Melissa Kam 83201edfb5 Remove whitespaces before EOF
Change-Id: I6023839bf10e6b22cf41e7022b736cf9e7387f93
2017-02-21 16:07:44 -06:00

141 lines
5.9 KiB
Bash
Executable File

#!/usr/bin/env bash
set -eu
# Copyright [2016] [Kevin Carter]
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Load all functions
source functions.rc
# bring in variable definitions if there is a variables.sh file
[[ -f variables.sh ]] && source variables.sh
# Make the rekick function part of the main general shell
declare -f rekick_vms | tee /root/.functions.rc
declare -f ssh_agent_reset | tee -a /root/.functions.rc
if ! grep -q 'source /root/.functions.rc' /root/.bashrc; then
echo 'source /root/.functions.rc' | tee -a /root/.bashrc
fi
# Reset the ssh-agent service to remove potential key issues
ssh_agent_reset
if [ ! -f "/root/.ssh/id_rsa" ];then
ssh-keygen -t rsa -N '' -f /root/.ssh/id_rsa
fi
# This gets the root users SSH-public-key
SSHKEY=$(cat /root/.ssh/id_rsa.pub)
if ! grep -q "${SSHKEY}" /root/.ssh/authorized_keys; then
cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys
fi
# Install basic packages known to be needed
apt-get update && apt-get install -y bridge-utils ifenslave libvirt-bin lvm2 openssh-server python2.7 qemu-kvm vim virtinst virt-manager vlan
if ! grep "^source.*cfg$" /etc/network/interfaces; then
echo 'source /etc/network/interfaces.d/*.cfg' | tee -a /etc/network/interfaces
fi
# create kvm bridges
cp -v templates/kvm-bonded-bridges.cfg /etc/network/interfaces.d/kvm-bridges.cfg
# set network address
sed -i "s|__NETWORK_BASE__|${NETWORK_BASE}|g" /etc/network/interfaces.d/kvm-bridges.cfg
for i in $(awk '/iface/ {print $2}' /etc/network/interfaces.d/kvm-bridges.cfg); do
ifup $i
done
# Clean up stale NTP processes. This is because of BUG https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1125726
pkill lockfile-create || true
# Set the forward rule
if ! grep -q '^net.ipv4.ip_forward' /etc/sysctl.conf; then
sysctl -w net.ipv4.ip_forward=1 | tee -a /etc/sysctl.conf
fi
# Add rules from the INPUT chain
iptables_general_rule_add 'INPUT -i br-dhcp -p udp --dport 67 -j ACCEPT'
iptables_general_rule_add 'INPUT -i br-dhcp -p tcp --dport 67 -j ACCEPT'
iptables_general_rule_add 'INPUT -i br-dhcp -p udp --dport 53 -j ACCEPT'
iptables_general_rule_add 'INPUT -i br-dhcp -p tcp --dport 53 -j ACCEPT'
# Add rules from the FORWARDING chain
iptables_general_rule_add 'FORWARD -i br-dhcp -j ACCEPT'
iptables_general_rule_add 'FORWARD -o br-dhcp -j ACCEPT'
# Add rules from the nat POSTROUTING chain
iptables_filter_rule_add nat 'POSTROUTING -s 10.0.0.0/24 ! -d 10.0.0.0/24 -j MASQUERADE'
# To provide internet connectivity to instances
iptables_filter_rule_add nat "POSTROUTING -o $(ip route get 1 | awk '/dev/ {print $5}') -j MASQUERADE"
# Add rules from the mangle POSTROUTING chain
iptables_filter_rule_add mangle 'POSTROUTING -s 10.0.0.0/24 -o br-dhcp -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill'
# To ensure ssh checksum are always correct
iptables_filter_rule_add mangle 'POSTROUTING -p tcp -j CHECKSUM --checksum-fill'
# Enable partitioning of the "${DATA_DISK_DEVICE}"
PARTITION_HOST=${PARTITION_HOST:-false}
if [[ "${PARTITION_HOST}" = true ]]; then
# Set the data disk device, if unset the largest unpartitioned device will be used to for host VMs
DATA_DISK_DEVICE="${DATA_DISK_DEVICE:-$(lsblk -brndo NAME,TYPE,FSTYPE,RO,SIZE | awk '/d[b-z]+ disk +0/{ if ($4>m){m=$4; d=$1}}; END{print d}')}"
parted --script /dev/${DATA_DISK_DEVICE} mklabel gpt
parted --align optimal --script /dev/${DATA_DISK_DEVICE} mkpart kvm ext4 0% 100%
mkfs.ext4 /dev/${DATA_DISK_DEVICE}1
if ! grep -qw "^/dev/${DATA_DISK_DEVICE}1" /etc/fstab; then
echo "/dev/${DATA_DISK_DEVICE}1 /var/lib/libvirt/images/ ext4 defaults 0 0" >> /etc/fstab
fi
mount -a
fi
# Set the default OVERRIDE_SOURCES var
OVERRIDE_SOURCES=${OVERRIDE_SOURCES:-true}
if ( "${OVERRIDE_SOURCES}" == true )
then
cat > /etc/apt/sources.list <<EOF
# Faster likely unsigned repo
deb [arch=amd64] http://mirror.rackspace.com/ubuntu trusty main universe
deb [arch=amd64] http://mirror.rackspace.com/ubuntu trusty-updates main universe
deb [arch=amd64] http://mirror.rackspace.com/ubuntu trusty-backports main universe
deb [arch=amd64] http://mirror.rackspace.com/ubuntu trusty-security main universe
# i386 comes from the global known repo. This is slower and so it is only used for i386 packages
deb [arch=i386] http://archive.ubuntu.com/ubuntu trusty main universe
deb [arch=i386] http://archive.ubuntu.com/ubuntu trusty-updates main universe
deb [arch=i386] http://archive.ubuntu.com/ubuntu trusty-backports main universe
deb [arch=i386] http://archive.ubuntu.com/ubuntu trusty-security main universe
EOF
cat > /tmp/sources.list <<EOF
# Faster likely unsigned repo
deb [arch=amd64] http://mirror.rackspace.com/ubuntu xenial main universe
deb [arch=amd64] http://mirror.rackspace.com/ubuntu xenial-updates main universe
deb [arch=amd64] http://mirror.rackspace.com/ubuntu xenial-backports main universe
deb [arch=amd64] http://mirror.rackspace.com/ubuntu xenial-security main universe
# i386 comes from the global known repo. This is slower and so it is only used for i386 packages
deb [arch=i386] http://archive.ubuntu.com/ubuntu xenial main universe
deb [arch=i386] http://archive.ubuntu.com/ubuntu xenial-updates main universe
deb [arch=i386] http://archive.ubuntu.com/ubuntu xenial-backports main universe
deb [arch=i386] http://archive.ubuntu.com/ubuntu xenial-security main universe
EOF
fi
# Allow apt repos to be UnAuthenticated
cat > /etc/apt/apt.conf.d/00-nokey <<EOF
APT { Get { AllowUnauthenticated "1"; }; };
EOF