On Sun, 2004-10-24 at 13:25, Tor Rune Skoglund wrote:
> Hi List,
>
> when trying to make a good template server, one obviously has
> to start and enter the virtual server and test the installation
> of it, add some programs, make config changes in it and so on.
>
> But when using it as a template, some files must be removed
> or altered before it is made "production ready". AFAICS at
> least these have to be changed/deleted:
>
> * ssh keys
> * shell history file
> * root password setting
> * any standard users password settings
>
> I am sure there are more, so if any of you experts out there
> has additions to the list, please mail me or the list.
> I'll make a summary on the wiki afterwards.
For a gentoo based vserver, I use the following script(s)
- I am assuming a cron daemon is installed within the template:
Within the /vservers/TEMPLATE/etc/cron.daily I put:
#update-template.cron
#!/bin/bash
sync
emerge rsync
sleep 10
emerge --buildpkg --update world
/usr/sbin/fixpackages
/usr/sbin/env-update
/sbin/depscan.sh
# Clean up root data
rm -f /root/dead.letter
rm -rf /root/.ssh/*
echo > root/.bash_history
echo > root/.bashrc
echo > root/.bash_profile
After this cronjob is finished - to be sure at 6am, from the Host
crontab I run the following:
#update_template.sh
#!/bin/bash
umask 0077
CURDATE=`date +%d%m%Y`
if [ "x$1" = "x" ] ; then
TEMPLATE="template-$CURDATE"
TEMPLATE_DIR="TEMPLATE"
else
TEMPLATE="$1"
TEMPLATE_DIR="$1"
fi
TEMPFILE="/tmp/exclude_$TEMPLATE_DIR"
cat exclude_template | sed "s/TEMPLATE/$TEMPLATE_DIR/g" > $TEMPFILE
tar -X $TEMPFILE -C /vservers -cpf /vservers/$TEMPLATE.tar $TEMPLATE_DIR
bzip2 -9 /vservers/$TEMPLATE.tar
rm -f $TEMPFILE
exit 0
And the exclude tree looks like this
#exclude_template
TEMPLATE/root/*
TEMPLATE/proc/*
TEMPLATE/dev/pts/*
*distcc*
TEMPLATE/tmp/*
TEMPLATE/usr/portage/*
TEMPLATE/var/tmp/*
TEMPLATE/var/lib/init.d/started/*
TEMPLATE/etc/cron.daily/update-template.cron
TEMPLATE/var/spool/cron/lastrun/*
There are some additional things to change when deploying the template:
* I change /etc/ssh/sshd_config where I set the Listen option to the IP
of the vserver
> Also, I do not know how well vserver-copy or other copy tools
> handle such files, as the documentation seems to be a bit
> sparse on the tools. Any enlightment on these matters will
> be highly appreciated.
I can't help you with that, I have no experience with these tools ;)
> Best regards
> Tor Rune Skoglund
> [EMAIL PROTECTED]
>
> _______________________________________________
> Vserver mailing list
> [EMAIL PROTECTED]
> http://list.linux-vserver.org/mailman/listinfo/vserver
--
Regards,
Dennis Roos
Network Engineer
InTouch N.V.
Middenweg 76
1097 BS Amsterdam
Tel: +31 (0)20 6752060
Fax: +31 (0)20 6758429
_______________________________________________
Vserver mailing list
[EMAIL PROTECTED]
http://list.linux-vserver.org/mailman/listinfo/vserver
