xref: /freebsd/release/tools/oracle.conf (revision 5f62a964e9f8abc6a05d8338273fadd154f0a206)
1#!/bin/sh
2# Set to a list of packages to install.
3export VM_EXTRA_PACKAGES="
4    comms/py-pyserial
5    converters/base64
6    devel/oci-cli
7    devel/py-babel
8    devel/py-iso8601
9    devel/py-pbr
10    devel/py-six
11    ftp/curl
12    lang/python
13    lang/python3
14    net/cloud-init
15    net/py-eventlet
16    net/py-netaddr
17    net/py-netifaces
18    net/py-oauth
19    net/rsync
20    security/ca_root_nss
21    security/sudo@default
22    sysutils/firstboot-freebsd-update
23    sysutils/firstboot-pkgs
24    sysutils/panicmail
25    textproc/jq
26    "
27
28# Should be enough for base image, image can be resized in needed
29export VMSIZE=8g
30
31# Set to a list of third-party software to enable in rc.conf(5).
32export VM_RC_LIST="
33    cloudinit
34    firstboot_pkgs
35    firstboot_freebsd_update
36    growfs
37    ntpd
38    ntpd_sync_on_start
39    sshd
40    zfs"
41
42# Hack for FreeBSD 15.0; should go away before 15.1.
43MISSING_METALOGS="
44./usr/local/etc/cloud/cloud.cfg
45./usr/local/etc/cloud/cloud.cfg.d/05_logging.cfg
46./usr/local/etc/cloud/cloud.cfg.d/99_freebsd.cfg
47./usr/local/etc/pam.d/sudo
48./usr/local/etc/rsync/rsyncd.conf
49./usr/local/etc/ssl/cert.pem
50./usr/local/etc/sudo.conf
51./usr/local/etc/sudo_logsrvd.conf
52./usr/local/etc/sudoers
53"
54
55vm_extra_pre_umount() {
56	cat <<-'EOF' >> ${DESTDIR}/etc/rc.conf
57		dumpdev=AUTO
58		sendmail_enable=NONE
59EOF
60
61	cat <<-'EOF' >> ${DESTDIR}/boot/loader.conf
62		autoboot_delay="5"
63		beastie_disable="YES"
64		boot_serial="YES"
65		loader_logo="none"
66		cryptodev_load="YES"
67		opensolaris_load="YES"
68		xz_load="YES"
69		zfs_load="YES"
70EOF
71	metalog_add_data ./boot/loader.conf
72
73	cat <<-'EOF' >> ${DESTDIR}/etc/ssh/sshd_config
74		# S11 Configure the SSH service to prevent password-based login
75		PermitRootLogin prohibit-password
76		PasswordAuthentication no
77		KbdInteractiveAuthentication no
78		PermitEmptyPasswords no
79		UseDNS no
80EOF
81
82	 # S14 Root user login must be disabled on serial-over-ssh console
83	 pw -R ${DESTDIR} usermod root -w no
84	 # Oracle requirements override the default FreeBSD cloud-init settings
85	 cat <<-'EOF' >> ${DESTDIR}/usr/local/etc/cloud/cloud.cfg.d/98_oracle.cfg
86		disable_root: true
87		system_info:
88		   distro: freebsd
89		   default_user:
90		     name: freebsd
91		     lock_passwd: True
92		     gecos: "Oracle Cloud Default User"
93		     groups: [wheel]
94		     sudo: ["ALL=(ALL) NOPASSWD:ALL"]
95		     shell: /bin/sh
96		   network:
97		      renderers: ['freebsd']
98EOF
99	metalog_add_data ./usr/local/etc/cloud/cloud.cfg.d/98_oracle.cfg
100
101	# Use Oracle Cloud Infrastructure NTP server
102	sed -i '' -E -e 's/^pool.*iburst/server 169.254.169.254 iburst/' \
103            ${DESTDIR}/etc/ntp.conf
104
105	return 0
106}
107