forked from eucalyptus/load-balancer-image
-
Notifications
You must be signed in to change notification settings - Fork 0
/
eucalyptus-load-balancer-image.ks.in
199 lines (177 loc) · 4.59 KB
/
eucalyptus-load-balancer-image.ks.in
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
# Copyright 2010, Jeremy Katz
# Jeremy Katz <[email protected]>
#
# Copyright 2009-2013 Eucalyptus Systems, Inc.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see http://www.gnu.org/licenses/.
#
# Please contact Eucalyptus Systems, Inc., 6755 Hollister Ave., Goleta
# CA 93117, USA or visit http://www.eucalyptus.com/licenses/ if you need
# additional information or have any questions.
#
# Eucalyptus Loadbalancer Release Image
#
# This image is meant to be distributed along with Eucalyptus
#
lang en_US.UTF-8
keyboard us
skipx
timezone UTC
auth --useshadow --passalgo=sha512
selinux --disabled
firewall --disabled
bootloader --timeout=1 --append="xen_blkfront.sda_is_xvda=1 serial=tty0 console=ttyS0,115200n8"
network --bootproto=dhcp --device=eth0 --onboot=on
services --enabled=network,ntpd,ntpdate,load-balancer-servo
part / --size 1536 --fstype ext3
zerombr
rootpw --iscrypted $1$HEVobWzu$6d5IWr.r7Df15XHLFCggW/
reboot
#
# Templated Repository Entries
{% for (name, urltype, url) in repos %}
repo --name={{ name }} --{{ urltype }}={{ url }}
{% endfor %}
#
#
# Add all the packages after the base packages
#
%packages --nobase --excludedocs --instLangs=en
@core
audit
bash
chkconfig
coreutils
curl
e2fsprogs
grub
kernel-xen
openssh-server
passwd
policycoreutils
rootfiles
sudo
system-config-firewall-base
ntp
ntpdate
#
# Loadbalancer packages
haproxy # Version 1.5 required
python-boto
load-balancer-servo
python-httplib2
#
# Package exclusions
-plymouth
-plymouth-system-theme
-efibootmgr
-acl
-atmel-firmware
-b43-openfwwf
-cyrus-sasl
-postfix
-sysstat
-xorg-x11-drv-ati-firmware
-yum-utils
-ipw2100-firmware
-ipw2200-firmware
-ivtv-firmware
-iwl1000-firmware
-iwl3945-firmware
-iwl4965-firmware
-iwl5000-firmware
-iwl5150-firmware
-iwl6000-firmware
-iwl6050-firmware
-libertas-usb8388-firmware
-rt61pci-firmware
-rt73usb-firmware
-mysql-libs
-zd1211-firmware
-ql2100-firmware
-ql2200-firmware
-ql23xx-firmware
-ql2400-firmware
-ql2500-firmware
-aic94xx-firmware
-iwl6000g2a-firmware
-iwl100-firmware
-bfa-firmware
%end
%post --erroronfail
#
# Setup console
cat > /etc/init/ttyS0.conf <<EOF
stop on runlevel[016]
start on runlevel[345]
respawn
instance /dev/ttyS0
exec /sbin/mingetty /dev/ttyS0
EOF
sed -i 's/rhgb quiet//' /boot/grub/grub.conf
sed -i 's/hiddenmenu//' /boot/grub/grub.conf
sed -i 's/splashimage.*//' /boot/grub/grub.conf
#
# Fix sudo settings so that servo is able to start haproxy without a tty
sed -i '/requiretty/s/^/#/' /etc/sudoers
sed -i '/!visiblepw/s/^/#/' /etc/sudoers
#
# Disable zeroconf
echo "NOZEROCONF=yes" >> /etc/sysconfig/network
#
# Lock root login (just in case)
passwd -l root
#
# Update SSHD configuration
sed -i 's/PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
cat >> /etc/ssh/sshd_config <<EOF
UseDNS no
PermitRootLogin without-password
EOF
cat >> /etc/rc.d/rc.local <<EOF
#
# Script content based on rc.local in starter emis
# http://emis.eucalyptus.com
#
# Create the host keys for the SSH server
for key_type in rsa dsa; do
if [ ! -f /etc/ssh/ssh_host_\${key_type}_key ]; then
ssh-keygen -t \${key_type} -N '' -f /etc/ssh/ssh_host_\${key_type}_key
fi
done
if [ ! -d /root/.ssh ]; then
mkdir -p /root/.ssh
chmod 700 /root/.ssh
fi
# Get public key for debugging load balancer (if set)
# Setting this is available via the property:
# loadbalancing.loadbalancer_vm_keyname
echo >> /root/.ssh/authorized_keys
chmod 600 authorized_keys
curl --retry 3 --retry-delay 10 -m 45 -s http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key | grep 'ssh-rsa' >> /root/.ssh/authorized_keys
echo "AUTHORIZED_KEYS:"
echo "************************"
cat /root/.ssh/authorized_keys
echo "************************"
# set the hostname to something sensible
META_HOSTNAME="\$(curl -s http://169.254.169.254/latest/meta-data/local-hostname)"
META_IP="\$(curl -s http://169.254.169.254/latest/meta-data/local-ipv4)"
if [ \${META_HOSTNAME} = \${META_IP} ]; then
META_HOSTNAME="\$(echo \$META_HOSTNAME | sed -e 's/\./-/g' | xargs -I {} echo "ip-{}")"
fi
hostname \$META_HOSTNAME
echo >> /etc/hosts
echo "\${META_IP} \${META_HOSTNAME}" >> /etc/hosts
exit 0
EOF
%end