starlingx/config-files
Code Issues Proposed changes

Merge "Removing centos related initscripts"

Browse Source
This commit is contained in:
Zuul 2023-08-14 16:18:23 +00:00 committed by Gerrit Code Review
commit daf19943f9
6 changed files with 0 additions and 348 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
initscripts-config/centos/build_srpm.data
View File

@ -1,2 +0,0 @@
SRC_DIR="files"
TIS_PATCH_VER=PKG_GITREVCOUNT

52
initscripts-config/centos/initscripts-config.spec
View File

@ -1,52 +0,0 @@
#
# SPDX-License-Identifier: Apache-2.0
#
# Copyright (C) 2019 Intel Corporation
#
Summary: initscripts-config
Name: initscripts-config
Version: 1.0
Release: %{tis_patch_ver}%{?_tis_dist}
License: Apache-2.0
Group: base
Packager: StarlingX
URL: unknown
BuildArch: noarch
Source: %name-%version.tar.gz
Requires: %{_bindir}/systemctl
Requires: initscripts
Summary: package StarlingX configuration files of initscripts to system folder.
%description
package StarlingX configuration files of initscripts to system folder.
%prep
%setup
%build
%install
%{__install} -d 644 %{buildroot}%{_datadir}/starlingx/
%{__install} -d 644 %{buildroot}%{_sysconfdir}/sysconfig
%{__install} -d 755 %{buildroot}%{_initddir}
%{__install} -d 644 %{buildroot}%{_unitdir}
%{__install} -m 644 sysctl.conf %{buildroot}%{_datadir}/starlingx/stx.sysctl.conf
%{__install} -m 644 sysconfig-network.conf %{buildroot}%{_sysconfdir}/sysconfig/network
%{__install} -m 755 mountnfs.sh %{buildroot}%{_initddir}/mountnfs
%{__install} -m 644 mountnfs.service %{buildroot}%{_unitdir}/mountnfs.service
%post
if [ $1 -eq 1 ] ; then
# Initial installation
cp -f %{_datadir}/starlingx/stx.sysctl.conf %{_sysconfdir}/sysctl.conf
chmod 644 %{_sysconfdir}/sysctl.conf
fi
%{_bindir}/systemctl enable mountnfs.service > /dev/null 2>&1 || :
%files
%{_datadir}/starlingx/stx.sysctl.conf
%{_sysconfdir}/sysconfig/network
%{_initddir}/mountnfs
%{_unitdir}/mountnfs.service

13
initscripts-config/files/mountnfs.service
View File

@ -1,13 +0,0 @@
[Unit]
Description=StarlingX Cloud Filesystem Auto-mounter
After=network.target nfscommon.service
Before=uexportfs.service
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/etc/init.d/mountnfs start
ExecStop=/etc/init.d/mountnfs stop
[Install]
WantedBy=multi-user.target

100
initscripts-config/files/mountnfs.sh
View File

@ -1,100 +0,0 @@
#!/bin/sh
### BEGIN INIT INFO
# Provides: mountnfs
# Required-Start: $local_fs $network $rpcbind
# Required-Stop:
# Default-Start: S
# Default-Stop:
### END INIT INFO
# . /etc/default/rcS
if [ "$1" = "stop" ]; then
# Avoid mounting if we're shutting down
exit 0
fi
#
# Run in a subshell because of I/O redirection.
#
test -f /etc/fstab && (
#
# Read through fstab line by line. If it is NFS, set the flag
# for mounting NFS filesystems. If any NFS partition is found and it
# not mounted with the nolock option, we start the rpcbind.
#
rpcbind=no
mount_nfs=no
mount_smb=no
mount_ncp=no
mount_cifs=no
while read device mountpt fstype options; do
case "$device" in
""|\#*)
continue
;;
esac
case "$options" in
*noauto*)
continue
;;
esac
if test "$fstype" = nfs
then
mount_nfs=yes
case "$options" in
*nolock*)
;;
*)
rpcbind=yes
;;
esac
fi
if test "$fstype" = smbfs
then
mount_smb=yes
fi
if test "$fstype" = ncpfs
then
mount_ncp=yes
fi
if test "$fstype" = cifs
then
mount_cifs=yes
fi
done
exec 0>&1
if test "$rpcbind" = yes; then
# WRL: Centos precheck: Dont start rpcbind in this init script.
# It is started by a systemd service file.
if test "/etc/centos-release" = no
then
if test -x /usr/sbin/rpcbind
then
service rpcbind status > /dev/null
if [ $? != 0 ]; then
echo -n "Starting rpcbind..."
start-stop-daemon --start --quiet --exec /usr/sbin/rpcbind
sleep 2
fi
fi
fi
fi
if test "$mount_nfs" = yes || test "$mount_smb" = yes || test "$mount_ncp" = yes || test "$mount_cifs" = yes; then
echo "Mounting remote filesystems..."
test "$mount_nfs" = yes && mount -a -t nfs
test "$mount_smb" = yes && mount -a -t smbfs
test "$mount_ncp" = yes && mount -a -t ncpfs
test "$mount_cifs" = yes && mount -a -t cifs
fi
) < /etc/fstab
: exit 0

1
initscripts-config/files/sysconfig-network.conf
View File

@ -1 +0,0 @@
ZEROCONF=yes

180
initscripts-config/files/sysctl.conf
View File

@ -1,180 +0,0 @@
# This configuration file is taken from Debian.
#
# /etc/sysctl.conf - Configuration file for setting system variables
# See sysctl.conf (5) for information.
#
#kernel.domainname = example.com
# Uncomment the following to stop low-level messages on console
kernel.printk = 4 4 1 7
# Reboot X seconds after a kernel panic
kernel.panic = 5
##############################################################3
# Functions previously found in netbase
#
# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
# Turn on Source Address Verification in all interfaces to
# prevent some spoofing attacks
net.ipv4.conf.default.rp_filter=1
net.ipv4.conf.all.rp_filter=1
# Uncomment the next line to enable TCP/IP SYN cookies
#net.ipv4.tcp_syncookies=1
# Uncomment the next line to enable packet forwarding for IPv4
#net.ipv4.ip_forward=1
# Uncomment the next line to enable packet forwarding for IPv6
#net.ipv6.conf.all.forwarding=1
###################################################################
# Additional settings - these settings can improve the network
# security of the host and prevent against some network attacks
# including spoofing attacks and man in the middle attacks through
# redirection. Some network environments, however, require that these
# settings are disabled so review and enable them as needed.
#
# Ignore ICMP broadcasts
#net.ipv4.icmp_echo_ignore_broadcasts = 1
#
# Set the runtime status of the net.ipv4.icmp_ignore_bogus_error_responses
# kernel parameter to enable Kernel Parameter to Ignore Bogus ICMP Error
# Responses on IPv4 Interfaces.
# Ignoring bogus ICMP error responses reduces log size, although some
# activity would not be logged.
net.ipv4.icmp_ignore_bogus_error_responses = 1
#
# Do not accept ICMP redirects (prevent MITM attacks)
net.ipv4.conf.all.accept_redirects = 0
net.ipv6.conf.all.accept_redirects = 0
# _or_
# Accept ICMP redirects only for gateways listed in our default
# gateway list (enabled by default)
# Accepting "secure" ICMP redirects (from those gateways listed as default
# gateways) has few legitimate uses. It should be disabled unless it is
# absolutely required.
net.ipv4.conf.all.secure_redirects = 0
#
# Do not send ICMP redirects (we are not a router)
net.ipv4.conf.all.send_redirects = 0
#
# Do not accept IP source route packets (we are not a router)
#net.ipv4.conf.all.accept_source_route = 0
net.ipv6.conf.all.accept_source_route = 0
#
# Log Martian Packets
#net.ipv4.conf.all.log_martians = 1
#
#kernel.shmmax = 141762560
# WRL
# set max socket memory ; default was 212992
net.core.rmem_max=425984
# WRS
# The following kernel parameters help alleviate some RabbitMQ
# connection issues. These values need to be set here to ensure sysinv-agent
# remains connected to rabbitmq. Sysinv-agent starts before packstack and the
# long default values allowed the connection to be lost for 2 hours.
# Note the ipv4 vlaues are also applied to ipv6 connections.
net.ipv4.tcp_keepalive_intvl = 1
net.ipv4.tcp_keepalive_probes = 5
net.ipv4.tcp_keepalive_time = 5
# This controls the tcp connection retries.
# The default results in a delay of ~15 minutes before dead connections
# to the floating ip are detected after a swact.
# Reduce this delay to 8 shortens this to ~100 seconds.
net.ipv4.tcp_retries2 = 8
# Reserve ports in the ephemeral port range:
#
# Incorporate the reserved keystone port (35357) from
# /usr/lib/sysctl.d/openstack-keystone.conf
#
# Helm v2.13.1 hardcodes the following Tiller ports when installed in the
# k8s cluster: 44134 (server), 44135 (probe), 44136 (trace). Reserve them
# from the ephemeral port range. This will avoid potential port conflicts
# that will cause the tiller pod to crash when the port is assigned to
# another client/server
net.ipv4.ip_local_reserved_ports=35357,44134-44136
# Set a global limit on the number of negative dentries. This is in units
# of 0.1 %, so a value of 20 represents 2% of all memory.
# We know of an issue with curl to an https endpoint when using nss versions
# older than 3.52 which can cause unlimited negative dentry growth. We fixed
# it in the code we control, but this will keep the number at a reasonable
# size if an application is poorly behaved.
fs.negative-dentry-limit=20
# Set the runtime status of the - net.ipv6.conf.default.accept_redirects -
# kernel parameter to disable Kernel Parameter for Accepting ICMP Redirects
# by Default on IPv6 Interfaces.
# An illicit ICMP redirect message could result in a man-in-the-middle attack.
net.ipv6.conf.default.accept_redirects = 0
# Set the runtime status of the net.ipv4.conf.default.accept_redirects kernel
# parameter, to disable Kernel Parameter for Accepting ICMP Redirects by Default
# on IPv4 Interfaces.
# ICMP redirect messages are used by routers to inform hosts that a more direct
# route exists for a particular destination.
# These messages modify the host's route table and are unauthenticated.
# An illicit ICMP redirect message could result in a man-in-the-middle attack.
# This feature of the IPv4 protocol has few legitimate uses. It should be
# disabled unless absolutely required.
net.ipv4.conf.default.accept_redirects = 0
# Set the runtime status of the net.ipv4.conf.default.send_redirects kernel
# parameter, to disable Kernel Parameter for Sending ICMP Redirects on all
# IPv4 Interfaces by Default.
# ICMP redirect messages are used by routers to inform hosts that a more
# direct route exists for a particular destination. These messages contain
# information from the system's route table possibly revealing portions of
# the network topology.
# The ability to send ICMP redirects is only appropriate for systems acting
# as routers.
net.ipv4.conf.default.send_redirects = 0
# Set the runtime status of the net.ipv6.conf.default.accept_ra kernel parameter
# to disable Accepting Router Advertisements on all IPv6 Interfaces by Default
# An illicit router advertisement message could result in a man-in-the-middle
# attack.
net.ipv6.conf.default.accept_ra = 0
# Set the runtime status of the net.ipv4.conf.default.secure_redirects kernel
# parameter.
# Accepting "secure" ICMP redirects (from those gateways listed as default
# gateways) has few legitimate uses.
# It should be disabled unless it is absolutely required.
net.ipv4.conf.default.secure_redirects = 0
# Set the runtime status of the net.ipv6.conf.all.accept_ra kernel parameter.
# An illicit router advertisement message could result in a man-in-the-middle
# attack.
net.ipv6.conf.all.accept_ra = 0
# Set the runtime status of the net.ipv4.conf.default.accept_source_route kernel
# parameter.
# Source-routed packets allow the source of the packet to suggest routers forward
# the packet along a different path than configured on the router, which can be
# used to bypass network security measures.
# Accepting source-routed packets in the IPv4 protocol has few legitimate uses.
# It should be disabled unless it is absolutely required, such as when IPv4
# forwarding is enabled and the system is legitimately functioning as a router.
net.ipv4.conf.default.accept_source_route = 0
# Set the runtime status of the net.ipv6.conf.default.accept_source_route kernel
# parameter.
# Source-routed packets allow the source of the packet to suggest routers forward
# the packet along a different path than configured on the router, which can be
# used to bypass network security measures. This requirement applies only to the
# forwarding of source-routerd traffic, such as when IPv6 forwarding is enabled
# and the system is functioning as a router.
# Accepting source-routed packets in the IPv6 protocol has few legitimate uses.
# It should be disabled unless it is absolutely required.
net.ipv6.conf.default.accept_source_route = 0