From 3fe2e675f8f7b0e7c32ebcc4fdfa4eb4c6930074 Mon Sep 17 00:00:00 2001 From: zhipengl Date: Mon, 5 Nov 2018 23:56:49 +0800 Subject: [PATCH] Refactor patches for initscripts package MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Use initscripts-config package to package script and service file for initscripts package. Refactor 0001-Disable-zeroconf-route.patch, spec-add-mountnfs-init-script.patch and spec-include-TiS-changes.patch, let initscripts-config to be responsible for the installation of config/script/service files. Merged some meta patches that just includes adding source code patch to spec-include-Tis-changes.patch. Removed base/procps since it just includes one file, sysctl.conf. And move this file to initscripts-config folder.The monitor-tools package in stx-integ has a %post script that is adding an entry to sysctl.conf, so add "Requires: initscripts-config" in monitor-tools.spec, to ensure it is installed after this package replaces the file. Deployment test and ping test between VMs pass Service, config and script files check pass. Story: 2003768 Task: 27585 Change-Id: I2ea3bd05bdc5bca5658d157e6f40f7380e922500 Signed-off-by: zhipengl --- initscripts-config/centos/build_srpm.data | 2 + .../centos/initscripts-config.spec | 47 ++++++++ initscripts-config/files/mountnfs.service | 13 +++ initscripts-config/files/mountnfs.sh | 100 ++++++++++++++++++ .../files/sysconfig-network.conf | 1 + initscripts-config/files/sysctl.conf | 86 +++++++++++++++ 6 files changed, 249 insertions(+) create mode 100644 initscripts-config/centos/build_srpm.data create mode 100644 initscripts-config/centos/initscripts-config.spec create mode 100644 initscripts-config/files/mountnfs.service create mode 100755 initscripts-config/files/mountnfs.sh create mode 100644 initscripts-config/files/sysconfig-network.conf create mode 100644 initscripts-config/files/sysctl.conf diff --git a/initscripts-config/centos/build_srpm.data b/initscripts-config/centos/build_srpm.data new file mode 100644 index 0000000..da1e20b --- /dev/null +++ b/initscripts-config/centos/build_srpm.data @@ -0,0 +1,2 @@ +SRC_DIR="files" +TIS_PATCH_VER=0 diff --git a/initscripts-config/centos/initscripts-config.spec b/initscripts-config/centos/initscripts-config.spec new file mode 100644 index 0000000..9cc7514 --- /dev/null +++ b/initscripts-config/centos/initscripts-config.spec @@ -0,0 +1,47 @@ +Summary: initscripts-config +Name: initscripts-config +Version: 1.0 +Release: %{tis_patch_ver}%{?_tis_dist} +License: Apache-2.0 +Group: base +Packager: StarlingX +URL: unknown +BuildArch: noarch +Source: %name-%version.tar.gz + +Requires: %{_bindir}/systemctl +Requires: initscripts +Summary: package StarlingX configuration files of initscripts to system folder. + +%description +package StarlingX configuration files of initscripts to system folder. + +%prep +%setup + +%build + +%install +%{__install} -d 644 %{buildroot}%{_datadir}/starlingx/ +%{__install} -d 644 %{buildroot}%{_sysconfdir}/sysconfig +%{__install} -d 755 %{buildroot}%{_initddir} +%{__install} -d 644 %{buildroot}%{_unitdir} + +%{__install} -m 644 sysctl.conf %{buildroot}%{_datadir}/starlingx/stx.sysctl.conf +%{__install} -m 644 sysconfig-network.conf %{buildroot}%{_sysconfdir}/sysconfig/network +%{__install} -m 755 mountnfs.sh %{buildroot}%{_initddir}/mountnfs +%{__install} -m 644 mountnfs.service %{buildroot}%{_unitdir}/mountnfs.service + +%post +if [ $1 -eq 1 ] ; then + # Initial installation + cp -f %{_datadir}/starlingx/stx.sysctl.conf %{_sysconfdir}/sysctl.conf + chmod 644 %{_sysconfdir}/sysctl.conf +fi +%{_bindir}/systemctl enable mountnfs.service > /dev/null 2>&1 || : + +%files +%{_datadir}/starlingx/stx.sysctl.conf +%{_sysconfdir}/sysconfig/network +%{_initddir}/mountnfs +%{_unitdir}/mountnfs.service diff --git a/initscripts-config/files/mountnfs.service b/initscripts-config/files/mountnfs.service new file mode 100644 index 0000000..840fd84 --- /dev/null +++ b/initscripts-config/files/mountnfs.service @@ -0,0 +1,13 @@ +[Unit] +Description=StarlingX Cloud Filesystem Auto-mounter +After=network.target nfscommon.service +Before=uexportfs.service + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/etc/init.d/mountnfs start +ExecStop=/etc/init.d/mountnfs stop + +[Install] +WantedBy=multi-user.target diff --git a/initscripts-config/files/mountnfs.sh b/initscripts-config/files/mountnfs.sh new file mode 100755 index 0000000..adeea3d --- /dev/null +++ b/initscripts-config/files/mountnfs.sh @@ -0,0 +1,100 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: mountnfs +# Required-Start: $local_fs $network $rpcbind +# Required-Stop: +# Default-Start: S +# Default-Stop: +### END INIT INFO + +# . /etc/default/rcS + +if [ "$1" = "stop" ]; then + # Avoid mounting if we're shutting down + exit 0 +fi + +# +# Run in a subshell because of I/O redirection. +# +test -f /etc/fstab && ( + +# +# Read through fstab line by line. If it is NFS, set the flag +# for mounting NFS filesystems. If any NFS partition is found and it +# not mounted with the nolock option, we start the rpcbind. +# +rpcbind=no +mount_nfs=no +mount_smb=no +mount_ncp=no +mount_cifs=no +while read device mountpt fstype options; do + case "$device" in + ""|\#*) + continue + ;; + esac + + case "$options" in + *noauto*) + continue + ;; + esac + + if test "$fstype" = nfs + then + mount_nfs=yes + case "$options" in + *nolock*) + ;; + *) + rpcbind=yes + ;; + esac + fi + if test "$fstype" = smbfs + then + mount_smb=yes + fi + if test "$fstype" = ncpfs + then + mount_ncp=yes + fi + if test "$fstype" = cifs + then + mount_cifs=yes + fi +done + +exec 0>&1 + +if test "$rpcbind" = yes; then + # WRL: Centos precheck: Dont start rpcbind in this init script. + # It is started by a systemd service file. + if test "/etc/centos-release" = no + then + if test -x /usr/sbin/rpcbind + then + service rpcbind status > /dev/null + if [ $? != 0 ]; then + echo -n "Starting rpcbind..." + start-stop-daemon --start --quiet --exec /usr/sbin/rpcbind + sleep 2 + fi + fi + fi +fi + +if test "$mount_nfs" = yes || test "$mount_smb" = yes || test "$mount_ncp" = yes || test "$mount_cifs" = yes; then + echo "Mounting remote filesystems..." + test "$mount_nfs" = yes && mount -a -t nfs + test "$mount_smb" = yes && mount -a -t smbfs + test "$mount_ncp" = yes && mount -a -t ncpfs + test "$mount_cifs" = yes && mount -a -t cifs +fi + +) < /etc/fstab + +: exit 0 + diff --git a/initscripts-config/files/sysconfig-network.conf b/initscripts-config/files/sysconfig-network.conf new file mode 100644 index 0000000..7397912 --- /dev/null +++ b/initscripts-config/files/sysconfig-network.conf @@ -0,0 +1 @@ +ZEROCONF=yes diff --git a/initscripts-config/files/sysctl.conf b/initscripts-config/files/sysctl.conf new file mode 100644 index 0000000..eee0bd7 --- /dev/null +++ b/initscripts-config/files/sysctl.conf @@ -0,0 +1,86 @@ +# This configuration file is taken from Debian. +# +# /etc/sysctl.conf - Configuration file for setting system variables +# See sysctl.conf (5) for information. +# + +#kernel.domainname = example.com + +# Uncomment the following to stop low-level messages on console +kernel.printk = 4 4 1 7 + +# Reboot X seconds after a kernel panic +kernel.panic = 5 + +##############################################################3 +# Functions previously found in netbase +# + +# Uncomment the next two lines to enable Spoof protection (reverse-path filter) +# Turn on Source Address Verification in all interfaces to +# prevent some spoofing attacks +net.ipv4.conf.default.rp_filter=1 +net.ipv4.conf.all.rp_filter=1 + +# Uncomment the next line to enable TCP/IP SYN cookies +#net.ipv4.tcp_syncookies=1 + +# Uncomment the next line to enable packet forwarding for IPv4 +#net.ipv4.ip_forward=1 + +# Uncomment the next line to enable packet forwarding for IPv6 +#net.ipv6.conf.all.forwarding=1 + + +################################################################### +# Additional settings - these settings can improve the network +# security of the host and prevent against some network attacks +# including spoofing attacks and man in the middle attacks through +# redirection. Some network environments, however, require that these +# settings are disabled so review and enable them as needed. +# +# Ignore ICMP broadcasts +#net.ipv4.icmp_echo_ignore_broadcasts = 1 +# +# Ignore bogus ICMP errors +#net.ipv4.icmp_ignore_bogus_error_responses = 1 +# +# Do not accept ICMP redirects (prevent MITM attacks) +#net.ipv4.conf.all.accept_redirects = 0 +#net.ipv6.conf.all.accept_redirects = 0 +# _or_ +# Accept ICMP redirects only for gateways listed in our default +# gateway list (enabled by default) +# net.ipv4.conf.all.secure_redirects = 1 +# +# Do not send ICMP redirects (we are not a router) +#net.ipv4.conf.all.send_redirects = 0 +# +# Do not accept IP source route packets (we are not a router) +#net.ipv4.conf.all.accept_source_route = 0 +#net.ipv6.conf.all.accept_source_route = 0 +# +# Log Martian Packets +#net.ipv4.conf.all.log_martians = 1 +# + +#kernel.shmmax = 141762560 + +# Limit local port range +net.ipv4.ip_local_port_range = 49216 61000 +net.ipv4.tcp_tw_reuse = 1 + +# WRL +# set max socket memory ; default was 212992 +net.core.rmem_max=425984 + +# WRS +# The following kernel parameters help alleviate some RabbitMQ +# connection issues. These values need to be set here to ensure sysinv-agent +# remains connected to rabbitmq. Sysinv-agent starts before packstack and the +# long default values allowed the connection to be lost for 2 hours. +# Note the ipv4 vlaues are also applied to ipv6 connections. +net.ipv4.tcp_keepalive_intvl = 1 +net.ipv4.tcp_keepalive_probes = 5 +net.ipv4.tcp_keepalive_time = 5 +