blob: 625056aae51c3d838840efa0d59721ce8807c61a [file] [log] [blame] [raw]
#!/bin/bash
# OpenVZ post-install script
# Copyright (C) 2009-2013, Parallels, Inc. Licensed under GNU GPL.
#
# 1. tune /etc/sysctl.conf
# 2. disable selinux
# Error out
fatal()
{
echo "$0: FATAL ERROR:" $* 1>&2
exit 1
}
# Checks if the file exists and is writable
# $*: file name(s)
check_file()
{
local file
for file in $*; do
test -a $file || fatal "$file not found"
test -w $file || fatal "$file is not writable"
done
}
# Changes the value of param, or adds it.
# $1: file name
# $2: parameter name
# $3: new parameter value
# $4: optional 'noadd' if you don't want to add a non-existing parameter
change_param()
{
local file=$1 p=$2 v=$3
# Escape dots, to be used for regexps
local pp=${p//./\\.}
# Check if param is there
if grep -q "^[ \t]*${p}[ \t]*=.*" $file; then
grep -q "^[ \t]*${p}[ \t]*=[ \t]*${v}$" $file && return
# Replace the value
echo "vz-postinstall: $file: set $p = $v"
sed -i -e \
"s/^\([ \t]*${p}[ \t]*=[ \t]*\).*\$/\1${v}/" \
$file
elif test "x$4" != 'xnoadd'; then # Add the param
# If EOL is missing at the last line, fix
sed -i -e '$q' $file
# Add param
echo "vz-postinstall: $file: add $p = $v"
echo "${p}=${v}" >> $file
fi
}
# Modifies and reloads sysctl parameters
tune_sysctl()
{
local file=/etc/sysctl.conf
check_file $file
change_param $file net.ipv4.ip_forward 1
change_param $file net.ipv4.conf.default.proxy_arp 0
change_param $file kernel.sysrq 1
change_param $file net.ipv4.conf.default.send_redirects 1
change_param $file net.ipv4.conf.all.send_redirects 0
# https://bugzilla.openvz.org/2641
change_param $file net.bridge.bridge-nf-call-ip6tables 1 noadd
change_param $file net.bridge.bridge-nf-call-iptables 1 noadd
sysctl -q -p 2>/dev/null
}
# Disables SELinux
disable_selinux()
{
local file=/etc/sysconfig/selinux
# If there's no /etc/sysconfig, just skip
test -d $(dirname $file) || return
# If there's no $file, create it
test -a $file || touch $file
# Check we can write to it
check_file $file
# Put SELINUX=disabled
change_param $file SELINUX disabled
}
case $1 in
selinux)
disable_selinux
;;
sysctl)
tune_sysctl
;;
*)
echo "Usage: $0 selinux | sysctl" 1>&2
exit 1
esac