stemcell_builder 1.0.8

data/templates/centos/setup-bosh.sh

@@ -0,0 +1,20 @@
+#!/bin/bash
+
+source _variables.sh
+
+yum -y install glibc-static sg3_utils
+
+pushd /usr/bin
+    if [ ! -f rescan-scsi-bus.sh ]
+    then
+      ln -s rescan-scsi-bus rescan-scsi-bus.sh
+    fi
+popd
+
+pushd /tmp
+	yum -y install git rpm-build rpmdevtools gcc glibc-static make
+	git clone https://github.com/imeyer/runit-rpm.git
+	cd runit-rpm
+	./build.sh
+	rpm -i ~/rpmbuild/RPMS/*/*.rpm
+popd

data/templates/centos/sudo.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+
+cp /etc/sudoers /etc/sudoers.orig
+sed -i -e '/Defaults\s\+env_reset/a Defaults\texempt_group=admin' /etc/sudoers
+sed -i -e 's/%admin ALL=(ALL) ALL/%admin ALL=NOPASSWD:ALL/g' /etc/sudoers
+cp -p /etc/sudoers /etc/sudoers.save
+echo '#includedir /etc/sudoers.d' >> /etc/sudoers
+visudo -c
+if [ $? -ne 0 ]; then
+  echo "ERROR: bad sudoers file"
+  exit 1
+fi
+rm /etc/sudoers.save

data/templates/centos/timestamp.sh

@@ -0,0 +1,15 @@
+#!/bin/bash
+
+set -x
+
+source _variables.sh
+
+# Turn on NTP service
+chkconfig ntpd on
+# Synchronize time with pool.ntp.org
+ntpdate pool.ntp.org
+# Start the NTP service
+/etc/init.d/ntpd start
+
+# save build time
+date > /etc/box_build_time

data/templates/centos/vmware-tools.sh

@@ -0,0 +1,17 @@
+#!/bin/bash
+
+### stage system_open_vm_tools
+source _variables.sh
+
+cat > /etc/yum.repos.d/vmware-tools.repo << EOM
+[vmware-tools]
+name=VMware Tools
+baseurl=http://packages.vmware.com/tools/esx/5.0/rhel6/x86_64
+enabled=1
+gpgcheck=1
+EOM
+
+rpm --import http://packages.vmware.com/tools/keys/VMWARE-PACKAGING-GPG-DSA-KEY.pub
+rpm --import http://packages.vmware.com/tools/keys/VMWARE-PACKAGING-GPG-RSA-KEY.pub
+
+yum -y install vmware-tools-esx-kmods-`uname -r` vmware-tools-esx

data/templates/centos/zerodisk.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+
+set -x
+
+source _variables.sh
+
+# Zero out the free space to save space in the final image:
+dd if=/dev/zero of=/EMPTY bs=1M
+rm -f /EMPTY

data/templates/noop/erbtest.txt.erb

@@ -0,0 +1 @@
+<%= @name %>

data/templates/noop/test.txt

@@ -0,0 +1 @@
+## This is a test ##

data/templates/redhat/_60-bosh-sysctl.conf

@@ -0,0 +1,5 @@
+# Copyright (c) 2009-2012 VMware, Inc.
+
+# Setup rp_filter in loose mode
+net.ipv4.conf.default.rp_filter=2
+net.ipv4.conf.all.rp_filter=2

data/templates/redhat/_empty_state.yml

@@ -0,0 +1,9 @@
+deployment: ""
+job: ""
+index: ""
+networks: {}
+resource_pool: {}
+packages: {}
+persistent_disk: {}
+configuration_hash: {}
+properties: {}

data/templates/redhat/_monitrc

@@ -0,0 +1,8 @@
+set daemon 10
+set logfile /var/vcap/monit/monit.log
+
+set httpd port 2822 and use address 127.0.0.1
+  allow cleartext /var/vcap/monit/monit.user
+
+include /var/vcap/monit/*.monitrc
+include /var/vcap/monit/job/*.monitrc

data/templates/redhat/_ntpdate

@@ -0,0 +1,10 @@
+#!/bin/sh
+#
+# Copyright (c) 2009-2012 VMware, Inc.
+
+BOSH=/var/vcap/bosh
+NTP_SERVER_FILE=$BOSH/etc/ntpserver
+if [ -f $NTP_SERVER_FILE ]; then
+	NTP_SERVER=`cat $NTP_SERVER_FILE`
+	/usr/sbin/ntpdate $NTP_SERVER > $BOSH/log/ntpdate.out 2>&1
+fi

data/templates/redhat/_runonce

@@ -0,0 +1,46 @@
+#!/bin/bash
+
+if [[ $# -eq 0 ]]; then
+    echo "Schedules a command to be run after the next reboot."
+    echo "Usage: $(basename $0) <command>"
+    echo "       $(basename $0) -p <path> <command>"
+    echo "       $(basename $0) -r <command>"
+else
+    REMOVE=0
+    COMMAND=${!#}
+    SCRIPTPATH=$PATH
+
+    while getopts ":r:p:" optionName; do
+        case "$optionName" in
+            r) REMOVE=1; COMMAND=$OPTARG;;
+            p) SCRIPTPATH=$OPTARG;;
+        esac
+    done
+
+    SCRIPT="${HOME}/.$(basename $0)_$(echo $COMMAND | sed 's/[^a-zA-Z0-9_]/_/g')"
+
+    if [[ ! -f $SCRIPT ]]; then
+        echo "PATH=$SCRIPTPATH" >> $SCRIPT
+        echo "cd $(pwd)"        >> $SCRIPT
+        echo "logger -t $(basename $0) -p local3.info \"COMMAND=$COMMAND ; USER=\$(whoami) ($(logname)) ; PWD=$(pwd) ; PATH=\$PATH\"" >> $SCRIPT
+        echo "$COMMAND | logger -t $(basename $0) -p local3.info" >> $SCRIPT
+        echo "$0 -r \"$(echo $COMMAND | sed 's/\"/\\\"/g')\""     >> $SCRIPT
+        chmod +x $SCRIPT
+    fi
+
+    CRONTAB="${HOME}/.$(basename $0)_temp_crontab_$RANDOM"
+    ENTRY="@reboot $SCRIPT"
+
+    echo "$(crontab -l 2>/dev/null)" | grep -v "$ENTRY" | grep -v "^# DO NOT EDIT THIS FILE - edit the master and reinstall.$" | grep -v "^# ([^ ]* installed on [^)]*)$" | grep -v "^# (Cron version [^$]*\$[^$]*\$)$" > $CRONTAB
+
+    if [[ $REMOVE -eq 0 ]]; then
+        echo "$ENTRY" >> $CRONTAB
+    fi
+
+    crontab $CRONTAB
+    rm $CRONTAB
+
+    if [[ $REMOVE -ne 0 ]]; then
+        rm $SCRIPT
+    fi
+fi

data/templates/redhat/_sysstat

@@ -0,0 +1,18 @@
+#
+# Default settings for /etc/init.d/sysstat, /etc/cron.d/sysstat
+# and /etc/cron.daily/sysstat files
+#
+
+# Should sadc collect system activity informations? Valid values
+# are "true" and "false". Please do not put other values, they
+# will be overwritten by debconf!
+ENABLED="true"
+
+# Additional options passed to sa1 by /etc/init.d/sysstat
+# and /etc/cron.d/sysstat
+# By default contains the `-S DISK' option responsible for
+# generating disk statisitcs.
+SA1_OPTIONS="-S DISK"
+
+# Additional options passed to sa2 by /etc/cron.daily/sysstat.
+SA2_OPTIONS=""

data/templates/redhat/_variables.sh.erb

@@ -0,0 +1,31 @@
+#!/bin/bash
+
+bosh_app_dir=/var/vcap
+bosh_dir=$bosh_app_dir/bosh
+bosh_users_password="c1owdc0w"
+infrastructure="vsphere"
+SRC_DIR=`pwd`
+
+if [ ! -d "$bosh_dir" ]; then
+	# create bosh_dir and add to path
+	mkdir -p $bosh_dir
+	echo "PATH=$PATH:$bosh_dir/bin
+export PATH
+" >> /etc/profile
+
+	echo "PATH=$PATH:$bosh_dir/bin
+export PATH
+" >> /root/.bash_profile
+
+	export PATH=$PATH:$bosh_dir/bin
+fi
+
+<% if ENV['HTTP_PROXY'] || ENV['http_proxy'] %>
+export HTTP_PROXY=<%= ENV['HTTP_PROXY'] || ENV['http_proxy'] %>
+export http_proxy=<%= ENV['HTTP_PROXY'] || ENV['http_proxy'] %>
+<% end %>
+
+<% if ENV['HTTPS_PROXY'] || ENV['https_proxy'] %>
+export HTTPS_PROXY=<%= ENV['HTTPS_PROXY'] || ENV['https_proxy'] %>
+export https_proxy=<%= ENV['HTTPS_PROXY'] || ENV['https_proxy'] %>
+<% end %>

data/templates/redhat/base.sh

@@ -0,0 +1,41 @@
+#!/bin/bash
+
+set -x
+
+source _variables.sh
+echo -n $infrastructure > /etc/infrastructure
+
+cat > /etc/yum.repos.d/puppetlabs.repo << EOM
+[puppetlabs]
+name=puppetlabs
+baseurl=http://yum.puppetlabs.com/el/6/products/\$basearch
+enabled=0
+gpgcheck=0
+EOM
+ 
+cat > /etc/yum.repos.d/epel.repo << EOM
+[epel]
+name=epel
+baseurl=http://download.fedoraproject.org/pub/epel/6/\$basearch
+enabled=0
+gpgcheck=0
+EOM
+ 
+cat > /etc/yum.repos.d/cfengine.repo << EOM
+[cfengine]
+name=cfengine
+baseurl=http://cfengine.com/pub/yum/
+enabled=0
+gpgcheck=0
+EOM
+
+rpm -U --nosignature http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
+
+# Base install
+sed -i "s/^.*requiretty/#Defaults requiretty/" /etc/sudoers
+
+#yum -y groupinstall "Development Tools"
+yum -y install sudo gcc make gcc-c++ kernel-devel-`uname -r` zlib-devel openssl-devel \
+readline-devel sqlite-devel perl wget dkms curl ntp crontabs sysstat pam-devel eject dash
+yum -y install libxslt-devel libyaml-devel libxml2-devel gdbm-devel libffi-devel zlib-devel \
+openssl-devel libyaml-devel readline-devel curl-devel openssl-devel pcre-devel git postgresql-devel

data/templates/redhat/bosh_agent.sh

@@ -0,0 +1,37 @@
+#!/bin/bash
+
+source _variables.sh
+
+mkdir -p /tmp/bosh_agent
+
+pushd /tmp/bosh_agent
+    cp $SRC_DIR/_bosh_agent.tar /tmp/bosh_agent
+    tar xmvf _bosh_agent.tar
+    $bosh_dir/bin/gem install *.gem --force --no-ri --no-rdoc
+    chmod +x $bosh_dir/agent/bin/bosh_agent
+
+    # configure bosh agent
+    mkdir -p /etc/sv/agent/log
+    mkdir -p /var/vcap/bosh/log
+
+    echo '#!/bin/bash
+    export PATH=/var/vcap/bosh/bin:$PATH
+    exec 2>&1
+    exec /var/vcap/bosh/bin/bosh_agent --configure --infrastructure=`cat /etc/infrastructure`  --platform=rhel
+    ' > /etc/sv/agent/run
+
+    echo '#!/bin/bash
+    svlogd -tt /var/vcap/bosh/log
+    ' > /etc/sv/agent/log/run
+
+    # runit
+    chmod +x /etc/sv/agent/run /etc/sv/agent/log/run
+
+    ln -s /etc/sv/agent /etc/service
+
+    cp $SRC_DIR/_empty_state.yml $bosh_dir/state.yml
+
+    # The bosh agent installs a config that rotates on size
+    mv /etc/cron.daily/logrotate /etc/cron.hourly/logrotate
+
+popd

data/templates/redhat/cleanup.sh

@@ -0,0 +1,30 @@
+#!/bin/bash
+
+set -x
+
+source _variables.sh
+
+yum -y erase gtk2 libX11 hicolor-icon-theme avahi freetype bitstream-vera-fonts
+yum -y clean all
+
+# Cleanup network
+sed -i -e 's/^\(HWADDR=.*\)$//g' /etc/sysconfig/network-scripts/ifcfg-eth*
+rm /etc/udev/rules.d/70-persistent-net.rules
+
+# Clean out all the scripts
+rm -f *.iso *.gem *.tar *.tgz
+
+sed -i -e 's/^\(timeout=.*\)$/timeout=0/g' /boot/grub/menu.lst
+sed -i -e 's/^\(timeout=.*\)$/timeout=0/g' /boot/grub/grub.conf
+
+# Clean out ssh host keys
+# install runonce
+mkdir -p /etc/local/runonce.d/ran
+cp $SRC_DIR/_runonce /usr/local/bin/runonce
+chmod +x /usr/local/bin/runonce
+
+# Do some firstboot clean up
+# Regenerate ssh keys
+/usr/local/bin/runonce "rm -f /etc/ssh/ssh_host_*"
+/usr/local/bin/runonce ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
+/usr/local/bin/runonce ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''

data/templates/redhat/definition.rb.erb

@@ -0,0 +1,38 @@
+Veewee::Session.declare({
+                                :cpu_count => '1', :memory_size=> '512',
+                                :disk_size => '102400', :disk_format => 'VDI', :hostiocache => 'off', :use_sata => false,
+                                :os_type_id => 'RedHat_64',
+                                :iso_file => "<%= @iso_filename %>", :iso_src => "<%= @iso %>", :iso_md5 => "<%= @iso_md5 %>",
+                                :iso_download_timeout => 5000,
+                                :boot_wait => "5", :boot_cmd_sequence => ['<Tab> text ks=http://%IP%:%PORT%/ks.cfg<Enter>'],
+                                :kickstart_port => "7122", :kickstart_timeout => 10000, :kickstart_file => "ks.cfg",
+                                :ssh_login_timeout => "10000", :ssh_user => "vcap", :ssh_password => "c1oudc0w", :ssh_key => "",
+                                :ssh_host_port => "<%= @ssh_port %>", :ssh_guest_port => "22",
+                                :sudo_cmd => "echo '%p'|sudo -S /bin/bash '%f'", :shutdown_cmd => "/sbin/halt -h -p",
+                                :postinstall_files => [
+                                        "_60-bosh-sysctl.conf",
+                                        "_monitrc",
+                                        "_ntpdate",
+                                        "_sysstat",
+                                        "_empty_state.yml",
+                                        "_variables.sh",
+                                        "_monitrc",
+                                        "_runonce",
+                                        "_bosh_agent.tar",
+
+                                        "rhnreg.sh",
+                                        "base.sh",
+                                        "timestamp.sh",
+                                        "sudo.sh",
+                                        "setup-bosh.sh",
+                                        "monit.sh",
+                                        "ruby.sh",
+                                        "bosh_agent.sh",
+                                        "vmware-tools.sh",
+                                        "harden.sh",
+                                        "postinstall.sh",
+                                        "zerodisk.sh",
+                                        "cleanup.sh"
+                                ],
+                                :postinstall_timeout => 10000
+                        })

data/templates/redhat/harden.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+
+### stage bosh_harden
+# remove setuid binaries - except su/sudo (sudoedit is hardlinked)
+find / -xdev -perm +6000 -a -type f \
+  -a -not \( -name sudo -o -name su -o -name sudoedit \) \
+  -exec chmod ug-s {} \;
+

data/templates/redhat/ks.cfg

@@ -0,0 +1,86 @@
+install
+cdrom
+#Use the command line interface (instead of GUI or text mode)
+cmdline
+#interactive
+
+network --bootproto=dhcp
+
+#Ignore all disks except /dev/sda
+ignoredisk --only-use=sda
+
+#Any invalid partition tables found on disks are initialized
+zerombr
+
+#Remove all paritions
+clearpart --all --initlabel --drives=sda
+
+#Create partition structure
+autopart
+
+#Install GRUB
+bootloader --location=mbr
+
+#Authconfig
+authconfig --enableshadow --passalgo=sha512
+auth --useshadow  --enablemd5
+
+#The root password
+rootpw c1oudc0w
+
+#Disable iptables
+firewall --disable
+
+#Disable selinux
+selinux --disabled
+
+#Don't run firstboot
+firstboot --disable
+
+#Do not configure X
+skipx
+
+#Set the keyboard layout
+keyboard us
+
+#Set the language
+lang en_US.utf8
+
+#Set the timezone
+timezone UTC
+
+#Reboot
+reboot
+
+##### Begin packages section
+%packages --ignoremissing
+# Base System:
+@Core
+@Base
+
+#Other packages we want
+ntp
+gcc
+strace
+kernel-devel
+libacl
+libacl.i686
+lsof
+lsscsi
+glibc.i686
+iotop
+nc
+sudo
+# packages to exclude
+-ipw2100-firmware
+-ipw2200-firmware
+-ivtv-firmware
+
+%post
+/usr/sbin/groupadd vcap
+/usr/sbin/groupadd admin
+/usr/sbin/useradd vcap -g vcap -G wheel
+echo "c1oudc0w" | passwd --stdin vcap
+echo "vcap        ALL=(ALL)       NOPASSWD: ALL" >> /etc/sudoers.d/vcap
+chmod 0440 /etc/sudoers.d/vcap
+%end