From: Zoltán Felleg <zoltan.felleg@userrendszerhaz.hu>
Date: Tue, 5 Nov 2019 15:45:20 +0000 (+0100)
Subject: Added pns.pm (cvm -> vhost migration, Fedora 31 upgrade).
X-Git-Url: http://git.useribm.hu/?a=commitdiff_plain;h=5dcff3834f387fe8803b0461455d9a2a2f8c55b7;p=user-lxc.git

Added pns.pm (cvm -> vhost migration, Fedora 31 upgrade).
---

diff --git a/sources/pns.pm/config b/sources/pns.pm/config
new file mode 100644
index 0000000..d2bf142
--- /dev/null
+++ b/sources/pns.pm/config
@@ -0,0 +1,22 @@
+lxc.include = /usr/share/lxc/config/common.conf
+
+lxc.arch = x86_64
+lxc.uts.name = pns.pm.user.hu
+lxc.rootfs.path = __CONTAINER_PATH__/rootfs
+lxc.mount.auto = proc:rw sys:ro
+
+lxc.net.0.type = veth
+lxc.net.0.flags = up
+lxc.net.0.link = brh-dev
+lxc.net.0.hwaddr = 02:0c:18:03:ad:ae
+
+lxc.cgroup.devices.allow =
+lxc.cgroup.devices.deny =
+
+lxc.autodev = 1
+
+lxc.signal.halt = SIGRTMIN+4
+
+lxc.start.auto = 1
+lxc.start.order = 12
+lxc.start.delay = 3
diff --git a/sources/pns.pm/envvars b/sources/pns.pm/envvars
new file mode 100644
index 0000000..c48ba9b
--- /dev/null
+++ b/sources/pns.pm/envvars
@@ -0,0 +1,4 @@
+DISTRIBUTION=Fedora
+DISTRIBUTION_VERSION=31
+BASE_PACKAGES="NetworkManager hostname initscripts iproute iputils logrotate rootfiles rsyslog tar vim-minimal"
+SPEC_PACKAGES="bind bind-utils"
diff --git a/sources/pns.pm/firstboot/01_setupnetworking.sh b/sources/pns.pm/firstboot/01_setupnetworking.sh
new file mode 100755
index 0000000..9c87c34
--- /dev/null
+++ b/sources/pns.pm/firstboot/01_setupnetworking.sh
@@ -0,0 +1,56 @@
+#!/bin/sh
+
+
+sleep 1
+systemctl --quiet is-active NetworkManager.service
+NM_RC=$?
+WAITED=0
+while [ $NM_RC -ne 0 ]
+do
+    echo -n .
+    sleep 1
+    WAITED=1
+    systemctl --quiet is-active NetworkManager.service
+    NM_RC=$?
+done
+[ $WAITED -eq 1 ] && echo
+
+CONNECTIONS=$(nmcli --terse connection show | wc -l)
+while [ $CONNECTIONS -ne 1 ]
+do
+    echo "Number of connections: $CONNECTIONS" >&2
+    sleep 1
+    CONNECTIONS=$(nmcli --terse connection show | wc -l)
+done
+
+nmcli --terse connection show | grep ':$' >/dev/null
+ALL_CONNECTION_DEVICES_KNOWN=$?
+while [ $ALL_CONNECTION_DEVICES_KNOWN -eq 0 ]
+do
+    echo "Not all connection devices are known yet" >&2
+    sleep 1
+    nmcli --terse connection show | grep ':$' >/dev/null
+    ALL_CONNECTION_DEVICES_KNOWN=$?
+done
+
+CONNECTION_LINE=$(nmcli --terse connection show)
+CONNECTION_UUID=$(echo $CONNECTION_LINE | cut -f 2 -d ':')
+CONNECTION_DEVICE=$(echo $CONNECTION_LINE | cut -f 4 -d ':')
+
+nmcli connection delete uuid "$CONNECTION_UUID"
+
+nmcli connection add \
+    connection.autoconnect yes \
+    connection.id perimeter \
+    connection.interface-name $CONNECTION_DEVICE \
+    connection.type 802-3-ethernet \
+    ipv4.addresses "192.168.173.174/24" \
+    ipv4.dns "127.0.0.1" \
+    ipv4.dns-search "pm.user.hu" \
+    ipv4.gateway "192.168.173.254" \
+    ipv4.method "manual" \
+    ipv4.routes "10.228.0.0/16 192.168.173.1" \
+    ipv6.method "ignore" \
+    save yes
+
+nmcli connection show
diff --git a/sources/pns.pm/firstboot/02_settimezone.sh b/sources/pns.pm/firstboot/02_settimezone.sh
new file mode 100755
index 0000000..20b2a71
--- /dev/null
+++ b/sources/pns.pm/firstboot/02_settimezone.sh
@@ -0,0 +1,21 @@
+#!/bin/sh
+
+
+sleep 1
+systemctl --quiet is-active dbus.service
+DBUS_RC=$?
+WAITED=0
+while [ $DBUS_RC -ne 0 ]
+do
+    if [ $WAITED -eq 0 ]
+    then
+        echo -n "Waiting for dbus.service"
+    fi
+    echo -n .
+    sleep 1
+    WAITED=1
+    systemctl --quiet is-active dbus.service
+    DBUS_RC=$?
+done
+[ $WAITED -ne 0 ] && echo
+timedatectl set-timezone Europe/Budapest
diff --git a/sources/pns.pm/firstboot/03_setupldap.sh b/sources/pns.pm/firstboot/03_setupldap.sh
new file mode 100755
index 0000000..4b58626
--- /dev/null
+++ b/sources/pns.pm/firstboot/03_setupldap.sh
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+
+exit 0
+authselect select sssd with-mkhomedir --force
+
+cat >>/etc/openldap/ldap.conf <<EOF
+BASE dc=user,dc=hu
+URI ldap://ldap.usr.user.hu
+EOF
diff --git a/sources/pns.pm/firstboot/99_cleanup.sh b/sources/pns.pm/firstboot/99_cleanup.sh
new file mode 100755
index 0000000..b87f2f4
--- /dev/null
+++ b/sources/pns.pm/firstboot/99_cleanup.sh
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+
+REAL_PATH=$(dirname $(realpath $0))
+
+echo rm -Rf $REAL_PATH
diff --git a/sources/pns.pm/postinstall/01_setownership.sh b/sources/pns.pm/postinstall/01_setownership.sh
new file mode 100755
index 0000000..224e4d8
--- /dev/null
+++ b/sources/pns.pm/postinstall/01_setownership.sh
@@ -0,0 +1,9 @@
+#!/bin/sh
+
+
+REAL_PATH=$(dirname $(realpath $0))
+SOURCE_PATH=$REAL_PATH/install
+
+chown -R root.root $SOURCE_PATH/*
+
+chgrp named $SOURCE_PATH/etc/named.*
diff --git a/sources/pns.pm/postinstall/02_setpermissions.sh b/sources/pns.pm/postinstall/02_setpermissions.sh
new file mode 100755
index 0000000..68ca2bc
--- /dev/null
+++ b/sources/pns.pm/postinstall/02_setpermissions.sh
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+
+REAL_PATH=$(dirname $(realpath $0))
+SOURCE_PATH=$REAL_PATH/install
+
+chmod 640 $SOURCE_PATH/etc/named.*
diff --git a/sources/pns.pm/postinstall/03_installfiles.sh b/sources/pns.pm/postinstall/03_installfiles.sh
new file mode 100755
index 0000000..f190caf
--- /dev/null
+++ b/sources/pns.pm/postinstall/03_installfiles.sh
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+
+REAL_PATH=$(dirname $(realpath $0))
+
+tar --create \
+    --directory=$REAL_PATH \
+    --to-stdout \
+    install \
+    | tar --extract \
+          --backup \
+          --directory=/ \
+          --no-overwrite-dir \
+          --strip-components=1 \
+          --suffix=.orig
diff --git a/sources/pns.pm/postinstall/04_editfiles.sh b/sources/pns.pm/postinstall/04_editfiles.sh
new file mode 100755
index 0000000..097b9b0
--- /dev/null
+++ b/sources/pns.pm/postinstall/04_editfiles.sh
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+
+sed --in-place=.orig \
+    's/^After=\(.*\)network\.target\(.*\)$/After=\1network-online.target\2/' \
+    /usr/lib/systemd/system/named.service
diff --git a/sources/pns.pm/postinstall/10_setupservices.sh b/sources/pns.pm/postinstall/10_setupservices.sh
new file mode 100755
index 0000000..c9bfc34
--- /dev/null
+++ b/sources/pns.pm/postinstall/10_setupservices.sh
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+
+systemctl enable named.service
+systemctl enable NetworkManager-wait-online.service
+
+systemctl mask wpa_supplicant.service
diff --git a/sources/pns.pm/postinstall/99_cleanup.sh b/sources/pns.pm/postinstall/99_cleanup.sh
new file mode 100755
index 0000000..b87f2f4
--- /dev/null
+++ b/sources/pns.pm/postinstall/99_cleanup.sh
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+
+REAL_PATH=$(dirname $(realpath $0))
+
+echo rm -Rf $REAL_PATH
diff --git a/sources/pns.pm/postinstall/install/etc/hosts b/sources/pns.pm/postinstall/install/etc/hosts
new file mode 100644
index 0000000..ece152e
--- /dev/null
+++ b/sources/pns.pm/postinstall/install/etc/hosts
@@ -0,0 +1,4 @@
+127.0.0.1	localhost.localdomain localhost localhost4.localdomain4 localhost4
+::1		localhost6.localdomain6 localhost6
+
+192.168.173.174	pns.pm.user.hu pns
diff --git a/sources/pns.pm/postinstall/install/etc/named.conf b/sources/pns.pm/postinstall/install/etc/named.conf
new file mode 100644
index 0000000..fda0c49
--- /dev/null
+++ b/sources/pns.pm/postinstall/install/etc/named.conf
@@ -0,0 +1,195 @@
+//
+// named.conf
+//
+
+options {
+	directory		"/var/named";
+	dump-file		"data/cache_dump.db";
+	statistics-file		"data/named_stats.txt";
+	memstatistics-file	"data/named_mem_stats.txt";
+
+	listen-on	port 53 { any; };
+	listen-on-v6	port 53 { any; };
+
+	allow-query		{ none; };
+	allow-query-cache	{ none; };
+	allow-recursion		{ none; };
+
+	recursion	no;
+
+	dnssec-enable		yes;
+	dnssec-validation	no;
+};
+
+logging {
+	channel default_debug {
+		file "data/named.run" versions 3 size 5m;
+		severity dynamic;
+		print-category yes;
+		print-severity yes;
+		print-time yes;
+	};
+	channel client_channel {
+		file "data/client.log" versions 3 size 1m;
+		severity info;
+		print-category yes;
+		print-severity yes;
+		print-time yes;
+	};
+	channel lame-servers_channel {
+		file "data/lame-servers.log" versions 3 size 1m;
+		severity info;
+		print-category yes;
+		print-severity yes;
+		print-time yes;
+	};
+	channel notify_channel {
+		file "data/notify.log" versions 3 size 1m;
+		severity info;
+		print-category yes;
+		print-severity yes;
+		print-time yes;
+	};
+	channel queries_channel {
+		file "data/queries.log" versions 3 size 5m;
+		severity info;
+		print-category yes;
+		print-severity yes;
+		print-time yes;
+	};
+	channel security_channel {
+		file "data/security.log" versions 3 size 1m;
+		severity info;
+		print-category yes;
+		print-severity yes;
+		print-time yes;
+	};
+	channel xfer-in_channel {
+		file "data/xfer-in.log" versions 3 size 1m;
+		severity info;
+		print-category yes;
+		print-severity yes;
+		print-time yes;
+	};
+	channel xfer-out_channel {
+		file "data/xfer-out.log" versions 3 size 1m;
+		severity info;
+		print-category yes;
+		print-severity yes;
+		print-time yes;
+	};
+	category default {
+		default_syslog;
+		default_debug;
+	};
+	category client {
+		client_channel;
+	};
+	category lame-servers {
+		lame-servers_channel;
+	};
+	category notify {
+		notify_channel;
+	};
+	category queries {
+		queries_channel;
+	};
+	category security {
+		security_channel;
+	};
+	category xfer-in {
+		xfer-in_channel;
+	};
+	category xfer-out {
+		xfer-out_channel;
+	};
+};
+
+key "primary_ns-perimeter_ns" {
+	algorithm hmac-sha256;
+	secret "grOxaoe16BkIW9AVbdWkEjmQptVEGzjfDSzjhhPU3YA=";
+};
+
+acl primary_ns_key_acl		{ key "primary_ns-perimeter_ns"; };
+
+masters primary_ns_master	{ 10.228.109.174 key "primary_ns-perimeter_ns"; };
+
+server 10.228.109.174	{ keys { "primary_ns-perimeter_ns"; }; };
+
+view "perimeter" {
+	match-clients		{ localnets; localhost; };
+
+	allow-query		{ localnets; localhost; };
+	allow-query-cache	{ localnets; localhost; };
+	allow-recursion		{ localnets; localhost; };
+	allow-transfer		{ none; };
+	allow-update		{ none; };
+
+	allow-notify		{ primary_ns_key_acl; };
+	notify			no;
+
+	recursion		yes;
+
+	include "/etc/named.rfc1912.zones";
+
+	# internal zones
+	zone "in.user.hu" IN {
+		type slave;
+		masters { primary_ns_master; };
+		file "slaves/in.user.hu.zone";
+	};
+	zone "43.168.192.in-addr.arpa" IN {
+		type slave;
+		masters { primary_ns_master; };
+		file "slaves/43.168.192.in-addr.arpa.zone";
+	};
+	zone "sr.user.hu" IN {
+		type slave;
+		masters { primary_ns_master; };
+		file "slaves/sr.user.hu.zone";
+	};
+	zone "42.168.192.in-addr.arpa" IN {
+		type slave;
+		masters { primary_ns_master; };
+		file "slaves/42.168.192.in-addr.arpa.zone";
+	};
+	zone "usr.user.hu" IN {
+		type slave;
+		masters { primary_ns_master; };
+		file "slaves/usr.user.hu.zone";
+	};
+	zone "228.10.in-addr.arpa" IN {
+		type slave;
+		masters { primary_ns_master; };
+		file "slaves/228.10.in-addr.arpa.zone";
+	};
+
+	# perimeter zones
+	zone "pm.user.hu" IN {
+		type slave;
+		masters { primary_ns_master; };
+		file "slaves/pm.user.hu.zone";
+	};
+	zone "173.168.192.in-addr.arpa" IN {
+		type slave;
+		masters { primary_ns_master; };
+		file "slaves/173.168.192.in-addr.arpa.zone";
+	};
+
+	# external zones
+	zone "mediacube.hu" IN {
+		type slave;
+		masters { primary_ns_master; };
+		file "slaves/mediacube.hu.zone";
+	};
+	zone "useribm.hu" IN {
+		type slave;
+		masters { primary_ns_master; };
+		file "slaves/useribm.hu.zone";
+	};
+	zone "userrendszerhaz.hu" IN {
+		type slave;
+		masters { primary_ns_master; };
+		file "slaves/userrendszerhaz.hu.zone";
+	};
+};
diff --git a/sources/pns.pm/postinstall/install/etc/sysctl.d/01-ipv6.conf b/sources/pns.pm/postinstall/install/etc/sysctl.d/01-ipv6.conf
new file mode 100644
index 0000000..0690211
--- /dev/null
+++ b/sources/pns.pm/postinstall/install/etc/sysctl.d/01-ipv6.conf
@@ -0,0 +1,2 @@
+net.ipv6.conf.all.disable_ipv6 = 1
+net.ipv6.conf.svc.disable_ipv6 = 1