root/build-tools/build_guest/rootfs-setup.sh
Saul Wold 80ef15b981 build-tools: Convert wrsroot -> sysadmin
This also changes the group wrs_protected to sys_protected
to de-brand the user and group names.

Change-Id: I887464a20fc17d66529caea03be2b445156f9426
Story: 2004716
Task: 30925
Signed-off-by: Saul Wold <sgw@linux.intel.com>
2019-06-14 14:48:25 -07:00

91 lines
3.3 KiB
Bash
Executable File

#!/bin/bash
BUILD_MODE=''
if [ "$1" == "--rt" ]; then
BUILD_MODE="rt"
fi
if [ "$1" == "--std" ]; then
BUILD_MODE="std"
fi
# Setup boot directory for syslinux configuration (/boot/extlinux.conf)
ln -s $(ls /boot/vmlinuz-*.x86_64 | head -1) /boot/vmlinuz
ln -s $(ls /boot/initramfs-*.x86_64.img | head -1) /boot/initramfs.img
# Setup root and sysadmin users
usermod -p $(openssl passwd -1 root) root
useradd -p $(openssl passwd -1 sysadmin) sysadmin
# Enable SUDO access for sysadmin
echo "sysadmin ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
# Enable remote root login to permit automated tools to run privileged commands
sed -i 's%^#\(PermitRootLogin \)%\1%' /etc/ssh/sshd_config
sed -i 's#^\(PermitRootLogin \).*#\1yes#' /etc/ssh/sshd_config
# Enable password login to permit automated tools to run commands
sed -i 's%^#\(PasswordAuthentication \)%\1%' /etc/ssh/sshd_config
sed -i 's#^\(PasswordAuthentication \).*#\1yes#' /etc/ssh/sshd_config
# Disable PAM authentication
sed -i 's#^\(UsePAM \).*#\1no#' /etc/ssh/sshd_config
# Prevent cloud_init for reverting our changes
sed -i 's#^\(ssh_pwauth:\).*#\1 1#' /etc/cloud/cloud.cfg
sed -i 's#^\(disable_root:\).*#\1 0#' /etc/cloud/cloud.cfg
# Setup SSHD to mark packets for QoS processing in the host (this seems to
# be broken in our version of SSHd so equivalent iptables rules are being
# added to compensate.
echo "IPQoS cs7" >> /etc/ssh/sshd_config
# Disable reverse path filtering to permit traffic testing from
# foreign routes.
sed -i 's#^\(net.ipv4.conf.*.rp_filter=\).*#\10#' /etc/sysctl.conf
# Change /etc/rc.local to touch a file to indicate that the init has
# completed. This is required by the AVS vbenchmark tool so that it knows
# that the VM is ready to run. This was added because VM instances take a
# long time (2-3 minutes) to resize their filesystem when run on a system with
# HDD instead of SSD.
chmod +x /etc/rc.d/rc.local
echo "touch /var/run/.init-complete" >> /etc/rc.local
if [ "$BUILD_MODE" == "rt" ]; then
# Adjust system tuning knobs during init when using rt kernel (CGTS-7047)
echo "echo 1 > /sys/devices/virtual/workqueue/cpumask" >> /etc/rc.local
echo "echo 1 > /sys/bus/workqueue/devices/writeback/cpumask" >> /etc/rc.local
echo "echo -1 > /proc/sys/kernel/sched_rt_runtime_us" >> /etc/rc.local
echo "echo 0 > /proc/sys/kernel/timer_migration" >> /etc/rc.local
echo "echo 10 > /proc/sys/vm/stat_interval" >> /etc/rc.local
fi
# Disable audit service by default
# With this enabled, it causes system delays when running at maximum
# capacity that impacts the traffic processing enough to cause unclean
# traffic runs when doing benchmark tests.
systemctl disable auditd
if [ "$BUILD_MODE" == "rt" ]; then
# Additional services to disable on rt guest (CGTS-7047)
systemctl disable polkit.service
systemctl disable tuned.service
fi
# Clean the yum cache. We don't want to maintain it on the guest file system.
yum clean all
# update /etc/rsyslog.conf to have OmitLocalLogging off
sed -i 's#OmitLocalLogging on#OmitLocalLogging off#g' /etc/rsyslog.conf
# select correct kernel and initrd
if [ "$BUILD_MODE" == "rt" ]; then
PATTERN=$(rpm -q --qf '%{VERSION}-%{RELEASE}' kernel-rt)
else
PATTERN=$(rpm -q --qf '%{VERSION}-%{RELEASE}' kernel)
fi
cd /boot
rm -f vmlinuz initramfs.img
ln -s $(ls -1 vmlinuz-$PATTERN*) vmlinuz
ln -s $(ls -1 initramfs-$PATTERN*img) initramfs.img