Skip to content

Commit 9d56a79

Browse files
committed
fix: align 90-cleanup.sh with 90-cleanup-qemu.sh for SSH stability
Key changes: - Set multi-user.target as default boot target to prevent graphical boot issues - Move apt-get update/upgrade to after autoremove (matching qemu script order) - Protect libevent-2.1-7t64 from autoremove (needed by PgBouncer) - Add journalctl cleanup commands for proper log rotation - Add fstrim at end to optimize disk These changes align the AWS AMI cleanup script with the QEMU cleanup script which has been working. The most critical fix is setting multi-user.target as default, which ensures the system boots properly for SSH access.
1 parent 471933c commit 9d56a79

1 file changed

Lines changed: 20 additions & 3 deletions

File tree

scripts/90-cleanup.sh

Lines changed: 20 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -42,8 +42,8 @@ elif [ -n "$(command -v apt-get)" ]; then
4242

4343
source /etc/os-release
4444

45-
apt-get -y update
46-
apt-get -y upgrade
45+
# Protect critical runtime packages from autoremove
46+
apt-mark manual libevent-2.1-7t64
4747

4848
# Ensure cloud-init and openssh-server are installed
4949
# They may have been removed as dependencies during package cleanup
@@ -57,18 +57,34 @@ elif [ -n "$(command -v apt-get)" ]; then
5757

5858
apt-get -y autoremove
5959
apt-get -y autoclean
60+
61+
apt-get -y update
62+
apt-get -y upgrade
6063
fi
64+
65+
# Set multi-user target (non-graphical) as default
66+
systemctl set-default multi-user.target
67+
systemctl disable getty@tty1.service
68+
systemctl mask getty@tty1.service
69+
systemctl mask graphical.target
70+
6171
rm -rf /tmp/* /var/tmp/*
6272
history -c
6373
cat /dev/null > /root/.bash_history
6474
unset HISTFILE
75+
76+
journalctl --rotate
77+
journalctl --vacuum-time=1s
6578
find /var/log -mtime -1 -type f -exec truncate -s 0 {} \;
6679
rm -rf /var/log/*.gz /var/log/*.[0-9] /var/log/*-????????
6780
rm -rf /var/lib/cloud/instances/*
6881
rm -f /root/.ssh/authorized_keys /etc/ssh/*key*
6982
touch /etc/ssh/revoked_keys
7083
chmod 600 /etc/ssh/revoked_keys
7184

85+
cat /dev/null > /var/log/lastlog
86+
cat /dev/null > /var/log/wtmp
87+
7288
# Securely erase the unused portion of the filesystem
7389
GREEN='\033[0;32m'
7490
NC='\033[0m'
@@ -87,4 +103,5 @@ dd if=/dev/zero of=/zerofile &
87103
sleep 5
88104
done
89105
sync; rm /zerofile; sync
90-
cat /dev/null > /var/log/lastlog; cat /dev/null > /var/log/wtmp
106+
107+
fstrim /

0 commit comments

Comments
 (0)