diff options
Diffstat (limited to 'builder/files')
-rw-r--r-- | builder/files/cleanup.sh | 7 | ||||
-rw-r--r-- | builder/files/epel-release-6-8.noarch.rpm | bin | 0 -> 14540 bytes | |||
-rw-r--r-- | builder/files/network.sh | 40 | ||||
-rw-r--r-- | builder/files/password | 1 | ||||
-rw-r--r-- | builder/files/puppetlabs-release-el-6.noarch.rpm | bin | 0 -> 5712 bytes | |||
-rw-r--r-- | builder/files/selinux | 10 | ||||
-rw-r--r-- | builder/files/ssh.sh | 58 | ||||
-rw-r--r-- | builder/files/user.sh | 16 |
8 files changed, 132 insertions, 0 deletions
diff --git a/builder/files/cleanup.sh b/builder/files/cleanup.sh new file mode 100644 index 0000000..765b343 --- /dev/null +++ b/builder/files/cleanup.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +# Do some cleanup.. +rm -f ~root/.bash_history +#rm -r "$(gem env gemdir)"/doc/* +yum clean all + diff --git a/builder/files/epel-release-6-8.noarch.rpm b/builder/files/epel-release-6-8.noarch.rpm Binary files differnew file mode 100644 index 0000000..588a577 --- /dev/null +++ b/builder/files/epel-release-6-8.noarch.rpm diff --git a/builder/files/network.sh b/builder/files/network.sh new file mode 100644 index 0000000..404bb9a --- /dev/null +++ b/builder/files/network.sh @@ -0,0 +1,40 @@ +#!/bin/bash + +# Disable firewall +chkconfig iptables off +chkconfig ip6tables off +chkconfig sshd on + +# Networking setup... +# Don't fix ethX names to hw address. +#rm -f /etc/udev/rules.d/*persistent-net.rules +#rm -f /etc/udev/rules.d/*-net.rules +rm -rf /var/lib/dhclient/* # remove any old leases that could be around... + +# XXX: unsure if this will help, but we'll try it out: +# Problem situation: Two interfaces are connected to same network. One interface +# wants to renew DHCP lease and asks server for address. DHCPACK message from +# server arrives, client moves to BOUND state. The client performs a check on +# the suggested address to ensure that the address is not already in use. On +# arping for specified IP address, other interface replies and that's why +# dhclient-script replies with DHCPDECLINE message. (See RFC2131, 4.4.1.). +# Solution: Set sysctl to reply only if the target IP address is local address +# configured on the incoming interface. (See kernel documentation +# Documentation/networking/ip-sysctl.txt) +set_sysctl() { + grep "$1" /etc/sysctl.conf > /dev/null + [ $? -eq 0 ] && sed -i '/'$1'/d' /etc/sysctl.conf + echo "$1 = $2" >> /etc/sysctl.conf +} +set_sysctl 'net.ipv4.conf.all.arp_ignore' 1 +set_sysctl 'net.ipv4.conf.all.arp_announce' 2 +set_sysctl 'net.ipv4.conf.all.rp_filter' 3 + +# Interface eth0 should get IP address via dhcp. +#cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF +#DEVICE="eth0" +#BOOTPROTO="dhcp" +#ONBOOT="yes" +#NM_CONTROLLED="no" +#EOF + diff --git a/builder/files/password b/builder/files/password new file mode 100644 index 0000000..d6a9762 --- /dev/null +++ b/builder/files/password @@ -0,0 +1 @@ +vagrant diff --git a/builder/files/puppetlabs-release-el-6.noarch.rpm b/builder/files/puppetlabs-release-el-6.noarch.rpm Binary files differnew file mode 100644 index 0000000..0e99d19 --- /dev/null +++ b/builder/files/puppetlabs-release-el-6.noarch.rpm diff --git a/builder/files/selinux b/builder/files/selinux new file mode 100644 index 0000000..8237483 --- /dev/null +++ b/builder/files/selinux @@ -0,0 +1,10 @@ +# This file controls the state of SELinux on the system. +# SELINUX= can take one of these three values: +# enforcing - SELinux security policy is enforced. +# permissive - SELinux prints warnings instead of enforcing. +# disabled - SELinux is fully disabled. +SELINUX=disabled +# SELINUXTYPE= type of policy in use. Possible values are: +# targeted - Only targeted network daemons are protected. +# strict - Full SELinux protection. +SELINUXTYPE=targeted diff --git a/builder/files/ssh.sh b/builder/files/ssh.sh new file mode 100644 index 0000000..b2b4366 --- /dev/null +++ b/builder/files/ssh.sh @@ -0,0 +1,58 @@ +#!/bin/bash + +# SSH setup +# Add Vagrant ssh key for root and vagrant accouts. +sed -i 's/.*UseDNS.*/UseDNS no/' /etc/ssh/sshd_config + +[ -d ~root/.ssh ] || mkdir ~root/.ssh +chmod 700 ~root/.ssh +cat > ~root/.ssh/authorized_keys << EOF +ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key +EOF +chmod 600 ~root/.ssh/authorized_keys + +# allow interhost communication +cat > ~root/.ssh/id_rsa << EOF +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzI +w+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoP +kcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2 +hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NO +Td0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcW +yLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQIBIwKCAQEA4iqWPJXtzZA68mKd +ELs4jJsdyky+ewdZeNds5tjcnHU5zUYE25K+ffJED9qUWICcLZDc81TGWjHyAqD1 +Bw7XpgUwFgeUJwUlzQurAv+/ySnxiwuaGJfhFM1CaQHzfXphgVml+fZUvnJUTvzf +TK2Lg6EdbUE9TarUlBf/xPfuEhMSlIE5keb/Zz3/LUlRg8yDqz5w+QWVJ4utnKnK +iqwZN0mwpwU7YSyJhlT4YV1F3n4YjLswM5wJs2oqm0jssQu/BT0tyEXNDYBLEF4A +sClaWuSJ2kjq7KhrrYXzagqhnSei9ODYFShJu8UWVec3Ihb5ZXlzO6vdNQ1J9Xsf +4m+2ywKBgQD6qFxx/Rv9CNN96l/4rb14HKirC2o/orApiHmHDsURs5rUKDx0f9iP +cXN7S1uePXuJRK/5hsubaOCx3Owd2u9gD6Oq0CsMkE4CUSiJcYrMANtx54cGH7Rk +EjFZxK8xAv1ldELEyxrFqkbE4BKd8QOt414qjvTGyAK+OLD3M2QdCQKBgQDtx8pN +CAxR7yhHbIWT1AH66+XWN8bXq7l3RO/ukeaci98JfkbkxURZhtxV/HHuvUhnPLdX +3TwygPBYZFNo4pzVEhzWoTtnEtrFueKxyc3+LjZpuo+mBlQ6ORtfgkr9gBVphXZG +YEzkCD3lVdl8L4cw9BVpKrJCs1c5taGjDgdInQKBgHm/fVvv96bJxc9x1tffXAcj +3OVdUN0UgXNCSaf/3A/phbeBQe9xS+3mpc4r6qvx+iy69mNBeNZ0xOitIjpjBo2+ +dBEjSBwLk5q5tJqHmy/jKMJL4n9ROlx93XS+njxgibTvU6Fp9w+NOFD/HvxB3Tcz +6+jJF85D5BNAG3DBMKBjAoGBAOAxZvgsKN+JuENXsST7F89Tck2iTcQIT8g5rwWC +P9Vt74yboe2kDT531w8+egz7nAmRBKNM751U/95P9t88EDacDI/Z2OwnuFQHCPDF +llYOUI+SpLJ6/vURRbHSnnn8a/XG+nzedGH5JGqEJNQsz+xT2axM0/W/CRknmGaJ +kda/AoGANWrLCz708y7VYgAtW2Uf1DPOIYMdvo6fxIB5i9ZfISgcJ/bbCUkFrhoH ++vq/5CIWxCPp0f85R4qxxQ5ihxJ0YDQT9Jpx4TMss4PSavPaBH3RXow5Ohe+bYoQ +NE5OgEXk2wVfZczCZpigBKbKZHNYcelXtTt/nP3rsCuGcM4h53s= +-----END RSA PRIVATE KEY----- +EOF +chmod 600 ~root/.ssh/id_rsa + +cat > ~root/.ssh/id_rsa.pub << EOF +ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key +EOF + +# vagrant user ssh +[ -d ~vagrant/.ssh ] || mkdir ~vagrant/.ssh +chmod 700 ~vagrant/.ssh +cat > ~vagrant/.ssh/authorized_keys << EOF +ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key +EOF +chmod 600 ~vagrant/.ssh/authorized_keys +chown -R vagrant:vagrant ~vagrant/.ssh/ + diff --git a/builder/files/user.sh b/builder/files/user.sh new file mode 100644 index 0000000..224a058 --- /dev/null +++ b/builder/files/user.sh @@ -0,0 +1,16 @@ +#!/bin/bash + +echo 'vagrant' | passwd --stdin root +grep 'vagrant' /etc/passwd > /dev/null +if [ $? -ne 0 ]; then + echo '* Creating user vagrant.' + useradd vagrant + echo 'vagrant' | passwd --stdin vagrant +fi +grep '^admin:' /etc/group > /dev/null || groupadd admin +usermod -G admin vagrant + +#echo 'Defaults env_keep += "SSH_AUTH_SOCK"' >> /etc/sudoers +echo '%admin ALL=NOPASSWD: ALL' >> /etc/sudoers +sed -i 's/Defaults\s*requiretty/Defaults !requiretty/' /etc/sudoers + |