blob: 3833115a48459b90419623627dff74a4d529549c [file] [log] [blame] [raw]
#!/bin/bash
# OpenVZ post-install script
# Copyright (C) 2009-2013, Parallels, Inc. Licensed under GNU GPL.
#
# 1. tune /etc/sysctl.conf
# 2. disable selinux
# Error out
fatal()
{
printf '%s: FATAL ERROR: %s\n' "$*" 1>&2
exit 1
}
# Checks if the file exists and is writable
# $*: file name(s)
check_file()
{
local file
for file in $*; do
test -a $file || fatal "$file not found"
test -w $file || fatal "$file is not writable"
done
}
# Changes the value of param, or adds it.
# $1: file name
# $2: parameter name
# $3: new parameter value
# $4: optional 'noadd' if you don't want to add a non-existing parameter
change_param()
{
local file=$1 p=$2 v=$3
# Escape dots, to be used for regexps
local pp=${p//./\\.}
# Check if param is there
if grep -q "^[ \\t]*${p}[ \\t]*=.*" $file; then
grep -q "^[ \\t]*${p}[ \\t]*=[ \\t]*${v}$" $file && return
# Replace the value
echo "vz-postinstall: $file: set $p = $v"
sed -i -E -e \
"s/^([ \\t]*${p}[ \\t]*=[ \\t]*).*\$/\\1${v}/" \
$file
elif test "x$4" != 'xnoadd'; then # Add the param
# If EOL is missing at the last line, fix
sed -i -e '$q' $file
# Add param
echo "vz-postinstall: $file: add $p = $v"
echo "${p}=${v}" >> $file
fi
}
# Modifies and reloads sysctl parameters
tune_sysctl()
{
local file=/etc/sysctl.conf
check_file $file
change_param $file net.ipv4.ip_forward 1
change_param $file net.ipv4.conf.default.proxy_arp 0
change_param $file kernel.sysrq 1
change_param $file net.ipv4.conf.default.send_redirects 1
change_param $file net.ipv4.conf.all.send_redirects 0
# https://bugzilla.openvz.org/2641
change_param $file net.bridge.bridge-nf-call-ip6tables 1 noadd
change_param $file net.bridge.bridge-nf-call-iptables 1 noadd
sysctl -q -p $file 2> /dev/null
}
# Disables SELinux
disable_selinux()
{
local file=/etc/sysconfig/selinux
# If there's no /etc/sysconfig, just skip
test -d $(dirname $file) || return
# If there's no $file, create it
test -a $file || touch $file
# Check we can write to it
check_file $file
# Put SELINUX=disabled
change_param $file SELINUX disabled
}
# Disables updating kernel package so we stay with OpenVZ kernel
disable_kernel()
{
local file=/etc/yum.conf
# if there is no file, nothing to do
test -a $file || return 0
# Check we can write to it
check_file $file
if ! grep -qE '^exclude=kernel$' $file; then
echo "vz-postinstall: $file: add exclude=kernel"
cat << EOF >> $file
# Added by OpenVZ -- don't let distro kernels to replace OpenVZ ones
exclude=kernel
EOF
fi
}
case $1 in
selinux)
disable_selinux
;;
sysctl)
tune_sysctl
;;
yum)
disable_kernel
;;
*)
echo "Usage: $0 selinux | sysctl | yum" 1>&2
exit 1
esac