-basline can be used to prepare systems in the Rackspace (or potentially
-other environments) for following vagrant layers.
+baseline can be used for preparing basic test images. It's suitable for
+use only as a verification that our baseline library script is working
+as expected or for a very vanilla image.
-While the base image that is looked for is
-'Fedora 20 (Heisenbug) (PVHVM)' which is no longer even offered, the
-variable is being left in place so to prompt selection of a proper base
-image to spin up against.
-
-This is controlled by the RSIMAGE environment variable
-
-ex:
-
-$ RSIMAGE='CentOS 7 (PVHVM)' vagrant up --provider=rackspace
-
-This vagrant will just set the instance up at the most basic to be
-Vagrant capable and also SELinux enforcing. It will then "reseal" itself
-and state the the system is ready for imaging. Any further RackSpace
-specific Vagrant definitions will expect a base system of the form
-"$DISTRO - Vagrant ready" for the base image name
+This is controlled by the IMAGE environment variable
ex:
-Fedora 20 (Heisenbug) - Vagrant ready
-
-or
-
-CentOS 7 - Vagrant ready
-
-NOTE: The reseal operation _destroys_ the SSH keys that were used to
-bring the Vagrant system up effectively making the system unable to
-perform SSH based logins again. This is intentional.
+$ export RESEAL=true
+$ IMAGE='CentOS 7' vagrant up --provider=openstack
-If you are bringing up an Ubuntu system you _must_ also set
-RSPTY='default' or the bring up will hang indefinitely during the OS
-upgrade phase.
+If $RESEAL is not set then the system will not be cleaned up in
+preparation for snapshotting. This is mostly useful for troubleshooting
+a vagrant definition before you do your final creation and snapshot.
# getting the ssh key for some reason, root does
# so use that
config.ssh.username = 'root'
-
- # Fedora and EL systems default to requiring a tty for sudo
- if (ENV['RSPTY'] == 'default')
- config.ssh.pty = false
- else
- config.ssh.pty = true
- end
-
- # The rackspace provider by default tries to rsync
- # the local folder / vagrant box to /vagrant
- # unfortunately, even with config.ssh.pty = true
- # this fails because it doesn't recognize the pty requirement
- # when doing the sudo based rsync (not that it needs to sudo
- # when doing things as root). To avoid this, disable the
- # default sync, we don't need it anyway.
- config.vm.synced_folder '.', '/vagrant', :disabled => true
+ # DEPRECATED
+ # ==========
+ #
+ # NOTE: The Rackspace provider section is deprecated as we are moving into a
+ # private OpenStack cloud. It may be revived after we've migrated and have a
+ # chance to do work to reconfigure the Rackspace public cloud to work for
+ # burst access
+ #
# make sure to set the following in your
# ~/.vagrant.d/boxes/dummy/0/rackspace/Vagrantfile
# rs.username
# Default to the Fedora 20 image unless overridden by a RSIMAGE
# environment variable
- if ENV['RSIMAGE']
- rs.image = ENV['RSIMAGE']
+ if ENV['IMAGE']
+ rs.image = ENV['IMAGE']
else
rs.image = 'Fedora 20 (Heisenbug) (PVHVM)'
end
end
+ # /DEPRECATED
- # Do a full system update and force enforcing on (it's in permissive
- # by default in the rackspace base images)
- config.vm.provision 'shell', path: 'bootstrap.sh'
+ # Configuration used by ODL Private cloud
+ # Should be mostly usable by any OpenStack cloud that can
+ # utilize upstream cloud images
+ config.vm.provider :openstack do |os, override|
+ if ENV['BOX']
+ override.vm.box = ENV['BOX']
+ else
+ override.vm.box = 'dummy'
+ end
+ config.ssh.username = 'centos'
+ os.flavor = 'm1.small'
+
+ # require an IMAGE to be passed in
+ # IMAGE must be a human name and not an image ID!
+ if ENV['IMAGE']
+ os.image = ENV['IMAGE']
+ else
+ os.image = 'BAD IMAGE'
+ override.ssh.username = 'baduser'
+ end
+
+ case ENV['IMAGE']
+ when /.*ubuntu.*/i
+ override.ssh.username = 'ubuntu'
+
+ when /.*fedora.*/i
+ override.ssh.username = 'fedora'
+
+ # take care of the tty requirement by fedora for sudo
+ os.user_data = "#!/bin/bash
+/bin/sed -i 's/ requiretty/ !requiretty/' /etc/sudoers;"
+
+ when /.*centos.*/i
+ override.ssh.username = 'centos'
+
+ # take care of the tty requirement by centos for sudo
+ os.user_data = "#!/bin/bash
+/bin/sed -i 's/ requiretty/ !requiretty/' /etc/sudoers;"
+ end
+
+ end
- # disable the default requiretty for sudo that Fedora and CentOS have
- config.vm.provision 'shell', path: 'remove_requiretty.sh'
+ # Do a full system update and enable enforcing if needed
+ config.vm.provision 'shell', path: '../lib/baseline.sh'
# Execute a system clean-up in prep for imaging so that this base
# image can be used for other Rackspace Vagrant configurations
- config.vm.provision 'shell', path: 'system_reseal.sh'
+ config.vm.provision 'shell', path: '../lib/system_reseal.sh'
end
+++ /dev/null
-#!/bin/bash
-
-# Make sure we have the leading space so multiple runs
-# are idempotent
-/bin/sed -i 's/ requiretty/ !requiretty/' /etc/sudoers;
+++ /dev/null
-#!/bin/bash
-
-# vim: sw=2 ts=2 sts=2 et :
-
-if [ -f /.autorelabel ]; then
- echo "**********************************************"
- echo "* SYSTEM REQUIRES RELABELING SKIPPING RESEAL *"
- echo "* PLEASE RESTART SYSTEM AND RERUN *"
- echo "* PROVISIONING SCRIPTS *"
- echo "**********************************************"
- exit 1;
-fi
-
-# clean-up from any prior cloud-init networking
-rm -rf /etc/sysconfig/network-scripts/{ifcfg,route}-eth*
-
-rm -rf /etc/Pegasus/*.cnf /etc/Pegasus/*.crt /etc/Pegasus/*.csr /etc/Pegasus/*.pem /etc/Pegasus/*.srl /root/anaconda-ks.cfg /root/anaconda-post.log /root/initial-setup-ks.cfg /root/install.log /root/install.log.syslog /var/cache/fontconfig/* /var/cache/gdm/* /var/cache/man/* /var/lib/AccountService/users/* /var/lib/fprint/* /var/lib/logrotate.status /var/log/*.log* /var/log/BackupPC/LOG /var/log/ConsoleKit/* /var/log/anaconda.syslog /var/log/anaconda/* /var/log/apache2/*_log /var/log/apache2/*_log-* /var/log/apt/* /var/log/aptitude* /var/log/audit/* /var/log/btmp* /var/log/ceph/*.log /var/log/chrony/*.log /var/log/cron* /var/log/cups/*_log /var/log/debug* /var/log/dmesg* /var/log/exim4/* /var/log/faillog* /var/log/gdm/* /var/log/glusterfs/*glusterd.vol.log /var/log/glusterfs/glusterfs.log /var/log/httpd/*log /var/log/installer/* /var/log/jetty/jetty-console.log /var/log/journal/* /var/log/lastlog* /var/log/libvirt/libvirtd.log /var/log/libvirt/lxc/*.log /var/log/libvirt/qemu/*.log /var/log/libvirt/uml/*.log /var/log/lightdm/* /var/log/mail/* /var/log/maillog* /var/log/messages* /var/log/ntp /var/log/ntpstats/* /var/log/ppp/connect-errors /var/log/rhsm/* /var/log/sa/* /var/log/secure* /var/log/setroubleshoot/*.log /var/log/spooler* /var/log/squid/*.log /var/log/syslog* /var/log/tallylog* /var/log/tuned/tuned.log /var/log/wtmp* /var/named/data/named.run
-
-rm -rf ~/.viminfo /etc/ssh/ssh*key*
-
-# kill any cloud-init related bits
-rm -rf /var/lib/cloud/*
-
-if [ -e /usr/bin/facter ]
-then
- if [ `/usr/bin/facter operatingsystem` = 'Ubuntu' ]
- then
- rm -rf /etc/hostname* /etc/hosts /etc/network/interfaces /etc/network/interfaces.*.bak~
- cat <<EOINT >> /etc/network/interfaces
-# Used by ifup(8) and ifdown(8). See the interfaces(5) manpage or
-# /usr/share/doc/ifupdown/examples for more information.
-# The loopback network interface
-auto lo
-iface lo inet loopback
-EOINT
- fi
-fi
-
-echo "********************************************"
-echo "* PLEASE SNAPSHOT IMAGE AT THIS TIME *"
-echo "********************************************"
rh_systems() {
# Handle the occurance where SELINUX is actually disabled
- if [ `grep SELINUX=permissive /etc/selinux/config` ]; then
- # make sure that the filesystem is properly labelled.
- # it could be not fully labeled correctly if it was just switched
- # from disabled, the autorelabel misses some things
- # skip relabelling on /dev as it will generally throw errors
- restorecon -R -e /dev /
-
- # enable enforcing mode from the very start
- setenforce enforcing
-
- # configure system for enforcing mode on next boot
- sed -i 's/SELINUX=permissive/SELINUX=enforcing/' /etc/selinux/config
- else
- sed -i 's/SELINUX=disabled/SELINUX=permissive/' /etc/selinux/config
- touch /.autorelabel
-
- echo "*******************************************"
- echo "** SYSTEM REQUIRES A RESTART FOR SELINUX **"
- echo "*******************************************"
- fi
+ SELINUX=$(grep -E '^SELINUX=(disabled|permissive|enforcing)$' /etc/selinux/config)
+ MODE=$(echo "$SELINUX" | cut -f 2 -d '=')
+ case "$MODE" in
+ permissive)
+ echo "************************************"
+ echo "** SYSTEM ENTERING ENFORCING MODE **"
+ echo "************************************"
+ # make sure that the filesystem is properly labelled.
+ # it could be not fully labeled correctly if it was just switched
+ # from disabled, the autorelabel misses some things
+ # skip relabelling on /dev as it will generally throw errors
+ restorecon -R -e /dev /
+
+ # enable enforcing mode from the very start
+ setenforce enforcing
+
+ # configure system for enforcing mode on next boot
+ sed -i 's/SELINUX=permissive/SELINUX=enforcing/' /etc/selinux/config
+ ;;
+ disabled)
+ sed -i 's/SELINUX=disabled/SELINUX=permissive/' /etc/selinux/config
+ touch /.autorelabel
+
+ echo "*******************************************"
+ echo "** SYSTEM REQUIRES A RESTART FOR SELINUX **"
+ echo "*******************************************"
+ ;;
+ enforcing)
+ echo "*********************************"
+ echo "** SYSTEM IS IN ENFORCING MODE **"
+ echo "*********************************"
+ ;;
+ esac
# Allow jenkins access to alternatives command to switch java version
cat <<EOF >/etc/sudoers.d/89-jenkins-user-defaults
# add in components we need or want on systems
echo "---> Installing base packages"
- yum install -y -q @base
+ yum install -y -q @base https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
# separate group installs from package installs since a non-existing
# group with dnf based systems (F21+) will fail the install if such
# a group does not exist
echo "---> Configuring OpenJDK"
yum install -y -q 'java-*-openjdk-devel'
- FACTER_OS=`/usr/bin/facter operatingsystem`
- FACTER_OSVER=`/usr/bin/facter operatingsystemrelease`
+ FACTER_OS=$(/usr/bin/facter operatingsystem)
+ FACTER_OSVER=$(/usr/bin/facter operatingsystemrelease)
case "$FACTER_OS" in
Fedora)
if [ "$FACTER_OSVER" -ge "21" ]
cat <<EOF >/etc/sudoers.d/89-jenkins-user-defaults
Defaults:jenkins !requiretty
jenkins ALL = NOPASSWD: /usr/bin/update-alternatives
+EOF
+
+ export DEBIAN_FRONTEND=noninteractive
+ cat <<EOF >> /etc/apt/apt.conf
+APT {
+ Get {
+ Assume-Yes "true";
+ allow-change-held-packages "true";
+ allow-downgrades "true";
+ allow-remove-essential "true";
+ };
+};
+
+Dpkg::Options {
+ "--force-confdef";
+ "--force-confold";
+};
+
EOF
echo "---> Updating operating system"
- apt-get update -qq
- apt-get upgrade -y --force-yes -qq
+ apt-get update
+ apt-get upgrade
# add in stuff we know we need
echo "---> Installing base packages"
- apt-get install -y --force-yes -qq unzip xz-utils puppet git libxml-xpath-perl
+ apt-get install unzip xz-utils puppet git libxml-xpath-perl
# install Java 7
echo "---> Configuring OpenJDK"
- apt-get install -y --force-yes -qq openjdk-7-jdk
+ apt-get install openjdk-7-jdk
# make jdk8 available
add-apt-repository -y ppa:openjdk-r/ppa
- apt-get update -qq
+ apt-get update
# We need to force openjdk-8-jdk to install
- apt-get install -y -qq openjdk-8-jdk
+ apt-get install openjdk-8-jdk
# make sure that we still default to openjdk 7
update-alternatives --set java /usr/lib/jvm/java-7-openjdk-amd64/jre/bin/java
# Do any Distro specific installations here
echo "Checking distribution"
- FACTER_OS=`/usr/bin/facter operatingsystem`
+ FACTER_OS=$(/usr/bin/facter operatingsystem)
case "$FACTER_OS" in
RedHat|CentOS)
- if [ `/usr/bin/facter operatingsystemrelease | /bin/cut -d '.' -f1` = "7" ]; then
+ if [ "$(/usr/bin/facter operatingsystemrelease | /bin/cut -d '.' -f1)" = "7" ]; then
echo
echo "---> CentOS 7"
echo "No extra steps currently for CentOS 7"
}
echo "---> Attempting to detect OS"
-# OS selector
-if [ -f /usr/bin/yum ]
-then
- OS='RH'
-else
- OS='UBUNTU'
-fi
-
-case "$OS" in
- RH)
+# upstream cloud images use the distro name as the initial user
+ORIGIN=$(logname)
+
+case "${ORIGIN}" in
+ fedora|centos)
echo "---> RH type system detected"
rh_systems
;;
- UBUNTU)
+ ubuntu)
echo "---> Ubuntu system detected"
ubuntu_systems
;;
exit 1;
fi
-# clean-up from any prior cloud-init networking
-rm -rf /etc/sysconfig/network-scripts/ifcfg-eth*
-
rm -rf /etc/Pegasus/*.cnf /etc/Pegasus/*.crt /etc/Pegasus/*.csr /etc/Pegasus/*.pem /etc/Pegasus/*.srl /root/anaconda-ks.cfg /root/anaconda-post.log /root/initial-setup-ks.cfg /root/install.log /root/install.log.syslog /var/cache/fontconfig/* /var/cache/gdm/* /var/cache/man/* /var/lib/AccountService/users/* /var/lib/fprint/* /var/lib/logrotate.status /var/log/*.log* /var/log/BackupPC/LOG /var/log/ConsoleKit/* /var/log/anaconda.syslog /var/log/anaconda/* /var/log/apache2/*_log /var/log/apache2/*_log-* /var/log/apt/* /var/log/aptitude* /var/log/audit/* /var/log/btmp* /var/log/ceph/*.log /var/log/chrony/*.log /var/log/cron* /var/log/cups/*_log /var/log/debug* /var/log/dmesg* /var/log/exim4/* /var/log/faillog* /var/log/gdm/* /var/log/glusterfs/*glusterd.vol.log /var/log/glusterfs/glusterfs.log /var/log/httpd/*log /var/log/installer/* /var/log/jetty/jetty-console.log /var/log/journal/* /var/log/lastlog* /var/log/libvirt/libvirtd.log /var/log/libvirt/lxc/*.log /var/log/libvirt/qemu/*.log /var/log/libvirt/uml/*.log /var/log/lightdm/* /var/log/mail/* /var/log/maillog* /var/log/messages* /var/log/ntp /var/log/ntpstats/* /var/log/ppp/connect-errors /var/log/rhsm/* /var/log/sa/* /var/log/secure* /var/log/setroubleshoot/*.log /var/log/spooler* /var/log/squid/*.log /var/log/syslog* /var/log/tallylog* /var/log/tuned/tuned.log /var/log/wtmp* /var/named/data/named.run
-rm -rf ~/.viminfo /etc/ssh/ssh*key*
+rm -rf ~/.viminfo /etc/ssh/ssh*key* ~/.ssh/* /root/.ssh/* /home/$(logname)/.ssh/*
# kill any cloud-init related bits
rm -rf /var/lib/cloud/*
-if [ -e /usr/bin/facter ]
-then
- if [ `/usr/bin/facter operatingsystem` = 'Ubuntu' ]
- then
- rm -rf /etc/hostname* /etc/hosts /etc/network/interfaces /etc/network/interfaces.*.bak~
- cat <<EOINT >> /etc/network/interfaces
-# Used by ifup(8) and ifdown(8). See the interfaces(5) manpage or
-# /usr/share/doc/ifupdown/examples for more information.
-# The loopback network interface
-auto lo
-iface lo inet loopback
-EOINT
- fi
-fi
-
# cleanup /vagrant
rm -rf /vagrant
+# Force a system sync and sleep to get around any SSD issues
+echo "Forcing sync and sleep for 10sec"
+sync
+sleep 10
+
echo "********************************************"
echo "* PLEASE SNAPSHOT IMAGE AT THIS TIME *"
echo "********************************************"