tobert · May 27, 2020 15:59
diff --git a/p2d.sh b/p2d.sh
 #!/bin/bash
 #
 # This is really just notes, but I put them in a shell script so I get
 # free highlighting and easy cut/paste (in and out).
 #

 echo "Don't run this script! It's meant to be read. It will destroy your system!"
 exit 1

 RAW="lucid-amd64-cdh3u4-raw"
 NAME="lucid-amd64-cdh3u4"
 SOURCE="hdp-c1mr9.foobar.com"
 KEEPUSERS="mapred"

 # I use btrfs so I don't have to re-clone if I screw up
 btrfs subvolume create $RAW
 rsync -avxe ssh root@$SOURCE:/ $RAW

 # make a snapshot to do the actual setup
 btrfs subvolume snapshot $RAW $NAME

 chroot $NAME /bin/bash -l

 # clean up user dirs
 rm -rf /root/*
 cd /home
 for user in $KEEPUSERS; do mv $user .$user; done
 for user in *; do userdel $user 2>/dev/null; rm -rf $user; done
 for user in $KEEPUSERS; do mv .$user $user; chown -R $user $user; done

 # clean up one user's RVM
 rm -rf /home/mapred/.rvm/src /home/mapred/.rvm/archives

 # install stuff that's already there so they don't get marked for autoremove
 apt-get install -y busybox-static \
  xz-utils bsd-mailx \
  libxslt1.1 libyaml-0-2 libopenssl-ruby libruby \
  mysql-common

 # remove system services that aren't required
 apt-get remove \
  grub2 grub-pc grub-common linux-image linux-firmware \
  $(dpkg --list |awk '/-dev /{print $2}') \
  dnscache-run djbdns daemontools \
  smartmontools mdadm lm-sensors \
  apport at avahi-daemon cron logrotate rsyslog dbus consolekit \
  irqbalance console-setup kbd dhcpcd dmsetup \
  xinetd update-inetd \
  gsfonts-x11 libice6 libsm6 libxt6 libxtst6 x11-common xfonts-encodings xfonts-utils \
  ntp ntpdate powermgmt-base \
  dstat sysstat tcpdump \
  apport-symptoms \
  gcc gdb autoconf gcc-4.4 \
  gdisk hdparm laptop-detect \
  cpu-checker dmidecode dosfstools eject fuse-utils

 # remove extra stuff that was pulled in as dependencies
 apt-get autoremove -y

 # clean up leftover garbage from removed packages
 for pkg in $(dpkg --list |awk '/^rc/{print $2}')
 do
  dpkg --purge $pkg
 done

 # remove old logs
 logrotate -f /etc/logrotate.conf # force rotation
 rm -f /var/log/*.gz /var/log/rsyslog/* /var/log/dmesg*

 # delete cruft
 rm -rf /etc/mdadm /etc/sv
 rm -rf /lost+found
 rm -rf /mnt /media
 rm -rf /tmp/* /var/tmp/* /run/* /initrd
 rm -rf /boot /lib/modules /lib/firmware

 # remove old deploys
 for app in /opt/*/*
 do
  current=$(readlink $app/current)
  if [ -n "$current" ] ; then
    for reldir in $app/releases/*
    do
      if [ "$reldir" != "$current" ] ; then
        rm -rf $reldir
      fi
    done
  fi
 done

 # make sure basic paths are there
 mkdir /run /data

 # make sure some permissions are sane
 chown -R root:root /lib /root

 # now add some packages specific to how we use Docker
 # ignore upstart since it's not going to get used
 apt-get install -y runit
 apt-get clean

 # make sure /etc/hosts is sane
 cat > /etc/hosts <<EOF
 127.0.0.1       localhost
 ::1     localhost ip6-localhost ip6-loopback
 fe00::0 ip6-localnet
 ff00::0 ip6-mcastprefix
 ff02::1 ip6-allnodes
 ff02::2 ip6-allrouters
 EOF

 # unconfigure networking
 echo "unconfigured" > /etc/hostname
 cat > /etc/network/interfaces <<EOF
 auto lo
 iface lo inet loopback

 auto eth0
 iface eth0 inet dhcp
 EOF

 # reconfigure rsyslog to forward
 cat > /etc/rsyslog.conf <<EOF
 \$ModLoad imuxsock
 \$ModLoad imklog
 \$KLogPath /var/run/rsyslog/kmsg
 \$FileOwner syslog
 \$FileGroup adm
 \$FileCreateMode 0644
 \$DirCreateMode 0755
 \$Umask 0022
 \$PrivDropToUser syslog
 \$PrivDropToGroup syslog
 \$PreserveFQDN on
 *.* @10.0.0.1
 EOF

 # then I test in LXC real quick to get my app working
 cat > tester.xml <<EOF
 <domain type='lxc'>
  <name>tester</name>
  <uuid>deadbeef-cafe-dead-beef-cafedeadbeef</uuid>
  <memory unit='KiB'>2097152</memory>
  <currentMemory unit='KiB'>2097152</currentMemory>
  <vcpu placement='static'>1</vcpu>
  <os>
    <type arch='x86_64'>exe</type>
    <init>/bin/bash</init>
  </os>
  <clock offset='utc'/>
  <on_poweroff>destroy</on_poweroff>
  <on_reboot>restart</on_reboot>
  <on_crash>destroy</on_crash>
  <devices>
    <emulator>/usr/lib/libvirt/libvirt_lxc</emulator>
    <filesystem type='mount' accessmode='passthrough'>
      <source dir='$NAME'/>
      <target dir='/'/>
    </filesystem>
    <filesystem type='ram' accessmode='passthrough'>
      <source usage='0' units='KiB'/>
      <target dir='/dev/shm'/>
    </filesystem>
    <filesystem type='ram' accessmode='passthrough'>
      <source usage='0' units='KiB'/>
      <target dir='/run'/>
    </filesystem>
    <console type='pty'>
      <target type='lxc' port='0'/>
      <alias name='console0'/>
    </console>
  </devices>
 </domain>
 EOF

 virsh -c lxc:/// define tester.xml
 virsh -c lxc:/// create --console tester
	#!/bin/bash
	#
	# This is really just notes, but I put them in a shell script so I get
	# free highlighting and easy cut/paste (in and out).
	#

	echo "Don't run this script! It's meant to be read. It will destroy your system!"
	exit 1

	RAW="lucid-amd64-cdh3u4-raw"
	NAME="lucid-amd64-cdh3u4"
	SOURCE="hdp-c1mr9.foobar.com"
	KEEPUSERS="mapred"

	# I use btrfs so I don't have to re-clone if I screw up
	btrfs subvolume create $RAW
	rsync -avxe ssh root@$SOURCE:/ $RAW

	# make a snapshot to do the actual setup
	btrfs subvolume snapshot $RAW $NAME

	chroot $NAME /bin/bash -l

	# clean up user dirs
	rm -rf /root/*
	cd /home
	for user in $KEEPUSERS; do mv $user .$user; done
	for user in *; do userdel $user 2>/dev/null; rm -rf $user; done
	for user in $KEEPUSERS; do mv .$user $user; chown -R $user $user; done

	# clean up one user's RVM
	rm -rf /home/mapred/.rvm/src /home/mapred/.rvm/archives

	# install stuff that's already there so they don't get marked for autoremove
	apt-get install -y busybox-static \
	xz-utils bsd-mailx \
	libxslt1.1 libyaml-0-2 libopenssl-ruby libruby \
	mysql-common

	# remove system services that aren't required
	apt-get remove \
	grub2 grub-pc grub-common linux-image linux-firmware \
	$(dpkg --list \|awk '/-dev /{print $2}') \
	dnscache-run djbdns daemontools \
	smartmontools mdadm lm-sensors \
	apport at avahi-daemon cron logrotate rsyslog dbus consolekit \
	irqbalance console-setup kbd dhcpcd dmsetup \
	xinetd update-inetd \
	gsfonts-x11 libice6 libsm6 libxt6 libxtst6 x11-common xfonts-encodings xfonts-utils \
	ntp ntpdate powermgmt-base \
	dstat sysstat tcpdump \
	apport-symptoms \
	gcc gdb autoconf gcc-4.4 \
	gdisk hdparm laptop-detect \
	cpu-checker dmidecode dosfstools eject fuse-utils

	# remove extra stuff that was pulled in as dependencies
	apt-get autoremove -y

	# clean up leftover garbage from removed packages
	for pkg in $(dpkg --list \|awk '/^rc/{print $2}')
	do
	dpkg --purge $pkg
	done

	# remove old logs
	logrotate -f /etc/logrotate.conf # force rotation
	rm -f /var/log/.gz /var/log/rsyslog/ /var/log/dmesg*

	# delete cruft
	rm -rf /etc/mdadm /etc/sv
	rm -rf /lost+found
	rm -rf /mnt /media
	rm -rf /tmp/* /var/tmp/* /run/* /initrd
	rm -rf /boot /lib/modules /lib/firmware

	# remove old deploys
	for app in /opt//
	do
	current=$(readlink $app/current)
	if [ -n "$current" ] ; then
	for reldir in $app/releases/*
	do
	if [ "$reldir" != "$current" ] ; then
	rm -rf $reldir
	fi
	done
	fi
	done

	# make sure basic paths are there
	mkdir /run /data

	# make sure some permissions are sane
	chown -R root:root /lib /root

	# now add some packages specific to how we use Docker
	# ignore upstart since it's not going to get used
	apt-get install -y runit
	apt-get clean

	# make sure /etc/hosts is sane
	cat > /etc/hosts <<EOF
	127.0.0.1 localhost
	::1 localhost ip6-localhost ip6-loopback
	fe00::0 ip6-localnet
	ff00::0 ip6-mcastprefix
	ff02::1 ip6-allnodes
	ff02::2 ip6-allrouters
	EOF

	# unconfigure networking
	echo "unconfigured" > /etc/hostname
	cat > /etc/network/interfaces <<EOF
	auto lo
	iface lo inet loopback

	auto eth0
	iface eth0 inet dhcp
	EOF

	# reconfigure rsyslog to forward
	cat > /etc/rsyslog.conf <<EOF
	\$ModLoad imuxsock
	\$ModLoad imklog
	\$KLogPath /var/run/rsyslog/kmsg
	\$FileOwner syslog
	\$FileGroup adm
	\$FileCreateMode 0644
	\$DirCreateMode 0755
	\$Umask 0022
	\$PrivDropToUser syslog
	\$PrivDropToGroup syslog
	\$PreserveFQDN on
	. @10.0.0.1
	EOF

	# then I test in LXC real quick to get my app working
	cat > tester.xml <<EOF
	<domain type='lxc'>
	<name>tester</name>
	<uuid>deadbeef-cafe-dead-beef-cafedeadbeef</uuid>
	<memory unit='KiB'>2097152</memory>
	<currentMemory unit='KiB'>2097152</currentMemory>
	<vcpu placement='static'>1</vcpu>
	<os>
	<type arch='x86_64'>exe</type>
	<init>/bin/bash</init>
	</os>
	<clock offset='utc'/>
	<on_poweroff>destroy</on_poweroff>
	<on_reboot>restart</on_reboot>
	<on_crash>destroy</on_crash>
	<devices>
	<emulator>/usr/lib/libvirt/libvirt_lxc</emulator>
	<filesystem type='mount' accessmode='passthrough'>
	<source dir='$NAME'/>
	<target dir='/'/>
	</filesystem>
	<filesystem type='ram' accessmode='passthrough'>
	<source usage='0' units='KiB'/>
	<target dir='/dev/shm'/>
	</filesystem>
	<filesystem type='ram' accessmode='passthrough'>
	<source usage='0' units='KiB'/>
	<target dir='/run'/>
	</filesystem>
	<console type='pty'>
	<target type='lxc' port='0'/>
	<alias name='console0'/>
	</console>
	</devices>
	</domain>
	EOF

	virsh -c lxc:/// define tester.xml
	virsh -c lxc:/// create --console tester