From 3adfb2feec180b9435354447f02d361f8dc601bd Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Sep 04 2020 17:46:12 +0000 Subject: [PATCH 1/7] cloud: remove a bunch of cruft Pretty much all of it is obsolete or not needed any longer because bugs were fixed at one time or another. (cherry picked from commit c94861c9e8589c19bafd202ac14d53c70c3153bd) --- diff --git a/fedora-cloud-base.ks b/fedora-cloud-base.ks index e2d0bf2..21294ae 100644 --- a/fedora-cloud-base.ks +++ b/fedora-cloud-base.ks @@ -4,9 +4,6 @@ # keys. Cloud-init creates a user account named "fedora" with passwordless # sudo access. The root password is empty and locked by default. # -# Note that unlike the standard Fedora install, this image has /tmp on disk -# rather than in tmpfs, since memory is usually at a premium. -# # This kickstart file is designed to be used with ImageFactory (in Koji). # # To do a local build, you'll need to install ImageFactory. See @@ -92,38 +89,6 @@ which %post --erroronfail -# Create grub.conf for EC2. This used to be done by appliance creator but -# anaconda doesn't do it. And, in case appliance-creator is used, we're -# overriding it here so that both cases get the exact same file. -# Note that the console line is different -- that's because EC2 provides -# different virtual hardware, and this is a convenient way to act differently -echo -n "Creating grub.conf for pvgrub" -rootuuid=$( awk '$2=="/" { print $1 };' /etc/fstab ) -mkdir /boot/grub -echo -e 'default=0\ntimeout=0\n\n' > /boot/grub/grub.conf -for kv in $( ls -1v /boot/vmlinuz* |grep -v rescue |sed s/.*vmlinuz-// ); do - echo "title Fedora ($kv)" >> /boot/grub/grub.conf - echo -e "\troot (hd0,0)" >> /boot/grub/grub.conf - echo -e "\tkernel /boot/vmlinuz-$kv ro root=$rootuuid no_timer_check console=hvc0 LANG=en_US.UTF-8" >> /boot/grub/grub.conf - echo -e "\tinitrd /boot/initramfs-$kv.img" >> /boot/grub/grub.conf - echo -done - - -#link grub.conf to menu.lst for ec2 to work -echo -n "Linking menu.lst to old-style grub.conf for pv-grub" -ln -sf grub.conf /boot/grub/menu.lst -ln -sf /boot/grub/grub.conf /etc/grub.conf - -# older versions of livecd-tools do not follow "rootpw --lock" line above -# https://bugzilla.redhat.com/show_bug.cgi?id=964299 -passwd -l root - -# setup systemd to boot to the right runlevel -echo -n "Setting default runlevel to multiuser text mode" -rm -f /etc/systemd/system/default.target -ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target -echo . # this is installed by default but we don't need it in virt # Commenting out the following for #1234504 @@ -141,11 +106,6 @@ echo "Removing firewalld." # dnf -C -y remove "firewalld*" --setopt="clean_requirements_on_remove=1" dnf -C -y erase "firewalld*" -# Another one needed at install time but not after that, and it pulls -# in some unneeded deps (like, newt and slang) -echo "Removing authconfig." -dnf -C -y erase authconfig - # instlang hack. (Note! See bug referenced above package list) find /usr/share/locale -mindepth 1 -maxdepth 1 -type d -not -name en_US -exec rm -rf {} + localedef --list-archive | grep -v ^en_US | xargs localedef --delete-from-archive @@ -155,12 +115,6 @@ build-locale-archive echo '%_install_langs C:en:en_US:en_US.UTF-8' >> /etc/rpm/macros.image-language-conf -echo -n "Getty fixes" -# although we want console output going to the serial console, we don't -# actually have the opportunity to login there. FIX. -# we don't really need to auto-spawn _any_ gettys. -sed -i '/^#NAutoVTs=.*/ a\ -NAutoVTs=0' /etc/systemd/logind.conf echo -n "Network fixes" # initscripts don't like this file to be missing. @@ -189,52 +143,14 @@ EOF echo . -# Because memory is scarce resource in most cloud/virt environments, -# and because this impedes forensics, we are differing from the Fedora -# default of having /tmp on tmpfs. -echo "Disabling tmpfs for /tmp." -systemctl mask tmp.mount - -# make sure firstboot doesn't start -echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot - -# Uncomment this if you want to use cloud init but suppress the creation -# of an "ec2-user" account. This will, in the absence of further config, -# cause the ssh key from a metadata source to be put in the root account. -#cat < /etc/cloud/cloud.cfg.d/50_suppress_ec2-user_use_root.cfg -#users: [] -#disable_root: 0 -#EOF - echo "Removing random-seed so it's not the same in every image." rm -f /var/lib/systemd/random-seed -echo "Cleaning old dnf repodata." -# FIXME: clear history? -dnf clean all -truncate -c -s 0 /var/log/dnf.log -truncate -c -s 0 /var/log/dnf.rpm.log - echo "Import RPM GPG key" releasever=$(rpm --eval '%{fedora}') basearch=$(uname -i) rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch -echo "Packages within this cloud image:" -echo "-----------------------------------------------------------------------" -rpm -qa --qf '%{size}\t%{name}-%{version}-%{release}.%{arch}\n' |sort -rn -echo "-----------------------------------------------------------------------" -# Note that running rpm recreates the rpm db files which aren't needed/wanted -rm -f /var/lib/rpm/__db* - -# FIXME: is this still needed? -echo "Fixing SELinux contexts." -touch /var/log/cron -touch /var/log/boot.log -# ignore return code because UEFI systems with vfat filesystems -# that don't support selinux will give us errors -/usr/sbin/fixfiles -R -a restore || true - echo "Zeroing out empty space." # This forces the filesystem to reclaim space from deleted files dd bs=1M if=/dev/zero of=/var/tmp/zeros || : @@ -248,19 +164,10 @@ echo "(Don't worry -- that out-of-space error was expected.)" # The 'network' service can come up cleanly. rm -f /etc/sysconfig/network-scripts/ifcfg-en* -# Enable network service here, as doing it in the services line -# fails due to RHBZ #1369794 -/sbin/chkconfig network on - # Remove machine-id on pre generated images rm -f /etc/machine-id touch /etc/machine-id -# Anaconda is writing an /etc/resolv.conf from the install environment. -# The system should start out with an empty file, otherwise cloud-init -# will try to use this information and may error: -# https://bugs.launchpad.net/cloud-init/+bug/1670052 -truncate -s 0 /etc/resolv.conf %end From 11732dafb1f9f9f5459a9c060d88a8693442c0e2 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Sep 04 2020 17:46:12 +0000 Subject: [PATCH 2/7] cloud: clean up networking configuration We're no longer using legacy network scripts to bring up networking. We're using NetworkManager and now in F33+ networkmanager will even default to writing out new configuration as NM keyfiles in /etc/NetworkManager/system-connections/. We don't need to lay down a networking config for eth0. Either cloud-init will do that for us or NetworkManager will default to DHCP anyway. We also don't need to populate /etc/hosts as that will get done on boot too with the same content we were writing there already. (cherry picked from commit 54d53e8439445e4340e86f3274bf3440158997cf) --- diff --git a/fedora-cloud-base.ks b/fedora-cloud-base.ks index 21294ae..df7cb5d 100644 --- a/fedora-cloud-base.ks +++ b/fedora-cloud-base.ks @@ -34,7 +34,6 @@ firewall --disabled # We pass net.ifnames=0 because we always want to use eth0 here on all the cloud images. bootloader --timeout=1 --append="no_timer_check net.ifnames=0 console=tty1 console=ttyS0,115200n8" -network --bootproto=dhcp --device=link --activate --onboot=on services --enabled=sshd,cloud-init,cloud-init-local,cloud-config,cloud-final zerombr @@ -116,32 +115,6 @@ echo '%_install_langs C:en:en_US:en_US.UTF-8' >> /etc/rpm/macros.image-language- -echo -n "Network fixes" -# initscripts don't like this file to be missing. -# and https://bugzilla.redhat.com/show_bug.cgi?id=1204612 -cat > /etc/sysconfig/network << EOF -NETWORKING=yes -NOZEROCONF=yes -DEVTIMEOUT=10 -EOF - -# simple eth0 config, again not hard-coded to the build hardware -cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF -DEVICE="eth0" -BOOTPROTO="dhcp" -ONBOOT="yes" -TYPE="Ethernet" -PERSISTENT_DHCLIENT="yes" -EOF - -# generic localhost names -cat > /etc/hosts << EOF -127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 -::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 - -EOF -echo . - echo "Removing random-seed so it's not the same in every image." rm -f /var/lib/systemd/random-seed @@ -157,12 +130,10 @@ dd bs=1M if=/dev/zero of=/var/tmp/zeros || : rm -f /var/tmp/zeros echo "(Don't worry -- that out-of-space error was expected.)" -# When we build the image with oz, dracut is used -# and sets up a ifcfg-en for the device. We don't -# want to use this, we use eth0 so it is always the same. -# So we remove all these ifcfg-en devices so -# The 'network' service can come up cleanly. -rm -f /etc/sysconfig/network-scripts/ifcfg-en* +# When we build the image a networking config file gets left behind. +# Let's clean it up. +echo "Cleanup leftover networking configuration" +rm -f /etc/NetworkManager/system-connections/*.nmconnection # Remove machine-id on pre generated images rm -f /etc/machine-id From 65794f790286b6d7f72a49eec1e39947acd5b68b Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Sep 04 2020 17:46:12 +0000 Subject: [PATCH 3/7] cloud: remove instLang hacks `%packages --instLangs=en` works as intended now. (cherry picked from commit 10573df5c2cb145488c408b42b1d84839b5f5c94) --- diff --git a/fedora-cloud-base.ks b/fedora-cloud-base.ks index df7cb5d..8a5f453 100644 --- a/fedora-cloud-base.ks +++ b/fedora-cloud-base.ks @@ -45,14 +45,7 @@ autopart --noboot --nohome --noswap --nolvm reboot # Package list. -# FIXME: instLangs does not work, so there's a hack below -# (see https://bugzilla.redhat.com/show_bug.cgi?id=1051816) -# FIXME: instLangs bug has been fixed but now having instLangs -# with an arg causes no langs to get installed because of BZ1262040 -# which yields the errors in BZ1261249. For now fix by not using -# --instLangs at all -#%packages --instLangs=en -%packages +%packages --instLangs=en kernel-core @^cloud-server-environment @@ -105,17 +98,6 @@ echo "Removing firewalld." # dnf -C -y remove "firewalld*" --setopt="clean_requirements_on_remove=1" dnf -C -y erase "firewalld*" -# instlang hack. (Note! See bug referenced above package list) -find /usr/share/locale -mindepth 1 -maxdepth 1 -type d -not -name en_US -exec rm -rf {} + -localedef --list-archive | grep -v ^en_US | xargs localedef --delete-from-archive -# this will kill a live system (since it's memory mapped) but should be safe offline -mv -f /usr/lib/locale/locale-archive /usr/lib/locale/locale-archive.tmpl -build-locale-archive -echo '%_install_langs C:en:en_US:en_US.UTF-8' >> /etc/rpm/macros.image-language-conf - - - - echo "Removing random-seed so it's not the same in every image." rm -f /var/lib/systemd/random-seed From e4b784272be481599ced2852bd5834cfcadd7232 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Sep 04 2020 17:46:12 +0000 Subject: [PATCH 4/7] cloud: rework package list, add comments This reworks the package list to add comments and remove some things that didn't need to be explicitly removed. - remove +systemd-udev -> already included by default - remove -biosdevname -> not included by default - remove -iprutils -> not included by default - remove -uboot-tools -> not included by default There are no packages added or removed from the built cloud image as part of this change. Just updating the input package list to be more meaningful. (cherry picked from commit 4a6850e465f0d17841a4794ac3ed67f0a30345f6) --- diff --git a/fedora-cloud-base.ks b/fedora-cloud-base.ks index 8a5f453..0a7d13f 100644 --- a/fedora-cloud-base.ks +++ b/fedora-cloud-base.ks @@ -44,38 +44,33 @@ autopart --noboot --nohome --noswap --nolvm reboot -# Package list. +##### begin package list ############################################# %packages --instLangs=en -kernel-core +# Include packages for the cloud-server-environment group @^cloud-server-environment -# Need to pull in the udev subpackage -systemd-udev -# after move away from grub2 - let's add 'which' back -which +# Don't include the kernel toplevel package since it pulls in +# kernel-modules. We're happy for now with kernel-core. +-kernel +kernel-core -# rescue mode generally isn't useful in the cloud context +# Don't include dracut-config-rescue. It will have dracut generate a +# "rescue" entry in the grub menu, but that also means there is a +# rescue kernel and initramfs that get created, which (currently) add +# about another 40MiB to the /boot/ partition. Also the "rescue" mode +# is generally not useful in the cloud. -dracut-config-rescue -# Some things from @core we can do without in a minimal install --biosdevname -# Need to also add back plymouth in order to mask failure of -# systemd-vconsole-setup.service. BZ#1272684. Comment out for now -#-plymouth --iprutils -# Now that BZ#1199868 is fixed kbd really gets removed but it breaks -# systemd-vconsole-setup.service on boot. Comment out for now -#-kbd --uboot-tools --kernel -# No need for plymouth. Also means anaconda won't put rhgb/quiet -# on kernel command line +# Plymouth provides a graphical boot animation. In the cloud we don't +# need a graphical boot animation. This also means anaconda won't put +# rhgb/quiet on kernel command line -plymouth + # noswap on Cloud for now -zram-generator-defaults - %end +##### end package list ############################################### From ce6d9afeadc47cc64363f102bc9223d291483e5d Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Sep 04 2020 17:46:12 +0000 Subject: [PATCH 5/7] cloud: move firewalld remove to package list It works in the package list so let's remove it there so it never gets installed in the first place rather than the dnf erase hack we have now. (cherry picked from commit f4c7f67ece79b624af62ffc8fb777954e5592dfd) --- diff --git a/fedora-cloud-base.ks b/fedora-cloud-base.ks index 0a7d13f..0f627db 100644 --- a/fedora-cloud-base.ks +++ b/fedora-cloud-base.ks @@ -67,6 +67,9 @@ kernel-core # rhgb/quiet on kernel command line -plymouth +# No need for firewalld for now. We don't have a firewall on by default. +-firewalld + # noswap on Cloud for now -zram-generator-defaults %end @@ -83,16 +86,6 @@ kernel-core echo "Removing linux-firmware package." rpm -e linux-firmware -# Remove firewalld; was supposed to be optional in F18+, but is pulled in -# in install/image building. -echo "Removing firewalld." -# FIXME! clean_requirements_on_remove is the default with DNF, but may -# not work when package was installed by Anaconda instead of command line. -# Also -- check if this is still even needed with new anaconda -- disabled -# firewall should _not_ pull in this package. -# dnf -C -y remove "firewalld*" --setopt="clean_requirements_on_remove=1" -dnf -C -y erase "firewalld*" - echo "Removing random-seed so it's not the same in every image." rm -f /var/lib/systemd/random-seed From 19322f31e08298e53edf2874505ce3ebc2e2871b Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Sep 04 2020 17:46:13 +0000 Subject: [PATCH 6/7] cloud: update comments and minor rework for kspost This should make things a little clearer. (cherry picked from commit 99f3ec5d72482f76a19bef54e1cd028fbbe8f69d) --- diff --git a/fedora-cloud-base.ks b/fedora-cloud-base.ks index 0f627db..1b348f4 100644 --- a/fedora-cloud-base.ks +++ b/fedora-cloud-base.ks @@ -76,16 +76,20 @@ kernel-core ##### end package list ############################################### - +##### begin kickstart post ########################################### %post --erroronfail - -# this is installed by default but we don't need it in virt -# Commenting out the following for #1234504 -# rpm works just fine for removing this, no idea why dnf can't cope +# linux-firmware is installed by default and is quite large. As of mid 2020: +# Total download size: 97 M +# Installed size: 268 M +# So far we've been fine shipping without it so let's continue. +# More discussion about this in #1234504. echo "Removing linux-firmware package." rpm -e linux-firmware +# See the systemd-random-seed.service man page that says: +# " It is recommended to remove the random seed from OS images intended +# for replication on multiple systems" echo "Removing random-seed so it's not the same in every image." rm -f /var/lib/systemd/random-seed @@ -105,10 +109,8 @@ echo "(Don't worry -- that out-of-space error was expected.)" echo "Cleanup leftover networking configuration" rm -f /etc/NetworkManager/system-connections/*.nmconnection -# Remove machine-id on pre generated images -rm -f /etc/machine-id -touch /etc/machine-id - +# Clear machine-id on pre generated images +truncate -s 0 /etc/machine-id %end - +##### end kickstart post ############################################ From 2b7b36d5fc7c2608a1c8ceb397a649921a555ac4 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Sep 04 2020 17:46:13 +0000 Subject: [PATCH 7/7] cloud: remove geolite2 packages These collectively have 66MiB of data in /usr/share/GeoIP. Let's drop it for now. (cherry picked from commit a7f917759994ba4ad7ae2fa3dd395a8025b628f5) --- diff --git a/fedora-cloud-base.ks b/fedora-cloud-base.ks index 1b348f4..5bc1078 100644 --- a/fedora-cloud-base.ks +++ b/fedora-cloud-base.ks @@ -72,6 +72,11 @@ kernel-core # noswap on Cloud for now -zram-generator-defaults + +# Don't include the geolite2 databases, which end up with 66MiB +# in /usr/share/GeoIP +-geolite2-country +-geolite2-city %end ##### end package list ###############################################