DTK's questions -server

DTK

Asked: 2014-10-06 09:06:50 +0800 CST

Prepping a virtual appliance

Before converting a running virtual machine to an OVA (redistributable virtual appliance), what does one need to do to ensure it is in a ready state so the instances of the OVA don't bring along unnecessary or potentially disruptive cruft from the build process? This is what I have so far. Am I missing anything? If this has already been answer or there is a Best Common Practices document, I'd appreciate a pointer in the right direction. Thanks.


#################################
##
## Get all packages up2date and 
## clean out any cruft in the 
## local packages
##
#################################
yum -y update ;
yum clean all ;


#################################
##
## Get rid of the signs I was 
## tinkering with this
##
#################################
[[ -a /etc/issue-original,v ]] && unlink /etc/issue-original,v ;
[[ -a /etc/issue,v ]] && unlink /etc/issue,v ;
ci -u /etc/issue ;



#################################
##
## Remove the host-keys to they
## will be regenerated when the
## new VM is spun-up
##
## Also make sure I remove any 
## personal keys I may have been
## using while setting up
##
#################################
find /etc/ssh/*host* |xargs unlink ;
find /root/.ssh/ -type f |xargs unlink ;
find /home/*/.ssh/ -type f |xargs unlink ;



#################################
##
## Get rid of the use of UUID in 
## FSTAB and any NIC configuration
## so the new VM can find then when
## the UUIDs are regenerated 
##
## Since we use LVM, only the /boot
## slice is a direct slice reference
## the rest are logical volumes
##
#################################
sed -i -e 's/UUID=[0-9a-f-]*\s/\/dev\/sda1\t/' /etc/fstab ;
sed -i -e '/^UUID=[0-9a-f-]*.*/d' /etc/sysconfig/network-scripts/ifcfg-eno* ;
sed -i -e '/^UUID=[0-9A-F-]*.*/d' /etc/sysconfig/network-scripts/ifcfg-eno* ;
find /etc/udev/rules.d/ -iname '70*net*' |xargs unlink ;


#################################
##
## Let the NTP daemon know to 
## expect a big jump in time, so 
## he doesn't freak out. Also let
## him know that if the walls melt,
## it is the acid, speaking and 
## he'll be alright
##
#################################
[[ -a /etc/ntp.conf ]] && \
  [[ "$(head -1 /etc/ntp.conf)" == "tinker panic 0" ]] || \
  sed -i -e '1itinker panic 0\n' /etc/ntp.conf ;



#################################
##
## Trunate the command-histories
## because the learning-process
## can contain some embarrassing
## mistakes, some of which are 
## also bad opsec
##
#################################
>/root/.bash_history ;
>/home/*/.bash_history ;
>/root/anaconda-ks.cfg ;



#################################
##
## Lastly, instruct the OS to redo
## the initial setup and put back
## that new-machine-smell
##
#################################
sys-unconfig ;

DTK

Asked: 2014-09-29 07:44:49 +0800 CST

CentOS 7: Getting interface IP numbers

I am trying to autopopulate the /etc/issue in a CentOS 7 image (this will be a template, and it needs to be easy to identify the resultant VMs at a glance).

I have the following in my /sbin/ifup-local:

#!/bin/bash

cd /etc ;
unlink ./issue ;

sleep 1 ;

issue_original="$(cat ./issue-original)" ;
show_ip="$(ip addr show |awk '$1=="inet" && $2 !~ /^127/ {print "\t"$2}')" ;

co -l ./issue ;
echo -e "${issue_original}\n\n\tCurrent IP Numbers:\n\t===================\n${show_ip}\n" >./issue ;
ci -m -u ./issue ;

The /etc/issue-original looks like:


Logging into:

        Node: \\n
        Running: \\S

When I run the script by hand (sudo /sbin/ifup-local ; cat /etc/issue), it populates the /etc/issue correctly. When this is run automatically (such as when it is a result of sudo service network restart ; cat /etc/issue), the file-template and static text are there, but the IP numbers are empty (not even empty lines).

Am I misunderstanding the order of execution (is ifup-local executed before the IP numbers are assigned)? It looks like this is at the very end of the /etc/sysconfig/network-scripts/ifup-post, so I would assume it is after DHCP client has set the interfaces.

Is there a delay between when the interface IP numbers are set and when the "ip" command knows about them? The "sleep" statement is in there because I thought it might be the case.

Any pointers in the right direction are greatly appreciated.

Happy Sunday!

==========================

Edit:

Here is what I saw in /etc/issue after restarting the network service.

[david@localhost ~]$ sudo service network restart
Restarting network (via systemctl):                        [  OK  ]
[david@localhost ~]$ cat /etc/issue

Logging into:

        Node: \n
        Running: \S

        Current IP Numbers:
        ===================


[david@localhost ~]$

Additionally, I have instrumented the script with copious debugging messages, to find where things are and are not working. Here is what was logged on the last run (I truncated the log before the run, to remove extraneous information).

[david@localhost conf.d]$ clear
[david@localhost conf.d]$ >/tmp/ifup-local.log
[david@localhost conf.d]$ tail -f /tmp/ifup-local.log

--------------------------------------------------

2014-10-01 18:50:0808   DEBUG:  PATH: /usr/sbin/:/usr/bin/:/sbin:/usr/sbin:/bin:/usr/bin

2014-10-01 18:50:0808   DEBUG:  PWD: /etc

2014-10-01 18:50:0808   DEBUG:  issue file exists

2014-10-01 18:50:0808   DEBUG:  Removing old issue file

2014-10-01 18:50:0808   DEBUG:  issue_original:
 Logging into: Node: \n Running: \S

2014-10-01 18:50:0808   DEBUG:  about to check the IP numbers

2014-10-01 18:50:0808   DEBUG:  0

2014-10-01 18:50:0909   DEBUG:  show_ip:


2014-10-01 18:50:0909   DEBUG:  checking out issue file to lock it

2014-10-01 18:50:0909   DEBUG:  new_issue:
 Logging into: Node: \n Running: \S

        Current IP Numbers:
        ===================



2014-10-01 18:50:0909   DEBUG:  issue file exists

2014-10-01 18:50:0909   DEBUG:  checked back in issue file


--------------------------------------------------

2014-10-01 18:50:0909   DEBUG:  PATH: /usr/sbin/:/usr/bin/:/sbin:/usr/sbin:/bin:/usr/bin

2014-10-01 18:50:0909   DEBUG:  PWD: /etc

2014-10-01 18:50:0909   DEBUG:  issue file exists

2014-10-01 18:50:0909   DEBUG:  Removing old issue file

2014-10-01 18:50:0909   DEBUG:  issue_original:
 Logging into: Node: \n Running: \S

2014-10-01 18:50:0909   DEBUG:  about to check the IP numbers

2014-10-01 18:50:0909   DEBUG:  0

2014-10-01 18:50:0909   DEBUG:  show_ip:


2014-10-01 18:50:0909   DEBUG:  checking out issue file to lock it

2014-10-01 18:50:0909   DEBUG:  new_issue:
 Logging into: Node: \n Running: \S

        Current IP Numbers:
        ===================



2014-10-01 18:50:0909   DEBUG:  issue file exists

2014-10-01 18:50:0909   DEBUG:  checked back in issue file

Here is the revised script, with all of the debugging messages:

#!/bin/bash

function write-debug() {
        msg="$(date +'%Y-%m-%d %H:%M:%S%S')\tDEBUG:\t$1\n" ;
        echo -e ${msg}  >>${LOGFILE} ;
}


################################################
################################################

set -x ;

export LOGFILE='/tmp/ifup-local.log' ;
export PATH="/usr/sbin/:/usr/bin/:${PATH}" ;

echo -e "\n--------------------------------------------------\n" >>${LOGFILE} ;
write-debug "PATH: ${PATH}" ;

cd /etc ;

write-debug "PWD: $(pwd)" ;
[[ -a ./issue ]] && write-debug "issue file exists" || write-debug "no existing issue file" ;
write-debug "Removing old issue file" ;

[[ -a ./issue ]] && unlink ./issue || write-debug "no issue file to remove" ;

issue_original="$(cat ./issue-original)" ;
write-debug "issue_original:\n${issue_original}" ;

write-debug "about to check the IP numbers" ;
show_ip="$(ip addr show |awk '$1=="inet" && $2 !~ /^127/ {print "\t"$2}')" ;
#show_ip="$(ip addr show |fgrep 'inet ')" ;
write-debug $? ;
write-debug "show_ip:\n ${show_ip}" ;

write-debug "checking out issue file to lock it" ;

[[ -a ./issue ]] && write-debug "issue file exists" || "no existing issue file" ;
co -l ./issue ;
export new_issue="${issue_original}\n\n\tCurrent IP Numbers:\n\t===================\n${show_ip}\n" ;
write-debug "new_issue:\n${new_issue}" ;
echo -e "${new_issue}" >./issue ;

[[ -a ./issue ]] && write-debug "issue file exists" || "no existing issue file" ;

ci -m -u ./issue ;

write-debug "checked back in issue file" ;

Prepping a virtual appliance

CentOS 7: Getting interface IP numbers

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?