diff options
author | Liam Hopkins <liamh@google.com> | 2018-12-14 12:44:47 -0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-12-14 12:44:47 -0800 |
commit | f773905cc0a70927c7180dd60d939fbf21264c92 (patch) | |
tree | a8aa77f094f896d6689fcee711eb490822b6b1f0 /packages/google-compute-engine | |
parent | 091c4251a0d5e4af7c006af747251af7d7bcee62 (diff) | |
download | google-compute-image-packages-f773905cc0a70927c7180dd60d939fbf21264c92.tar.gz |
Repo layout changes (#688)
Diffstat (limited to 'packages/google-compute-engine')
42 files changed, 2015 insertions, 0 deletions
diff --git a/packages/google-compute-engine/packaging/debian/changelog b/packages/google-compute-engine/packaging/debian/changelog new file mode 100644 index 0000000..37f97c6 --- /dev/null +++ b/packages/google-compute-engine/packaging/debian/changelog @@ -0,0 +1,189 @@ +google-compute-engine (2.8.12-1) stable; urgency=low + + * Fix two factor enablement on change. + + -- Google Cloud Team <gc-team@google.com> Wed, 05 Dec 2018 12:00:00 -0700 + +google-compute-image-packages (2.8.11-1) stable; urgency=low + + * Split up the gpasswd command into two commands. + * Update two factor enablement on change. + + -- Google Cloud Team <gc-team@google.com> Tue, 04 Dec 2018 12:00:00 -0700 + +google-compute-image-packages (2.8.10-1) stable; urgency=low + + * Fix the gpasswd command default. + + -- Google Cloud Team <gc-team@google.com> Fri, 30 Nov 2018 12:00:00 -0700 + +google-compute-image-packages (2.8.9-1) stable; urgency=low + + * Support enabling OS Login two factor authentication. + * Improve accounts support for FreeBSD. + * Improve SELinux support. + + -- Google Cloud Team <gc-team@google.com> Wed, 28 Nov 2018 12:00:00 -0700 + +google-compute-image-packages (2.8.8-1) stable; urgency=low + + * Update sudoer group membership without overriding local groups. + + -- Google Cloud Team <gc-team@google.com> Tue, 23 Oct 2018 12:00:00 -0700 + +google-compute-image-packages (2.8.7-1) stable; urgency=low + + * Remove users from sudoers group on removal (fixed). + + -- Google Cloud Team <gc-team@google.com> Thu, 18 Oct 2018 12:00:00 -0700 + +google-compute-image-packages (2.8.6-1) stable; urgency=low + + * Revert PR: Remove users from sudoers group on removal. + + -- Google Cloud Team <gc-team@google.com> Thu, 11 Oct 2018 12:00:00 -0700 + +google-compute-image-packages (2.8.5-1) stable; urgency=low + + * Remove users from sudoers group on removal. + * Remove gsutil dependency for metadata scripts. + + -- Google Cloud Team <gc-team@google.com> Thu, 05 Oct 2018 12:00:00 -0700 + +google-compute-image-packages (2.8.4-1) stable; urgency=low + + * Remove ntp dependency. + * Support Debian 10 Buster. + * Restart the network daemon if networking is restarted. + * Prevent setup of the default ethernet interface. + * Accounts daemon can now verify username is 32 characters or less. + + -- Google Cloud Team <gc-team@google.com> Wed, 05 Sep 2018 12:00:00 -0700 + +google-compute-image-packages (2.8.3-1) stable; urgency=low + + * Prevent IP forwarding daemon log spam. + * Make default shell configurable when executing metadata scripts. + * Rename distro directory to distro_lib. + + -- Google Cloud Team <gc-team@google.com> Mon, 11 June 2018 12:00:00 -0700 + +google-compute-image-packages (2.8.2-1) stable; urgency=low + + * Prevent delay in configuring IP forwarding routes. + * Improve instance setup support for FreeBSD. + + -- Google Cloud Team <gc-team@google.com> Thu, 10 May 2018 12:00:00 -0700 + +google-compute-image-packages (2.8.1-1) stable; urgency=low + + * Improve OS Login disablement. + + -- Google Cloud Team <gc-team@google.com> Fri, 04 May 2018 12:00:00 -0700 + +google-compute-image-packages (2.8.0-1) stable; urgency=low + + * Create a new network daemon. + * Refactor the IP forwarding daemon and network setup. + * Improvements for using NSS cache in the accounts daemon. + + -- Google Cloud Team <gc-team@google.com> Tue, 01 May 2018 12:00:00 -0700 + +google-compute-image-packages (2.7.7-1) stable; urgency=low + + * Add support for NSS cache in OS Login. + + -- Google Cloud Team <gc-team@google.com> Thu, 08 Mar 2018 12:00:00 -0700 + +google-compute-image-packages (2.7.6-1) stable; urgency=low + + * Add distro specific logic. + + -- Google Cloud Team <gc-team@google.com> Wed, 21 Feb 2018 12:00:00 -0700 + +google-compute-image-packages (2.7.5-2) stable; urgency=low + + * Fix dependencies for syslog. + + -- Google Cloud Team <gc-team@google.com> Tue, 06 Feb 2018 12:00:00 -0700 + +google-compute-image-packages (2.7.5-1) stable; urgency=low + + * Revert hostname setting change in Debian. + + -- Google Cloud Team <gc-team@google.com> Mon, 29 Jan 2018 12:00:00 -0700 + +google-compute-image-packages (2.7.4-1) stable; urgency=low + + * Fix hostname setting in Debian. + + -- Google Cloud Team <gc-team@google.com> Mon, 29 Jan 2018 12:00:00 -0700 + +google-compute-image-packages (2.7.3-1) stable; urgency=low + + * Improve hostname setting and correctly restart rsyslog. + + -- Google Cloud Team <gc-team@google.com> Thu, 25 Jan 2018 12:00:00 -0700 + +google-compute-image-packages (2.7.2-2) stable; urgency=low + + * Force IPv4 for apt. + + -- Google Cloud Team <gc-team@google.com> Wed, 13 Dec 2017 12:00:00 -0700 + +google-compute-image-packages (2.7.2-1) stable; urgency=low + + * Generate SSH host keys when none are present. + * Improve logging when activating OS Login. + + -- Google Cloud Team <gc-team@google.com> Wed, 29 Nov 2017 12:00:00 -0700 + +google-compute-image-packages (2.7.1-1) stable; urgency=low + + * Update set_hostname file name to prevent conflict. + * Add apt config to prevent auto-removal of google-compute-engine. + + -- Google Cloud Team <gc-team@google.com> Wed, 25 Oct 2017 12:00:00 -0700 + +google-compute-image-packages (2.7.0-6) stable; urgency=low + + * Linux guest environment support for OS Login. + + -- Google Cloud Team <gc-team@google.com> Tue, 17 Oct 2017 12:00:00 -0700 + +google-compute-image-packages (2.6.2-1) stable; urgency=low + + * Fix system hang during VM shutdown. + + -- Google Cloud Team <gc-team@google.com> Fri, 06 Oct 2017 12:00:00 -0700 + +google-compute-image-packages (2.6.1-1) stable; urgency=low + + * Use curl to download metadata script files for SSL certificate validation. + * Use netifaces for retrieving MAC address names if the import exists. + + -- Google Cloud Team <gc-team@google.com> Thurs, 14 Sep 2017 12:00:00 -0700 + +google-compute-image-packages (2.6.0-4) stable; urgency=low + + * Fix DHCP exit hook install. + + -- Google Cloud Team <gc-team@google.com> Mon, 28 Aug 2017 12:00:00 -0700 + +google-compute-image-packages (2.6.0-3) stable; urgency=low + + * Add systemd preset. + + -- Google Cloud Team <gc-team@google.com> Fri, 25 Aug 2017 14:00:00 -0700 + +google-compute-image-packages (2.6.0-2) stable; urgency=low + + * Add DHCP exit hook script back into package. + + -- Google Cloud Team <gc-team@google.com> Fri, 25 Aug 2017 12:00:00 -0700 + +google-compute-image-packages (2.6.0-1) stable; urgency=low + + * New packaging. + + -- Google Cloud Team <gc-team@google.com> Mon, 27 Jun 2017 12:00:00 -0700 diff --git a/packages/google-compute-engine/packaging/debian/compat b/packages/google-compute-engine/packaging/debian/compat new file mode 100644 index 0000000..ec63514 --- /dev/null +++ b/packages/google-compute-engine/packaging/debian/compat @@ -0,0 +1 @@ +9 diff --git a/packages/google-compute-engine/packaging/debian/control b/packages/google-compute-engine/packaging/debian/control new file mode 100644 index 0000000..3f647fe --- /dev/null +++ b/packages/google-compute-engine/packaging/debian/control @@ -0,0 +1,37 @@ +Source: google-compute-engine +Section: admin +Priority: optional +Maintainer: Google Cloud Team <gc-team@google.com> +Build-Depends: debhelper (>= 9), + dh-systemd (>= 1.5) +Standards-Version: 3.9.8 +Homepage: https://github.com/GoogleCloudPlatform/compute-image-packages + +Package: google-compute-engine +Architecture: all +Depends: google-compute-engine-oslogin, + ${misc:Depends}, + rsyslog | system-log-daemon, + systemd +Recommends: rsyslog +Provides: irqbalance +Conflicts: google-compute-engine-jessie, + google-compute-engine-init-jessie, + google-config-jessie, + google-compute-engine-stretch, + google-compute-engine-init-stretch, + google-config-stretch, + google-compute-daemon, + google-startup-scripts, + irqbalance +Replaces: google-compute-engine-jessie, + google-compute-engine-init-jessie, + google-config-jessie, + google-compute-engine-stretch, + google-compute-engine-init-stretch, + google-config-stretch, + google-compute-daemon, + google-startup-scripts +Description: Google Compute Engine guest environment. + This package contains scripts, configuration, and systemd init files for + features specific to the Google Compute Engine cloud environment. diff --git a/packages/google-compute-engine/packaging/debian/copyright b/packages/google-compute-engine/packaging/debian/copyright new file mode 100644 index 0000000..9f4356b --- /dev/null +++ b/packages/google-compute-engine/packaging/debian/copyright @@ -0,0 +1,27 @@ +Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: google-compute-engine +Upstream-Contact: gc-team@google.com + +Files: * +Copyright: Copyright 2017 Google Inc. +License: Apache-2.0 + +Files: debian/* +Copyright: Copyright 2017 Google Inc. +License: Apache-2.0 + +License: Apache-2.0 + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + . + http://www.apache.org/licenses/LICENSE-2.0 + . + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + . + On Debian systems, the complete text of the Apache version 2.0 license + can be found in "/usr/share/common-licenses/Apache-2.0". diff --git a/packages/google-compute-engine/packaging/debian/install b/packages/google-compute-engine/packaging/debian/install new file mode 100644 index 0000000..f95892b --- /dev/null +++ b/packages/google-compute-engine/packaging/debian/install @@ -0,0 +1,9 @@ +etc/apt/apt.conf.d/* +etc/dhcp/dhclient-exit-hooks.d/* +etc/modprobe.d/* +etc/rsyslog.d/* +etc/sysctl.d/* +lib/systemd/system/* +lib/systemd/system-preset/* +lib/udev/rules.d/* +usr/bin/* diff --git a/packages/google-compute-engine/packaging/debian/postinst b/packages/google-compute-engine/packaging/debian/postinst new file mode 100644 index 0000000..c00b76e --- /dev/null +++ b/packages/google-compute-engine/packaging/debian/postinst @@ -0,0 +1,33 @@ +#!/bin/sh +# Copyright 2017 Google Inc. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#DEBHELPER# + +# Service reload or restart. We do not start or restart +# google-shutdown-scripts.service google-startup-scripts.service. +set -e +if [ -d /run/systemd/system ]; then + systemctl --system daemon-reload >/dev/null || true + if [ -n "$2" ]; then + _dh_action=reload-or-restart + else + _dh_action=start + fi + deb-systemd-invoke $_dh_action \ + google-instance-setup.service \ + google-accounts-daemon.service \ + google-clock-skew-daemon.service \ + google-network-daemon.service >/dev/null || true +fi diff --git a/packages/google-compute-engine/packaging/debian/preinst b/packages/google-compute-engine/packaging/debian/preinst new file mode 100644 index 0000000..2f04366 --- /dev/null +++ b/packages/google-compute-engine/packaging/debian/preinst @@ -0,0 +1,32 @@ +#!/bin/sh +# Copyright 2018 Google Inc. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#DEBHELPER# + +set -e +if [ -d /run/systemd/system ] ; then + if [ "$1" = upgrade ]; then + # Remove old services if they exist on upgrade. + if [ -f /lib/systemd/system/google-ip-forwarding-daemon.service ]; then + systemctl stop google-ip-forwarding-daemon.service + systemctl disable google-ip-forwarding-daemon.service + fi + + if [ -f /lib/systemd/system/google-network-setup.service ]; then + systemctl stop google-network-setup.service + systemctl disable google-network-setup.service + fi + fi +fi diff --git a/packages/google-compute-engine/packaging/debian/prerm b/packages/google-compute-engine/packaging/debian/prerm new file mode 100644 index 0000000..e8ac50d --- /dev/null +++ b/packages/google-compute-engine/packaging/debian/prerm @@ -0,0 +1,28 @@ +#!/bin/sh +# Copyright 2017 Google Inc. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#DEBHELPER# + +# Stop all services on remove. +set -e +if [ -d /run/systemd/system ] && [ "$1" = remove ]; then + deb-systemd-invoke stop \ + google-instance-setup.service \ + google-accounts-daemon.service \ + google-clock-skew-daemon.service \ + google-network-daemon.service \ + google-shutdown-scripts.service \ + google-startup-scripts.service >/dev/null +fi diff --git a/packages/google-compute-engine/packaging/debian/rules b/packages/google-compute-engine/packaging/debian/rules new file mode 100644 index 0000000..d82bff9 --- /dev/null +++ b/packages/google-compute-engine/packaging/debian/rules @@ -0,0 +1,7 @@ +#!/usr/bin/make -f + +%: + dh $@ --with systemd + +override_dh_systemd_start: + # Configured in postinst. diff --git a/packages/google-compute-engine/packaging/debian/source/format b/packages/google-compute-engine/packaging/debian/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/packages/google-compute-engine/packaging/debian/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/packages/google-compute-engine/packaging/google-compute-engine-el6.spec b/packages/google-compute-engine/packaging/google-compute-engine-el6.spec new file mode 100644 index 0000000..a4c4084 --- /dev/null +++ b/packages/google-compute-engine/packaging/google-compute-engine-el6.spec @@ -0,0 +1,90 @@ +# Copyright 2017 Google Inc. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +Name: google-compute-engine +Version: %{_version} +Release: 1.el6 +Summary: Google Compute Engine guest environment. +License: ASL 2.0 +Url: https://github.com/GoogleCloudPlatform/compute-image-packages +Source0: %{name}_%{version}.orig.tar.gz +Requires: curl +Requires: google-compute-engine-oslogin +Requires: python-google-compute-engine = %{version} +Requires: rsyslog +# Old packages. +Obsoletes: google-compute-engine-init +Obsoletes: google-config +Obsoletes: google-startup-scripts + +BuildArch: noarch + +# Allow other files in the source that don't end up in the package. +%define _unpackaged_files_terminate_build 0 + +%description +This package contains scripts, configuration, and init files for features +specific to the Google Compute Engine cloud environment. + +%prep +%autosetup + +%install +cp -a src/{etc,usr} %{buildroot} +install -d %{buildroot}/lib/ +cp -a src/lib/udev %{buildroot}/lib + +%files +%defattr(0644,root,root,0755) +%attr(0755,-,-) %{_bindir}/* +%attr(0755,-,-) %{_sbindir}/* +/lib/udev/rules.d/* +/etc/init/*.conf +/etc/dhcp/dhclient-exit-hooks +%config /etc/modprobe.d/* +%config /etc/rsyslog.d/* +%config /etc/sysctl.d/* + +%post +if [ $1 -eq 2 ]; then + # New service might not be enabled during upgrade. + systemctl enable google-network-daemon.service +fi + +# On upgrade run instance setup again to handle any new configs and restart +# daemons. +if [ $1 -eq 2 ]; then + stop -q -n google-accounts-daemon + stop -q -n google-clock-skew-daemon + stop -q -n google-network-daemon + /usr/bin/google_instance_setup + start -q -n google-accounts-daemon + start -q -n google-clock-skew-daemon + start -q -n google-network-daemon +fi + +if initctl status google-ip-forwarding-daemon | grep -q 'running'; then + stop -q -n google-ip-forwarding-daemon +fi + +%preun +# On uninstall only. +if [ $1 -eq 0 ]; then + stop -q -n google-accounts-daemon + stop -q -n google-clock-skew-daemon + stop -q -n google-network-daemon + if initctl status google-ip-forwarding-daemon | grep -q 'running'; then + stop -q -n google-ip-forwarding-daemon + fi +fi diff --git a/packages/google-compute-engine/packaging/google-compute-engine.spec b/packages/google-compute-engine/packaging/google-compute-engine.spec new file mode 100644 index 0000000..39307cb --- /dev/null +++ b/packages/google-compute-engine/packaging/google-compute-engine.spec @@ -0,0 +1,95 @@ +# Copyright 2018 Google Inc. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +Name: google-compute-engine +Version: %{_version} +Release: 1.el7 +Summary: Google Compute Engine guest environment. +License: ASL 2.0 +Url: https://github.com/GoogleCloudPlatform/compute-image-packages +Source0: %{name}_%{version}.orig.tar.gz +Requires: curl +Requires: google-compute-engine-oslogin +Requires: python-google-compute-engine = %{version} +Requires: rsyslog + +BuildArch: noarch +BuildRequires: systemd + +# Allow other files in the source that don't end up in the package. +%define _unpackaged_files_terminate_build 0 + +%description +This package contains scripts, configuration, and init files for features +specific to the Google Compute Engine cloud environment. + +%prep +%autosetup + +%install +cp -a src/{etc,usr} %{buildroot} +install -d %{buildroot}/{%{_unitdir},%{_presetdir},%{_udevrulesdir}} +cp -a src/lib/systemd/system/* %{buildroot}/%{_unitdir} +cp -a src/lib/systemd/system-preset/* %{buildroot}/%{_presetdir} +cp -a src/lib/udev/rules.d/* %{buildroot}/%{_udevrulesdir} + +%files +%defattr(0644,root,root,0755) +%attr(0755,-,-) %{_bindir}/* +%attr(0755,-,-) /etc/dhcp/dhclient.d/google_hostname.sh +%{_udevrulesdir}/* +%{_unitdir}/* +%{_presetdir}/* +%config /etc/modprobe.d/* +%config /etc/rsyslog.d/* +%config /etc/sysctl.d/* + +%post +# On upgrade run instance setup again to handle any new configs and restart +# daemons. +if [ $1 -eq 2 ]; then + /usr/bin/google_instance_setup + systemctl reload-or-restart google-accounts-daemon.service + systemctl reload-or-restart google-clock-skew-daemon.service + systemctl reload-or-restart google-network-daemon.service +fi + +%systemd_post google-accounts-daemon.service +%systemd_post google-clock-skew-daemon.service +%systemd_post google-instance-setup.service +%systemd_post google-network-daemon.service +%systemd_post google-shutdown-scripts.service +%systemd_post google-startup-scripts.service + +# Remove old services. +if [ -f /lib/systemd/system/google-ip-forwarding-daemon.service ]; then + systemctl stop --no-block google-ip-forwarding-daemon + systemctl disable google-ip-forwarding-daemon.service +fi + +if [ -f /lib/systemd/system/google-network-setup.service ]; then + systemctl stop --no-block google-network-setup + systemctl disable google-network-setup.service +fi + +%preun +# On uninstall only. +if [ $1 -eq 0 ]; then + %systemd_preun google-accounts-daemon.service + %systemd_preun google-clock-skew-daemon.service + %systemd_preun google-instance-setup.service + %systemd_preun google-network-daemon.service + %systemd_preun google-shutdown-scripts.service + %systemd_preun google-startup-scripts.service +fi diff --git a/packages/google-compute-engine/packaging/setup_deb.sh b/packages/google-compute-engine/packaging/setup_deb.sh new file mode 100755 index 0000000..d8b1189 --- /dev/null +++ b/packages/google-compute-engine/packaging/setup_deb.sh @@ -0,0 +1,43 @@ +#!/bin/bash +# Copyright 2018 Google Inc. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +NAME="google-compute-engine" +VERSION="2.8.12" + +working_dir=${PWD} +if [[ $(basename "$working_dir") != $NAME ]]; then + echo "Packaging scripts must be run from top of package dir." + exit 1 +fi + +# Build dependencies. +sudo apt-get -y install dh-systemd + +# .deb creation tools. +sudo apt-get -y install debhelper devscripts build-essential + +rm -rf /tmp/debpackage +mkdir /tmp/debpackage +cd src +tar czvf /tmp/debpackage/${NAME}_${VERSION}.orig.tar.gz --transform "s/^\./${NAME}-${VERSION}/" . + +cd /tmp/debpackage +tar xzvf ${NAME}_${VERSION}.orig.tar.gz + +cd ${NAME}-${VERSION} + +cp -r ${working_dir}/packaging/debian ./ + +debuild -us -uc diff --git a/packages/google-compute-engine/packaging/setup_rpm.sh b/packages/google-compute-engine/packaging/setup_rpm.sh new file mode 100755 index 0000000..79b0ccf --- /dev/null +++ b/packages/google-compute-engine/packaging/setup_rpm.sh @@ -0,0 +1,47 @@ +#!/bin/bash +# Copyright 2018 Google Inc. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +NAME="google-compute-engine" +VERSION="2.8.12" + +rpm_working_dir=/tmp/rpmpackage/${NAME}-${VERSION} +working_dir=${PWD} +if [[ $(basename "$working_dir") != $NAME ]]; then + echo "Packaging scripts must be run from top of package dir." + exit 1 +fi + +# Build dependencies. +sudo yum -y install make gcc-c++ libcurl-devel json-c json-c-devel pam-devel \ + policycoreutils-python boost-devel + +# RPM creation tools. +sudo yum -y install rpmdevtools + +rm -rf /tmp/rpmpackage +mkdir -p ${rpm_working_dir}/{SOURCES,SPECS} + +# EL6 has a separate .spec file. +if [[ -e /etc/redhat-release ]] && grep -q release\ 6 /etc/redhat-release; then + cp packaging/${NAME}-el6.spec ${rpm_working_dir}/SPECS/${NAME}.spec +else + cp packaging/${NAME}.spec ${rpm_working_dir}/SPECS/ +fi + +tar czvf ${rpm_working_dir}/SOURCES/${NAME}_${VERSION}.orig.tar.gz \ + --exclude .git --exclude packaging --transform "s/^\./${NAME}-${VERSION}/" . + +rpmbuild --define "_topdir ${rpm_working_dir}/" --define "_version ${VERSION}" \ + -ba ${rpm_working_dir}/SPECS/${NAME}.spec diff --git a/packages/google-compute-engine/src/etc/apt/apt.conf.d/01autoremove-gce b/packages/google-compute-engine/src/etc/apt/apt.conf.d/01autoremove-gce new file mode 100644 index 0000000..be2d7f5 --- /dev/null +++ b/packages/google-compute-engine/src/etc/apt/apt.conf.d/01autoremove-gce @@ -0,0 +1,10 @@ +APT +{ + NeverAutoRemove + { + "gce-compute-image-packages.*"; + "google-compute-engine.*"; + "python-google-compute-engine.*"; + "python3-google-compute-engine.*"; + }; +}; diff --git a/packages/google-compute-engine/src/etc/apt/apt.conf.d/99ipv4-only b/packages/google-compute-engine/src/etc/apt/apt.conf.d/99ipv4-only new file mode 100644 index 0000000..efca3b6 --- /dev/null +++ b/packages/google-compute-engine/src/etc/apt/apt.conf.d/99ipv4-only @@ -0,0 +1,2 @@ +# Force IPv4 for Apt. +Acquire::ForceIPv4 "true"; diff --git a/packages/google-compute-engine/src/etc/dhcp/dhclient-exit-hooks b/packages/google-compute-engine/src/etc/dhcp/dhclient-exit-hooks new file mode 120000 index 0000000..577ef53 --- /dev/null +++ b/packages/google-compute-engine/src/etc/dhcp/dhclient-exit-hooks @@ -0,0 +1 @@ +/usr/bin/google_set_hostname
\ No newline at end of file diff --git a/packages/google-compute-engine/src/etc/dhcp/dhclient-exit-hooks.d/google_set_hostname b/packages/google-compute-engine/src/etc/dhcp/dhclient-exit-hooks.d/google_set_hostname new file mode 120000 index 0000000..577ef53 --- /dev/null +++ b/packages/google-compute-engine/src/etc/dhcp/dhclient-exit-hooks.d/google_set_hostname @@ -0,0 +1 @@ +/usr/bin/google_set_hostname
\ No newline at end of file diff --git a/packages/google-compute-engine/src/etc/dhcp/dhclient.d/google_hostname.sh b/packages/google-compute-engine/src/etc/dhcp/dhclient.d/google_hostname.sh new file mode 100755 index 0000000..abe8ce2 --- /dev/null +++ b/packages/google-compute-engine/src/etc/dhcp/dhclient.d/google_hostname.sh @@ -0,0 +1,21 @@ +#!/bin/bash +# Copyright 2016 Google Inc. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +google_hostname_config() { + google_set_hostname +} +google_hostname_restore() { + : +} diff --git a/packages/google-compute-engine/src/etc/init/google-accounts-daemon.conf b/packages/google-compute-engine/src/etc/init/google-accounts-daemon.conf new file mode 100644 index 0000000..446b92c --- /dev/null +++ b/packages/google-compute-engine/src/etc/init/google-accounts-daemon.conf @@ -0,0 +1,5 @@ +# Manages accounts from metadata SSH keys. +start on started google-network-daemon + +respawn +exec /usr/bin/google_accounts_daemon diff --git a/packages/google-compute-engine/src/etc/init/google-clock-skew-daemon.conf b/packages/google-compute-engine/src/etc/init/google-clock-skew-daemon.conf new file mode 100644 index 0000000..05c73ce --- /dev/null +++ b/packages/google-compute-engine/src/etc/init/google-clock-skew-daemon.conf @@ -0,0 +1,5 @@ +# Sync the system clock on migration. +start on started google-network-daemon + +respawn +exec /usr/bin/google_clock_skew_daemon diff --git a/packages/google-compute-engine/src/etc/init/google-instance-setup.conf b/packages/google-compute-engine/src/etc/init/google-instance-setup.conf new file mode 100644 index 0000000..2c7d596 --- /dev/null +++ b/packages/google-compute-engine/src/etc/init/google-instance-setup.conf @@ -0,0 +1,6 @@ +# Runs instance setup on boot. +start on started rsyslog + +task + +exec /usr/bin/google_instance_setup diff --git a/packages/google-compute-engine/src/etc/init/google-network-daemon.conf b/packages/google-compute-engine/src/etc/init/google-network-daemon.conf new file mode 100644 index 0000000..d2e985a --- /dev/null +++ b/packages/google-compute-engine/src/etc/init/google-network-daemon.conf @@ -0,0 +1,5 @@ +# Manages network interfaces. +start on stopped google-instance-setup + +respawn +exec /usr/bin/google_network_daemon diff --git a/packages/google-compute-engine/src/etc/init/google-shutdown-scripts.conf b/packages/google-compute-engine/src/etc/init/google-shutdown-scripts.conf new file mode 100644 index 0000000..b9323a5 --- /dev/null +++ b/packages/google-compute-engine/src/etc/init/google-shutdown-scripts.conf @@ -0,0 +1,5 @@ +# Runs a shutdown script from metadata. +start on starting rc RUNLEVEL=[06] +task + +exec /usr/bin/google_metadata_script_runner --script-type shutdown diff --git a/packages/google-compute-engine/src/etc/init/google-startup-scripts.conf b/packages/google-compute-engine/src/etc/init/google-startup-scripts.conf new file mode 100644 index 0000000..3bda504 --- /dev/null +++ b/packages/google-compute-engine/src/etc/init/google-startup-scripts.conf @@ -0,0 +1,4 @@ +# Runs a startup script from metadata. +start on started google-network-daemon + +exec /usr/bin/google_metadata_script_runner --script-type startup diff --git a/packages/google-compute-engine/src/etc/modprobe.d/gce-blacklist.conf b/packages/google-compute-engine/src/etc/modprobe.d/gce-blacklist.conf new file mode 100644 index 0000000..9b7700e --- /dev/null +++ b/packages/google-compute-engine/src/etc/modprobe.d/gce-blacklist.conf @@ -0,0 +1,5 @@ +# nouveau does not work with GCE GPU's. +blacklist nouveau + +# GCE does not have a floppy device. +blacklist floppy diff --git a/packages/google-compute-engine/src/etc/rsyslog.d/90-google.conf b/packages/google-compute-engine/src/etc/rsyslog.d/90-google.conf new file mode 100644 index 0000000..81b2ed7 --- /dev/null +++ b/packages/google-compute-engine/src/etc/rsyslog.d/90-google.conf @@ -0,0 +1,6 @@ +# Google Compute Engine default console logging. +# +# daemon: logging from Google provided daemons. +# kern: logging information in case of an unexpected crash during boot. +# +daemon,kern.* /dev/console diff --git a/packages/google-compute-engine/src/etc/sysctl.d/11-gce-network-security.conf b/packages/google-compute-engine/src/etc/sysctl.d/11-gce-network-security.conf new file mode 100644 index 0000000..0e4db8c --- /dev/null +++ b/packages/google-compute-engine/src/etc/sysctl.d/11-gce-network-security.conf @@ -0,0 +1,61 @@ +# Copyright 2016 Google Inc. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Google-recommended kernel parameters + +# Turn on SYN-flood protections. Starting with 2.6.26, there is no loss +# of TCP functionality/features under normal conditions. When flood +# protections kick in under high unanswered-SYN load, the system +# should remain more stable, with a trade off of some loss of TCP +# functionality/features (e.g. TCP Window scaling). +net.ipv4.tcp_syncookies=1 + +# Ignore source-routed packets +net.ipv4.conf.all.accept_source_route=0 +net.ipv4.conf.default.accept_source_route=0 + +# Ignore ICMP redirects from non-GW hosts +net.ipv4.conf.all.accept_redirects=0 +net.ipv4.conf.default.accept_redirects=0 +net.ipv4.conf.all.secure_redirects=1 +net.ipv4.conf.default.secure_redirects=1 + +# Don't pass traffic between networks or act as a router +net.ipv4.ip_forward=0 +net.ipv4.conf.all.send_redirects=0 +net.ipv4.conf.default.send_redirects=0 + +# Turn on Source Address Verification in all interfaces to +# prevent some spoofing attacks. +net.ipv4.conf.all.rp_filter=1 +net.ipv4.conf.default.rp_filter=1 + +# Ignore ICMP broadcasts to avoid participating in Smurf attacks +net.ipv4.icmp_echo_ignore_broadcasts=1 + +# Ignore bad ICMP errors +net.ipv4.icmp_ignore_bogus_error_responses=1 + +# Log spoofed, source-routed, and redirect packets +net.ipv4.conf.all.log_martians=1 +net.ipv4.conf.default.log_martians=1 + +# RFC 1337 fix +net.ipv4.tcp_rfc1337=1 + +# Addresses of mmap base, heap, stack and VDSO page are randomized +kernel.randomize_va_space=2 + +# Reboot the machine soon after a kernel panic. +kernel.panic=10 diff --git a/packages/google-compute-engine/src/lib/systemd/system-preset/90-google-compute-engine.preset b/packages/google-compute-engine/src/lib/systemd/system-preset/90-google-compute-engine.preset new file mode 100644 index 0000000..b903cb7 --- /dev/null +++ b/packages/google-compute-engine/src/lib/systemd/system-preset/90-google-compute-engine.preset @@ -0,0 +1,6 @@ +enable google-accounts-daemon.service +enable google-clock-skew-daemon.service +enable google-instance-setup.service +enable google-network-daemon.service +enable google-shutdown-scripts.service +enable google-startup-scripts.service diff --git a/packages/google-compute-engine/src/lib/systemd/system/google-accounts-daemon.service b/packages/google-compute-engine/src/lib/systemd/system/google-accounts-daemon.service new file mode 100644 index 0000000..f1d7111 --- /dev/null +++ b/packages/google-compute-engine/src/lib/systemd/system/google-accounts-daemon.service @@ -0,0 +1,11 @@ +[Unit] +Description=Google Compute Engine Accounts Daemon +After=network.target google-instance-setup.service google-network-daemon.service +Requires=network.target + +[Service] +Type=simple +ExecStart=/usr/bin/google_accounts_daemon + +[Install] +WantedBy=multi-user.target diff --git a/packages/google-compute-engine/src/lib/systemd/system/google-clock-skew-daemon.service b/packages/google-compute-engine/src/lib/systemd/system/google-clock-skew-daemon.service new file mode 100644 index 0000000..71369f5 --- /dev/null +++ b/packages/google-compute-engine/src/lib/systemd/system/google-clock-skew-daemon.service @@ -0,0 +1,11 @@ +[Unit] +Description=Google Compute Engine Clock Skew Daemon +After=network.target google-instance-setup.service google-network-daemon.service +Requires=network.target + +[Service] +Type=simple +ExecStart=/usr/bin/google_clock_skew_daemon + +[Install] +WantedBy=multi-user.target diff --git a/packages/google-compute-engine/src/lib/systemd/system/google-instance-setup.service b/packages/google-compute-engine/src/lib/systemd/system/google-instance-setup.service new file mode 100644 index 0000000..afa639a --- /dev/null +++ b/packages/google-compute-engine/src/lib/systemd/system/google-instance-setup.service @@ -0,0 +1,13 @@ +[Unit] +Description=Google Compute Engine Instance Setup +After=local-fs.target network-online.target network.target rsyslog.service +Before=sshd.service +Wants=local-fs.target network-online.target network.target + +[Service] +Type=oneshot +ExecStart=/usr/bin/google_instance_setup + +[Install] +WantedBy=sshd.service +WantedBy=multi-user.target diff --git a/packages/google-compute-engine/src/lib/systemd/system/google-network-daemon.service b/packages/google-compute-engine/src/lib/systemd/system/google-network-daemon.service new file mode 100644 index 0000000..74bf82e --- /dev/null +++ b/packages/google-compute-engine/src/lib/systemd/system/google-network-daemon.service @@ -0,0 +1,14 @@ +[Unit] +Description=Google Compute Engine Network Daemon +After=local-fs.target network-online.target network.target rsyslog.service +After=google-instance-setup.service +Wants=local-fs.target network-online.target network.target +Requires=network.target +PartOf=network.service + +[Service] +Type=simple +ExecStart=/usr/bin/google_network_daemon + +[Install] +WantedBy=multi-user.target diff --git a/packages/google-compute-engine/src/lib/systemd/system/google-shutdown-scripts.service b/packages/google-compute-engine/src/lib/systemd/system/google-shutdown-scripts.service new file mode 100644 index 0000000..069405e --- /dev/null +++ b/packages/google-compute-engine/src/lib/systemd/system/google-shutdown-scripts.service @@ -0,0 +1,15 @@ +[Unit] +Description=Google Compute Engine Shutdown Scripts +After=local-fs.target network-online.target network.target rsyslog.service systemd-resolved.service +After=google-instance-setup.service google-network-daemon.service +Wants=local-fs.target network-online.target network.target + +[Service] +ExecStart=/bin/true +ExecStop=/usr/bin/google_metadata_script_runner --script-type shutdown +Type=oneshot +RemainAfterExit=true +TimeoutStopSec=0 + +[Install] +WantedBy=multi-user.target diff --git a/packages/google-compute-engine/src/lib/systemd/system/google-startup-scripts.service b/packages/google-compute-engine/src/lib/systemd/system/google-startup-scripts.service new file mode 100644 index 0000000..73ee8db --- /dev/null +++ b/packages/google-compute-engine/src/lib/systemd/system/google-startup-scripts.service @@ -0,0 +1,13 @@ +[Unit] +Description=Google Compute Engine Startup Scripts +After=local-fs.target network-online.target network.target rsyslog.service +After=google-instance-setup.service google-network-daemon.service +Wants=local-fs.target network-online.target network.target + +[Service] +ExecStart=/usr/bin/google_metadata_script_runner --script-type startup +KillMode=process +Type=oneshot + +[Install] +WantedBy=multi-user.target diff --git a/packages/google-compute-engine/src/lib/udev/rules.d/64-gce-disk-removal.rules b/packages/google-compute-engine/src/lib/udev/rules.d/64-gce-disk-removal.rules new file mode 100644 index 0000000..4ff1f99 --- /dev/null +++ b/packages/google-compute-engine/src/lib/udev/rules.d/64-gce-disk-removal.rules @@ -0,0 +1,17 @@ +# Copyright 2016 Google Inc. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# When a disk is removed, unmount any remaining attached volumes. + +ACTION=="remove", SUBSYSTEM=="block", KERNEL=="sd*|vd*", RUN+="/bin/sh -c '/bin/umount -fl /dev/$name && /usr/bin/logger -p daemon.warn -s WARNING: hot-removed /dev/$name that was still mounted, data may have been corrupted'" diff --git a/packages/google-compute-engine/src/lib/udev/rules.d/65-gce-disk-naming.rules b/packages/google-compute-engine/src/lib/udev/rules.d/65-gce-disk-naming.rules new file mode 100644 index 0000000..e258548 --- /dev/null +++ b/packages/google-compute-engine/src/lib/udev/rules.d/65-gce-disk-naming.rules @@ -0,0 +1,38 @@ +# Copyright 2016 Google Inc. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Name the attached disks as the specified by deviceName. + +ACTION!="add|change", GOTO="gce_disk_naming_end" +SUBSYSTEM!="block", GOTO="gce_disk_naming_end" + +# SCSI naming +KERNEL=="sd*|vd*", IMPORT{program}="scsi_id --export --whitelisted -d $tempnode" + +# NVME naming +KERNEL=="nvme0n1*", ENV{ID_SERIAL_SHORT}="local-nvme-ssd-0" +KERNEL=="nvme0n2*", ENV{ID_SERIAL_SHORT}="local-nvme-ssd-1" +KERNEL=="nvme0n3*", ENV{ID_SERIAL_SHORT}="local-nvme-ssd-2" +KERNEL=="nvme0n4*", ENV{ID_SERIAL_SHORT}="local-nvme-ssd-3" +KERNEL=="nvme0n5*", ENV{ID_SERIAL_SHORT}="local-nvme-ssd-4" +KERNEL=="nvme0n6*", ENV{ID_SERIAL_SHORT}="local-nvme-ssd-5" +KERNEL=="nvme0n7*", ENV{ID_SERIAL_SHORT}="local-nvme-ssd-6" +KERNEL=="nvme0n8*", ENV{ID_SERIAL_SHORT}="local-nvme-ssd-7" +KERNEL=="nvme*", ENV{ID_SERIAL}="Google_EphemeralDisk_$env{ID_SERIAL_SHORT}" + +# Symlinks +KERNEL=="sd*|vd*|nvme*", ENV{DEVTYPE}=="disk", SYMLINK+="disk/by-id/google-$env{ID_SERIAL_SHORT}" +KERNEL=="sd*|vd*|nvme*", ENV{DEVTYPE}=="partition", SYMLINK+="disk/by-id/google-$env{ID_SERIAL_SHORT}-part%n" + +LABEL="gce_disk_naming_end" diff --git a/packages/google-compute-engine/src/usr/bin/google_optimize_local_ssd b/packages/google-compute-engine/src/usr/bin/google_optimize_local_ssd new file mode 100755 index 0000000..15238b9 --- /dev/null +++ b/packages/google-compute-engine/src/usr/bin/google_optimize_local_ssd @@ -0,0 +1,95 @@ +#!/bin/bash +# Copyright 2016 Google Inc. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +total_cpus=$(nproc) + +config_nvme() +{ + current_cpu=0 + for dev in /sys/bus/pci/drivers/nvme/* + do + if [ ! -d "$dev" ] + then + continue + fi + for irq_info in $dev/msi_irqs/* + do + if [ ! -f "$irq_info" ] + then + continue + fi + current_cpu=$((current_cpu % total_cpus)) + cpu_mask=$(printf "%x" $((1<<current_cpu))) + irq=$(basename "$irq_info")$a + echo "Setting IRQ $irq smp_affinity to $cpu_mask." + echo "$cpu_mask" > "/proc/irq/$irq/smp_affinity" + current_cpu=$((current_cpu+1)) + done + done +} + +config_scsi() +{ + irqs=() + for device in /sys/bus/virtio/drivers/virtio_scsi/virtio* + do + ssd=0 + for target_path in $device/host*/target*/* + do + if [ ! -f "$target_path/model" ] + then + continue + fi + model=$(cat "$target_path/model") + if [[ $model =~ .*EphemeralDisk.* ]] + then + ssd=1 + for queue_path in $target_path/block/sd*/queue + do + echo noop > "$queue_path/scheduler" + echo 0 > "$queue_path/add_random" + echo 512 > "$queue_path/nr_requests" + echo 0 > "$queue_path/rotational" + echo 0 > "$queue_path/rq_affinity" + echo 1 > "$queue_path/nomerges" + done + fi + done + if [[ $ssd == 1 ]] + then + request_queue=$(basename "$device")-request + irq=$(cat /proc/interrupts | grep "$request_queue" | awk '{print $1}'| sed 's/://') + irqs+=($irq) + fi + done + irq_count=${#irqs[@]} + if [ "$irq_count" != 0 ] + then + stride=$((total_cpus / irq_count)) + stride=$((stride < 1 ? 1 : stride)) + current_cpu=0 + for irq in "${irqs[@]}" + do + current_cpu=$(($current_cpu % $total_cpus)) + cpu_mask=$(printf "%x" $((1<<$current_cpu))) + echo "Setting IRQ $irq smp_affinity to $cpu_mask." + echo "$cpu_mask" > "/proc/irq/$irq/smp_affinity" + current_cpu=$((current_cpu+stride)) + done + fi +} + +config_nvme +config_scsi diff --git a/packages/google-compute-engine/src/usr/bin/google_set_hostname b/packages/google-compute-engine/src/usr/bin/google_set_hostname new file mode 100755 index 0000000..883844b --- /dev/null +++ b/packages/google-compute-engine/src/usr/bin/google_set_hostname @@ -0,0 +1,60 @@ +#!/bin/bash +# Copyright 2016 Google Inc. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Deal with a new hostname assignment. + +if [ -n "$new_host_name" ] && [ -n "$new_ip_address" ]; then + # Delete entries with new_host_name or new_ip_address in /etc/hosts. + sed -i '/Added by Google/d' /etc/hosts + + # Add an entry for our new_host_name/new_ip_address in /etc/hosts. + echo "${new_ip_address} ${new_host_name} ${new_host_name%%.*} # Added by Google" >> /etc/hosts + + # Add an entry for reaching the metadata server in /etc/hosts. + echo "169.254.169.254 metadata.google.internal # Added by Google" >> /etc/hosts +fi + +# /sbin/dhclient-scripts in both ubuntu and centos have some problems for us: +# 1) BOUND doesn't always set hostname (e.g. if old_host_name is unset in +# precise pangolin) +# 2) Using too long of a FQDN as a hostname causes some tools to break in +# some distros (e.g. ssh-keygen) and hostname tool complains when given +# a FQDN that is > 64 bytes. +# +# As a result, we set the host name in all circumstances here, to the truncated +# unqualified domain name. + +if [ -n "$new_host_name" ]; then + hostname "${new_host_name%%.*}" + + # If NetworkManager is installed set the hostname with nmcli. + # to resolve issues with NetworkManager resetting the hostname + # to the FQDN on DHCP renew. + nmcli=$(which nmcli 2> /dev/null) + if [ -x "$nmcli" ]; then + nmcli general hostname "${new_host_name%%.*}" + fi + + # Restart rsyslog to update the hostname. + systemctl=$(which systemctl 2> /dev/null) + if [ -x "$systemctl" ]; then + hasrsyslog=$($systemctl | grep rsyslog | cut -f1 -d' ') + if [ ! -z "$hasrsyslog" ]; then + $systemctl -q --no-block restart "$hasrsyslog" + fi + else + pkill -HUP syslogd + fi +fi diff --git a/packages/google-compute-engine/src/usr/bin/google_set_multiqueue b/packages/google-compute-engine/src/usr/bin/google_set_multiqueue new file mode 100755 index 0000000..9dfe45f --- /dev/null +++ b/packages/google-compute-engine/src/usr/bin/google_set_multiqueue @@ -0,0 +1,135 @@ +#!/bin/bash +# Copyright 2017 Google Inc. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# For a single-queue / no MSI-X virtionet device, sets the IRQ affinities to +# processor 0. For this virtionet configuration, distributing IRQs to all +# processors results in comparatively high cpu utilization and comparatively +# low network bandwidth. +# +# For a multi-queue / MSI-X virtionet device, sets the IRQ affinities to the +# per-IRQ affinity hint. The virtionet driver maps each virtionet TX (RX) queue +# MSI-X interrupt to a unique single CPU if the number of TX (RX) queues equals +# the number of online CPUs. The mapping of network MSI-X interrupt vector to +# CPUs is stored in the virtionet MSI-X interrupt vector affinity hint. This +# configuration allows network traffic to be spread across the CPUs, giving +# each CPU a dedicated TX and RX network queue, while ensuring that all packets +# from a single flow are delivered to the same CPU. + +function is_decimal_int() { + [ "${1}" -eq "${1}" ] > /dev/null 2>&1 +} + +function set_channels() { + ethtool -L "${1}" combined "${2}" > /dev/null 2>&1 +} + +echo "Running $(basename $0)." +NET_DEVS=/sys/bus/virtio/drivers/virtio_net/virtio* + +# Loop through all the virtionet devices and enable multi-queue +if [ -x "$(command -v ethtool)" ]; then + for dev in $NET_DEVS; do + ETH_DEVS=${dev}/net/* + for eth_dev in $ETH_DEVS; do + eth_dev=$(basename "$eth_dev") + if ! errormsg=$(ethtool -l "$eth_dev" 2>&1); then + echo "ethtool says that $eth_dev does not support virtionet multiqueue: $errormsg." + continue + fi + num_max_channels=$(ethtool -l "$eth_dev" | grep -m 1 Combined | cut -f2) + [ "${num_max_channels}" -eq "1" ] && continue + if is_decimal_int "$num_max_channels" && \ + set_channels "$eth_dev" "$num_max_channels"; then + echo "Set channels for $eth_dev to $num_max_channels." + else + echo "Could not set channels for $eth_dev to $num_max_channels." + fi + done + done +else + echo "ethtool not found: cannot configure virtionet multiqueue." +fi + +for dev in $NET_DEVS +do + dev=$(basename "$dev") + irq_dir=/proc/irq/* + for irq in $irq_dir + do + smp_affinity="${irq}/smp_affinity_list" + [ ! -f "${smp_affinity}" ] && continue + # Classify this IRQ as virtionet intx, virtionet MSI-X, or non-virtionet + # If the IRQ type is virtionet intx, a subdirectory with the same name as + # the device will be present. If the IRQ type is virtionet MSI-X, then + # a subdirectory of the form <device name>-<input|output>.N will exist. + # In this case, N is the input (output) queue number, and is specified as + # a decimal integer ranging from 0 to K - 1 where K is the number of + # input (output) queues in the virtionet device. + virtionet_intx_dir="${irq}/${dev}" + virtionet_msix_dir_regex=".*/${dev}-(input|output)\.([0-9]+)$" + if [ -d "${virtionet_intx_dir}" ]; then + # All virtionet intx IRQs are delivered to CPU 0 + echo "Setting ${smp_affinity} to 01 for device ${dev}." + echo "01" > "${smp_affinity}" + continue + fi + # Not virtionet intx, probe for MSI-X + virtionet_msix_found=0 + for entry in ${irq}/${dev}*; do + if [[ "$entry" =~ ${virtionet_msix_dir_regex} ]]; then + virtionet_msix_found=1 + queue_num=${BASH_REMATCH[2]} + fi + done + affinity_hint="${irq}/affinity_hint" + [ "$virtionet_msix_found" -eq 0 -o ! -f "${affinity_hint}" ] && continue + + # Set the IRQ CPU affinity to the virtionet-initialized affinity hint + echo "Setting ${smp_affinity} to ${queue_num} for device ${dev}." + echo "${queue_num}" > "${smp_affinity}" + real_affinity=`cat ${smp_affinity}` + echo "${smp_affinity}: real affinity ${real_affinity}" + done +done + +XPS=/sys/class/net/e*/queues/tx*/xps_cpus +num_cpus=$(nproc) + +num_queues=0 +for q in $XPS; do + num_queues=$((num_queues + 1)) +done + +# If we have more CPUs than queues, then stripe CPUs across tx affinity +# as CPUNumber % queue_count. +for q in $XPS; do + queue_re=".*tx-([0-9]+).*$" + if [[ "$q" =~ ${queue_re} ]]; then + queue_num=${BASH_REMATCH[1]} + fi + + xps=0 + for cpu in `seq $queue_num $num_queues $((num_cpus - 1))`; do + xps=$((xps | (1 << cpu))) + done + + # Linux xps_cpus requires a hex number with commas every 32 bits. + # It ignores all bits above # cpus, so unconditionally write a + # 64 bit hex value, with a comma between dwords. + xps_string=`printf "%08x,%08x" $((xps >> 32 & 0xffffffff)) $((xps & 0xffffffff))` + + echo ${xps_string} > $q + printf "Queue %d XPS=%s for %s\n" $queue_num `cat $q` $q +done | sort -n -k2 diff --git a/packages/google-compute-engine/src/usr/lib/systemd/journald.conf.d/20-google.conf b/packages/google-compute-engine/src/usr/lib/systemd/journald.conf.d/20-google.conf new file mode 100644 index 0000000..6c620d5 --- /dev/null +++ b/packages/google-compute-engine/src/usr/lib/systemd/journald.conf.d/20-google.conf @@ -0,0 +1,5 @@ +# Google Compute Engine default console logging. +# This is not currently included in any packages, but may in the future. + +[Journal] +ForwardToConsole=yes diff --git a/packages/google-compute-engine/src/usr/sbin/google-dhclient-script b/packages/google-compute-engine/src/usr/sbin/google-dhclient-script new file mode 100755 index 0000000..2f5b5e7 --- /dev/null +++ b/packages/google-compute-engine/src/usr/sbin/google-dhclient-script @@ -0,0 +1,806 @@ +#!/bin/bash +# +# dhclient-script: Network interface configuration script run by +# dhclient based on DHCP client communication +# +# Copyright (C) 2008-2014 Red Hat, Inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# +# Author(s): David Cantrell <dcantrell@redhat.com> +# Jiri Popelka <jpopelka@redhat.com> +# +# ---------- +# This script is a rewrite/reworking on dhclient-script originally +# included as part of dhcp-970306: +# dhclient-script for Linux. Dan Halbert, March, 1997. +# Updated for Linux 2.[12] by Brian J. Murrell, January 1999. +# Modified by David Cantrell <dcantrell@redhat.com> for Fedora and RHEL +# +# This script is found in EL 7 and used to fix local routing in EL 6. +# ---------- + +PATH=/bin:/usr/bin:/sbin +# scripts in dhclient.d/ use $SAVEDIR (#833054) +SAVEDIR=/var/lib/dhclient + +LOGFACILITY="local7" +LOGLEVEL="notice" + +ETCDIR="/etc/dhcp" + +logmessage() { + msg="${1}" + logger -p ${LOGFACILITY}.${LOGLEVEL} -t "NET" "dhclient: ${msg}" +} + +eventually_add_hostnames_domain_to_search() { +# For the case when hostname for this machine has a domain that is not in domain_search list +# 1) get a hostname with `ipcalc --hostname` or `hostname` +# 2) get the domain from this hostname +# 3) add this domain to search line in resolv.conf if it's not already +# there (domain list that we have recently added there is a parameter of this function) +# We can't do this directly when generating resolv.conf in make_resolv_conf(), because +# we need to first save the resolv.conf with obtained values before we can call `ipcalc --hostname`. +# See bug 637763 + search="${1}" + if need_hostname; then + status=1 + if [ -n "${new_ip_address}" ]; then + eval $(/bin/ipcalc --silent --hostname ${new_ip_address} ; echo "status=$?") + elif [ -n "${new_ip6_address}" ]; then + eval $(/bin/ipcalc --silent --hostname ${new_ip6_address} ; echo "status=$?") + fi + + if [ ${status} -eq 0 ]; then + domain=$(echo $HOSTNAME | cut -s -d "." -f 2-) + fi + else + domain=$(hostname 2>/dev/null | cut -s -d "." -f 2-) + fi + + if [ -n "${domain}" ] && + [ ! "${domain}" = "localdomain" ] && + [ ! "${domain}" = "localdomain6" ] && + [ ! "${domain}" = "(none)" ] && + [[ ! "${domain}" = *\ * ]]; then + is_in="false" + for s in ${search}; do + if [ "${s}" = "${domain}" ] || + [ "${s}" = "${domain}." ]; then + is_in="true" + fi + done + + if [ "${is_in}" = "false" ]; then + # Add domain name to search list (#637763) + sed -i -e "s/${search}/${search} ${domain}/" /etc/resolv.conf + fi + fi +} + +make_resolv_conf() { + [ "${PEERDNS}" = "no" ] && return + + if [ "${reason}" = "RENEW" ] && + [ "${new_domain_name}" = "${old_domain_name}" ] && + [ "${new_domain_name_servers}" = "${old_domain_name_servers}" ]; then + return + fi + + if [ -n "${new_domain_name}" ] || + [ -n "${new_domain_name_servers}" ] || + [ -n "${new_domain_search}" ]; then + rscf="$(mktemp ${TMPDIR:-/tmp}/XXXXXX)" + [[ -z "${rscf}" ]] && return + echo "; generated by /usr/sbin/dhclient-script" > ${rscf} + + if [ -n "${SEARCH}" ]; then + search="${SEARCH}" + else + if [ -n "${new_domain_search}" ]; then + # Remove instaces of \032 (#450042) + search="${new_domain_search//\\032/ }" + elif [ -n "${new_domain_name}" ]; then + # Note that the DHCP 'Domain Name Option' is really just a domain + # name, and that this practice of using the domain name option as + # a search path is both nonstandard and deprecated. + search="${new_domain_name}" + fi + fi + + if [ -n "${search}" ]; then + echo "search ${search}" >> $rscf + fi + + if [ -n "${RES_OPTIONS}" ]; then + echo "options ${RES_OPTIONS}" >> ${rscf} + fi + + for nameserver in ${new_domain_name_servers} ; do + echo "nameserver ${nameserver}" >> ${rscf} + done + + change_resolv_conf ${rscf} + rm -f ${rscf} + + if [ -n "${search}" ]; then + eventually_add_hostnames_domain_to_search "${search}" + fi + elif [ -n "${new_dhcp6_name_servers}" ] || + [ -n "${new_dhcp6_domain_search}" ]; then + rscf="$(mktemp ${TMPDIR:-/tmp}/XXXXXX)" + [[ -z "${rscf}" ]] && return + echo "; generated by /usr/sbin/dhclient-script" > ${rscf} + + if [ -n "${SEARCH}" ]; then + search="${SEARCH}" + else + if [ -n "${new_dhcp6_domain_search}" ]; then + search="${new_dhcp6_domain_search//\\032/ }" + fi + fi + + if [ -n "${search}" ]; then + echo "search ${search}" >> $rscf + fi + + if [ -n "${RES_OPTIONS}" ]; then + echo "options ${RES_OPTIONS}" >> ${rscf} + fi + + shopt -s nocasematch + for nameserver in ${new_dhcp6_name_servers} ; do + # If the nameserver has a link-local address + # add a <zone_id> (interface name) to it. + if [[ "$nameserver" =~ ^fe80:: ]] + then + zone_id="%${interface}" + else + zone_id= + fi + echo "nameserver ${nameserver}$zone_id" >> ${rscf} + done + shopt -u nocasematch + + change_resolv_conf ${rscf} + rm -f ${rscf} + + if [ -n "${search}" ]; then + eventually_add_hostnames_domain_to_search "${search}" + fi + fi +} + +exit_with_hooks() { + exit_status="${1}" + + if [ -x ${ETCDIR}/dhclient-exit-hooks ]; then + . ${ETCDIR}/dhclient-exit-hooks + fi + + exit ${exit_status} +} + +quad2num() { + if [ $# -eq 4 ]; then + let n="${1} << 24 | ${2} << 16 | ${3} << 8 | ${4}" + echo "${n}" + return 0 + else + echo "0" + return 1 + fi +} + +ip2num() { + IFS="." quad2num ${1} +} + +num2ip() { + let n="${1}" + let o1="(n >> 24) & 0xff" + let o2="(n >> 16) & 0xff" + let o3="(n >> 8) & 0xff" + let o4="n & 0xff" + echo "${o1}.${o2}.${o3}.${o4}" +} + +get_network_address() { +# get network address for the given IP address and (netmask or prefix) + ip="${1}" + nm="${2}" + + if [ -n "${ip}" -a -n "${nm}" ]; then + if [[ "${nm}" = *.* ]]; then + ipcalc -s -n ${ip} ${nm} | cut -d '=' -f 2 + else + ipcalc -s -n ${ip}/${nm} | cut -d '=' -f 2 + fi + fi +} + +get_prefix() { +# get prefix for the given IP address and mask + ip="${1}" + nm="${2}" + + if [ -n "${ip}" -a -n "${nm}" ]; then + ipcalc -s -p ${ip} ${nm} | cut -d '=' -f 2 + fi +} + +class_bits() { + let ip=$(IFS='.' ip2num $1) + let bits=32 + let mask='255' + for ((i=0; i <= 3; i++, 'mask<<=8')); do + let v='ip&mask' + if [ "$v" -eq 0 ] ; then + let bits-=8 + else + break + fi + done + echo $bits +} + +is_router_reachable() { + # handle DHCP servers that give us a router not on our subnet + router="${1}" + routersubnet="$(get_network_address ${router} ${new_subnet_mask})" + mysubnet="$(get_network_address ${new_ip_address} ${new_subnet_mask})" + + if [ ! "${routersubnet}" = "${mysubnet}" ]; then + ip -4 route replace ${router}/32 dev ${interface} + if [ "$?" -ne 0 ]; then + logmessage "failed to create host route for ${router}" + return 1 + fi + fi + + return 0 +} + +add_default_gateway() { + router="${1}" + + if is_router_reachable ${router} ; then + metric="" + if [ $# -gt 1 ] && [ ${2} -gt 0 ]; then + metric="metric ${2}" + fi + ip -4 route replace default via ${router} dev ${interface} ${metric} + if [ $? -ne 0 ]; then + logmessage "failed to create default route: ${router} dev ${interface} ${metric}" + return 1 + else + return 0 + fi + fi + + return 1 +} + +execute_client_side_configuration_scripts() { +# execute any additional client side configuration scripts we have + if [ "${1}" == "config" ] || [ "${1}" == "restore" ]; then + for f in ${ETCDIR}/dhclient.d/*.sh ; do + if [ -x ${f} ]; then + subsystem="${f%.sh}" + subsystem="${subsystem##*/}" + . ${f} + "${subsystem}_${1}" + fi + done + fi +} + +flush_dev() { +# Instead of bringing the interface down (#574568) +# explicitly clear the ARP cache and flush all addresses & routes. + ip -4 addr flush dev ${1} >/dev/null 2>&1 + ip -4 route flush dev ${1} >/dev/null 2>&1 + ip -4 neigh flush dev ${1} >/dev/null 2>&1 +} + +dhconfig() { + if [ -n "${old_ip_address}" ] && [ -n "${alias_ip_address}" ] && + [ ! "${alias_ip_address}" = "${old_ip_address}" ]; then + # possible new alias, remove old alias first + ip -4 addr del ${old_ip_address} dev ${interface} label ${interface}:0 + fi + + if [ -n "${old_ip_address}" ] && + [ ! "${old_ip_address}" = "${new_ip_address}" ]; then + # IP address changed. Delete all routes, and clear the ARP cache. + flush_dev ${interface} + fi + + if [ "${reason}" = "BOUND" ] || [ "${reason}" = "REBOOT" ] || + [ ! "${old_ip_address}" = "${new_ip_address}" ] || + [ ! "${old_subnet_mask}" = "${new_subnet_mask}" ] || + [ ! "${old_network_number}" = "${new_network_number}" ] || + [ ! "${old_broadcast_address}" = "${new_broadcast_address}" ] || + [ ! "${old_routers}" = "${new_routers}" ] || + [ ! "${old_interface_mtu}" = "${new_interface_mtu}" ]; then + ip -4 addr add ${new_ip_address}/${new_prefix} broadcast ${new_broadcast_address} dev ${interface} \ + valid_lft ${new_dhcp_lease_time} preferred_lft ${new_dhcp_lease_time} >/dev/null 2>&1 + ip link set dev ${interface} up + + # The 576 MTU is only used for X.25 and dialup connections + # where the admin wants low latency. Such a low MTU can cause + # problems with UDP traffic, among other things. As such, + # disallow MTUs from 576 and below by default, so that broken + # MTUs are ignored, but higher stuff is allowed (1492, 1500, etc). + if [ -n "${new_interface_mtu}" ] && [ ${new_interface_mtu} -gt 576 ]; then + ip link set dev ${interface} mtu ${new_interface_mtu} + fi + + # static routes + if [ -n "${new_classless_static_routes}" ] || + [ -n "${new_static_routes}" ]; then + if [ -n "${new_classless_static_routes}" ]; then + IFS=', |' static_routes=(${new_classless_static_routes}) + else + IFS=', |' static_routes=(${new_static_routes}) + fi + route_targets=() + + for((i=0; i<${#static_routes[@]}; i+=2)); do + target=${static_routes[$i]} + if [ -n "${new_classless_static_routes}" ]; then + if [ ${target} = "0" ]; then + # If the DHCP server returns both a Classless Static Routes option and + # a Router option, the DHCP client MUST ignore the Router option. (RFC3442) + new_routers="" + prefix="0" + else + prefix=${target%%.*} + target=${target#*.} + IFS="." target_arr=(${target}) + unset IFS + ((pads=4-${#target_arr[@]})) + for j in $(seq $pads); do + target="${target}.0" + done + + # Client MUST zero any bits in the subnet number where the corresponding bit in the mask is zero. + # In other words, the subnet number installed in the routing table is the logical AND of + # the subnet number and subnet mask given in the Classless Static Routes option. (RFC3442) + target="$(get_network_address ${target} ${prefix})" + fi + else + prefix=$(class_bits ${target}) + fi + gateway=${static_routes[$i+1]} + + # special case 0.0.0.0 to allow static routing for link-local addresses + # (including IPv4 multicast) which will not have a next-hop (#769463, #787318) + if [ "${gateway}" = "0.0.0.0" ]; then + valid_gateway=0 + scope='scope link' + else + is_router_reachable ${gateway} + valid_gateway=$? + scope='' + fi + if [ ${valid_gateway} -eq 0 ]; then + metric='' + for t in ${route_targets[@]}; do + if [ ${t} = ${target} ]; then + if [ -z "${metric}" ]; then + metric=1 + else + ((metric=metric+1)) + fi + fi + done + + if [ -n "${metric}" ]; then + metric="metric ${metric}" + fi + + ip -4 route replace ${target}/${prefix} proto static via ${gateway} dev ${interface} ${metric} ${scope} + + if [ $? -ne 0 ]; then + logmessage "failed to create static route: ${target}/${prefix} via ${gateway} dev ${interface} ${metric}" + else + route_targets=(${route_targets[@]} ${target}) + fi + fi + done + fi + + # gateways + if [[ ( "${DEFROUTE}" != "no" ) && + (( -z "${GATEWAYDEV}" ) || ( "${GATEWAYDEV}" = "${interface}" )) ]]; then + if [[ ( -z "$GATEWAY" ) || + (( -n "$DHCLIENT_IGNORE_GATEWAY" ) && ( "$DHCLIENT_IGNORE_GATEWAY" = [Yy]* )) ]]; then + metric="${METRIC:-}" + let i="${METRIC:-0}" + default_routers=() + + for router in ${new_routers} ; do + added_router=- + + for r in ${default_routers[@]} ; do + if [ "${r}" = "${router}" ]; then + added_router=1 + fi + done + + if [ -z "${router}" ] || + [ "${added_router}" = "1" ] || + [ $(IFS=. ip2num ${router}) -le 0 ] || + [[ ( "${router}" = "${new_broadcast_address}" ) && + ( "${new_subnet_mask}" != "255.255.255.255" ) ]]; then + continue + fi + + default_routers=(${default_routers[@]} ${router}) + add_default_gateway ${router} ${metric} + let i=i+1 + metric=${i} + done + elif [ -n "${GATEWAY}" ]; then + routersubnet=$(get_network_address ${GATEWAY} ${new_subnet_mask}) + mysubnet=$(get_network_address ${new_ip_address} ${new_subnet_mask}) + + if [ "${routersubnet}" = "${mysubnet}" ]; then + ip -4 route replace default via ${GATEWAY} dev ${interface} + fi + fi + fi + + else # RENEW||REBIND - only update address lifetimes + ip -4 addr change ${new_ip_address}/${new_prefix} broadcast ${new_broadcast_address} dev ${interface} \ + valid_lft ${new_dhcp_lease_time} preferred_lft ${new_dhcp_lease_time} >/dev/null 2>&1 + fi + + if [ ! "${new_ip_address}" = "${alias_ip_address}" ] && + [ -n "${alias_ip_address}" ]; then + # Reset the alias address (fix: this should really only do this on changes) + ip -4 addr flush dev ${interface} label ${interface}:0 >/dev/null 2>&1 + ip -4 addr add ${alias_ip_address}/${alias_prefix} broadcast ${alias_broadcast_address} dev ${interface} label ${interface}:0 + ip -4 route replace ${alias_ip_address}/32 dev ${interface} + fi + + # After dhclient brings an interface UP with a new IP address, subnet mask, + # and routes, in the REBOOT/BOUND states -> search for "dhclient-up-hooks". + if [ "${reason}" = "BOUND" ] || [ "${reason}" = "REBOOT" ] || + [ ! "${old_ip_address}" = "${new_ip_address}" ] || + [ ! "${old_subnet_mask}" = "${new_subnet_mask}" ] || + [ ! "${old_network_number}" = "${new_network_number}" ] || + [ ! "${old_broadcast_address}" = "${new_broadcast_address}" ] || + [ ! "${old_routers}" = "${new_routers}" ] || + [ ! "${old_interface_mtu}" = "${new_interface_mtu}" ]; then + + if [ -x ${ETCDIR}/dhclient-${interface}-up-hooks ]; then + . ${ETCDIR}/dhclient-${interface}-up-hooks + elif [ -x ${ETCDIR}/dhclient-up-hooks ]; then + . ${ETCDIR}/dhclient-up-hooks + fi + fi + + make_resolv_conf + + if [ -n "${new_host_name}" ] && need_hostname; then + hostname ${new_host_name} || echo "See -nc option in dhclient(8) man page." + fi + + if [[ ( "${DHCP_TIME_OFFSET_SETS_TIMEZONE}" = [yY1]* ) && + ( -n "${new_time_offset}" ) ]]; then + # DHCP option "time-offset" is requested by default and should be + # handled. The geographical zone abbreviation cannot be determined + # from the GMT offset, but the $ZONEINFO/Etc/GMT$offset file can be + # used - note: this disables DST. + ((z=new_time_offset/3600)) + ((hoursWest=$(printf '%+d' $z))) + + if (( $hoursWest < 0 )); then + # tzdata treats negative 'hours west' as positive 'gmtoff'! + ((hoursWest*=-1)) + fi + + tzfile=/usr/share/zoneinfo/Etc/GMT$(printf '%+d' ${hoursWest}) + if [ -e ${tzfile} ]; then + cp -fp ${tzfile} /etc/localtime + touch /etc/localtime + fi + fi + + execute_client_side_configuration_scripts "config" +} + +# Section 18.1.8. (Receipt of Reply Messages) of RFC 3315 says: +# The client SHOULD perform duplicate address detection on each of +# the addresses in any IAs it receives in the Reply message before +# using that address for traffic. +add_ipv6_addr_with_DAD() { + ip -6 addr add ${new_ip6_address}/${new_ip6_prefixlen} \ + dev ${interface} scope global valid_lft ${new_max_life} \ + preferred_lft ${new_preferred_life} + + # repeatedly test whether newly added address passed + # duplicate address detection (DAD) + for i in $(seq 5); do + sleep 1 # give the DAD some time + + addr=$(ip -6 addr show dev ${interface} \ + | grep ${new_ip6_address}/${new_ip6_prefixlen}) + + # tentative flag == DAD is still not complete + tentative=$(echo "${addr}" | grep tentative) + # dadfailed flag == address is already in use somewhere else + dadfailed=$(echo "${addr}" | grep dadfailed) + + if [ -n "${dadfailed}" ] ; then + # address was added with valid_lft/preferred_lft 'forever', remove it + ip -6 addr del ${new_ip6_address}/${new_ip6_prefixlen} dev ${interface} + exit_with_hooks 3 + fi + if [ -z "${tentative}" ] ; then + if [ -n "${addr}" ]; then + # DAD is over + return 0 + else + # address was auto-removed (or not added at all) + exit_with_hooks 3 + fi + fi + done + return 0 +} + +dh6config() { + if [ -n "${old_ip6_prefix}" ] || + [ -n "${new_ip6_prefix}" ]; then + echo Prefix ${reason} old=${old_ip6_prefix} new=${new_ip6_prefix} + exit_with_hooks 0 + fi + + case "${reason}" in + BOUND6) + if [ -z "${new_ip6_address}" ] || + [ -z "${new_ip6_prefixlen}" ]; then + exit_with_hooks 2 + fi + + add_ipv6_addr_with_DAD + + make_resolv_conf + ;; + + RENEW6|REBIND6) + if [[ -n "${new_ip6_address}" ]] && + [[ -n "${new_ip6_prefixlen}" ]]; then + if [[ ! "${new_ip6_address}" = "${old_ip6_address}" ]]; then + add_ipv6_addr_with_DAD + else # only update address lifetimes + ip -6 addr change ${new_ip6_address}/${new_ip6_prefixlen} \ + dev ${interface} scope global valid_lft ${new_max_life} \ + preferred_lft ${new_preferred_life} + fi + fi + + if [ ! "${new_dhcp6_name_servers}" = "${old_dhcp6_name_servers}" ] || + [ ! "${new_dhcp6_domain_search}" = "${old_dhcp6_domain_search}" ]; then + make_resolv_conf + fi + ;; + + DEPREF6) + if [ -z "${new_ip6_prefixlen}" ]; then + exit_with_hooks 2 + fi + + ip -6 addr change ${new_ip6_address}/${new_ip6_prefixlen} \ + dev ${interface} scope global preferred_lft 0 + ;; + esac + + execute_client_side_configuration_scripts "config" +} + + +# +# ### MAIN +# + +if [ -x ${ETCDIR}/dhclient-enter-hooks ]; then + exit_status=0 + + # dhclient-enter-hooks can abort dhclient-script by setting + # the exit_status variable to a non-zero value + . ${ETCDIR}/dhclient-enter-hooks + if [ ${exit_status} -ne 0 ]; then + exit ${exit_status} + fi +fi + +if [ ! -r /etc/sysconfig/network-scripts/network-functions ]; then + echo "Missing /etc/sysconfig/network-scripts/network-functions, exiting." >&2 + exit 1 +fi + +if [ ! -r /etc/rc.d/init.d/functions ]; then + echo "Missing /etc/rc.d/init.d/functions, exiting." >&2 + exit 1 +fi + +. /etc/sysconfig/network-scripts/network-functions +. /etc/rc.d/init.d/functions + +if [ -f /etc/sysconfig/network ]; then + . /etc/sysconfig/network +fi + +if [ -f /etc/sysconfig/networking/network ]; then + . /etc/sysconfig/networking/network +fi + +cd /etc/sysconfig/network-scripts +CONFIG="${interface}" +need_config ${CONFIG} +source_config >/dev/null 2>&1 + +new_prefix="$(get_prefix ${new_ip_address} ${new_subnet_mask})" +old_prefix="$(get_prefix ${old_ip_address} ${old_subnet_mask})" +alias_prefix="$(get_prefix ${alias_ip_address} ${alias_subnet_mask})" + +case "${reason}" in + MEDIUM|ARPCHECK|ARPSEND) + # Do nothing + exit_with_hooks 0 + ;; + + PREINIT) + if [ -n "${alias_ip_address}" ]; then + # Flush alias, its routes will disappear too. + ip -4 addr flush dev ${interface} label ${interface}:0 >/dev/null 2>&1 + fi + + # upstream dhclient-script removes (ifconfig $interface 0 up) old adresses in PREINIT, + # but we sometimes (#125298) need (for iSCSI/nfs root to have a dhcp interface) to keep the existing ip + # flush_dev ${interface} + ip link set dev ${interface} up + if [ -n "${DHCLIENT_DELAY}" ] && [ ${DHCLIENT_DELAY} -gt 0 ]; then + # We need to give the kernel some time to get the interface up. + sleep ${DHCLIENT_DELAY} + fi + + exit_with_hooks 0 + ;; + + PREINIT6) + # ensure interface is up + ip link set dev ${interface} up + + # remove any stale addresses from aborted clients + ip -6 addr flush dev ${interface} scope global permanent + + # we need a link-local address to be ready (not tentative) + for i in $(seq 50); do + linklocal=$(ip -6 addr show dev ${interface} scope link) + # tentative flag means DAD is still not complete + tentative=$(echo "${linklocal}" | grep tentative) + [[ -n "${linklocal}" && -z "${tentative}" ]] && exit_with_hooks 0 + sleep 0.1 + done + + exit_with_hooks 0 + ;; + + BOUND|RENEW|REBIND|REBOOT) + if [ -z "${interface}" ] || [ -z "${new_ip_address}" ]; then + exit_with_hooks 2 + fi + if arping -D -q -c2 -I ${interface} ${new_ip_address}; then + dhconfig + exit_with_hooks 0 + else # DAD failed, i.e. address is already in use + ARP_REPLY=$(arping -D -c2 -I ${interface} ${new_ip_address} | grep reply | awk '{print toupper($5)}' | cut -d "[" -f2 | cut -d "]" -f1) + OUR_MACS=$(ip link show | grep link | awk '{print toupper($2)}' | uniq) + if [[ "${OUR_MACS}" = *"${ARP_REPLY}"* ]]; then + # in RENEW the reply can come from our system, that's OK + dhconfig + exit_with_hooks 0 + else + exit_with_hooks 1 + fi + fi + ;; + + BOUND6|RENEW6|REBIND6|DEPREF6) + dh6config + exit_with_hooks 0 + ;; + + EXPIRE6|RELEASE6|STOP6) + if [ -z "${old_ip6_address}" ] || [ -z "${old_ip6_prefixlen}" ]; then + exit_with_hooks 2 + fi + + ip -6 addr del ${old_ip6_address}/${old_ip6_prefixlen} \ + dev ${interface} + + execute_client_side_configuration_scripts "restore" + + if [ -x ${ETCDIR}/dhclient-${interface}-down-hooks ]; then + . ${ETCDIR}/dhclient-${interface}-down-hooks + elif [ -x ${ETCDIR}/dhclient-down-hooks ]; then + . ${ETCDIR}/dhclient-down-hooks + fi + + exit_with_hooks 0 + ;; + + EXPIRE|FAIL|RELEASE|STOP) + execute_client_side_configuration_scripts "restore" + + if [ -x ${ETCDIR}/dhclient-${interface}-down-hooks ]; then + . ${ETCDIR}/dhclient-${interface}-down-hooks + elif [ -x ${ETCDIR}/dhclient-down-hooks ]; then + . ${ETCDIR}/dhclient-down-hooks + fi + + if [ -n "${alias_ip_address}" ]; then + # Flush alias + ip -4 addr flush dev ${interface} label ${interface}:0 >/dev/null 2>&1 + fi + + if [ -n "${old_ip_address}" ]; then + # Delete addresses/routes/arp cache. + flush_dev ${interface} + fi + + if [ -n "${alias_ip_address}" ]; then + ip -4 addr add ${alias_ip_address}/${alias_prefix} broadcast ${alias_broadcast_address} dev ${interface} label ${interface}:0 + ip -4 route replace ${alias_ip_address}/32 dev ${interface} + fi + + exit_with_hooks 0 + ;; + + TIMEOUT) + if [ -n "${new_routers}" ]; then + if [ -n "${alias_ip_address}" ]; then + ip -4 addr flush dev ${interface} label ${interface}:0 >/dev/null 2>&1 + fi + + ip -4 addr add ${new_ip_address}/${new_prefix} \ + broadcast ${new_broadcast_address} dev ${interface} \ + valid_lft ${new_dhcp_lease_time} preferred_lft ${new_dhcp_lease_time} + set ${new_routers} + + if ping -q -c 1 -w 10 -I ${interface} ${1}; then + dhconfig + exit_with_hooks 0 + fi + + flush_dev ${interface} + exit_with_hooks 1 + else + exit_with_hooks 1 + fi + ;; + + *) + logmessage "unhandled state: ${reason}" + exit_with_hooks 1 + ;; +esac + +exit_with_hooks 0 |