release/tools/oci.conf

   1 #!/bin/sh
   2 # Set to a list of packages to install.
   3 export VM_EXTRA_PACKAGES="
   4     comms/py-pyserial
   5     converters/base64
   6     devel/oci-cli
   7     devel/py-babel
   8     devel/py-iso8601
   9     devel/py-pbr
  10     devel/py-six
  11     ftp/curl
  12     lang/python
  13     lang/python3
  14     net/cloud-init
  15     net/py-eventlet
  16     net/py-netaddr
  17     net/py-netifaces
  18     net/py-oauth
  19     net/rsync
  20     panicmail
  21     security/ca_root_nss
  22     security/sudo
  23     sysutils/firstboot-freebsd-update
  24     sysutils/firstboot-pkgs
  25     sysutils/panicmail
  26     textproc/jq
  27     "
  28
  29 # Should be enough for base image, image can be resized in needed
  30 export VMSIZE=5g
  31
  32 # Set to a list of third-party software to enable in rc.conf(5).
  33 export VM_RC_LIST="
  34     cloudinit
  35     firstboot_pkgs
  36     firstboot_freebsd_update
  37     growfs
  38     ntpd
  39     ntpd_sync_on_start
  40     sshd
  41     zfs"
  42
  43 vm_extra_pre_umount() {
  44         cat <<-'EOF' >> ${DESTDIR}/etc/rc.conf
  45                 dumpdev=AUTO
  46                 sendmail_enable=NONE
  47 EOF
  48
  49         cat <<-'EOF' >> ${DESTDIR}/boot/loader.conf
  50                 autoboot_delay="5"
  51                 beastie_disable="YES"
  52                 boot_serial="YES"
  53                 loader_logo="none"
  54                 cryptodev_load="YES"
  55                 opensolaris_load="YES"
  56                 xz_load="YES"
  57                 zfs_load="YES"
  58 EOF
  59
  60         cat <<-'EOF' >> ${DESTDIR}/etc/ssh/sshd_config
  61                 # S11 Configure the SSH service to prevent password-based login
  62                 PermitRootLogin prohibit-password
  63                 PasswordAuthentication no
  64                 KbdInteractiveAuthentication no
  65                 PermitEmptyPasswords no
  66                 UseDNS no
  67 EOF
  68
  69          # S14 Root user login must be disabled on serial-over-ssh console
  70          pw -R ${DESTDIR} usermod root -w no
  71          # OCI requirements override the default FreeBSD cloud-init settings
  72          cat <<-'EOF' >> ${DESTDIR}/usr/local/etc/cloud/cloud.cfg.d/98_oci.cfg
  73                 disable_root: true
  74                 system_info:
  75                    distro: freebsd
  76                    default_user:
  77                      name: freebsd
  78                      lock_passwd: True
  79                      gecos: "OCI Default User"
  80                      groups: [wheel]
  81                      sudo: ["ALL=(ALL) NOPASSWD:ALL"]
  82                      shell: /bin/sh
  83                    network:
  84                       renderers: ['freebsd']
  85 EOF
  86
  87         # Use Oracle Cloud Infrastructure NTP server
  88         sed -i '' -E -e 's/^pool.*iburst/server 169.254.169.254 iburst/' \
  89         ${DESTDIR}/etc/ntp.conf
  90
  91         touch ${DESTDIR}/firstboot
  92
  93         if ! [ -z "${QEMUSTATIC}" ]; then
  94                 rm -f ${DESTDIR}/${EMULATOR}
  95         fi
  96         rm -f ${DESTDIR}/etc/resolv.conf
  97
  98         return 0
  99 }