Changeset View
Standalone View
release/tools/oci.conf
- This file was added.
#!/bin/sh | |||||
# | |||||
# $FreeBSD$ | |||||
# | |||||
# # Set to a list of packages to install. | |||||
export VM_EXTRA_PACKAGES=" | |||||
comms/py-pyserial | |||||
emaste: should be in alpha order? | |||||
Done Inline ActionsThis is the placeholder for devel/oci-cli (the command line tool, that depends on py-oci as well) which I backported to quarterly last week. It's not yet gotten through the build pipeline: pkg: No packages available to install matching 'devel/oci-cli' have been found in the repositories dch: This is the placeholder for devel/oci-cli (the command line tool, that depends on py-oci as… | |||||
converters/base64 | |||||
Done Inline ActionsI assume the short uncommented list here was just for testing? emaste: I assume the short uncommented list here was just for testing? | |||||
devel/py-babel | |||||
devel/py-iso8601 | |||||
devel/py-oci | |||||
devel/py-pbr | |||||
devel/py-six | |||||
ftp/curl | |||||
lang/python | |||||
lang/python3 | |||||
net/cloud-init | |||||
net/py-eventlet | |||||
net/py-netaddr | |||||
net/py-netifaces | |||||
net/py-oauth | |||||
net/rsync | |||||
panicmail | |||||
security/ca_root_nss | |||||
security/hpenc | |||||
security/sudo | |||||
sysutils/fd | |||||
sysutils/firstboot-freebsd-update | |||||
sysutils/firstboot-pkgs | |||||
sysutils/htop | |||||
sysutils/panicmail | |||||
sysutils/tmux | |||||
textproc/jq | |||||
textproc/ripgrep | |||||
www/gurl" | |||||
# Should be enough for base image, image can be resized in needed | |||||
export VMSIZE=5g | |||||
# Set to a list of third-party software to enable in rc.conf(5). | |||||
# TODO add cloudinit after finishing testing | |||||
export VM_RC_LIST=" | |||||
cloudinit | |||||
firstboot_pkgs | |||||
firstboot_freebsd_update | |||||
growfs | |||||
ntpd | |||||
ntpd_sync_on_start | |||||
sshd | |||||
zfs" | |||||
vm_extra_pre_umount() { | |||||
cat << EOF >> ${DESTDIR}/etc/rc.conf | |||||
dumpdev=AUTO | |||||
ifconfig_DEFAULT=SYNCDHCP | |||||
sendmail_enable=NONE | |||||
EOF | |||||
cat << EOF >> ${DESTDIR}/boot/loader.conf | |||||
autoboot_delay="5" | |||||
beastie_disable="YES" | |||||
boot_serial="YES" | |||||
loader_logo="none" | |||||
# ensure disk devices are found by label not partition | |||||
# kern.geom.label.disk_ident.enable="0" | |||||
# kern.geom.label.gptid.enable="0" | |||||
Done Inline Actionswe definitely don't want to commit with these emaste: we definitely don't want to commit with these | |||||
# storage | |||||
cryptodev_load="YES" | |||||
opensolaris_load="YES" | |||||
xz_load="YES" | |||||
zfs_load="YES" | |||||
EOF | |||||
cat <<EOF >> ${DESTDIR}/etc/ssh/sshd_config | |||||
PermitRootLogin prohibit-password | |||||
Done Inline ActionsOCI wants PermitRootLogin no (S14 in their requirements) emaste: OCI wants `PermitRootLogin no` (S14 in their requirements) | |||||
PasswordAuthentication no | |||||
KbdInteractiveAuthentication no | |||||
PermitEmptyPasswords no | |||||
UsePAM no | |||||
Done Inline ActionsOCI also suggests UsePAM no but we might want to leave PAM enabled; it provides account and session processing for all auth types. emaste: OCI also suggests `UsePAM no` but we might want to leave PAM enabled; it provides account and… | |||||
UseDNS no | |||||
EOF | |||||
Done Inline ActionsPerhaps pw -R ${DESTDIR} usermod root -w no But that said, the cloud-init config currently installs the provided ssh key in /root/.ssh/authorized_keys. emaste: Perhaps `pw -R ${DESTDIR} usermod root -w no`
But that said, the cloud-init config currently… | |||||
Done Inline ActionsPerhaps: # S14 Root user login must be disabled. pw -R ${DESTDIR} usermod root -w no cat <<-EOF >> ${DESTDIR}/usr/local/etc/cloud/cloud.cfg.d/98_oci.cfg disable_root: true EOF emaste: Perhaps:
```
# S14 Root user login must be disabled.
pw -R ${DESTDIR} usermod… | |||||
Done Inline ActionsI think we're ok here with the cloud-init line only. dch: I think we're ok here with the cloud-init line only. | |||||
touch ${DESTDIR}/firstboot | |||||
return 0 | |||||
} |
should be in alpha order?