class BoxGrinder::EC2Plugin

Public Instance Methods

add_ec2_user(guestfs) click to toggle source

Adds ec2-user will full sudo access without password per Fedora security guidelines. We should not use root access on AMIs as it is not secure and prohibited by AWS.

issues.jboss.org/browse/BGBUILD-110

# File lib/boxgrinder-build/plugins/platform/ec2/ec2-plugin.rb, line 159
def add_ec2_user(guestfs)
  @log.debug "Adding ec2-user user..."

  # We need to add ec2-user only when it doesn't exists
  #
  # https://issues.jboss.org/browse/BGBUILD-313
  unless guestfs.fgrep("ec2-user", "/etc/passwd").empty?
    @log.debug("ec2-user already exists, skipping.")
    return
  end

  guestfs.sh("useradd ec2-user")
  guestfs.sh("echo -e 'ec2-user\tALL=(ALL)\tNOPASSWD: ALL' >> /etc/sudoers")

  @log.debug "User ec2-user added."
end
after_init() click to toggle source
# File lib/boxgrinder-build/plugins/platform/ec2/ec2-plugin.rb, line 27
def after_init
  register_deliverable(:disk => "#{@appliance_config.name}.ec2")

  register_supported_os('fedora', ['13', '14', '15', '16', '17'])
  register_supported_os('centos', ['5', '6'])
  register_supported_os('sl', ['5', '6'])
  register_supported_os('rhel', ['5', '6'])
end
change_configuration(guestfs_helper) click to toggle source
# File lib/boxgrinder-build/plugins/platform/ec2/ec2-plugin.rb, line 217
def change_configuration(guestfs_helper)
  guestfs_helper.augeas do
    # disable password authentication
    set("/etc/ssh/sshd_config", "PasswordAuthentication", "no")

    # disable root login
    set("/etc/ssh/sshd_config", "PermitRootLogin", "no")
  end
end
create_devices(guestfs) click to toggle source
# File lib/boxgrinder-build/plugins/platform/ec2/ec2-plugin.rb, line 90
def create_devices(guestfs)
  return if guestfs.exists('/sbin/MAKEDEV') == 0

  @log.debug "Creating required devices..."
  guestfs.sh("/sbin/MAKEDEV -d /dev -x console")
  guestfs.sh("/sbin/MAKEDEV -d /dev -x null")
  guestfs.sh("/sbin/MAKEDEV -d /dev -x zero")
  @log.debug "Devices created."
end
disk_device_prefix() click to toggle source
# File lib/boxgrinder-build/plugins/platform/ec2/ec2-plugin.rb, line 100
def disk_device_prefix
  disk = 'xv'
  disk = 's' if (@appliance_config.os.name == 'rhel' or @appliance_config.os.name == 'centos') and @appliance_config.os.version == '5'

  disk
end
enable_networking(guestfs) click to toggle source

enable networking on default runlevels

# File lib/boxgrinder-build/plugins/platform/ec2/ec2-plugin.rb, line 177
def enable_networking(guestfs)
  @log.debug "Enabling networking..."
  guestfs.sh("/sbin/chkconfig network on")
  guestfs.upload("#{File.dirname(__FILE__)}/src/ifcfg-eth0", "/etc/sysconfig/network-scripts/ifcfg-eth0")
  @log.debug "Networking enabled."
end
enable_nosegneg_flag(guestfs) click to toggle source

This fixes issues with Fedora 14 on EC2: bugzilla.redhat.com/show_bug.cgi?id=651861#c39

# File lib/boxgrinder-build/plugins/platform/ec2/ec2-plugin.rb, line 148
def enable_nosegneg_flag(guestfs)
  @log.debug "Enabling nosegneg flag..."
  guestfs.sh("echo \"hwcap 1 nosegneg\" > /etc/ld.so.conf.d/libc6-xen.conf")
  guestfs.sh("/sbin/ldconfig")
  @log.debug "Nosegneg enabled."
end
execute() click to toggle source
# File lib/boxgrinder-build/plugins/platform/ec2/ec2-plugin.rb, line 36
def execute
  @linux_helper = LinuxHelper.new(:log => @log)

  @log.info "Converting #{@appliance_config.name} appliance image to EC2 format..."

  @image_helper.create_disk(@deliverables.disk, 10) # 10 GB destination disk

  @image_helper.customize([@previous_deliverables.disk, @deliverables.disk], :automount => false) do |guestfs, guestfs_helper|
    @image_helper.sync_filesystem(guestfs, guestfs_helper)
    
    # TODO is this really needed?
    @log.debug "Uploading '/etc/resolv.conf'..."
    guestfs.upload("/etc/resolv.conf", "/etc/resolv.conf")
    @log.debug "'/etc/resolv.conf' uploaded."

    if (@appliance_config.os.name == 'rhel' or @appliance_config.os.name == 'centos') and @appliance_config.os.version == '5'
      # Remove normal kernel
      guestfs.sh("yum -y remove kernel")
      # because we need to install kernel-xen package
      guestfs_helper.sh("yum -y install kernel-xen", :arch => @appliance_config.hardware.arch)
      # and add require modules
      @linux_helper.recreate_kernel_image(guestfs, ['xenblk', 'xennet'])
    end

    create_devices(guestfs)

    guestfs.mkdir("/data") if @appliance_config.is64bit?

    upload_fstab(guestfs)
    enable_networking(guestfs)
    upload_rc_local(guestfs)
    add_ec2_user(guestfs)
    change_configuration(guestfs_helper)
    install_menu_lst(guestfs)

    enable_nosegneg_flag(guestfs) if @appliance_config.os.name == 'fedora'

    execute_post(guestfs_helper)
  end

  @log.info "Image converted to EC2 format."
end
execute_post(guestfs_helper) click to toggle source
# File lib/boxgrinder-build/plugins/platform/ec2/ec2-plugin.rb, line 79
def execute_post(guestfs_helper)
  unless @appliance_config.post['ec2'].nil?
    @appliance_config.post['ec2'].each do |cmd|
      guestfs_helper.sh(cmd, :arch => @appliance_config.hardware.arch)
    end
    @log.debug "Post commands from appliance definition file executed."
  else
    @log.debug "No commands specified, skipping."
  end
end
install_menu_lst(guestfs) click to toggle source
# File lib/boxgrinder-build/plugins/platform/ec2/ec2-plugin.rb, line 127
def install_menu_lst(guestfs)
  @log.debug "Uploading '/boot/grub/menu.lst' file..."
  menu_lst_data = File.open("#{File.dirname(__FILE__)}/src/menu.lst").read

  menu_lst_data.gsub!(/#TITLE#/, @appliance_config.name)
  menu_lst_data.gsub!(/#KERNEL_VERSION#/, @linux_helper.kernel_version(guestfs))
  menu_lst_data.gsub!(/#KERNEL_IMAGE_NAME#/, @linux_helper.kernel_image_name(guestfs))

  menu_lst = Tempfile.new('menu_lst')
  menu_lst << menu_lst_data
  menu_lst.flush

  menu_d = '/boot/grub'
  guestfs.mkdir_p(menu_d) if guestfs.exists(menu_d) == 0
  guestfs.upload(menu_lst.path, '/boot/grub/menu.lst')

  menu_lst.close
  @log.debug "'/boot/grub/menu.lst' file uploaded."
end
upload_fstab(guestfs) click to toggle source
# File lib/boxgrinder-build/plugins/platform/ec2/ec2-plugin.rb, line 107
def upload_fstab(guestfs)
  @log.debug "Uploading '/etc/fstab' file..."

  fstab_file = @appliance_config.is64bit? ? "#{File.dirname(__FILE__)}/src/fstab_64bit" : "#{File.dirname(__FILE__)}/src/fstab_32bit"

  fstab_data = File.open(fstab_file).read
  fstab_data.gsub!(/#DISK_DEVICE_PREFIX#/, disk_device_prefix)
  fstab_data.gsub!(/#FILESYSTEM_TYPE#/, @appliance_config.hardware.partitions['/']['type'])

  fstab = Tempfile.new('fstab')
  fstab << fstab_data
  fstab.flush

  guestfs.upload(fstab.path, "/etc/fstab")

  fstab.close

  @log.debug "'/etc/fstab' file uploaded."
end
upload_rc_local(guestfs) click to toggle source
# File lib/boxgrinder-build/plugins/platform/ec2/ec2-plugin.rb, line 184
def upload_rc_local(guestfs)
  @log.debug "Uploading '/etc/rc.d/rc.local' file..."
  rc_local = Tempfile.new('rc_local')

  if guestfs.exists("/etc/rc.d/rc.local") == 1
    # We're appending
    rc_local << guestfs.read_file("/etc/rc.d/rc.local")
  else
    # We're creating new file
    rc_local << "#!/bin/bash\n\n"
  end

  rc_local << File.read("#{File.dirname(__FILE__)}/src/rc_local")
  rc_local.flush

  guestfs.upload(rc_local.path, "/etc/rc.d/rc.local")

  rc_local.close

  # Fedora 16 doesn't have /etc/rc.local file and we need to
  # enable rc.local compatibility with systemd
  # We need to make sure that network is available when executing rc.local
  if (@appliance_config.os.name == 'fedora' and @appliance_config.os.version >= '16')
    guestfs.cp("/lib/systemd/system/rc-local.service", "/etc/systemd/system/")
    guestfs.sh("sed -i '/^ConditionFileIsExecutable/a After=network.target' /etc/systemd/system/rc-local.service")
    guestfs.sh("systemctl enable rc-local.service")
    guestfs.ln_sf("/etc/rc.d/rc.local", "/etc/rc.local")
    guestfs.chmod(0755, "/etc/rc.d/rc.local")
  end

  @log.debug "'/etc/rc.d/rc.local' file uploaded."
end