| |
@@ -4,9 +4,6 @@
|
| |
# keys. Cloud-init creates a user account named "fedora" with passwordless
|
| |
# sudo access. The root password is empty and locked by default.
|
| |
#
|
| |
- # Note that unlike the standard Fedora install, this image has /tmp on disk
|
| |
- # rather than in tmpfs, since memory is usually at a premium.
|
| |
- #
|
| |
# This kickstart file is designed to be used with ImageFactory (in Koji).
|
| |
#
|
| |
# To do a local build, you'll need to install ImageFactory. See
|
| |
@@ -37,7 +34,6 @@
|
| |
# We pass net.ifnames=0 because we always want to use eth0 here on all the cloud images.
|
| |
bootloader --timeout=1 --append="no_timer_check net.ifnames=0 console=tty1 console=ttyS0,115200n8"
|
| |
|
| |
- network --bootproto=dhcp --device=link --activate --onboot=on
|
| |
services --enabled=sshd,cloud-init,cloud-init-local,cloud-config,cloud-final
|
| |
|
| |
zerombr
|
| |
@@ -48,219 +44,78 @@
|
| |
|
| |
reboot
|
| |
|
| |
- # Package list.
|
| |
- # FIXME: instLangs does not work, so there's a hack below
|
| |
- # (see https://bugzilla.redhat.com/show_bug.cgi?id=1051816)
|
| |
- # FIXME: instLangs bug has been fixed but now having instLangs
|
| |
- # with an arg causes no langs to get installed because of BZ1262040
|
| |
- # which yields the errors in BZ1261249. For now fix by not using
|
| |
- # --instLangs at all
|
| |
- #%packages --instLangs=en
|
| |
- %packages
|
| |
+ ##### begin package list #############################################
|
| |
+ %packages --instLangs=en
|
| |
|
| |
- kernel-core
|
| |
+ # Include packages for the cloud-server-environment group
|
| |
@^cloud-server-environment
|
| |
- # Need to pull in the udev subpackage
|
| |
- systemd-udev
|
| |
|
| |
- # after move away from grub2 - let's add 'which' back
|
| |
- which
|
| |
+ # Don't include the kernel toplevel package since it pulls in
|
| |
+ # kernel-modules. We're happy for now with kernel-core.
|
| |
+ -kernel
|
| |
+ kernel-core
|
| |
|
| |
- # rescue mode generally isn't useful in the cloud context
|
| |
+ # Don't include dracut-config-rescue. It will have dracut generate a
|
| |
+ # "rescue" entry in the grub menu, but that also means there is a
|
| |
+ # rescue kernel and initramfs that get created, which (currently) add
|
| |
+ # about another 40MiB to the /boot/ partition. Also the "rescue" mode
|
| |
+ # is generally not useful in the cloud.
|
| |
-dracut-config-rescue
|
| |
|
| |
- # Some things from @core we can do without in a minimal install
|
| |
- -biosdevname
|
| |
- # Need to also add back plymouth in order to mask failure of
|
| |
- # systemd-vconsole-setup.service. BZ#1272684. Comment out for now
|
| |
- #-plymouth
|
| |
- -iprutils
|
| |
- # Now that BZ#1199868 is fixed kbd really gets removed but it breaks
|
| |
- # systemd-vconsole-setup.service on boot. Comment out for now
|
| |
- #-kbd
|
| |
- -uboot-tools
|
| |
- -kernel
|
| |
- # No need for plymouth. Also means anaconda won't put rhgb/quiet
|
| |
- # on kernel command line
|
| |
+ # Plymouth provides a graphical boot animation. In the cloud we don't
|
| |
+ # need a graphical boot animation. This also means anaconda won't put
|
| |
+ # rhgb/quiet on kernel command line
|
| |
-plymouth
|
| |
+
|
| |
+ # No need for firewalld for now. We don't have a firewall on by default.
|
| |
+ -firewalld
|
| |
+
|
| |
# noswap on Cloud for now
|
| |
-zram-generator-defaults
|
| |
|
| |
+ # Don't include the geolite2 databases, which end up with 66MiB
|
| |
+ # in /usr/share/GeoIP
|
| |
+ -geolite2-country
|
| |
+ -geolite2-city
|
| |
%end
|
| |
+ ##### end package list ###############################################
|
| |
|
| |
|
| |
-
|
| |
+ ##### begin kickstart post ###########################################
|
| |
%post --erroronfail
|
| |
|
| |
- # Create grub.conf for EC2. This used to be done by appliance creator but
|
| |
- # anaconda doesn't do it. And, in case appliance-creator is used, we're
|
| |
- # overriding it here so that both cases get the exact same file.
|
| |
- # Note that the console line is different -- that's because EC2 provides
|
| |
- # different virtual hardware, and this is a convenient way to act differently
|
| |
- echo -n "Creating grub.conf for pvgrub"
|
| |
- rootuuid=$( awk '$2=="/" { print $1 };' /etc/fstab )
|
| |
- mkdir /boot/grub
|
| |
- echo -e 'default=0\ntimeout=0\n\n' > /boot/grub/grub.conf
|
| |
- for kv in $( ls -1v /boot/vmlinuz* |grep -v rescue |sed s/.*vmlinuz-// ); do
|
| |
- echo "title Fedora ($kv)" >> /boot/grub/grub.conf
|
| |
- echo -e "\troot (hd0,0)" >> /boot/grub/grub.conf
|
| |
- echo -e "\tkernel /boot/vmlinuz-$kv ro root=$rootuuid no_timer_check console=hvc0 LANG=en_US.UTF-8" >> /boot/grub/grub.conf
|
| |
- echo -e "\tinitrd /boot/initramfs-$kv.img" >> /boot/grub/grub.conf
|
| |
- echo
|
| |
- done
|
| |
-
|
| |
-
|
| |
- #link grub.conf to menu.lst for ec2 to work
|
| |
- echo -n "Linking menu.lst to old-style grub.conf for pv-grub"
|
| |
- ln -sf grub.conf /boot/grub/menu.lst
|
| |
- ln -sf /boot/grub/grub.conf /etc/grub.conf
|
| |
-
|
| |
- # older versions of livecd-tools do not follow "rootpw --lock" line above
|
| |
- # https://bugzilla.redhat.com/show_bug.cgi?id=964299
|
| |
- passwd -l root
|
| |
-
|
| |
- # setup systemd to boot to the right runlevel
|
| |
- echo -n "Setting default runlevel to multiuser text mode"
|
| |
- rm -f /etc/systemd/system/default.target
|
| |
- ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
|
| |
- echo .
|
| |
-
|
| |
- # this is installed by default but we don't need it in virt
|
| |
- # Commenting out the following for #1234504
|
| |
- # rpm works just fine for removing this, no idea why dnf can't cope
|
| |
+ # linux-firmware is installed by default and is quite large. As of mid 2020:
|
| |
+ # Total download size: 97 M
|
| |
+ # Installed size: 268 M
|
| |
+ # So far we've been fine shipping without it so let's continue.
|
| |
+ # More discussion about this in #1234504.
|
| |
echo "Removing linux-firmware package."
|
| |
rpm -e linux-firmware
|
| |
|
| |
- # Remove firewalld; was supposed to be optional in F18+, but is pulled in
|
| |
- # in install/image building.
|
| |
- echo "Removing firewalld."
|
| |
- # FIXME! clean_requirements_on_remove is the default with DNF, but may
|
| |
- # not work when package was installed by Anaconda instead of command line.
|
| |
- # Also -- check if this is still even needed with new anaconda -- disabled
|
| |
- # firewall should _not_ pull in this package.
|
| |
- # dnf -C -y remove "firewalld*" --setopt="clean_requirements_on_remove=1"
|
| |
- dnf -C -y erase "firewalld*"
|
| |
-
|
| |
- # Another one needed at install time but not after that, and it pulls
|
| |
- # in some unneeded deps (like, newt and slang)
|
| |
- echo "Removing authconfig."
|
| |
- dnf -C -y erase authconfig
|
| |
-
|
| |
- # instlang hack. (Note! See bug referenced above package list)
|
| |
- find /usr/share/locale -mindepth 1 -maxdepth 1 -type d -not -name en_US -exec rm -rf {} +
|
| |
- localedef --list-archive | grep -v ^en_US | xargs localedef --delete-from-archive
|
| |
- # this will kill a live system (since it's memory mapped) but should be safe offline
|
| |
- mv -f /usr/lib/locale/locale-archive /usr/lib/locale/locale-archive.tmpl
|
| |
- build-locale-archive
|
| |
- echo '%_install_langs C:en:en_US:en_US.UTF-8' >> /etc/rpm/macros.image-language-conf
|
| |
-
|
| |
-
|
| |
- echo -n "Getty fixes"
|
| |
- # although we want console output going to the serial console, we don't
|
| |
- # actually have the opportunity to login there. FIX.
|
| |
- # we don't really need to auto-spawn _any_ gettys.
|
| |
- sed -i '/^#NAutoVTs=.*/ a\
|
| |
- NAutoVTs=0' /etc/systemd/logind.conf
|
| |
-
|
| |
- echo -n "Network fixes"
|
| |
- # initscripts don't like this file to be missing.
|
| |
- # and https://bugzilla.redhat.com/show_bug.cgi?id=1204612
|
| |
- cat > /etc/sysconfig/network << EOF
|
| |
- NETWORKING=yes
|
| |
- NOZEROCONF=yes
|
| |
- DEVTIMEOUT=10
|
| |
- EOF
|
| |
-
|
| |
- # simple eth0 config, again not hard-coded to the build hardware
|
| |
- cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
|
| |
- DEVICE="eth0"
|
| |
- BOOTPROTO="dhcp"
|
| |
- ONBOOT="yes"
|
| |
- TYPE="Ethernet"
|
| |
- PERSISTENT_DHCLIENT="yes"
|
| |
- EOF
|
| |
-
|
| |
- # generic localhost names
|
| |
- cat > /etc/hosts << EOF
|
| |
- 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
|
| |
- ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
|
| |
-
|
| |
- EOF
|
| |
- echo .
|
| |
-
|
| |
-
|
| |
- # Because memory is scarce resource in most cloud/virt environments,
|
| |
- # and because this impedes forensics, we are differing from the Fedora
|
| |
- # default of having /tmp on tmpfs.
|
| |
- echo "Disabling tmpfs for /tmp."
|
| |
- systemctl mask tmp.mount
|
| |
-
|
| |
- # make sure firstboot doesn't start
|
| |
- echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot
|
| |
-
|
| |
- # Uncomment this if you want to use cloud init but suppress the creation
|
| |
- # of an "ec2-user" account. This will, in the absence of further config,
|
| |
- # cause the ssh key from a metadata source to be put in the root account.
|
| |
- #cat <<EOF > /etc/cloud/cloud.cfg.d/50_suppress_ec2-user_use_root.cfg
|
| |
- #users: []
|
| |
- #disable_root: 0
|
| |
- #EOF
|
| |
-
|
| |
+ # See the systemd-random-seed.service man page that says:
|
| |
+ # " It is recommended to remove the random seed from OS images intended
|
| |
+ # for replication on multiple systems"
|
| |
echo "Removing random-seed so it's not the same in every image."
|
| |
rm -f /var/lib/systemd/random-seed
|
| |
|
| |
- echo "Cleaning old dnf repodata."
|
| |
- # FIXME: clear history?
|
| |
- dnf clean all
|
| |
- truncate -c -s 0 /var/log/dnf.log
|
| |
- truncate -c -s 0 /var/log/dnf.rpm.log
|
| |
-
|
| |
echo "Import RPM GPG key"
|
| |
releasever=$(rpm --eval '%{fedora}')
|
| |
basearch=$(uname -i)
|
| |
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
|
| |
|
| |
- echo "Packages within this cloud image:"
|
| |
- echo "-----------------------------------------------------------------------"
|
| |
- rpm -qa --qf '%{size}\t%{name}-%{version}-%{release}.%{arch}\n' |sort -rn
|
| |
- echo "-----------------------------------------------------------------------"
|
| |
- # Note that running rpm recreates the rpm db files which aren't needed/wanted
|
| |
- rm -f /var/lib/rpm/__db*
|
| |
-
|
| |
- # FIXME: is this still needed?
|
| |
- echo "Fixing SELinux contexts."
|
| |
- touch /var/log/cron
|
| |
- touch /var/log/boot.log
|
| |
- # ignore return code because UEFI systems with vfat filesystems
|
| |
- # that don't support selinux will give us errors
|
| |
- /usr/sbin/fixfiles -R -a restore || true
|
| |
-
|
| |
echo "Zeroing out empty space."
|
| |
# This forces the filesystem to reclaim space from deleted files
|
| |
dd bs=1M if=/dev/zero of=/var/tmp/zeros || :
|
| |
rm -f /var/tmp/zeros
|
| |
echo "(Don't worry -- that out-of-space error was expected.)"
|
| |
|
| |
- # When we build the image with oz, dracut is used
|
| |
- # and sets up a ifcfg-en<whatever> for the device. We don't
|
| |
- # want to use this, we use eth0 so it is always the same.
|
| |
- # So we remove all these ifcfg-en<whatever> devices so
|
| |
- # The 'network' service can come up cleanly.
|
| |
- rm -f /etc/sysconfig/network-scripts/ifcfg-en*
|
| |
-
|
| |
- # Enable network service here, as doing it in the services line
|
| |
- # fails due to RHBZ #1369794
|
| |
- /sbin/chkconfig network on
|
| |
+ # When we build the image a networking config file gets left behind.
|
| |
+ # Let's clean it up.
|
| |
+ echo "Cleanup leftover networking configuration"
|
| |
+ rm -f /etc/NetworkManager/system-connections/*.nmconnection
|
| |
|
| |
- # Remove machine-id on pre generated images
|
| |
- rm -f /etc/machine-id
|
| |
- touch /etc/machine-id
|
| |
-
|
| |
- # Anaconda is writing an /etc/resolv.conf from the install environment.
|
| |
- # The system should start out with an empty file, otherwise cloud-init
|
| |
- # will try to use this information and may error:
|
| |
- # https://bugs.launchpad.net/cloud-init/+bug/1670052
|
| |
- truncate -s 0 /etc/resolv.conf
|
| |
+ # Clear machine-id on pre generated images
|
| |
+ truncate -s 0 /etc/machine-id
|
| |
|
| |
%end
|
| |
-
|
| |
+ ##### end kickstart post ############################################
|
| |
F33 version of https://pagure.io/fedora-kickstarts/pull-request/679