#!/bin/sh ## SECURITY # clear the logs find /var/log -type f -delete # clean apt apt-get clean all # delete ssh host keys and ask cloud-init to regenerate them at first boot # ssh host keys need to be unique rm -rf /etc/ssh/*key* mkdir -p /var/lib/cloud/scripts/per-once echo dpkg-reconfigure openssh-server > /var/lib/cloud/scripts/per-once/sshkeys chmod +x /var/lib/cloud/scripts/per-once/sshkeys # delete the random seed rm -f /var/lib/systemd/random-seed ## PERFORMANCE # make kernel cmd line more friendly sed -i s/'GRUB_CMDLINE_LINUX_DEFAULT="quiet"'/'GRUB_CMDLINE_LINUX_DEFAULT="vga=0x318 console=ttyS0,115200n8 console=tty0 consoleblank=0 elevator=deadline biosdevname=0 net.ifnames=0"'/g /etc/default/grub sed -i s/splash//g /etc/default/grub sed -i s/\$vt_handoff//g /etc/default/grub update-grub # implementing some low level settings ad-labam, on CentOS tuned takes care of this - and more echo kernel.sched_min_granularity_ns=10000000 >> /etc/sysctl.d/tuned.conf echo kernel.sched_wakeup_granularity_ns=15000000 >> /etc/sysctl.d/tuned.conf echo vm.dirty_ratio=40 >> /etc/sysctl.d/tuned.conf echo vm.swappiness=30 >> /etc/sysctl.d/tuned.conf # OTHER # delete the udev rules for network devices find /etc/udev/rules.d/ -name "*persistent*" -delete # CLOUDSTACK cat << "EOF" > /etc/cloud/cloud.cfg.d/99_cloudstack.cfg datasource: CloudStack: {} None: {} datasource_list: - CloudStack EOF # passwd auth cat << "EOF" > /etc/cloud/cloud.cfg.d/80_pwauth.cfg ssh_pwauth: 1 EOF # by default cloud-init locks the password of the user, rendering cloudstack passwd feature useless, working around it below cat << "EOF" > /etc/cloud/cloud.cfg.d/99_unlock.cfg system_info: # This will affect which distro class gets used distro: ubuntu # Default user name + that default users groups (if added/used) default_user: name: ubuntu lock_passwd: False EOF # make the cloud-init password module to run at every boot sed -i s/"set-passwords"/"[set-passwords, always]"/g /etc/cloud/cloud.cfg # lock root account usermod --lock root