xref: /freebsd/release/tools/gce.conf (revision 0b1c5628c74a37e2aa2aa3769c606d3e826302f8) 
15f87b8f5SGlen Barber#!/bin/sh
25f87b8f5SGlen Barber#
35f87b8f5SGlen Barber#
45f87b8f5SGlen Barber
5a7976e86SGlen Barber# The default of 3GB is too small for GCE, so override the size here.
6fa04db47SGlen Barberexport VMSIZE=20g
7a7976e86SGlen Barber
85f87b8f5SGlen Barber# Set to a list of packages to install.
983952a5bSBrad Davisexport VM_EXTRA_PACKAGES="${VM_EXTRA_PACKAGES} firstboot-freebsd-update \
10510fd831SGlen Barber	firstboot-pkgs google-cloud-sdk panicmail sudo \
113f21d3e0SGlen Barber	sysutils/py-google-compute-engine lang/python \
1283952a5bSBrad Davis	lang/python3"
135f87b8f5SGlen Barber
145f87b8f5SGlen Barber# Set to a list of third-party software to enable in rc.conf(5).
156ac4304aSGlen Barberexport VM_RC_LIST="ntpd sshd growfs \
1683ffbdb1SGlen Barber	firstboot_pkgs firstboot_freebsd_update google_startup \
175db02b50SGlen Barber	google_accounts_daemon google_clock_skew_daemon \
180366e18eSGlen Barber	google_instance_setup google_network_daemon"
195f87b8f5SGlen Barber
205f87b8f5SGlen Barbervm_extra_install_base() {
215f87b8f5SGlen Barber	echo 'search google.internal' > ${DESTDIR}/etc/resolv.conf
225f87b8f5SGlen Barber	echo 'nameserver 169.254.169.254' >> ${DESTDIR}/etc/resolv.conf
235f87b8f5SGlen Barber	echo 'nameserver 8.8.8.8' >> ${DESTDIR}/etc/resolv.conf
245f87b8f5SGlen Barber}
255f87b8f5SGlen Barber
265f87b8f5SGlen Barbervm_extra_pre_umount() {
276ac4304aSGlen Barber	# Enable growfs on every boot, not only the first, as as instance's disk can
286ac4304aSGlen Barber	# be enlarged post-creation
296ac4304aSGlen Barber	sed -i -e '/KEYWORD: firstboot/d' /etc/rc.d/growfs
306ac4304aSGlen Barber
315f87b8f5SGlen Barber	cat << EOF >> ${DESTDIR}/etc/rc.conf
325f87b8f5SGlen Barberdumpdev="AUTO"
333e6090ebSGlen Barberifconfig_DEFAULT="SYNCDHCP mtu 1460"
345f87b8f5SGlen Barberntpd_sync_on_start="YES"
355f87b8f5SGlen Barber# need to fill in something here
365f87b8f5SGlen Barber#firstboot_pkgs_list=""
375f87b8f5SGlen Barberpanicmail_autosubmit="YES"
385f87b8f5SGlen BarberEOF
395f87b8f5SGlen Barber
405f87b8f5SGlen Barber	cat << EOF >> ${DESTDIR}/boot/loader.conf
415f87b8f5SGlen Barberautoboot_delay="-1"
425f87b8f5SGlen Barberbeastie_disable="YES"
435f87b8f5SGlen Barberloader_logo="none"
445f87b8f5SGlen Barberhw.memtest.tests="0"
452d4ff62fSGlen Barberconsole="comconsole,vidconsole"
465f87b8f5SGlen Barberhw.vtnet.mq_disable=1
475f87b8f5SGlen Barberkern.timecounter.hardware=ACPI-safe
485f87b8f5SGlen Barberaesni_load="YES"
495f87b8f5SGlen Barbernvme_load="YES"
505f87b8f5SGlen BarberEOF
515f87b8f5SGlen Barber
526b26caccSGlen Barber	echo '169.254.169.254 metadata.google.internal metadata' >> \
535f87b8f5SGlen Barber		${DESTDIR}/etc/hosts
545f87b8f5SGlen Barber
555f87b8f5SGlen Barber        # overwrite ntp.conf
565f87b8f5SGlen Barber	cat << EOF > ${DESTDIR}/etc/ntp.conf
575f87b8f5SGlen Barberserver metadata.google.internal iburst
585f87b8f5SGlen Barber
595f87b8f5SGlen Barberrestrict default kod nomodify notrap nopeer noquery
605f87b8f5SGlen Barberrestrict -6 default kod nomodify notrap nopeer noquery
615f87b8f5SGlen Barber
625f87b8f5SGlen Barberrestrict 127.0.0.1
635f87b8f5SGlen Barberrestrict -6 ::1
645f87b8f5SGlen Barberrestrict 127.127.1.0
655f87b8f5SGlen BarberEOF
665f87b8f5SGlen Barber
675f87b8f5SGlen Barber	cat << EOF >> ${DESTDIR}/etc/syslog.conf
685f87b8f5SGlen Barber*.err;kern.warning;auth.notice;mail.crit                /dev/console
695f87b8f5SGlen BarberEOF
705f87b8f5SGlen Barber
715f87b8f5SGlen Barber	cat << EOF >> ${DESTDIR}/etc/ssh/sshd_config
72c1b656acSMark JohnstonKbdInteractiveAuthentication no
735f87b8f5SGlen BarberX11Forwarding no
745f87b8f5SGlen BarberAcceptEnv LANG
755f87b8f5SGlen BarberAllowAgentForwarding no
765f87b8f5SGlen BarberClientAliveInterval 420
775f87b8f5SGlen BarberEOF
785f87b8f5SGlen Barber
795f87b8f5SGlen Barber	cat << EOF >> ${DESTDIR}/etc/crontab
805f87b8f5SGlen Barber0       3       *       *       *       root    /usr/sbin/freebsd-update cron
815f87b8f5SGlen BarberEOF
825f87b8f5SGlen Barber
835f87b8f5SGlen Barber	cat << EOF >> ${DESTDIR}/etc/sysctl.conf
845f87b8f5SGlen Barbernet.inet.icmp.drop_redirect=1
855f87b8f5SGlen Barbernet.inet.ip.redirect=0
86f4f6bc63SEd Mastekern.ipc.soacceptqueue=1024
875f87b8f5SGlen Barberdebug.trace_on_panic=1
885f87b8f5SGlen Barberdebug.debugger_on_panic=0
895f87b8f5SGlen BarberEOF
905f87b8f5SGlen Barber
91d55f0e89SGlen Barber	# To meet GCE marketplace requirements, extract the src.txz and
92d55f0e89SGlen Barber	# ports.txz distributions to the target virtual machine disk image
93ef470d03SGlen Barber	# and fetch the sources for the third-party software installed on
94d55f0e89SGlen Barber	# the image.
95d55f0e89SGlen Barber	if [ ! -c "${DESTDIR}/dev/null" ]; then
96d55f0e89SGlen Barber		mkdir -p ${DESTDIR}/dev
97d55f0e89SGlen Barber		mount -t devfs devfs ${DESTDIR}/dev
98d55f0e89SGlen Barber	fi
99d55f0e89SGlen Barber	if [ -e "${DESTDIR}/../ftp/src.txz" ]; then
100d55f0e89SGlen Barber		tar fxJ ${DESTDIR}/../ftp/src.txz -C ${DESTDIR}
101d55f0e89SGlen Barber	fi
102d55f0e89SGlen Barber	if [ -e "${DESTDIR}/../ftp/ports.txz" ]; then
103d55f0e89SGlen Barber		tar fxJ ${DESTDIR}/../ftp/ports.txz -C ${DESTDIR}
104d55f0e89SGlen Barber		_INSTALLED_PACKAGES=$(chroot ${DESTDIR} pkg info -o -q -a)
105d55f0e89SGlen Barber		for PACKAGE in ${_INSTALLED_PACKAGES}; do
106d55f0e89SGlen Barber			chroot ${DESTDIR} \
107d55f0e89SGlen Barber				make -C /usr/ports/${PACKAGE} fetch
108d55f0e89SGlen Barber		done
109d55f0e89SGlen Barber	fi
110d55f0e89SGlen Barber	if [ -c "${DESTDIR}/dev/null" ]; then
111d55f0e89SGlen Barber		umount_loop ${DESTDIR}/dev
112d55f0e89SGlen Barber	fi
113d55f0e89SGlen Barber
1142d4ff62fSGlen Barber	## XXX: Verify this is needed.  I do not see this requirement
1152d4ff62fSGlen Barber	## in the docs, and it impairs the ability to boot-test a copy
1162d4ff62fSGlen Barber	## of the image prior to packaging for upload to GCE.
1172d4ff62fSGlen Barber	#sed -E -i '' 's/^([^#].*[[:space:]])on/\1off/' ${DESTDIR}/etc/ttys
1185f87b8f5SGlen Barber
1195f87b8f5SGlen Barber	touch ${DESTDIR}/firstboot
1205f87b8f5SGlen Barber
121*0b1c5628SColin Percival	return 0
122*0b1c5628SColin Percival}
1233103eac6SGlen Barber
124*0b1c5628SColin Percival# Do everything except deleting resolv.conf since we construct our own
125*0b1c5628SColin Percival# Googlized resolv.conf file in vm_extra_install_base.
126*0b1c5628SColin Percivalvm_emulation_cleanup() {
127*0b1c5628SColin Percival	if ! [ -z "${QEMUSTATIC}" ]; then
128*0b1c5628SColin Percival		rm -f ${DESTDIR}/${EMULATOR}
129*0b1c5628SColin Percival	fi
130*0b1c5628SColin Percival	umount_loop ${DESTDIR}/dev
1315f87b8f5SGlen Barber	return 0
1325f87b8f5SGlen Barber}
133