a7976e867f
as 3GB is too small as discovered in this week's snapshot builds. MFC after: 3 days Sponsored by: The FreeBSD Foundation
127 lines
3.5 KiB
Bash
127 lines
3.5 KiB
Bash
#!/bin/sh
|
|
#
|
|
# $FreeBSD$
|
|
#
|
|
|
|
# The default of 3GB is too small for GCE, so override the size here.
|
|
export VMSIZE=20G
|
|
|
|
# Set to a list of packages to install.
|
|
export VM_EXTRA_PACKAGES="firstboot-freebsd-update firstboot-pkgs \
|
|
google-cloud-sdk panicmail sudo sysutils/py-google-compute-engine \
|
|
lang/python lang/python2 lang/python3"
|
|
|
|
# Set to a list of third-party software to enable in rc.conf(5).
|
|
export VM_RC_LIST="ntpd sshd growfs \
|
|
firstboot_pkgs firstboot_freebsd_update google_startup \
|
|
google_accounts_daemon google_clock_skew_daemon \
|
|
google_instance_setup google_network_daemon"
|
|
|
|
vm_extra_install_base() {
|
|
echo 'search google.internal' > ${DESTDIR}/etc/resolv.conf
|
|
echo 'nameserver 169.254.169.254' >> ${DESTDIR}/etc/resolv.conf
|
|
echo 'nameserver 8.8.8.8' >> ${DESTDIR}/etc/resolv.conf
|
|
}
|
|
|
|
vm_extra_pre_umount() {
|
|
# Enable growfs on every boot, not only the first, as as instance's disk can
|
|
# be enlarged post-creation
|
|
sed -i -e '/KEYWORD: firstboot/d' /etc/rc.d/growfs
|
|
|
|
cat << EOF >> ${DESTDIR}/etc/rc.conf
|
|
dumpdev="AUTO"
|
|
ifconfig_DEFAULT="SYNCDHCP mtu 1460"
|
|
ntpd_sync_on_start="YES"
|
|
# need to fill in something here
|
|
#firstboot_pkgs_list=""
|
|
panicmail_autosubmit="YES"
|
|
EOF
|
|
|
|
cat << EOF >> ${DESTDIR}/boot/loader.conf
|
|
autoboot_delay="-1"
|
|
beastie_disable="YES"
|
|
loader_logo="none"
|
|
hw.memtest.tests="0"
|
|
console="comconsole,vidconsole"
|
|
hw.vtnet.mq_disable=1
|
|
kern.timecounter.hardware=ACPI-safe
|
|
aesni_load="YES"
|
|
nvme_load="YES"
|
|
EOF
|
|
|
|
echo '169.254.169.254 metadata.google.internal metadata' >> \
|
|
${DESTDIR}/etc/hosts
|
|
|
|
# overwrite ntp.conf
|
|
cat << EOF > ${DESTDIR}/etc/ntp.conf
|
|
server metadata.google.internal iburst
|
|
|
|
restrict default kod nomodify notrap nopeer noquery
|
|
restrict -6 default kod nomodify notrap nopeer noquery
|
|
|
|
restrict 127.0.0.1
|
|
restrict -6 ::1
|
|
restrict 127.127.1.0
|
|
EOF
|
|
|
|
cat << EOF >> ${DESTDIR}/etc/syslog.conf
|
|
*.err;kern.warning;auth.notice;mail.crit /dev/console
|
|
EOF
|
|
|
|
cat << EOF >> ${DESTDIR}/etc/ssh/sshd_config
|
|
ChallengeResponseAuthentication no
|
|
X11Forwarding no
|
|
AcceptEnv LANG
|
|
AllowAgentForwarding no
|
|
ClientAliveInterval 420
|
|
EOF
|
|
|
|
cat << EOF >> ${DESTDIR}/etc/crontab
|
|
0 3 * * * root /usr/sbin/freebsd-update cron
|
|
EOF
|
|
|
|
cat << EOF >> ${DESTDIR}/etc/sysctl.conf
|
|
net.inet.icmp.drop_redirect=1
|
|
net.inet.ip.redirect=0
|
|
net.inet.tcp.blackhole=2
|
|
net.inet.udp.blackhole=1
|
|
kern.ipc.somaxconn=1024
|
|
debug.trace_on_panic=1
|
|
debug.debugger_on_panic=0
|
|
EOF
|
|
|
|
# To meet GCE marketplace requirements, extract the src.txz and
|
|
# ports.txz distributions to the target virtual machine disk image
|
|
# and fetch the sources for the third-party software installed on
|
|
# the image.
|
|
if [ ! -c "${DESTDIR}/dev/null" ]; then
|
|
mkdir -p ${DESTDIR}/dev
|
|
mount -t devfs devfs ${DESTDIR}/dev
|
|
fi
|
|
if [ -e "${DESTDIR}/../ftp/src.txz" ]; then
|
|
tar fxJ ${DESTDIR}/../ftp/src.txz -C ${DESTDIR}
|
|
fi
|
|
if [ -e "${DESTDIR}/../ftp/ports.txz" ]; then
|
|
tar fxJ ${DESTDIR}/../ftp/ports.txz -C ${DESTDIR}
|
|
_INSTALLED_PACKAGES=$(chroot ${DESTDIR} pkg info -o -q -a)
|
|
for PACKAGE in ${_INSTALLED_PACKAGES}; do
|
|
chroot ${DESTDIR} \
|
|
make -C /usr/ports/${PACKAGE} fetch
|
|
done
|
|
fi
|
|
if [ -c "${DESTDIR}/dev/null" ]; then
|
|
umount_loop ${DESTDIR}/dev
|
|
fi
|
|
|
|
## XXX: Verify this is needed. I do not see this requirement
|
|
## in the docs, and it impairs the ability to boot-test a copy
|
|
## of the image prior to packaging for upload to GCE.
|
|
#sed -E -i '' 's/^([^#].*[[:space:]])on/\1off/' ${DESTDIR}/etc/ttys
|
|
|
|
touch ${DESTDIR}/firstboot
|
|
|
|
rm -f ${DESTDIR}/etc/resolv.conf
|
|
|
|
return 0
|
|
}
|