1#!/bin/sh 2# 3# $FreeBSD$ 4# 5 6# The default of 3GB is too small for GCE, so override the size here. 7export VMSIZE=20G 8 9# The sysutils/py-google-compute-engine port needs the lang/python 10# symbolic link to point to lang/python2. 11export DEFAULT_VERSIONS="python=2.7" 12 13# Set to a list of packages to install. 14export VM_EXTRA_PACKAGES="firstboot-freebsd-update firstboot-pkgs \ 15 google-cloud-sdk panicmail sudo sysutils/py-google-compute-engine \ 16 lang/python lang/python2" 17 18# Set to a list of third-party software to enable in rc.conf(5). 19export VM_RC_LIST="ntpd sshd growfs \ 20 firstboot_pkgs firstboot_freebsd_update google_startup \ 21 google_accounts_daemon google_clock_skew_daemon \ 22 google_instance_setup google_network_daemon" 23 24vm_extra_install_base() { 25 echo 'search google.internal' > ${DESTDIR}/etc/resolv.conf 26 echo 'nameserver 169.254.169.254' >> ${DESTDIR}/etc/resolv.conf 27 echo 'nameserver 8.8.8.8' >> ${DESTDIR}/etc/resolv.conf 28} 29 30vm_extra_pre_umount() { 31 # Enable growfs on every boot, not only the first, as as instance's disk can 32 # be enlarged post-creation 33 sed -i -e '/KEYWORD: firstboot/d' /etc/rc.d/growfs 34 35 cat << EOF >> ${DESTDIR}/etc/rc.conf 36dumpdev="AUTO" 37ifconfig_DEFAULT="SYNCDHCP mtu 1460" 38ntpd_sync_on_start="YES" 39# need to fill in something here 40#firstboot_pkgs_list="" 41panicmail_autosubmit="YES" 42EOF 43 44 cat << EOF >> ${DESTDIR}/boot/loader.conf 45autoboot_delay="-1" 46beastie_disable="YES" 47loader_logo="none" 48hw.memtest.tests="0" 49console="comconsole,vidconsole" 50hw.vtnet.mq_disable=1 51kern.timecounter.hardware=ACPI-safe 52aesni_load="YES" 53nvme_load="YES" 54EOF 55 56 echo '169.254.169.254 metadata.google.internal metadata' >> \ 57 ${DESTDIR}/etc/hosts 58 59 # overwrite ntp.conf 60 cat << EOF > ${DESTDIR}/etc/ntp.conf 61server metadata.google.internal iburst 62 63restrict default kod nomodify notrap nopeer noquery 64restrict -6 default kod nomodify notrap nopeer noquery 65 66restrict 127.0.0.1 67restrict -6 ::1 68restrict 127.127.1.0 69EOF 70 71 cat << EOF >> ${DESTDIR}/etc/syslog.conf 72*.err;kern.warning;auth.notice;mail.crit /dev/console 73EOF 74 75 cat << EOF >> ${DESTDIR}/etc/ssh/sshd_config 76ChallengeResponseAuthentication no 77X11Forwarding no 78AcceptEnv LANG 79AllowAgentForwarding no 80ClientAliveInterval 420 81EOF 82 83 cat << EOF >> ${DESTDIR}/etc/crontab 840 3 * * * root /usr/sbin/freebsd-update cron 85EOF 86 87 cat << EOF >> ${DESTDIR}/etc/sysctl.conf 88net.inet.icmp.drop_redirect=1 89net.inet.ip.redirect=0 90net.inet.tcp.blackhole=2 91net.inet.udp.blackhole=1 92kern.ipc.somaxconn=1024 93debug.trace_on_panic=1 94debug.debugger_on_panic=0 95EOF 96 97 # To meet GCE marketplace requirements, extract the src.txz and 98 # ports.txz distributions to the target virtual machine disk image 99 # and fetch the sources for the third-party software installed on 100 # the image. 101 if [ ! -c "${DESTDIR}/dev/null" ]; then 102 mkdir -p ${DESTDIR}/dev 103 mount -t devfs devfs ${DESTDIR}/dev 104 fi 105 if [ -e "${DESTDIR}/../ftp/src.txz" ]; then 106 tar fxJ ${DESTDIR}/../ftp/src.txz -C ${DESTDIR} 107 fi 108 if [ -e "${DESTDIR}/../ftp/ports.txz" ]; then 109 tar fxJ ${DESTDIR}/../ftp/ports.txz -C ${DESTDIR} 110 _INSTALLED_PACKAGES=$(chroot ${DESTDIR} pkg info -o -q -a) 111 for PACKAGE in ${_INSTALLED_PACKAGES}; do 112 chroot ${DESTDIR} \ 113 make -C /usr/ports/${PACKAGE} fetch 114 done 115 fi 116 if [ -c "${DESTDIR}/dev/null" ]; then 117 umount_loop ${DESTDIR}/dev 118 fi 119 120 ## XXX: Verify this is needed. I do not see this requirement 121 ## in the docs, and it impairs the ability to boot-test a copy 122 ## of the image prior to packaging for upload to GCE. 123 #sed -E -i '' 's/^([^#].*[[:space:]])on/\1off/' ${DESTDIR}/etc/ttys 124 125 touch ${DESTDIR}/firstboot 126 127 rm -f ${DESTDIR}/etc/resolv.conf 128 129 return 0 130} 131