_aws-cleanup-scripts.md

A few cleanup scripts for use in packer AMI builds.

ami-sysprep.sh

#!/bin/sh
# ami-sysprep.sh - Clean up machine for use as a generalized AMI
#
# This script was tested on CentOS and RHEL
#
set -x

usage() {
    cat 1>&2 <<EOF
Usage \$0 [OPTIONS]
Prepare system for use as template.
  -f            Run this thing
  -h            Print this help message
EOF
}


verbose() {
    echo "\$@"
}

do_cmd() {
    verbose "    [ \$@ (noop) ]"
}

really_do_cmd() {
    verbose "    [ \$@ ]"
    cmd="\$1"
    shift
    \$cmd "\$@"
}

main() {
    parse_args "\$@"
    remove_ssh_keys
    remove_net_persistent
    remove_hostname
    remove_machine_id
    clean_logs
    clean_yum
    clean_user_history

}

parse_args() {
    while getopts 'fh' opt; do
        case "$opt" in
        f)
            do_cmd() {
                really_do_cmd "$@"
            }
            ;;
        h)
            usage
            exit 0
            ;;
        *)
            usage
            exit 1
            ;;
        esac
    done
}

remove_ssh_keys() {
    verbose 'Removing ssh keys'
    for key in /etc/ssh/ssh_host_*; do
        [ -f "\$key" ] || continue
        verbose "- \$key"
        do_cmd rm -f "\$key"
    done
}

remove_net_persistent() {
    rules='/etc/udev/rules.d/70-persistent-net.rules'
    [ -f "\$rules" ] || return
    verbose 'Removing persistent net UDEV rules'
    do_cmd rm -f "\$rules"
}

remove_hostname() {
    verbose 'Removing fixed hostname'
    do_cmd rm -f '/etc/hostname'
}

remove_machine_id() {
    local machine_id='/etc/machine-id'
    [[ -r "\$machine_id" ]] || return
    grep -qF "\$machine_id" /proc/mounts && return
    verbose 'Removing machine-id'
    do_cmd write_file "\$machine_id" < /dev/null
}


clean_logs() {
    verbose 'Cleaning up logfiles'
    find /var/log -type f | while read log; do
        [ -f "\$log" ] || continue
        verbose "- \$log"
        do_cmd rm -f "\$log"
    done
}

clean_yum() {
    verbose 'Cleaning Yum files database history'
        do_cmd yum clean all
        do_cmd yum history new
}

clean_user_history() {
    verbose 'Cleaning user bash history'
    do_cmd find /home -iname .bash_history -exec rm {} \;
    do_cmd rm -rf /tmp/*
    do_cmd rm -rf /var/tmp/*
}

write_file() {
    cat > "\$1"
}

main "\$@"
exit 0

clean-awslogs.sh

#!/usr/bin/env bash


logger() {
  DT=$(date '+%Y/%m/%d %H:%M:%S')
  echo "$DT $0: $1"
}

logger "Cleanup awslogs files"

systemctl stop awslogs
rm -rf /var/awslogs/state/*
rm -f /var/log/awslogs.log

logger "restorecon for etc filesystem to avoid excessive SELinux errors"
restorecon -R -v /etc/

cleanup-aws.sh

#!/usr/bin/env bash

set -x

logger() {
  DT=$(date '+%Y/%m/%d %H:%M:%S')
  echo "$DT $0: $1"
}

logger "Cleanup install artifacts"
sudo rm -rf /tmp/*

logger "Performing cleanup of history"
history -cw

#### AWS Removal tasks
logger "Cleanup AWS install artifacts"
rm -rf /var/lib/cloud/instances/*

#### SSH cleanup
shred -u /etc/ssh/*_key /etc/ssh/*_key.pub
rm /root/.ssh/authorized_keys
rm -f /root/.ssh/authorized_keys
rm -f /root/anaconda-ks.cfg
rm -f /root/original-ks.cfg

# Zero out the rest of the free space using dd, then delete the written file.
dd if=/dev/zero of=/EMPTY bs=1M
rm -f /EMPTY
rm -f /zeros

# Add `sync` so Packer doesn't quit too early, before the large file is deleted.
sync

logger "Cleanup complete"

### yum cleanup
yum -y clean all
rm -rf /var/cache/yum

rm -f -v linux.iso