From 2c0e515e6ae11459c2573fe5ae6e523c798cba51 Mon Sep 17 00:00:00 2001 From: pandae Date: Tue, 8 Aug 2023 11:24:47 -0400 Subject: [PATCH] Removing centos related initscripts CentOS Iso is no longer built from master branch. We won't be needing the init scripts in directories "centos" and "files" which handle the system initialization specs TEST PLAN: PASS: Designer Build of Debian AIO-SX ISO & Deployment without centos related files Story: 2010849 Task: 48573 Change-Id: I5df84e8a43ed4e07fa6b180877ea74c69751be79 --- initscripts-config/centos/build_srpm.data | 2 - .../centos/initscripts-config.spec | 52 ----- initscripts-config/files/mountnfs.service | 13 -- initscripts-config/files/mountnfs.sh | 100 ---------- .../files/sysconfig-network.conf | 1 - initscripts-config/files/sysctl.conf | 180 ------------------ 6 files changed, 348 deletions(-) delete mode 100644 initscripts-config/centos/build_srpm.data delete mode 100644 initscripts-config/centos/initscripts-config.spec delete mode 100644 initscripts-config/files/mountnfs.service delete mode 100755 initscripts-config/files/mountnfs.sh delete mode 100644 initscripts-config/files/sysconfig-network.conf delete mode 100644 initscripts-config/files/sysctl.conf diff --git a/initscripts-config/centos/build_srpm.data b/initscripts-config/centos/build_srpm.data deleted file mode 100644 index b074089..0000000 --- a/initscripts-config/centos/build_srpm.data +++ /dev/null @@ -1,2 +0,0 @@ -SRC_DIR="files" -TIS_PATCH_VER=PKG_GITREVCOUNT diff --git a/initscripts-config/centos/initscripts-config.spec b/initscripts-config/centos/initscripts-config.spec deleted file mode 100644 index a333e7f..0000000 --- a/initscripts-config/centos/initscripts-config.spec +++ /dev/null @@ -1,52 +0,0 @@ -# -# SPDX-License-Identifier: Apache-2.0 -# -# Copyright (C) 2019 Intel Corporation -# -Summary: initscripts-config -Name: initscripts-config -Version: 1.0 -Release: %{tis_patch_ver}%{?_tis_dist} -License: Apache-2.0 -Group: base -Packager: StarlingX -URL: unknown -BuildArch: noarch -Source: %name-%version.tar.gz - -Requires: %{_bindir}/systemctl -Requires: initscripts -Summary: package StarlingX configuration files of initscripts to system folder. - -%description -package StarlingX configuration files of initscripts to system folder. - -%prep -%setup - -%build - -%install -%{__install} -d 644 %{buildroot}%{_datadir}/starlingx/ -%{__install} -d 644 %{buildroot}%{_sysconfdir}/sysconfig -%{__install} -d 755 %{buildroot}%{_initddir} -%{__install} -d 644 %{buildroot}%{_unitdir} - -%{__install} -m 644 sysctl.conf %{buildroot}%{_datadir}/starlingx/stx.sysctl.conf -%{__install} -m 644 sysconfig-network.conf %{buildroot}%{_sysconfdir}/sysconfig/network -%{__install} -m 755 mountnfs.sh %{buildroot}%{_initddir}/mountnfs -%{__install} -m 644 mountnfs.service %{buildroot}%{_unitdir}/mountnfs.service - -%post -if [ $1 -eq 1 ] ; then - # Initial installation - cp -f %{_datadir}/starlingx/stx.sysctl.conf %{_sysconfdir}/sysctl.conf - chmod 644 %{_sysconfdir}/sysctl.conf -fi -%{_bindir}/systemctl enable mountnfs.service > /dev/null 2>&1 || : - -%files -%{_datadir}/starlingx/stx.sysctl.conf -%{_sysconfdir}/sysconfig/network -%{_initddir}/mountnfs -%{_unitdir}/mountnfs.service diff --git a/initscripts-config/files/mountnfs.service b/initscripts-config/files/mountnfs.service deleted file mode 100644 index 840fd84..0000000 --- a/initscripts-config/files/mountnfs.service +++ /dev/null @@ -1,13 +0,0 @@ -[Unit] -Description=StarlingX Cloud Filesystem Auto-mounter -After=network.target nfscommon.service -Before=uexportfs.service - -[Service] -Type=oneshot -RemainAfterExit=yes -ExecStart=/etc/init.d/mountnfs start -ExecStop=/etc/init.d/mountnfs stop - -[Install] -WantedBy=multi-user.target diff --git a/initscripts-config/files/mountnfs.sh b/initscripts-config/files/mountnfs.sh deleted file mode 100755 index adeea3d..0000000 --- a/initscripts-config/files/mountnfs.sh +++ /dev/null @@ -1,100 +0,0 @@ -#!/bin/sh -### BEGIN INIT INFO -# Provides: mountnfs -# Required-Start: $local_fs $network $rpcbind -# Required-Stop: -# Default-Start: S -# Default-Stop: -### END INIT INFO - -# . /etc/default/rcS - -if [ "$1" = "stop" ]; then - # Avoid mounting if we're shutting down - exit 0 -fi - -# -# Run in a subshell because of I/O redirection. -# -test -f /etc/fstab && ( - -# -# Read through fstab line by line. If it is NFS, set the flag -# for mounting NFS filesystems. If any NFS partition is found and it -# not mounted with the nolock option, we start the rpcbind. -# -rpcbind=no -mount_nfs=no -mount_smb=no -mount_ncp=no -mount_cifs=no -while read device mountpt fstype options; do - case "$device" in - ""|\#*) - continue - ;; - esac - - case "$options" in - *noauto*) - continue - ;; - esac - - if test "$fstype" = nfs - then - mount_nfs=yes - case "$options" in - *nolock*) - ;; - *) - rpcbind=yes - ;; - esac - fi - if test "$fstype" = smbfs - then - mount_smb=yes - fi - if test "$fstype" = ncpfs - then - mount_ncp=yes - fi - if test "$fstype" = cifs - then - mount_cifs=yes - fi -done - -exec 0>&1 - -if test "$rpcbind" = yes; then - # WRL: Centos precheck: Dont start rpcbind in this init script. - # It is started by a systemd service file. - if test "/etc/centos-release" = no - then - if test -x /usr/sbin/rpcbind - then - service rpcbind status > /dev/null - if [ $? != 0 ]; then - echo -n "Starting rpcbind..." - start-stop-daemon --start --quiet --exec /usr/sbin/rpcbind - sleep 2 - fi - fi - fi -fi - -if test "$mount_nfs" = yes || test "$mount_smb" = yes || test "$mount_ncp" = yes || test "$mount_cifs" = yes; then - echo "Mounting remote filesystems..." - test "$mount_nfs" = yes && mount -a -t nfs - test "$mount_smb" = yes && mount -a -t smbfs - test "$mount_ncp" = yes && mount -a -t ncpfs - test "$mount_cifs" = yes && mount -a -t cifs -fi - -) < /etc/fstab - -: exit 0 - diff --git a/initscripts-config/files/sysconfig-network.conf b/initscripts-config/files/sysconfig-network.conf deleted file mode 100644 index 7397912..0000000 --- a/initscripts-config/files/sysconfig-network.conf +++ /dev/null @@ -1 +0,0 @@ -ZEROCONF=yes diff --git a/initscripts-config/files/sysctl.conf b/initscripts-config/files/sysctl.conf deleted file mode 100644 index af65ab3..0000000 --- a/initscripts-config/files/sysctl.conf +++ /dev/null @@ -1,180 +0,0 @@ -# This configuration file is taken from Debian. -# -# /etc/sysctl.conf - Configuration file for setting system variables -# See sysctl.conf (5) for information. -# - -#kernel.domainname = example.com - -# Uncomment the following to stop low-level messages on console -kernel.printk = 4 4 1 7 - -# Reboot X seconds after a kernel panic -kernel.panic = 5 - -##############################################################3 -# Functions previously found in netbase -# - -# Uncomment the next two lines to enable Spoof protection (reverse-path filter) -# Turn on Source Address Verification in all interfaces to -# prevent some spoofing attacks -net.ipv4.conf.default.rp_filter=1 -net.ipv4.conf.all.rp_filter=1 - -# Uncomment the next line to enable TCP/IP SYN cookies -#net.ipv4.tcp_syncookies=1 - -# Uncomment the next line to enable packet forwarding for IPv4 -#net.ipv4.ip_forward=1 - -# Uncomment the next line to enable packet forwarding for IPv6 -#net.ipv6.conf.all.forwarding=1 - - -################################################################### -# Additional settings - these settings can improve the network -# security of the host and prevent against some network attacks -# including spoofing attacks and man in the middle attacks through -# redirection. Some network environments, however, require that these -# settings are disabled so review and enable them as needed. -# -# Ignore ICMP broadcasts -#net.ipv4.icmp_echo_ignore_broadcasts = 1 -# -# Set the runtime status of the net.ipv4.icmp_ignore_bogus_error_responses -# kernel parameter to enable Kernel Parameter to Ignore Bogus ICMP Error -# Responses on IPv4 Interfaces. -# Ignoring bogus ICMP error responses reduces log size, although some -# activity would not be logged. -net.ipv4.icmp_ignore_bogus_error_responses = 1 -# -# Do not accept ICMP redirects (prevent MITM attacks) -net.ipv4.conf.all.accept_redirects = 0 -net.ipv6.conf.all.accept_redirects = 0 -# _or_ -# Accept ICMP redirects only for gateways listed in our default -# gateway list (enabled by default) -# Accepting "secure" ICMP redirects (from those gateways listed as default -# gateways) has few legitimate uses. It should be disabled unless it is -# absolutely required. -net.ipv4.conf.all.secure_redirects = 0 -# -# Do not send ICMP redirects (we are not a router) -net.ipv4.conf.all.send_redirects = 0 -# -# Do not accept IP source route packets (we are not a router) -#net.ipv4.conf.all.accept_source_route = 0 -net.ipv6.conf.all.accept_source_route = 0 -# -# Log Martian Packets -#net.ipv4.conf.all.log_martians = 1 -# - -#kernel.shmmax = 141762560 - -# WRL -# set max socket memory ; default was 212992 -net.core.rmem_max=425984 - -# WRS -# The following kernel parameters help alleviate some RabbitMQ -# connection issues. These values need to be set here to ensure sysinv-agent -# remains connected to rabbitmq. Sysinv-agent starts before packstack and the -# long default values allowed the connection to be lost for 2 hours. -# Note the ipv4 vlaues are also applied to ipv6 connections. -net.ipv4.tcp_keepalive_intvl = 1 -net.ipv4.tcp_keepalive_probes = 5 -net.ipv4.tcp_keepalive_time = 5 - -# This controls the tcp connection retries. -# The default results in a delay of ~15 minutes before dead connections -# to the floating ip are detected after a swact. -# Reduce this delay to 8 shortens this to ~100 seconds. -net.ipv4.tcp_retries2 = 8 - -# Reserve ports in the ephemeral port range: -# -# Incorporate the reserved keystone port (35357) from -# /usr/lib/sysctl.d/openstack-keystone.conf -# -# Helm v2.13.1 hardcodes the following Tiller ports when installed in the -# k8s cluster: 44134 (server), 44135 (probe), 44136 (trace). Reserve them -# from the ephemeral port range. This will avoid potential port conflicts -# that will cause the tiller pod to crash when the port is assigned to -# another client/server -net.ipv4.ip_local_reserved_ports=35357,44134-44136 - -# Set a global limit on the number of negative dentries. This is in units -# of 0.1 %, so a value of 20 represents 2% of all memory. -# We know of an issue with curl to an https endpoint when using nss versions -# older than 3.52 which can cause unlimited negative dentry growth. We fixed -# it in the code we control, but this will keep the number at a reasonable -# size if an application is poorly behaved. -fs.negative-dentry-limit=20 -# Set the runtime status of the - net.ipv6.conf.default.accept_redirects - -# kernel parameter to disable Kernel Parameter for Accepting ICMP Redirects -# by Default on IPv6 Interfaces. -# An illicit ICMP redirect message could result in a man-in-the-middle attack. -net.ipv6.conf.default.accept_redirects = 0 - -# Set the runtime status of the net.ipv4.conf.default.accept_redirects kernel -# parameter, to disable Kernel Parameter for Accepting ICMP Redirects by Default -# on IPv4 Interfaces. -# ICMP redirect messages are used by routers to inform hosts that a more direct -# route exists for a particular destination. -# These messages modify the host's route table and are unauthenticated. -# An illicit ICMP redirect message could result in a man-in-the-middle attack. -# This feature of the IPv4 protocol has few legitimate uses. It should be -# disabled unless absolutely required. -net.ipv4.conf.default.accept_redirects = 0 - -# Set the runtime status of the net.ipv4.conf.default.send_redirects kernel -# parameter, to disable Kernel Parameter for Sending ICMP Redirects on all -# IPv4 Interfaces by Default. -# ICMP redirect messages are used by routers to inform hosts that a more -# direct route exists for a particular destination. These messages contain -# information from the system's route table possibly revealing portions of -# the network topology. -# The ability to send ICMP redirects is only appropriate for systems acting -# as routers. -net.ipv4.conf.default.send_redirects = 0 - -# Set the runtime status of the net.ipv6.conf.default.accept_ra kernel parameter -# to disable Accepting Router Advertisements on all IPv6 Interfaces by Default -# An illicit router advertisement message could result in a man-in-the-middle -# attack. -net.ipv6.conf.default.accept_ra = 0 - -# Set the runtime status of the net.ipv4.conf.default.secure_redirects kernel -# parameter. -# Accepting "secure" ICMP redirects (from those gateways listed as default -# gateways) has few legitimate uses. -# It should be disabled unless it is absolutely required. -net.ipv4.conf.default.secure_redirects = 0 - -# Set the runtime status of the net.ipv6.conf.all.accept_ra kernel parameter. -# An illicit router advertisement message could result in a man-in-the-middle -# attack. -net.ipv6.conf.all.accept_ra = 0 - -# Set the runtime status of the net.ipv4.conf.default.accept_source_route kernel -# parameter. -# Source-routed packets allow the source of the packet to suggest routers forward -# the packet along a different path than configured on the router, which can be -# used to bypass network security measures. -# Accepting source-routed packets in the IPv4 protocol has few legitimate uses. -# It should be disabled unless it is absolutely required, such as when IPv4 -# forwarding is enabled and the system is legitimately functioning as a router. -net.ipv4.conf.default.accept_source_route = 0 - -# Set the runtime status of the net.ipv6.conf.default.accept_source_route kernel -# parameter. -# Source-routed packets allow the source of the packet to suggest routers forward -# the packet along a different path than configured on the router, which can be -# used to bypass network security measures. This requirement applies only to the -# forwarding of source-routerd traffic, such as when IPv6 forwarding is enabled -# and the system is functioning as a router. -# Accepting source-routed packets in the IPv6 protocol has few legitimate uses. -# It should be disabled unless it is absolutely required. -net.ipv6.conf.default.accept_source_route = 0