forked from sig_core/kickstarts
add templates for 9
This commit is contained in:
parent
d0a6592667
commit
6f1d80059d
23 changed files with 1909 additions and 0 deletions
165
cloud/rocky-azure-base.ks
Normal file
165
cloud/rocky-azure-base.ks
Normal file
|
@ -0,0 +1,165 @@
|
||||||
|
%include rocky-cloud-base.ks
|
||||||
|
%include rocky-cloud-parts-base.ks
|
||||||
|
%include rocky-cloud-azure-packages.ks
|
||||||
|
|
||||||
|
bootloader --append="rootdelay=300 console=ttyS0 earlyprintk=ttyS0 no_timer_check crashkernel=auto net.ifnames=0" --location=mbr --timeout=1
|
||||||
|
|
||||||
|
%post --erroronfail
|
||||||
|
passwd -d root
|
||||||
|
passwd -l root
|
||||||
|
|
||||||
|
# Attempting to force legacy BIOS boot if we boot from UEFI
|
||||||
|
if [ "$(arch)" = "x86_64" ]; then
|
||||||
|
dnf install grub2-pc-modules grub2-pc -y
|
||||||
|
grub2-install --target=i386-pc /dev/vda
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Ensure that the pmbr_boot flag is off
|
||||||
|
parted /dev/vda disk_set pmbr_boot off
|
||||||
|
|
||||||
|
# Common Cloud Tweaks
|
||||||
|
# setup systemd to boot to the right runlevel
|
||||||
|
rm -f /etc/systemd/system/default.target
|
||||||
|
ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
|
||||||
|
echo .
|
||||||
|
|
||||||
|
# remove linux-firmware as we're virt and it's half a gig
|
||||||
|
dnf -C -y remove linux-firmware
|
||||||
|
|
||||||
|
# Remove firewalld; it is required to be present for install/image building.
|
||||||
|
# but we dont ship it in cloud
|
||||||
|
dnf -C -y remove firewalld --setopt="clean_requirements_on_remove=1"
|
||||||
|
dnf -C -y remove avahi\*
|
||||||
|
sed -i '/^#NAutoVTs=.*/ a\
|
||||||
|
NAutoVTs=0' /etc/systemd/logind.conf
|
||||||
|
|
||||||
|
echo "virtual-guest" > /etc/tuned/active_profile
|
||||||
|
|
||||||
|
cat << EOF | tee -a /etc/NetworkManager/conf.d/dhcp-timeout.conf
|
||||||
|
# Configure dhcp timeout to 300s by default
|
||||||
|
[connection]
|
||||||
|
ipv4.dhcp-timeout=300
|
||||||
|
EOF
|
||||||
|
|
||||||
|
cat > /etc/sysconfig/network << EOF
|
||||||
|
NETWORKING=yes
|
||||||
|
NOZEROCONF=yes
|
||||||
|
EOF
|
||||||
|
|
||||||
|
# Remove build-time resolvers to fix #16948
|
||||||
|
truncate -s 0 /etc/resolv.conf
|
||||||
|
|
||||||
|
# generic localhost names
|
||||||
|
cat > /etc/hosts << EOF
|
||||||
|
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
|
||||||
|
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
|
||||||
|
|
||||||
|
EOF
|
||||||
|
echo .
|
||||||
|
|
||||||
|
# azure settings
|
||||||
|
# Configure waagent for cloud-init
|
||||||
|
sed -i 's/Provisioning.UseCloudInit=n/Provisioning.UseCloudInit=y/g' /etc/waagent.conf
|
||||||
|
sed -i 's/Provisioning.Enabled=y/Provisioning.Enabled=n/g' /etc/waagent.conf
|
||||||
|
|
||||||
|
# Azure: handle sr-iov and networkmanaeger
|
||||||
|
cat << EOF | tee -a /etc/udev/rules.d/68-azure-sriov-nm-unmanaged.rules
|
||||||
|
# Accelerated Networking on Azure exposes a new SRIOV interface to the VM.
|
||||||
|
# This interface is transparently bonded to the synthetic interface,
|
||||||
|
# so NetworkManager should just ignore any SRIOV interfaces.
|
||||||
|
SUBSYSTEM=="net", DRIVERS=="hv_pci", ACTION=="add", ENV{NM_UNMANAGED}="1"
|
||||||
|
EOF
|
||||||
|
|
||||||
|
# Azure: Time sync for linux
|
||||||
|
## Setup udev rule for ptp_hyperv
|
||||||
|
cat << EOF | tee -a /etc/udev/rules.d/98-hyperv-ptp.rules
|
||||||
|
## See: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/time-sync#check-for-ptp-clock-source
|
||||||
|
SUBSYSTEM=="ptp", ATTR{clock_name}=="hyperv", SYMLINK += "ptp_hyperv"
|
||||||
|
EOF
|
||||||
|
|
||||||
|
# Configure chrony to use ptp_hyperv
|
||||||
|
cat << EOF | tee -a /etc/chrony.conf
|
||||||
|
# Setup hyperv PTP device as refclock
|
||||||
|
refclock PHC /dev/ptp_hyperv poll 3 dpoll -2 offset 0 stratum 2
|
||||||
|
EOF
|
||||||
|
|
||||||
|
# Azure: Blacklist modules
|
||||||
|
cat << EOF | tee -a /etc/modprobe.d/azure-blacklist.conf
|
||||||
|
blacklist amdgpu
|
||||||
|
blacklist nouveau
|
||||||
|
blacklist radeon
|
||||||
|
EOF
|
||||||
|
|
||||||
|
# Azure: cloud-init customizations for Hyperv
|
||||||
|
cat << EOF | tee /etc/cloud/cloud.cfg.d/10-azure-kvp.cfg
|
||||||
|
# Enable logging to the Hyper-V kvp in Azure
|
||||||
|
reporting:
|
||||||
|
logging:
|
||||||
|
type: log
|
||||||
|
telemetry:
|
||||||
|
type: hyperv
|
||||||
|
EOF
|
||||||
|
|
||||||
|
# Kernel and Drivers
|
||||||
|
# Add drivers when building in VMWare, Vbox, or KVM (KVM)
|
||||||
|
cat << EOF | tee -a /etc/dracut.conf.d/80-azure.conf
|
||||||
|
add_drivers+=" hv_vmbus hv_netvsc hv_storvsc "
|
||||||
|
EOF
|
||||||
|
|
||||||
|
dracut -f -v
|
||||||
|
|
||||||
|
cat <<EOL > /etc/sysconfig/kernel
|
||||||
|
# UPDATEDEFAULT specifies if new-kernel-pkg should make
|
||||||
|
# new kernels the default
|
||||||
|
UPDATEDEFAULT=yes
|
||||||
|
|
||||||
|
# DEFAULTKERNEL specifies the default kernel package type
|
||||||
|
DEFAULTKERNEL=kernel
|
||||||
|
EOL
|
||||||
|
|
||||||
|
# make sure firstboot doesn't start
|
||||||
|
echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot
|
||||||
|
|
||||||
|
# rocky cloud user
|
||||||
|
sed -i 's/name: cloud-user/name: rocky/g' /etc/cloud/cloud.cfg
|
||||||
|
echo -e 'rocky\tALL=(ALL)\tNOPASSWD: ALL' >> /etc/sudoers
|
||||||
|
|
||||||
|
# this shouldn't be the case, but we'll do it anyway
|
||||||
|
sed -i 's|^enabled=1|enabled=0|' /etc/yum/pluginconf.d/product-id.conf
|
||||||
|
sed -i 's|^enabled=1|enabled=0|' /etc/yum/pluginconf.d/subscription-manager.conf
|
||||||
|
|
||||||
|
dnf clean all
|
||||||
|
truncate -c -s 0 /var/log/dnf.log
|
||||||
|
|
||||||
|
# XXX instance type markers - MUST match Rocky Infra expectation
|
||||||
|
echo 'azure' > /etc/yum/vars/infra
|
||||||
|
|
||||||
|
# Azure Cleanup
|
||||||
|
sudo rm -f /var/log/waagent.log
|
||||||
|
sudo cloud-init clean
|
||||||
|
waagent -force -deprovision+user
|
||||||
|
|
||||||
|
# Common cleanup
|
||||||
|
rm -f ~/.bash_history
|
||||||
|
export HISTSIZE=0
|
||||||
|
|
||||||
|
rm -f /var/lib/systemd/random-seed
|
||||||
|
rm -rf /root/anaconda-ks.cfg
|
||||||
|
rm -rf /root/install.log
|
||||||
|
rm -rf /root/install.log.syslog
|
||||||
|
rm -rf "/var/lib/yum/*"
|
||||||
|
rm -rf "/var/log/anaconda*"
|
||||||
|
rm -rf /var/log/yum.log
|
||||||
|
|
||||||
|
# Wipe machineid
|
||||||
|
cat /dev/null > /etc/machine-id
|
||||||
|
|
||||||
|
# Fix selinux
|
||||||
|
touch /var/log/cron
|
||||||
|
touch /var/log/boot.log
|
||||||
|
mkdir -p /var/cache/yum
|
||||||
|
/usr/sbin/fixfiles -R -a restore
|
||||||
|
|
||||||
|
true
|
||||||
|
|
||||||
|
%end
|
165
cloud/rocky-azure-lvm.ks
Normal file
165
cloud/rocky-azure-lvm.ks
Normal file
|
@ -0,0 +1,165 @@
|
||||||
|
%include rocky-cloud-base.ks
|
||||||
|
%include rocky-cloud-parts-lvm.ks
|
||||||
|
%include rocky-cloud-azure-packages.ks
|
||||||
|
|
||||||
|
bootloader --append="rootdelay=300 console=ttyS0 earlyprintk=ttyS0 no_timer_check crashkernel=auto net.ifnames=0" --location=mbr --timeout=1
|
||||||
|
|
||||||
|
%post --erroronfail
|
||||||
|
passwd -d root
|
||||||
|
passwd -l root
|
||||||
|
|
||||||
|
# Attempting to force legacy BIOS boot if we boot from UEFI
|
||||||
|
if [ "$(arch)" = "x86_64" ]; then
|
||||||
|
dnf install grub2-pc-modules grub2-pc -y
|
||||||
|
grub2-install --target=i386-pc /dev/vda
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Ensure that the pmbr_boot flag is off
|
||||||
|
parted /dev/vda disk_set pmbr_boot off
|
||||||
|
|
||||||
|
# Common Cloud Tweaks
|
||||||
|
# setup systemd to boot to the right runlevel
|
||||||
|
rm -f /etc/systemd/system/default.target
|
||||||
|
ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
|
||||||
|
echo .
|
||||||
|
|
||||||
|
# remove linux-firmware as we're virt and it's half a gig
|
||||||
|
dnf -C -y remove linux-firmware
|
||||||
|
|
||||||
|
# Remove firewalld; it is required to be present for install/image building.
|
||||||
|
# but we dont ship it in cloud
|
||||||
|
dnf -C -y remove firewalld --setopt="clean_requirements_on_remove=1"
|
||||||
|
dnf -C -y remove avahi\*
|
||||||
|
sed -i '/^#NAutoVTs=.*/ a\
|
||||||
|
NAutoVTs=0' /etc/systemd/logind.conf
|
||||||
|
|
||||||
|
echo "virtual-guest" > /etc/tuned/active_profile
|
||||||
|
|
||||||
|
cat << EOF | tee -a /etc/NetworkManager/conf.d/dhcp-timeout.conf
|
||||||
|
# Configure dhcp timeout to 300s by default
|
||||||
|
[connection]
|
||||||
|
ipv4.dhcp-timeout=300
|
||||||
|
EOF
|
||||||
|
|
||||||
|
cat > /etc/sysconfig/network << EOF
|
||||||
|
NETWORKING=yes
|
||||||
|
NOZEROCONF=yes
|
||||||
|
EOF
|
||||||
|
|
||||||
|
# Remove build-time resolvers to fix #16948
|
||||||
|
truncate -s 0 /etc/resolv.conf
|
||||||
|
|
||||||
|
# generic localhost names
|
||||||
|
cat > /etc/hosts << EOF
|
||||||
|
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
|
||||||
|
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
|
||||||
|
|
||||||
|
EOF
|
||||||
|
echo .
|
||||||
|
|
||||||
|
# azure settings
|
||||||
|
# Configure waagent for cloud-init
|
||||||
|
sed -i 's/Provisioning.UseCloudInit=n/Provisioning.UseCloudInit=y/g' /etc/waagent.conf
|
||||||
|
sed -i 's/Provisioning.Enabled=y/Provisioning.Enabled=n/g' /etc/waagent.conf
|
||||||
|
|
||||||
|
# Azure: handle sr-iov and networkmanaeger
|
||||||
|
cat << EOF | tee -a /etc/udev/rules.d/68-azure-sriov-nm-unmanaged.rules
|
||||||
|
# Accelerated Networking on Azure exposes a new SRIOV interface to the VM.
|
||||||
|
# This interface is transparently bonded to the synthetic interface,
|
||||||
|
# so NetworkManager should just ignore any SRIOV interfaces.
|
||||||
|
SUBSYSTEM=="net", DRIVERS=="hv_pci", ACTION=="add", ENV{NM_UNMANAGED}="1"
|
||||||
|
EOF
|
||||||
|
|
||||||
|
# Azure: Time sync for linux
|
||||||
|
## Setup udev rule for ptp_hyperv
|
||||||
|
cat << EOF | tee -a /etc/udev/rules.d/98-hyperv-ptp.rules
|
||||||
|
## See: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/time-sync#check-for-ptp-clock-source
|
||||||
|
SUBSYSTEM=="ptp", ATTR{clock_name}=="hyperv", SYMLINK += "ptp_hyperv"
|
||||||
|
EOF
|
||||||
|
|
||||||
|
# Configure chrony to use ptp_hyperv
|
||||||
|
cat << EOF | tee -a /etc/chrony.conf
|
||||||
|
# Setup hyperv PTP device as refclock
|
||||||
|
refclock PHC /dev/ptp_hyperv poll 3 dpoll -2 offset 0 stratum 2
|
||||||
|
EOF
|
||||||
|
|
||||||
|
# Azure: Blacklist modules
|
||||||
|
cat << EOF | tee -a /etc/modprobe.d/azure-blacklist.conf
|
||||||
|
blacklist amdgpu
|
||||||
|
blacklist nouveau
|
||||||
|
blacklist radeon
|
||||||
|
EOF
|
||||||
|
|
||||||
|
# Azure: cloud-init customizations for Hyperv
|
||||||
|
cat << EOF | tee /etc/cloud/cloud.cfg.d/10-azure-kvp.cfg
|
||||||
|
# Enable logging to the Hyper-V kvp in Azure
|
||||||
|
reporting:
|
||||||
|
logging:
|
||||||
|
type: log
|
||||||
|
telemetry:
|
||||||
|
type: hyperv
|
||||||
|
EOF
|
||||||
|
|
||||||
|
# Kernel and Drivers
|
||||||
|
# Add drivers when building in VMWare, Vbox, or KVM (KVM)
|
||||||
|
cat << EOF | tee -a /etc/dracut.conf.d/80-azure.conf
|
||||||
|
add_drivers+=" hv_vmbus hv_netvsc hv_storvsc "
|
||||||
|
EOF
|
||||||
|
|
||||||
|
dracut -f -v
|
||||||
|
|
||||||
|
cat <<EOL > /etc/sysconfig/kernel
|
||||||
|
# UPDATEDEFAULT specifies if new-kernel-pkg should make
|
||||||
|
# new kernels the default
|
||||||
|
UPDATEDEFAULT=yes
|
||||||
|
|
||||||
|
# DEFAULTKERNEL specifies the default kernel package type
|
||||||
|
DEFAULTKERNEL=kernel
|
||||||
|
EOL
|
||||||
|
|
||||||
|
# make sure firstboot doesn't start
|
||||||
|
echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot
|
||||||
|
|
||||||
|
# rocky cloud user
|
||||||
|
sed -i 's/name: cloud-user/name: rocky/g' /etc/cloud/cloud.cfg
|
||||||
|
echo -e 'rocky\tALL=(ALL)\tNOPASSWD: ALL' >> /etc/sudoers
|
||||||
|
|
||||||
|
# this shouldn't be the case, but we'll do it anyway
|
||||||
|
sed -i 's|^enabled=1|enabled=0|' /etc/yum/pluginconf.d/product-id.conf
|
||||||
|
sed -i 's|^enabled=1|enabled=0|' /etc/yum/pluginconf.d/subscription-manager.conf
|
||||||
|
|
||||||
|
dnf clean all
|
||||||
|
truncate -c -s 0 /var/log/dnf.log
|
||||||
|
|
||||||
|
# XXX instance type markers - MUST match Rocky Infra expectation
|
||||||
|
echo 'azure' > /etc/yum/vars/infra
|
||||||
|
|
||||||
|
# Azure Cleanup
|
||||||
|
sudo rm -f /var/log/waagent.log
|
||||||
|
sudo cloud-init clean
|
||||||
|
waagent -force -deprovision+user
|
||||||
|
|
||||||
|
# Common cleanup
|
||||||
|
rm -f ~/.bash_history
|
||||||
|
export HISTSIZE=0
|
||||||
|
|
||||||
|
rm -f /var/lib/systemd/random-seed
|
||||||
|
rm -rf /root/anaconda-ks.cfg
|
||||||
|
rm -rf /root/install.log
|
||||||
|
rm -rf /root/install.log.syslog
|
||||||
|
rm -rf "/var/lib/yum/*"
|
||||||
|
rm -rf "/var/log/anaconda*"
|
||||||
|
rm -rf /var/log/yum.log
|
||||||
|
|
||||||
|
# Wipe machineid
|
||||||
|
cat /dev/null > /etc/machine-id
|
||||||
|
|
||||||
|
# Fix selinux
|
||||||
|
touch /var/log/cron
|
||||||
|
touch /var/log/boot.log
|
||||||
|
mkdir -p /var/cache/yum
|
||||||
|
/usr/sbin/fixfiles -R -a restore
|
||||||
|
|
||||||
|
true
|
||||||
|
|
||||||
|
%end
|
55
cloud/rocky-cloud-azure-packages.ks
Normal file
55
cloud/rocky-cloud-azure-packages.ks
Normal file
|
@ -0,0 +1,55 @@
|
||||||
|
%packages
|
||||||
|
@core
|
||||||
|
rocky-release
|
||||||
|
kernel
|
||||||
|
yum-utils
|
||||||
|
-aic94xx-firmware
|
||||||
|
-alsa-firmware
|
||||||
|
-alsa-lib
|
||||||
|
-alsa-tools-firmware
|
||||||
|
-ivtv-firmware
|
||||||
|
-iwl1000-firmware
|
||||||
|
-iwl100-firmware
|
||||||
|
-iwl105-firmware
|
||||||
|
-iwl135-firmware
|
||||||
|
-iwl2000-firmware
|
||||||
|
-iwl2030-firmware
|
||||||
|
-iwl3160-firmware
|
||||||
|
-iwl3945-firmware
|
||||||
|
-iwl4965-firmware
|
||||||
|
-iwl5000-firmware
|
||||||
|
-iwl5150-firmware
|
||||||
|
-iwl6000-firmware
|
||||||
|
-iwl6000g2a-firmware
|
||||||
|
-iwl6000g2b-firmware
|
||||||
|
-iwl6050-firmware
|
||||||
|
-iwl7260-firmware
|
||||||
|
-libertas-sd8686-firmware
|
||||||
|
-libertas-sd8787-firmware
|
||||||
|
-libertas-usb8388-firmware
|
||||||
|
|
||||||
|
cloud-init
|
||||||
|
cloud-utils-growpart
|
||||||
|
gdisk
|
||||||
|
dracut-config-generic
|
||||||
|
grub2
|
||||||
|
firewalld
|
||||||
|
|
||||||
|
# some stuff that's missing from core or explicitly setting
|
||||||
|
tar
|
||||||
|
rsync
|
||||||
|
dhcp-client
|
||||||
|
NetworkManager
|
||||||
|
rng-tools
|
||||||
|
dnf-utils
|
||||||
|
chrony
|
||||||
|
WALinuxAgent
|
||||||
|
hyperv-daemons
|
||||||
|
|
||||||
|
-biosdevname
|
||||||
|
-plymouth
|
||||||
|
-iprutils
|
||||||
|
-langpacks-*
|
||||||
|
-langpacks-en
|
||||||
|
-qemu-guest-agent
|
||||||
|
%end
|
58
cloud/rocky-cloud-base-packages.ks
Normal file
58
cloud/rocky-cloud-base-packages.ks
Normal file
|
@ -0,0 +1,58 @@
|
||||||
|
%packages
|
||||||
|
@core
|
||||||
|
rocky-release
|
||||||
|
dnf
|
||||||
|
kernel
|
||||||
|
yum
|
||||||
|
nfs-utils
|
||||||
|
dnf-utils
|
||||||
|
hostname
|
||||||
|
-aic94xx-firmware
|
||||||
|
-alsa-firmware
|
||||||
|
-alsa-lib
|
||||||
|
-alsa-tools-firmware
|
||||||
|
-ivtv-firmware
|
||||||
|
-iwl1000-firmware
|
||||||
|
-iwl100-firmware
|
||||||
|
-iwl105-firmware
|
||||||
|
-iwl135-firmware
|
||||||
|
-iwl2000-firmware
|
||||||
|
-iwl2030-firmware
|
||||||
|
-iwl3160-firmware
|
||||||
|
-iwl3945-firmware
|
||||||
|
-iwl4965-firmware
|
||||||
|
-iwl5000-firmware
|
||||||
|
-iwl5150-firmware
|
||||||
|
-iwl6000-firmware
|
||||||
|
-iwl6000g2a-firmware
|
||||||
|
-iwl6000g2b-firmware
|
||||||
|
-iwl6050-firmware
|
||||||
|
-iwl7260-firmware
|
||||||
|
-libertas-sd8686-firmware
|
||||||
|
-libertas-sd8787-firmware
|
||||||
|
-libertas-usb8388-firmware
|
||||||
|
|
||||||
|
cloud-init
|
||||||
|
cloud-utils-growpart
|
||||||
|
python3-jsonschema
|
||||||
|
dracut-config-generic
|
||||||
|
-dracut-config-rescue
|
||||||
|
firewalld
|
||||||
|
|
||||||
|
# some stuff that's missing from core or things we want
|
||||||
|
tar
|
||||||
|
tcpdump
|
||||||
|
rsync
|
||||||
|
rng-tools
|
||||||
|
cockpit-ws
|
||||||
|
cockpit-system
|
||||||
|
qemu-guest-agent
|
||||||
|
virt-what
|
||||||
|
|
||||||
|
-biosdevname
|
||||||
|
-plymouth
|
||||||
|
-iprutils
|
||||||
|
# Fixes an s390x issue
|
||||||
|
#-langpacks-*
|
||||||
|
-langpacks-en
|
||||||
|
%end
|
16
cloud/rocky-cloud-base.ks
Normal file
16
cloud/rocky-cloud-base.ks
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
text
|
||||||
|
lang en_US.UTF-8
|
||||||
|
keyboard us
|
||||||
|
timezone --utc UTC
|
||||||
|
# Disk
|
||||||
|
auth --enableshadow --passalgo=sha512
|
||||||
|
selinux --enforcing
|
||||||
|
firewall --enabled --service=ssh
|
||||||
|
firstboot --disable
|
||||||
|
# Network information
|
||||||
|
network --bootproto=dhcp --device=link --activate --onboot=on
|
||||||
|
# Root password
|
||||||
|
services --disabled="kdump,rhsmcertd" --enabled="NetworkManager,sshd,rsyslog,chronyd,cloud-init,cloud-init-local,cloud-config,cloud-final,rngd"
|
||||||
|
rootpw --iscrypted thereisnopasswordanditslocked
|
||||||
|
url --url https://download.rockylinux.org/stg/rocky/9/BaseOS/$basearch/os/
|
||||||
|
shutdown
|
60
cloud/rocky-cloud-ocp-packages.ks
Normal file
60
cloud/rocky-cloud-ocp-packages.ks
Normal file
|
@ -0,0 +1,60 @@
|
||||||
|
%packages
|
||||||
|
@core
|
||||||
|
chrony
|
||||||
|
dnf
|
||||||
|
yum
|
||||||
|
cloud-init
|
||||||
|
cloud-utils-growpart
|
||||||
|
NetworkManager
|
||||||
|
dracut-config-generic
|
||||||
|
firewalld
|
||||||
|
gdisk
|
||||||
|
grub2
|
||||||
|
kernel
|
||||||
|
nfs-utils
|
||||||
|
rsync
|
||||||
|
tar
|
||||||
|
dnf-utils
|
||||||
|
yum-utils
|
||||||
|
-aic94xx-firmware
|
||||||
|
-alsa-firmware
|
||||||
|
-alsa-lib
|
||||||
|
-alsa-tools-firmware
|
||||||
|
-ivtv-firmware
|
||||||
|
-iwl100-firmware
|
||||||
|
-iwl1000-firmware
|
||||||
|
-iwl105-firmware
|
||||||
|
-iwl135-firmware
|
||||||
|
-iwl2000-firmware
|
||||||
|
-iwl2030-firmware
|
||||||
|
-iwl3160-firmware
|
||||||
|
-iwl3945-firmware
|
||||||
|
-iwl4965-firmware
|
||||||
|
-iwl5000-firmware
|
||||||
|
-iwl5150-firmware
|
||||||
|
-iwl6000-firmware
|
||||||
|
-iwl6000g2a-firmware
|
||||||
|
-iwl6000g2b-firmware
|
||||||
|
-iwl6050-firmware
|
||||||
|
-iwl7260-firmware
|
||||||
|
-libertas-sd8686-firmware
|
||||||
|
-libertas-sd8787-firmware
|
||||||
|
-libertas-usb8388-firmware
|
||||||
|
-biosdevname
|
||||||
|
-iprutils
|
||||||
|
-plymouth
|
||||||
|
|
||||||
|
python3-jsonschema
|
||||||
|
qemu-guest-agent
|
||||||
|
dhcp-client
|
||||||
|
cockpit-ws
|
||||||
|
cockpit-system
|
||||||
|
-langpacks-*
|
||||||
|
-langpacks-en
|
||||||
|
|
||||||
|
|
||||||
|
iscsi-initiator-utils
|
||||||
|
|
||||||
|
rocky-release
|
||||||
|
rng-tools
|
||||||
|
%end
|
10
cloud/rocky-cloud-parts-base.ks
Normal file
10
cloud/rocky-cloud-parts-base.ks
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
zerombr
|
||||||
|
clearpart --all --initlabel --disklabel=gpt
|
||||||
|
#reqpart
|
||||||
|
# This should allow BIOS, UEFI, and PReP booting. Trying to be as universal as
|
||||||
|
# possible. This is a similar setup to Fedora without the btrfs.
|
||||||
|
part prepboot --size=4 --fstype=prepboot --asprimary
|
||||||
|
part biosboot --size=1 --fstype=biosboot --asprimary
|
||||||
|
part /boot/efi --size=100 --fstype=efi --asprimary
|
||||||
|
part /boot --size=1000 --fstype=xfs --asprimary --label=boot
|
||||||
|
part / --size=8000 --fstype="xfs" --mkfsoptions "-m bigtime=0,inobtcount=0"
|
13
cloud/rocky-cloud-parts-lvm.ks
Normal file
13
cloud/rocky-cloud-parts-lvm.ks
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
zerombr
|
||||||
|
clearpart --all --initlabel --disklabel=gpt
|
||||||
|
#reqpart
|
||||||
|
# This should allow BIOS, UEFI, and PReP booting. Trying to be as universal as
|
||||||
|
# possible. This is a similar setup to Fedora without the btrfs.
|
||||||
|
part prepboot --size=4 --fstype=prepboot --asprimary
|
||||||
|
part biosboot --size=1 --fstype=biosboot --asprimary
|
||||||
|
part /boot/efi --size=100 --fstype=efi --asprimary
|
||||||
|
part /boot --size=1000 --fstype=xfs --asprimary --label=boot
|
||||||
|
part pv.01 --size=1 --ondisk=vda --grow
|
||||||
|
|
||||||
|
volgroup rocky pv.01
|
||||||
|
logvol / --vgname=rocky --size=8000 --name=root --grow --mkfsoptions "-m bigtime=0,inobtcount=0"
|
132
cloud/rocky-ec2-base.ks
Normal file
132
cloud/rocky-ec2-base.ks
Normal file
|
@ -0,0 +1,132 @@
|
||||||
|
%include rocky-cloud-base.ks
|
||||||
|
%include rocky-cloud-parts-base.ks
|
||||||
|
%include rocky-cloud-base-packages.ks
|
||||||
|
|
||||||
|
bootloader --append="console=ttyS0,115200n8 console=tty0 net.ifnames=0 rd.blacklist=nouveau nvme_core.io_timeout=4294967295" --location=mbr --timeout=1
|
||||||
|
|
||||||
|
%post --erroronfail
|
||||||
|
passwd -d root
|
||||||
|
passwd -l root
|
||||||
|
|
||||||
|
# Attempting to force legacy BIOS boot if we boot from UEFI
|
||||||
|
if [ "$(arch)" = "x86_64" ]; then
|
||||||
|
dnf install grub2-pc-modules grub2-pc -y
|
||||||
|
grub2-install --target=i386-pc /dev/vda
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Ensure that the pmbr_boot flag is off
|
||||||
|
parted /dev/vda disk_set pmbr_boot off
|
||||||
|
|
||||||
|
# setup systemd to boot to the right runlevel
|
||||||
|
rm -f /etc/systemd/system/default.target
|
||||||
|
ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
|
||||||
|
echo .
|
||||||
|
|
||||||
|
dnf -C -y remove linux-firmware
|
||||||
|
|
||||||
|
# Remove firewalld; it is required to be present for install/image building.
|
||||||
|
# but we dont ship it in cloud
|
||||||
|
dnf -C -y remove firewalld --setopt="clean_requirements_on_remove=1"
|
||||||
|
dnf -C -y remove avahi\*
|
||||||
|
sed -i '/^#NAutoVTs=.*/ a\
|
||||||
|
NAutoVTs=0' /etc/systemd/logind.conf
|
||||||
|
|
||||||
|
cat > /etc/sysconfig/network << EOF
|
||||||
|
NETWORKING=yes
|
||||||
|
NOZEROCONF=yes
|
||||||
|
EOF
|
||||||
|
|
||||||
|
# this should *really* be an empty file - gotta make anaconda happy
|
||||||
|
truncate -s 0 /etc/resolv.conf
|
||||||
|
|
||||||
|
# For cloud images, 'eth0' _is_ the predictable device name, since
|
||||||
|
# we don't want to be tied to specific virtual (!) hardware
|
||||||
|
rm -f /etc/udev/rules.d/70*
|
||||||
|
ln -s /dev/null /etc/udev/rules.d/80-net-name-slot.rules
|
||||||
|
|
||||||
|
# simple eth0 config, again not hard-coded to the build hardware
|
||||||
|
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
|
||||||
|
DEVICE="eth0"
|
||||||
|
BOOTPROTO="dhcp"
|
||||||
|
ONBOOT="yes"
|
||||||
|
TYPE="Ethernet"
|
||||||
|
USERCTL="yes"
|
||||||
|
PEERDNS="yes"
|
||||||
|
IPV6INIT="no"
|
||||||
|
PERSISTENT_DHCLIENT="1"
|
||||||
|
EOF
|
||||||
|
|
||||||
|
# generic localhost names
|
||||||
|
cat > /etc/hosts << EOF
|
||||||
|
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
|
||||||
|
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
|
||||||
|
|
||||||
|
EOF
|
||||||
|
echo .
|
||||||
|
|
||||||
|
cat <<EOL > /etc/sysconfig/kernel
|
||||||
|
# UPDATEDEFAULT specifies if new-kernel-pkg should make
|
||||||
|
# new kernels the default
|
||||||
|
UPDATEDEFAULT=yes
|
||||||
|
|
||||||
|
# DEFAULTKERNEL specifies the default kernel package type
|
||||||
|
DEFAULTKERNEL=kernel
|
||||||
|
EOL
|
||||||
|
|
||||||
|
# make sure firstboot doesn't start
|
||||||
|
echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot
|
||||||
|
|
||||||
|
if ! grep -q growpart /etc/cloud/cloud.cfg; then
|
||||||
|
sed -i 's/ - resizefs/ - growpart\n - resizefs/' /etc/cloud/cloud.cfg
|
||||||
|
fi
|
||||||
|
|
||||||
|
# rocky cloud user
|
||||||
|
sed -i 's/name: cloud-user/name: rocky/g' /etc/cloud/cloud.cfg
|
||||||
|
echo -e 'rocky\tALL=(ALL)\tNOPASSWD: ALL' >> /etc/sudoers
|
||||||
|
|
||||||
|
# this shouldn't be the case, but we'll do it anyway
|
||||||
|
sed -i 's|^enabled=1|enabled=0|' /etc/yum/pluginconf.d/product-id.conf
|
||||||
|
sed -i 's|^enabled=1|enabled=0|' /etc/yum/pluginconf.d/subscription-manager.conf
|
||||||
|
|
||||||
|
dnf clean all
|
||||||
|
truncate -c -s 0 /var/log/dnf.log
|
||||||
|
|
||||||
|
# XXX instance type markers - MUST match Rocky Infra expectation
|
||||||
|
echo 'ec2' > /etc/yum/vars/infra
|
||||||
|
|
||||||
|
rm -rf /var/log/yum.log
|
||||||
|
rm -rf /var/lib/yum/*
|
||||||
|
rm -rf /root/install.log
|
||||||
|
rm -rf /root/install.log.syslog
|
||||||
|
rm -rf /root/anaconda-ks.cfg
|
||||||
|
rm -rf /var/log/anaconda*
|
||||||
|
|
||||||
|
touch /var/log/cron
|
||||||
|
touch /var/log/boot.log
|
||||||
|
mkdir -p /var/cache/yum
|
||||||
|
/usr/sbin/fixfiles -R -a restore
|
||||||
|
|
||||||
|
# remove these for ec2 debugging
|
||||||
|
sed -i -e 's/ rhgb quiet//' /boot/grub/grub.conf
|
||||||
|
|
||||||
|
cat > /etc/modprobe.d/blacklist-nouveau.conf << EOL
|
||||||
|
blacklist nouveau
|
||||||
|
EOL
|
||||||
|
|
||||||
|
# enable resizing on copied AMIs
|
||||||
|
echo 'install_items+=" sgdisk "' > /etc/dracut.conf.d/sgdisk.conf
|
||||||
|
|
||||||
|
echo 'add_drivers+=" xen-netfront xen-blkfront "' > /etc/dracut.conf.d/xen.conf
|
||||||
|
# Rerun dracut for the installed kernel (not the running kernel):
|
||||||
|
KERNEL_VERSION=$(rpm -q kernel --qf '%{V}-%{R}.%{arch}\n')
|
||||||
|
dracut -f /boot/initramfs-$KERNEL_VERSION.img $KERNEL_VERSION
|
||||||
|
|
||||||
|
cat /dev/null > /etc/machine-id
|
||||||
|
|
||||||
|
cat >> /etc/chrony.conf << EOF
|
||||||
|
|
||||||
|
# Amazon Time Sync Service
|
||||||
|
server 169.254.169.123 prefer iburst minpoll 4 maxpoll 4
|
||||||
|
EOF
|
||||||
|
|
||||||
|
%end
|
132
cloud/rocky-ec2-lvm.ks
Normal file
132
cloud/rocky-ec2-lvm.ks
Normal file
|
@ -0,0 +1,132 @@
|
||||||
|
%include rocky-cloud-base.ks
|
||||||
|
%include rocky-cloud-parts-base.ks
|
||||||
|
%include rocky-cloud-base-packages.ks
|
||||||
|
|
||||||
|
bootloader --append="console=ttyS0,115200n8 console=tty0 net.ifnames=0 rd.blacklist=nouveau nvme_core.io_timeout=4294967295" --location=mbr --timeout=1
|
||||||
|
|
||||||
|
%post --erroronfail
|
||||||
|
passwd -d root
|
||||||
|
passwd -l root
|
||||||
|
|
||||||
|
# Attempting to force legacy BIOS boot if we boot from UEFI
|
||||||
|
if [ "$(arch)" = "x86_64" ]; then
|
||||||
|
dnf install grub2-pc-modules grub2-pc -y
|
||||||
|
grub2-install --target=i386-pc /dev/vda
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Ensure that the pmbr_boot flag is off
|
||||||
|
parted /dev/vda disk_set pmbr_boot off
|
||||||
|
|
||||||
|
# setup systemd to boot to the right runlevel
|
||||||
|
rm -f /etc/systemd/system/default.target
|
||||||
|
ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
|
||||||
|
echo .
|
||||||
|
|
||||||
|
dnf -C -y remove linux-firmware
|
||||||
|
|
||||||
|
# Remove firewalld; it is required to be present for install/image building.
|
||||||
|
# but we dont ship it in cloud
|
||||||
|
dnf -C -y remove firewalld --setopt="clean_requirements_on_remove=1"
|
||||||
|
dnf -C -y remove avahi\*
|
||||||
|
sed -i '/^#NAutoVTs=.*/ a\
|
||||||
|
NAutoVTs=0' /etc/systemd/logind.conf
|
||||||
|
|
||||||
|
cat > /etc/sysconfig/network << EOF
|
||||||
|
NETWORKING=yes
|
||||||
|
NOZEROCONF=yes
|
||||||
|
EOF
|
||||||
|
|
||||||
|
# this should *really* be an empty file - gotta make anaconda happy
|
||||||
|
truncate -s 0 /etc/resolv.conf
|
||||||
|
|
||||||
|
# For cloud images, 'eth0' _is_ the predictable device name, since
|
||||||
|
# we don't want to be tied to specific virtual (!) hardware
|
||||||
|
rm -f /etc/udev/rules.d/70*
|
||||||
|
ln -s /dev/null /etc/udev/rules.d/80-net-name-slot.rules
|
||||||
|
|
||||||
|
# simple eth0 config, again not hard-coded to the build hardware
|
||||||
|
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
|
||||||
|
DEVICE="eth0"
|
||||||
|
BOOTPROTO="dhcp"
|
||||||
|
ONBOOT="yes"
|
||||||
|
TYPE="Ethernet"
|
||||||
|
USERCTL="yes"
|
||||||
|
PEERDNS="yes"
|
||||||
|
IPV6INIT="no"
|
||||||
|
PERSISTENT_DHCLIENT="1"
|
||||||
|
EOF
|
||||||
|
|
||||||
|
# generic localhost names
|
||||||
|
cat > /etc/hosts << EOF
|
||||||
|
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
|
||||||
|
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
|
||||||
|
|
||||||
|
EOF
|
||||||
|
echo .
|
||||||
|
|
||||||
|
cat <<EOL > /etc/sysconfig/kernel
|
||||||
|
# UPDATEDEFAULT specifies if new-kernel-pkg should make
|
||||||
|
# new kernels the default
|
||||||
|
UPDATEDEFAULT=yes
|
||||||
|
|
||||||
|
# DEFAULTKERNEL specifies the default kernel package type
|
||||||
|
DEFAULTKERNEL=kernel
|
||||||
|
EOL
|
||||||
|
|
||||||
|
# make sure firstboot doesn't start
|
||||||
|
echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot
|
||||||
|
|
||||||
|
if ! grep -q growpart /etc/cloud/cloud.cfg; then
|
||||||
|
sed -i 's/ - resizefs/ - growpart\n - resizefs/' /etc/cloud/cloud.cfg
|
||||||
|
fi
|
||||||
|
|
||||||
|
# rocky cloud user
|
||||||
|
sed -i 's/name: cloud-user/name: rocky/g' /etc/cloud/cloud.cfg
|
||||||
|
echo -e 'rocky\tALL=(ALL)\tNOPASSWD: ALL' >> /etc/sudoers
|
||||||
|
|
||||||
|
# this shouldn't be the case, but we'll do it anyway
|
||||||
|
sed -i 's|^enabled=1|enabled=0|' /etc/yum/pluginconf.d/product-id.conf
|
||||||
|
sed -i 's|^enabled=1|enabled=0|' /etc/yum/pluginconf.d/subscription-manager.conf
|
||||||
|
|
||||||
|
dnf clean all
|
||||||
|
truncate -c -s 0 /var/log/dnf.log
|
||||||
|
|
||||||
|
# XXX instance type markers - MUST match Rocky Infra expectation
|
||||||
|
echo 'ec2' > /etc/yum/vars/infra
|
||||||
|
|
||||||
|
rm -rf /var/log/yum.log
|
||||||
|
rm -rf /var/lib/yum/*
|
||||||
|
rm -rf /root/install.log
|
||||||
|
rm -rf /root/install.log.syslog
|
||||||
|
rm -rf /root/anaconda-ks.cfg
|
||||||
|
rm -rf /var/log/anaconda*
|
||||||
|
|
||||||
|
touch /var/log/cron
|
||||||
|
touch /var/log/boot.log
|
||||||
|
mkdir -p /var/cache/yum
|
||||||
|
/usr/sbin/fixfiles -R -a restore
|
||||||
|
|
||||||
|
# remove these for ec2 debugging
|
||||||
|
sed -i -e 's/ rhgb quiet//' /boot/grub/grub.conf
|
||||||
|
|
||||||
|
cat > /etc/modprobe.d/blacklist-nouveau.conf << EOL
|
||||||
|
blacklist nouveau
|
||||||
|
EOL
|
||||||
|
|
||||||
|
# enable resizing on copied AMIs
|
||||||
|
echo 'install_items+=" sgdisk "' > /etc/dracut.conf.d/sgdisk.conf
|
||||||
|
|
||||||
|
echo 'add_drivers+=" xen-netfront xen-blkfront "' > /etc/dracut.conf.d/xen.conf
|
||||||
|
# Rerun dracut for the installed kernel (not the running kernel):
|
||||||
|
KERNEL_VERSION=$(rpm -q kernel --qf '%{V}-%{R}.%{arch}\n')
|
||||||
|
dracut -f /boot/initramfs-$KERNEL_VERSION.img $KERNEL_VERSION
|
||||||
|
|
||||||
|
cat /dev/null > /etc/machine-id
|
||||||
|
|
||||||
|
cat >> /etc/chrony.conf << EOF
|
||||||
|
|
||||||
|
# Amazon Time Sync Service
|
||||||
|
server 169.254.169.123 prefer iburst minpoll 4 maxpoll 4
|
||||||
|
EOF
|
||||||
|
|
||||||
|
%end
|
127
cloud/rocky-genclo-base.ks
Normal file
127
cloud/rocky-genclo-base.ks
Normal file
|
@ -0,0 +1,127 @@
|
||||||
|
%include rocky-cloud-base.ks
|
||||||
|
%include rocky-cloud-parts-base.ks
|
||||||
|
%include rocky-cloud-base-packages.ks
|
||||||
|
|
||||||
|
bootloader --append="console=ttyS0,115200n8 no_timer_check crashkernel=auto net.ifnames=0" --location=mbr --timeout=1
|
||||||
|
|
||||||
|
%post --erroronfail
|
||||||
|
passwd -d root
|
||||||
|
passwd -l root
|
||||||
|
|
||||||
|
# Attempting to force legacy BIOS boot if we boot from UEFI
|
||||||
|
if [ "$(arch)" = "x86_64" ]; then
|
||||||
|
dnf install grub2-pc-modules grub2-pc -y
|
||||||
|
grub2-install --target=i386-pc /dev/vda
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Ensure that the pmbr_boot flag is off
|
||||||
|
parted /dev/vda disk_set pmbr_boot off
|
||||||
|
|
||||||
|
# setup systemd to boot to the right runlevel
|
||||||
|
rm -f /etc/systemd/system/default.target
|
||||||
|
ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
|
||||||
|
echo .
|
||||||
|
|
||||||
|
# we don't need this in virt
|
||||||
|
dnf -C -y remove linux-firmware
|
||||||
|
|
||||||
|
# Remove firewalld; it is required to be present for install/image building.
|
||||||
|
# but we dont ship it in cloud
|
||||||
|
dnf -C -y remove firewalld --setopt="clean_requirements_on_remove=1"
|
||||||
|
dnf -C -y remove avahi\*
|
||||||
|
sed -i '/^#NAutoVTs=.*/ a\
|
||||||
|
NAutoVTs=0' /etc/systemd/logind.conf
|
||||||
|
|
||||||
|
cat > /etc/sysconfig/network << EOF
|
||||||
|
NETWORKING=yes
|
||||||
|
NOZEROCONF=yes
|
||||||
|
EOF
|
||||||
|
|
||||||
|
# this should *really* be an empty file - gotta make anaconda happy
|
||||||
|
truncate -s 0 /etc/resolv.conf
|
||||||
|
|
||||||
|
# For cloud images, 'eth0' _is_ the predictable device name, since
|
||||||
|
# we don't want to be tied to specific virtual (!) hardware
|
||||||
|
rm -f /etc/udev/rules.d/70*
|
||||||
|
ln -s /dev/null /etc/udev/rules.d/80-net-name-slot.rules
|
||||||
|
rm -f /etc/sysconfig/network-scripts/ifcfg-*
|
||||||
|
|
||||||
|
# simple eth0 config, again not hard-coded to the build hardware
|
||||||
|
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
|
||||||
|
DEVICE="eth0"
|
||||||
|
BOOTPROTO="dhcp"
|
||||||
|
BOOTPROTOv6="dhcp"
|
||||||
|
ONBOOT="yes"
|
||||||
|
TYPE="Ethernet"
|
||||||
|
USERCTL="yes"
|
||||||
|
PEERDNS="yes"
|
||||||
|
IPV6INIT="yes"
|
||||||
|
PERSISTENT_DHCLIENT="1"
|
||||||
|
EOF
|
||||||
|
|
||||||
|
echo "virtual-guest" > /etc/tuned/active_profile
|
||||||
|
|
||||||
|
# generic localhost names
|
||||||
|
cat > /etc/hosts << EOF
|
||||||
|
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
|
||||||
|
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
|
||||||
|
|
||||||
|
EOF
|
||||||
|
echo .
|
||||||
|
|
||||||
|
#systemctl mask tmp.mount
|
||||||
|
|
||||||
|
cat <<EOL > /etc/sysconfig/kernel
|
||||||
|
# UPDATEDEFAULT specifies if new-kernel-pkg should make
|
||||||
|
# new kernels the default
|
||||||
|
UPDATEDEFAULT=yes
|
||||||
|
|
||||||
|
# DEFAULTKERNEL specifies the default kernel package type
|
||||||
|
DEFAULTKERNEL=kernel
|
||||||
|
EOL
|
||||||
|
|
||||||
|
# make sure firstboot doesn't start
|
||||||
|
echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot
|
||||||
|
|
||||||
|
# just in case
|
||||||
|
if ! grep -q growpart /etc/cloud/cloud.cfg; then
|
||||||
|
sed -i 's/ - resizefs/ - growpart\n - resizefs/' /etc/cloud/cloud.cfg
|
||||||
|
fi
|
||||||
|
# temporary until 22.2
|
||||||
|
sed -i 's/^system_info:/locale: C.UTF-8\nsystem_info:/' /etc/cloud/cloud.cfg
|
||||||
|
|
||||||
|
# rocky cloud user
|
||||||
|
echo -e 'rocky\tALL=(ALL)\tNOPASSWD: ALL' >> /etc/sudoers
|
||||||
|
sed -i 's/name: cloud-user/name: rocky/g' /etc/cloud/cloud.cfg
|
||||||
|
|
||||||
|
# these shouldn't be enabled, but just in case
|
||||||
|
sed -i 's|^enabled=1|enabled=0|' /etc/yum/pluginconf.d/product-id.conf
|
||||||
|
sed -i 's|^enabled=1|enabled=0|' /etc/yum/pluginconf.d/subscription-manager.conf
|
||||||
|
|
||||||
|
dnf clean all
|
||||||
|
|
||||||
|
# XXX instance type markers - MUST match Rocky Infra expectation
|
||||||
|
echo 'genclo' > /etc/yum/vars/infra
|
||||||
|
|
||||||
|
rm -rf /var/log/yum.log
|
||||||
|
rm -rf /var/lib/yum/*
|
||||||
|
rm -rf /root/install.log
|
||||||
|
rm -rf /root/install.log.syslog
|
||||||
|
rm -rf /root/anaconda-ks.cfg
|
||||||
|
rm -rf /var/log/anaconda*
|
||||||
|
|
||||||
|
echo "Fixing SELinux contexts."
|
||||||
|
touch /var/log/cron
|
||||||
|
touch /var/log/boot.log
|
||||||
|
mkdir -p /var/cache/yum
|
||||||
|
/usr/sbin/fixfiles -R -a restore
|
||||||
|
|
||||||
|
rm -f /var/lib/systemd/random-seed
|
||||||
|
cat /dev/null > /etc/machine-id
|
||||||
|
|
||||||
|
# reorder console entries
|
||||||
|
#sed -i 's/console=tty0/console=tty0 console=ttyS0,115200n8/' /boot/grub2/grub.cfg
|
||||||
|
|
||||||
|
true
|
||||||
|
|
||||||
|
%end
|
127
cloud/rocky-genclo-lvm.ks
Normal file
127
cloud/rocky-genclo-lvm.ks
Normal file
|
@ -0,0 +1,127 @@
|
||||||
|
%include rocky-cloud-base.ks
|
||||||
|
%include rocky-cloud-parts-lvm.ks
|
||||||
|
%include rocky-cloud-base-packages.ks
|
||||||
|
|
||||||
|
bootloader --append="console=ttyS0,115200n8 no_timer_check crashkernel=auto net.ifnames=0" --location=mbr --timeout=1
|
||||||
|
|
||||||
|
%post --erroronfail
|
||||||
|
passwd -d root
|
||||||
|
passwd -l root
|
||||||
|
|
||||||
|
# Attempting to force legacy BIOS boot if we boot from UEFI
|
||||||
|
if [ "$(arch)" = "x86_64" ]; then
|
||||||
|
dnf install grub2-pc-modules grub2-pc -y
|
||||||
|
grub2-install --target=i386-pc /dev/vda
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Ensure that the pmbr_boot flag is off
|
||||||
|
parted /dev/vda disk_set pmbr_boot off
|
||||||
|
|
||||||
|
# setup systemd to boot to the right runlevel
|
||||||
|
rm -f /etc/systemd/system/default.target
|
||||||
|
ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
|
||||||
|
echo .
|
||||||
|
|
||||||
|
# we don't need this in virt
|
||||||
|
dnf -C -y remove linux-firmware
|
||||||
|
|
||||||
|
# Remove firewalld; it is required to be present for install/image building.
|
||||||
|
# but we dont ship it in cloud
|
||||||
|
dnf -C -y remove firewalld --setopt="clean_requirements_on_remove=1"
|
||||||
|
dnf -C -y remove avahi\*
|
||||||
|
sed -i '/^#NAutoVTs=.*/ a\
|
||||||
|
NAutoVTs=0' /etc/systemd/logind.conf
|
||||||
|
|
||||||
|
cat > /etc/sysconfig/network << EOF
|
||||||
|
NETWORKING=yes
|
||||||
|
NOZEROCONF=yes
|
||||||
|
EOF
|
||||||
|
|
||||||
|
# this should *really* be an empty file - gotta make anaconda happy
|
||||||
|
truncate -s 0 /etc/resolv.conf
|
||||||
|
|
||||||
|
# For cloud images, 'eth0' _is_ the predictable device name, since
|
||||||
|
# we don't want to be tied to specific virtual (!) hardware
|
||||||
|
rm -f /etc/udev/rules.d/70*
|
||||||
|
ln -s /dev/null /etc/udev/rules.d/80-net-name-slot.rules
|
||||||
|
rm -f /etc/sysconfig/network-scripts/ifcfg-*
|
||||||
|
|
||||||
|
# simple eth0 config, again not hard-coded to the build hardware
|
||||||
|
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
|
||||||
|
DEVICE="eth0"
|
||||||
|
BOOTPROTO="dhcp"
|
||||||
|
BOOTPROTOv6="dhcp"
|
||||||
|
ONBOOT="yes"
|
||||||
|
TYPE="Ethernet"
|
||||||
|
USERCTL="yes"
|
||||||
|
PEERDNS="yes"
|
||||||
|
IPV6INIT="yes"
|
||||||
|
PERSISTENT_DHCLIENT="1"
|
||||||
|
EOF
|
||||||
|
|
||||||
|
echo "virtual-guest" > /etc/tuned/active_profile
|
||||||
|
|
||||||
|
# generic localhost names
|
||||||
|
cat > /etc/hosts << EOF
|
||||||
|
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
|
||||||
|
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
|
||||||
|
|
||||||
|
EOF
|
||||||
|
echo .
|
||||||
|
|
||||||
|
#systemctl mask tmp.mount
|
||||||
|
|
||||||
|
cat <<EOL > /etc/sysconfig/kernel
|
||||||
|
# UPDATEDEFAULT specifies if new-kernel-pkg should make
|
||||||
|
# new kernels the default
|
||||||
|
UPDATEDEFAULT=yes
|
||||||
|
|
||||||
|
# DEFAULTKERNEL specifies the default kernel package type
|
||||||
|
DEFAULTKERNEL=kernel
|
||||||
|
EOL
|
||||||
|
|
||||||
|
# make sure firstboot doesn't start
|
||||||
|
echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot
|
||||||
|
|
||||||
|
# just in case
|
||||||
|
if ! grep -q growpart /etc/cloud/cloud.cfg; then
|
||||||
|
sed -i 's/ - resizefs/ - growpart\n - resizefs/' /etc/cloud/cloud.cfg
|
||||||
|
fi
|
||||||
|
# temporary until 22.2
|
||||||
|
sed -i 's/^system_info:/locale: C.UTF-8\nsystem_info:/' /etc/cloud/cloud.cfg
|
||||||
|
|
||||||
|
# rocky cloud user
|
||||||
|
echo -e 'rocky\tALL=(ALL)\tNOPASSWD: ALL' >> /etc/sudoers
|
||||||
|
sed -i 's/name: cloud-user/name: rocky/g' /etc/cloud/cloud.cfg
|
||||||
|
|
||||||
|
# these shouldn't be enabled, but just in case
|
||||||
|
sed -i 's|^enabled=1|enabled=0|' /etc/yum/pluginconf.d/product-id.conf
|
||||||
|
sed -i 's|^enabled=1|enabled=0|' /etc/yum/pluginconf.d/subscription-manager.conf
|
||||||
|
|
||||||
|
dnf clean all
|
||||||
|
|
||||||
|
# XXX instance type markers - MUST match Rocky Infra expectation
|
||||||
|
echo 'genclo' > /etc/yum/vars/infra
|
||||||
|
|
||||||
|
rm -rf /var/log/yum.log
|
||||||
|
rm -rf /var/lib/yum/*
|
||||||
|
rm -rf /root/install.log
|
||||||
|
rm -rf /root/install.log.syslog
|
||||||
|
rm -rf /root/anaconda-ks.cfg
|
||||||
|
rm -rf /var/log/anaconda*
|
||||||
|
|
||||||
|
echo "Fixing SELinux contexts."
|
||||||
|
touch /var/log/cron
|
||||||
|
touch /var/log/boot.log
|
||||||
|
mkdir -p /var/cache/yum
|
||||||
|
/usr/sbin/fixfiles -R -a restore
|
||||||
|
|
||||||
|
rm -f /var/lib/systemd/random-seed
|
||||||
|
cat /dev/null > /etc/machine-id
|
||||||
|
|
||||||
|
# reorder console entries
|
||||||
|
#sed -i 's/console=tty0/console=tty0 console=ttyS0,115200n8/' /boot/grub2/grub.cfg
|
||||||
|
|
||||||
|
true
|
||||||
|
|
||||||
|
%end
|
219
cloud/rocky-ocp.ks
Normal file
219
cloud/rocky-ocp.ks
Normal file
|
@ -0,0 +1,219 @@
|
||||||
|
%include rocky-cloud-base.ks
|
||||||
|
%include rocky-cloud-parts-lvm.ks
|
||||||
|
%include rocky-cloud-ocp-packages.ks
|
||||||
|
|
||||||
|
bootloader --append="console=ttyS0,115200n8 console=tty0 no_timer_check crashkernel=auto net.ifnames=0 LANG=en_US.UTF-8 transparent_hugepage=never rd.luks=0 rd.md=0 rd.dm=0 rd.lvm.vg=rocky rd.lvm.lv=rocky/root rd.net.timeout.dhcp=10" --location=mbr --timeout=1 --boot-drive=vda
|
||||||
|
|
||||||
|
%post --erroronfail
|
||||||
|
|
||||||
|
# Attempting to force legacy BIOS boot if we boot from UEFI
|
||||||
|
if [ "$(arch)" = "x86_64" ]; then
|
||||||
|
dnf install grub2-pc-modules grub2-pc -y
|
||||||
|
grub2-install --target=i386-pc /dev/vda
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Ensure that the pmbr_boot flag is off
|
||||||
|
parted /dev/vda disk_set pmbr_boot off
|
||||||
|
|
||||||
|
# setup systemd to boot to the right runlevel
|
||||||
|
rm -f /etc/systemd/system/default.target
|
||||||
|
ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
|
||||||
|
echo .
|
||||||
|
|
||||||
|
dnf -C -y remove linux-firmware
|
||||||
|
|
||||||
|
# Remove firewalld; it is required to be present for install/image building.
|
||||||
|
# but we dont ship it in cloud
|
||||||
|
dnf -C -y remove firewalld --setopt="clean_requirements_on_remove=1"
|
||||||
|
dnf -C -y remove avahi\*
|
||||||
|
sed -i '/^#NAutoVTs=.*/ a\
|
||||||
|
NAutoVTs=0' /etc/systemd/logind.conf
|
||||||
|
|
||||||
|
cat > /etc/sysconfig/network << EOF
|
||||||
|
NETWORKING=yes
|
||||||
|
NOZEROCONF=yes
|
||||||
|
EOF
|
||||||
|
|
||||||
|
# Remove build-time resolvers to fix #16948
|
||||||
|
echo > /etc/resolv.conf
|
||||||
|
|
||||||
|
# For cloud images, 'eth0' _is_ the predictable device name, since
|
||||||
|
# we don't want to be tied to specific virtual (!) hardware
|
||||||
|
rm -f /etc/udev/rules.d/70*
|
||||||
|
ln -s /dev/null /etc/udev/rules.d/80-net-name-slot.rules
|
||||||
|
|
||||||
|
# simple eth0 config, again not hard-coded to the build hardware
|
||||||
|
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
|
||||||
|
DEVICE="eth0"
|
||||||
|
BOOTPROTO="dhcp"
|
||||||
|
ONBOOT="yes"
|
||||||
|
TYPE="Ethernet"
|
||||||
|
USERCTL="yes"
|
||||||
|
PEERDNS="yes"
|
||||||
|
IPV6INIT="no"
|
||||||
|
PERSISTENT_DHCLIENT="1"
|
||||||
|
EOF
|
||||||
|
|
||||||
|
echo "virtual-guest" > /etc/tuned/active_profile
|
||||||
|
|
||||||
|
# generic localhost names
|
||||||
|
cat > /etc/hosts << EOF
|
||||||
|
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
|
||||||
|
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
|
||||||
|
|
||||||
|
EOF
|
||||||
|
echo .
|
||||||
|
|
||||||
|
systemctl mask tmp.mount
|
||||||
|
|
||||||
|
cat <<EOL > /etc/sysconfig/kernel
|
||||||
|
# UPDATEDEFAULT specifies if new-kernel-pkg should make
|
||||||
|
# new kernels the default
|
||||||
|
UPDATEDEFAULT=yes
|
||||||
|
|
||||||
|
# DEFAULTKERNEL specifies the default kernel package type
|
||||||
|
DEFAULTKERNEL=kernel
|
||||||
|
EOL
|
||||||
|
|
||||||
|
# make sure firstboot doesn't start
|
||||||
|
echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot
|
||||||
|
|
||||||
|
# rocky cloud user
|
||||||
|
echo -e 'rocky\tALL=(ALL)\tNOPASSWD: ALL' >> /etc/sudoers
|
||||||
|
sed -i 's/name: cloud-user/name: rocky/g' /etc/cloud/cloud.cfg
|
||||||
|
|
||||||
|
dnf clean all
|
||||||
|
|
||||||
|
# XXX instance type markers - MUST match Rocky Infra expectation
|
||||||
|
echo 'oci' > /etc/yum/vars/infra
|
||||||
|
|
||||||
|
# change dhcp client retry/timeouts to resolve #6866
|
||||||
|
cat >> /etc/dhcp/dhclient.conf << EOF
|
||||||
|
|
||||||
|
timeout 300;
|
||||||
|
retry 60;
|
||||||
|
EOF
|
||||||
|
|
||||||
|
|
||||||
|
rm -rf /var/log/yum.log
|
||||||
|
rm -rf "/var/lib/yum/*"
|
||||||
|
rm -rf /root/install.log
|
||||||
|
rm -rf /root/install.log.syslog
|
||||||
|
rm -rf /root/anaconda-ks.cfg
|
||||||
|
rm -rf /var/log/anaconda*
|
||||||
|
|
||||||
|
rm -f /var/lib/systemd/random-seed
|
||||||
|
|
||||||
|
cat /dev/null > /etc/machine-id
|
||||||
|
|
||||||
|
echo "Fixing SELinux contexts."
|
||||||
|
touch /var/log/cron
|
||||||
|
touch /var/log/boot.log
|
||||||
|
mkdir -p /var/cache/yum
|
||||||
|
/usr/sbin/fixfiles -R -a restore
|
||||||
|
|
||||||
|
# remove these for debugging
|
||||||
|
sed -i -e 's/ rhgb quiet//' /boot/grub/grub.conf
|
||||||
|
|
||||||
|
# enable resizing on copied AMIs
|
||||||
|
echo 'install_items+=" sgdisk "' > /etc/dracut.conf.d/sgdisk.conf
|
||||||
|
|
||||||
|
# OCI - Need iscsi as a dracut module
|
||||||
|
echo 'add_dracutmodules+="iscsi"' > /etc/dracut.conf.d/iscsi.conf
|
||||||
|
|
||||||
|
# OCI - Virtio drivers
|
||||||
|
echo 'add_drivers+="virtio virtio_blk virtio_net virtio_pci virtio_ring virtio_scsi virtio_console"' > /etc/dracut.conf.d/virtio.conf
|
||||||
|
|
||||||
|
# OCI - YOLO
|
||||||
|
mkdir -p /usr/lib/dracut/modules.d/95oci
|
||||||
|
OCIDRACUT="H4sIAGtFHmMAA+2WWW/bOBCA/Vr+illZzQXoluPUhgMURYrmpS02fevuGpJIWYQVUiWpJoHr/15S
|
||||||
|
crLZZBs3QA8U5QfYosQ5NUNSrRRBTfMAi6xoVXDOcVsT6ePg2YgXNBh8C0LNeDTqrpq7124cpfF4
|
||||||
|
nIzT8fhwEEaj+HA8gNE38b6FVqpMAAwE5+ohuW3zvyjtw/UnLMtr4lFZSOrlV00mpS+rR/rYUv84
|
||||||
|
StJBlIx10ZNREscD/SRNkwGE3yXjO/zm9R/+EeSUBbJCQ/AOPNANQCYgK1LXniwEbdQUKMOEKU9l
|
||||||
|
ufT6eUbrqRby8kzSwuNlKYmaQDo1JrQhcjkBJWdHIC9mKUg9TIEoKGlN1FVDZtobGr7NVFFB11nm
|
||||||
|
3YLikNU1v4A8ozXwVgEtQVUEullM5RKKjGkZQTJ8BTmBkrcMo6Eg5QTeiCxvFxMYJmESxWGYImRc
|
||||||
|
wYLo8i7gOMDkY8Dauob4eCeCT5/Ah1uN7+mhbmx0+vrs5M93s10kZo67Mp6Hec2L5WTtIB1Oby3n
|
||||||
|
vIYQBPa76P1+XcDODrwHj4DjCgf+nprYGSDQlFwA69KgDNy93ooERpR5uD8FzDs5w3utv+qEnz6d
|
||||||
|
HKwdmIHTudE2TdgFZ4qyltwodGk2mZBk3snNO0dfTlh7vc722sQ9bcftInCMmiCqFQyiG+lN2HPC
|
||||||
|
ipm7J5WYC9LUWUH+VXMC/fsrLp39TgtzRuAe3RQpKr5JcAJnS9o0lC3AveXD930HjnfiR4lDl/7y
|
||||||
|
XC5uqUkjT7CZdgJ13gSdHbP+FcHebSNOr3VJFYSopGgXfWX1S21ZmgV109c3rYCuwzgxe6oJ+/Ts
|
||||||
|
xdkpbPR5oyhn15l+leR/kuw13L6BdeFAEgwehd3gn7fP372a+QdusBK9ilSYmniq9RTc1eU0MBKB
|
||||||
|
HnwI11P9n6x3/ycP3QsXme4E56VeoNr4g9GZt/az9zbLdrac//29p7f3tnn8wb9h2/dfchjdOf/D
|
||||||
|
OIns+f8j2Jz/+iD/4V8ARUWK5d4+rNCTzRkTojVCmDSEYXl/gjJdqrruJ8zNvOJ8CY0gXqt3NTg6
|
||||||
|
0vufjg5T8YXvVkeb+dkv3GKxWCwWi8VisVgsFovFYrFYLBaLxWL5jnwGdMMrBgAoAAA="
|
||||||
|
|
||||||
|
base64 -d <<<"$OCIDRACUT" | tar -xz
|
||||||
|
|
||||||
|
OCICLOUDCFG="IyBPQ0kgY2xvdWQtaW5pdCBjb25maWd1cmF0aW9uCmRhdGFzb3VyY2VfbGlzdDogWydPcmFjbGUn
|
||||||
|
LCAnT3BlblN0YWNrJ10KZGF0YXNvdXJjZToKICBPcGVuU3RhY2s6CiAgICBtZXRhZGF0YV91cmxz
|
||||||
|
OiBbJ2h0dHA6Ly8xNjkuMjU0LjE2OS4yNTQnXQogICAgdGltZW91dDogMTAKICAgIG1heF93YWl0
|
||||||
|
OiAyMAoKIyBzd2FwIGZpbGUKc3dhcDoKICAgZmlsZW5hbWU6IC8uc3dhcGZpbGUKICAgc2l6ZTog
|
||||||
|
ImF1dG8iCgpjbG91ZF9pbml0X21vZHVsZXM6CiMgT0NJOiBkaXNrX3NldHVwIGlzIGRpc2FibGVk
|
||||||
|
CiMtIGRpc2tfc2V0dXAKIC0gbWlncmF0b3IKIC0gYm9vdGNtZAogLSB3cml0ZS1maWxlcwojIE9D
|
||||||
|
STogVGhlIGdyb3dwYXJ0IG1vZHVsZSBpcyBkaXNhYmxlZCBieSBkZWZhdWx0LiBUbyBlbmFibGUg
|
||||||
|
YXV0b21hdGljIGJvb3Qgdm9sdW1lIHJlc2l6aW5nLCB1bmNvbW1lbnQKIyB0aGUgYmVsb3cgZW50
|
||||||
|
cnkgZm9yICctIGdyb3dwYXJ0JyBhbmQgcmVib290LiBBbGwgdGhlIGRlcGVuZGVudCBwYWNrYWdl
|
||||||
|
cyBmb3IgdGhlIGdyb3dwYXJ0CiMgbW9kdWxlIHRvIHdvcmsgc3VjaCBhcyBjbG91ZC11dGlscy1n
|
||||||
|
cm93cGFydCBhbmQgZ2Rpc2sgYXJlIGFscmVhZHkgaW5jbHVkZWQgaW4gdGhlIGltYWdlLgojLSBn
|
||||||
|
cm93cGFydAogLSByZXNpemVmcwojIE9DSTogc2V0X2hvc3RuYW1lLCB1cGRhdGVfaG9zdG5hbWUs
|
||||||
|
IHVwZGF0ZV9ldGNfaG9zdHMgYXJlIGRpc2FibGVkCiMtIHNldF9ob3N0bmFtZQojLSB1cGRhdGVf
|
||||||
|
aG9zdG5hbWUKIy0gdXBkYXRlX2V0Y19ob3N0cwogLSByc3lzbG9nCiAtIHVzZXJzLWdyb3Vwcwog
|
||||||
|
LSBzc2gKCmNsb3VkX2NvbmZpZ19tb2R1bGVzOgogLSBtb3VudHMKIC0gbG9jYWxlCiAtIHNldC1w
|
||||||
|
YXNzd29yZHMKIyBPQ0k6IHJoX3N1YnNjcmlwdGlvbiBpcyBkaXNhYmxlZAojLSByaF9zdWJzY3Jp
|
||||||
|
cHRpb24KIC0geXVtLWFkZC1yZXBvCiAtIHBhY2thZ2UtdXBkYXRlLXVwZ3JhZGUtaW5zdGFsbAog
|
||||||
|
LSB0aW1lem9uZQogLSBudHAKIC0gcHVwcGV0CiAtIGNoZWYKIC0gc2FsdC1taW5pb24KIC0gbWNv
|
||||||
|
bGxlY3RpdmUKIC0gZGlzYWJsZS1lYzItbWV0YWRhdGEKIC0gcnVuY21kCgpjbG91ZF9maW5hbF9t
|
||||||
|
b2R1bGVzOgogLSByaWdodHNjYWxlX3VzZXJkYXRhCiAtIHNjcmlwdHMtcGVyLW9uY2UKIC0gc2Ny
|
||||||
|
aXB0cy1wZXItYm9vdAogLSBzY3JpcHRzLXBlci1pbnN0YW5jZQogLSBzY3JpcHRzLXVzZXIKIC0g
|
||||||
|
c3NoLWF1dGhrZXktZmluZ2VycHJpbnRzCiAtIGtleXMtdG8tY29uc29sZQogLSBwaG9uZS1ob21l
|
||||||
|
CiAtIGZpbmFsLW1lc3NhZ2UKIyBPQ0k6IHBvd2VyLXN0YXRlLWNoYW5nZSBpcyBkaXNhYmxlZAoj
|
||||||
|
LSBwb3dlci1zdGF0ZS1jaGFuZ2UKCg=="
|
||||||
|
|
||||||
|
base64 -d <<<"$OCICLOUDCFG" >> /etc/cloud/cloud.cfg.d/99_oci.cfg
|
||||||
|
|
||||||
|
# Rerun dracut for the installed kernel (not the running kernel):
|
||||||
|
KERNEL_VERSION=$(rpm -q kernel --qf '%%{V}-%%{R}.%%{arch}\n')
|
||||||
|
dracut -f /boot/initramfs-$KERNEL_VERSION.img $KERNEL_VERSION
|
||||||
|
|
||||||
|
# OCI needs Iscsi
|
||||||
|
grubby --args="libiscsi.debug_libiscsi_eh=1 netroot=iscsi:169.254.0.2:::1:iqn.2015-02.oracle.boot:uefi ip=dhcp rd.iscsi.bypass rd.iscsi.param=node.session.timeo.replacement_timeout=6000" --update-kernel "/boot/vmlinuz-$KERNEL_VERSION"
|
||||||
|
|
||||||
|
passwd -d root
|
||||||
|
passwd -l root
|
||||||
|
|
||||||
|
# Copyright (C) 2020 Oracle Corp., Inc. All rights reserved.
|
||||||
|
# Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl
|
||||||
|
#
|
||||||
|
# /usr/lib/oci-linux-config/cloud/scripts/initramfs-mod/net.sh
|
||||||
|
#
|
||||||
|
|
||||||
|
echo "$(date) - OCI initramfs network modification script started."
|
||||||
|
|
||||||
|
# Symlink network config files where cloud-init >= 19.4 expects them
|
||||||
|
DRACUT_CFG=/run/initramfs/state/etc/sysconfig/network-scripts
|
||||||
|
CI_DIR=/run
|
||||||
|
if [ -d $DRACUT_CFG ]; then
|
||||||
|
FILE_COUNT=`ls $DRACUT_CFG | wc -l`
|
||||||
|
if [ $FILE_COUNT -eq 0 ]; then
|
||||||
|
# Create dummy file if dracut did not create network device config
|
||||||
|
dummycfg=$CI_DIR/net-dummy.conf
|
||||||
|
echo "DEVICE=\"dummy\"" > $dummycfg
|
||||||
|
echo "BOOTPROTO=dhcp" >> $dummycfg
|
||||||
|
echo "$(date) - Creating dummy config $dummycfg."
|
||||||
|
else
|
||||||
|
for dcfg in $DRACUT_CFG/*; do
|
||||||
|
filename=${dcfg##*/}
|
||||||
|
devname=${filename##ifcfg-}
|
||||||
|
cicfg=$CI_DIR/net-$devname.conf
|
||||||
|
if [ ! -e $cicfg ]; then
|
||||||
|
echo "$(date) - Creating symlink from $dcfg to $cicfg."
|
||||||
|
ln -s $dcfg $cicfg
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "$(date) - OCI initramfs network modification script done."
|
||||||
|
true
|
||||||
|
|
||||||
|
%end
|
75
container/rocky-container-base.ks
Normal file
75
container/rocky-container-base.ks
Normal file
|
@ -0,0 +1,75 @@
|
||||||
|
%include rocky-container.ks
|
||||||
|
|
||||||
|
%packages --excludedocs --inst-langs=en --nocore --exclude-weakdeps
|
||||||
|
bash
|
||||||
|
binutils
|
||||||
|
coreutils-single
|
||||||
|
glibc-minimal-langpack
|
||||||
|
hostname
|
||||||
|
iputils
|
||||||
|
less
|
||||||
|
rocky-release
|
||||||
|
rootfiles
|
||||||
|
tar
|
||||||
|
vim-minimal
|
||||||
|
yum
|
||||||
|
|
||||||
|
-brotli
|
||||||
|
-dosfstools
|
||||||
|
-kexec-tools
|
||||||
|
-e2fsprogs
|
||||||
|
-firewalld
|
||||||
|
-fuse-libs
|
||||||
|
-gettext*
|
||||||
|
-gnupg2-smime
|
||||||
|
-grub\*
|
||||||
|
-iptables
|
||||||
|
-kernel
|
||||||
|
-libss
|
||||||
|
-os-prober*
|
||||||
|
-pinentry
|
||||||
|
-qemu-guest-agent
|
||||||
|
-shared-mime-info
|
||||||
|
-trousers
|
||||||
|
-xfsprogs
|
||||||
|
-xkeyboard-config
|
||||||
|
%end
|
||||||
|
|
||||||
|
%post --erroronfail --log=/root/anaconda-post.log
|
||||||
|
# container customizations inside the chroot
|
||||||
|
|
||||||
|
# Stay compatible
|
||||||
|
echo 'container' > /etc/dnf/vars/infra
|
||||||
|
|
||||||
|
#Generate installtime file record
|
||||||
|
/bin/date +%Y%m%d_%H%M > /etc/BUILDTIME
|
||||||
|
|
||||||
|
# Limit languages to help reduce size.
|
||||||
|
LANG="en_US"
|
||||||
|
echo "%_install_langs $LANG" > /etc/rpm/macros.image-language-conf
|
||||||
|
|
||||||
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1727489
|
||||||
|
echo 'LANG="C.UTF-8"' > /etc/locale.conf
|
||||||
|
|
||||||
|
# systemd fixes
|
||||||
|
:> /etc/machine-id
|
||||||
|
umount /run
|
||||||
|
systemd-tmpfiles --create --boot
|
||||||
|
|
||||||
|
# mask mounts and login bits
|
||||||
|
systemctl mask \
|
||||||
|
console-getty.service \
|
||||||
|
dev-hugepages.mount \
|
||||||
|
getty.target \
|
||||||
|
sys-fs-fuse-connections.mount \
|
||||||
|
systemd-logind.service \
|
||||||
|
systemd-remount-fs.service
|
||||||
|
|
||||||
|
# Cleanup the image
|
||||||
|
rm -f /etc/udev/hwdb.bin
|
||||||
|
rm -rf /usr/lib/udev/hwdb.d/ \
|
||||||
|
/boot /var/lib/dnf/history.* \
|
||||||
|
"/tmp/*" "/tmp/.*" || true
|
||||||
|
|
||||||
|
|
||||||
|
%end
|
76
container/rocky-container-minimal.ks
Normal file
76
container/rocky-container-minimal.ks
Normal file
|
@ -0,0 +1,76 @@
|
||||||
|
%include rocky-container.ks
|
||||||
|
|
||||||
|
%packages --excludedocs --inst-langs=en --nocore --exclude-weakdeps
|
||||||
|
bash
|
||||||
|
coreutils-single
|
||||||
|
glibc-minimal-langpack
|
||||||
|
microdnf
|
||||||
|
rocky-release
|
||||||
|
|
||||||
|
-brotli
|
||||||
|
-dosfstools
|
||||||
|
-e2fsprogs
|
||||||
|
-firewalld
|
||||||
|
-fuse-libs
|
||||||
|
-gettext*
|
||||||
|
-gnupg2-smime
|
||||||
|
-grub\*
|
||||||
|
-hostname
|
||||||
|
-iptables
|
||||||
|
-iputils
|
||||||
|
-kernel
|
||||||
|
-kexec-tools
|
||||||
|
-less
|
||||||
|
-libss
|
||||||
|
-os-prober*
|
||||||
|
-pinentry
|
||||||
|
-qemu-guest-agent
|
||||||
|
-rootfiles
|
||||||
|
-shared-mime-info
|
||||||
|
-tar
|
||||||
|
-trousers
|
||||||
|
-vim-minimal
|
||||||
|
-xfsprogs
|
||||||
|
-xkeyboard-config
|
||||||
|
-yum
|
||||||
|
%end
|
||||||
|
|
||||||
|
%post --erroronfail --log=/root/anaconda-post.log
|
||||||
|
# container customizations inside the chroot
|
||||||
|
|
||||||
|
|
||||||
|
rpm --rebuilddb
|
||||||
|
|
||||||
|
/bin/date +%Y-%m-%d_%H:%M:%S > /etc/BUILDTIME
|
||||||
|
|
||||||
|
echo 'container' > /etc/dnf/vars/infra
|
||||||
|
|
||||||
|
LANG="en_US"
|
||||||
|
echo '%_install_langs en_US.UTF-8' > /etc/rpm/macros.image-language-conf
|
||||||
|
echo 'LANG="C.UTF-8"' > /etc/locale.conf
|
||||||
|
|
||||||
|
rm -f /var/lib/dnf/history.*
|
||||||
|
rm -fr "/var/log/*" "/tmp/*" "/tmp/.*"
|
||||||
|
|
||||||
|
for dir in $(ls -d "/usr/share/{locale,i18n}/*" | grep -v 'en_US\|all_languages\|locale\.alias'); do rm -fr $dir; done
|
||||||
|
|
||||||
|
# systemd fixes
|
||||||
|
umount /run
|
||||||
|
systemd-tmpfiles --create --boot
|
||||||
|
|
||||||
|
# mask mounts and login bits
|
||||||
|
systemctl mask \
|
||||||
|
console-getty.service \
|
||||||
|
dev-hugepages.mount \
|
||||||
|
getty.target \
|
||||||
|
sys-fs-fuse-connections.mount \
|
||||||
|
systemd-logind.service \
|
||||||
|
systemd-remount-fs.service
|
||||||
|
|
||||||
|
# Cleanup the image
|
||||||
|
rm -f /etc/udev/hwdb.bin
|
||||||
|
rm -rf /usr/lib/udev/hwdb.d/ \
|
||||||
|
/boot /var/lib/dnf/history.* \
|
||||||
|
"/tmp/*" "/tmp/.*" || true
|
||||||
|
|
||||||
|
%end
|
78
container/rocky-container-ubi.ks
Normal file
78
container/rocky-container-ubi.ks
Normal file
|
@ -0,0 +1,78 @@
|
||||||
|
%include rocky-container.ks
|
||||||
|
|
||||||
|
%packages --excludedocs --inst-langs=en --nocore --exclude-weakdeps
|
||||||
|
bash
|
||||||
|
binutils
|
||||||
|
brotli
|
||||||
|
coreutils-single
|
||||||
|
crypto-policies-scripts
|
||||||
|
dmidecode
|
||||||
|
findutils
|
||||||
|
glibc-minimal-langpack
|
||||||
|
libcurl
|
||||||
|
systemd
|
||||||
|
rocky-release
|
||||||
|
rootfiles
|
||||||
|
tar
|
||||||
|
vim-minimal
|
||||||
|
which
|
||||||
|
yum
|
||||||
|
|
||||||
|
-dosfstools
|
||||||
|
-kexec-tools
|
||||||
|
-e2fsprogs
|
||||||
|
-firewalld
|
||||||
|
-fuse-libs
|
||||||
|
-gettext*
|
||||||
|
-gnupg2-smime
|
||||||
|
-grub\*
|
||||||
|
-iptables
|
||||||
|
-kernel
|
||||||
|
-libss
|
||||||
|
-os-prober*
|
||||||
|
-pinentry
|
||||||
|
-qemu-guest-agent
|
||||||
|
-shared-mime-info
|
||||||
|
-trousers
|
||||||
|
-xfsprogs
|
||||||
|
-xkeyboard-config
|
||||||
|
%end
|
||||||
|
|
||||||
|
%post --erroronfail --log=/root/anaconda-post.log
|
||||||
|
# container customizations inside the chroot
|
||||||
|
|
||||||
|
# Stay compatible
|
||||||
|
echo 'container' > /etc/dnf/vars/infra
|
||||||
|
|
||||||
|
#Generate installtime file record
|
||||||
|
/bin/date +%Y%m%d_%H%M > /etc/BUILDTIME
|
||||||
|
|
||||||
|
# Limit languages to help reduce size.
|
||||||
|
LANG="en_US"
|
||||||
|
echo "%_install_langs $LANG" > /etc/rpm/macros.image-language-conf
|
||||||
|
|
||||||
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1727489
|
||||||
|
echo 'LANG="C.UTF-8"' > /etc/locale.conf
|
||||||
|
|
||||||
|
# systemd fixes
|
||||||
|
:> /etc/machine-id
|
||||||
|
umount /run
|
||||||
|
systemd-tmpfiles --create --boot
|
||||||
|
|
||||||
|
# mask mounts and login bits
|
||||||
|
systemctl mask \
|
||||||
|
console-getty.service \
|
||||||
|
dev-hugepages.mount \
|
||||||
|
getty.target \
|
||||||
|
sys-fs-fuse-connections.mount \
|
||||||
|
systemd-logind.service \
|
||||||
|
systemd-remount-fs.service
|
||||||
|
|
||||||
|
# Cleanup the image
|
||||||
|
rm -f /etc/udev/hwdb.bin
|
||||||
|
rm -rf /usr/lib/udev/hwdb.d/ \
|
||||||
|
/boot /var/lib/dnf/history.* \
|
||||||
|
"/tmp/*" "/tmp/.*" || true
|
||||||
|
|
||||||
|
|
||||||
|
%end
|
21
container/rocky-container.ks
Normal file
21
container/rocky-container.ks
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
url --url https://download.rockylinux.org/stg/rocky/9/BaseOS/$basearch/os/
|
||||||
|
|
||||||
|
text
|
||||||
|
bootloader --disable
|
||||||
|
firewall --disabled
|
||||||
|
network --bootproto=dhcp --device=link --activate --onboot=on
|
||||||
|
rootpw --lock --iscrypted locked
|
||||||
|
selinux --disabled
|
||||||
|
shutdown
|
||||||
|
|
||||||
|
keyboard us
|
||||||
|
lang en_US.UTF-8
|
||||||
|
timezone --utc --ntp-disable UTC
|
||||||
|
|
||||||
|
# Disk setup
|
||||||
|
zerombr
|
||||||
|
clearpart --all --initlabel
|
||||||
|
autopart --noboot --nohome --noswap --nolvm --fstype=ext4
|
||||||
|
|
||||||
|
%addon com_redhat_kdump --disable
|
||||||
|
%end
|
21
vagrant/rocky-vagrant-base.ks
Normal file
21
vagrant/rocky-vagrant-base.ks
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
text
|
||||||
|
keyboard --vckeymap us
|
||||||
|
lang en_US
|
||||||
|
skipx
|
||||||
|
network --bootproto=dhcp --device=link --activate --onboot=on
|
||||||
|
rootpw --plaintext vagrant
|
||||||
|
firewall --disabled
|
||||||
|
timezone --utc UTC
|
||||||
|
services --enabled=vmtoolsd
|
||||||
|
# The biosdevname and ifnames options ensure we get "eth0" as our interface
|
||||||
|
# even in environments like virtualbox that emulate a real NW card
|
||||||
|
bootloader --timeout=1 --append="no_timer_check console=tty0 console=ttyS0,115200n8 net.ifnames=0 biosdevname=0 elevator=noop"
|
||||||
|
zerombr
|
||||||
|
clearpart --all --initlabel
|
||||||
|
reqpart
|
||||||
|
part / --fstype=xfs --asprimary --size=1024 --grow
|
||||||
|
|
||||||
|
user --name=vagrant --plaintext --password=vagrant
|
||||||
|
url --url https://download.rockylinux.org/stg/rocky/9/BaseOS/$basearch/os/
|
||||||
|
%addon com_redhat_kdump --disable
|
||||||
|
%end
|
96
vagrant/rocky-vagrant-libvirt.ks
Normal file
96
vagrant/rocky-vagrant-libvirt.ks
Normal file
|
@ -0,0 +1,96 @@
|
||||||
|
%include rocky-vagrant-base.ks
|
||||||
|
%include rocky-vagrant-packages-hyperv.ks
|
||||||
|
|
||||||
|
shutdown
|
||||||
|
|
||||||
|
%post
|
||||||
|
# configure swap to a file
|
||||||
|
fallocate -l 2G /swapfile
|
||||||
|
chmod 600 /swapfile
|
||||||
|
mkswap /swapfile
|
||||||
|
echo "/swapfile none swap defaults 0 0" >> /etc/fstab
|
||||||
|
|
||||||
|
# sudo
|
||||||
|
echo "%vagrant ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/vagrant
|
||||||
|
chmod 0440 /etc/sudoers.d/vagrant
|
||||||
|
|
||||||
|
# Fix for https://github.com/CentOS/sig-cloud-instance-build/issues/38
|
||||||
|
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
|
||||||
|
DEVICE="eth0"
|
||||||
|
BOOTPROTO="dhcp"
|
||||||
|
ONBOOT="yes"
|
||||||
|
TYPE="Ethernet"
|
||||||
|
PERSISTENT_DHCLIENT="yes"
|
||||||
|
EOF
|
||||||
|
|
||||||
|
# sshd: disable password authentication and DNS checks
|
||||||
|
ex -s /etc/ssh/sshd_config <<EOF
|
||||||
|
:%substitute/^\(PasswordAuthentication\) yes$/\1 no/
|
||||||
|
:%substitute/^#\(UseDNS\) yes$/&\r\1 no/
|
||||||
|
:update
|
||||||
|
:quit
|
||||||
|
EOF
|
||||||
|
cat >>/etc/sysconfig/sshd <<EOF
|
||||||
|
|
||||||
|
# Decrease connection time by preventing reverse DNS lookups
|
||||||
|
# (see https://lists.centos.org/pipermail/centos-devel/2016-July/014981.html
|
||||||
|
# and man sshd for more information)
|
||||||
|
OPTIONS="-u0"
|
||||||
|
EOF
|
||||||
|
|
||||||
|
# Default insecure vagrant key
|
||||||
|
mkdir -m 0700 -p /home/vagrant/.ssh
|
||||||
|
echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key" >> /home/vagrant/.ssh/authorized_keys
|
||||||
|
chmod 600 /home/vagrant/.ssh/authorized_keys
|
||||||
|
chown -R vagrant:vagrant /home/vagrant/.ssh
|
||||||
|
|
||||||
|
# Fix for issue #76, regular users can gain admin privileges via su
|
||||||
|
ex -s /etc/pam.d/su <<'EOF'
|
||||||
|
# allow vagrant to use su, but prevent others from becoming root or vagrant
|
||||||
|
/^account\s\+sufficient\s\+pam_succeed_if.so uid = 0 use_uid quiet$/
|
||||||
|
:append
|
||||||
|
account [success=1 default=ignore] \\
|
||||||
|
pam_succeed_if.so user = vagrant use_uid quiet
|
||||||
|
account required pam_succeed_if.so user notin root:vagrant
|
||||||
|
.
|
||||||
|
:update
|
||||||
|
:quit
|
||||||
|
EOF
|
||||||
|
|
||||||
|
# systemd should generate a new machine id during the first boot, to
|
||||||
|
# avoid having multiple Vagrant instances with the same id in the local
|
||||||
|
# network. /etc/machine-id should be empty, but it must exist to prevent
|
||||||
|
# boot errors (e.g. systemd-journald failing to start).
|
||||||
|
:>/etc/machine-id
|
||||||
|
|
||||||
|
echo 'vag' > /etc/yum/vars/infra
|
||||||
|
|
||||||
|
# Blacklist the floppy module to avoid probing timeouts
|
||||||
|
echo blacklist floppy > /etc/modprobe.d/nofloppy.conf
|
||||||
|
chcon -u system_u -r object_r -t modules_conf_t /etc/modprobe.d/nofloppy.conf
|
||||||
|
|
||||||
|
# Customize the initramfs
|
||||||
|
pushd /etc/dracut.conf.d
|
||||||
|
# Enable VMware PVSCSI support for VMware Fusion guests.
|
||||||
|
echo 'add_drivers+=" vmw_pvscsi "' > vmware-fusion-drivers.conf
|
||||||
|
echo 'add_drivers+=" hv_netvsc hv_storvsc hv_utils hv_vmbus hid-hyperv "' > hyperv-drivers.conf
|
||||||
|
# There's no floppy controller, but probing for it generates timeouts
|
||||||
|
echo 'omit_drivers+=" floppy "' > nofloppy.conf
|
||||||
|
popd
|
||||||
|
# Fix the SELinux context of the new files
|
||||||
|
restorecon -f - <<EOF
|
||||||
|
/etc/sudoers.d/vagrant
|
||||||
|
/etc/dracut.conf.d/vmware-fusion-drivers.conf
|
||||||
|
/etc/dracut.conf.d/hyperv-drivers.conf
|
||||||
|
/etc/dracut.conf.d/nofloppy.conf
|
||||||
|
EOF
|
||||||
|
|
||||||
|
# Rerun dracut for the installed kernel (not the running kernel):
|
||||||
|
KERNEL_VERSION=$(rpm -q kernel --qf '%{version}-%{release}.%{arch}\n')
|
||||||
|
dracut -f /boot/initramfs-${KERNEL_VERSION}.img ${KERNEL_VERSION}
|
||||||
|
|
||||||
|
# Seal for deployment
|
||||||
|
rm -rf /etc/ssh/ssh_host_*
|
||||||
|
hostnamectl set-hostname localhost.localdomain
|
||||||
|
rm -rf /etc/udev/rules.d/70-*
|
||||||
|
%end
|
34
vagrant/rocky-vagrant-packages-hyperv.ks
Normal file
34
vagrant/rocky-vagrant-packages-hyperv.ks
Normal file
|
@ -0,0 +1,34 @@
|
||||||
|
%packages --inst-langs=en
|
||||||
|
bash-completion
|
||||||
|
man-pages
|
||||||
|
bzip2
|
||||||
|
rsync
|
||||||
|
nfs-utils
|
||||||
|
cifs-utils
|
||||||
|
chrony
|
||||||
|
yum-utils
|
||||||
|
hyperv-daemons
|
||||||
|
open-vm-tools
|
||||||
|
# Vagrant boxes aren't normally visible, no need for Plymouth
|
||||||
|
-plymouth
|
||||||
|
# Microcode updates cannot work in a VM
|
||||||
|
-microcode_ctl
|
||||||
|
# Firmware packages are not needed in a VM
|
||||||
|
-iwl100-firmware
|
||||||
|
-iwl1000-firmware
|
||||||
|
-iwl105-firmware
|
||||||
|
-iwl135-firmware
|
||||||
|
-iwl2000-firmware
|
||||||
|
-iwl2030-firmware
|
||||||
|
-iwl3160-firmware
|
||||||
|
-iwl3945-firmware
|
||||||
|
-iwl4965-firmware
|
||||||
|
-iwl5000-firmware
|
||||||
|
-iwl5150-firmware
|
||||||
|
-iwl6000-firmware
|
||||||
|
-iwl6000g2a-firmware
|
||||||
|
-iwl6050-firmware
|
||||||
|
-iwl7260-firmware
|
||||||
|
# Don't build rescue initramfs
|
||||||
|
-dracut-config-rescue
|
||||||
|
%end
|
33
vagrant/rocky-vagrant-packages.ks
Normal file
33
vagrant/rocky-vagrant-packages.ks
Normal file
|
@ -0,0 +1,33 @@
|
||||||
|
%packages --inst-langs=en
|
||||||
|
bash-completion
|
||||||
|
man-pages
|
||||||
|
bzip2
|
||||||
|
rsync
|
||||||
|
nfs-utils
|
||||||
|
cifs-utils
|
||||||
|
chrony
|
||||||
|
yum-utils
|
||||||
|
open-vm-tools
|
||||||
|
# Vagrant boxes aren't normally visible, no need for Plymouth
|
||||||
|
-plymouth
|
||||||
|
# Microcode updates cannot work in a VM
|
||||||
|
-microcode_ctl
|
||||||
|
# Firmware packages are not needed in a VM
|
||||||
|
-iwl100-firmware
|
||||||
|
-iwl1000-firmware
|
||||||
|
-iwl105-firmware
|
||||||
|
-iwl135-firmware
|
||||||
|
-iwl2000-firmware
|
||||||
|
-iwl2030-firmware
|
||||||
|
-iwl3160-firmware
|
||||||
|
-iwl3945-firmware
|
||||||
|
-iwl4965-firmware
|
||||||
|
-iwl5000-firmware
|
||||||
|
-iwl5150-firmware
|
||||||
|
-iwl6000-firmware
|
||||||
|
-iwl6000g2a-firmware
|
||||||
|
-iwl6050-firmware
|
||||||
|
-iwl7260-firmware
|
||||||
|
# Don't build rescue initramfs
|
||||||
|
-dracut-config-rescue
|
||||||
|
%end
|
110
vagrant/rocky-vagrant-vbox.ks
Normal file
110
vagrant/rocky-vagrant-vbox.ks
Normal file
|
@ -0,0 +1,110 @@
|
||||||
|
%include rocky-vagrant-base.ks
|
||||||
|
%include rocky-vagrant-packages-hyperv.ks
|
||||||
|
|
||||||
|
reboot
|
||||||
|
|
||||||
|
%post
|
||||||
|
# configure swap to a file
|
||||||
|
fallocate -l 2G /swapfile
|
||||||
|
chmod 600 /swapfile
|
||||||
|
mkswap /swapfile
|
||||||
|
echo "/swapfile none swap defaults 0 0" >> /etc/fstab
|
||||||
|
|
||||||
|
# sudo
|
||||||
|
echo "%vagrant ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/vagrant
|
||||||
|
chmod 0440 /etc/sudoers.d/vagrant
|
||||||
|
|
||||||
|
# Fix for https://github.com/CentOS/sig-cloud-instance-build/issues/38
|
||||||
|
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
|
||||||
|
DEVICE="eth0"
|
||||||
|
BOOTPROTO="dhcp"
|
||||||
|
ONBOOT="yes"
|
||||||
|
TYPE="Ethernet"
|
||||||
|
PERSISTENT_DHCLIENT="yes"
|
||||||
|
EOF
|
||||||
|
|
||||||
|
# sshd: disable password authentication and DNS checks
|
||||||
|
# for virtualbox we're disabling it after provisioning
|
||||||
|
|
||||||
|
# Decrease connection time by preventing reverse DNS lookups
|
||||||
|
# (see https://lists.centos.org/pipermail/centos-devel/2016-July/014981.html
|
||||||
|
# and man sshd for more information)
|
||||||
|
OPTIONS="-u0"
|
||||||
|
EOF
|
||||||
|
|
||||||
|
# Default insecure vagrant key
|
||||||
|
mkdir -m 0700 -p /home/vagrant/.ssh
|
||||||
|
echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key" >> /home/vagrant/.ssh/authorized_keys
|
||||||
|
chmod 600 /home/vagrant/.ssh/authorized_keys
|
||||||
|
chown -R vagrant:vagrant /home/vagrant/.ssh
|
||||||
|
|
||||||
|
# Fix for issue #76, regular users can gain admin privileges via su
|
||||||
|
ex -s /etc/pam.d/su <<'EOF'
|
||||||
|
# allow vagrant to use su, but prevent others from becoming root or vagrant
|
||||||
|
/^account\s\+sufficient\s\+pam_succeed_if.so uid = 0 use_uid quiet$/
|
||||||
|
:append
|
||||||
|
account [success=1 default=ignore] \\
|
||||||
|
pam_succeed_if.so user = vagrant use_uid quiet
|
||||||
|
account required pam_succeed_if.so user notin root:vagrant
|
||||||
|
.
|
||||||
|
:update
|
||||||
|
:quit
|
||||||
|
EOF
|
||||||
|
|
||||||
|
# Install VBoxGuestAdditions for installed kernel
|
||||||
|
kver=$(rpm -q --queryformat="%{VERSION}-%{RELEASE}.%{ARCH}" kernel)
|
||||||
|
dnf -y install kernel-devel gcc make perl elfutils-libelf-devel
|
||||||
|
curl -L -o /tmp/vboxadditions.iso https://download.virtualbox.org/virtualbox/6.1.40/VBoxGuestAdditions_6.1.40.iso
|
||||||
|
mkdir -p /media/VBoxGuestAdditions
|
||||||
|
mount -o loop,ro /tmp/vboxadditions.iso /media/VBoxGuestAdditions
|
||||||
|
mkdir -p /tmp/VBoxGuestAdditions
|
||||||
|
sh /media/VBoxGuestAdditions/VBoxLinuxAdditions.run --nox11 --noexec --keep --target /tmp/VBoxGuestAdditions
|
||||||
|
pushd /tmp/VBoxGuestAdditions
|
||||||
|
./install.sh
|
||||||
|
/sbin/rcvboxadd quicksetup all
|
||||||
|
popd
|
||||||
|
ls "/lib/modules/${kver}/misc/"
|
||||||
|
modinfo "/lib/modules/${kver}/misc/vboxsf.ko"
|
||||||
|
rm -rf /tmp/VBoxGuestAdditions
|
||||||
|
umount /media/VBoxGuestAdditions
|
||||||
|
rm -f /tmp/vboxadditions.iso
|
||||||
|
rmdir /media/VBoxGuestAdditions
|
||||||
|
dnf -y remove kernel-devel gcc make perl elfutils-libelf-devel
|
||||||
|
|
||||||
|
# systemd should generate a new machine id during the first boot, to
|
||||||
|
# avoid having multiple Vagrant instances with the same id in the local
|
||||||
|
# network. /etc/machine-id should be empty, but it must exist to prevent
|
||||||
|
# boot errors (e.g. systemd-journald failing to start).
|
||||||
|
:>/etc/machine-id
|
||||||
|
|
||||||
|
echo 'vag' > /etc/yum/vars/infra
|
||||||
|
|
||||||
|
# Blacklist the floppy module to avoid probing timeouts
|
||||||
|
echo blacklist floppy > /etc/modprobe.d/nofloppy.conf
|
||||||
|
chcon -u system_u -r object_r -t modules_conf_t /etc/modprobe.d/nofloppy.conf
|
||||||
|
|
||||||
|
# Customize the initramfs
|
||||||
|
pushd /etc/dracut.conf.d
|
||||||
|
# Enable VMware PVSCSI support for VMware Fusion guests.
|
||||||
|
echo 'add_drivers+=" vmw_pvscsi "' > vmware-fusion-drivers.conf
|
||||||
|
echo 'add_drivers+=" hv_netvsc hv_storvsc hv_utils hv_vmbus hid-hyperv "' > hyperv-drivers.conf
|
||||||
|
# There's no floppy controller, but probing for it generates timeouts
|
||||||
|
echo 'omit_drivers+=" floppy "' > nofloppy.conf
|
||||||
|
popd
|
||||||
|
# Fix the SELinux context of the new files
|
||||||
|
restorecon -f - <<EOF
|
||||||
|
/etc/sudoers.d/vagrant
|
||||||
|
/etc/dracut.conf.d/vmware-fusion-drivers.conf
|
||||||
|
/etc/dracut.conf.d/hyperv-drivers.conf
|
||||||
|
/etc/dracut.conf.d/nofloppy.conf
|
||||||
|
EOF
|
||||||
|
|
||||||
|
# Rerun dracut for the installed kernel (not the running kernel):
|
||||||
|
KERNEL_VERSION=$(rpm -q kernel --qf '%{version}-%{release}.%{arch}\n')
|
||||||
|
dracut -f /boot/initramfs-${KERNEL_VERSION}.img ${KERNEL_VERSION}
|
||||||
|
|
||||||
|
# Seal for deployment
|
||||||
|
rm -rf /etc/ssh/ssh_host_*
|
||||||
|
hostnamectl set-hostname localhost.localdomain
|
||||||
|
rm -rf /etc/udev/rules.d/70-*
|
||||||
|
%end
|
86
vagrant/rocky-vagrant-vmware.ks
Normal file
86
vagrant/rocky-vagrant-vmware.ks
Normal file
|
@ -0,0 +1,86 @@
|
||||||
|
%include rocky-vagrant-base.ks
|
||||||
|
%include rocky-vagrant-packages.ks
|
||||||
|
|
||||||
|
shutdown
|
||||||
|
|
||||||
|
%post
|
||||||
|
# configure swap to a file
|
||||||
|
fallocate -l 2G /swapfile
|
||||||
|
chmod 600 /swapfile
|
||||||
|
mkswap /swapfile
|
||||||
|
echo "/swapfile none swap defaults 0 0" >> /etc/fstab
|
||||||
|
|
||||||
|
# sudo
|
||||||
|
echo "%vagrant ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/vagrant
|
||||||
|
chmod 0440 /etc/sudoers.d/vagrant
|
||||||
|
|
||||||
|
# sshd: disable password authentication and DNS checks
|
||||||
|
ex -s /etc/ssh/sshd_config <<EOF
|
||||||
|
:%substitute/^\(PasswordAuthentication\) yes$/\1 no/
|
||||||
|
:%substitute/^#\(UseDNS\) yes$/&\r\1 no/
|
||||||
|
:update
|
||||||
|
:quit
|
||||||
|
EOF
|
||||||
|
cat >>/etc/sysconfig/sshd <<EOF
|
||||||
|
|
||||||
|
# Decrease connection time by preventing reverse DNS lookups
|
||||||
|
# (see https://lists.centos.org/pipermail/centos-devel/2016-July/014981.html
|
||||||
|
# and man sshd for more information)
|
||||||
|
OPTIONS="-u0"
|
||||||
|
EOF
|
||||||
|
|
||||||
|
# Default insecure vagrant key
|
||||||
|
mkdir -m 0700 -p /home/vagrant/.ssh
|
||||||
|
echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key" >> /home/vagrant/.ssh/authorized_keys
|
||||||
|
chmod 600 /home/vagrant/.ssh/authorized_keys
|
||||||
|
chown -R vagrant:vagrant /home/vagrant/.ssh
|
||||||
|
|
||||||
|
# Fix for issue #76, regular users can gain admin privileges via su
|
||||||
|
ex -s /etc/pam.d/su <<'EOF'
|
||||||
|
# allow vagrant to use su, but prevent others from becoming root or vagrant
|
||||||
|
/^account\s\+sufficient\s\+pam_succeed_if.so uid = 0 use_uid quiet$/
|
||||||
|
:append
|
||||||
|
account [success=1 default=ignore] \\
|
||||||
|
pam_succeed_if.so user = vagrant use_uid quiet
|
||||||
|
account required pam_succeed_if.so user notin root:vagrant
|
||||||
|
.
|
||||||
|
:update
|
||||||
|
:quit
|
||||||
|
EOF
|
||||||
|
|
||||||
|
# systemd should generate a new machine id during the first boot, to
|
||||||
|
# avoid having multiple Vagrant instances with the same id in the local
|
||||||
|
# network. /etc/machine-id should be empty, but it must exist to prevent
|
||||||
|
# boot errors (e.g. systemd-journald failing to start).
|
||||||
|
:>/etc/machine-id
|
||||||
|
|
||||||
|
echo 'vag' > /etc/yum/vars/infra
|
||||||
|
|
||||||
|
# Blacklist the floppy module to avoid probing timeouts
|
||||||
|
echo blacklist floppy > /etc/modprobe.d/nofloppy.conf
|
||||||
|
chcon -u system_u -r object_r -t modules_conf_t /etc/modprobe.d/nofloppy.conf
|
||||||
|
|
||||||
|
# Customize the initramfs
|
||||||
|
pushd /etc/dracut.conf.d
|
||||||
|
# Enable VMware PVSCSI support for VMware Fusion guests.
|
||||||
|
echo 'add_drivers+=" vmw_pvscsi "' > vmware-fusion-drivers.conf
|
||||||
|
echo 'add_drivers+=" hv_netvsc hv_storvsc hv_utils hv_vmbus hid-hyperv "' > hyperv-drivers.conf
|
||||||
|
# There's no floppy controller, but probing for it generates timeouts
|
||||||
|
echo 'omit_drivers+=" floppy "' > nofloppy.conf
|
||||||
|
popd
|
||||||
|
# Fix the SELinux context of the new files
|
||||||
|
restorecon -f - <<EOF
|
||||||
|
/etc/sudoers.d/vagrant
|
||||||
|
/etc/dracut.conf.d/vmware-fusion-drivers.conf
|
||||||
|
/etc/dracut.conf.d/nofloppy.conf
|
||||||
|
EOF
|
||||||
|
|
||||||
|
# Rerun dracut for the installed kernel (not the running kernel):
|
||||||
|
KERNEL_VERSION=$(rpm -q kernel --qf '%{version}-%{release}.%{arch}\n')
|
||||||
|
dracut -f /boot/initramfs-${KERNEL_VERSION}.img ${KERNEL_VERSION}
|
||||||
|
|
||||||
|
# Seal for deployment
|
||||||
|
rm -rf /etc/ssh/ssh_host_*
|
||||||
|
hostnamectl set-hostname localhost.localdomain
|
||||||
|
rm -rf /etc/udev/rules.d/70-*
|
||||||
|
%end
|
Loading…
Reference in a new issue