Added ins.usr (cvm -> vhost migration, Fedora 31 upgrade).

diff --git a/sources/ins.usr/config b/sources/ins.usr/config
new file mode 100644 (file)
index 0000000..90542e8
--- /dev/null
+++ b/sources/ins.usr/config
@@ -0,0 +1,22 @@
+lxc.include = /usr/share/lxc/config/common.conf
+
+lxc.arch = x86_64
+lxc.uts.name = ins.usr.user.hu
+lxc.rootfs.path = __CONTAINER_PATH__/rootfs
+lxc.mount.auto = proc:rw sys:ro
+
+lxc.net.0.type = veth
+lxc.net.0.flags = up
+lxc.net.0.link = bri-dev
+lxc.net.0.hwaddr = 02:0c:18:03:6d:68
+
+lxc.cgroup.devices.allow =
+lxc.cgroup.devices.deny =
+
+lxc.autodev = 1
+
+lxc.signal.halt = SIGRTMIN+4
+
+lxc.start.auto = 1
+lxc.start.order = 22
+lxc.start.delay = 3

diff --git a/sources/ins.usr/envvars b/sources/ins.usr/envvars
new file mode 100644 (file)
index 0000000..c48ba9b
--- /dev/null
+++ b/sources/ins.usr/envvars
@@ -0,0 +1,4 @@
+DISTRIBUTION=Fedora
+DISTRIBUTION_VERSION=31
+BASE_PACKAGES="NetworkManager hostname initscripts iproute iputils logrotate rootfiles rsyslog tar vim-minimal"
+SPEC_PACKAGES="bind bind-utils"

diff --git a/sources/ins.usr/firstboot/01_setupnetworking.sh b/sources/ins.usr/firstboot/01_setupnetworking.sh
new file mode 100755 (executable)
index 0000000..2e1d525
--- /dev/null
+++ b/sources/ins.usr/firstboot/01_setupnetworking.sh
@@ -0,0 +1,55 @@
+#!/bin/sh
+
+
+sleep 1
+systemctl --quiet is-active NetworkManager.service
+NM_RC=$?
+WAITED=0
+while [ $NM_RC -ne 0 ]
+do
+    echo -n .
+    sleep 1
+    WAITED=1
+    systemctl --quiet is-active NetworkManager.service
+    NM_RC=$?
+done
+[ $WAITED -eq 1 ] && echo
+
+CONNECTIONS=$(nmcli --terse connection show | wc -l)
+while [ $CONNECTIONS -ne 1 ]
+do
+    echo "Number of connections: $CONNECTIONS" >&2
+    sleep 1
+    CONNECTIONS=$(nmcli --terse connection show | wc -l)
+done
+
+nmcli --terse connection show | grep ':$' >/dev/null
+ALL_CONNECTION_DEVICES_KNOWN=$?
+while [ $ALL_CONNECTION_DEVICES_KNOWN -eq 0 ]
+do
+    echo "Not all connection devices are known yet" >&2
+    sleep 1
+    nmcli --terse connection show | grep ':$' >/dev/null
+    ALL_CONNECTION_DEVICES_KNOWN=$?
+done
+
+CONNECTION_LINE=$(nmcli --terse connection show)
+CONNECTION_UUID=$(echo $CONNECTION_LINE | cut -f 2 -d ':')
+CONNECTION_DEVICE=$(echo $CONNECTION_LINE | cut -f 4 -d ':')
+
+nmcli connection delete uuid "$CONNECTION_UUID"
+
+nmcli connection add \
+    connection.autoconnect yes \
+    connection.id internal \
+    connection.interface-name $CONNECTION_DEVICE \
+    connection.type 802-3-ethernet \
+    ipv4.addresses "10.228.109.104/16" \
+    ipv4.dns "10.228.109.253, 10.228.109.104" \
+    ipv4.dns-search "usr.user.hu" \
+    ipv4.gateway "10.228.109.254" \
+    ipv4.method "manual" \
+    ipv6.method "ignore" \
+    save yes
+
+nmcli connection show

diff --git a/sources/ins.usr/firstboot/02_settimezone.sh b/sources/ins.usr/firstboot/02_settimezone.sh
new file mode 100755 (executable)
index 0000000..20b2a71
--- /dev/null
+++ b/sources/ins.usr/firstboot/02_settimezone.sh
@@ -0,0 +1,21 @@
+#!/bin/sh
+
+
+sleep 1
+systemctl --quiet is-active dbus.service
+DBUS_RC=$?
+WAITED=0
+while [ $DBUS_RC -ne 0 ]
+do
+    if [ $WAITED -eq 0 ]
+    then
+        echo -n "Waiting for dbus.service"
+    fi
+    echo -n .
+    sleep 1
+    WAITED=1
+    systemctl --quiet is-active dbus.service
+    DBUS_RC=$?
+done
+[ $WAITED -ne 0 ] && echo
+timedatectl set-timezone Europe/Budapest

diff --git a/sources/ins.usr/firstboot/03_setupldap.sh b/sources/ins.usr/firstboot/03_setupldap.sh
new file mode 100755 (executable)
index 0000000..4b58626
--- /dev/null
+++ b/sources/ins.usr/firstboot/03_setupldap.sh
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+
+exit 0
+authselect select sssd with-mkhomedir --force
+
+cat >>/etc/openldap/ldap.conf <<EOF
+BASE dc=user,dc=hu
+URI ldap://ldap.usr.user.hu
+EOF

diff --git a/sources/ins.usr/firstboot/99_cleanup.sh b/sources/ins.usr/firstboot/99_cleanup.sh
new file mode 100755 (executable)
index 0000000..b87f2f4
--- /dev/null
+++ b/sources/ins.usr/firstboot/99_cleanup.sh
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+
+REAL_PATH=$(dirname $(realpath $0))
+
+echo rm -Rf $REAL_PATH

diff --git a/sources/ins.usr/postinstall/01_setownership.sh b/sources/ins.usr/postinstall/01_setownership.sh
new file mode 100755 (executable)
index 0000000..224e4d8
--- /dev/null
+++ b/sources/ins.usr/postinstall/01_setownership.sh
@@ -0,0 +1,9 @@
+#!/bin/sh
+
+
+REAL_PATH=$(dirname $(realpath $0))
+SOURCE_PATH=$REAL_PATH/install
+
+chown -R root.root $SOURCE_PATH/*
+
+chgrp named $SOURCE_PATH/etc/named.*

diff --git a/sources/ins.usr/postinstall/02_setpermissions.sh b/sources/ins.usr/postinstall/02_setpermissions.sh
new file mode 100755 (executable)
index 0000000..68ca2bc
--- /dev/null
+++ b/sources/ins.usr/postinstall/02_setpermissions.sh
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+
+REAL_PATH=$(dirname $(realpath $0))
+SOURCE_PATH=$REAL_PATH/install
+
+chmod 640 $SOURCE_PATH/etc/named.*

diff --git a/sources/ins.usr/postinstall/03_installfiles.sh b/sources/ins.usr/postinstall/03_installfiles.sh
new file mode 100755 (executable)
index 0000000..f190caf
--- /dev/null
+++ b/sources/ins.usr/postinstall/03_installfiles.sh
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+
+REAL_PATH=$(dirname $(realpath $0))
+
+tar --create \
+    --directory=$REAL_PATH \
+    --to-stdout \
+    install \
+    | tar --extract \
+          --backup \
+          --directory=/ \
+          --no-overwrite-dir \
+          --strip-components=1 \
+          --suffix=.orig

diff --git a/sources/ins.usr/postinstall/10_setupservices.sh b/sources/ins.usr/postinstall/10_setupservices.sh
new file mode 100755 (executable)
index 0000000..47869ee
--- /dev/null
+++ b/sources/ins.usr/postinstall/10_setupservices.sh
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+
+systemctl enable named.service
+systemctl enable NetworkManager-wait-online.service

diff --git a/sources/ins.usr/postinstall/99_cleanup.sh b/sources/ins.usr/postinstall/99_cleanup.sh
new file mode 100755 (executable)
index 0000000..b87f2f4
--- /dev/null
+++ b/sources/ins.usr/postinstall/99_cleanup.sh
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+
+REAL_PATH=$(dirname $(realpath $0))
+
+echo rm -Rf $REAL_PATH

diff --git a/sources/ins.usr/postinstall/install/etc/hosts b/sources/ins.usr/postinstall/install/etc/hosts
new file mode 100644 (file)
index 0000000..8e00814
--- /dev/null
+++ b/sources/ins.usr/postinstall/install/etc/hosts
@@ -0,0 +1,4 @@
+127.0.0.1      localhost.localdomain localhost localhost4.localdomain4 localhost4
+::1            localhost6.localdomain6 localhost6
+
+10.228.109.104 ins.usr.user.hu ins

diff --git a/sources/ins.usr/postinstall/install/etc/named.conf b/sources/ins.usr/postinstall/install/etc/named.conf
new file mode 100644 (file)
index 0000000..204d064
--- /dev/null
+++ b/sources/ins.usr/postinstall/install/etc/named.conf
@@ -0,0 +1,190 @@
+//
+// named.conf
+//
+
+options {
+       directory               "/var/named";
+       dump-file               "data/cache_dump.db";
+       statistics-file         "data/named_stats.txt";
+       memstatistics-file      "data/named_mem_stats.txt";
+
+       listen-on       port 53 { any; };
+       listen-on-v6    port 53 { any; };
+
+       allow-query             { none; };
+       allow-query-cache       { none; };
+       allow-recursion         { none; };
+
+       recursion       no;
+
+       dnssec-enable           yes;
+       dnssec-validation       no;
+};
+
+logging {
+        channel default_debug {
+                file "data/named.run" versions 3 size 5m;
+                severity dynamic;
+               print-category yes;
+               print-severity yes;
+               print-time yes;
+        };
+       channel client_channel {
+               file "data/client.log" versions 3 size 1m;
+               severity info;
+               print-category yes;
+               print-severity yes;
+               print-time yes;
+       };
+       channel lame-servers_channel {
+               file "data/lame-servers.log" versions 3 size 1m;
+               severity info;
+               print-category yes;
+               print-severity yes;
+               print-time yes;
+       };
+       channel notify_channel {
+               file "data/notify.log" versions 3 size 1m;
+               severity info;
+               print-category yes;
+               print-severity yes;
+               print-time yes;
+       };
+       channel queries_channel {
+               file "data/queries.log" versions 3 size 5m;
+               severity info;
+               print-category yes;
+               print-severity yes;
+               print-time yes;
+       };
+       channel security_channel {
+               file "data/security.log" versions 3 size 1m;
+               severity info;
+               print-category yes;
+               print-severity yes;
+               print-time yes;
+       };
+       channel xfer-in_channel {
+               file "data/xfer-in.log" versions 3 size 1m;
+               severity info;
+               print-category yes;
+               print-severity yes;
+               print-time yes;
+       };
+       channel xfer-out_channel {
+               file "data/xfer-out.log" versions 3 size 1m;
+               severity info;
+               print-category yes;
+               print-severity yes;
+               print-time yes;
+       };
+       category default {
+               default_syslog;
+               default_debug;
+       };
+       category client {
+               client_channel;
+       };
+       category lame-servers {
+               lame-servers_channel;
+       };
+       category notify {
+               notify_channel;
+       };
+       category queries {
+               queries_channel;
+       };
+       category security {
+               security_channel;
+       };
+       category xfer-in {
+               xfer-in_channel;
+       };
+       category xfer-out {
+               xfer-out_channel;
+       };
+};
+
+key "primary_ns-internal_ns" {
+       algorithm hmac-sha256;
+       secret "fjQyVn7bfGnbbBTgm7CgJSVOttSm9ji7WlVGVgV02Qo=";
+};
+
+acl internal_networks  { 10.228.0.0/16; 192.168.42.0/24; 192.168.43.0/24; };
+acl vpn_client_network { 172.16.223.0/24; };
+acl primary_ns_key_acl { key "primary_ns-internal_ns"; };
+
+masters primary_ns_master      { 10.228.109.174 key "primary_ns-internal_ns"; };
+
+server 10.228.109.174          { keys { "primary_ns-internal_ns"; }; };
+
+view "internal" {
+       match-clients           { internal_networks; vpn_client_network; localhost; };
+
+       recursion               yes;
+
+       allow-query             { internal_networks; vpn_client_network; localhost; };
+       allow-query-cache       { internal_networks; vpn_client_network; localhost; };
+       allow-recursion         { internal_networks; vpn_client_network; localhost; };
+
+       allow-notify            { primary_ns_key_acl; };
+       notify                  no;
+
+    include "/etc/named.rfc1912.zones";
+
+    # internal zones
+    zone "in.user.hu" IN {
+        type slave;
+        masters { primary_ns_master; };
+        file "slaves/in.user.hu.zone";
+    };
+    zone "43.168.192.in-addr.arpa" IN {
+        type slave;
+        masters { primary_ns_master; };
+        file "slaves/43.168.192.in-addr.arpa.zone";
+    };
+    zone "sr.user.hu" IN {
+        type slave;
+        masters { primary_ns_master; };
+        file "slaves/sr.user.hu.zone";
+    };
+    zone "42.168.192.in-addr.arpa" IN {
+        type slave;
+        masters { primary_ns_master; };
+        file "slaves/42.168.192.in-addr.arpa.zone";
+    };
+    zone "usr.user.hu" IN {
+        type slave;
+        masters { primary_ns_master; };
+        file "slaves/usr.user.hu.zone";
+    };
+    zone "228.10.in-addr.arpa" IN {
+        type slave;
+        masters { primary_ns_master; };
+        file "slaves/228.10.in-addr.arpa.zone";
+    };
+
+    # perimeter zones
+    zone "pm.user.hu" IN {
+        type slave;
+        masters { primary_ns_master; };
+        file "slaves/pm.user.hu.zone";
+    };
+    zone "173.168.192.in-addr.arpa" IN {
+        type slave;
+        masters { primary_ns_master; };
+        file "slaves/173.168.192.in-addr.arpa.zone";
+    };
+
+    # external zones
+    zone "useribm.hu" IN {
+        type slave;
+        masters { primary_ns_master; };
+        file "slaves/useribm.hu.zone";
+    };
+    zone "userrendszerhaz.hu" IN {
+        type slave;
+        masters { primary_ns_master; };
+        file "slaves/userrendszerhaz.hu.zone";
+    };
+};

diff --git a/sources/ins.usr/postinstall/install/etc/sysctl.d/01-ipv6.conf b/sources/ins.usr/postinstall/install/etc/sysctl.d/01-ipv6.conf
new file mode 100644 (file)
index 0000000..f321089
--- /dev/null
+++ b/sources/ins.usr/postinstall/install/etc/sysctl.d/01-ipv6.conf
@@ -0,0 +1,2 @@
+net.ipv6.conf.all.disable_ipv6 = 1
+net.ipv6.conf.ins.disable_ipv6 = 1