CLOUDSTACK-7143: split login config out from postinstall.sh
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/e86121db Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/e86121db Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/e86121db Branch: refs/heads/master Commit: e86121db7b07c67590151f239627d45366c1a095 Parents: e5a2e67 Author: Leo Simons <lsim...@schubergphilis.com> Authored: Mon Jul 21 11:09:41 2014 +0200 Committer: Rohit Yadav <rohit.ya...@shapeblue.com> Committed: Mon Sep 22 21:31:35 2014 +0200 ---------------------------------------------------------------------- .../systemvmtemplate/configure_login.sh | 32 +++++++++++++++++++ .../definitions/systemvmtemplate/definition.rb | 1 + .../definitions/systemvmtemplate/postinstall.sh | 33 -------------------- 3 files changed, 33 insertions(+), 33 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/e86121db/tools/appliance/definitions/systemvmtemplate/configure_login.sh ---------------------------------------------------------------------- diff --git a/tools/appliance/definitions/systemvmtemplate/configure_login.sh b/tools/appliance/definitions/systemvmtemplate/configure_login.sh new file mode 100644 index 0000000..413d485 --- /dev/null +++ b/tools/appliance/definitions/systemvmtemplate/configure_login.sh @@ -0,0 +1,32 @@ +setup_accounts() { + # Setup sudo to allow no-password sudo for "admin" + groupadd -r admin + # Create a 'cloud' user if it's not there + id cloud + if [[ $? -ne 0 ]] + then + useradd -G admin cloud + else + usermod -a -G admin cloud + fi + echo "root:$ROOTPW" | chpasswd + echo "cloud:`openssl rand -base64 32`" | chpasswd + sed -i -e '/Defaults\s\+env_reset/a Defaults\texempt_group=admin' /etc/sudoers + sed -i -e 's/%admin ALL=(ALL) ALL/%admin ALL=NOPASSWD:/bin/chmod, /bin/cp, /bin/mkdir, /bin/mount, /bin/umount/g' /etc/sudoers + # Disable password based authentication via ssh, this will take effect on next reboot + sed -i -e 's/^.*PasswordAuthentication .*$/PasswordAuthentication no/g' /etc/ssh/sshd_config + # Secure ~/.ssh + mkdir -p /home/cloud/.ssh + chmod 700 /home/cloud/.ssh +} + +fix_inittab() { + # Fix inittab + cat >> /etc/inittab << EOF + +vc:2345:respawn:/sbin/getty 38400 hvc0 +EOF +} + +setup_accounts +fix_inittab http://git-wip-us.apache.org/repos/asf/cloudstack/blob/e86121db/tools/appliance/definitions/systemvmtemplate/definition.rb ---------------------------------------------------------------------- diff --git a/tools/appliance/definitions/systemvmtemplate/definition.rb b/tools/appliance/definitions/systemvmtemplate/definition.rb index b207b74..3513d46 100644 --- a/tools/appliance/definitions/systemvmtemplate/definition.rb +++ b/tools/appliance/definitions/systemvmtemplate/definition.rb @@ -60,6 +60,7 @@ config = { 'build_time.sh', 'apt_upgrade.sh', 'configure_grub.sh', + 'configure_login.sh', 'postinstall.sh', 'cleanup.sh', 'configure_networking.sh', http://git-wip-us.apache.org/repos/asf/cloudstack/blob/e86121db/tools/appliance/definitions/systemvmtemplate/postinstall.sh ---------------------------------------------------------------------- diff --git a/tools/appliance/definitions/systemvmtemplate/postinstall.sh b/tools/appliance/definitions/systemvmtemplate/postinstall.sh index 1cf6086..aaa023e 100644 --- a/tools/appliance/definitions/systemvmtemplate/postinstall.sh +++ b/tools/appliance/definitions/systemvmtemplate/postinstall.sh @@ -108,28 +108,6 @@ install_packages() { apt-get --no-install-recommends -q -y --force-yes install radvd } -setup_accounts() { - # Setup sudo to allow no-password sudo for "admin" - groupadd -r admin - # Create a 'cloud' user if it's not there - id cloud - if [[ $? -ne 0 ]] - then - useradd -G admin cloud - else - usermod -a -G admin cloud - fi - echo "root:$ROOTPW" | chpasswd - echo "cloud:`openssl rand -base64 32`" | chpasswd - sed -i -e '/Defaults\s\+env_reset/a Defaults\texempt_group=admin' /etc/sudoers - sed -i -e 's/%admin ALL=(ALL) ALL/%admin ALL=NOPASSWD:/bin/chmod, /bin/cp, /bin/mkdir, /bin/mount, /bin/umount/g' /etc/sudoers - # Disable password based authentication via ssh, this will take effect on next reboot - sed -i -e 's/^.*PasswordAuthentication .*$/PasswordAuthentication no/g' /etc/ssh/sshd_config - # Secure ~/.ssh - mkdir -p /home/cloud/.ssh - chmod 700 /home/cloud/.ssh -} - fix_nameserver() { # Replace /etc/resolv.conf also cat > /etc/resolv.conf << EOF @@ -138,14 +116,6 @@ nameserver 8.8.4.4 EOF } -fix_inittab() { - # Fix inittab - cat >> /etc/inittab << EOF - -vc:2345:respawn:/sbin/getty 38400 hvc0 -EOF -} - fix_acpid() { # Fix acpid mkdir -p /etc/acpi/events @@ -206,7 +176,6 @@ EOF do_fixes() { fix_nameserver - fix_inittab fix_acpid fix_hostname fix_locale @@ -277,8 +246,6 @@ begin=$(date +%s) echo "*************INSTALLING PACKAGES********************" install_packages echo "*************DONE INSTALLING PACKAGES********************" -setup_accounts -echo "*************DONE ACCOUNT SETUP********************" configure_services configure_apache2 echo "*************DONE SETTING UP SERVICES********************"
