From d989d76c744b70da0a0ff9fbdc58010d3bc8c344 Mon Sep 17 00:00:00 2001
From: Nurlan Moldomurov <nurlan.moldomurov@percona.com>
Date: Thu, 23 Jan 2025 15:15:58 +0300
Subject: [PATCH 1/2] PMM-13679 Fix postgres directory ownership. (#3479)

(cherry picked from commit 3346e2a2f43fa4b3ce4b0bd5b2bd41514eb34850)
---
 build/ansible/roles/postgres/tasks/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build/ansible/roles/postgres/tasks/main.yml b/build/ansible/roles/postgres/tasks/main.yml
index d308d17a18..18ac499c02 100644
--- a/build/ansible/roles/postgres/tasks/main.yml
+++ b/build/ansible/roles/postgres/tasks/main.yml
@@ -42,7 +42,7 @@
     state: directory
     owner: pmm
     group: pmm
-    mode: 0766
+    mode: 0700
 
 - name: Initialize Postgres database
   command: /usr/pgsql-14/bin/initdb -D /srv/postgres14 --auth=trust

From 6aa11148132ff5fb9782a3d7c05a3906abadf1ec Mon Sep 17 00:00:00 2001
From: Talha Bin Rizwan <talha.rizwan@percona.com>
Date: Sun, 9 Feb 2025 16:29:29 +0500
Subject: [PATCH 2/2] HD-26283 Fix removal of default vagrant user for OVA
 (#3596)

* PMM-7 Fix removal of default vagrant user.

* PMM-7 Fix removal of default vagrant user.
---
 build/Makefile                                | 13 +++++--
 .../ansible/roles/ami-ovf/tasks/main.yml      | 34 +++++++++++++++++++
 2 files changed, 45 insertions(+), 2 deletions(-)

diff --git a/build/Makefile b/build/Makefile
index 667eb33d7d..548e288da0 100644
--- a/build/Makefile
+++ b/build/Makefile
@@ -13,13 +13,22 @@ fetch:
 		-o ${PACKER_CACHE_DIR}/id_rsa_vagrant
 	chmod 600 ${PACKER_CACHE_DIR}/id_rsa_vagrant
 
-	# Add the box using Vagrant
+	test -f ${PACKER_CACHE_DIR}/box/oracle9.ova \
+			|| curl -fL https://pmm-build-cache.s3.us-east-2.amazonaws.com/VBOXES/oracle9-202407.23.0.box -o ${PACKER_CACHE_DIR}/box/oracle9.ova
+
 	test -f ${PACKER_CACHE_DIR}/box/box.ovf \
-		|| VAGRANT_HOME=${PACKER_CACHE_DIR}/box vagrant box add bento/oraclelinux-9 --box-version ${BOX_VERSION} --provider virtualbox
+			|| tar -C ${PACKER_CACHE_DIR}/box -xvf ${PACKER_CACHE_DIR}/box/oracle9.ova
 
 	test -f ${PACKER_CACHE_DIR}/box/box.ovf \
 		|| cp -rp ${PACKER_CACHE_DIR}/box/boxes/bento-VAGRANTSLASH-oraclelinux-9/${BOX_VERSION}/amd64/virtualbox/* ${PACKER_CACHE_DIR}/box
 
+	# # Add the box using Vagrant
+	# test -f ${PACKER_CACHE_DIR}/box/box.ovf \
+	# 	|| VAGRANT_HOME=${PACKER_CACHE_DIR}/box vagrant box add bento/oraclelinux-9 --box-version ${BOX_VERSION} --provider virtualbox
+
+	# test -f ${PACKER_CACHE_DIR}/box/box.ovf \
+	# 	|| cp -rp ${PACKER_CACHE_DIR}/box/boxes/bento-VAGRANTSLASH-oraclelinux-9/${BOX_VERSION}/amd64/virtualbox/* ${PACKER_CACHE_DIR}/box
+
 deps:
 	mkdir -p ${PACKER_CACHE_DIR} ~/bin || :
 	curl -fL https://releases.hashicorp.com/packer/${PACKER_VERSION}/packer_${PACKER_VERSION}_linux_amd64.zip -o ${PACKER_CACHE_DIR}/packer.zip
diff --git a/build/packer/ansible/roles/ami-ovf/tasks/main.yml b/build/packer/ansible/roles/ami-ovf/tasks/main.yml
index 35b0644261..2fa57d22f5 100644
--- a/build/packer/ansible/roles/ami-ovf/tasks/main.yml
+++ b/build/packer/ansible/roles/ami-ovf/tasks/main.yml
@@ -10,3 +10,37 @@
 
 - name: PMM                        | Delete Azure user
   shell: cd /tmp; nohup sh -c "trap '/usr/sbin/waagent -force -deprovision+user && sync' EXIT; sleep 600" </dev/null >/dev/null 2>&1 &
+
+- name: Lock vagrant user
+  ansible.builtin.user:
+    name: vagrant
+    password_lock: true
+  when: ansible_virtualization_type == "virtualbox"
+
+- name: Configure systemd service to remove vagrant user
+  block:
+    - name: Create systemd service file
+      copy:
+        dest: /etc/systemd/system/remove-vagrant.service
+        content: |
+          [Unit]
+          Description=Remove vagrant user on first boot
+          After=multi-user.target
+
+          [Service]
+          Type=oneshot
+          ExecStart=/usr/sbin/userdel -r vagrant
+          ExecStartPost=/usr/bin/touch /etc/remove-vagrant-done
+
+          [Install]
+          WantedBy=multi-user.target
+          ConditionPathExists=!/etc/remove-vagrant-done
+
+    - name: Reload systemd to recognize the new service
+      command: systemctl daemon-reload
+
+    - name: Enable the remove-vagrant service
+      systemd:
+        name: remove-vagrant
+        enabled: true
+  when: ansible_virtualization_type == "virtualbox"