Gitiles
Code Review Sign In
spfactory.storpool.com / devstack / 641c817fd7ff84b1382f34a490f1b34254b7b900 / . / tools / xen / prepare_guest.sh
blob: 6de1afc19957455d7370723e27c68752df3993f2 [file] [log] [blame]
#!/bin/bash
# This script is run on an Ubuntu VM.
# This script is inserted into the VM by prepare_guest_template.sh
# and is run when that VM boots.
# It customizes a fresh Ubuntu install, so it is ready
# to run stack.sh
#
# This includes installing the XenServer tools,
# creating the user called "stack",
# and shuts down the VM to signal the script has completed
set -o errexit
set -o nounset
set -o xtrace
# Configurable nuggets
GUEST_PASSWORD="$1"
STACK_USER="$2"
DOMZERO_USER="$3"
function setup_domzero_user {
local username
username="$1"
local key_updater_script
local sudoers_file
key_updater_script="/home/$username/update_authorized_keys.sh"
sudoers_file="/etc/sudoers.d/allow_$username"
# Create user
adduser --disabled-password --quiet "$username" --gecos "$username"
# Give passwordless sudo
cat > $sudoers_file << EOF
$username ALL = NOPASSWD: ALL
EOF
chmod 0440 $sudoers_file
# A script to populate this user's authenticated_keys from xenstore
cat > $key_updater_script << EOF
#!/bin/bash
set -eux
DOMID=\$(sudo xenstore-read domid)
sudo xenstore-exists /local/domain/\$DOMID/authorized_keys/$username
sudo xenstore-read /local/domain/\$DOMID/authorized_keys/$username > /home/$username/xenstore_value
cat /home/$username/xenstore_value > /home/$username/.ssh/authorized_keys
EOF
# Give the key updater to the user
chown $username:$username $key_updater_script
chmod 0700 $key_updater_script
# Setup the .ssh folder
mkdir -p /home/$username/.ssh
chown $username:$username /home/$username/.ssh
chmod 0700 /home/$username/.ssh
touch /home/$username/.ssh/authorized_keys
chown $username:$username /home/$username/.ssh/authorized_keys
chmod 0600 /home/$username/.ssh/authorized_keys
# Setup the key updater as a cron job
crontab -u $username - << EOF
* * * * * $key_updater_script
EOF
}
# Make a small cracklib dictionary, so that passwd still works, but we don't
# have the big dictionary.
mkdir -p /usr/share/cracklib
echo a | cracklib-packer
# Make /etc/shadow, and set the root password
pwconv
echo "root:$GUEST_PASSWORD" | chpasswd
# Put the VPX into UTC.
rm -f /etc/localtime
# Add stack user
groupadd libvirtd
useradd $STACK_USER -s /bin/bash -d /opt/stack -G libvirtd
echo $STACK_USER:$GUEST_PASSWORD | chpasswd
echo "$STACK_USER ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
setup_domzero_user "$DOMZERO_USER"
# Add an udev rule, so that new block devices could be written by stack user
cat > /etc/udev/rules.d/50-openstack-blockdev.rules << EOF
KERNEL=="xvd[b-z]", GROUP="$STACK_USER", MODE="0660"
EOF
# Give ownership of /opt/stack to stack user
chown -R $STACK_USER /opt/stack
function setup_vimrc {
if [ ! -e $1 ]; then
# Simple but usable vimrc
cat > $1 <<EOF
se ts=4
se expandtab
se shiftwidth=4
EOF
fi
}
# Setup simple .vimrcs
setup_vimrc /root/.vimrc
setup_vimrc /opt/stack/.vimrc
# remove self from local.rc
# so this script is not run again
rm -rf /etc/rc.local
# Restore rc.local file
cp /etc/rc.local.preparebackup /etc/rc.local
# shutdown to notify we are done
shutdown -h now