From 9b4aab6cc90e480d48f7380880f6489c835cfa4b Mon Sep 17 00:00:00 2001
From: Louis Abel <label@rockylinux.org>
Date: Sun, 28 Aug 2022 22:38:14 -0700
Subject: [PATCH] clean up EC2 kickstart

---
 Rocky-9-EC2.ks | 194 ++++++++++++++++++++++---------------------------
 1 file changed, 85 insertions(+), 109 deletions(-)

diff --git a/Rocky-9-EC2.ks b/Rocky-9-EC2.ks
index 237d73d..f4529cb 100644
--- a/Rocky-9-EC2.ks
+++ b/Rocky-9-EC2.ks
@@ -1,49 +1,85 @@
 text
-auth --enableshadow --passalgo=sha512
-shutdown
-firewall --enabled --service=ssh
-firstboot --disable
-keyboard us
-# System language
 lang en_US.UTF-8
-# Network information
-network  --bootproto=dhcp --device=link --activate --onboot=on
-network  --hostname=localhost.localdomain
-# Root password
-rootpw --iscrypted thereisnopasswordanditslocked
-selinux --enforcing
-services --disabled="kdump" --enabled="NetworkManager,sshd,rsyslog,chronyd,cloud-init,cloud-init-local,cloud-config,cloud-final,rngd"
+keyboard us
 timezone UTC --utc
 # Disk
-bootloader --append="console=ttyS0,115200n8 no_timer_check crashkernel=auto net.ifnames=0 nvme_core.io_timeout=4294967295 nvme_core.max_retries=10" --location=mbr --timeout=1 --boot-drive=vda 
+bootloader --append="console=ttyS0,115200n8 console=tty0 net.ifnames=0 rd.blacklist=nouveau nvme_core.io_timeout=4294967295" --location=mbr --timeout=1
+auth --enableshadow --passalgo=sha512
+selinux --enforcing
+firewall --enabled --service=ssh
+firstboot --disable
+# Network information
+network  --bootproto=dhcp --device=link --activate --onboot=on
+# Root password
+services --disabled="kdump,rhsmcertd" --enabled="NetworkManager,sshd,rsyslog,chronyd,cloud-init,cloud-init-local,cloud-config,cloud-final,rngd"
+rootpw --iscrypted thereisnopasswordanditslocked
+
+# Partition stuff - Should work for x86 and aarch64
 zerombr
 clearpart --all --initlabel 
 reqpart
-part / --fstype="xfs" --ondisk=vda --size=7950
+part / --fstype="xfs" --mkfsoptions "-m bigtime=0,inobtcount=0" --ondisk=vda --size=8000
+shutdown
 
 %pre --erroronfail
 /usr/sbin/parted -s /dev/vda mklabel gpt
 %end
 
+%packages
+@core
+rocky-release
+kernel
+yum-utils
+-aic94xx-firmware
+-alsa-firmware
+-alsa-lib
+-alsa-tools-firmware
+-ivtv-firmware
+-iwl1000-firmware
+-iwl100-firmware
+-iwl105-firmware
+-iwl135-firmware
+-iwl2000-firmware
+-iwl2030-firmware
+-iwl3160-firmware
+-iwl3945-firmware
+-iwl4965-firmware
+-iwl5000-firmware
+-iwl5150-firmware
+-iwl6000-firmware
+-iwl6000g2a-firmware
+-iwl6000g2b-firmware
+-iwl6050-firmware
+-iwl7260-firmware
+-libertas-sd8686-firmware
+-libertas-sd8787-firmware
+-libertas-usb8388-firmware
+
+cloud-init
+cloud-utils-growpart
+gdisk
+dracut-config-generic
+grub2
+firewalld
+
+# some stuff that's missing from core or things we want
+tar
+rsync
+dhcp-client
+NetworkManager
+rng-tools
+
+-biosdevname
+-plymouth
+-iprutils
+-langpacks-*
+-langpacks-en
+%end
+
 %post --erroronfail
 passwd -d root
 passwd -l root
 
-# pvgrub support
-echo -n "Creating grub.conf for pvgrub"
-rootuuid=$( awk '$2=="/" { print $1 };'  /etc/fstab )
-mkdir /boot/grub
-echo -e 'default=0\ntimeout=0\n\n' > /boot/grub/grub.conf
-for kv in $( ls -1v /boot/vmlinuz* |grep -v rescue |sed s/.*vmlinuz-//  ); do
-  echo "title Rocky Linux 8 ($kv)" >> /boot/grub/grub.conf
-  echo -e "\troot (hd0)" >> /boot/grub/grub.conf
-  echo -e "\tkernel /boot/vmlinuz-$kv ro root=$rootuuid console=hvc0 LANG=en_US.UTF-8" >> /boot/grub/grub.conf
-  echo -e "\tinitrd /boot/initramfs-$kv.img" >> /boot/grub/grub.conf
-  echo
-done
-ln -sf grub.conf /boot/grub/menu.lst
-ln -sf /boot/grub/grub.conf /etc/grub.conf
-
 # setup systemd to boot to the right runlevel
 rm -f /etc/systemd/system/default.target
 ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
@@ -63,6 +99,9 @@ NETWORKING=yes
 NOZEROCONF=yes
 EOF
 
+# this should *really* be an empty file - gotta make anaconda happy
+truncate -s 0 /etc/resolv.conf
+
 # For cloud images, 'eth0' _is_ the predictable device name, since
 # we don't want to be tied to specific virtual (!) hardware
 rm -f /etc/udev/rules.d/70*
@@ -80,8 +119,6 @@ IPV6INIT="no"
 PERSISTENT_DHCLIENT="1"
 EOF
 
-echo "virtual-guest" > /etc/tuned/active_profile
-
 # generic localhost names
 cat > /etc/hosts << EOF
 127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
@@ -90,8 +127,6 @@ cat > /etc/hosts << EOF
 EOF
 echo .
 
-systemctl mask tmp.mount
-
 cat <<EOL > /etc/sysconfig/kernel
 # UPDATEDEFAULT specifies if new-kernel-pkg should make
 # new kernels the default
@@ -104,23 +139,24 @@ EOL
 # make sure firstboot doesn't start
 echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot
 
+if ! grep -q growpart /etc/cloud/cloud.cfg; then
+  sed -i 's/ - resizefs/ - growpart\n - resizefs/' /etc/cloud/cloud.cfg
+fi
+
 # rocky cloud user
-echo -e 'rocky\tALL=(ALL)\tNOPASSWD: ALL' >> /etc/sudoers
 sed -i 's/name: cloud-user/name: rocky/g' /etc/cloud/cloud.cfg
+echo -e 'rocky\tALL=(ALL)\tNOPASSWD: ALL' >> /etc/sudoers
+
+# this shouldn't be the case, but we'll do it anyway
+sed -i 's|^enabled=1|enabled=0|' /etc/yum/pluginconf.d/product-id.conf
+sed -i 's|^enabled=1|enabled=0|' /etc/yum/pluginconf.d/subscription-manager.conf
 
 dnf clean all
+truncate -c -s 0 /var/log/dnf.log
 
 # XXX instance type markers - MUST match Rocky Infra expectation
 echo 'ec2' > /etc/yum/vars/infra
 
-# change dhcp client retry/timeouts to resolve #69.0
-cat  >> /etc/dhcp/dhclient.conf << EOF
-
-timeout 300;
-retry 60;
-EOF
-
-
 rm -rf /var/log/yum.log
 rm -rf /var/lib/yum/*
 rm -rf /root/install.log
@@ -128,11 +164,6 @@ rm -rf /root/install.log.syslog
 rm -rf /root/anaconda-ks.cfg
 rm -rf /var/log/anaconda*
 
-rm -f /var/lib/systemd/random-seed
-
-cat /dev/null > /etc/machine-id
-
-echo "Fixing SELinux contexts."
 touch /var/log/cron
 touch /var/log/boot.log
 mkdir -p /var/cache/yum
@@ -148,73 +179,18 @@ EOL
 # enable resizing on copied AMIs
 echo 'install_items+=" sgdisk "' > /etc/dracut.conf.d/sgdisk.conf
 
-echo 'add_drivers+="xen-netfront xen-blkfront "' > /etc/dracut.conf.d/xen.conf
+echo 'add_drivers+=" xen-netfront xen-blkfront "' > /etc/dracut.conf.d/xen.conf
 # Rerun dracut for the installed kernel (not the running kernel):
 KERNEL_VERSION=$(rpm -q kernel --qf '%{V}-%{R}.%{arch}\n')
 dracut -f /boot/initramfs-$KERNEL_VERSION.img $KERNEL_VERSION
 
+cat /dev/null > /etc/machine-id
 
-# reorder console entries
-sed -i 's/console=tty0/console=tty0 console=ttyS0,115200n8/' /boot/grub2/grub.cfg
+cat >> /etc/chrony.conf << EOF
 
-true
+# Amazon Time Sync Service
+server 169.254.169.123 prefer iburst minpoll 4 maxpoll 4
+EOF
 
 %end
 
-%packages
-@core
-chrony
-dnf
-yum
-cloud-init
-cloud-utils-growpart
-NetworkManager
-dracut-config-generic
-firewalld
-gdisk
-grub2
-kernel
-nfs-utils
-rsync
-tar
-dnf-utils
-yum-utils
--aic94xx-firmware
--alsa-firmware
--alsa-lib
--alsa-tools-firmware
--ivtv-firmware
--iwl100-firmware
--iwl1000-firmware
--iwl105-firmware
--iwl135-firmware
--iwl2000-firmware
--iwl2030-firmware
--iwl3160-firmware
--iwl3945-firmware
--iwl4965-firmware
--iwl5000-firmware
--iwl5150-firmware
--iwl6000-firmware
--iwl6000g2a-firmware
--iwl6000g2b-firmware
--iwl6050-firmware
--iwl7260-firmware
--libertas-sd8686-firmware
--libertas-sd8787-firmware
--libertas-usb8388-firmware
--biosdevname
--iprutils
--plymouth
-
-python3-jsonschema
-qemu-guest-agent
-dhcp-client
-cockpit-ws
-cockpit-system
--langpacks-*
--langpacks-en
-
-rocky-release
-rng-tools
-%end