diff options
Diffstat (limited to 'validator/src/pxe_initrd/src')
| -rwxr-xr-x | validator/src/pxe_initrd/src/bin/enable_services.sh | 21 | ||||
| -rwxr-xr-x | validator/src/pxe_initrd/src/bin/initial_network.py | 64 | ||||
| -rwxr-xr-x | validator/src/pxe_initrd/src/bin/install_validation_tool.sh | 3 | ||||
| -rwxr-xr-x | validator/src/pxe_initrd/src/bin/update_pkgs.sh | 13 | ||||
| -rwxr-xr-x | validator/src/pxe_initrd/src/etc/init.d/initialnetwork | 20 | ||||
| -rwxr-xr-x | validator/src/pxe_initrd/src/etc/init.d/tmpfs | 20 | ||||
| -rw-r--r-- | validator/src/pxe_initrd/src/etc/profile | 5 | ||||
| -rw-r--r-- | validator/src/pxe_initrd/src/etc/resolv.conf | 3 | ||||
| -rw-r--r-- | validator/src/pxe_initrd/src/etc/ssh/sshd_config | 132 | ||||
| l--------- | validator/src/pxe_initrd/src/init | 1 | ||||
| -rw-r--r-- | validator/src/pxe_initrd/src/root/.profile | 5 | ||||
| -rw-r--r-- | validator/src/pxe_initrd/src/root/.ssh/authorized_keys | 1 |
12 files changed, 288 insertions, 0 deletions
diff --git a/validator/src/pxe_initrd/src/bin/enable_services.sh b/validator/src/pxe_initrd/src/bin/enable_services.sh new file mode 100755 index 0000000..f2560af --- /dev/null +++ b/validator/src/pxe_initrd/src/bin/enable_services.sh @@ -0,0 +1,21 @@ +#!/bin/sh + +# Source profile for $PATH just in case it wasn't auto-loaded +source /etc/profile + +rc-update add mdev sysinit +rc-update add devfs sysinit +rc-update add dmesg sysinit +rc-update add hostname sysinit +rc-update add sysctl sysinit +rc-update add syslog sysinit +rc-update add initialnetwork sysinit +#rc-update add networking sysinit +#rc-update add bootmisc sysinit +#rc-update add hwclock sysinit + +rc-update add mount-ro shutdown +rc-update add killprocs shutdown +rc-update add savecache shutdown + +rc-update add sshd default diff --git a/validator/src/pxe_initrd/src/bin/initial_network.py b/validator/src/pxe_initrd/src/bin/initial_network.py new file mode 100755 index 0000000..6c98f6f --- /dev/null +++ b/validator/src/pxe_initrd/src/bin/initial_network.py @@ -0,0 +1,64 @@ +#!/usr/bin/env python3 +# bin/setup_interface + +# ----------------------------------------------------------------------- + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# ------------------------------------------------------------------------ + +# Author: Todd Gaunt, toddgaunt@iol.unh.edu or toddgaunt@gmail.com +# License: Apache v2.0 +# Description: Script for setting up initial network interfaces +# it activates dhcp on all interfaces in order to at least get the admin +# network up + +import os +import subprocess +import netifaces + +def generate_interfaces_file(ifaces, os_network_file): + """Takes a list of interfaces and a location to save a network + interfaces file""" + interfaces = "" + for i in ifaces: + n = "auto " + str(i) + "\n" \ + + "iface " + str(i) + " inet dhcp\n" + interfaces += n + return interfaces + +def set_interfaces_up(ifaces): + """Uses ifup command to put network devices up according to + interfaces file""" + for iface in ifaces: + ifupcmd = [ \ + "ifup", + iface] + ifdowncmd = [ \ + "ifdown", + iface] + with open(os.devnull, 'w') as fn: + status = subprocess.Popen(ifdowncmd, stdout=fn, stderr=fn).wait() + status = subprocess.Popen(ifupcmd, stdout=fn, stderr=fn).wait() + print(str(iface) + " " + str(status)) + +def main(): + os_network_file="/etc/network/interfaces" + ifaces = netifaces.interfaces() + interfaces = generate_interfaces_file(ifaces, os_network_file) + with open(os_network_file, 'w') as fd: + fd.write(interfaces) + set_interfaces_up(ifaces) + +if __name__ == "__main__": + main() diff --git a/validator/src/pxe_initrd/src/bin/install_validation_tool.sh b/validator/src/pxe_initrd/src/bin/install_validation_tool.sh new file mode 100755 index 0000000..a668866 --- /dev/null +++ b/validator/src/pxe_initrd/src/bin/install_validation_tool.sh @@ -0,0 +1,3 @@ +#!/bin/sh + +cd /usr/src/validation_tool/ && ./setup.py install diff --git a/validator/src/pxe_initrd/src/bin/update_pkgs.sh b/validator/src/pxe_initrd/src/bin/update_pkgs.sh new file mode 100755 index 0000000..2ac095f --- /dev/null +++ b/validator/src/pxe_initrd/src/bin/update_pkgs.sh @@ -0,0 +1,13 @@ +#!/bin/sh + +source /etc/profile + +# Update package list and upgrade all packages to the latest version +apk update && apk upgrade + +# Install python3 and development tools to install a python module +apk add build-base gcc make abuild binutils linux-headers musl-dev python3-dev python3 openssh +pip3 install --upgrade pip netifaces watchdog + +# Remove all the build tools to make the initrd smaller +apk del build-base gcc make abuild binutils linux-headers musl-dev python3-dev diff --git a/validator/src/pxe_initrd/src/etc/init.d/initialnetwork b/validator/src/pxe_initrd/src/etc/init.d/initialnetwork new file mode 100755 index 0000000..233c0b7 --- /dev/null +++ b/validator/src/pxe_initrd/src/etc/init.d/initialnetwork @@ -0,0 +1,20 @@ +#!/sbin/openrc-run +# +# + +depend() +{ + need localmount + after firewall +} + +start() +{ + python3 /bin/initial_network.py + return 0 +} + +stop() +{ + return 0 +} diff --git a/validator/src/pxe_initrd/src/etc/init.d/tmpfs b/validator/src/pxe_initrd/src/etc/init.d/tmpfs new file mode 100755 index 0000000..cea765c --- /dev/null +++ b/validator/src/pxe_initrd/src/etc/init.d/tmpfs @@ -0,0 +1,20 @@ +#!/sbin/openrc-run +# +# + +depend() +{ + need localmount + after firewall +} + +start() +{ + mount -t tmpfs tmp /tmp + return 0 +} + +stop() +{ + return 0 +} diff --git a/validator/src/pxe_initrd/src/etc/profile b/validator/src/pxe_initrd/src/etc/profile new file mode 100644 index 0000000..3480248 --- /dev/null +++ b/validator/src/pxe_initrd/src/etc/profile @@ -0,0 +1,5 @@ +export CHARSET=UTF-8 +export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +export PAGER=less +export PS1='\h:\w\$ ' +umask 022 diff --git a/validator/src/pxe_initrd/src/etc/resolv.conf b/validator/src/pxe_initrd/src/etc/resolv.conf new file mode 100644 index 0000000..0ffa7a2 --- /dev/null +++ b/validator/src/pxe_initrd/src/etc/resolv.conf @@ -0,0 +1,3 @@ +# Change this to what you need +nameserver 8.8.8.8 +nameserver 8.8.4.4 diff --git a/validator/src/pxe_initrd/src/etc/ssh/sshd_config b/validator/src/pxe_initrd/src/etc/ssh/sshd_config new file mode 100644 index 0000000..856c2cd --- /dev/null +++ b/validator/src/pxe_initrd/src/etc/ssh/sshd_config @@ -0,0 +1,132 @@ +# $OpenBSD: sshd_config,v 1.99 2016/07/11 03:19:44 tedu Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/bin:/usr/bin:/sbin:/usr/sbin + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options override the +# default value. + +#Port 22 +#AddressFamily any +#ListenAddress 0.0.0.0 +#ListenAddress :: + +# The default requires explicit activation of protocol 1 +#Protocol 2 + +# HostKey for protocol version 1 +#HostKey /etc/ssh/ssh_host_key +# HostKeys for protocol version 2 +#HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_dsa_key +#HostKey /etc/ssh/ssh_host_ecdsa_key +#HostKey /etc/ssh/ssh_host_ed25519_key + +# Lifetime and size of ephemeral version 1 server key +#KeyRegenerationInterval 1h +#ServerKeyBits 1024 + +# Ciphers and keying +#RekeyLimit default none + +# Logging +#SyslogFacility AUTH +#LogLevel INFO + +# Authentication: + +#LoginGraceTime 2m +PermitRootLogin yes +#StrictModes yes +#MaxAuthTries 6 +#MaxSessions 10 + +#RSAAuthentication yes +#PubkeyAuthentication yes + +# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 +# but this is overridden so installations will only check .ssh/authorized_keys +AuthorizedKeysFile .ssh/authorized_keys + +#AuthorizedPrincipalsFile none + +#AuthorizedKeysCommand none +#AuthorizedKeysCommandUser nobody + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#RhostsRSAAuthentication no +# similar for protocol version 2 +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# RhostsRSAAuthentication and HostbasedAuthentication +#IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes + +# To disable tunneled clear text passwords, change to no here! +#PasswordAuthentication yes +#PermitEmptyPasswords no + +# Change to no to disable s/key passwords +#ChallengeResponseAuthentication yes + +# Kerberos options +#KerberosAuthentication no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin without-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +#UsePAM no + +#AllowAgentForwarding yes +#AllowTcpForwarding yes +#GatewayPorts no +#X11Forwarding no +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PermitTTY yes +#PrintMotd yes +#PrintLastLog yes +#TCPKeepAlive yes +#UseLogin no +#UsePrivilegeSeparation sandbox +#PermitUserEnvironment no +#Compression delayed +#ClientAliveInterval 0 +#ClientAliveCountMax 3 +#UseDNS no +#PidFile /run/sshd.pid +#MaxStartups 10:30:100 +#PermitTunnel no +#ChrootDirectory none +#VersionAddendum none + +# no default banner path +#Banner none + +# override default of no subsystems +Subsystem sftp /usr/lib/ssh/sftp-server + +# Example of overriding settings on a per-user basis +#Match User anoncvs +# X11Forwarding no +# AllowTcpForwarding no +# PermitTTY no +# ForceCommand cvs server diff --git a/validator/src/pxe_initrd/src/init b/validator/src/pxe_initrd/src/init new file mode 120000 index 0000000..a0b7197 --- /dev/null +++ b/validator/src/pxe_initrd/src/init @@ -0,0 +1 @@ +/sbin/init
\ No newline at end of file diff --git a/validator/src/pxe_initrd/src/root/.profile b/validator/src/pxe_initrd/src/root/.profile new file mode 100644 index 0000000..3480248 --- /dev/null +++ b/validator/src/pxe_initrd/src/root/.profile @@ -0,0 +1,5 @@ +export CHARSET=UTF-8 +export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +export PAGER=less +export PS1='\h:\w\$ ' +umask 022 diff --git a/validator/src/pxe_initrd/src/root/.ssh/authorized_keys b/validator/src/pxe_initrd/src/root/.ssh/authorized_keys new file mode 100644 index 0000000..00d8ae5 --- /dev/null +++ b/validator/src/pxe_initrd/src/root/.ssh/authorized_keys @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDk7UWhzibHSz4zdt8hQ/5j4tT++gfsrRsqKGBnI16G2nDotSsuQGcUe7BygT4t6U/H/lSxt3eYeThJG3ad40sC7x4cNgzojmD7k+bwqhjVgw9brnrlymCqhwuhBW1dulKQV1qOO21XbOUNj7NwJ0A3cihvQ3kSvqBefdo/FloRUiRYAv1BFC6Pmkm7hGIp0bXchrmSXMcVdOMv7GclFkdUWXAIb9NrLpNLlpLVYqy2ogTVGDmxQE/0Nnwffug0YEhS8mIzmNktL6kydAruTi472HCB/KxZLAeYP7levusfryTqWWu7/NA34S5mb0QodIEKsSgKB0H+vE/O6hG0QBCx root@d121025.iol.unh.edu |