Permalink
Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
241 lines (204 sloc) 5.88 KB
#!/bin/bash
# Copyright (c) 2012 Joyent, Inc. All rights reserved.
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.
#
# Amended by Flexiant, Ltd.
WARNING=""
addwarn() {
WARNING="${WARNING}(warning) $@\n"
}
fatal() {
printf "(fatal) %s\n" "$@"
exit 1
}
info() {
printf "(info) %s\n" "$@"
}
warn() {
printf "(warn) %s\n" "$@"
}
separator() {
for i in {1..78} ; do
printf "="
done
printf "\n"
}
check_root() {
if [[ $EUID != 0 ]] ; then
echo "You must be root to run this command"
echo "try again with 'sudo `basename $`'"
exit 1
fi
}
check_selinux() {
if [[ -f /etc/selinux/config ]] ; then
local mode=$(grep '^SELINUX=' /etc/selinux/config | awk -F'=' '{print $2}')
if [[ "${mode}" != "disabled" ]] ; then
addwarn "Selinux is not disabled. Do you also juggle chainsaws?"
addwarn "To disable set SELINUX=disabled in /etc/selinux/config"
fi
fi
}
cleanup_logs() {
info "cleaning up logs"
find /var/log -type f | xargs rm -f
touch /var/log/wtmp
}
cleanup_root() {
info "cleaning up root account"
rm -rf /root/* 2>/dev/null
rm -f /root/.bash_history
rm -f /root/.viminfo
# disable root password
local passwd=$(grep ^root: /etc/shadow | awk -F ':' '{print $2}')
if [[ -n $passwd ]] ; then
addwarn "root user has a password set. Removing password."
passwd -d root &>/dev/null
fi
}
cleanup_ubuntu() {
info "cleaning up ubuntu account"
rm -rf ~ubuntu/* 2>/dev/null
rm -f ~ubuntu/.bash_history
rm -f ~ubuntu/.viminfo
# disable ubuntu password
local passwd=$(grep ^ubuntu: /etc/shadow | awk -F ':' '{print $2}')
if [[ -n $passwd ]] ; then
addwarn "ubuntu user has a password set. Removing password."
passwd -d ubuntu &>/dev/null
fi
}
cleanup_ssh() {
info "cleaning up ssh"
find /etc/ssh -type f -name "ssh_host_*" | xargs rm -f
rm -f /root/.ssh/authorized_keys
}
cleanup_disks() {
info "removing /dev/vdb entries from fstab"
sed -i '/^\/dev\/vdb/d' /etc/fstab
}
cleanup_cloudinit() {
if [[ -d /var/lib/cloud/instances/ ]] ; then
info "removing /var/lib/cloud/instances/*"
rm -rf /var/lib/cloud/instances/*
fi
}
cleanup_firstboot() {
if [[ -f /etc/firstboot.d/done ]] ; then
info "removing /etc/firstboot.d/done"
rm -f '/etc/firstboot.d/done'
fi
}
# Redhat / CentOS specific commands go here
prepare_redhat() {
info "cleaning up network devices"
rm -f /etc/udev/rules.d/70-persistent-net.rules
rm -f /lib/udev/rules.d/70-persistent-net-generator.rules
find /etc/sysconfig/network-scripts -name "ifcfg-eth*" | xargs rm -f
find /var/lib/dhclient -type f | xargs rm -f
info "cleaning up package cache"
out=$(yum clean packages)
if [[ -z `which lsb_release` ]] ; then
addwarn "lsb_release not found!"
addwarn "To install lsb_release run 'yum install redhat-lsb'.";
fi
local rpmbin=$(which rpm 2>/dev/null)
if [[ -e ${rpmbin} ]] ; then
out=$($rpmbin -qa acpid)
if [[ -z ${out} ]]; then
addwarn "ACPID not found. Lifecycle management will be degraded!"
addwarn "To install acpid run 'yum install acpid'."
fi
fi
}
# Debian / Ubuntu specific commands go here
prepare_debian() {
info "cleaning up network devices"
rm -f /etc/udev/rules.d/70-persistent-net.rules
rm -f /lib/udev/rules.d/70-persistent-net-generator.rules
if [[ -d /var/lib/dhcp3 ]] ; then
find /var/lib/dhcp3 -type f -name "*.leases" | xargs rm -f
elif [[ -d /var/lib/dhcp ]] ; then
find /var/lib/dhcp -type f -name "*.leases" | xargs rm -f
fi
if [[ -f /etc/network/interfaces ]] ; then
rm -f /etc/network/interfaces
out=$(dpkg-reconfigure ifupdown 2>&1 > /dev/null)
echo "" >> /etc/network/interfaces
echo "auto eth0" >> /etc/network/interfaces
echo "iface eth0 inet dhcp" >> /etc/network/interfaces
fi
info "cleaning up package cache"
out=$(apt-get clean)
local dpkgbin=$(which dpkg 2>/dev/null)
if [[ -e ${dpkgbin} ]] ; then
out=$($dpkgbin -l acpid | grep ^ii | wc -l)
if [[ ${out} == "0" ]]; then
addwarn "ACPID not found. Lifecycle management will be degraded!"
addwarn "To install acpid run 'apt-get install acpid'."
fi
fi
}
## MAIN ##
separator
printf "Prepare-image\n"
separator
case `uname -s` in
Linux)
if [ -f /etc/redhat-release ] ; then
prepare_redhat
elif [ -f /etc/debian_version ] ; then
prepare_debian
fi
check_selinux
cleanup_disks
cleanup_logs
cleanup_ssh
cleanup_root
if id ubuntu &>/dev/null
then
cleanup_ubuntu
fi
cleanup_cloudinit
cleanup_firstboot
;;
*)
warn "OS specific features not implemented"
;;
esac
if [[ ${WARNING} != "" ]] ; then
printf "\n"
separator
printf "${WARNING}"
separator
printf "\n\n"
exit 1
else
printf "\n"
separator
# clear bash history
history -c
# delete myself
rm -f $0
printf "(info) you may now stop your your machine from the control panel\n"
separator
printf "\n\n"
exit 0
fi