keys/$username > /home/$username/xenstore_value
cat /home/$username/xenstore_value > /home/$username/.ssh/authorized_keys
EOF
# Give the key updater to the user
chown $username:$username $key_updater_script
chmod 0700 $key_updater_script
# Setup the .ssh folder
mkdir -p /home/$username/.ssh
chown $username:$username /home/$username/.ssh
chmod 0700 /home/$username/.ssh
touch /home/$username/.ssh/authorized_keys
chown $username:$username /home/$username/.ssh/authorized_keys
chmod 0600 /home/$username/.ssh/authorized_keys
# Setup the key updater as a cron job
crontab -u $username - << EOF
* * * * * $key_updater_script
EOF
} |
b62b4ca2 |
# Install basics |
0b3804bf |
apt-get update
apt-get install -y cracklib-runtime curl wget ssh openssh-server tcpdump ethtool |
f34cb851 |
apt-get install -y curl wget ssh openssh-server python-pip git vim-nox sudo python-netaddr |
0b3804bf |
pip install xenapi |
b62b4ca2 |
|
daadf744 |
# Install XenServer guest utilities |
0b3804bf |
dpkg -i $XS_TOOLS_PATH
update-rc.d -f xe-linux-distribution remove
update-rc.d xe-linux-distribution defaults |
b62b4ca2 |
# Make a small cracklib dictionary, so that passwd still works, but we don't
# have the big dictionary. |
0b3804bf |
mkdir -p /usr/share/cracklib
echo a | cracklib-packer |
b62b4ca2 |
# Make /etc/shadow, and set the root password |
0b3804bf |
pwconv
echo "root:$GUEST_PASSWORD" | chpasswd |
b62b4ca2 |
# Put the VPX into UTC. |
0b3804bf |
rm -f /etc/localtime |
b62b4ca2 |
# Add stack user |
0b3804bf |
groupadd libvirtd
useradd $STACK_USER -s /bin/bash -d /opt/stack -G libvirtd
echo $STACK_USER:$GUEST_PASSWORD | chpasswd
echo "$STACK_USER ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers |
b62b4ca2 |
|
d15c8a08 |
setup_domzero_user "$DOMZERO_USER"
|
b1dc9bd5 |
# Add an udev rule, so that new block devices could be written by stack user
cat > /etc/udev/rules.d/50-openstack-blockdev.rules << EOF
KERNEL=="xvd[b-z]", GROUP="$STACK_USER", MODE="0660"
EOF
|
b62b4ca2 |
# Give ownership of /opt/stack to stack user |
0b3804bf |
chown -R $STACK_USER /opt/stack |
b62b4ca2 |
function setup_vimrc {
if [ ! -e $1 ]; then
# Simple but usable vimrc
cat > $1 <<EOF
syntax on
se ts=4
se expandtab
se shiftwidth=4
EOF
fi
}
# Setup simple .vimrcs |
0b3804bf |
setup_vimrc /root/.vimrc
setup_vimrc /opt/stack/.vimrc |
daadf744 |
# remove self from local.rc
# so this script is not run again
rm -rf /etc/rc.local |
0b3804bf |
# Restore rc.local file
cp /etc/rc.local.preparebackup /etc/rc.local |
daadf744 |
# shutdown to notify we are done
shutdown -h now |