f4bb992006
During scripted snapshot image builds we remove python-setuptools on rhel/centos 6. This uninstalls cloud-init on hpcloud centos6 builds because cloud-init depends on setuptools. We don't actually need cloud-init in hpcloud because they use dhcp and we have hard coded ssh keys so just don't bother setting cloud-init config if the config dir in /etc does not exist. One could argue that we would possibly want cloud-init to regen host keys for us, but centos' sshd service should do that for us if the host keys do not exist. Change-Id: I96621b0ab1574eb8db0f4394877d3c1fc8208576
237 lines
9.2 KiB
Bash
Executable File
237 lines
9.2 KiB
Bash
Executable File
#!/bin/bash -xe
|
|
|
|
# Copyright (C) 2011-2013 OpenStack Foundation
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
|
# implied.
|
|
#
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
HOSTNAME=$1
|
|
|
|
SUDO=${SUDO:-true}
|
|
THIN=${THIN:-true}
|
|
ALL_MYSQL_PRIVS=${ALL_MYSQL_PRIVS:-false}
|
|
GIT_BASE=${GIT_BASE:-git://git.openstack.org}
|
|
|
|
sudo hostname $HOSTNAME
|
|
if [ -n "$HOSTNAME" ] && ! grep -q $HOSTNAME /etc/hosts ; then
|
|
echo "127.0.1.1 $HOSTNAME" | sudo tee -a /etc/hosts
|
|
fi
|
|
|
|
echo $HOSTNAME > /tmp/image-hostname.txt
|
|
sudo mv /tmp/image-hostname.txt /etc/image-hostname.txt
|
|
|
|
# HP Cloud centos6 images currently require an update to the
|
|
# certificates file before they can connect to common services such as
|
|
# fedora mirror for EPEL over https
|
|
if [ -f /etc/redhat-release ]; then
|
|
if grep -q 'CentOS release 6' /etc/redhat-release; then
|
|
# chicken-and-egg ... hp cloud image has EPEL installed, but
|
|
# we can't connect to it...
|
|
# Note 'epel*' will match 0 or more repositories named epel,
|
|
# so it will work regardless of whether epel is actually
|
|
# installed.
|
|
sudo yum --disablerepo=epel* update -y ca-certificates
|
|
fi
|
|
else
|
|
# Cloud provider apt repos break us - so stop using them
|
|
LSBDISTID=$(lsb_release -is)
|
|
LSBDISTCODENAME=$(lsb_release -cs)
|
|
if [ "$LSBDISTID" == "Ubuntu" ] ; then
|
|
sudo dd of=/etc/apt/sources.list <<EOF
|
|
# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
|
|
# newer versions of the distribution.
|
|
deb http://us.archive.ubuntu.com/ubuntu/ $LSBDISTCODENAME main restricted
|
|
deb-src http://us.archive.ubuntu.com/ubuntu/ $LSBDISTCODENAME main restricted
|
|
|
|
## Major bug fix updates produced after the final release of the
|
|
## distribution.
|
|
deb http://us.archive.ubuntu.com/ubuntu/ $LSBDISTCODENAME-updates main restricted
|
|
deb-src http://us.archive.ubuntu.com/ubuntu/ $LSBDISTCODENAME-updates main restricted
|
|
|
|
## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
|
|
## team. Also, please note that software in universe WILL NOT receive any
|
|
## review or updates from the Ubuntu security team.
|
|
deb http://us.archive.ubuntu.com/ubuntu/ $LSBDISTCODENAME universe
|
|
deb-src http://us.archive.ubuntu.com/ubuntu/ $LSBDISTCODENAME universe
|
|
deb http://us.archive.ubuntu.com/ubuntu/ $LSBDISTCODENAME-updates universe
|
|
deb-src http://us.archive.ubuntu.com/ubuntu/ $LSBDISTCODENAME-updates universe
|
|
|
|
## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
|
|
## team, and may not be under a free licence. Please satisfy yourself as to
|
|
## your rights to use the software. Also, please note that software in
|
|
## multiverse WILL NOT receive any review or updates from the Ubuntu
|
|
## security team.
|
|
deb http://us.archive.ubuntu.com/ubuntu/ $LSBDISTCODENAME multiverse
|
|
deb-src http://us.archive.ubuntu.com/ubuntu/ $LSBDISTCODENAME multiverse
|
|
deb http://us.archive.ubuntu.com/ubuntu/ $LSBDISTCODENAME-updates multiverse
|
|
deb-src http://us.archive.ubuntu.com/ubuntu/ $LSBDISTCODENAME-updates multiverse
|
|
|
|
## N.B. software from this repository may not have been tested as
|
|
## extensively as that contained in the main release, although it includes
|
|
## newer versions of some applications which may provide useful features.
|
|
## Also, please note that software in backports WILL NOT receive any review
|
|
## or updates from the Ubuntu security team.
|
|
deb http://us.archive.ubuntu.com/ubuntu/ $LSBDISTCODENAME-backports main restricted universe multiverse
|
|
deb-src http://us.archive.ubuntu.com/ubuntu/ $LSBDISTCODENAME-backports main restricted universe multiverse
|
|
|
|
deb http://security.ubuntu.com/ubuntu $LSBDISTCODENAME-security main restricted
|
|
deb-src http://security.ubuntu.com/ubuntu $LSBDISTCODENAME-security main restricted
|
|
deb http://security.ubuntu.com/ubuntu $LSBDISTCODENAME-security universe
|
|
deb-src http://security.ubuntu.com/ubuntu $LSBDISTCODENAME-security universe
|
|
deb http://security.ubuntu.com/ubuntu $LSBDISTCODENAME-security multiverse
|
|
deb-src http://security.ubuntu.com/ubuntu $LSBDISTCODENAME-security multiverse
|
|
EOF
|
|
fi
|
|
fi
|
|
|
|
# Fedora image doesn't come with wget
|
|
if [ -f /usr/bin/yum ]; then
|
|
sudo yum -y install wget
|
|
fi
|
|
wget https://git.openstack.org/cgit/openstack-infra/system-config/plain/install_puppet.sh
|
|
sudo bash -xe install_puppet.sh
|
|
|
|
sudo git clone --depth=1 $GIT_BASE/openstack-infra/system-config.git \
|
|
/root/system-config
|
|
sudo /bin/bash /root/system-config/install_modules.sh
|
|
|
|
set +e
|
|
if [ -z "$NODEPOOL_SSH_KEY" ] ; then
|
|
sudo puppet apply --detailed-exitcodes --modulepath=/root/system-config/modules:/etc/puppet/modules \
|
|
-e "class {'openstack_project::single_use_slave':
|
|
sudo => $SUDO,
|
|
thin => $THIN,
|
|
all_mysql_privs => $ALL_MYSQL_PRIVS,
|
|
}"
|
|
PUPPET_RET_CODE=$?
|
|
else
|
|
sudo puppet apply --detailed-exitcodes --modulepath=/root/system-config/modules:/etc/puppet/modules \
|
|
-e "class {'openstack_project::single_use_slave':
|
|
install_users => false,
|
|
sudo => $SUDO,
|
|
thin => $THIN,
|
|
all_mysql_privs => $ALL_MYSQL_PRIVS,
|
|
ssh_key => '$NODEPOOL_SSH_KEY',
|
|
}"
|
|
PUPPET_RET_CODE=$?
|
|
fi
|
|
# Puppet doesn't properly return exit codes. Check here the values that
|
|
# indicate failure of some sort happened. 0 and 2 indicate success.
|
|
if [ "$PUPPET_RET_CODE" -eq "4" ] || [ "$PUPPET_RET_CODE" -eq "6" ] ; then
|
|
exit $PUPPET_RET_CODE
|
|
fi
|
|
set -e
|
|
|
|
# The puppet modules should install unbound. Set up some nameservers.
|
|
cat >/tmp/forwarding.conf <<EOF
|
|
forward-zone:
|
|
name: "."
|
|
forward-addr: 8.8.8.8
|
|
EOF
|
|
sudo mv /tmp/forwarding.conf /etc/unbound/
|
|
sudo chown root:root /etc/unbound/forwarding.conf
|
|
sudo chmod a+r /etc/unbound/forwarding.conf
|
|
# HPCloud has selinux enabled by default, Rackspace apparently not.
|
|
# Regardless, apply the correct context.
|
|
if [ -x /sbin/restorecon ] ; then
|
|
sudo chcon system_u:object_r:named_conf_t:s0 /etc/unbound/forwarding.conf
|
|
fi
|
|
|
|
# Overwrite /etc/resolv.conf at boot
|
|
sudo dd of=/etc/rc.local <<EOF
|
|
#!/bin/bash
|
|
set -o xtrace
|
|
|
|
# Some providers inject dynamic network config statically. Work around this
|
|
# for DNS nameservers. This is expected to fail on some nodes so remove -e.
|
|
set +e
|
|
sed -i -e 's/^\(DNS[0-9]*=[.0-9]\+\)/#\1/g' /etc/sysconfig/network-scripts/ifcfg-*
|
|
set -e
|
|
|
|
echo 'nameserver 127.0.0.1' > /etc/resolv.conf
|
|
|
|
exit 0
|
|
EOF
|
|
|
|
# Make all cloud-init data sources match rackspace- only attempt to look
|
|
# at ConfigDrive, not at metadata service. This is not needed if there
|
|
# is no cloud-init
|
|
if [ -d /etc/cloud/cloud.cfg.d ] ; then
|
|
sudo dd of=/etc/cloud/cloud.cfg.d/95_real_datasources.cfg <<EOF
|
|
datasource_list: [ ConfigDrive, None ]
|
|
EOF
|
|
fi
|
|
|
|
sudo bash -c "echo 'include: /etc/unbound/forwarding.conf' >> /etc/unbound/unbound.conf"
|
|
if [ -e /etc/init.d/unbound ] ; then
|
|
sudo /etc/init.d/unbound restart
|
|
elif [ -e /usr/lib/systemd/system/unbound.service ] ; then
|
|
sudo systemctl restart unbound
|
|
else
|
|
echo "Can't discover a method to restart \"unbound\""
|
|
exit 1
|
|
fi
|
|
|
|
# Make sure DNS works.
|
|
dig git.openstack.org
|
|
|
|
# Cache all currently known gerrit repos.
|
|
sudo mkdir -p /opt/git
|
|
sudo -i python /opt/nodepool-scripts/cache_git_repos.py $GIT_BASE
|
|
|
|
# We don't always get ext4 from our clouds, mount ext3 as ext4 on the next
|
|
# boot (eg when this image is used for testing).
|
|
sudo sed -i 's/ext3/ext4/g' /etc/fstab
|
|
|
|
# Remove additional sources used to install puppet or special version of pypi.
|
|
# We do this because leaving these sources in place causes every test that
|
|
# does an apt-get update to hit those servers which may not have the uptime
|
|
# of our local mirrors.
|
|
OS_FAMILY=$(facter osfamily)
|
|
if [ "$OS_FAMILY" == "Debian" ] ; then
|
|
sudo rm -f /etc/apt/sources.list.d/*
|
|
sudo apt-get update
|
|
elif [ "$OS_FAMILY" == "RedHat" ] ; then
|
|
# Can't delete * in yum.repos.d since all of the repos are listed there.
|
|
# Be specific instead.
|
|
if [ -f /etc/yum.repos.d/puppetlabs.repo ] ; then
|
|
sudo rm -f /etc/yum.repos.d/puppetlabs.repo
|
|
fi
|
|
fi
|
|
|
|
# Remove cron jobs
|
|
# We create fresh servers for these hosts, and they are used once. They don't
|
|
# need to do things like update the locatedb or the mandb or rotate logs
|
|
# or really any of those things. We only want code running here that we want
|
|
# here.
|
|
sudo rm -f /etc/cron.{monthly,weekly,daily,hourly,d}/*
|
|
|
|
# Install Zuul into a virtualenv
|
|
# This is in /usr instead of /usr/local due to this bug on precise:
|
|
# https://bugs.launchpad.net/ubuntu/+source/python2.7/+bug/839588
|
|
git clone /opt/git/openstack-infra/zuul /tmp/zuul
|
|
sudo virtualenv /usr/zuul-env
|
|
sudo -H /usr/zuul-env/bin/pip install /tmp/zuul
|
|
sudo rm -fr /tmp/zuul
|
|
|
|
# Create a virtualenv for zuul-swift-logs
|
|
# This is in /usr instead of /usr/local due to this bug on precise:
|
|
# https://bugs.launchpad.net/ubuntu/+source/python2.7/+bug/839588
|
|
sudo -H virtualenv /usr/zuul-swift-logs-env
|
|
sudo -H /usr/zuul-swift-logs-env/bin/pip install python-magic argparse \
|
|
requests glob2
|
|
|
|
sync
|
|
sleep 5
|