ce29ea23d1
Currently, attempting to use Trusty (14.04) VMs causes VMs to not provision correctly due to a grub-install error. With respect to this specific issue, this commit updates vm.preseed.j2 by removing some grub-installer options which were not present before the ansible rewrite. Secondly, with that change in place, VMs do not come online on their 10.0.236 addresses as something is overwriting /etc/networking/interfaces, which wipes out the source of the /etc/network/interfaces.d directory. Bug [1] seems to indicate this is in fact an issue and has been resolved, however attempts at using this preseed option (netcfg/target_network_config) were not successful. As a workaround, we simply chattr +i the interfaces file in vm-post-install-script.sh.j2, and then remove the attr in deploy-vms.yml when the instance is up an accessible. [1] https://bugs.launchpad.net/ubuntu/+source/netcfg/+bug/1361902 Change-Id: I12d0c5108d1df0ab02b69d1b8cdb271a02999602
41 lines
1.5 KiB
Django/Jinja
41 lines
1.5 KiB
Django/Jinja
#!/usr/bin/env bash
|
|
|
|
apt-get remove --purge snap* lxc* lxd* || true
|
|
|
|
sed -i 's/\(GRUB_CMDLINE_LINUX_DEFAULT=\).*/\1\"\"/g' /target/etc/default/grub
|
|
update-grub
|
|
|
|
sed -i '/PermitRootLogin / s/ .*/ yes/' /etc/ssh/sshd_config
|
|
|
|
mkdir -p /root/.ssh
|
|
chmod 0700 /root/.ssh
|
|
echo "{{ tftp_ssh_key }}" >> /root/.ssh/authorized_keys
|
|
|
|
wget --no-proxy http://{{ tftp_server }}/networking/$(cat /etc/hostname)-bridges.cfg -O /etc/network/interfaces.d/vm-bridges.cfg
|
|
wget --no-proxy http://{{ tftp_server }}/networking/basic-debian-interface.cfg -O /etc/network/interfaces
|
|
# Trusty VMs seem to have their interfaces file overwritten after we write to
|
|
# it, so we make it immutable to ensure no further changes take place
|
|
# NOTE: We remove the immutable attr in deploy-vms.yml once the instance is up
|
|
# and accessible.
|
|
[[ "$(lsb_release -sc)" == "trusty" ]] && chattr +i /etc/network/interfaces
|
|
|
|
cat > /etc/network/if-up.d/post-up-rules <<EOF
|
|
#!/usr/bin/env bash
|
|
|
|
function iptables_filter_rule_add {
|
|
if ! iptables -w -t $1 -C $2;then
|
|
/sbin/iptables -w -t $1 -I $2
|
|
fi
|
|
}
|
|
|
|
# To ensure ssh checksum is correct
|
|
iptables_filter_rule_add "mangle" "POSTROUTING -p tcp --dport 22 -j CHECKSUM --checksum-fill"
|
|
|
|
# To provide internet connectivity to instances
|
|
iptables_filter_rule_add "nat" "POSTROUTING -o \$(ip route get 1 | awk '{print $5}') -j MASQUERADE"
|
|
|
|
# Make sure instances can talk to the metadata server
|
|
iptables_filter_rule_add "mangle" "POSTROUTING -p tcp --sport 80 -j CHECKSUM --checksum-fill"
|
|
EOF
|
|
chmod + /etc/network/if-up.d/post-up-rules
|