diff --git a/initscripts-config/centos/build_srpm.data b/initscripts-config/centos/build_srpm.data new file mode 100644 index 0000000..da1e20b --- /dev/null +++ b/initscripts-config/centos/build_srpm.data @@ -0,0 +1,2 @@ +SRC_DIR="files" +TIS_PATCH_VER=0 diff --git a/initscripts-config/centos/initscripts-config.spec b/initscripts-config/centos/initscripts-config.spec new file mode 100644 index 0000000..9cc7514 --- /dev/null +++ b/initscripts-config/centos/initscripts-config.spec @@ -0,0 +1,47 @@ +Summary: initscripts-config +Name: initscripts-config +Version: 1.0 +Release: %{tis_patch_ver}%{?_tis_dist} +License: Apache-2.0 +Group: base +Packager: StarlingX +URL: unknown +BuildArch: noarch +Source: %name-%version.tar.gz + +Requires: %{_bindir}/systemctl +Requires: initscripts +Summary: package StarlingX configuration files of initscripts to system folder. + +%description +package StarlingX configuration files of initscripts to system folder. + +%prep +%setup + +%build + +%install +%{__install} -d 644 %{buildroot}%{_datadir}/starlingx/ +%{__install} -d 644 %{buildroot}%{_sysconfdir}/sysconfig +%{__install} -d 755 %{buildroot}%{_initddir} +%{__install} -d 644 %{buildroot}%{_unitdir} + +%{__install} -m 644 sysctl.conf %{buildroot}%{_datadir}/starlingx/stx.sysctl.conf +%{__install} -m 644 sysconfig-network.conf %{buildroot}%{_sysconfdir}/sysconfig/network +%{__install} -m 755 mountnfs.sh %{buildroot}%{_initddir}/mountnfs +%{__install} -m 644 mountnfs.service %{buildroot}%{_unitdir}/mountnfs.service + +%post +if [ $1 -eq 1 ] ; then + # Initial installation + cp -f %{_datadir}/starlingx/stx.sysctl.conf %{_sysconfdir}/sysctl.conf + chmod 644 %{_sysconfdir}/sysctl.conf +fi +%{_bindir}/systemctl enable mountnfs.service > /dev/null 2>&1 || : + +%files +%{_datadir}/starlingx/stx.sysctl.conf +%{_sysconfdir}/sysconfig/network +%{_initddir}/mountnfs +%{_unitdir}/mountnfs.service diff --git a/initscripts-config/files/mountnfs.service b/initscripts-config/files/mountnfs.service new file mode 100644 index 0000000..840fd84 --- /dev/null +++ b/initscripts-config/files/mountnfs.service @@ -0,0 +1,13 @@ +[Unit] +Description=StarlingX Cloud Filesystem Auto-mounter +After=network.target nfscommon.service +Before=uexportfs.service + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/etc/init.d/mountnfs start +ExecStop=/etc/init.d/mountnfs stop + +[Install] +WantedBy=multi-user.target diff --git a/initscripts-config/files/mountnfs.sh b/initscripts-config/files/mountnfs.sh new file mode 100755 index 0000000..adeea3d --- /dev/null +++ b/initscripts-config/files/mountnfs.sh @@ -0,0 +1,100 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: mountnfs +# Required-Start: $local_fs $network $rpcbind +# Required-Stop: +# Default-Start: S +# Default-Stop: +### END INIT INFO + +# . /etc/default/rcS + +if [ "$1" = "stop" ]; then + # Avoid mounting if we're shutting down + exit 0 +fi + +# +# Run in a subshell because of I/O redirection. +# +test -f /etc/fstab && ( + +# +# Read through fstab line by line. If it is NFS, set the flag +# for mounting NFS filesystems. If any NFS partition is found and it +# not mounted with the nolock option, we start the rpcbind. +# +rpcbind=no +mount_nfs=no +mount_smb=no +mount_ncp=no +mount_cifs=no +while read device mountpt fstype options; do + case "$device" in + ""|\#*) + continue + ;; + esac + + case "$options" in + *noauto*) + continue + ;; + esac + + if test "$fstype" = nfs + then + mount_nfs=yes + case "$options" in + *nolock*) + ;; + *) + rpcbind=yes + ;; + esac + fi + if test "$fstype" = smbfs + then + mount_smb=yes + fi + if test "$fstype" = ncpfs + then + mount_ncp=yes + fi + if test "$fstype" = cifs + then + mount_cifs=yes + fi +done + +exec 0>&1 + +if test "$rpcbind" = yes; then + # WRL: Centos precheck: Dont start rpcbind in this init script. + # It is started by a systemd service file. + if test "/etc/centos-release" = no + then + if test -x /usr/sbin/rpcbind + then + service rpcbind status > /dev/null + if [ $? != 0 ]; then + echo -n "Starting rpcbind..." + start-stop-daemon --start --quiet --exec /usr/sbin/rpcbind + sleep 2 + fi + fi + fi +fi + +if test "$mount_nfs" = yes || test "$mount_smb" = yes || test "$mount_ncp" = yes || test "$mount_cifs" = yes; then + echo "Mounting remote filesystems..." + test "$mount_nfs" = yes && mount -a -t nfs + test "$mount_smb" = yes && mount -a -t smbfs + test "$mount_ncp" = yes && mount -a -t ncpfs + test "$mount_cifs" = yes && mount -a -t cifs +fi + +) < /etc/fstab + +: exit 0 + diff --git a/initscripts-config/files/sysconfig-network.conf b/initscripts-config/files/sysconfig-network.conf new file mode 100644 index 0000000..7397912 --- /dev/null +++ b/initscripts-config/files/sysconfig-network.conf @@ -0,0 +1 @@ +ZEROCONF=yes diff --git a/initscripts-config/files/sysctl.conf b/initscripts-config/files/sysctl.conf new file mode 100644 index 0000000..eee0bd7 --- /dev/null +++ b/initscripts-config/files/sysctl.conf @@ -0,0 +1,86 @@ +# This configuration file is taken from Debian. +# +# /etc/sysctl.conf - Configuration file for setting system variables +# See sysctl.conf (5) for information. +# + +#kernel.domainname = example.com + +# Uncomment the following to stop low-level messages on console +kernel.printk = 4 4 1 7 + +# Reboot X seconds after a kernel panic +kernel.panic = 5 + +##############################################################3 +# Functions previously found in netbase +# + +# Uncomment the next two lines to enable Spoof protection (reverse-path filter) +# Turn on Source Address Verification in all interfaces to +# prevent some spoofing attacks +net.ipv4.conf.default.rp_filter=1 +net.ipv4.conf.all.rp_filter=1 + +# Uncomment the next line to enable TCP/IP SYN cookies +#net.ipv4.tcp_syncookies=1 + +# Uncomment the next line to enable packet forwarding for IPv4 +#net.ipv4.ip_forward=1 + +# Uncomment the next line to enable packet forwarding for IPv6 +#net.ipv6.conf.all.forwarding=1 + + +################################################################### +# Additional settings - these settings can improve the network +# security of the host and prevent against some network attacks +# including spoofing attacks and man in the middle attacks through +# redirection. Some network environments, however, require that these +# settings are disabled so review and enable them as needed. +# +# Ignore ICMP broadcasts +#net.ipv4.icmp_echo_ignore_broadcasts = 1 +# +# Ignore bogus ICMP errors +#net.ipv4.icmp_ignore_bogus_error_responses = 1 +# +# Do not accept ICMP redirects (prevent MITM attacks) +#net.ipv4.conf.all.accept_redirects = 0 +#net.ipv6.conf.all.accept_redirects = 0 +# _or_ +# Accept ICMP redirects only for gateways listed in our default +# gateway list (enabled by default) +# net.ipv4.conf.all.secure_redirects = 1 +# +# Do not send ICMP redirects (we are not a router) +#net.ipv4.conf.all.send_redirects = 0 +# +# Do not accept IP source route packets (we are not a router) +#net.ipv4.conf.all.accept_source_route = 0 +#net.ipv6.conf.all.accept_source_route = 0 +# +# Log Martian Packets +#net.ipv4.conf.all.log_martians = 1 +# + +#kernel.shmmax = 141762560 + +# Limit local port range +net.ipv4.ip_local_port_range = 49216 61000 +net.ipv4.tcp_tw_reuse = 1 + +# WRL +# set max socket memory ; default was 212992 +net.core.rmem_max=425984 + +# WRS +# The following kernel parameters help alleviate some RabbitMQ +# connection issues. These values need to be set here to ensure sysinv-agent +# remains connected to rabbitmq. Sysinv-agent starts before packstack and the +# long default values allowed the connection to be lost for 2 hours. +# Note the ipv4 vlaues are also applied to ipv6 connections. +net.ipv4.tcp_keepalive_intvl = 1 +net.ipv4.tcp_keepalive_probes = 5 +net.ipv4.tcp_keepalive_time = 5 +