xref: /src/release/tools/oracle.conf (revision d07198ff72aeddc5a884cfb81b22c22f2abf88f6) 
1#!/bin/sh
2# Set to a list of packages to install.
3export VM_EXTRA_PACKAGES="
4    comms/py-pyserial
5    converters/base64
6    devel/oci-cli
7    devel/py-babel
8    devel/py-iso8601
9    devel/py-pbr
10    devel/py-six
11    ftp/curl
12    lang/python
13    lang/python3
14    net/cloud-init
15    net/py-eventlet
16    net/py-netaddr
17    net/py-netifaces
18    net/py-oauth
19    net/rsync
20    security/ca_root_nss
21    security/sudo@default
22    sysutils/firstboot-freebsd-update
23    sysutils/firstboot-pkgs
24    sysutils/panicmail
25    textproc/jq
26    "
27
28# Should be enough for base image, image can be resized in needed
29export VMSIZE=8g
30
31# Set to a list of third-party software to enable in rc.conf(5).
32export VM_RC_LIST="
33    cloudinit
34    firstboot_pkgs
35    firstboot_freebsd_update
36    growfs
37    ntpd
38    ntpd_sync_on_start
39    sshd
40    zfs"
41
42# Hack for FreeBSD 15.0; should go away before 15.1.
43MISSING_METALOGS="
44./usr/local/etc/cloud/cloud.cfg
45./usr/local/etc/cloud/cloud.cfg.d/05_logging.cfg
46./usr/local/etc/cloud/cloud.cfg.d/99_freebsd.cfg
47./usr/local/etc/pam.d/sudo
48./usr/local/etc/rsync/rsyncd.conf
49./usr/local/etc/ssl/cert.pem
50./usr/local/etc/sudo.conf
51./usr/local/etc/sudo_logsrvd.conf
52./usr/local/etc/sudoers
53"
54
55vm_extra_pre_umount() {
56	cat <<-'EOF' >> ${DESTDIR}/etc/rc.conf
57		dumpdev=AUTO
58EOF
59
60	cat <<-'EOF' >> ${DESTDIR}/boot/loader.conf
61		autoboot_delay="5"
62		beastie_disable="YES"
63		boot_serial="YES"
64		loader_logo="none"
65		cryptodev_load="YES"
66		opensolaris_load="YES"
67		xz_load="YES"
68		zfs_load="YES"
69EOF
70	metalog_add_data ./boot/loader.conf
71
72	cat <<-'EOF' >> ${DESTDIR}/etc/ssh/sshd_config
73		# S11 Configure the SSH service to prevent password-based login
74		PermitRootLogin prohibit-password
75		PasswordAuthentication no
76		KbdInteractiveAuthentication no
77		PermitEmptyPasswords no
78		UseDNS no
79EOF
80
81	 # S14 Root user login must be disabled on serial-over-ssh console
82	 pw -R ${DESTDIR} usermod root -w no
83	 # Oracle requirements override the default FreeBSD cloud-init settings
84	 cat <<-'EOF' >> ${DESTDIR}/usr/local/etc/cloud/cloud.cfg.d/98_oracle.cfg
85		disable_root: true
86		system_info:
87		   distro: freebsd
88		   default_user:
89		     name: freebsd
90		     lock_passwd: True
91		     gecos: "Oracle Cloud Default User"
92		     groups: [wheel]
93		     sudo: ["ALL=(ALL) NOPASSWD:ALL"]
94		     shell: /bin/sh
95		   network:
96		      renderers: ['freebsd']
97EOF
98	metalog_add_data ./usr/local/etc/cloud/cloud.cfg.d/98_oracle.cfg
99
100	# Use Oracle Cloud Infrastructure NTP server
101	sed -i '' -E -e 's/^pool.*iburst/server 169.254.169.254 iburst/' \
102            ${DESTDIR}/etc/ntp.conf
103
104	return 0
105}
106