#cloud-boothook #!/bin/bash function add_str_to_file_if_not_exists { file=$1 str=$2 val=$3 if ! grep -q "^ *${str}" $file; then echo $val >> $file fi } cloud-init-per instance disable_selinux_on_the_fly setenforce 0 cloud-init-per instance disable_selinux sed -i 's/^SELINUX=.*/SELINUX=disabled/g' /etc/sysconfig/selinux # configure udev rules # udev persistent net cloud-init-per instance udev_persistent_net1 service network stop ADMIN_MAC={{ common.admin_mac }} ADMIN_IF=$(echo {{ common.udevrules }} | sed 's/[,=]/\n/g' | grep "$ADMIN_MAC" | cut -d_ -f2 | head -1) cloud-init-per instance configure_admin_interface /bin/sh -c "echo -e \"# FROM COBBLER SNIPPET\nDEVICE=$ADMIN_IF\nIPADDR={{ common.admin_ip }}\nNETMASK={{ common.admin_mask }}\nBOOTPROTO=none\nONBOOT=yes\nUSERCTL=no\n\" | tee /etc/sysconfig/network-scripts/ifcfg-$ADMIN_IF" cloud-init-per instance set_gateway /bin/sh -c 'echo GATEWAY="{{ common.gw }}" | tee -a /etc/sysconfig/network' cloud-init-per instance udev_persistent_net5 service network start # end of udev #FIXME(agordeev): if operator updates dns settings on masternode after the node had been provisioned, # cloud-init will start to generate resolv.conf with non-actual data cloud-init-per instance resolv_conf_remove rm -f /etc/resolv.conf cloud-init-per instance resolv_conf_header /bin/sh -c 'echo "# re-generated by cloud-init boothook only at the first boot;" | tee /etc/resolv.conf' cloud-init-per instance resolv_conf_search /bin/sh -c 'echo "search {{ common.search_domain|replace('"','') }}" | tee -a /etc/resolv.conf' cloud-init-per instance resolv_conf_domain /bin/sh -c 'echo "domain {{ common.search_domain|replace('"','') }}" | tee -a /etc/resolv.conf' cloud-init-per instance resolv_conf_nameserver /bin/sh -c 'echo nameserver {{ common.master_ip }} | tee -a /etc/resolv.conf' # configure black module lists # virt-what should be installed if [ ! -f /etc/modprobe.d/blacklist-i2c_piix4.conf ]; then ( (virt-what | fgrep -q "virtualbox") && echo "blacklist i2c_piix4" >> /etc/modprobe.d/blacklist-i2c_piix4.conf || :) modprobe -r i2c_piix4 fi cloud-init-per instance conntrack_ipv4 /bin/sh -c 'echo nf_conntrack_ipv4 | tee -a /etc/rc.modules' cloud-init-per instance conntrack_ipv6 /bin/sh -c 'echo nf_conntrack_ipv6 | tee -a /etc/rc.modules' cloud-init-per instance conntrack_proto_gre /bin/sh -c 'echo nf_conntrack_proto_gre | tee -a /etc/rc.modules' cloud-init-per instance chmod_rc_modules chmod +x /etc/rc.modules cloud-init-per instance conntrack_max /bin/sh -c 'echo "net.nf_conntrack_max=1048576" | tee -a /etc/sysctl.conf' cloud-init-per instance kernel_panic /bin/sh -c 'echo "kernel.panic=60" | tee -a /etc/sysctl.conf' cloud-init-per instance conntrack_ipv4_load modprobe nf_conntrack_ipv4 cloud-init-per instance conntrack_ipv6_load modprobe nf_conntrack_ipv6 cloud-init-per instance conntrack_proto_gre_load modprobe nf_conntrack_proto_gre cloud-init-per instance conntrack_max_set sysctl -w "net.nf_conntrack_max=1048576" cloud-init-per instance kernel_panic_set sysctl -w "kernel.panic=60" cloud-init-per instance mkdir_coredump mkdir -p /var/log/coredump cloud-init-per instance set_coredump /bin/sh -c 'echo -e "kernel.core_pattern=/var/log/coredump/core.%e.%p.%h.%t" | tee -a /etc/sysctl.conf' cloud-init-per instance set_coredump_sysctl sysctl -w "kernel.core_pattern=/var/log/coredump/core.%e.%p.%h.%t" cloud-init-per instance set_chmod chmod 777 /var/log/coredump cloud-init-per instance set_limits /bin/sh -c 'echo -e "* soft core unlimited\n* hard core unlimited" | tee -a /etc/security/limits.conf' #NOTE: disabled for centos? #cloud-init-per instance dhclient echo 'supersede routers 0;' | tee /etc/dhcp/dhclient.conf # ntp sync # '| tee /dev/null' is needed for returning zero execution code always cloud-init-per instance stop_ntpd /bin/sh -c 'service ntpd stop | tee /dev/null' cloud-init-per instance sync_date ntpdate -t 4 -b {{ common.master_ip }} cloud-init-per instance sync_hwclock hwclock --systohc cloud-init-per instance edit_ntp_conf1 sed -i '/^\s*tinker panic/ d' /etc/ntp.conf cloud-init-per instance edit_ntp_conf2 sed -i '1 i tinker panic 0' /etc/ntp.conf cloud-init-per instance edit_ntp_conf_mkdir mkdir -p /var/lib/ntp cloud-init-per instance edit_ntp_conf3 /bin/sh -c 'echo 0 | tee /var/lib/ntp/drift' cloud-init-per instance edit_ntp_conf4 chown ntp: /var/lib/ntp/drift cloud-init-per instance edit_ntp_conf5 sed -i '/^\s*server/ d' /etc/ntp.conf cloud-init-per instance edit_ntp_conf6 /bin/sh -c 'echo "server {{ common.master_ip }} burst iburst" | tee -a /etc/ntp.conf' # Point installed ntpd to Master node cloud-init-per instance set_ntpdate sed -i 's/SYNC_HWCLOCK\s*=\s*no/SYNC_HWCLOCK=yes/' /etc/sysconfig/ntpdate cloud-init-per instance set_ntpd_0 chkconfig ntpd on cloud-init-per instance set_ntpd_1 chkconfig ntpdate on cloud-init-per instance start_ntpd service ntpd start cloud-init-per instance removeUseDNS sed -i --follow-symlinks -e '/UseDNS/d' /etc/ssh/sshd_config add_str_to_file_if_not_exists /etc/ssh/sshd_config 'UseDNS' 'UseDNS no' cloud-init-per instance gssapi_disable sed -i -e "/^\s*GSSAPICleanupCredentials yes/d" -e "/^\s*GSSAPIAuthentication yes/d" /etc/ssh/sshd_config cloud-init-per instance nailgun_agent_0 /bin/sh -c 'echo "rm -f /etc/nailgun-agent/nodiscover" | tee /etc/rc.local' cloud-init-per instance nailgun_agent_1 /bin/sh -c 'echo "flock -w 0 -o /var/lock/agent.lock -c \"/opt/nailgun/bin/agent >> /var/log/nailgun-agent.log 2>&1\"" | tee -a /etc/rc.local' # Copying default bash settings to the root directory cloud-init-per instance skel_bash cp -f /etc/skel/.bash* /root/ # Puppet config cloud-init-per instance hiera_puppet mkdir -p /etc/puppet /var/lib/hiera cloud-init-per instance touch_puppet touch /var/lib/hiera/common.yaml /etc/puppet/hiera.yaml /var/log/puppet.log cloud-init-per instance chmod_puppet chmod 600 /var/log/puppet.log # Mcollective enable cloud-init-per instance mcollective_enable sed -i /etc/rc.d/init.d/mcollective -e 's/\(# chkconfig:\s\+[-0-6]\+\) [0-9]\+ \([0-9]\+\)/\1 81 \2/'