def InstallComputeImagePackages(packages_dir):
utils.LogStep('Install compute-image-packages')
utils.Run([
"egrep -lRZ 'python' %s | "
"xargs -0 -l sed -i -e '/#!.*python/c\#!/usr/bin/env python2'" %
packages_dir
],
shell=True)
utils.CopyFiles(os.path.join(packages_dir, 'google-daemon', '*'), '/')
utils.CopyFiles(os.path.join(packages_dir, 'google-startup-scripts', '*'),
'/')
utils.SecureDeleteFile('/README.md')
# TODO: Fix gcimagebundle does not work with Arch yet.
#InstallGcimagebundle(packages_dir)
# Patch Google services to run after the network is actually available.
PatchGoogleSystemdService(
'/usr/lib/systemd/system/google-startup-scripts.service')
PatchGoogleSystemdService(
'/usr/lib/systemd/system/google-accounts-manager.service')
PatchGoogleSystemdService(
'/usr/lib/systemd/system/google-address-manager.service')
PatchGoogleSystemdService('/usr/lib/systemd/system/google.service')
utils.EnableService('google-accounts-manager.service')
utils.EnableService('google-address-manager.service')
utils.EnableService('google.service')
utils.EnableService('google-startup-scripts.service')
utils.DeleteDirectory(packages_dir)
def SetupFail2ban():
utils.LogStep('Configure fail2ban')
# http://flexion.org/posts/2012-11-ssh-brute-force-defence.html
utils.Pacman(['-S', 'fail2ban'])
utils.WriteFile('/etc/fail2ban/jail.local', ETC_FAIL2BAN_JAIL_LOCAL)
utils.WriteFile('/etc/fail2ban/jail.d/sshd.conf',
ETC_FAIL2BAN_JAIL_D_SSHD_CONF)
utils.EnableService('syslog-ng')
utils.EnableService('fail2ban.service')
def SetupNetwork():
utils.LogStep('Setup Networking')
utils.SecureDeleteFile('/etc/hostname')
utils.WriteFile('/etc/hosts', ETC_HOSTS)
utils.WriteFile('/etc/sysctl.d/70-disable-ipv6.conf',
ETC_SYSCTL_D_70_DISABLE_IPV6_CONF)
utils.EnableService('dhcpcd.service')
utils.EnableService('systemd-networkd.service')
utils.EnableService('systemd-networkd-wait-online.service')
def SetupNetwork():
utils.LogStep('Setup Networking')
utils.SecureDeleteFile('/etc/hostname')
utils.WriteFile('/etc/hosts', ETC_HOSTS)
utils.WriteFile('/etc/sysctl.d/70-disable-ipv6.conf',
ETC_SYSCTL_D_70_DISABLE_IPV6_CONF)
# https://wiki.archlinux.org/index.php/Network_configuration#Reverting_to_traditional_device_names
utils.Symlink('/dev/null', '/etc/udev/rules.d/80-net-setup-link.rules')
utils.EnableService('dhcpcd.service')
utils.EnableService('systemd-networkd.service')
utils.EnableService('systemd-networkd-wait-online.service')
def SetupNetwork():
utils.LogStep('Setup Networking')
utils.SecureDeleteFile('/etc/hostname')
utils.WriteFile('/etc/hosts', ETC_HOSTS)
utils.WriteFile('/etc/sysctl.d/70-disable-ipv6.conf',
ETC_SYSCTL_D_70_DISABLE_IPV6_CONF)
utils.EnableService('dhcpcd.service')
utils.EnableService('systemd-networkd.service')
utils.EnableService('systemd-networkd-wait-online.service')
# Set Google Compute specific MTU
# https://cloud.google.com/compute/docs/troubleshooting#packetfragmentation
utils.WriteFile('/etc/systemd/system/[email protected]', ETC_SYSTEM_D_SET_MTU)
utils.CreateDirectory('/etc/conf.d/')
utils.WriteFile('/etc/conf.d/setmtu', ETC_CONF_D_SET_MTU)
utils.EnableService('*****@*****.**')
def SetupSsh():
utils.LogStep('Configure SSH')
utils.WriteFile('/etc/ssh/sshd_not_to_be_run', 'GOOGLE')
utils.SecureDeleteFile('/etc/ssh/ssh_host_key')
utils.SecureDeleteFile('/etc/ssh/ssh_host_rsa_key*')
utils.SecureDeleteFile('/etc/ssh/ssh_host_dsa_key*')
utils.SecureDeleteFile('/etc/ssh/ssh_host_ecdsa_key*')
utils.WriteFile('/etc/ssh/ssh_config', ETC_SSH_SSH_CONFIG)
utils.Chmod('/etc/ssh/ssh_config', 644)
utils.WriteFile('/etc/ssh/sshd_config', ETC_SSH_SSHD_CONFIG)
utils.Chmod('/etc/ssh/sshd_config', 644)
utils.EnableService('sshd.service')
