bogdan/zira-etc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Initial commit.

Browse Source
This commit is contained in:
Bogdan Stoica
2021-05-24 22:18:33 +03:00
commit e2954d55f4
3701 changed files with 330017 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

99
one-context.d/loc-05-grow-rootfs Executable file
View File

@@ -0,0 +1,99 @@
#!/usr/bin/env bash
# -------------------------------------------------------------------------- #
# Copyright 2002-2020, OpenNebula Project, OpenNebula Systems #
# #
# Licensed under the Apache License, Version 2.0 (the "License"); you may #
# not use this file except in compliance with the License. You may obtain #
# a copy of the License at #
# #
# http://www.apache.org/licenses/LICENSE-2.0 #
# #
# Unless required by applicable law or agreed to in writing, software #
# distributed under the License is distributed on an "AS IS" BASIS, #
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
# See the License for the specific language governing permissions and #
# limitations under the License. #
#--------------------------------------------------------------------------- #
set -e
GROW_ROOTFS=${GROW_ROOTFS:-YES}
GROW_ROOTFS=${GROW_ROOTFS^^}
if [ "${GROW_ROOTFS}" != 'YES' ]; then
echo 'Skipped root filesystem growing.' >&2
exit 0
fi
# FreeBSD
if [ -x /etc/rc.d/growfs ]; then
/etc/rc.d/growfs onestart
exit $?
fi
MOUNT_LINE=$(cat /etc/mtab | grep ' / ' | grep -v '^rootfs')
DEVICE=$(echo "$MOUNT_LINE" | cut -d' ' -f1)
FSTYPE=$(echo "$MOUNT_LINE" | cut -d' ' -f3)
GROWPART=$(which growpart)
if [ $? -ne 0 ]; then
echo "growpart command is missing"
exit 1
fi
if [ $(lvdisplay ${DEVICE} 2>/dev/null | wc -l) -eq 0 ]; then
DEVICE=$(findmnt -ln -o SOURCE /)
DISK=$(echo "$DEVICE" | sed 's/[0-9]*$//')
PARTITION=$(echo "$DEVICE" | sed "s|^$DISK||")
LVM="no"
fi
if [ "${LVM}" != "no" ]; then
if [ -f /etc/debian_version ]; then
DEVICE=$(mount | grep ' / ' | grep -v '^rootfs'|cut -d' ' -f1)
fi
PVRESIZE=$(which pvresize)
LVEXTEND=$(which lvextend)
DISK=$(pvdisplay |grep "PV Name"|awk '{print $3}'|sed 's/.$//')
PARTITION=$(pvdisplay |grep "PV Name"|awk '{print $3}'| sed "s|^${DISK}||")
PV=$(pvdisplay |grep "PV Name"|awk '{print $3}')
LV=$(lvdisplay ${DEVICE} |grep "LV Path"|awk '{print $3}')
# when PV is on MSDOS logical partition, detect the umbrella
# extended partition and grow it first
TABLE=$(parted -s ${DISK} print 2>/dev/null | grep 'Partition Table:' | awk '{print $3}')
if [ "${TABLE}" = 'msdos' ] && [ ${PARTITION} -gt 4 ]; then
PARTITION="$(parted -s ${DISK} print | grep 'extended' | awk '{print $1}') $PARTITION"
fi
fi
if [ -n "$DEBUG" ]; then
echo DEVICE: ${DEVICE}
echo FSTYPE: ${FSTYPE}
echo DISK: ${DISK}
echo PARTITION: ${PARTITION}
fi
(
for PART in ${PARTITION}; do
${GROWPART} ${DISK} ${PART}
done
if [ "${LVM}" != "no" ]; then
${PVRESIZE} ${PV}
${LVEXTEND} -l +100%FREE ${LV}
fi
) || : # don't fail, partition can be already extended by dracut
case "${FSTYPE}" in
ext2|ext3|ext4)
resize2fs ${DEVICE}
;;
xfs)
xfs_growfs /
;;
btrfs)
btrfs filesystem resize max /
;;
esac

38
one-context.d/loc-09-timezone Executable file
View File

@@ -0,0 +1,38 @@
#!/usr/bin/env bash
# -------------------------------------------------------------------------- #
# Copyright 2002-2020, OpenNebula Project, OpenNebula Systems #
# #
# Licensed under the Apache License, Version 2.0 (the "License"); you may #
# not use this file except in compliance with the License. You may obtain #
# a copy of the License at #
# #
# http://www.apache.org/licenses/LICENSE-2.0 #
# #
# Unless required by applicable law or agreed to in writing, software #
# distributed under the License is distributed on an "AS IS" BASIS, #
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
# See the License for the specific language governing permissions and #
# limitations under the License. #
#--------------------------------------------------------------------------- #
if [ -z "${TIMEZONE}" ]; then
exit 0
fi
if ! timedatectl set-timezone "${TIMEZONE}" 2>/dev/null; then
_tz_base='/usr/share/zoneinfo/'
_tz_dest=$(readlink -f "${_tz_base}${TIMEZONE}" 2>/dev/null)
# if timezone file path is resolvable file and
# real path is inside the timezone directory
if [ -n "${_tz_dest}" ] &&
[ -f "${_tz_dest}" ] &&
[[ "${_tz_dest}" =~ ^${_tz_base} ]];
then
ln -sf "${_tz_dest}" /etc/localtime
else
echo "ERROR: Invalid timezone '${TIMEZONE}'" >&2
exit 1
fi
fi

320
one-context.d/loc-10-network Executable file
View File

@@ -0,0 +1,320 @@
#!/usr/bin/env bash
# -------------------------------------------------------------------------- #
# Copyright 2002-2020, OpenNebula Project, OpenNebula Systems #
# #
# Licensed under the Apache License, Version 2.0 (the "License"); you may #
# not use this file except in compliance with the License. You may obtain #
# a copy of the License at #
# #
# http://www.apache.org/licenses/LICENSE-2.0 #
# #
# Unless required by applicable law or agreed to in writing, software #
# distributed under the License is distributed on an "AS IS" BASIS, #
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
# See the License for the specific language governing permissions and #
# limitations under the License. #
#--------------------------------------------------------------------------- #
COMMAND=${1}
# Gets IP address from a given MAC
mac2ip() {
mac=$1
let ip_a=0x`echo $mac | cut -d: -f 3`
let ip_b=0x`echo $mac | cut -d: -f 4`
let ip_c=0x`echo $mac | cut -d: -f 5`
let ip_d=0x`echo $mac | cut -d: -f 6`
ip="$ip_a.$ip_b.$ip_c.$ip_d"
echo $ip
}
# Gets the network part of an IP
get_network() {
network=$(get_iface_var "NETWORK")
if [ -z "$network" ]; then
IFS=. read -r i1 i2 i3 i4 <<< "$IP"
IFS=. read -r m1 m2 m3 m4 <<< "$(get_mask)"
network=$(printf "%d.%d.%d.%d\n" "$((i1 & m1))" "$((i2 & m2))" "$((i3 & m3))" "$((i4 & m4))")
fi
echo $network
}
# Gets the network mask
get_mask() {
mask=$(get_iface_var "MASK")
if [ -z "$mask" ]; then
mask="255.255.255.0"
fi
echo $mask
}
# Gets device MTU
get_mtu() {
mtu=$(get_iface_var "MTU")
echo $mtu
}
is_gateway() {
if [ -z "$GATEWAY_IFACE_NUM" ]; then
true
else
[ "$IFACE_NUM" = "$GATEWAY_IFACE_NUM" ]
fi
}
# Gets the network gateway
get_gateway() {
if is_gateway; then
gateway=$(get_iface_var "GATEWAY")
echo $gateway
fi
}
# Gets the network gateway6
get_gateway6() {
if is_gateway; then
get_iface_var "GATEWAY6"
fi
}
get_ip() {
ip=$(get_iface_var "IP")
echo $ip
}
get_iface_var() {
var_name="${UPCASE_DEV}_$1"
var=$(eval "echo \"\${$var_name}\"")
echo $var
}
gen_iface_conf() {
cat <<EOT
NETMASK=$MASK
IPADDR=$IP
EOT
if [ -n "$GATEWAY" ]; then
if [ "$CONFIG_PATH" = "/etc/sysconfig/network" ]; then
echo "default $GATEWAY - $DEV ${METRIC:+metric ${METRIC}}" \
>> "${CONFIG_PATH}/ifroute-${DEV}"
else
echo "default via $GATEWAY dev $DEV ${METRIC:+metric ${METRIC}}" \
>> "${CONFIG_PATH}/route-${DEV}"
fi
fi
if [ -n "$MTU" ]; then
echo "MTU=$MTU"
fi
}
gen_alias_conf() {
cat <<EOT
IPADDR${ALIAS_NUM}="${IP}"
NETMASK${ALIAS_NUM}="${MASK}"
EOT
}
gen_alias6_conf() {
if [ "$CONFIG_PATH" = "/etc/sysconfig/network" ]; then
echo "IPADDR_A6A${ALIAS_NUM}=$IP6/${IP6_PREFIX_LENGTH:-64}"
else
IPV6ADDR_SECONDARIES="${IPV6ADDR_SECONDARIES} ${IP6}/${IP6_PREFIX_LENGTH:-64}"
fi
if [ -n "$IP6_ULA" ]; then
if [ "$CONFIG_PATH" = "/etc/sysconfig/network" ]; then
echo "IPADDR_A6B${ALIAS_NUM}=$IP6_ULA/64"
else
IPV6ADDR_SECONDARIES="${IPV6ADDR_SECONDARIES} ${IP6_ULA}/64"
fi
fi
}
gen_iface6_conf() {
if [ "$CONFIG_PATH" = "/etc/sysconfig/network" ]; then
echo "IPADDR_6A=$IP6/${IP6_PREFIX_LENGTH:-64}"
cat <<EOT >> /etc/sysconfig/network/ifsysctl-$DEV
net.ipv6.conf.\$SYSCTL_IF.autoconf = 0
net.ipv6.conf.\$SYSCTL_IF.accept_ra = 0
EOT
else
cat <<EOT
IPV6INIT=yes
IPV6ADDR=$IP6/${IP6_PREFIX_LENGTH:-64}
IPV6_AUTOCONF=no
EOT
fi
if [ -n "$IP6_ULA" ]; then
if [ "$CONFIG_PATH" = "/etc/sysconfig/network" ]; then
echo "IPADDR_6B=$IP6_ULA/64"
else
IPV6ADDR_SECONDARIES="${IPV6ADDR_SECONDARIES} ${IP6_ULA}/64"
fi
fi
if [ -n "$GATEWAY6" ]; then
if [ "$CONFIG_PATH" = "/etc/sysconfig/network" ]; then
echo "default $GATEWAY6 - $DEV" >> /etc/sysconfig/network/ifroute-$DEV
else
echo "IPV6_DEFAULTGW=$GATEWAY6"
fi
fi
if [ -n "$MTU" ]; then
echo "IPV6_MTU=$MTU"
fi
}
get_interface_mac()
{
ip link show | awk '/^[0-9]+: [A-Za-z0-9@]+:/ { device=$2; gsub(/:/, "",device); split(device,dev,"@")} /link\/ether/ { print dev[1] " " $2 }'
}
get_context_interfaces()
{
env | grep -E "^ETH[0-9]+_MAC=" | sed 's/_.*$//' | sort
}
get_interface_alias()
{
env | grep -E "^ETH${INDEX}_ALIAS[0-9]+_MAC=" | cut -d '_' -f 2 | sort
}
get_dev()
{
list="$1"
mac="$2"
echo "$list" | grep "$mac" | cut -d' ' -f1 | tail -n1
}
gen_network_configuration()
{
if [ -d /etc/sysconfig/network-scripts ]; then
CONFIG_PATH=/etc/sysconfig/network-scripts
elif [ -d /etc/sysconfig/network ]; then
CONFIG_PATH=/etc/sysconfig/network
fi
INTERFACE_MAC=$(get_interface_mac)
CONTEXT_INTERFACES=$(get_context_interfaces)
GATEWAY_IFACE_NUM=$(echo "$GATEWAY_IFACE" | sed 's/^ETH//')
for interface in $CONTEXT_INTERFACES; do
UPCASE_DEV=$interface
MAC=$(get_iface_var "MAC")
DEV=$(get_dev "$INTERFACE_MAC" "$MAC")
IFACE_NUM=$(echo "$UPCASE_DEV" | sed 's/^ETH//')
IP=$(get_ip)
NETWORK=$(get_network)
MASK=$(get_mask)
MTU=$(get_mtu)
GATEWAY=$(get_gateway)
METRIC=$(get_iface_var "METRIC")
IP6=$(get_iface_var "IP6")
[[ -z $IP6 ]] && IP6=$(get_iface_var "IPV6")
IP6_PREFIX_LENGTH=$(get_iface_var "IP6_PREFIX_LENGTH")
IP6_ULA=$(get_iface_var "IP6_ULA")
GATEWAY6=$(get_gateway6)
# cumulative variable
IPV6ADDR_SECONDARIES=''
[ -z "${IP}${IP6}" ] && continue
[ -z "${DEV}" ] && continue
(
rm -f /etc/sysconfig/network-scripts/route-$DEV
rm -f /etc/sysconfig/network/ifroute-$DEV
rm -f /etc/sysconfig/network/ifsysctl-$DEV
cat <<EOT
DEVICE=$DEV
BOOTPROTO=static
NM_CONTROLLED=no
TYPE=Ethernet
EOT
if [ "$CONFIG_PATH" = "/etc/sysconfig/network" ]; then
echo "STARTMODE=auto"
else
echo "ONBOOT=yes"
fi
[[ -n $IP ]] && gen_iface_conf
[[ -n $IP6 ]] && gen_iface6_conf
INDEX=${interface: -1}
ALIAS=$(get_interface_alias)
ALIAS_NUM=0
for nic_alias in $ALIAS; do
UPCASE_DEV="ETH${INDEX}_${nic_alias}"
IP=$(get_ip)
MASK=$(get_mask)
IP6=$(get_iface_var "IP6")
[[ -z $IP6 ]] && IP6=$(get_iface_var "IPV6")
IP6_PREFIX_LENGTH=$(get_iface_var "IP6_PREFIX_LENGTH")
IP6_ULA=$(get_iface_var "IP6_ULA")
EXTERNAL=$(get_iface_var "EXTERNAL")
EXTERNAL=${EXTERNAL^^}
DETACH=$(get_iface_var "DETACH")
if [ -z "${DETACH}" ]; then
if [ -z "${EXTERNAL}" ] || [ "$EXTERNAL" = "NO" ]; then
[ -n "${IP}" ] && gen_alias_conf
[ -n "${IP6}" ] && gen_alias6_conf
if [ -n "${IP}${IP6}" ]; then
ALIAS_NUM=$((ALIAS_NUM + 1))
fi
fi
fi
done
# on Red Hats, we need just a single configuration
# entry with all additional IPv6 addresses
if [ -n "${IPV6ADDR_SECONDARIES}" ]; then
echo "IPV6ADDR_SECONDARIES='${IPV6ADDR_SECONDARIES## }'"
fi
) > ${CONFIG_PATH}/ifcfg-${DEV}
ifup ${DEV}
done
}
configure_network()
{
gen_network_configuration
if [ "${COMMAND}" = 'reconfigure' ]; then
service network restart
fi
sleep 2
}
[ -z "$(env | cut -d= -f1 | grep -E '^ETH[0-9]+_IPV*6*')" ] && exit 0
configure_network

113
one-context.d/loc-10-network-pci Executable file
View File

@@ -0,0 +1,113 @@
#!/usr/bin/env bash
# -------------------------------------------------------------------------- #
# Copyright 2002-2020, OpenNebula Project, OpenNebula Systems #
# #
# Licensed under the Apache License, Version 2.0 (the "License"); you may #
# not use this file except in compliance with the License. You may obtain #
# a copy of the License at #
# #
# http://www.apache.org/licenses/LICENSE-2.0 #
# #
# Unless required by applicable law or agreed to in writing, software #
# distributed under the License is distributed on an "AS IS" BASIS, #
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
# See the License for the specific language governing permissions and #
# limitations under the License. #
#--------------------------------------------------------------------------- #
get_iface_var()
{
var_name="${UPCASE_DEV}_$1"
var=$(eval "echo \"\${$var_name}\"")
echo $var
}
get_pci_interfaces()
{
env | grep -E "^PCI[0-9]+_MAC=" | sed 's/_.*$//' | sort
}
get_dev_from_pci()
{
DEV=$(find /sys/class/net/*/device -lname "*$1" 2>/dev/null | awk -F '/' '{print $5}')
if [ -z "$DEV" ]; then
echo "PCI Device $1 not found" >&2
return
fi
if [ `echo "$DEV" | wc -l` -gt 1 ]; then
echo "More than one PCI Device $1 found" >&2
return
fi
echo "$DEV"
}
PCI_INTERFACES=$(get_pci_interfaces)
for pci in $PCI_INTERFACES; do
UPCASE_DEV=$pci
IP=$(get_iface_var "IP")
MAC=$(get_iface_var "MAC")
MASK=$(get_iface_var "MASK")
MASK=${MASK:-255.255.255.0}
GATEWAY=$(get_iface_var "GATEWAY")
METRIC=$(get_iface_var "METRIC")
MTU=$(get_iface_var "MTU")
MTU=${MTU:-1500}
VLAN_ID=$(get_iface_var "VLAN_ID")
IP6=$(get_iface_var "IP6")
IP6_PREFIX_LENGTH=$(get_iface_var "IP6_PREFIX_LENGTH")
IP6_PREFIX_LENGTH=${IP6_PREFIX_LENGTH:-64}
IP6_ULA=$(get_iface_var "IP6_ULA")
GATEWAY6=$(get_iface_var "GATEWAY6")
ADDRESS=$(get_iface_var "ADDRESS")
[ -z "$ADDRESS" ] && continue
DEV=$(get_dev_from_pci "$ADDRESS")
[ -z "$DEV" ] && continue
# MAC
ip link set dev $DEV address $MAC
ip link set dev $DEV up
# MTU
if [ -n "$MTU" ]; then
ip link set dev $DEV mtu $MTU
fi
# VLAN (802.1Q)
if [ -n "$VLAN_ID" ]; then
ip link add link $DEV name $DEV.$VLAN_ID type vlan id $VLAN_ID
ip link set dev $DEV.$VLAN_ID up
DEV=$DEV.$VLAN_ID
fi
# IPv4
if [ -n "$IP" ]; then
ip address add $IP/$MASK dev $DEV
if [ -n "$GATEWAY" ]; then
ip route add default via $GATEWAY dev $DEV ${METRIC:+metric ${METRIC}}
fi
fi
# IPv6
if [ -n "$IP6" ]; then
ip -6 address add $IP6/$IP6_PREFIX_LENGTH dev $DEV
if [ -n "$IP6_ULA" ]; then
ip -6 address add $IP6_ULA/64 dev $DEV
fi
if [ -n "$GATEWAY6" ]; then
ip -6 route add default via $GATEWAY6 dev $DEV
fi
fi
done

63
one-context.d/loc-11-dns Executable file
View File

@@ -0,0 +1,63 @@
#!/usr/bin/env bash
# -------------------------------------------------------------------------- #
# Copyright 2002-2020, OpenNebula Project, OpenNebula Systems #
# #
# Licensed under the Apache License, Version 2.0 (the "License"); you may #
# not use this file except in compliance with the License. You may obtain #
# a copy of the License at #
# #
# http://www.apache.org/licenses/LICENSE-2.0 #
# #
# Unless required by applicable law or agreed to in writing, software #
# distributed under the License is distributed on an "AS IS" BASIS, #
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
# See the License for the specific language governing permissions and #
# limitations under the License. #
#--------------------------------------------------------------------------- #
export DNS_VARIABLES="DNS $(env | sed 's/=.*$//' | grep -E '^ETH[0-9]+_DNS$' | sort)"
export SEARCH_VARIABLES="SEARCH_DOMAIN $(env | sed 's/=.*$//' | grep -E '^ETH[0-9]+_SEARCH_DOMAIN$' | sort)"
nameservers=$(
for var in ${DNS_VARIABLES}; do
value=$(eval "echo \"\${$var}\"")
if [ -n "$value" ]; then
echo "$value"
fi
done
)
searchdomains=$(
for var in ${SEARCH_VARIABLES}; do
value=$(eval "echo \"\${$var}\"")
if [ -n "$value" ]; then
echo "$value"
fi
done
)
[ -z "$nameservers" ] && exit 0
if [ -L /etc/resolv.conf ]; then
unlink /etc/resolv.conf
else
echo -n '' > /etc/resolv.conf
fi
for nameserver in $nameservers; do
echo nameserver $nameserver >> /etc/resolv.conf
done
if [ -f /etc/sysconfig/network/config ]; then
sed -i "/^NETCONFIG_DNS_STATIC_SERVERS=/ s/=.*$/=\"$nameservers\"/" /etc/sysconfig/network/config
fi
[ -z "$searchdomains" ] && exit 0
echo search $searchdomains >> /etc/resolv.conf
if [ -f /etc/sysconfig/network/config ]; then
sed -i "/^NETCONFIG_DNS_STATIC_SEARCHLIST=/ s/=.*$/=\"$searchdomains\"/" /etc/sysconfig/network/config
fi

30
one-context.d/loc-14-mount-swap Executable file
View File

@@ -0,0 +1,30 @@
#!/usr/bin/env bash
# -------------------------------------------------------------------------- #
# Copyright 2002-2020, OpenNebula Project, OpenNebula Systems #
# #
# Licensed under the Apache License, Version 2.0 (the "License"); you may #
# not use this file except in compliance with the License. You may obtain #
# a copy of the License at #
# #
# http://www.apache.org/licenses/LICENSE-2.0 #
# #
# Unless required by applicable law or agreed to in writing, software #
# distributed under the License is distributed on an "AS IS" BASIS, #
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
# See the License for the specific language governing permissions and #
# limitations under the License. #
#--------------------------------------------------------------------------- #
activate_swaps_linux() {
SWAP_DRIVES=$(blkid -t TYPE="swap" -o device)
for SWAP in $SWAP_DRIVES ; do
if [ -z "$(swapon -s | grep $SWAP)" ]; then
swapon $SWAP
fi
done
}
if [ "$(uname -s)" = 'Linux' ]; then
activate_swaps_linux
fi

49
one-context.d/loc-16-gen-env Executable file
View File

@@ -0,0 +1,49 @@
#!/usr/bin/env bash
# -------------------------------------------------------------------------- #
# Copyright 2002-2020, OpenNebula Project, OpenNebula Systems #
# #
# Licensed under the Apache License, Version 2.0 (the "License"); you may #
# not use this file except in compliance with the License. You may obtain #
# a copy of the License at #
# #
# http://www.apache.org/licenses/LICENSE-2.0 #
# #
# Unless required by applicable law or agreed to in writing, software #
# distributed under the License is distributed on an "AS IS" BASIS, #
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
# See the License for the specific language governing permissions and #
# limitations under the License. #
#--------------------------------------------------------------------------- #
ENV_FILE=/var/run/one-context/one_env
MOUNT_DIR=${MOUNT_DIR:-/mnt}
TOKENTXT=$(cat "${MOUNT_DIR}/token.txt")
if [ -n "$ONEGATE_TOKEN" ]; then
TOKENTXT="$ONEGATE_TOKEN"
fi
umask 0377
echo "export TOKENTXT=\"$TOKENTXT\"" > $ENV_FILE
echo "export VMID=\"$VMID\"" >> $ENV_FILE
echo "export ONEGATE_ENDPOINT=\"$ONEGATE_ENDPOINT\"" >> $ENV_FILE
function export_rc_vars
{
if [ -f $1 ] ; then
ONE_VARS=$(cat $1 | egrep -e '^[a-zA-Z\-\_0-9]*=' | sed 's/=.*$//')
. $1
for v in $ONE_VARS; do
echo "export $v=\"${!v}\"" >> $ENV_FILE
done
fi
}
export_rc_vars ${CONTEXT_FILE}
chown root:root $ENV_FILE
chmod 0400 $ENV_FILE

102
one-context.d/loc-20-set-username-password Executable file
View File

@@ -0,0 +1,102 @@
#!/usr/bin/env bash
# -------------------------------------------------------------------------- #
# Copyright 2002-2020, OpenNebula Project, OpenNebula Systems #
# #
# Licensed under the Apache License, Version 2.0 (the "License"); you may #
# not use this file except in compliance with the License. You may obtain #
# a copy of the License at #
# #
# http://www.apache.org/licenses/LICENSE-2.0 #
# #
# Unless required by applicable law or agreed to in writing, software #
# distributed under the License is distributed on an "AS IS" BASIS, #
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
# See the License for the specific language governing permissions and #
# limitations under the License. #
#--------------------------------------------------------------------------- #
# defaults
USERNAME=${USERNAME:-root}
USERNAME_SUDO=${USERNAME_SUDO:-${GRANT_SUDO:-YES}}
USERNAME_SUDO=$(echo "${USERNAME_SUDO}" | tr '[:lower:]' '[:upper:]')
USERNAME_PASSWORD_RESET=${USERNAME_PASSWORD_RESET:-NO}
USERNAME_PASSWORD_RESET=$(echo "${USERNAME_PASSWORD_RESET}" | tr '[:lower:]' '[:upper:]')
_kernel="$(uname -s)"
case "${_kernel}" in
'FreeBSD')
USERNAME_SHELL=${USERNAME_SHELL:-/usr/local/bin/bash}
_sudoers_file='/usr/local/etc/sudoers.d/one-context'
;;
*)
USERNAME_SHELL=${USERNAME_SHELL:-/bin/bash}
_sudoers_file='/etc/sudoers.d/one-context'
;;
esac
# create user if missing
if ! getent passwd "${USERNAME}" > /dev/null 2>&1; then
if [ "${_kernel}" = 'FreeBSD' ]; then
pw user add "${USERNAME}" -m -s "${USERNAME_SHELL}" -w no
else
useradd -m "${USERNAME}" -p '*' -s "${USERNAME_SHELL}"
fi
fi
# enable sudo
if [ "${USERNAME_SUDO}" == "YES" ] && [ "${USERNAME}" != "root" ]; then
echo "${USERNAME} ALL=(ALL) NOPASSWD:ALL" >"${_sudoers_file}"
chmod 0440 "${_sudoers_file}"
elif [ -f "${_sudoers_file}" ]; then
unlink "${_sudoers_file}"
fi
# set password
if [ -n "${CRYPTED_PASSWORD_BASE64}" ]; then
CRYPTED_PASSWORD=$(echo $CRYPTED_PASSWORD_BASE64 | base64 -d)
if [ "${_kernel}" = 'FreeBSD' ]; then
echo "${CRYPTED_PASSWORD}" | pw user mod "${USERNAME}" -H 0
else
usermod -p "${CRYPTED_PASSWORD}" "${USERNAME}"
fi
elif [ -n "${PASSWORD_BASE64}" ]; then
PASSWORD=$(echo $PASSWORD_BASE64 | base64 -d)
if [ "${_kernel}" = 'FreeBSD' ]; then
echo $PASSWORD | pw user mod "${USERNAME}" -h 0
else
chpasswd <<< "${USERNAME}:${PASSWORD}"
fi
if [ $? -ne 0 ]; then
passwd "${USERNAME}" <<EOF
${PASSWORD}
${PASSWORD}
EOF
fi
elif [ -n "${CRYPTED_PASSWORD}" ]; then
if [ "${_kernel}" = 'FreeBSD' ]; then
echo $CRYPTED_PASSWORD | pw user mod "${USERNAME}" -H 0
else
usermod -p "${CRYPTED_PASSWORD}" "${USERNAME}"
fi
elif [ -n "${PASSWORD}" ]; then
if [ "${_kernel}" = 'FreeBSD' ]; then
echo $PASSWORD | pw user mod "${USERNAME}" -h 0
else
chpasswd <<< "${USERNAME}:${PASSWORD}"
fi
if [ $? -ne 0 ]; then
passwd "${USERNAME}" <<EOF
${PASSWORD}
${PASSWORD}
EOF
fi
elif [ "${USERNAME_PASSWORD_RESET}" = 'YES' ]; then
if [ "${_kernel}" = 'FreeBSD' ]; then
pw user mod "${USERNAME}" -w no
else
usermod -p '*' "${USERNAME}"
fi
fi

67
one-context.d/loc-22-ssh_public_key Executable file
View File

@@ -0,0 +1,67 @@
#!/usr/bin/env bash
# -------------------------------------------------------------------------- #
# Copyright 2002-2020, OpenNebula Project, OpenNebula Systems #
# #
# Licensed under the Apache License, Version 2.0 (the "License"); you may #
# not use this file except in compliance with the License. You may obtain #
# a copy of the License at #
# #
# http://www.apache.org/licenses/LICENSE-2.0 #
# #
# Unless required by applicable law or agreed to in writing, software #
# distributed under the License is distributed on an "AS IS" BASIS, #
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
# See the License for the specific language governing permissions and #
# limitations under the License. #
#--------------------------------------------------------------------------- #
[ -z "${SSH_PUBLIC_KEY}${EC2_PUBLIC_KEY}" ] && exit 0
if [ -z "${USERNAME}" ]
then
USERNAME=root
fi
# Get user $HOME directory
USER_HOME=$(getent passwd "${USERNAME}" | awk -F':' '{print $6}')
if [ -n "${USER_HOME}" ]
then
AUTH_DIR="${USER_HOME}/.ssh"
else
# Fallback on root
AUTH_DIR="/root/.ssh"
fi
AUTH_FILE="$AUTH_DIR/authorized_keys"
function add_keys {
while read key; do
if ! grep -q -F "$key" $AUTH_FILE; then
echo "$key" >> $AUTH_FILE
fi
done
}
[ -z "${SSH_PUBLIC_KEY}${EC2_PUBLIC_KEY}" ] && exit 0
mkdir -m0700 -p $AUTH_DIR
[ ! -f $AUTH_FILE ] && touch $AUTH_FILE
if [ -n "$SSH_PUBLIC_KEY" ]; then
echo "$SSH_PUBLIC_KEY" | add_keys
fi
if [ -n "$EC2_PUBLIC_KEY" ]; then
echo "$EC2_PUBLIC_KEY" | add_keys
fi
chown "${USERNAME}": ${AUTH_DIR} ${AUTH_FILE}
chmod 600 $AUTH_FILE
# restore SELinux contexts
if which restorecon &>/dev/null; then
restorecon -R -v "${AUTH_DIR}"
fi

22
one-context.d/loc-30-console Executable file
View File

@@ -0,0 +1,22 @@
#!/usr/bin/env bash
# -------------------------------------------------------------------------- #
# Copyright 2002-2020, OpenNebula Project, OpenNebula Systems #
# #
# Licensed under the Apache License, Version 2.0 (the "License"); you may #
# not use this file except in compliance with the License. You may obtain #
# a copy of the License at #
# #
# http://www.apache.org/licenses/LICENSE-2.0 #
# #
# Unless required by applicable law or agreed to in writing, software #
# distributed under the License is distributed on an "AS IS" BASIS, #
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
# See the License for the specific language governing permissions and #
# limitations under the License. #
#--------------------------------------------------------------------------- #
# Linux
for _dev_tty in $(find /dev -type c -name 'tty[0-9]*'); do
TERM=linux setterm -blank 0 -powerdown 0 >>"${_dev_tty}"
done

55
one-context.d/loc-35-securetty Executable file
View File

@@ -0,0 +1,55 @@
#!/usr/bin/env bash
# -------------------------------------------------------------------------- #
# Copyright 2002-2020, OpenNebula Project, OpenNebula Systems #
# #
# Licensed under the Apache License, Version 2.0 (the "License"); you may #
# not use this file except in compliance with the License. You may obtain #
# a copy of the License at #
# #
# http://www.apache.org/licenses/LICENSE-2.0 #
# #
# Unless required by applicable law or agreed to in writing, software #
# distributed under the License is distributed on an "AS IS" BASIS, #
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
# See the License for the specific language governing permissions and #
# limitations under the License. #
#--------------------------------------------------------------------------- #
_pam_file="/etc/pam.d/login"
if [ ! -f "${_pam_file}" ]; then
exit 0
fi
_kernel="$(uname -s)"
if [ "${_kernel}" = 'FreeBSD' ]; then
SED_I="sed -i ''"
else
SED_I="sed -i''"
fi
### Defaults
# By default, disable pam_securetty in the containers.
# For virtualized machines, have the securetty enabled.
if grep -qia 'container=' /proc/1/environ 2>/dev/null; then
SECURETTY=${SECURETTY:-NO}
fi
SECURETTY=${SECURETTY:-YES}
SECURETTY=${SECURETTY^^}
###
_note='# one-contextd'
if [ "${SECURETTY}" = 'YES' ]; then
if grep -qE "^#.*pam_securetty.*${_note}" "${_pam_file}"; then
eval "${SED_I} -e 's/^#\([^#]*\)${_note}.*$/\1/' -e 's/[[:space:]]*$//' \"${_pam_file}\""
fi
elif [ "${SECURETTY}" = 'NO' ]; then
if grep -qE '^[^#]*pam_securetty' "${_pam_file}"; then
eval "${SED_I} -e 's/^\([^#]*pam_securetty.*\)$/#\1 ${_note}/' \"${_pam_file}\""
fi
fi

164
one-context.d/net-15-hostname Executable file
View File

@@ -0,0 +1,164 @@
#!/usr/bin/env bash
# -------------------------------------------------------------------------- #
# Copyright 2002-2020, OpenNebula Project, OpenNebula Systems #
# #
# Licensed under the Apache License, Version 2.0 (the "License"); you may #
# not use this file except in compliance with the License. You may obtain #
# a copy of the License at #
# #
# http://www.apache.org/licenses/LICENSE-2.0 #
# #
# Unless required by applicable law or agreed to in writing, software #
# distributed under the License is distributed on an "AS IS" BASIS, #
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
# See the License for the specific language governing permissions and #
# limitations under the License. #
#--------------------------------------------------------------------------- #
_kernel="$(uname -s)"
if [ "${_kernel}" = 'FreeBSD' ]; then
SED_I="sed -i ''"
else
SED_I="sed -i''"
fi
function set_hostname() {
local hostname=$1
if [ -d /run/systemd/system/ ] && hostnamectl status >/dev/null 2>/dev/null; then
hostnamectl set-hostname --static "${hostname}"
else
if [ -f /etc/sysconfig/network ]; then
eval "${SED_I} '/^HOSTNAME=.*$/d' /etc/sysconfig/network"
echo "HOSTNAME=${hostname}" >>/etc/sysconfig/network
elif [ "${_kernel}" = 'FreeBSD' ]; then
sysrc hostname="${hostname}"
else
echo "${hostname}" >/etc/hostname
fi
hostname "${hostname}"
fi
}
function set_domainname() {
domain=$1
eval "${SED_I} -e '/^domain .*/d' /etc/resolv.conf"
echo "domain ${domain}" >>/etc/resolv.conf
}
function get_first_ip() {
local ip
ip=${ip:-$(ip route get 1 2>/dev/null | grep 'src [0-9\.]\+' | head -1 | sed -e 's/^.*src \([0-9\.]*\).*$/\1/')}
ip=${ip:-$(ip -4 address show scope global up 2>/dev/null | awk '/inet / { gsub(/\/[^\/]+$/, "", $2); print $2; exit}')}
ip=${ip:-$(ifconfig 2>/dev/null | awk '/inet / { gsub(/\/[^\/]+$/, "", $2); print $2; exit}')}
ip=${ip:-$(hostname -I 2>/dev/null | cut -d' ' -f1)}
ip=${ip:-$(hostname -i 2>/dev/null)}
echo "${ip}"
}
function get_dns_name() {
text=$(LC_ALL=C host "$1" 2>/dev/null)
[ $? = 0 ] || exit 0
[[ $text == *"has no PTR record" ]] && exit 0
name=$(echo "$text" | awk '/(has address|name pointer)/ {print $(NF)}' | sed 's/\.$//')
echo $name
}
function update_hosts() {
ip=$1
name=$2
hostname=$3
if [ "x${hostname}" = "x${name}" ]; then
hosts="${name}"
else
hosts="${name} ${hostname}"
fi
note='# one-contextd'
entry="${ip} ${hosts} ${note}"
# update our old entry
if grep -qi "${note}" /etc/hosts; then
eval "${SED_I} -e \"s/^.*${note}\$/${entry}/\" /etc/hosts"
# update entry with same IP (but not localhost)
elif grep -E "^${ip}[[:space:]]" /etc/hosts | grep -qv localhost; then
eval "${SED_I} -e \"/localhost/! s/^${ip}[[:space:]].*\$/${entry}/\" /etc/hosts"
# update entry with same name
elif grep -qE "[[:space:]]${name}([[:space:]]|#|\$)" /etc/hosts; then
eval "${SED_I} -re \"s/^.*[[:space:]]${name}([[:space:]#].*|$)/${entry}/\" /etc/hosts"
# create new entry
elif [ -f /etc/hosts ]; then
# In FreeBSD, sed doesn't interpret \n. We put a real newline.
eval "${SED_I} -e \"1s/^/${entry}\"$'\\\\\n/' /etc/hosts"
else
echo "${entry}" >>/etc/hosts
fi
}
#####
first_ip=$(get_first_ip)
if [ -n "$SET_HOSTNAME" ]; then
name=$(echo "$SET_HOSTNAME" | \
sed -e 's/[^-a-zA-Z0-9\.]/-/g' -e 's/^-*//g' -e 's/-*$//g')
elif [ -n "$DNS_HOSTNAME" ]; then
name=$(get_dns_name "${first_ip}")
elif [ "${EC2_HOSTNAME}" = 'YES' ]; then
# try to quickly get hostname from the EC2 metadata server or
# create hostname based on the first IPv4 (format: "ip-1-2-3-4")
name=$(curl -sf -m 5 'http://169.254.169.254/latest/meta-data/local-hostname' 2>/dev/null)
if [ -z "${name}" ]; then
name="$(echo "${first_ip}" | grep -x '[0-9\.]\+' | tr . -)"
if [ -n "${name}" ]; then
name="ip-${name}"
fi
fi
fi
if [ -n "${name}" ]; then
# split host and domain names
hostname=${name%%.*}
domain=${name#*.}
if [ "x${domain}" = "x${hostname}" ]; then
domain=''
fi
# FreeBSD
if [ "${_kernel}" = 'FreeBSD' ]; then
set_hostname "${name}"
else
set_hostname "${hostname}"
fi
if [ -n "${domain}" ]; then
set_domainname "${domain}"
fi
if [ -n "${DNS_HOSTNAME}" ]; then
host_ip=$first_ip
else
# If selected hostname resolves on first IP,
# use first IP for local hostname in /etc/hosts.
# Otherwise use loopback IP.
name_ip=$(get_dns_name "${name}")
if [ "x${first_ip}" = "x${name_ip}" ]; then
host_ip=$first_ip
elif [ -f /etc/debian_version ]; then
host_ip='127.0.1.1'
else
host_ip='127.0.0.1'
fi
fi
if [ -n "${host_ip}" ]; then
update_hosts "${host_ip}" "${name}" "${hostname}"
fi
fi

40
one-context.d/net-97-start-script Executable file
View File

@@ -0,0 +1,40 @@
#!/usr/bin/env bash
# -------------------------------------------------------------------------- #
# Copyright 2002-2020, OpenNebula Project, OpenNebula Systems #
# #
# Licensed under the Apache License, Version 2.0 (the "License"); you may #
# not use this file except in compliance with the License. You may obtain #
# a copy of the License at #
# #
# http://www.apache.org/licenses/LICENSE-2.0 #
# #
# Unless required by applicable law or agreed to in writing, software #
# distributed under the License is distributed on an "AS IS" BASIS, #
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
# See the License for the specific language governing permissions and #
# limitations under the License. #
#--------------------------------------------------------------------------- #
MOUNT_DIR=${MOUNT_DIR:-/mnt}
TMP_DIR=$(mktemp -d "/tmp/one-context.XXXXXX")
TMP_FILE="${TMP_DIR}/one-start-script"
START_SCRIPT_AVAILABLE=no
chmod 700 "${TMP_DIR}"
if [ -n "$START_SCRIPT_BASE64" ]; then
echo "${START_SCRIPT_BASE64}" | base64 -d > $TMP_FILE
START_SCRIPT_AVAILABLE=yes
elif [ -n "$START_SCRIPT" ]; then
echo "${START_SCRIPT}" > $TMP_FILE
START_SCRIPT_AVAILABLE=yes
fi
if [ "$START_SCRIPT_AVAILABLE" = "yes" ]; then
cd $MOUNT_DIR
chmod +x $TMP_FILE
$TMP_FILE
fi
rm -rf "${TMP_DIR}"

38
one-context.d/net-98-execute-scripts Executable file
View File

@@ -0,0 +1,38 @@
#!/usr/bin/env bash
# -------------------------------------------------------------------------- #
# Copyright 2002-2020, OpenNebula Project, OpenNebula Systems #
# #
# Licensed under the Apache License, Version 2.0 (the "License"); you may #
# not use this file except in compliance with the License. You may obtain #
# a copy of the License at #
# #
# http://www.apache.org/licenses/LICENSE-2.0 #
# #
# Unless required by applicable law or agreed to in writing, software #
# distributed under the License is distributed on an "AS IS" BASIS, #
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
# See the License for the specific language governing permissions and #
# limitations under the License. #
#--------------------------------------------------------------------------- #
MOUNT_DIR=${MOUNT_DIR:-/mnt}
TMP_DIR=$(mktemp -d "/tmp/one-context.XXXXXX")
chmod 700 "${TMP_DIR}"
if [ -z "$INIT_SCRIPTS" ]; then
if [ -f "$MOUNT_DIR/init.sh" ]; then
INIT_SCRIPTS=init.sh
fi
fi
cd $MOUNT_DIR
for f in $INIT_SCRIPTS; do
cp "$f" "${TMP_DIR}/"
chmod +x $TMP_DIR/$f
$TMP_DIR/$f
done
rm -rf "${TMP_DIR}"

62
one-context.d/net-99-report-ready Executable file
View File

@@ -0,0 +1,62 @@
#!/usr/bin/env bash
# -------------------------------------------------------------------------- #
# Copyright 2002-2020, OpenNebula Project, OpenNebula Systems #
# #
# Licensed under the Apache License, Version 2.0 (the "License"); you may #
# not use this file except in compliance with the License. You may obtain #
# a copy of the License at #
# #
# http://www.apache.org/licenses/LICENSE-2.0 #
# #
# Unless required by applicable law or agreed to in writing, software #
# distributed under the License is distributed on an "AS IS" BASIS, #
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
# See the License for the specific language governing permissions and #
# limitations under the License. #
#--------------------------------------------------------------------------- #
ENV_FILE=${ENV_FILE:-/var/run/one-context/one_env}
if [ "$REPORT_READY" != "YES" ]; then
exit 0
fi
# $TOKENTXT is available only through the env. file
if [ -f "${ENV_FILE}" ]; then
. "${ENV_FILE}"
fi
###
if which curl >/dev/null 2>&1; then
curl -X "PUT" "${ONEGATE_ENDPOINT}/vm" \
--header "X-ONEGATE-TOKEN: $TOKENTXT" \
--header "X-ONEGATE-VMID: $VMID" \
--insecure \
-d "READY=YES"
if [ "$?" = "0" ]; then
exit 0
fi
fi
if which wget >/dev/null 2>&1; then
wget --method=PUT "${ONEGATE_ENDPOINT}/vm" \
--body-data="READY=YES" \
--header "X-ONEGATE-TOKEN: $TOKENTXT" \
--header "X-ONEGATE-VMID: $VMID" \
--no-check-certificate
if [ "$?" = "0" ]; then
exit 0
fi
fi
if which onegate >/dev/null 2>&1; then
onegate vm update --data "READY=YES"
if [ "$?" = "0" ]; then
exit 0
fi
fi