├── screenshot
└── fcos_proxmox_first_start.png
├── .gitignore
├── README.md
├── vmsetup.sh
├── hook-fcos.sh
├── fcos-base-tmplt.yaml
└── LICENSE
/screenshot/fcos_proxmox_first_start.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FracKenA/fedora-coreos-proxmox/HEAD/screenshot/fcos_proxmox_first_start.png
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | # ---> geco-gitignore
2 | #Geco-it Custom Git-Ignore
3 |
4 | #Remove debian packages
5 | *.deb
6 |
7 | #Editor's swap files
8 | #Gay
9 | *~
10 | #Not gay
11 | *.swp
12 |
13 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # fedora-coreos-proxmox
2 |
3 | Fedora CoreOS template for proxmox with cloudinit support
4 |
5 | ## Create FCOS VM Template
6 |
7 | ### Configuration
8 |
9 | * **vmsetup.sh**
10 |
11 | ```
12 | TEMPLATE_VMID="1000" # Template Proxmox VMID
13 | TEMPLATE_VMSTORAGE="thin-ssd" # Proxmox storage
14 | SNIPPET_STORAGE="local" # Snippets storage for hook and ignition file
15 | VMDISK_OPTIONS=",discard=on" # Add options to vmdisk
16 | ```
17 |
18 | * **fcos-base-tmplt.yaml**
19 |
20 | The ignition file provided is only a working basis.
21 | For a more advanced configuration go to https://docs.fedoraproject.org/en-US/fedora-coreos/
22 |
23 | it contains :
24 |
25 | * Correct fstrim service with no fstab file
26 | * Install qemu-guest-agent on first boot
27 | * Install Geco-iT CloudInit wrapper
28 | * Raise console message logging level from DEBUG (7) to WARNING (4)
29 | * Add Geco-iT motd/issue
30 |
31 | ### Script output
32 | ```
33 | root@vc0:/opt/fcos-tmplt# ./vmsetup.sh
34 | Check if vm storage thin-ssd exist... [ok]
35 | Check if snippet storage local exist... [ok]
36 | Copy hook-script and ignition config to snippet storage...
37 | 'fcos-base-tmplt.yaml' -> '/var/lib/vz/snippets/fcos-base-tmplt.yaml'
38 | 'hook-fcos.sh' -> '/var/lib/vz/snippets/hook-fcos.sh'
39 | Get storage "thin-ssd" type... [block]
40 | Download fedora coreos...
41 | fedora-coreos-32.20201018.3.0-qemu.x86_64.qcow2.xz 100%[=================>] 524.11M 59.8MB/s in 8.5s
42 | fedora-coreos-32.20201018.3.0-qemu.x86_64.qcow2.xz (1/1)
43 | 100 % 524.1 MiB / 1779.8 MiB = 0.294 55 MiB/s 0:32
44 | Create fedora coreos vm
45 | update VM 900: -agent enabled=1 -autostart 1 -boot c -bootdisk scsi0 -cores 4 -cpu host -memory 4096 -onboot 1 -ostype l26 -tablet 0
46 | update VM 900: -description Fedora CoreOS - Geco-iT Template
47 |
48 | - Version : 32.20201018.3.0
49 | - Cloud-init : true
50 |
51 | Creation date : 2020-11-26
52 |
53 | update VM 900: -net0 virtio,bridge=vmbr0
54 |
55 | Create Cloud-init vmdisk...
56 | update VM 900: -ide2 thin-ssd:cloudinit
57 | importing disk 'fedora-coreos-32.20201018.3.0-qemu.x86_64.qcow2' to VM 900 ...
58 | transferred: 0 bytes remaining: 8589934592 bytes total: 8589934592 bytes progression: 0.00 %
59 | transferred: 91053306 bytes remaining: 8498881286 bytes total: 8589934592 bytes progression: 1.06 %
60 | transferred: 178670639 bytes remaining: 8411263953 bytes total: 8589934592 bytes progression: 2.08 %
61 | ...
62 | transferred: 8589934592 bytes remaining: 0 bytes total: 8589934592 bytes progression: 100.00 %
63 | Successfully imported disk as 'unused0:thin-ssd:vm-900-disk-0'
64 | update VM 900: -scsi0 thin-ssd:vm-900-disk-0,discard=on -scsihw virtio-scsi-pci
65 | update VM 900: -hookscript local:snippets/hook-fcos.sh
66 | Convert VM 900 in proxmox vm template... [done]
67 | ```
68 |
69 | ## Operation
70 |
71 | Before starting an FCOS VM, we create an ignition file by merging the data from the cloudinit and the fcos-base-tmplt.yaml file.
72 | Then we modify the configuration of the vm to add the loading of the ignition file and we reset the start of the vm.
73 |
74 |
75 | 
76 |
77 |
78 | During the first boot the vm will install qemu-agent and will restart.
79 | Warning, for that the network must be operational
80 |
81 | ## CloudInit
82 |
83 | Only these parameters are supported by our cloudinit wrapper:
84 |
85 | * User (only one) default = admin
86 | * Passwd
87 | * DNS domain
88 | * DNS Servers
89 | * SSH public key
90 | * IP Configuration (ipv4 only)
91 |
92 | The settings are applied at boot
93 |
--------------------------------------------------------------------------------
/vmsetup.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | #set -x # debug mode
4 | set -e
5 |
6 | # =============================================================================================
7 | # global vars
8 |
9 | # force english messages
10 | export LANG=C
11 | export LC_ALL=C
12 |
13 | # template vm vars
14 | TEMPLATE_VMID="900"
15 | TEMPLATE_VMSTORAGE="local"
16 | SNIPPET_STORAGE="local"
17 | VMDISK_OPTIONS=",discard=on"
18 |
19 | TEMPLATE_IGNITION="fcos-base-tmplt.yaml"
20 |
21 | # fcos version
22 | STREAMS=stable
23 | VERSION=32.20201018.3.0
24 | PLATEFORM=qemu
25 | BASEURL=https://builds.coreos.fedoraproject.org
26 |
27 | # =============================================================================================
28 | # main()
29 |
30 | # pve storage exist ?
31 | echo -n "Check if vm storage ${TEMPLATE_VMSTORAGE} exist... "
32 | pvesh get /storage/${TEMPLATE_VMSTORAGE} --noborder --noheader &> /dev/null || {
33 | echo -e "[failed]"
34 | exit 1
35 | }
36 | echo "[ok]"
37 |
38 | # pve storage snippet ok ?
39 | echo -n "Check if snippet storage ${SNIPPET_STORAGE} exist... "
40 | pvesh get /storage/${SNIPPET_STORAGE} --noborder --noheader &> /dev/null || {
41 | echo -e "[failed]"
42 | exit 1
43 | }
44 | echo "[ok]"
45 |
46 | # pve storage snippet enable
47 | pvesh get /storage/${SNIPPET_STORAGE} --noborder --noheader | grep -q snippets || {
48 | echo "You musr activate content snippet on storage: ${SNIPPET_STORAGE}"
49 | exit 1
50 | }
51 |
52 | # copy files
53 | echo "Copy hook-script and ignition config to snippet storage..."
54 | snippet_storage="$(pvesh get /storage/${SNIPPET_STORAGE} --noborder --noheader | grep ^path | awk '{print $NF}')"
55 | cp -av ${TEMPLATE_IGNITION} hook-fcos.sh ${snippet_storage}/snippets
56 | sed -e "/^COREOS_TMPLT/ c\COREOS_TMPLT=${snippet_storage}/snippets/${TEMPLATE_IGNITION}" -i ${snippet_storage}/snippets/hook-fcos.sh
57 | chmod 755 ${snippet_storage}/snippets/hook-fcos.sh
58 |
59 | # storage type ? (https://pve.proxmox.com/wiki/Storage)
60 | echo -n "Get storage \"${TEMPLATE_VMSTORAGE}\" type... "
61 | case "$(pvesh get /storage/${TEMPLATE_VMSTORAGE} --noborder --noheader | grep ^type | awk '{print $2}')" in
62 | dir|nfs|cifs|glusterfs|cephfs) TEMPLATE_VMSTORAGE_type="file"; echo "[file]"; ;;
63 | lvm|lvmthin|iscsi|iscsidirect|rbd|zfs|zfspool) TEMPLATE_VMSTORAGE_type="block"; echo "[block]" ;;
64 | *)
65 | echo "[unknown]"
66 | exit 1
67 | ;;
68 | esac
69 |
70 | # download fcos vdisk
71 | [[ ! -e fedora-coreos-${VERSION}-${PLATEFORM}.x86_64.qcow2 ]]&& {
72 | echo "Download fedora coreos..."
73 | wget -q --show-progress \
74 | ${BASEURL}/prod/streams/${STREAMS}/builds/${VERSION}/x86_64/fedora-coreos-${VERSION}-${PLATEFORM}.x86_64.qcow2.xz
75 | xz -dv fedora-coreos-${VERSION}-${PLATEFORM}.x86_64.qcow2.xz
76 | }
77 |
78 | # create a new VM
79 | echo "Create fedora coreos vm ${VMID}"
80 | qm create ${TEMPLATE_VMID} --name fcos-tmplt
81 | qm set ${TEMPLATE_VMID} --memory 4096 \
82 | --cpu host \
83 | --cores 4 \
84 | --agent enabled=1 \
85 | --autostart \
86 | --onboot 1 \
87 | --ostype l26 \
88 | --tablet 0 \
89 | --boot c --bootdisk scsi0
90 |
91 | template_vmcreated=$(date +%Y-%m-%d)
92 | qm set ${TEMPLATE_VMID} --description "Fedora CoreOS - Geco-iT Template
93 |
94 | - Version : ${VERSION}
95 | - Cloud-init : true
96 |
97 | Creation date : ${template_vmcreated}
98 | "
99 |
100 | qm set ${TEMPLATE_VMID} --net0 virtio,bridge=vmbr0
101 | #qm set ${TEMPLATE_VMID} --net1 virtio,bridge=vmbr1
102 |
103 | echo -e "\nCreate Cloud-init vmdisk..."
104 | qm set ${TEMPLATE_VMID} --ide2 ${TEMPLATE_VMSTORAGE}:cloudinit
105 |
106 | # import fedora disk
107 | if [[ "x${TEMPLATE_VMSTORAGE_type}" = "xfile" ]]
108 | then
109 | vmdisk_name="${TEMPLATE_VMID}/vm-${TEMPLATE_VMID}-disk-0.qcow2"
110 | vmdisk_format="--format qcow2"
111 | else
112 | vmdisk_name="vm-${TEMPLATE_VMID}-disk-0"
113 | vmdisk_format=""
114 | fi
115 | qm importdisk ${TEMPLATE_VMID} fedora-coreos-${VERSION}-${PLATEFORM}.x86_64.qcow2 ${TEMPLATE_VMSTORAGE} ${vmdisk_format}
116 | qm set ${TEMPLATE_VMID} --scsihw virtio-scsi-pci --scsi0 ${TEMPLATE_VMSTORAGE}:${vmdisk_name}${VMDISK_OPTIONS}
117 |
118 | # set hook-script
119 | qm set ${TEMPLATE_VMID} -hookscript ${SNIPPET_STORAGE}:snippets/hook-fcos.sh
120 |
121 |
122 | # convert vm template
123 | echo -n "Convert VM ${TEMPLATE_VMID} in proxmox vm template... "
124 | qm template ${TEMPLATE_VMID} &> /dev/null || true
125 | echo "[done]"
126 |
--------------------------------------------------------------------------------
/hook-fcos.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | #set -e
4 |
5 | vmid="$1"
6 | phase="$2"
7 |
8 | # global vars
9 | COREOS_TMPLT=/opt/fcos-tmplt.yaml
10 | COREOS_FILES_PATH=/etc/pve/geco-pve/coreos
11 | YQ="/usr/local/bin/yq read --exitStatus --printMode v --stripComments --"
12 |
13 | # ==================================================================================================================================================================
14 | # functions()
15 | #
16 | setup_fcoreosct()
17 | {
18 | local CT_VER=0.7.0
19 | local ARCH=x86_64
20 | local OS=unknown-linux-gnu # Linux
21 | local DOWNLOAD_URL=https://github.com/coreos/fcct/releases/download
22 |
23 | [[ -x /usr/local/bin/fcos-ct ]]&& [[ "x$(/usr/local/bin/fcos-ct --version | awk '{print $NF}')" == "x${CT_VER}" ]]&& return 0
24 | echo "Setup Fedora CoreOS config transpiler..."
25 | rm -f /usr/local/bin/fcos-ct
26 | wget --quiet --show-progress ${DOWNLOAD_URL}/v${CT_VER}/fcct-${ARCH}-${OS} -O /usr/local/bin/fcos-ct
27 | chmod 755 /usr/local/bin/fcos-ct
28 | }
29 | setup_fcoreosct
30 |
31 | setup_yq()
32 | {
33 | local VER=3.4.1
34 |
35 | [[ -x /usr/bin/wget ]]&& download_command="wget --quiet --show-progress --output-document" || download_command="curl --location --output"
36 | [[ -x /usr/local/bin/yq ]]&& [[ "x$(/usr/local/bin/yq --version | awk '{print $NF}')" == "x${VER}" ]]&& return 0
37 | echo "Setup yaml parser tools yq..."
38 | rm -f /usr/local/bin/yq
39 | ${download_command} /usr/local/bin/yq https://github.com/mikefarah/yq/releases/download/${VER}/yq_linux_amd64
40 | chmod 755 /usr/local/bin/yq
41 | }
42 | setup_yq
43 |
44 | # ==================================================================================================================================================================
45 | # main()
46 | #
47 | if [[ "${phase}" == "pre-start" ]]
48 | then
49 | instance_id="$(qm cloudinit dump ${vmid} meta | ${YQ} - 'instance-id')"
50 |
51 | # same cloudinit config ?
52 | [[ -e ${COREOS_FILES_PATH}/${vmid}.id ]] && [[ "x${instance_id}" != "x$(cat ${COREOS_FILES_PATH}/${vmid}.id)" ]]&& {
53 | rm -f ${COREOS_FILES_PATH}/${vmid}.ign # cloudinit config change
54 | }
55 | [[ -e ${COREOS_FILES_PATH}/${vmid}.ign ]]&& exit 0 # already done
56 |
57 | mkdir -p ${COREOS_FILES_PATH} || exit 1
58 |
59 | # check config
60 | cipasswd="$(qm cloudinit dump ${vmid} user | ${YQ} - 'password' 2> /dev/null)" || true # can be empty
61 | [[ "x${cipasswd}" != "x" ]]&& VALIDCONFIG=true
62 | ${VALIDCONFIG:-false} || [[ "x$(qm cloudinit dump ${vmid} user | ${YQ} - 'ssh_authorized_keys[*]')" == "x" ]]|| VALIDCONFIG=true
63 | ${VALIDCONFIG:-false} || {
64 | echo "Fedora CoreOS: you must set passwd or ssh-key before start VM${vmid}"
65 | exit 1
66 | }
67 |
68 | echo -n "Fedora CoreOS: Generate yaml users block... "
69 | echo -e "# This file is managed by Geco-iT hook-script. Do not edit.\n" > ${COREOS_FILES_PATH}/${vmid}.yaml
70 | echo -e "variant: fcos\nversion: 1.1.0" >> ${COREOS_FILES_PATH}/${vmid}.yaml
71 | echo -e "# user\npasswd:\n users:" >> ${COREOS_FILES_PATH}/${vmid}.yaml
72 | ciuser="$(qm cloudinit dump ${vmid} user 2> /dev/null | grep ^user: | awk '{print $NF}')"
73 | echo " - name: \"${ciuser:-admin}\"" >> ${COREOS_FILES_PATH}/${vmid}.yaml
74 | echo " gecos: \"Geco-iT CoreOS Administrator\"" >> ${COREOS_FILES_PATH}/${vmid}.yaml
75 | echo " password_hash: '${cipasswd}'" >> ${COREOS_FILES_PATH}/${vmid}.yaml
76 | echo ' groups: [ "sudo", "docker", "adm", "wheel", "systemd-journal" ]' >> ${COREOS_FILES_PATH}/${vmid}.yaml
77 | echo ' ssh_authorized_keys:' >> ${COREOS_FILES_PATH}/${vmid}.yaml
78 | qm cloudinit dump ${vmid} user | ${YQ} - 'ssh_authorized_keys[*]' | sed -e 's/^/ - "/' -e 's/$/"/' >> ${COREOS_FILES_PATH}/${vmid}.yaml
79 | echo >> ${COREOS_FILES_PATH}/${vmid}.yaml
80 | echo "[done]"
81 |
82 | echo -n "Fedora CoreOS: Generate yaml hostname block... "
83 | hostname="$(qm cloudinit dump ${vmid} user | ${YQ} - 'hostname' 2> /dev/null)"
84 | echo -e "# network\nstorage:\n files:" >> ${COREOS_FILES_PATH}/${vmid}.yaml
85 | echo " - path: /etc/hostname" >> ${COREOS_FILES_PATH}/${vmid}.yaml
86 | echo " mode: 0644" >> ${COREOS_FILES_PATH}/${vmid}.yaml
87 | echo " overwrite: true" >> ${COREOS_FILES_PATH}/${vmid}.yaml
88 | echo " contents:" >> ${COREOS_FILES_PATH}/${vmid}.yaml
89 | echo " inline: |" >> ${COREOS_FILES_PATH}/${vmid}.yaml
90 | echo -e " ${hostname,,}\n" >> ${COREOS_FILES_PATH}/${vmid}.yaml
91 | echo "[done]"
92 |
93 | echo -n "Fedora CoreOS: Generate yaml network block... "
94 | netcards="$(qm cloudinit dump ${vmid} network | ${YQ} - 'config[*].name' 2> /dev/null | wc -l)"
95 | nameservers="$(qm cloudinit dump ${vmid} network | ${YQ} - "config[${netcards}].address[*]" | paste -s -d ";" -)"
96 | searchdomain="$(qm cloudinit dump ${vmid} network | ${YQ} - "config[${netcards}].search[*]" | paste -s -d ";" -)"
97 | for (( i=O; i<${netcards}; i++ ))
98 | do
99 | ipv4="" netmask="" gw="" macaddr="" # reset on each run
100 | ipv4="$(qm cloudinit dump ${vmid} network | ${YQ} - config[${i}].subnets[0].address 2> /dev/null)" || continue # dhcp
101 | netmask="$(qm cloudinit dump ${vmid} network | ${YQ} - config[${i}].subnets[0].netmask 2> /dev/null)"
102 | gw="$(qm cloudinit dump ${vmid} network | ${YQ} - config[${i}].subnets[0].gateway 2> /dev/null)" || true # can be empty
103 | macaddr="$(qm cloudinit dump ${vmid} network | ${YQ} - config[${i}].mac_address 2> /dev/null)"
104 | # ipv6: TODO
105 |
106 | echo " - path: /etc/NetworkManager/system-connections/net${i}.nmconnection" >> ${COREOS_FILES_PATH}/${vmid}.yaml
107 | echo " mode: 0600" >> ${COREOS_FILES_PATH}/${vmid}.yaml
108 | echo " overwrite: true" >> ${COREOS_FILES_PATH}/${vmid}.yaml
109 | echo " contents:" >> ${COREOS_FILES_PATH}/${vmid}.yaml
110 | echo " inline: |" >> ${COREOS_FILES_PATH}/${vmid}.yaml
111 | echo " [connection]" >> ${COREOS_FILES_PATH}/${vmid}.yaml
112 | echo " type=ethernet" >> ${COREOS_FILES_PATH}/${vmid}.yaml
113 | echo " id=net${i}" >> ${COREOS_FILES_PATH}/${vmid}.yaml
114 | echo " #interface-name=eth${i}\n" >> ${COREOS_FILES_PATH}/${vmid}.yaml
115 | echo -e "\n [ethernet]" >> ${COREOS_FILES_PATH}/${vmid}.yaml
116 | echo " mac-address=${macaddr}" >> ${COREOS_FILES_PATH}/${vmid}.yaml
117 | echo -e "\n [ipv4]" >> ${COREOS_FILES_PATH}/${vmid}.yaml
118 | echo " method=manual" >> ${COREOS_FILES_PATH}/${vmid}.yaml
119 | echo " addresses=${ipv4}/${netmask}" >> ${COREOS_FILES_PATH}/${vmid}.yaml
120 | echo " gateway=${gw}" >> ${COREOS_FILES_PATH}/${vmid}.yaml
121 | echo " dns=${nameservers}" >> ${COREOS_FILES_PATH}/${vmid}.yaml
122 | echo -e " dns-search=${searchdomain}\n" >> ${COREOS_FILES_PATH}/${vmid}.yaml
123 | done
124 | echo "[done]"
125 |
126 | [[ -e "${COREOS_TMPLT}" ]]&& {
127 | echo -n "Fedora CoreOS: Generate other block based on template... "
128 | cat "${COREOS_TMPLT}" >> ${COREOS_FILES_PATH}/${vmid}.yaml
129 | echo "[done]"
130 | }
131 |
132 | echo -n "Fedora CoreOS: Generate ignition config... "
133 | /usr/local/bin/fcos-ct --pretty --strict \
134 | --output ${COREOS_FILES_PATH}/${vmid}.ign \
135 | ${COREOS_FILES_PATH}/${vmid}.yaml 2> /dev/null
136 | [[ $? -eq 0 ]] || {
137 | echo "[failed]"
138 | exit 1
139 | }
140 | echo "[done]"
141 |
142 | # save cloudinit instanceid
143 | echo "${instance_id}" > ${COREOS_FILES_PATH}/${vmid}.id
144 |
145 | # check vm config (no args on first boot)
146 | qm config ${vmid} --current | grep -q ^args || {
147 | echo -n "Set args com.coreos/config on VM${vmid}... "
148 | rm -f /var/lock/qemu-server/lock-${vmid}.conf
149 | pvesh set /nodes/$(hostname)/qemu/${vmid}/config --args "-fw_cfg name=opt/com.coreos/config,file=${COREOS_FILES_PATH}/${vmid}.ign" 2> /dev/null || {
150 | echo "[failed]"
151 | exit 1
152 | }
153 | touch /var/lock/qemu-server/lock-${vmid}.conf
154 |
155 | # hack for reload new ignition file
156 | echo -e "\nWARNING: New generated Fedora CoreOS ignition settings, we must restart vm..."
157 | qm stop ${vmid} && sleep 2 && qm start ${vmid}&
158 | exit 1
159 | }
160 | fi
161 |
162 | exit 0
163 |
--------------------------------------------------------------------------------
/fcos-base-tmplt.yaml:
--------------------------------------------------------------------------------
1 |
2 |
3 | # apply cloudinit script
4 | - path: /usr/local/bin/geco-cloudinit
5 | mode: 0755
6 | contents:
7 | inline: |
8 | #!/bin/bash
9 | #
10 | # Copyright (c) 2020 Geco-iT Team - All right reserved
11 | # Geco-iT
12 | #
13 | # $Id: geco-cloudinit 2020-11-26 18:36:24Z cduchenoy $
14 | #
15 | # Apply Basic Cloudinit Settings
16 | #
17 | # ===================================================================================
18 | declare -r VERSION=1.2011
19 |
20 | set -e
21 | trap 'catch $?' EXIT
22 |
23 | CIPATH=/run/cloudinit
24 | YQ="yq read --exitStatus --printMode v --stripComments --"
25 |
26 | # ===================================================================================
27 | # functions()
28 | catch() {
29 | ${MOUNTED:-false} && umount ${CIPATH} && rmdir ${CIPATH}
30 | }
31 | mount | grep -q /run/cloudinit && MOUNTED=true # init
32 |
33 | # use for vm clone
34 | sysprep() {
35 | echo "Remove all ssh system keys..."
36 | rm -f /etc/ssh/ssh_host_*
37 |
38 | echo "Clean ostree database..."
39 | rpm-ostree cleanup --base --pending --rollback --repomd
40 |
41 | echo "Remove all local user..."
42 | for user in $(awk -F: -v uiduser="1000" '{if ($3>=uiduser) print $1}' /etc/passwd); do
43 | userdel --force --remove ${user}
44 | done
45 |
46 | echo "Purge all docker ressources..."
47 | docker system prune --all --force
48 |
49 | echo "Remove all network/machine settings..."
50 | rm -f /var/lib/NetworkManager/*
51 | echo "" > /etc/machine-id
52 |
53 | echo "Purge all system logs..."
54 | journalctl --rotate --vacuum-time=1s
55 | systemctl stop systemd-journald*
56 | rm -rf /var/log/journal/*
57 | rm -rf /var/log/ssd/*
58 |
59 | echo "Force run cloudinit on next reboot..."
60 | echo "fake" > /var/.cloudinit
61 |
62 | echo -e "\nShutdown now..."
63 | poweroff
64 |
65 | exit 0
66 | }
67 | [[ "x${1}" == "xsysprep" ]]&& sysprep
68 |
69 | setup_yq() {
70 | local VER=3.4.1
71 |
72 | [[ -x /usr/bin/wget ]]&& download_command="wget --quiet --show-progress --output-document" || download_command="curl -s --location --output"
73 | [[ -x /usr/local/bin/yq ]]&& [[ "x$(/usr/local/bin/yq --version | awk '{print $NF}')" == "x${VER}" ]]&& return 0
74 | echo "Setup yaml parser tools yq..."
75 | rm -f /usr/local/bin/yq
76 | ${download_command} /usr/local/bin/yq https://github.com/mikefarah/yq/releases/download/${VER}/yq_linux_amd64
77 | chmod 755 /usr/local/bin/yq
78 | }
79 | setup_yq
80 |
81 | # network
82 | mask2cdr()
83 | {
84 | # Assumes there's no "255." after a non-255 byte in the mask
85 | local x=${1##*255.}
86 | set -- 0^^^128^192^224^240^248^252^254^ $(( (${#1} - ${#x})*2 )) ${x%%.*}
87 | x=${1%%$3*}
88 | echo $(( $2 + (${#x}/4) ))
89 | }
90 |
91 | cdr2mask()
92 | {
93 | # Number of args to shift, 255..255, first non-255 byte, zeroes
94 | set -- $(( 5 - ($1 / 8) )) 255 255 255 255 $(( (255 << (8 - ($1 % 8))) & 255 )) 0 0 0
95 | [[ $1 -gt 1 ]] && shift $1 || shift
96 | echo ${1-0}.${2-0}.${3-0}.${4-0}
97 | }
98 |
99 | # ===================================================================================
100 | # main()
101 | [[ ! -e /dev/sr0 ]]&& {
102 | echo "[INFO]: Cloudinit: any drive found..."
103 | exit 0
104 | }
105 | mkdir -p ${CIPATH}
106 | mount -o ro /dev/sr0 ${CIPATH}
107 | MOUNTED=true
108 |
109 | [[ ! -e ${CIPATH}/meta-data ]]&& {
110 | echo "[ERROR]: Cloudinit: nocloud metada not found..."
111 | exit 1
112 | }
113 |
114 | cloudinit_instanceid="$(${YQ} ${CIPATH}/meta-data 'instance-id')"
115 | if [[ -e /var/.cloudinit ]]
116 | then
117 | [[ "x$(cat /var/.cloudinit)" == "x${cloudinit_instanceid}" ]]&& {
118 | echo "[INFO]: Cloudinit any change detected..."
119 | exit 0
120 | }
121 |
122 | # hostname
123 | NEWHOSTNAME="$(${YQ} ${CIPATH}/user-data 'hostname' 2> /dev/null)"
124 | [[ -n "${NEWHOSTNAME}" ]]&& [[ "x${NEWHOSTNAME,,}" != "x$(hostname)" ]]&& {
125 | echo -n "[INFO]: Cloudinit: set hostname to ${NEWHOSTNAME,,}... "
126 | hostnamectl set-hostname ${NEWHOSTNAME,,} || { echo "[failed]"; exit 1; }
127 | MUST_REBOOT=true
128 | echo "[done]"
129 | }
130 | # username
131 | NEWUSERNAME="$(${YQ} ${CIPATH}/user-data 'user' 2> /dev/null)" || true # cant be empty if no cloudinit user defined
132 | [[ "x${NEWUSERNAME}" == "x" ]] && NEWUSERNAME="admin" # NEWUSERNAME="core" use "admin" on geco-template
133 | getent passwd ${NEWUSERNAME} &> /dev/null || {
134 | echo -n "[INFO]: Cloudinit: add sytem user: ${NEWUSERNAME}... "
135 | useradd --comment "Geco-iT CoreOS Administrator" --create-home \
136 | --groups adm,wheel,sudo,systemd-journal,docker ${NEWUSERNAME} &> /dev/null || { echo "[failed]"; exit 1; }
137 | echo "[done]"
138 | }
139 | # passwd
140 | NEWPASSWORD="$(${YQ} ${CIPATH}/user-data 'password' 2> /dev/null)"
141 | [[ -n "${NEWPASSWORD}" ]]&& [[ "x${NEWPASSWORD}" != "x$(grep ^${NEWUSERNAME} /etc/shadow | awk -F: '{print $2}')" ]]&& {
142 | echo -n "[INFO]: Cloudinit: set password for user ${NEWUSERNAME}... "
143 | sed -e "/^${NEWUSERNAME}/d" -i /etc/shadow &> /dev/null || { echo "[failed]"; exit 1; }
144 | echo "${NEWUSERNAME}:${NEWPASSWORD}:18000:0:99999:7:::" >> /etc/shadow || { echo "[failed]"; exit 1; }
145 | chage --lastday "$(date +%Y-%m-%d)" ${NEWUSERNAME} &> /dev/null || { echo "[failed]"; exit 1; }
146 | echo "[done]"
147 | }
148 | # ssh key
149 | [[ -e /var/home/${NEWUSERNAME}/.ssh/authorized_keys.d/ignition ]] || {
150 | install --directory --owner=${NEWUSERNAME} --group=${NEWUSERNAME} \
151 | --mode=0700 /var/home/${NEWUSERNAME}/.ssh &> /dev/null || { echo "[failed]"; exit 1; }
152 | install --directory --owner=${NEWUSERNAME} --group=${NEWUSERNAME} \
153 | --mode=0700 /var/home/${NEWUSERNAME}/.ssh/authorized_keys.d &> /dev/null || { echo "[failed]"; exit 1; }
154 | install --owner=${NEWUSERNAME} --group=${NEWUSERNAME} \
155 | --mode=0600 /dev/null /var/home/${NEWUSERNAME}/.ssh/authorized_keys.d/ignition &> /dev/null || { echo "[failed]"; exit 1; }
156 | }
157 | echo -n "[INFO]: Cloudinit: wrote ssh authorized keys file for user: ${NEWUSERNAME}... "
158 | ${YQ} ${CIPATH}/user-data 'ssh_authorized_keys[*]' > /var/home/${NEWUSERNAME}/.ssh/authorized_keys.d/ignition 2> /dev/null || { echo "[failed]"; exit 1; }
159 | echo "[done]"
160 | # Network => ipv6: TODO
161 | netcards="$(${YQ} ${CIPATH}/network-config 'config[*].name' 2> /dev/null | wc -l)"
162 | nameservers="$(${YQ} ${CIPATH}/network-config "config[${netcards}].address[*]" 2> /dev/null | paste -s -d ";" -)"
163 | searchdomain="$(${YQ} ${CIPATH}/network-config "config[${netcards}].search[*]" 2> /dev/null | paste -s -d ";" -)"
164 | echo "[INFO]: Cloudinit: DNS Server=$nameservers - DNS Search=$searchdomain"
165 | for (( i=O; i<${netcards}; i++ )); do
166 | ipv4="" netmask="" gw="" macaddr="" # reset on each run
167 | ipv4="$(${YQ} ${CIPATH}/network-config config[${i}].subnets[0].address 2> /dev/null)" || {
168 | [[ -e /etc/NetworkManager/system-connections/net${i}.nmconnection ]]&& MUST_NETWORK_RELOAD=true
169 | rm -f /etc/NetworkManager/system-connections/net${i}.nmconnection
170 | continue # dhcp mode
171 | }
172 | netmask="$(${YQ} ${CIPATH}/network-config config[${i}].subnets[0].netmask 2> /dev/null)"
173 | cidr="$(mask2cdr ${netmask})"
174 | gw="$(${YQ} ${CIPATH}/network-config config[${i}].subnets[0].gateway 2> /dev/null)" || true # can be empty
175 | macaddr="$(${YQ} ${CIPATH}/network-config config[${i}].mac_address 2> /dev/null)"
176 | echo "[INFO]: Cloudinit: NET$i IPv4 Network: IP=${ipv4}/${netmask} - GW=${gw:-none} - MAC=${macaddr}"
177 | rm -f /etc/NetworkManager/system-connections/default_connection.nmconnection # remove default connexion settings
178 | if [[ -e /etc/NetworkManager/system-connections/net${i}.nmconnection ]]
179 | then
180 | [[ "x${ipv4}/${cidr}" != "x$(nmcli connection show net${i} 2> /dev/null | grep ^ipv4.addresses: | awk '{print $2}')" ]]&& {
181 | echo -n "[INFO]: Cloudinit: update Network config ipv4 for net${i}... "
182 | nmcli c modify net${i} ipv4.addresses "${ipv4}/${cidr}"
183 | MUST_NET_RECONFIG=true
184 | echo "[done]"
185 | }
186 | [[ "x${gw}" != "x$(nmcli connection show net${i} 2> /dev/null | grep ^ipv4.gateway: | awk '{print $2}')" ]] && {
187 | echo -n "[INFO]: Cloudinit: update Network config gateway for net${i}... "
188 | nmcli c modify net${i} ipv4.gateway "${gw}"
189 | MUST_NET_RECONFIG=true
190 | echo "[done]"
191 | }
192 | [[ "x${searchdomain}" != "x$(nmcli connection show net${i} 2> /dev/null | grep ^ipv4.dns-search: | awk '{print $2}' | tr ',' ';')" ]]&& {
193 | echo -n "[INFO]: Cloudinit: update Network config dns seach for net${i}... "
194 | nmcli c modify net${i} ipv4.dns-search "$(echo ${searchdomain} | tr ";" ",")"
195 | MUST_NET_RECONFIG=true
196 | echo "[done]"
197 | }
198 | [[ "x${nameservers}" != "x$(nmcli connection show net${i} 2> /dev/null | grep ^ipv4.dns: | awk '{print $2}' | tr ',' ';')" ]]&& {
199 | echo -n "[INFO]: Cloudinit: update Network config dns server for net${i}... "
200 | nmcli c modify net${i} ipv4.dns "$(echo ${nameservers} | tr ";" ",")"
201 | MUST_NET_RECONFIG=true
202 | echo "[done]"
203 | }
204 | else
205 | echo -n "[INFO]: Cloudinit: wrote NetworkManager config for net${i}... "
206 | install --mode=0600 /dev/null /etc/NetworkManager/system-connections/net${i}.nmconnection &> /dev/null || { echo "[failed]"; exit 1; }
207 | echo -e "[connection]\ntype=ethernet\nid=net${i}\n#interface-name=eth${i}\n" >> /etc/NetworkManager/system-connections/net${i}.nmconnection
208 | echo -e "[ethernet]\nmac-address=${macaddr}\n" >> /etc/NetworkManager/system-connections/net${i}.nmconnection
209 | echo -e "[ipv4]\nmethod=manual\naddresses=${ipv4}/${netmask}\ngateway=${gw}\ndns=${nameservers}\ndns-search=${searchdomain}" >> /etc/NetworkManager/system-connections/net${i}.nmconnection
210 | MUST_NET_RECONFIG=true
211 | echo "[done]"
212 | fi
213 | done
214 | fi
215 |
216 | ${MUST_NET_RECONFIG:-false}&& {
217 | echo "[INFO]: Cloudinit: must reload network..."
218 | nmcli connection reload
219 | nmcli networking off
220 | nmcli networking on
221 |
222 | }
223 |
224 | echo -n "[INFO]: Cloudinit: save instance id... "
225 | echo "${cloudinit_instanceid}" > /var/.cloudinit
226 | echo "[done]"
227 | ${MUST_REBOOT:-false}&& {
228 | echo "[INFO]: Cloudinit: applied settings; must reboot..."
229 | /bin/systemctl --no-block reboot
230 | }
231 |
232 | exit 0
233 |
234 | # kernel config
235 | - path: /etc/sysctl.d/20-silence-audit.conf
236 | mode: 0644
237 | contents:
238 | inline: |
239 | # Raise console message logging level from DEBUG (7) to WARNING (4)
240 | # to hide audit messages from the interactive console
241 | kernel.printk=4
242 |
243 | # geco-cloudinit: apply cloudinit settings on boot
244 | - name: geco-cloudinit.service
245 | enabled: true
246 | contents: |
247 | [Unit]
248 | Description=Geco-iT Cloudinit
249 | Wants=network-online.target
250 | After=network.target network-online.target
251 |
252 | [Service]
253 | Type=oneshot
254 | TimeoutStartSec=0
255 | ExecStart=/usr/local/bin/geco-cloudinit
256 | RemainAfterExit=yes
257 |
258 | [Install]
259 | WantedBy=multi-user.target
260 |
261 | # qemu-guest-agent
262 | - name: setup-qemu-guest-agent.service
263 | enabled: true
264 | contents: |
265 | [Unit]
266 | Description=Geco-iT Setup Qemu Guest Agent
267 | After=network-online.target
268 | Require=network-online.target
269 | ConditionKernelCommandLine=ignition.platform.id=qemu
270 | ConditionPathExists=!/var/lib/qemu-guest-agent.stamp
271 |
272 | [Service]
273 | Type=oneshot
274 | RemainAfterExit=yes
275 | ExecStart=/bin/rpm-ostree install qemu-guest-agent
276 | ExecStart=/bin/touch /var/lib/qemu-guest-agent.stamp
277 | ExecStart=/bin/systemctl --no-block reboot
278 |
279 | [Install]
280 | WantedBy=multi-user.target
281 |
282 | # fstrim
283 | - name: fstrim.timer
284 | enabled: true
285 |
286 | - name: fstrim.service
287 | dropins:
288 | - name: override.conf
289 | contents: |
290 | [Service]
291 | ExecStart=
292 | ExecStart=/sbin/fstrim -av
293 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | GNU GENERAL PUBLIC LICENSE
2 |
3 | Version 3, 29 June 2007
4 |
5 | Copyright © 2007 Free Software Foundation, Inc.
6 |
7 | Everyone is permitted to copy and distribute verbatim copies of this license
8 | document, but changing it is not allowed.
9 |
10 | Preamble
11 |
12 | The GNU General Public License is a free, copyleft license for software and
13 | other kinds of works.
14 |
15 | The licenses for most software and other practical works are designed to take
16 | away your freedom to share and change the works. By contrast, the GNU General
17 | Public License is intended to guarantee your freedom to share and change all
18 | versions of a program--to make sure it remains free software for all its users.
19 | We, the Free Software Foundation, use the GNU General Public License for most
20 | of our software; it applies also to any other work released this way by its
21 | authors. You can apply it to your programs, too.
22 |
23 | When we speak of free software, we are referring to freedom, not price. Our
24 | General Public Licenses are designed to make sure that you have the freedom
25 | to distribute copies of free software (and charge for them if you wish), that
26 | you receive source code or can get it if you want it, that you can change
27 | the software or use pieces of it in new free programs, and that you know you
28 | can do these things.
29 |
30 | To protect your rights, we need to prevent others from denying you these rights
31 | or asking you to surrender the rights. Therefore, you have certain responsibilities
32 | if you distribute copies of the software, or if you modify it: responsibilities
33 | to respect the freedom of others.
34 |
35 | For example, if you distribute copies of such a program, whether gratis or
36 | for a fee, you must pass on to the recipients the same freedoms that you received.
37 | You must make sure that they, too, receive or can get the source code. And
38 | you must show them these terms so they know their rights.
39 |
40 | Developers that use the GNU GPL protect your rights with two steps: (1) assert
41 | copyright on the software, and (2) offer you this License giving you legal
42 | permission to copy, distribute and/or modify it.
43 |
44 | For the developers' and authors' protection, the GPL clearly explains that
45 | there is no warranty for this free software. For both users' and authors'
46 | sake, the GPL requires that modified versions be marked as changed, so that
47 | their problems will not be attributed erroneously to authors of previous versions.
48 |
49 | Some devices are designed to deny users access to install or run modified
50 | versions of the software inside them, although the manufacturer can do so.
51 | This is fundamentally incompatible with the aim of protecting users' freedom
52 | to change the software. The systematic pattern of such abuse occurs in the
53 | area of products for individuals to use, which is precisely where it is most
54 | unacceptable. Therefore, we have designed this version of the GPL to prohibit
55 | the practice for those products. If such problems arise substantially in other
56 | domains, we stand ready to extend this provision to those domains in future
57 | versions of the GPL, as needed to protect the freedom of users.
58 |
59 | Finally, every program is threatened constantly by software patents. States
60 | should not allow patents to restrict development and use of software on general-purpose
61 | computers, but in those that do, we wish to avoid the special danger that
62 | patents applied to a free program could make it effectively proprietary. To
63 | prevent this, the GPL assures that patents cannot be used to render the program
64 | non-free.
65 |
66 | The precise terms and conditions for copying, distribution and modification
67 | follow.
68 |
69 | TERMS AND CONDITIONS
70 |
71 | 0. Definitions.
72 |
73 | "This License" refers to version 3 of the GNU General Public License.
74 |
75 | "Copyright" also means copyright-like laws that apply to other kinds of works,
76 | such as semiconductor masks.
77 |
78 | "The Program" refers to any copyrightable work licensed under this License.
79 | Each licensee is addressed as "you". "Licensees" and "recipients" may be individuals
80 | or organizations.
81 |
82 | To "modify" a work means to copy from or adapt all or part of the work in
83 | a fashion requiring copyright permission, other than the making of an exact
84 | copy. The resulting work is called a "modified version" of the earlier work
85 | or a work "based on" the earlier work.
86 |
87 | A "covered work" means either the unmodified Program or a work based on the
88 | Program.
89 |
90 | To "propagate" a work means to do anything with it that, without permission,
91 | would make you directly or secondarily liable for infringement under applicable
92 | copyright law, except executing it on a computer or modifying a private copy.
93 | Propagation includes copying, distribution (with or without modification),
94 | making available to the public, and in some countries other activities as
95 | well.
96 |
97 | To "convey" a work means any kind of propagation that enables other parties
98 | to make or receive copies. Mere interaction with a user through a computer
99 | network, with no transfer of a copy, is not conveying.
100 |
101 | An interactive user interface displays "Appropriate Legal Notices" to the
102 | extent that it includes a convenient and prominently visible feature that
103 | (1) displays an appropriate copyright notice, and (2) tells the user that
104 | there is no warranty for the work (except to the extent that warranties are
105 | provided), that licensees may convey the work under this License, and how
106 | to view a copy of this License. If the interface presents a list of user commands
107 | or options, such as a menu, a prominent item in the list meets this criterion.
108 |
109 | 1. Source Code.
110 |
111 | The "source code" for a work means the preferred form of the work for making
112 | modifications to it. "Object code" means any non-source form of a work.
113 |
114 | A "Standard Interface" means an interface that either is an official standard
115 | defined by a recognized standards body, or, in the case of interfaces specified
116 | for a particular programming language, one that is widely used among developers
117 | working in that language.
118 |
119 | The "System Libraries" of an executable work include anything, other than
120 | the work as a whole, that (a) is included in the normal form of packaging
121 | a Major Component, but which is not part of that Major Component, and (b)
122 | serves only to enable use of the work with that Major Component, or to implement
123 | a Standard Interface for which an implementation is available to the public
124 | in source code form. A "Major Component", in this context, means a major essential
125 | component (kernel, window system, and so on) of the specific operating system
126 | (if any) on which the executable work runs, or a compiler used to produce
127 | the work, or an object code interpreter used to run it.
128 |
129 | The "Corresponding Source" for a work in object code form means all the source
130 | code needed to generate, install, and (for an executable work) run the object
131 | code and to modify the work, including scripts to control those activities.
132 | However, it does not include the work's System Libraries, or general-purpose
133 | tools or generally available free programs which are used unmodified in performing
134 | those activities but which are not part of the work. For example, Corresponding
135 | Source includes interface definition files associated with source files for
136 | the work, and the source code for shared libraries and dynamically linked
137 | subprograms that the work is specifically designed to require, such as by
138 | intimate data communication or control flow between those subprograms and
139 | other parts of the work.
140 |
141 | The Corresponding Source need not include anything that users can regenerate
142 | automatically from other parts of the Corresponding Source.
143 |
144 | The Corresponding Source for a work in source code form is that same work.
145 |
146 | 2. Basic Permissions.
147 |
148 | All rights granted under this License are granted for the term of copyright
149 | on the Program, and are irrevocable provided the stated conditions are met.
150 | This License explicitly affirms your unlimited permission to run the unmodified
151 | Program. The output from running a covered work is covered by this License
152 | only if the output, given its content, constitutes a covered work. This License
153 | acknowledges your rights of fair use or other equivalent, as provided by copyright
154 | law.
155 |
156 | You may make, run and propagate covered works that you do not convey, without
157 | conditions so long as your license otherwise remains in force. You may convey
158 | covered works to others for the sole purpose of having them make modifications
159 | exclusively for you, or provide you with facilities for running those works,
160 | provided that you comply with the terms of this License in conveying all material
161 | for which you do not control copyright. Those thus making or running the covered
162 | works for you must do so exclusively on your behalf, under your direction
163 | and control, on terms that prohibit them from making any copies of your copyrighted
164 | material outside their relationship with you.
165 |
166 | Conveying under any other circumstances is permitted solely under the conditions
167 | stated below. Sublicensing is not allowed; section 10 makes it unnecessary.
168 |
169 | 3. Protecting Users' Legal Rights From Anti-Circumvention Law.
170 |
171 | No covered work shall be deemed part of an effective technological measure
172 | under any applicable law fulfilling obligations under article 11 of the WIPO
173 | copyright treaty adopted on 20 December 1996, or similar laws prohibiting
174 | or restricting circumvention of such measures.
175 |
176 | When you convey a covered work, you waive any legal power to forbid circumvention
177 | of technological measures to the extent such circumvention is effected by
178 | exercising rights under this License with respect to the covered work, and
179 | you disclaim any intention to limit operation or modification of the work
180 | as a means of enforcing, against the work's users, your or third parties'
181 | legal rights to forbid circumvention of technological measures.
182 |
183 | 4. Conveying Verbatim Copies.
184 |
185 | You may convey verbatim copies of the Program's source code as you receive
186 | it, in any medium, provided that you conspicuously and appropriately publish
187 | on each copy an appropriate copyright notice; keep intact all notices stating
188 | that this License and any non-permissive terms added in accord with section
189 | 7 apply to the code; keep intact all notices of the absence of any warranty;
190 | and give all recipients a copy of this License along with the Program.
191 |
192 | You may charge any price or no price for each copy that you convey, and you
193 | may offer support or warranty protection for a fee.
194 |
195 | 5. Conveying Modified Source Versions.
196 |
197 | You may convey a work based on the Program, or the modifications to produce
198 | it from the Program, in the form of source code under the terms of section
199 | 4, provided that you also meet all of these conditions:
200 |
201 | a) The work must carry prominent notices stating that you modified it, and
202 | giving a relevant date.
203 |
204 | b) The work must carry prominent notices stating that it is released under
205 | this License and any conditions added under section 7. This requirement modifies
206 | the requirement in section 4 to "keep intact all notices".
207 |
208 | c) You must license the entire work, as a whole, under this License to anyone
209 | who comes into possession of a copy. This License will therefore apply, along
210 | with any applicable section 7 additional terms, to the whole of the work,
211 | and all its parts, regardless of how they are packaged. This License gives
212 | no permission to license the work in any other way, but it does not invalidate
213 | such permission if you have separately received it.
214 |
215 | d) If the work has interactive user interfaces, each must display Appropriate
216 | Legal Notices; however, if the Program has interactive interfaces that do
217 | not display Appropriate Legal Notices, your work need not make them do so.
218 |
219 | A compilation of a covered work with other separate and independent works,
220 | which are not by their nature extensions of the covered work, and which are
221 | not combined with it such as to form a larger program, in or on a volume of
222 | a storage or distribution medium, is called an "aggregate" if the compilation
223 | and its resulting copyright are not used to limit the access or legal rights
224 | of the compilation's users beyond what the individual works permit. Inclusion
225 | of a covered work in an aggregate does not cause this License to apply to
226 | the other parts of the aggregate.
227 |
228 | 6. Conveying Non-Source Forms.
229 |
230 | You may convey a covered work in object code form under the terms of sections
231 | 4 and 5, provided that you also convey the machine-readable Corresponding
232 | Source under the terms of this License, in one of these ways:
233 |
234 | a) Convey the object code in, or embodied in, a physical product (including
235 | a physical distribution medium), accompanied by the Corresponding Source fixed
236 | on a durable physical medium customarily used for software interchange.
237 |
238 | b) Convey the object code in, or embodied in, a physical product (including
239 | a physical distribution medium), accompanied by a written offer, valid for
240 | at least three years and valid for as long as you offer spare parts or customer
241 | support for that product model, to give anyone who possesses the object code
242 | either (1) a copy of the Corresponding Source for all the software in the
243 | product that is covered by this License, on a durable physical medium customarily
244 | used for software interchange, for a price no more than your reasonable cost
245 | of physically performing this conveying of source, or (2) access to copy the
246 | Corresponding Source from a network server at no charge.
247 |
248 | c) Convey individual copies of the object code with a copy of the written
249 | offer to provide the Corresponding Source. This alternative is allowed only
250 | occasionally and noncommercially, and only if you received the object code
251 | with such an offer, in accord with subsection 6b.
252 |
253 | d) Convey the object code by offering access from a designated place (gratis
254 | or for a charge), and offer equivalent access to the Corresponding Source
255 | in the same way through the same place at no further charge. You need not
256 | require recipients to copy the Corresponding Source along with the object
257 | code. If the place to copy the object code is a network server, the Corresponding
258 | Source may be on a different server (operated by you or a third party) that
259 | supports equivalent copying facilities, provided you maintain clear directions
260 | next to the object code saying where to find the Corresponding Source. Regardless
261 | of what server hosts the Corresponding Source, you remain obligated to ensure
262 | that it is available for as long as needed to satisfy these requirements.
263 |
264 | e) Convey the object code using peer-to-peer transmission, provided you inform
265 | other peers where the object code and Corresponding Source of the work are
266 | being offered to the general public at no charge under subsection 6d.
267 |
268 | A separable portion of the object code, whose source code is excluded from
269 | the Corresponding Source as a System Library, need not be included in conveying
270 | the object code work.
271 |
272 | A "User Product" is either (1) a "consumer product", which means any tangible
273 | personal property which is normally used for personal, family, or household
274 | purposes, or (2) anything designed or sold for incorporation into a dwelling.
275 | In determining whether a product is a consumer product, doubtful cases shall
276 | be resolved in favor of coverage. For a particular product received by a particular
277 | user, "normally used" refers to a typical or common use of that class of product,
278 | regardless of the status of the particular user or of the way in which the
279 | particular user actually uses, or expects or is expected to use, the product.
280 | A product is a consumer product regardless of whether the product has substantial
281 | commercial, industrial or non-consumer uses, unless such uses represent the
282 | only significant mode of use of the product.
283 |
284 | "Installation Information" for a User Product means any methods, procedures,
285 | authorization keys, or other information required to install and execute modified
286 | versions of a covered work in that User Product from a modified version of
287 | its Corresponding Source. The information must suffice to ensure that the
288 | continued functioning of the modified object code is in no case prevented
289 | or interfered with solely because modification has been made.
290 |
291 | If you convey an object code work under this section in, or with, or specifically
292 | for use in, a User Product, and the conveying occurs as part of a transaction
293 | in which the right of possession and use of the User Product is transferred
294 | to the recipient in perpetuity or for a fixed term (regardless of how the
295 | transaction is characterized), the Corresponding Source conveyed under this
296 | section must be accompanied by the Installation Information. But this requirement
297 | does not apply if neither you nor any third party retains the ability to install
298 | modified object code on the User Product (for example, the work has been installed
299 | in ROM).
300 |
301 | The requirement to provide Installation Information does not include a requirement
302 | to continue to provide support service, warranty, or updates for a work that
303 | has been modified or installed by the recipient, or for the User Product in
304 | which it has been modified or installed. Access to a network may be denied
305 | when the modification itself materially and adversely affects the operation
306 | of the network or violates the rules and protocols for communication across
307 | the network.
308 |
309 | Corresponding Source conveyed, and Installation Information provided, in accord
310 | with this section must be in a format that is publicly documented (and with
311 | an implementation available to the public in source code form), and must require
312 | no special password or key for unpacking, reading or copying.
313 |
314 | 7. Additional Terms.
315 |
316 | "Additional permissions" are terms that supplement the terms of this License
317 | by making exceptions from one or more of its conditions. Additional permissions
318 | that are applicable to the entire Program shall be treated as though they
319 | were included in this License, to the extent that they are valid under applicable
320 | law. If additional permissions apply only to part of the Program, that part
321 | may be used separately under those permissions, but the entire Program remains
322 | governed by this License without regard to the additional permissions.
323 |
324 | When you convey a copy of a covered work, you may at your option remove any
325 | additional permissions from that copy, or from any part of it. (Additional
326 | permissions may be written to require their own removal in certain cases when
327 | you modify the work.) You may place additional permissions on material, added
328 | by you to a covered work, for which you have or can give appropriate copyright
329 | permission.
330 |
331 | Notwithstanding any other provision of this License, for material you add
332 | to a covered work, you may (if authorized by the copyright holders of that
333 | material) supplement the terms of this License with terms:
334 |
335 | a) Disclaiming warranty or limiting liability differently from the terms of
336 | sections 15 and 16 of this License; or
337 |
338 | b) Requiring preservation of specified reasonable legal notices or author
339 | attributions in that material or in the Appropriate Legal Notices displayed
340 | by works containing it; or
341 |
342 | c) Prohibiting misrepresentation of the origin of that material, or requiring
343 | that modified versions of such material be marked in reasonable ways as different
344 | from the original version; or
345 |
346 | d) Limiting the use for publicity purposes of names of licensors or authors
347 | of the material; or
348 |
349 | e) Declining to grant rights under trademark law for use of some trade names,
350 | trademarks, or service marks; or
351 |
352 | f) Requiring indemnification of licensors and authors of that material by
353 | anyone who conveys the material (or modified versions of it) with contractual
354 | assumptions of liability to the recipient, for any liability that these contractual
355 | assumptions directly impose on those licensors and authors.
356 |
357 | All other non-permissive additional terms are considered "further restrictions"
358 | within the meaning of section 10. If the Program as you received it, or any
359 | part of it, contains a notice stating that it is governed by this License
360 | along with a term that is a further restriction, you may remove that term.
361 | If a license document contains a further restriction but permits relicensing
362 | or conveying under this License, you may add to a covered work material governed
363 | by the terms of that license document, provided that the further restriction
364 | does not survive such relicensing or conveying.
365 |
366 | If you add terms to a covered work in accord with this section, you must place,
367 | in the relevant source files, a statement of the additional terms that apply
368 | to those files, or a notice indicating where to find the applicable terms.
369 |
370 | Additional terms, permissive or non-permissive, may be stated in the form
371 | of a separately written license, or stated as exceptions; the above requirements
372 | apply either way.
373 |
374 | 8. Termination.
375 |
376 | You may not propagate or modify a covered work except as expressly provided
377 | under this License. Any attempt otherwise to propagate or modify it is void,
378 | and will automatically terminate your rights under this License (including
379 | any patent licenses granted under the third paragraph of section 11).
380 |
381 | However, if you cease all violation of this License, then your license from
382 | a particular copyright holder is reinstated (a) provisionally, unless and
383 | until the copyright holder explicitly and finally terminates your license,
384 | and (b) permanently, if the copyright holder fails to notify you of the violation
385 | by some reasonable means prior to 60 days after the cessation.
386 |
387 | Moreover, your license from a particular copyright holder is reinstated permanently
388 | if the copyright holder notifies you of the violation by some reasonable means,
389 | this is the first time you have received notice of violation of this License
390 | (for any work) from that copyright holder, and you cure the violation prior
391 | to 30 days after your receipt of the notice.
392 |
393 | Termination of your rights under this section does not terminate the licenses
394 | of parties who have received copies or rights from you under this License.
395 | If your rights have been terminated and not permanently reinstated, you do
396 | not qualify to receive new licenses for the same material under section 10.
397 |
398 | 9. Acceptance Not Required for Having Copies.
399 |
400 | You are not required to accept this License in order to receive or run a copy
401 | of the Program. Ancillary propagation of a covered work occurring solely as
402 | a consequence of using peer-to-peer transmission to receive a copy likewise
403 | does not require acceptance. However, nothing other than this License grants
404 | you permission to propagate or modify any covered work. These actions infringe
405 | copyright if you do not accept this License. Therefore, by modifying or propagating
406 | a covered work, you indicate your acceptance of this License to do so.
407 |
408 | 10. Automatic Licensing of Downstream Recipients.
409 |
410 | Each time you convey a covered work, the recipient automatically receives
411 | a license from the original licensors, to run, modify and propagate that work,
412 | subject to this License. You are not responsible for enforcing compliance
413 | by third parties with this License.
414 |
415 | An "entity transaction" is a transaction transferring control of an organization,
416 | or substantially all assets of one, or subdividing an organization, or merging
417 | organizations. If propagation of a covered work results from an entity transaction,
418 | each party to that transaction who receives a copy of the work also receives
419 | whatever licenses to the work the party's predecessor in interest had or could
420 | give under the previous paragraph, plus a right to possession of the Corresponding
421 | Source of the work from the predecessor in interest, if the predecessor has
422 | it or can get it with reasonable efforts.
423 |
424 | You may not impose any further restrictions on the exercise of the rights
425 | granted or affirmed under this License. For example, you may not impose a
426 | license fee, royalty, or other charge for exercise of rights granted under
427 | this License, and you may not initiate litigation (including a cross-claim
428 | or counterclaim in a lawsuit) alleging that any patent claim is infringed
429 | by making, using, selling, offering for sale, or importing the Program or
430 | any portion of it.
431 |
432 | 11. Patents.
433 |
434 | A "contributor" is a copyright holder who authorizes use under this License
435 | of the Program or a work on which the Program is based. The work thus licensed
436 | is called the contributor's "contributor version".
437 |
438 | A contributor's "essential patent claims" are all patent claims owned or controlled
439 | by the contributor, whether already acquired or hereafter acquired, that would
440 | be infringed by some manner, permitted by this License, of making, using,
441 | or selling its contributor version, but do not include claims that would be
442 | infringed only as a consequence of further modification of the contributor
443 | version. For purposes of this definition, "control" includes the right to
444 | grant patent sublicenses in a manner consistent with the requirements of this
445 | License.
446 |
447 | Each contributor grants you a non-exclusive, worldwide, royalty-free patent
448 | license under the contributor's essential patent claims, to make, use, sell,
449 | offer for sale, import and otherwise run, modify and propagate the contents
450 | of its contributor version.
451 |
452 | In the following three paragraphs, a "patent license" is any express agreement
453 | or commitment, however denominated, not to enforce a patent (such as an express
454 | permission to practice a patent or covenant not to sue for patent infringement).
455 | To "grant" such a patent license to a party means to make such an agreement
456 | or commitment not to enforce a patent against the party.
457 |
458 | If you convey a covered work, knowingly relying on a patent license, and the
459 | Corresponding Source of the work is not available for anyone to copy, free
460 | of charge and under the terms of this License, through a publicly available
461 | network server or other readily accessible means, then you must either (1)
462 | cause the Corresponding Source to be so available, or (2) arrange to deprive
463 | yourself of the benefit of the patent license for this particular work, or
464 | (3) arrange, in a manner consistent with the requirements of this License,
465 | to extend the patent license to downstream recipients. "Knowingly relying"
466 | means you have actual knowledge that, but for the patent license, your conveying
467 | the covered work in a country, or your recipient's use of the covered work
468 | in a country, would infringe one or more identifiable patents in that country
469 | that you have reason to believe are valid.
470 |
471 | If, pursuant to or in connection with a single transaction or arrangement,
472 | you convey, or propagate by procuring conveyance of, a covered work, and grant
473 | a patent license to some of the parties receiving the covered work authorizing
474 | them to use, propagate, modify or convey a specific copy of the covered work,
475 | then the patent license you grant is automatically extended to all recipients
476 | of the covered work and works based on it.
477 |
478 | A patent license is "discriminatory" if it does not include within the scope
479 | of its coverage, prohibits the exercise of, or is conditioned on the non-exercise
480 | of one or more of the rights that are specifically granted under this License.
481 | You may not convey a covered work if you are a party to an arrangement with
482 | a third party that is in the business of distributing software, under which
483 | you make payment to the third party based on the extent of your activity of
484 | conveying the work, and under which the third party grants, to any of the
485 | parties who would receive the covered work from you, a discriminatory patent
486 | license (a) in connection with copies of the covered work conveyed by you
487 | (or copies made from those copies), or (b) primarily for and in connection
488 | with specific products or compilations that contain the covered work, unless
489 | you entered into that arrangement, or that patent license was granted, prior
490 | to 28 March 2007.
491 |
492 | Nothing in this License shall be construed as excluding or limiting any implied
493 | license or other defenses to infringement that may otherwise be available
494 | to you under applicable patent law.
495 |
496 | 12. No Surrender of Others' Freedom.
497 |
498 | If conditions are imposed on you (whether by court order, agreement or otherwise)
499 | that contradict the conditions of this License, they do not excuse you from
500 | the conditions of this License. If you cannot convey a covered work so as
501 | to satisfy simultaneously your obligations under this License and any other
502 | pertinent obligations, then as a consequence you may not convey it at all.
503 | For example, if you agree to terms that obligate you to collect a royalty
504 | for further conveying from those to whom you convey the Program, the only
505 | way you could satisfy both those terms and this License would be to refrain
506 | entirely from conveying the Program.
507 |
508 | 13. Use with the GNU Affero General Public License.
509 |
510 | Notwithstanding any other provision of this License, you have permission to
511 | link or combine any covered work with a work licensed under version 3 of the
512 | GNU Affero General Public License into a single combined work, and to convey
513 | the resulting work. The terms of this License will continue to apply to the
514 | part which is the covered work, but the special requirements of the GNU Affero
515 | General Public License, section 13, concerning interaction through a network
516 | will apply to the combination as such.
517 |
518 | 14. Revised Versions of this License.
519 |
520 | The Free Software Foundation may publish revised and/or new versions of the
521 | GNU General Public License from time to time. Such new versions will be similar
522 | in spirit to the present version, but may differ in detail to address new
523 | problems or concerns.
524 |
525 | Each version is given a distinguishing version number. If the Program specifies
526 | that a certain numbered version of the GNU General Public License "or any
527 | later version" applies to it, you have the option of following the terms and
528 | conditions either of that numbered version or of any later version published
529 | by the Free Software Foundation. If the Program does not specify a version
530 | number of the GNU General Public License, you may choose any version ever
531 | published by the Free Software Foundation.
532 |
533 | If the Program specifies that a proxy can decide which future versions of
534 | the GNU General Public License can be used, that proxy's public statement
535 | of acceptance of a version permanently authorizes you to choose that version
536 | for the Program.
537 |
538 | Later license versions may give you additional or different permissions. However,
539 | no additional obligations are imposed on any author or copyright holder as
540 | a result of your choosing to follow a later version.
541 |
542 | 15. Disclaimer of Warranty.
543 |
544 | THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE
545 | LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR
546 | OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER
547 | EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
548 | OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
549 | TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM
550 | PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR
551 | CORRECTION.
552 |
553 | 16. Limitation of Liability.
554 |
555 | IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL
556 | ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS THE PROGRAM
557 | AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL,
558 | INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO
559 | USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED
560 | INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE
561 | PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER
562 | PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
563 |
564 | 17. Interpretation of Sections 15 and 16.
565 |
566 | If the disclaimer of warranty and limitation of liability provided above cannot
567 | be given local legal effect according to their terms, reviewing courts shall
568 | apply local law that most closely approximates an absolute waiver of all civil
569 | liability in connection with the Program, unless a warranty or assumption
570 | of liability accompanies a copy of the Program in return for a fee. END OF
571 | TERMS AND CONDITIONS
572 |
573 | How to Apply These Terms to Your New Programs
574 |
575 | If you develop a new program, and you want it to be of the greatest possible
576 | use to the public, the best way to achieve this is to make it free software
577 | which everyone can redistribute and change under these terms.
578 |
579 | To do so, attach the following notices to the program. It is safest to attach
580 | them to the start of each source file to most effectively state the exclusion
581 | of warranty; and each file should have at least the "copyright" line and a
582 | pointer to where the full notice is found.
583 |
584 |
585 |
586 | Copyright (C)
587 |
588 | This program is free software: you can redistribute it and/or modify it under
589 | the terms of the GNU General Public License as published by the Free Software
590 | Foundation, either version 3 of the License, or (at your option) any later
591 | version.
592 |
593 | This program is distributed in the hope that it will be useful, but WITHOUT
594 | ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
595 | FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
596 |
597 | You should have received a copy of the GNU General Public License along with
598 | this program. If not, see .
599 |
600 | Also add information on how to contact you by electronic and paper mail.
601 |
602 | If the program does terminal interaction, make it output a short notice like
603 | this when it starts in an interactive mode:
604 |
605 | Copyright (C)
606 |
607 | This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
608 |
609 | This is free software, and you are welcome to redistribute it under certain
610 | conditions; type `show c' for details.
611 |
612 | The hypothetical commands `show w' and `show c' should show the appropriate
613 | parts of the General Public License. Of course, your program's commands might
614 | be different; for a GUI interface, you would use an "about box".
615 |
616 | You should also get your employer (if you work as a programmer) or school,
617 | if any, to sign a "copyright disclaimer" for the program, if necessary. For
618 | more information on this, and how to apply and follow the GNU GPL, see .
619 |
620 | The GNU General Public License does not permit incorporating your program
621 | into proprietary programs. If your program is a subroutine library, you may
622 | consider it more useful to permit linking proprietary applications with the
623 | library. If this is what you want to do, use the GNU Lesser General Public
624 | License instead of this License. But first, please read .
626 |
--------------------------------------------------------------------------------