tools/appliance/systemvmtemplate/scripts/configure_systemvm_services.sh - cloudstack - Git at Google

 #!/bin/bash
 # Licensed to the Apache Software Foundation (ASF) under one
 # or more contributor license agreements.  See the NOTICE file
 # distributed with this work for additional information
 # regarding copyright ownership.  The ASF licenses this file
 # to you under the Apache License, Version 2.0 (the
 # "License"); you may not use this file except in compliance
 # with the License.  You may obtain a copy of the License at
 #
 #   http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing,
 # software distributed under the License is distributed on an
 # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 # KIND, either express or implied.  See the License for the
 # specific language governing permissions and limitations
 # under the License.

 set -e
 set -x

 CLOUDSTACK_RELEASE=4.19.0

 function configure_apache2() {
    # Enable ssl, rewrite and auth
    a2enmod ssl rewrite auth_basic auth_digest
    a2ensite default-ssl
    # Backup stock apache configuration since we may modify it in Secondary Storage VM
    cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/default.orig
    cp /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-available/default-ssl.orig
    sed -i 's/SSLProtocol .*$/SSLProtocol TLSv1.2/g' /etc/apache2/mods-available/ssl.conf
 }

 function configure_strongswan() {
   # change the charon stroke timeout from 3 minutes to 30 seconds
   sed -i "s/# timeout = 0/timeout = 30000/" /etc/strongswan.d/charon/stroke.conf
 }

 function configure_issue() {
   cat > /etc/issue <<EOF

    __?.o/  Apache CloudStack SystemVM $CLOUDSTACK_RELEASE
   (  )#    https://cloudstack.apache.org
  (___(_)   Debian GNU/Linux 11 \n \l

 EOF
 }

 function configure_cacerts() {
   CDIR=$(pwd)
   cd /tmp
   # Add LetsEncrypt ca-cert
   wget https://letsencrypt.org/certs/isrgrootx1.der
   wget https://letsencrypt.org/certs/lets-encrypt-r3.der
   keytool -trustcacerts -keystore /etc/ssl/certs/java/cacerts -storepass changeit -noprompt -importcert -alias letsencryptauthorityx1 -file isrgrootx1.der
   keytool -trustcacerts -keystore /etc/ssl/certs/java/cacerts -storepass changeit -noprompt -importcert -alias letsencryptauthorityr3 -file lets-encrypt-r3.der
   rm -f lets-encrypt-r3.der isrgrootx1.der
   cd $CDIR
 }

 function install_cloud_scripts() {
   # ./cloud_scripts/ has been put there by ../../cloud_scripts_shar_archive.sh
   rsync -av ./cloud_scripts/ /

   chmod +x /opt/cloud/bin/* /opt/cloud/bin/setup/* \
     /root/{clearUsageRules.sh,reconfigLB.sh,monitorServices.py} \
     /etc/profile.d/cloud.sh /etc/cron.daily/* /etc/cron.hourly/*

   chmod +x /root/health_checks/*
   chmod -x /etc/systemd/system/* || true

   systemctl daemon-reload
   systemctl enable cloud-preinit
   systemctl enable cloud-early-config
   systemctl enable cloud-postinit
 }

 function do_signature() {
   mkdir -p /var/cache/cloud/ /usr/share/cloud/
   (cd ./cloud_scripts/; tar -cvf - * | gzip > /usr/share/cloud/cloud-scripts.tgz)
   md5sum /usr/share/cloud/cloud-scripts.tgz | awk '{print $1}' > /var/cache/cloud/cloud-scripts-signature
   echo "Cloudstack Release $CLOUDSTACK_RELEASE $(date)" > /etc/cloudstack-release
 }

 function configure_services() {
   mkdir -p /var/www/html
   mkdir -p /opt/cloud/bin
   mkdir -p /var/cache/cloud
   mkdir -p /usr/share/cloud
   mkdir -p /usr/local/cloud

   # Fix dnsmasq directory issue
   mkdir -p /opt/tftpboot

   # Fix haproxy directory issue
   mkdir -p /var/lib/haproxy

   install_cloud_scripts
   do_signature

   systemctl daemon-reload
   systemctl disable apt-daily.service
   systemctl disable apt-daily.timer
   systemctl disable apt-daily-upgrade.timer

   # Disable services that slow down boot and are not used anyway
   systemctl disable apache2
   systemctl disable conntrackd
   systemctl disable console-setup
   systemctl disable dnsmasq
   systemctl disable haproxy
   systemctl disable keepalived
   systemctl disable radvd
   systemctl disable strongswan-starter
   systemctl disable x11-common
   systemctl disable xl2tpd
   systemctl disable vgauth
   systemctl disable sshd
   systemctl disable nfs-common
   systemctl disable portmap

   # Disable guest services which will selectively be started based on hypervisor
   systemctl disable open-vm-tools
   systemctl disable xe-daemon
   systemctl disable hyperv-daemons.hv-fcopy-daemon.service
   systemctl disable hyperv-daemons.hv-kvp-daemon.service
   systemctl disable hyperv-daemons.hv-vss-daemon.service
   systemctl disable qemu-guest-agent

   # Disable container services
   systemctl disable containerd

   # Disable cloud init by default
 cat <<EOF > /etc/cloud/cloud.cfg.d/cloudstack.cfg
 datasource_list: ['CloudStack']
 datasource:
   CloudStack:
     max_wait: 120
     timeout: 50
 EOF

   touch /etc/cloud/cloud-init.disabled
   systemctl stop cloud-init
   systemctl disable cloud-init

   configure_apache2
   configure_strongswan
   configure_issue
   configure_cacerts
 }

 return 2>/dev/null || configure_services
	#!/bin/bash
	# Licensed to the Apache Software Foundation (ASF) under one
	# or more contributor license agreements. See the NOTICE file
	# distributed with this work for additional information
	# regarding copyright ownership. The ASF licenses this file
	# to you under the Apache License, Version 2.0 (the
	# "License"); you may not use this file except in compliance
	# with the License. You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing,
	# software distributed under the License is distributed on an
	# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	# KIND, either express or implied. See the License for the
	# specific language governing permissions and limitations
	# under the License.

	set -e
	set -x

	CLOUDSTACK_RELEASE=4.19.0

	function configure_apache2() {
	# Enable ssl, rewrite and auth
	a2enmod ssl rewrite auth_basic auth_digest
	a2ensite default-ssl
	# Backup stock apache configuration since we may modify it in Secondary Storage VM
	cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/default.orig
	cp /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-available/default-ssl.orig
	sed -i 's/SSLProtocol .*$/SSLProtocol TLSv1.2/g' /etc/apache2/mods-available/ssl.conf
	}

	function configure_strongswan() {
	# change the charon stroke timeout from 3 minutes to 30 seconds
	sed -i "s/# timeout = 0/timeout = 30000/" /etc/strongswan.d/charon/stroke.conf
	}

	function configure_issue() {
	cat > /etc/issue <<EOF

	__?.o/ Apache CloudStack SystemVM $CLOUDSTACK_RELEASE
	( )# https://cloudstack.apache.org
	(___(_) Debian GNU/Linux 11 \n \l

	EOF
	}

	function configure_cacerts() {
	CDIR=$(pwd)
	cd /tmp
	# Add LetsEncrypt ca-cert
	wget https://letsencrypt.org/certs/isrgrootx1.der
	wget https://letsencrypt.org/certs/lets-encrypt-r3.der
	keytool -trustcacerts -keystore /etc/ssl/certs/java/cacerts -storepass changeit -noprompt -importcert -alias letsencryptauthorityx1 -file isrgrootx1.der
	keytool -trustcacerts -keystore /etc/ssl/certs/java/cacerts -storepass changeit -noprompt -importcert -alias letsencryptauthorityr3 -file lets-encrypt-r3.der
	rm -f lets-encrypt-r3.der isrgrootx1.der
	cd $CDIR
	}

	function install_cloud_scripts() {
	# ./cloud_scripts/ has been put there by ../../cloud_scripts_shar_archive.sh
	rsync -av ./cloud_scripts/ /

	chmod +x /opt/cloud/bin/* /opt/cloud/bin/setup/* \
	/root/{clearUsageRules.sh,reconfigLB.sh,monitorServices.py} \
	/etc/profile.d/cloud.sh /etc/cron.daily/* /etc/cron.hourly/*

	chmod +x /root/health_checks/*
	chmod -x /etc/systemd/system/* \|\| true

	systemctl daemon-reload
	systemctl enable cloud-preinit
	systemctl enable cloud-early-config
	systemctl enable cloud-postinit
	}

	function do_signature() {
	mkdir -p /var/cache/cloud/ /usr/share/cloud/
	(cd ./cloud_scripts/; tar -cvf - * \| gzip > /usr/share/cloud/cloud-scripts.tgz)
	md5sum /usr/share/cloud/cloud-scripts.tgz \| awk '{print $1}' > /var/cache/cloud/cloud-scripts-signature
	echo "Cloudstack Release $CLOUDSTACK_RELEASE $(date)" > /etc/cloudstack-release
	}

	function configure_services() {
	mkdir -p /var/www/html
	mkdir -p /opt/cloud/bin
	mkdir -p /var/cache/cloud
	mkdir -p /usr/share/cloud
	mkdir -p /usr/local/cloud

	# Fix dnsmasq directory issue
	mkdir -p /opt/tftpboot

	# Fix haproxy directory issue
	mkdir -p /var/lib/haproxy

	install_cloud_scripts
	do_signature

	systemctl daemon-reload
	systemctl disable apt-daily.service
	systemctl disable apt-daily.timer
	systemctl disable apt-daily-upgrade.timer

	# Disable services that slow down boot and are not used anyway
	systemctl disable apache2
	systemctl disable conntrackd
	systemctl disable console-setup
	systemctl disable dnsmasq
	systemctl disable haproxy
	systemctl disable keepalived
	systemctl disable radvd
	systemctl disable strongswan-starter
	systemctl disable x11-common
	systemctl disable xl2tpd
	systemctl disable vgauth
	systemctl disable sshd
	systemctl disable nfs-common
	systemctl disable portmap

	# Disable guest services which will selectively be started based on hypervisor
	systemctl disable open-vm-tools
	systemctl disable xe-daemon
	systemctl disable hyperv-daemons.hv-fcopy-daemon.service
	systemctl disable hyperv-daemons.hv-kvp-daemon.service
	systemctl disable hyperv-daemons.hv-vss-daemon.service
	systemctl disable qemu-guest-agent

	# Disable container services
	systemctl disable containerd

	# Disable cloud init by default
	cat <<EOF > /etc/cloud/cloud.cfg.d/cloudstack.cfg
	datasource_list: ['CloudStack']
	datasource:
	CloudStack:
	max_wait: 120
	timeout: 50
	EOF

	touch /etc/cloud/cloud-init.disabled
	systemctl stop cloud-init
	systemctl disable cloud-init

	configure_apache2
	configure_strongswan
	configure_issue
	configure_cacerts
	}

	return 2>/dev/null \|\| configure_services