File config.sh of Package OBS-Appliance
#!/bin/bash
#======================================
# Functions...
#--------------------------------------
test -f /.kconfig && . /.kconfig
test -f /.profile && . /.profile
#======================================
# Greeting...
#--------------------------------------
echo "Configure image: [$kiwi_iname]..."
#======================================
# Activate services
#--------------------------------------
# ifup lo
systemctl enable boot.device-mapper
systemctl enable boot.lvm
systemctl enable slpd
systemctl enable haveged
# OBS api
systemctl enable memcached
systemctl enable apache2
systemctl enable mysql
systemctl enable obs-api-support.target
# OBS backend
systemctl enable obssrcserver
systemctl enable obsrepserver
systemctl enable obsdispatcher
systemctl enable obspublisher
systemctl enable obsscheduler
systemctl enable obsservice
systemctl enable obssignd
systemctl enable obssigner
systemctl enable obswarden
systemctl enable obsdodup
systemctl enable obsdeltastore
systemctl enable obsservicedispatch
# OBS worker
systemctl enable obsworker
# For OBS Appliance only:
systemctl enable obsapisetup
systemctl enable obsstoragesetup
# setup initrd
# similar to kernel-obs-build package
# a longer list to have them also available for qemu cross builds where x86_64 kernel runs in eg. arm env.
# this list of modules where available on build workers of build.opensuse.org, so we stay compatible.
export KERNEL_MODULES="loop dm-mod dm-snapshot binfmt-misc fuse squashfs ext2 ext3 ext4 binfmt_misc virtio_pci virtio_mmio virtio_blk virtio-rng fat vfat nls_cp437 nls_iso8859-1"
echo "force_drivers+=\" $KERNEL_MODULES \"" >/etc/dracut.conf.d/03-my-obs.conf
echo "options loop max_loop=64 lbs=0" > /etc/modprobe.d/50-obs.conf
mkdir -p /usr/lib/dracut/modules.d/80obs
cat > /usr/lib/dracut/modules.d/80obs/module-setup.sh <<EOF
#!/bin/bash
# called by dracut
check() {
return 0
}
# called by dracut
installkernel() {
hostonly='' instmods $KERNEL_MODULES
}
# called by dracut
install() {
inst_hook pre-udev 80 "\$moddir"/setup_obs.sh
}
EOF
chmod a+rx /usr/lib/dracut/modules.d/80obs/module-setup.sh
cat > /usr/lib/dracut/modules.d/80obs/setup_obs.sh <<EOF
#!/bin/sh
info "Loading kernel modules for OBS"
info " Loop..."
modprobe loop max_loop=64 lbs=0 || modprobe loop max_loop=64
info " binfmt misc..."
modprobe binfmt_misc
EOF
chmod a+rx /usr/lib/dracut/modules.d/80obs/setup_obs.sh
# manually load all modules to make sure they're available
for i in $KERNEL_MODULES; do
(
echo "info ' $i'"
echo "modprobe $i"
) >> /usr/lib/dracut/modules.d/80obs/setup_obs.sh
done
# enforce setup of time
sed -i -e 's/^NTPD_FORCE_SYNC_ON_STARTUP=.*/NTPD_FORCE_SYNC_ON_STARTUP="yes"/' /etc/sysconfig/ntp
# enable autosetup
sed -i 's,OBS_API_AUTOSETUP=.*,OBS_API_AUTOSETUP="yes",' /etc/sysconfig/obs-server
sed -i 's,OBS_STORAGE_AUTOSETUP=.*,OBS_STORAGE_AUTOSETUP="yes",' /etc/sysconfig/obs-*
sed -i 's,OBS_SETUP_WORKER_PARTITIONS=.*,OBS_SETUP_WORKER_PARTITIONS="use_obs_vg",' /etc/sysconfig/obs-*
# hardwired ntp server config, in case dhcp distribution of ntp config is not working
echo "" >> /etc/ntp.conf
echo "server ntp1" >> /etc/ntp.conf
# bug ?
chown root.root /var/lib/empty
# disable predictable udev device names and use unpredictable ones to have them predictable again
# so our network gets actually setup. This file is usually written by YaST otherwise.
echo 'SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{type}=="1", KERNEL=="e*", NAME="eth0"' > /etc/udev/rules.d/70-persistent-net.rules
if [ ! -f /etc/sysconfig/network/if-cfg.eth0 ];then
cat <<EOF > /etc/sysconfig/network/ifcfg-eth0
BOOTPROTO='dhcp'
BROADCAST=''
ETHTOOL_OPTIONS=''
IPADDR=''
MTU=''
NAME=''
NETMASK=''
NETWORK=''
REMOTE_IPADDR=''
STARTMODE='auto'
DHCLIENT_SET_DEFAULT_ROUTE='yes'
EOF
ifup eth0
fi
# Only for OBS-Appliance*, not WorkerOnly
if true; then
# apache configuration
for i in passenger rewrite proxy proxy_http xforward headers ssl socache_shmcb; do
/usr/sbin/a2enmod $i
done
sed -i 's,APACHE_SERVER_FLAGS=.*,APACHE_SERVER_FLAGS="SSL",' /etc/sysconfig/apache2
# Enable xforward
sed -i 's,^#use_xforward:.*,use_xforward: true,' /srv/www/obs/api/config/options.yml
#======================
# Configure OBS backend
#----------------------
sed -i 's,.*our $serviceserve.*,our $serviceserver = "http://$hostname:5152";,' /usr/lib/obs/server/BSConfig.pm
sed -i 's,^our $repodownload.*,our $repodownload = "http://$hostname:82/";,' /usr/lib/obs/server/BSConfig.pm
sed -i 's,^OBS_RUN_DIR=.*,OBS_RUN_DIR="/srv/obs/run",' /etc/sysconfig/obs-server
sed -i 's,^OBS_LOG_DIR=.*,OBS_LOG_DIR="/srv/obs/log",' /etc/sysconfig/obs-server
# 16G for being able to build appliance images
sed -i 's,^OBS_VM_DISK_AUTOSETUP_ROOT_FILESIZE=.*,OBS_VM_DISK_AUTOSETUP_ROOT_FILESIZE="16384",' /etc/sysconfig/obs-server
# signing setup
sed -i 's,.*our $gpg_standard_key.*,our $gpg_standard_key = "/srv/obs/obs-default-gpg.asc";,' /usr/lib/obs/server/BSConfig.pm
sed -i 's,.*our $keyfile.*,our $keyfile = "/srv/obs/obs-default-gpg.asc";,' /usr/lib/obs/server/BSConfig.pm
sed -i 's,.*our $sign = .*,our $sign = "/usr/bin/sign";,' /usr/lib/obs/server/BSConfig.pm
sed -i 's,.*our $forceprojectkeys.*,our $forceprojectkeys = 1;,' /usr/lib/obs/server/BSConfig.pm
chmod 4755 /usr/bin/sign
#=======================
# Configure mysql database
#-----------------------
cat <<EOF > /etc/my.cnf.d/obs-server.cnf
# Genereated by kiwi's config.sh
[mysqld]
bind-address = 127.0.0.1
datadir = /srv/obs/MySQL
[mysqld_multi]
datadir = /srv/obs/MySQL
EOF
#======================================
# Fix user id values to unbreak updates
#--------------------------------------
obsrun_user=`getent passwd 103|cut -d: -f 1`
if [ -n "$obsrun_user" -a "$obsrun_user" != "obsrun" ]; then
usermod -u 942 "$obsrun_user" || exit 1 # move away conflicting uid user
usermod -u 103 obsrun || exit 1 # use fixed obsrun uid
fi
obsrun_user=`getent passwd 103|cut -d: -f 1`
if [ -n "$obsrun_user" -a "$obsrun_user" != "obsrun" ]; then
print "wrong user for id 103: $obsrun_user"
exit 1
fi
fi
#======================================
# Add Default Repositories
#--------------------------------------
ARCH=$(uname -m)
case $ARCH in
aarch64)
zypper ar http://download.opensuse.org/ports/aarch64/distribution/leap/'$releasever'/repo/oss/ openSUSE:Leap
zypper ar http://download.opensuse.org/ports/update/leap/'$releasever'/oss/ openSUSE:Leap:Update
;;
*)
zypper ar http://download.opensuse.org/distribution/leap/'$releasever'/repo/oss/ openSUSE:Leap
zypper ar http://download.opensuse.org/update/leap/'$releasever'/oss/ openSUSE:Leap:Update
;;
esac
zypper ar obs://openSUSE:Tools/'$releasever' openSUSE:Tools
zypper ar obs://OBS:Server:Unstable/'$releasever' OBS:Server:Unstable
#======================================
# Import trusted keys
#--------------------------------------
cat > OBS.pubkey <<EOF
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.5 (GNU/Linux)
mQENBFEjZoUBCAC4PFLGczW3H6doqMRNXVCwhQ0Qexh47Af4NqsEzqE3yjfd7x02
ZANxqFbFWDnR1hZA6TcNbSWRgrku2DR7hAVUnkwZ1Ke+ZCC73hO4AYPMon+LNOy6
5BBf75Hogo9SKtEw4AVk8N6/H0P3p2G588A1zFnaEMRC66yAPn5CCvPMi4vY1XMZ
2obfGpLoD9TtWvh+YhdyuBz1MtgGIcxIUmjJAzYpEeEDYBdqpmyVPYbIaIgGyA5G
xnkHfjRMV5sRX7ooMO68JlFobVEiY8b/PpQUJs/5Kleq9+2X20tWq52XU539CXFh
3u0ujO0xLArhEOxQomjmzRSTRZFy0R5GNTexABEBAAG0KE9CUyBPQlMgUHJvamVj
dCA8T0JTQGJ1aWxkLm9wZW5zdXNlLm9yZz6JATwEEwECACYFAlEjZoUCGwMFCQQe
sAAGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRDoQgq4xcIZ588CB/0VXgoO4V1f
H79Ks7IEYandGIISBpd5DWGHaVOhv4UvS3KJVtj7hrWefL9eztR0csb3LpikkPJU
v7lO49a+8WfI1H0zseUBknBMJPAxxVBZtTjg1YqzFEvu56n0PGKJEtfCZyFNOf20
aQCjCgiqoJ7ksV3r+G/OGaDzHJOwX7tAh22vtt39qdwqcnRaOODWzBbuYZCZoGGH
VMXFiLYRXphf8NAVaqyGMApFC78OZiPKowr4B0GyY87dIqORBQEUx/WZokoy8BnI
JppPSvR8kvmPPJTRoumqrItupK3cxiIO9yqmCwyNf5lOjQByIh8c38zro6c3lCZF
yBdRcwqSzlxBiEYEExECAAYFAlEjZoUACgkQOzARt2udZSOC+QCeMXyfYqtIGXTE
U2qT0Jra0XLltHIAoIpzj6aiBdGDfGQQTBi/vCUF8SyB
=vCGk
-----END PGP PUBLIC KEY BLOCK-----
EOF
for i in /usr/lib/rpm/gnupg/keys/gpg-pubkey*asc OBS.pubkey; do
# importing can fail if it already exists
rpm --import $i || true
done
# This is required to send the hostname to the dhcp server, so
# the `hostname -f` command in obsapisetup could get a FQHN.
# Otherwise obsapisetup waits 10min before using 'localhost' as
# fallback
# DEACTIVATED BY fschreiner FOR TESTING
#echo "obs-server" > /etc/hostname
if [[ $kiwi_profiles = ec2 ]]; then
# keg: included from ec2-cloud-netconfig
baseUpdateSysConfig /etc/sysconfig/network/config NETCONFIG_MODULES_ORDER "cloud-netconfig dns-resolver dns-bind dns-dnsmasq nis ntp-runtime"
# keg: included from ec2-set-hostname
baseUpdateSysConfig /etc/sysconfig/network/dhcp DHCLIENT_SET_HOSTNAME "no"
# keg: included from grub-root-label-workaround-bsc#1197616
cat >> "/etc/default/grub" <<EOF
GRUB_CMDLINE_LINUX="root=LABEL=ROOT"
SUSE_REMOVE_LINUX_ROOT_PARAM=true
EOF
# keg: included from ec2-scripts
# No Xen based instance types for ARM, no need for custom config
if [ "`uname -m`" = "aarch64" ]; then
rm -f /etc/dracut.conf.d/07-*.conf
fi
test -f /etc/ssh/sshd_config || cp /usr/etc/ssh/sshd_config /etc/ssh/
sed -i -e "s/#ChallengeResponseAuthentication yes/ChallengeResponseAuthentication no/" \
/etc/ssh/sshd_config
# Disable password based login via ssh
test -f /etc/ssh/sshd_config || cp /usr/etc/ssh/sshd_config /etc/ssh/
sed -i -e 's/#PasswordAuthentication yes/PasswordAuthentication no/' \
/etc/ssh/sshd_config
# keg: included from vm-services
baseInsertService chronyd
# keg: included from ec2-services
baseInsertService cloud-config
baseInsertService cloud-final
baseInsertService cloud-init
baseInsertService cloud-init-local
# keg: included from ec2-cloud-netconfig
systemctl enable cloud-netconfig.timer
fi
exit 0
