Renamed google_configs directory to match package. (#323)

7 files changed, 234 insertions, 0 deletions

diff --git a/google_config/bin/set_hostname b/google_config/bin/set_hostname
new file mode 100755
index 0000000..f7d0b10
--- /dev/null
+++ b/google_config/bin/set_hostname
@@ -0,0 +1,41 @@
+#!/bin/bash
+# Copyright 2016 Google Inc. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Deal with a new hostname assignment.
+
+if [ -n "$new_host_name" ] && [ -n "$new_ip_address" ]; then
+  # Delete entries with new_host_name or new_ip_address in /etc/hosts.
+  sed -i '/Added by Google/d' /etc/hosts
+
+  # Add an entry for our new_host_name/new_ip_address in /etc/hosts.
+  echo "${new_ip_address} ${new_host_name} ${new_host_name%%.*}  # Added by Google" >> /etc/hosts
+fi
+
+# /sbin/dhclient-scripts in both ubuntu and centos have some problems for us:
+#  1) BOUND doesn't always set hostname (e.g. if old_host_name is unset in
+#     precise pangolin)
+#  2) Using too long of a FQDN as a hostname causes some tools to break in
+#     some distros (e.g. ssh-keygen) and hostname tool complains when given
+#     a FQDN that is > 64 bytes.
+#
+# As a result, we set the host name in all circumstances here, to the truncated
+# unqualified domain name.
+
+if [ -n "$new_host_name" ]; then
+  hostname "${new_host_name%%.*}"
+
+  # Let syslogd know we've changed the hostname.
+  pkill -HUP syslogd
+fi
diff --git a/google_config/build_packages.sh b/google_config/build_packages.sh
new file mode 100755
index 0000000..af35e7d
--- /dev/null
+++ b/google_config/build_packages.sh
@@ -0,0 +1,64 @@
+#!/bin/bash
+# Copyright 2016 Google Inc. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+COMMON_FILES=(
+  'rsyslog/90-google.conf=/etc/rsyslog.d/90-google.conf'
+  'sysctl/11-gce-network-security.conf=/etc/sysctl.d/11-gce-network-security.conf'
+  'udev/64-gce-disk-removal.rules=/etc/udev/rules.d/64-gce-disk-removal.rules'
+  'udev/65-gce-disk-naming.rules=/etc/udev/rules.d/65-gce-disk-naming.rules')
+TIMESTAMP="$(date +%s)"
+
+function build_distro() {
+  declare -r distro="$1"
+  declare -r pkg_type="$2"
+  declare files=("$@")
+  declare name='google-config'
+
+  if [[ "${pkg_type}" == 'deb' ]]; then
+    name="${name}-${distro}"
+  fi
+
+  fpm \
+    -s dir \
+    -t "${pkg_type}" \
+    --description 'Google Compute Engine Linux guest configuration' \
+    --iteration "0.${TIMESTAMP}" \
+    --license 'Apache Software License' \
+    --maintainer 'gc-team@google.com' \
+    --name "${name}" \
+    --rpm-dist "${distro}" \
+    --url 'https://github.com/GoogleCloudPlatform/compute-image-packages' \
+    --vendor 'Google Compute Engine Team' \
+    --version '2.0.0' \
+    "${COMMON_FILES[@]}" \
+    "${files[@]:2}"
+}
+
+# RHEL/CentOS 6
+build_distro 'el6' 'rpm' \
+  'bin/set_hostname=/etc/dhcp/dhclient-exit-hooks'
+
+# RHEL/CentOS 7
+build_distro 'el7' 'rpm' \
+  'bin/set_hostname=/usr/bin/set_hostname' \
+  'dhcp/google_hostname.sh=/etc/dhcp/dhclient.d/google_hostname.sh'
+
+# Debian 7
+build_distro 'wheezy' 'deb' \
+  'bin/set_hostname=/etc/dhcp/dhclient-exit-hooks.d/set_hostname'
+
+# Debian 8
+build_distro 'jessie' 'deb' \
+  'bin/set_hostname=/etc/dhcp/dhclient-exit-hooks.d/set_hostname'
diff --git a/google_config/dhcp/google_hostname.sh b/google_config/dhcp/google_hostname.sh
new file mode 100755
index 0000000..67231e0
--- /dev/null
+++ b/google_config/dhcp/google_hostname.sh
@@ -0,0 +1,21 @@
+#!/bin/bash
+# Copyright 2016 Google Inc. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+google_hostname_config() {
+  set_hostname
+}
+google_hostname_restore() {
+  :
+}
diff --git a/google_config/rsyslog/90-google.conf b/google_config/rsyslog/90-google.conf
new file mode 100644
index 0000000..81b2ed7
--- /dev/null
+++ b/google_config/rsyslog/90-google.conf
@@ -0,0 +1,6 @@
+# Google Compute Engine default console logging.
+#
+# daemon: logging from Google provided daemons.
+# kern: logging information in case of an unexpected crash during boot.
+#
+daemon,kern.* /dev/console
diff --git a/google_config/sysctl/11-gce-network-security.conf b/google_config/sysctl/11-gce-network-security.conf
new file mode 100644
index 0000000..0e4db8c
--- /dev/null
+++ b/google_config/sysctl/11-gce-network-security.conf
@@ -0,0 +1,61 @@
+# Copyright 2016 Google Inc. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+#     distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# Google-recommended kernel parameters
+
+# Turn on SYN-flood protections.  Starting with 2.6.26, there is no loss
+# of TCP functionality/features under normal conditions.  When flood
+# protections kick in under high unanswered-SYN load, the system
+# should remain more stable, with a trade off of some loss of TCP
+# functionality/features (e.g. TCP Window scaling).
+net.ipv4.tcp_syncookies=1
+
+# Ignore source-routed packets
+net.ipv4.conf.all.accept_source_route=0
+net.ipv4.conf.default.accept_source_route=0
+
+# Ignore ICMP redirects from non-GW hosts
+net.ipv4.conf.all.accept_redirects=0
+net.ipv4.conf.default.accept_redirects=0
+net.ipv4.conf.all.secure_redirects=1
+net.ipv4.conf.default.secure_redirects=1
+
+# Don't pass traffic between networks or act as a router
+net.ipv4.ip_forward=0
+net.ipv4.conf.all.send_redirects=0
+net.ipv4.conf.default.send_redirects=0
+
+# Turn on Source Address Verification in all interfaces to
+# prevent some spoofing attacks.
+net.ipv4.conf.all.rp_filter=1
+net.ipv4.conf.default.rp_filter=1
+
+# Ignore ICMP broadcasts to avoid participating in Smurf attacks
+net.ipv4.icmp_echo_ignore_broadcasts=1
+
+# Ignore bad ICMP errors
+net.ipv4.icmp_ignore_bogus_error_responses=1
+
+# Log spoofed, source-routed, and redirect packets
+net.ipv4.conf.all.log_martians=1
+net.ipv4.conf.default.log_martians=1
+
+# RFC 1337 fix
+net.ipv4.tcp_rfc1337=1
+
+# Addresses of mmap base, heap, stack and VDSO page are randomized
+kernel.randomize_va_space=2
+
+# Reboot the machine soon after a kernel panic.
+kernel.panic=10
diff --git a/google_config/udev/64-gce-disk-removal.rules b/google_config/udev/64-gce-disk-removal.rules
new file mode 100644
index 0000000..4ff1f99
--- /dev/null
+++ b/google_config/udev/64-gce-disk-removal.rules
@@ -0,0 +1,17 @@
+# Copyright 2016 Google Inc. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+#     distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# When a disk is removed, unmount any remaining attached volumes.
+
+ACTION=="remove", SUBSYSTEM=="block", KERNEL=="sd*|vd*", RUN+="/bin/sh -c '/bin/umount -fl /dev/$name && /usr/bin/logger -p daemon.warn -s WARNING: hot-removed /dev/$name that was still mounted, data may have been corrupted'"
diff --git a/google_config/udev/65-gce-disk-naming.rules b/google_config/udev/65-gce-disk-naming.rules
new file mode 100644
index 0000000..c686837
--- /dev/null
+++ b/google_config/udev/65-gce-disk-naming.rules
@@ -0,0 +1,24 @@
+# Copyright 2016 Google Inc. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+#     distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# Name the attached disks as the specified by deviceName.
+
+ACTION!="add|change", GOTO="gce_disk_naming_end"
+SUBSYSTEM!="block", GOTO="gce_disk_naming_end"
+
+KERNEL=="sd*|vd*", IMPORT{program}="scsi_id --export --whitelisted -d $tempnode"
+KERNEL=="sd*|vd*", ENV{ID_SERIAL_SHORT}=="?*", ENV{DEVTYPE}=="disk", SYMLINK+="disk/by-id/google-$env{ID_SERIAL_SHORT}"
+KERNEL=="sd*|vd*", ENV{ID_SERIAL_SHORT}=="?*", ENV{DEVTYPE}=="partition", SYMLINK+="disk/by-id/google-$env{ID_SERIAL_SHORT}-part%n"
+
+LABEL="gce_disk_naming_end"