template out various images for r8

This commit is contained in:
Louis Abel 2022-11-22 10:59:32 -07:00
parent fe05feaf54
commit d87d62e00f
Signed by: label
GPG Key ID: B37E62D143879B36
23 changed files with 2020 additions and 0 deletions

215
cloud/rocky-azure-base.ks Normal file
View File

@ -0,0 +1,215 @@
%include rocky-cloud-base.ks
%include rocky-cloud-parts-base.ks
%include rocky-cloud-azure-packages.ks
bootloader --append="rootdelay=300 console=ttyS0 earlyprintk=ttyS0 no_timer_check crashkernel=auto net.ifnames=0" --location=mbr --timeout=1
%post --erroronfail
passwd -d root
passwd -l root
# Attempting to force legacy BIOS boot if we boot from UEFI
# This was backported from our 9 kickstarts to address some issues.
if [ "$(arch)" = "x86_64" ]; then
dnf install grub2-pc-modules grub2-pc -y
grub2-install --target=i386-pc /dev/vda
fi
# Ensure that the pmbr_boot flag is off
parted /dev/vda disk_set pmbr_boot off
###
# Common Cloud Tweaks
###
# setup systemd to boot to the right runlevel
rm -f /etc/systemd/system/default.target
ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
echo .
# remove linux-firmware as we're virt and it's half a gig
dnf -C -y remove linux-firmware
# Remove firewalld; it is required to be present for install/image building.
# but we dont ship it in cloud
dnf -C -y remove firewalld --setopt="clean_requirements_on_remove=1"
dnf -C -y remove avahi\*
sed -i '/^#NAutoVTs=.*/ a\
NAutoVTs=0' /etc/systemd/logind.conf
echo "virtual-guest" > /etc/tuned/active_profile
###
# Networking Changes
###
# For cloud images, 'eth0' _is_ the predictable device name, since
# we don't want to be tied to specific virtual (!) hardware
rm -f /etc/udev/rules.d/70*
ln -s /dev/null /etc/udev/rules.d/80-net-name-slot.rules
# simple eth0 config, again not hard-coded to the build hardware
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=dhcp
TYPE=Ethernet
USERCTL=no
PEERDNS=yes
IPV6INIT=no
NM_CONTROLLED=yes
IPV4_DHCP_TIMEOUT=300
EOF
cat << EOF | tee -a /etc/NetworkManager/conf.d/dhcp-timeout.conf
# Configure dhcp timeout to 300s by default
[connection]
ipv4.dhcp-timeout=300
EOF
cat > /etc/sysconfig/network << EOF
NETWORKING=yes
NOZEROCONF=yes
EOF
# Remove build-time resolvers to fix #16948
echo > /etc/resolv.conf
# generic localhost names
cat > /etc/hosts << EOF
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
EOF
echo .
###
# Services
###
systemctl mask tmp.mount
###
# azure
###
# Setup WALinux Agent
dnf -y install WALinuxAgent
systemctl enable waagent
# Configure waagent for cloud-init
sed -i 's/Provisioning.UseCloudInit=n/Provisioning.UseCloudInit=y/g' /etc/waagent.conf
sed -i 's/Provisioning.Enabled=y/Provisioning.Enabled=n/g' /etc/waagent.conf
# Azure: handle sr-iov and networkmanaeger
cat << EOF | tee -a /etc/udev/rules.d/68-azure-sriov-nm-unmanaged.rules
# Accelerated Networking on Azure exposes a new SRIOV interface to the VM.
# This interface is transparently bonded to the synthetic interface,
# so NetworkManager should just ignore any SRIOV interfaces.
SUBSYSTEM=="net", DRIVERS=="hv_pci", ACTION=="add", ENV{NM_UNMANAGED}="1"
EOF
# Azure: Time sync for linux
## Setup udev rule for ptp_hyperv
cat << EOF | tee -a /etc/udev/rules.d/98-hyperv-ptp.rules
## See: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/time-sync#check-for-ptp-clock-source
SUBSYSTEM=="ptp", ATTR{clock_name}=="hyperv", SYMLINK += "ptp_hyperv"
EOF
# Configure chrony to use ptp_hyperv
cat << EOF | tee -a /etc/chrony.conf
# Setup hyperv PTP device as refclock
refclock PHC /dev/ptp_hyperv poll 3 dpoll -2 offset 0 stratum 2
EOF
# Azure: Blacklist modules
cat << EOF | tee -a /etc/modprobe.d/azure-blacklist.conf
blacklist amdgpu
blacklist nouveau
blacklist radeon
EOF
# Azure: cloud-init customizations for Hyperv
cat << EOF | tee /etc/cloud/cloud.cfg.d/10-azure-kvp.cfg
# Enable logging to the Hyper-V kvp in Azure
reporting:
logging:
type: log
telemetry:
type: hyperv
EOF
###
# Kernel and Drivers
###
# Add drivers when building in VMWare, Vbox, or KVM (KVM)
cat << EOF | tee -a /etc/dracut.conf.d/80-azure.conf
add_drivers+=" hv_vmbus hv_netvsc hv_storvsc "
EOF
dracut -f -v
cat <<EOL > /etc/sysconfig/kernel
# UPDATEDEFAULT specifies if new-kernel-pkg should make
# new kernels the default
UPDATEDEFAULT=yes
# DEFAULTKERNEL specifies the default kernel package type
DEFAULTKERNEL=kernel
EOL
# make sure firstboot doesn't start
echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot
# rocky cloud user
echo -e 'rocky\tALL=(ALL)\tNOPASSWD: ALL' >> /etc/sudoers
sed -i 's/name: cloud-user/name: rocky/g' /etc/cloud/cloud.cfg
dnf clean all
# XXX instance type markers - MUST match Rocky Infra expectation
echo 'azure' > /etc/yum/vars/infra
# change dhcp client retry/timeouts to resolve #6866
###
# Cleanup
###
###
# Azure Cleanup
###
sudo rm -f /var/log/waagent.log
sudo cloud-init clean
waagent -force -deprovision+user
# Commont cleanup
rm -f ~/.bash_history
export HISTSIZE=0
rm -f /var/lib/systemd/random-seed
rm -rf /root/anaconda-ks.cfg
rm -rf /root/install.log
rm -rf /root/install.log.syslog
rm -rf /var/lib/yum/*
rm -rf /var/log/anaconda*
rm -rf /var/log/yum.log
# Wipe machineid
cat /dev/null > /etc/machine-id
# Fix selinux
touch /var/log/cron
touch /var/log/boot.log
mkdir -p /var/cache/yum
/usr/sbin/fixfiles -R -a restore
true
%end

215
cloud/rocky-azure-lvm.ks Normal file
View File

@ -0,0 +1,215 @@
%include rocky-cloud-base.ks
%include rocky-cloud-parts-lvm.ks
%include rocky-cloud-azure-packages.ks
bootloader --append="rootdelay=300 console=ttyS0 earlyprintk=ttyS0 no_timer_check crashkernel=auto net.ifnames=0" --location=mbr --timeout=1
%post --erroronfail
passwd -d root
passwd -l root
# Attempting to force legacy BIOS boot if we boot from UEFI
# This was backported from our 9 kickstarts to address some issues.
if [ "$(arch)" = "x86_64" ]; then
dnf install grub2-pc-modules grub2-pc -y
grub2-install --target=i386-pc /dev/vda
fi
# Ensure that the pmbr_boot flag is off
parted /dev/vda disk_set pmbr_boot off
###
# Common Cloud Tweaks
###
# setup systemd to boot to the right runlevel
rm -f /etc/systemd/system/default.target
ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
echo .
# remove linux-firmware as we're virt and it's half a gig
dnf -C -y remove linux-firmware
# Remove firewalld; it is required to be present for install/image building.
# but we dont ship it in cloud
dnf -C -y remove firewalld --setopt="clean_requirements_on_remove=1"
dnf -C -y remove avahi\*
sed -i '/^#NAutoVTs=.*/ a\
NAutoVTs=0' /etc/systemd/logind.conf
echo "virtual-guest" > /etc/tuned/active_profile
###
# Networking Changes
###
# For cloud images, 'eth0' _is_ the predictable device name, since
# we don't want to be tied to specific virtual (!) hardware
rm -f /etc/udev/rules.d/70*
ln -s /dev/null /etc/udev/rules.d/80-net-name-slot.rules
# simple eth0 config, again not hard-coded to the build hardware
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=dhcp
TYPE=Ethernet
USERCTL=no
PEERDNS=yes
IPV6INIT=no
NM_CONTROLLED=yes
IPV4_DHCP_TIMEOUT=300
EOF
cat << EOF | tee -a /etc/NetworkManager/conf.d/dhcp-timeout.conf
# Configure dhcp timeout to 300s by default
[connection]
ipv4.dhcp-timeout=300
EOF
cat > /etc/sysconfig/network << EOF
NETWORKING=yes
NOZEROCONF=yes
EOF
# Remove build-time resolvers to fix #16948
echo > /etc/resolv.conf
# generic localhost names
cat > /etc/hosts << EOF
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
EOF
echo .
###
# Services
###
systemctl mask tmp.mount
###
# azure
###
# Setup WALinux Agent
dnf -y install WALinuxAgent
systemctl enable waagent
# Configure waagent for cloud-init
sed -i 's/Provisioning.UseCloudInit=n/Provisioning.UseCloudInit=y/g' /etc/waagent.conf
sed -i 's/Provisioning.Enabled=y/Provisioning.Enabled=n/g' /etc/waagent.conf
# Azure: handle sr-iov and networkmanaeger
cat << EOF | tee -a /etc/udev/rules.d/68-azure-sriov-nm-unmanaged.rules
# Accelerated Networking on Azure exposes a new SRIOV interface to the VM.
# This interface is transparently bonded to the synthetic interface,
# so NetworkManager should just ignore any SRIOV interfaces.
SUBSYSTEM=="net", DRIVERS=="hv_pci", ACTION=="add", ENV{NM_UNMANAGED}="1"
EOF
# Azure: Time sync for linux
## Setup udev rule for ptp_hyperv
cat << EOF | tee -a /etc/udev/rules.d/98-hyperv-ptp.rules
## See: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/time-sync#check-for-ptp-clock-source
SUBSYSTEM=="ptp", ATTR{clock_name}=="hyperv", SYMLINK += "ptp_hyperv"
EOF
# Configure chrony to use ptp_hyperv
cat << EOF | tee -a /etc/chrony.conf
# Setup hyperv PTP device as refclock
refclock PHC /dev/ptp_hyperv poll 3 dpoll -2 offset 0 stratum 2
EOF
# Azure: Blacklist modules
cat << EOF | tee -a /etc/modprobe.d/azure-blacklist.conf
blacklist amdgpu
blacklist nouveau
blacklist radeon
EOF
# Azure: cloud-init customizations for Hyperv
cat << EOF | tee /etc/cloud/cloud.cfg.d/10-azure-kvp.cfg
# Enable logging to the Hyper-V kvp in Azure
reporting:
logging:
type: log
telemetry:
type: hyperv
EOF
###
# Kernel and Drivers
###
# Add drivers when building in VMWare, Vbox, or KVM (KVM)
cat << EOF | tee -a /etc/dracut.conf.d/80-azure.conf
add_drivers+=" hv_vmbus hv_netvsc hv_storvsc "
EOF
dracut -f -v
cat <<EOL > /etc/sysconfig/kernel
# UPDATEDEFAULT specifies if new-kernel-pkg should make
# new kernels the default
UPDATEDEFAULT=yes
# DEFAULTKERNEL specifies the default kernel package type
DEFAULTKERNEL=kernel
EOL
# make sure firstboot doesn't start
echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot
# rocky cloud user
echo -e 'rocky\tALL=(ALL)\tNOPASSWD: ALL' >> /etc/sudoers
sed -i 's/name: cloud-user/name: rocky/g' /etc/cloud/cloud.cfg
dnf clean all
# XXX instance type markers - MUST match Rocky Infra expectation
echo 'azure' > /etc/yum/vars/infra
# change dhcp client retry/timeouts to resolve #6866
###
# Cleanup
###
###
# Azure Cleanup
###
sudo rm -f /var/log/waagent.log
sudo cloud-init clean
waagent -force -deprovision+user
# Commont cleanup
rm -f ~/.bash_history
export HISTSIZE=0
rm -f /var/lib/systemd/random-seed
rm -rf /root/anaconda-ks.cfg
rm -rf /root/install.log
rm -rf /root/install.log.syslog
rm -rf /var/lib/yum/*
rm -rf /var/log/anaconda*
rm -rf /var/log/yum.log
# Wipe machineid
cat /dev/null > /etc/machine-id
# Fix selinux
touch /var/log/cron
touch /var/log/boot.log
mkdir -p /var/cache/yum
/usr/sbin/fixfiles -R -a restore
true
%end

View File

@ -0,0 +1,62 @@
%packages
@core
chrony
dnf
yum
cloud-init
cloud-utils-growpart
NetworkManager
dracut-config-generic
dracut-norescue
firewalld
gdisk
grub2
kernel
nfs-utils
rsync
tar
dnf-utils
yum-utils
-aic94xx-firmware
-alsa-firmware
-alsa-lib
-alsa-tools-firmware
-ivtv-firmware
-iwl100-firmware
-iwl1000-firmware
-iwl105-firmware
-iwl135-firmware
-iwl2000-firmware
-iwl2030-firmware
-iwl3160-firmware
-iwl3945-firmware
-iwl4965-firmware
-iwl5000-firmware
-iwl5150-firmware
-iwl6000-firmware
-iwl6000g2a-firmware
-iwl6000g2b-firmware
-iwl6050-firmware
-iwl7260-firmware
-libertas-sd8686-firmware
-libertas-sd8787-firmware
-libertas-usb8388-firmware
-biosdevname
-iprutils
-plymouth
python3-jsonschema
qemu-guest-agent
dhcp-client
cockpit-ws
cockpit-system
-langpacks-*
-langpacks-en
rocky-release
rng-tools
WALinuxAgent
hyperv-daemons
%end

View File

@ -0,0 +1,58 @@
%packages
@core
chrony
dnf
yum
cloud-init
cloud-utils-growpart
NetworkManager
dracut-config-generic
dracut-norescue
firewalld
gdisk
grub2
kernel
nfs-utils
rsync
tar
dnf-utils
yum-utils
-aic94xx-firmware
-alsa-firmware
-alsa-lib
-alsa-tools-firmware
-ivtv-firmware
-iwl100-firmware
-iwl1000-firmware
-iwl105-firmware
-iwl135-firmware
-iwl2000-firmware
-iwl2030-firmware
-iwl3160-firmware
-iwl3945-firmware
-iwl4965-firmware
-iwl5000-firmware
-iwl5150-firmware
-iwl6000-firmware
-iwl6000g2a-firmware
-iwl6000g2b-firmware
-iwl6050-firmware
-iwl7260-firmware
-libertas-sd8686-firmware
-libertas-sd8787-firmware
-libertas-usb8388-firmware
-biosdevname
-iprutils
-plymouth
python3-jsonschema
qemu-guest-agent
dhcp-client
cockpit-ws
cockpit-system
-langpacks-*
-langpacks-en
rocky-release
rng-tools
%end

17
cloud/rocky-cloud-base.ks Normal file
View File

@ -0,0 +1,17 @@
text
lang en_US.UTF-8
keyboard us
timezone UTC --isUtc
# Disk
auth --enableshadow --passalgo=sha512
selinux --enforcing
firewall --enabled --service=ssh
firstboot --disable
# Network information
network --bootproto=dhcp --device=link --activate --onboot=on
network --hostname=localhost.localdomain
# Root password
services --disabled="kdump" --enabled="NetworkManager,sshd,rsyslog,chronyd,cloud-init,cloud-init-local,cloud-config,cloud-final,rngd"
rootpw --iscrypted thereisnopasswordanditslocked
url --url https://download.rockylinux.org/stg/rocky/8/BaseOS/$basearch/os/
shutdown

View File

@ -0,0 +1,58 @@
%packages
@core
chrony
cloud-init
cloud-utils-growpart
cockpit-system
cockpit-ws
dhcp-client
dnf
dnf-utils
dracut-config-generic
firewalld
gdisk
grub2
iscsi-initiator-utils
kernel
NetworkManager
nfs-utils
oci-utils
python3-jsonschema
qemu-guest-agent
rng-tools
rocky-release
rsync
tar
yum
yum-utils
-aic94xx-firmware
-alsa-firmware
-alsa-lib
-alsa-tools-firmware
-biosdevname
-iprutils
-ivtv-firmware
-iwl100-firmware
-iwl1000-firmware
-iwl105-firmware
-iwl135-firmware
-iwl2000-firmware
-iwl2030-firmware
-iwl3160-firmware
-iwl3945-firmware
-iwl4965-firmware
-iwl5000-firmware
-iwl5150-firmware
-iwl6000-firmware
-iwl6000g2a-firmware
-iwl6000g2b-firmware
-iwl6050-firmware
-iwl7260-firmware
-langpacks-*
-langpacks-en
-libertas-sd8686-firmware
-libertas-sd8787-firmware
-libertas-usb8388-firmware
-plymouth
%end

View File

@ -0,0 +1,6 @@
zerombr
clearpart --all --initlabel --disklabel=gpt
part biosboot --size=1 --fstype=biosboot --asprimary
part /boot/efi --size=100 --fstype=efi --asprimary
part /boot --size=1000 --fstype=xfs --asprimary --label=boot
part / --size=8000 --fstype="xfs" --mkfsoptions "-m bigtime=0,inobtcount=0" --grow

View File

@ -0,0 +1,8 @@
zerombr
clearpart --all --initlabel --disklabel=gpt
part biosboot --size=1 --fstype=biosboot --asprimary
part /boot/efi --size=100 --fstype=efi --asprimary
part /boot --size=1000 --fstype=xfs --asprimary --label=boot
part pv.01 --size=1 --ondisk=vda --asprimary --grow
volgroup rocky pv.01
logvol / --vgname=rocky --size=8000 --name=root --grow

136
cloud/rocky-ec2-base.ks Normal file
View File

@ -0,0 +1,136 @@
%include rocky-cloud-base.ks
%include rocky-cloud-parts-base.ks
%include rocky-cloud-base-packages.ks
bootloader --append="console=ttyS0,115200n8 no_timer_check crashkernel=auto net.ifnames=0 nvme_core.io_timeout=4294967295 nvme_core.max_retries=10" --location=mbr --timeout=1
%post --erroronfail
passwd -d root
passwd -l root
# Attempting to force legacy BIOS boot if we boot from UEFI
# This was backported from our 9 kickstarts to address some issues.
if [ "$(arch)" = "x86_64" ]; then
dnf install grub2-pc-modules grub2-pc -y
grub2-install --target=i386-pc /dev/vda
fi
# Ensure that the pmbr_boot flag is off
parted /dev/vda disk_set pmbr_boot off
# setup systemd to boot to the right runlevel
rm -f /etc/systemd/system/default.target
ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
echo .
dnf -C -y remove linux-firmware
# Remove firewalld; it is required to be present for install/image building.
# but we dont ship it in cloud
dnf -C -y remove firewalld --setopt="clean_requirements_on_remove=1"
dnf -C -y remove avahi\*
sed -i '/^#NAutoVTs=.*/ a\
NAutoVTs=0' /etc/systemd/logind.conf
cat > /etc/sysconfig/network << EOF
NETWORKING=yes
NOZEROCONF=yes
EOF
# For cloud images, 'eth0' _is_ the predictable device name, since
# we don't want to be tied to specific virtual (!) hardware
rm -f /etc/udev/rules.d/70*
ln -s /dev/null /etc/udev/rules.d/80-net-name-slot.rules
# simple eth0 config, again not hard-coded to the build hardware
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
DEVICE="eth0"
BOOTPROTO="dhcp"
ONBOOT="yes"
TYPE="Ethernet"
USERCTL="yes"
PEERDNS="yes"
IPV6INIT="no"
PERSISTENT_DHCLIENT="1"
EOF
echo "virtual-guest" > /etc/tuned/active_profile
# generic localhost names
cat > /etc/hosts << EOF
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
EOF
echo .
systemctl mask tmp.mount
cat <<EOL > /etc/sysconfig/kernel
# UPDATEDEFAULT specifies if new-kernel-pkg should make
# new kernels the default
UPDATEDEFAULT=yes
# DEFAULTKERNEL specifies the default kernel package type
DEFAULTKERNEL=kernel
EOL
# make sure firstboot doesn't start
echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot
# rocky cloud user
echo -e 'rocky\tALL=(ALL)\tNOPASSWD: ALL' >> /etc/sudoers
sed -i 's/name: cloud-user/name: rocky/g' /etc/cloud/cloud.cfg
dnf clean all
# XXX instance type markers - MUST match Rocky Infra expectation
echo 'ec2' > /etc/yum/vars/infra
# change dhcp client retry/timeouts to resolve #6866
cat >> /etc/dhcp/dhclient.conf << EOF
timeout 300;
retry 60;
EOF
rm -rf /var/log/yum.log
rm -rf /var/lib/yum/*
rm -rf /root/install.log
rm -rf /root/install.log.syslog
rm -rf /root/anaconda-ks.cfg
rm -rf /var/log/anaconda*
rm -f /var/lib/systemd/random-seed
cat /dev/null > /etc/machine-id
echo "Fixing SELinux contexts."
touch /var/log/cron
touch /var/log/boot.log
mkdir -p /var/cache/yum
/usr/sbin/fixfiles -R -a restore
# remove these for ec2 debugging
sed -i -e 's/ rhgb quiet//' /boot/grub/grub.conf
cat > /etc/modprobe.d/blacklist-nouveau.conf << EOL
blacklist nouveau
EOL
# enable resizing on copied AMIs
echo 'install_items+=" sgdisk "' > /etc/dracut.conf.d/sgdisk.conf
echo 'add_drivers+="xen-netfront xen-blkfront "' > /etc/dracut.conf.d/xen.conf
# Rerun dracut for the installed kernel (not the running kernel):
KERNEL_VERSION=$(rpm -q kernel --qf '%{V}-%{R}.%{arch}\n')
dracut -f /boot/initramfs-$KERNEL_VERSION.img $KERNEL_VERSION
# reorder console entries
sed -i 's/console=tty0/console=tty0 console=ttyS0,115200n8/' /boot/grub2/grub.cfg
true
%end

136
cloud/rocky-ec2-lvm.ks Normal file
View File

@ -0,0 +1,136 @@
%include rocky-cloud-base.ks
%include rocky-cloud-parts-lvm.ks
%include rocky-cloud-base-packages.ks
bootloader --append="console=ttyS0,115200n8 no_timer_check crashkernel=auto net.ifnames=0 nvme_core.io_timeout=4294967295 nvme_core.max_retries=10" --location=mbr --timeout=1
%post --erroronfail
passwd -d root
passwd -l root
# Attempting to force legacy BIOS boot if we boot from UEFI
# This was backported from our 9 kickstarts to address some issues.
if [ "$(arch)" = "x86_64" ]; then
dnf install grub2-pc-modules grub2-pc -y
grub2-install --target=i386-pc /dev/vda
fi
# Ensure that the pmbr_boot flag is off
parted /dev/vda disk_set pmbr_boot off
# setup systemd to boot to the right runlevel
rm -f /etc/systemd/system/default.target
ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
echo .
dnf -C -y remove linux-firmware
# Remove firewalld; it is required to be present for install/image building.
# but we dont ship it in cloud
dnf -C -y remove firewalld --setopt="clean_requirements_on_remove=1"
dnf -C -y remove avahi\*
sed -i '/^#NAutoVTs=.*/ a\
NAutoVTs=0' /etc/systemd/logind.conf
cat > /etc/sysconfig/network << EOF
NETWORKING=yes
NOZEROCONF=yes
EOF
# For cloud images, 'eth0' _is_ the predictable device name, since
# we don't want to be tied to specific virtual (!) hardware
rm -f /etc/udev/rules.d/70*
ln -s /dev/null /etc/udev/rules.d/80-net-name-slot.rules
# simple eth0 config, again not hard-coded to the build hardware
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
DEVICE="eth0"
BOOTPROTO="dhcp"
ONBOOT="yes"
TYPE="Ethernet"
USERCTL="yes"
PEERDNS="yes"
IPV6INIT="no"
PERSISTENT_DHCLIENT="1"
EOF
echo "virtual-guest" > /etc/tuned/active_profile
# generic localhost names
cat > /etc/hosts << EOF
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
EOF
echo .
systemctl mask tmp.mount
cat <<EOL > /etc/sysconfig/kernel
# UPDATEDEFAULT specifies if new-kernel-pkg should make
# new kernels the default
UPDATEDEFAULT=yes
# DEFAULTKERNEL specifies the default kernel package type
DEFAULTKERNEL=kernel
EOL
# make sure firstboot doesn't start
echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot
# rocky cloud user
echo -e 'rocky\tALL=(ALL)\tNOPASSWD: ALL' >> /etc/sudoers
sed -i 's/name: cloud-user/name: rocky/g' /etc/cloud/cloud.cfg
dnf clean all
# XXX instance type markers - MUST match Rocky Infra expectation
echo 'ec2' > /etc/yum/vars/infra
# change dhcp client retry/timeouts to resolve #6866
cat >> /etc/dhcp/dhclient.conf << EOF
timeout 300;
retry 60;
EOF
rm -rf /var/log/yum.log
rm -rf /var/lib/yum/*
rm -rf /root/install.log
rm -rf /root/install.log.syslog
rm -rf /root/anaconda-ks.cfg
rm -rf /var/log/anaconda*
rm -f /var/lib/systemd/random-seed
cat /dev/null > /etc/machine-id
echo "Fixing SELinux contexts."
touch /var/log/cron
touch /var/log/boot.log
mkdir -p /var/cache/yum
/usr/sbin/fixfiles -R -a restore
# remove these for ec2 debugging
sed -i -e 's/ rhgb quiet//' /boot/grub/grub.conf
cat > /etc/modprobe.d/blacklist-nouveau.conf << EOL
blacklist nouveau
EOL
# enable resizing on copied AMIs
echo 'install_items+=" sgdisk "' > /etc/dracut.conf.d/sgdisk.conf
echo 'add_drivers+="xen-netfront xen-blkfront "' > /etc/dracut.conf.d/xen.conf
# Rerun dracut for the installed kernel (not the running kernel):
KERNEL_VERSION=$(rpm -q kernel --qf '%{V}-%{R}.%{arch}\n')
dracut -f /boot/initramfs-$KERNEL_VERSION.img $KERNEL_VERSION
# reorder console entries
sed -i 's/console=tty0/console=tty0 console=ttyS0,115200n8/' /boot/grub2/grub.cfg
true
%end

123
cloud/rocky-genclo-base.ks Normal file
View File

@ -0,0 +1,123 @@
%include rocky-cloud-base.ks
%include rocky-cloud-parts-base.ks
%include rocky-cloud-base-packages.ks
bootloader --append="console=ttyS0,115200n8 no_timer_check crashkernel=auto net.ifnames=0" --location=mbr --timeout=1
%post --erroronfail
passwd -d root
passwd -l root
# Attempting to force legacy BIOS boot if we boot from UEFI
# This was backported from our 9 kickstarts to address some issues.
if [ "$(arch)" = "x86_64" ]; then
dnf install grub2-pc-modules grub2-pc -y
grub2-install --target=i386-pc /dev/vda
fi
# Ensure that the pmbr_boot flag is off
parted /dev/vda disk_set pmbr_boot off
# setup systemd to boot to the right runlevel
rm -f /etc/systemd/system/default.target
ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
echo .
dnf -C -y remove linux-firmware
# Remove firewalld; it is required to be present for install/image building.
# but we dont ship it in cloud
dnf -C -y remove firewalld --setopt="clean_requirements_on_remove=1"
dnf -C -y remove avahi\*
sed -i '/^#NAutoVTs=.*/ a\
NAutoVTs=0' /etc/systemd/logind.conf
cat > /etc/sysconfig/network << EOF
NETWORKING=yes
NOZEROCONF=yes
EOF
# Remove build-time resolvers to fix #16948
echo > /etc/resolv.conf
# For cloud images, 'eth0' _is_ the predictable device name, since
# we don't want to be tied to specific virtual (!) hardware
rm -f /etc/udev/rules.d/70*
ln -s /dev/null /etc/udev/rules.d/80-net-name-slot.rules
# simple eth0 config, again not hard-coded to the build hardware
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
DEVICE="eth0"
BOOTPROTO="dhcp"
ONBOOT="yes"
TYPE="Ethernet"
USERCTL="yes"
PEERDNS="yes"
IPV6INIT="no"
PERSISTENT_DHCLIENT="1"
EOF
echo "virtual-guest" > /etc/tuned/active_profile
# generic localhost names
cat > /etc/hosts << EOF
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
EOF
echo .
systemctl mask tmp.mount
cat <<EOL > /etc/sysconfig/kernel
# UPDATEDEFAULT specifies if new-kernel-pkg should make
# new kernels the default
UPDATEDEFAULT=yes
# DEFAULTKERNEL specifies the default kernel package type
DEFAULTKERNEL=kernel
EOL
# make sure firstboot doesn't start
echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot
# rocky cloud user
echo -e 'rocky\tALL=(ALL)\tNOPASSWD: ALL' >> /etc/sudoers
sed -i 's/name: cloud-user/name: rocky/g' /etc/cloud/cloud.cfg
dnf clean all
# XXX instance type markers - MUST match Rocky Infra expectation
echo 'genclo' > /etc/yum/vars/infra
# change dhcp client retry/timeouts to resolve #6866
cat >> /etc/dhcp/dhclient.conf << EOF
timeout 300;
retry 60;
EOF
rm -rf /var/log/yum.log
rm -rf /var/lib/yum/*
rm -rf /root/install.log
rm -rf /root/install.log.syslog
rm -rf /root/anaconda-ks.cfg
rm -rf /var/log/anaconda*
rm -f /var/lib/systemd/random-seed
cat /dev/null > /etc/machine-id
echo "Fixing SELinux contexts."
touch /var/log/cron
touch /var/log/boot.log
mkdir -p /var/cache/yum
/usr/sbin/fixfiles -R -a restore
# reorder console entries
sed -i 's/console=tty0/console=tty0 console=ttyS0,115200n8/' /boot/grub2/grub.cfg
true
%end

123
cloud/rocky-genclo-lvm.ks Normal file
View File

@ -0,0 +1,123 @@
%include rocky-cloud-base.ks
%include rocky-cloud-parts-lvm.ks
%include rocky-cloud-base-packages.ks
bootloader --append="console=ttyS0,115200n8 no_timer_check crashkernel=auto net.ifnames=0" --location=mbr --timeout=1
%post --erroronfail
passwd -d root
passwd -l root
# Attempting to force legacy BIOS boot if we boot from UEFI
# This was backported from our 9 kickstarts to address some issues.
if [ "$(arch)" = "x86_64" ]; then
dnf install grub2-pc-modules grub2-pc -y
grub2-install --target=i386-pc /dev/vda
fi
# Ensure that the pmbr_boot flag is off
parted /dev/vda disk_set pmbr_boot off
# setup systemd to boot to the right runlevel
rm -f /etc/systemd/system/default.target
ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
echo .
dnf -C -y remove linux-firmware
# Remove firewalld; it is required to be present for install/image building.
# but we dont ship it in cloud
dnf -C -y remove firewalld --setopt="clean_requirements_on_remove=1"
dnf -C -y remove avahi\*
sed -i '/^#NAutoVTs=.*/ a\
NAutoVTs=0' /etc/systemd/logind.conf
cat > /etc/sysconfig/network << EOF
NETWORKING=yes
NOZEROCONF=yes
EOF
# Remove build-time resolvers to fix #16948
echo > /etc/resolv.conf
# For cloud images, 'eth0' _is_ the predictable device name, since
# we don't want to be tied to specific virtual (!) hardware
rm -f /etc/udev/rules.d/70*
ln -s /dev/null /etc/udev/rules.d/80-net-name-slot.rules
# simple eth0 config, again not hard-coded to the build hardware
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
DEVICE="eth0"
BOOTPROTO="dhcp"
ONBOOT="yes"
TYPE="Ethernet"
USERCTL="yes"
PEERDNS="yes"
IPV6INIT="no"
PERSISTENT_DHCLIENT="1"
EOF
echo "virtual-guest" > /etc/tuned/active_profile
# generic localhost names
cat > /etc/hosts << EOF
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
EOF
echo .
systemctl mask tmp.mount
cat <<EOL > /etc/sysconfig/kernel
# UPDATEDEFAULT specifies if new-kernel-pkg should make
# new kernels the default
UPDATEDEFAULT=yes
# DEFAULTKERNEL specifies the default kernel package type
DEFAULTKERNEL=kernel
EOL
# make sure firstboot doesn't start
echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot
# rocky cloud user
echo -e 'rocky\tALL=(ALL)\tNOPASSWD: ALL' >> /etc/sudoers
sed -i 's/name: cloud-user/name: rocky/g' /etc/cloud/cloud.cfg
dnf clean all
# XXX instance type markers - MUST match Rocky Infra expectation
echo 'genclo' > /etc/yum/vars/infra
# change dhcp client retry/timeouts to resolve #6866
cat >> /etc/dhcp/dhclient.conf << EOF
timeout 300;
retry 60;
EOF
rm -rf /var/log/yum.log
rm -rf /var/lib/yum/*
rm -rf /root/install.log
rm -rf /root/install.log.syslog
rm -rf /root/anaconda-ks.cfg
rm -rf /var/log/anaconda*
rm -f /var/lib/systemd/random-seed
cat /dev/null > /etc/machine-id
echo "Fixing SELinux contexts."
touch /var/log/cron
touch /var/log/boot.log
mkdir -p /var/cache/yum
/usr/sbin/fixfiles -R -a restore
# reorder console entries
sed -i 's/console=tty0/console=tty0 console=ttyS0,115200n8/' /boot/grub2/grub.cfg
true
%end

224
cloud/rocky-ocp.ks Normal file
View File

@ -0,0 +1,224 @@
%include rocky-cloud-base.ks
%include rocky-cloud-parts-lvm.ks
%include rocky-cloud-ocp-packages.ks
bootloader --append="console=ttyS0,115200n8 console=tty0 no_timer_check crashkernel=auto net.ifnames=0 LANG=en_US.UTF-8 transparent_hugepage=never rd.luks=0 rd.md=0 rd.dm=0 rd.lvm.vg=rocky rd.lvm.lv=rocky/root rd.net.timeout.dhcp=10" --location=mbr --timeout=1
repo --name="oraclelinux-addons" --baseurl=http://yum.oracle.com/repo/OracleLinux/OL8/addons/$basearch/ --install --includepkgs="oci-utils"
%post --erroronfail
# Attempting to force legacy BIOS boot if we boot from UEFI
# This was backported from our 9 kickstarts to address some issues.
if [ "$(arch)" = "x86_64" ]; then
dnf install grub2-pc-modules grub2-pc -y
grub2-install --target=i386-pc /dev/vda
fi
# Ensure that the pmbr_boot flag is off
parted /dev/vda disk_set pmbr_boot off
# setup systemd to boot to the right runlevel
rm -f /etc/systemd/system/default.target
ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
echo .
dnf -C -y remove linux-firmware
# Remove firewalld; it is required to be present for install/image building.
# but we dont ship it in cloud
dnf -C -y remove firewalld --setopt="clean_requirements_on_remove=1"
dnf -C -y remove avahi\*
sed -i '/^#NAutoVTs=.*/ a\
NAutoVTs=0' /etc/systemd/logind.conf
cat > /etc/sysconfig/network << EOF
NETWORKING=yes
NOZEROCONF=yes
EOF
# Remove build-time resolvers to fix #16948
echo > /etc/resolv.conf
# For cloud images, 'eth0' _is_ the predictable device name, since
# we don't want to be tied to specific virtual (!) hardware
rm -f /etc/udev/rules.d/70*
ln -s /dev/null /etc/udev/rules.d/80-net-name-slot.rules
# simple eth0 config, again not hard-coded to the build hardware
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
DEVICE="eth0"
BOOTPROTO="dhcp"
ONBOOT="yes"
TYPE="Ethernet"
USERCTL="yes"
PEERDNS="yes"
IPV6INIT="no"
PERSISTENT_DHCLIENT="1"
EOF
echo "virtual-guest" > /etc/tuned/active_profile
# generic localhost names
cat > /etc/hosts << EOF
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
EOF
echo .
systemctl mask tmp.mount
cat <<EOL > /etc/sysconfig/kernel
# UPDATEDEFAULT specifies if new-kernel-pkg should make
# new kernels the default
UPDATEDEFAULT=yes
# DEFAULTKERNEL specifies the default kernel package type
DEFAULTKERNEL=kernel
EOL
# make sure firstboot doesn't start
echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot
# rocky cloud user
echo -e 'rocky\tALL=(ALL)\tNOPASSWD: ALL' >> /etc/sudoers
sed -i 's/name: cloud-user/name: rocky/g' /etc/cloud/cloud.cfg
dnf clean all
# XXX instance type markers - MUST match Rocky Infra expectation
echo 'oci' > /etc/yum/vars/infra
# change dhcp client retry/timeouts to resolve #6866
cat >> /etc/dhcp/dhclient.conf << EOF
timeout 300;
retry 60;
EOF
rm -rf /var/log/yum.log
rm -rf "/var/lib/yum/*"
rm -rf /root/install.log
rm -rf /root/install.log.syslog
rm -rf /root/anaconda-ks.cfg
rm -rf /var/log/anaconda*
rm -f /var/lib/systemd/random-seed
cat /dev/null > /etc/machine-id
echo "Fixing SELinux contexts."
touch /var/log/cron
touch /var/log/boot.log
mkdir -p /var/cache/yum
/usr/sbin/fixfiles -R -a restore
# remove these for debugging
sed -i -e 's/ rhgb quiet//' /boot/grub/grub.conf
# enable resizing on copied AMIs
echo 'install_items+=" sgdisk "' > /etc/dracut.conf.d/sgdisk.conf
# OCI - Start ocid on boot
systemctl enable ocid.service
# OCI - Need iscsi as a dracut module
echo 'add_dracutmodules+="iscsi"' > /etc/dracut.conf.d/iscsi.conf
# OCI - Virtio drivers
echo 'add_drivers+="virtio virtio_blk virtio_net virtio_pci virtio_ring virtio_scsi virtio_console"' > /etc/dracut.conf.d/virtio.conf
# OCI - YOLO
mkdir -p /usr/lib/dracut/modules.d/95oci
OCIDRACUT="H4sIAGtFHmMAA+2WWW/bOBCA/Vr+illZzQXoluPUhgMURYrmpS02fevuGpJIWYQVUiWpJoHr/15S
crLZZBs3QA8U5QfYosQ5NUNSrRRBTfMAi6xoVXDOcVsT6ePg2YgXNBh8C0LNeDTqrpq7124cpfF4
nIzT8fhwEEaj+HA8gNE38b6FVqpMAAwE5+ohuW3zvyjtw/UnLMtr4lFZSOrlV00mpS+rR/rYUv84
StJBlIx10ZNREscD/SRNkwGE3yXjO/zm9R/+EeSUBbJCQ/AOPNANQCYgK1LXniwEbdQUKMOEKU9l
ufT6eUbrqRby8kzSwuNlKYmaQDo1JrQhcjkBJWdHIC9mKUg9TIEoKGlN1FVDZtobGr7NVFFB11nm
3YLikNU1v4A8ozXwVgEtQVUEullM5RKKjGkZQTJ8BTmBkrcMo6Eg5QTeiCxvFxMYJmESxWGYImRc
wYLo8i7gOMDkY8Dauob4eCeCT5/Ah1uN7+mhbmx0+vrs5M93s10kZo67Mp6Hec2L5WTtIB1Oby3n
vIYQBPa76P1+XcDODrwHj4DjCgf+nprYGSDQlFwA69KgDNy93ooERpR5uD8FzDs5w3utv+qEnz6d
HKwdmIHTudE2TdgFZ4qyltwodGk2mZBk3snNO0dfTlh7vc722sQ9bcftInCMmiCqFQyiG+lN2HPC
ipm7J5WYC9LUWUH+VXMC/fsrLp39TgtzRuAe3RQpKr5JcAJnS9o0lC3AveXD930HjnfiR4lDl/7y
XC5uqUkjT7CZdgJ13gSdHbP+FcHebSNOr3VJFYSopGgXfWX1S21ZmgV109c3rYCuwzgxe6oJ+/Ts
xdkpbPR5oyhn15l+leR/kuw13L6BdeFAEgwehd3gn7fP372a+QdusBK9ilSYmniq9RTc1eU0MBKB
HnwI11P9n6x3/ycP3QsXme4E56VeoNr4g9GZt/az9zbLdrac//29p7f3tnn8wb9h2/dfchjdOf/D
OIns+f8j2Jz/+iD/4V8ARUWK5d4+rNCTzRkTojVCmDSEYXl/gjJdqrruJ8zNvOJ8CY0gXqt3NTg6
0vufjg5T8YXvVkeb+dkv3GKxWCwWi8VisVgsFovFYrFYLBaLxWL5jnwGdMMrBgAoAAA="
base64 -d <<<"$OCIDRACUT" | tar -xz
OCICLOUDCFG="IyBPQ0kgY2xvdWQtaW5pdCBjb25maWd1cmF0aW9uCmRhdGFzb3VyY2VfbGlzdDogWydPcmFjbGUn
LCAnT3BlblN0YWNrJ10KZGF0YXNvdXJjZToKICBPcGVuU3RhY2s6CiAgICBtZXRhZGF0YV91cmxz
OiBbJ2h0dHA6Ly8xNjkuMjU0LjE2OS4yNTQnXQogICAgdGltZW91dDogMTAKICAgIG1heF93YWl0
OiAyMAoKIyBzd2FwIGZpbGUKc3dhcDoKICAgZmlsZW5hbWU6IC8uc3dhcGZpbGUKICAgc2l6ZTog
ImF1dG8iCgpjbG91ZF9pbml0X21vZHVsZXM6CiMgT0NJOiBkaXNrX3NldHVwIGlzIGRpc2FibGVk
CiMtIGRpc2tfc2V0dXAKIC0gbWlncmF0b3IKIC0gYm9vdGNtZAogLSB3cml0ZS1maWxlcwojIE9D
STogVGhlIGdyb3dwYXJ0IG1vZHVsZSBpcyBkaXNhYmxlZCBieSBkZWZhdWx0LiBUbyBlbmFibGUg
YXV0b21hdGljIGJvb3Qgdm9sdW1lIHJlc2l6aW5nLCB1bmNvbW1lbnQKIyB0aGUgYmVsb3cgZW50
cnkgZm9yICctIGdyb3dwYXJ0JyBhbmQgcmVib290LiBBbGwgdGhlIGRlcGVuZGVudCBwYWNrYWdl
cyBmb3IgdGhlIGdyb3dwYXJ0CiMgbW9kdWxlIHRvIHdvcmsgc3VjaCBhcyBjbG91ZC11dGlscy1n
cm93cGFydCBhbmQgZ2Rpc2sgYXJlIGFscmVhZHkgaW5jbHVkZWQgaW4gdGhlIGltYWdlLgojLSBn
cm93cGFydAogLSByZXNpemVmcwojIE9DSTogc2V0X2hvc3RuYW1lLCB1cGRhdGVfaG9zdG5hbWUs
IHVwZGF0ZV9ldGNfaG9zdHMgYXJlIGRpc2FibGVkCiMtIHNldF9ob3N0bmFtZQojLSB1cGRhdGVf
aG9zdG5hbWUKIy0gdXBkYXRlX2V0Y19ob3N0cwogLSByc3lzbG9nCiAtIHVzZXJzLWdyb3Vwcwog
LSBzc2gKCmNsb3VkX2NvbmZpZ19tb2R1bGVzOgogLSBtb3VudHMKIC0gbG9jYWxlCiAtIHNldC1w
YXNzd29yZHMKIyBPQ0k6IHJoX3N1YnNjcmlwdGlvbiBpcyBkaXNhYmxlZAojLSByaF9zdWJzY3Jp
cHRpb24KIC0geXVtLWFkZC1yZXBvCiAtIHBhY2thZ2UtdXBkYXRlLXVwZ3JhZGUtaW5zdGFsbAog
LSB0aW1lem9uZQogLSBudHAKIC0gcHVwcGV0CiAtIGNoZWYKIC0gc2FsdC1taW5pb24KIC0gbWNv
bGxlY3RpdmUKIC0gZGlzYWJsZS1lYzItbWV0YWRhdGEKIC0gcnVuY21kCgpjbG91ZF9maW5hbF9t
b2R1bGVzOgogLSByaWdodHNjYWxlX3VzZXJkYXRhCiAtIHNjcmlwdHMtcGVyLW9uY2UKIC0gc2Ny
aXB0cy1wZXItYm9vdAogLSBzY3JpcHRzLXBlci1pbnN0YW5jZQogLSBzY3JpcHRzLXVzZXIKIC0g
c3NoLWF1dGhrZXktZmluZ2VycHJpbnRzCiAtIGtleXMtdG8tY29uc29sZQogLSBwaG9uZS1ob21l
CiAtIGZpbmFsLW1lc3NhZ2UKIyBPQ0k6IHBvd2VyLXN0YXRlLWNoYW5nZSBpcyBkaXNhYmxlZAoj
LSBwb3dlci1zdGF0ZS1jaGFuZ2UKCg=="
base64 -d <<<"$OCICLOUDCFG" >> /etc/cloud/cloud.cfg.d/99_oci.cfg
# Rerun dracut for the installed kernel (not the running kernel):
KERNEL_VERSION=$(rpm -q kernel --qf '%%{V}-%%{R}.%%{arch}\n')
dracut -f /boot/initramfs-$KERNEL_VERSION.img $KERNEL_VERSION
# OCI needs Iscsi
grubby --args="libiscsi.debug_libiscsi_eh=1 netroot=iscsi:169.254.0.2:::1:iqn.2015-02.oracle.boot:uefi ip=dhcp rd.iscsi.bypass rd.iscsi.param=node.session.timeo.replacement_timeout=6000" --update-kernel "/boot/vmlinuz-$KERNEL_VERSION"
passwd -d root
passwd -l root
# Copyright (C) 2020 Oracle Corp., Inc. All rights reserved.
# Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl
#
# /usr/lib/oci-linux-config/cloud/scripts/initramfs-mod/net.sh
#
echo "$(date) - OCI initramfs network modification script started."
# Symlink network config files where cloud-init >= 19.4 expects them
DRACUT_CFG=/run/initramfs/state/etc/sysconfig/network-scripts
CI_DIR=/run
if [ -d $DRACUT_CFG ]; then
FILE_COUNT=`ls $DRACUT_CFG | wc -l`
if [ $FILE_COUNT -eq 0 ]; then
# Create dummy file if dracut did not create network device config
dummycfg=$CI_DIR/net-dummy.conf
echo "DEVICE=\"dummy\"" > $dummycfg
echo "BOOTPROTO=dhcp" >> $dummycfg
echo "$(date) - Creating dummy config $dummycfg."
else
for dcfg in $DRACUT_CFG/*; do
filename=${dcfg##*/}
devname=${filename##ifcfg-}
cicfg=$CI_DIR/net-$devname.conf
if [ ! -e $cicfg ]; then
echo "$(date) - Creating symlink from $dcfg to $cicfg."
ln -s $dcfg $cicfg
fi
done
fi
fi
echo "$(date) - OCI initramfs network modification script done."
true
%end

View File

@ -0,0 +1,75 @@
%include rocky-container.ks
%packages --ignoremissing --excludedocs --instLangs=en --nocore --excludeWeakdeps
bash
binutils
coreutils-single
glibc-minimal-langpack
hostname
iputils # this pulls in systemd, lets ask for it by name, too
less
systemd
rocky-release
rootfiles
tar
vim-minimal
yum
-brotli
-dosfstools
-kexec-tools
-e2fsprogs
-firewalld
-fuse-libs
-gettext*
-gnupg2-smime
-grub\*
-iptables
-kernel
-libss
-os-prober*
-pinentry
-qemu-guest-agent
-shared-mime-info
-trousers
-xfsprogs
-xkeyboard-config
%end
%post --erroronfail --log=/root/anaconda-post.log
# container customizations inside the chroot
# Stay compatible
echo 'container' > /etc/dnf/vars/infra
#Generate installtime file record
/bin/date +%Y%m%d_%H%M > /etc/BUILDTIME
# Limit languages to help reduce size.
LANG="en_US"
echo "%_install_langs $LANG" > /etc/rpm/macros.image-language-conf
# https://bugzilla.redhat.com/show_bug.cgi?id=1727489
echo 'LANG="C.UTF-8"' > /etc/locale.conf
# systemd fixes
:> /etc/machine-id
umount /run
systemd-tmpfiles --create --boot
# mask mounts and login bits
systemctl mask \
console-getty.service \
dev-hugepages.mount \
getty.target \
sys-fs-fuse-connections.mount \
systemd-logind.service \
systemd-remount-fs.service
# Cleanup the image
rm -f /etc/udev/hwdb.bin
rm -rf /usr/lib/udev/hwdb.d/ \
/boot /var/lib/dnf/history.* \
/tmp/* /tmp/.* || true
%end

View File

@ -0,0 +1,77 @@
%include rocky-container.ks
%packages --ignoremissing --excludedocs --instLangs=en --nocore --excludeWeakdeps
bash
coreutils-single
glibc-minimal-langpack
systemd
microdnf
rocky-release
-brotli
-dosfstools
-e2fsprogs
-firewalld
-fuse-libs
-gettext*
-gnupg2-smime
-grub\*
-hostname
-iptables
-iputils
-kernel
-kexec-tools
-less
-libss
-os-prober*
-pinentry
-qemu-guest-agent
-rootfiles
-shared-mime-info
-tar
-trousers
-vim-minimal
-xfsprogs
-xkeyboard-config
-yum
%end
%post --erroronfail --log=/root/anaconda-post.log
# container customizations inside the chroot
rpm --rebuilddb
/bin/date +%Y-%m-%d_%H:%M:%S > /etc/BUILDTIME
echo 'container' > /etc/dnf/vars/infra
LANG="en_US"
echo '%_install_langs en_US.UTF-8' > /etc/rpm/macros.image-language-conf
echo 'LANG="C.UTF-8"' > /etc/locale.conf
rm -f /var/lib/dnf/history.*
rm -fr "/var/log/*" "/tmp/*" "/tmp/.*"
for dir in $(ls -d "/usr/share/{locale,i18n}/*" | grep -v 'en_US\|all_languages\|locale\.alias'); do rm -fr $dir; done
# systemd fixes
umount /run
systemd-tmpfiles --create --boot
# mask mounts and login bits
systemctl mask \
console-getty.service \
dev-hugepages.mount \
getty.target \
sys-fs-fuse-connections.mount \
systemd-logind.service \
systemd-remount-fs.service
# Cleanup the image
rm -f /etc/udev/hwdb.bin
rm -rf /usr/lib/udev/hwdb.d/ \
/boot /var/lib/dnf/history.* \
"/tmp/*" "/tmp/.*" || true
%end

View File

@ -0,0 +1,78 @@
%include rocky-container.ks
%packages --ignoremissing --excludedocs --instLangs=en --nocore --excludeWeakdeps
bash
binutils
brotli
coreutils-single
crypto-policies-scripts
dmidecode
findutils
glibc-minimal-langpack
libcurl
systemd
rocky-release
rootfiles
tar
vim-minimal
which
yum
-dosfstools
-e2fsprogs
-firewalld
-fuse-libs
-gettext*
-gnupg2-smime
-grub\*
-iptables
-kernel
-kexec-tools
-libss
-os-prober*
-pinentry
-qemu-guest-agent
-shared-mime-info
-trousers
-xfsprogs
-xkeyboard-config
%end
%post --erroronfail --log=/root/anaconda-post.log
# container customizations inside the chroot
# Stay compatible
echo 'container' > /etc/dnf/vars/infra
#Generate installtime file record
/bin/date +%Y%m%d_%H%M > /etc/BUILDTIME
# Limit languages to help reduce size.
LANG="en_US"
echo "%_install_langs $LANG" > /etc/rpm/macros.image-language-conf
# https://bugzilla.redhat.com/show_bug.cgi?id=1727489
echo 'LANG="C.UTF-8"' > /etc/locale.conf
# systemd fixes
:> /etc/machine-id
umount /run
systemd-tmpfiles --create --boot
# mask mounts and login bits
systemctl mask \
console-getty.service \
dev-hugepages.mount \
getty.target \
sys-fs-fuse-connections.mount \
systemd-logind.service \
systemd-remount-fs.service
# Cleanup the image
rm -f /etc/udev/hwdb.bin
rm -rf /usr/lib/udev/hwdb.d/ \
/boot /var/lib/dnf/history.* \
/tmp/* /tmp/.* || true
%end

View File

@ -0,0 +1,18 @@
url --url https://download.rockylinux.org/stg/rocky/8/BaseOS/$basearch/os/
text
bootloader --disable
firewall --disabled
network --bootproto=dhcp --device=link --activate --onboot=on
rootpw --lock --iscrypted locked
selinux --disabled
shutdown
keyboard us
lang en_US.UTF-8
timezone --isUtc --nontp UTC
# Disk setup
zerombr
clearpart --all --initlabel
autopart --noboot --nohome --noswap --nolvm --fstype=ext4

View File

@ -0,0 +1,25 @@
url --url https://download.rockylinux.org/stg/rocky/8/BaseOS/$basearch/os/
repo --name=plus --baseurl=http://dl.rockylinux.org/pub/rocky/8/plus/$basearch/os
text
keyboard --vckeymap us
lang en_US
skipx
network --bootproto=dhcp --device=link --activate --onboot=on
rootpw --plaintext vagrant
firewall --disabled
timezone --utc UTC
services --enabled=vmtoolsd
# The biosdevname and ifnames options ensure we get "eth0" as our interface
# even in environments like virtualbox that emulate a real NW card
bootloader --timeout=1 --append="no_timer_check console=tty0 console=ttyS0,115200n8 net.ifnames=0 biosdevname=0 elevator=noop"
zerombr
clearpart --all --initlabel
reqpart
part / --fstype=xfs --asprimary --size=1024 --grow
user --name=vagrant --plaintext --password=vagrant
shutdown
%addon com_redhat_kdump --disable
%end

View File

@ -0,0 +1,94 @@
%include rocky-vagrant-base.ks
%include rocky-vagrant-packages-hyperv.ks
%post
# configure swap to a file
fallocate -l 2G /swapfile
chmod 600 /swapfile
mkswap /swapfile
echo "/swapfile none swap defaults 0 0" >> /etc/fstab
# sudo
echo "%vagrant ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/vagrant
chmod 0440 /etc/sudoers.d/vagrant
# Fix for https://github.com/CentOS/sig-cloud-instance-build/issues/38
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
DEVICE="eth0"
BOOTPROTO="dhcp"
ONBOOT="yes"
TYPE="Ethernet"
PERSISTENT_DHCLIENT="yes"
EOF
# sshd: disable password authentication and DNS checks
ex -s /etc/ssh/sshd_config <<EOF
:%substitute/^\(PasswordAuthentication\) yes$/\1 no/
:%substitute/^#\(UseDNS\) yes$/&\r\1 no/
:update
:quit
EOF
cat >>/etc/sysconfig/sshd <<EOF
# Decrease connection time by preventing reverse DNS lookups
# (see https://lists.centos.org/pipermail/centos-devel/2016-July/014981.html
# and man sshd for more information)
OPTIONS="-u0"
EOF
# Default insecure vagrant key
mkdir -m 0700 -p /home/vagrant/.ssh
echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key" >> /home/vagrant/.ssh/authorized_keys
chmod 600 /home/vagrant/.ssh/authorized_keys
chown -R vagrant:vagrant /home/vagrant/.ssh
# Fix for issue #76, regular users can gain admin privileges via su
ex -s /etc/pam.d/su <<'EOF'
# allow vagrant to use su, but prevent others from becoming root or vagrant
/^account\s\+sufficient\s\+pam_succeed_if.so uid = 0 use_uid quiet$/
:append
account [success=1 default=ignore] \\
pam_succeed_if.so user = vagrant use_uid quiet
account required pam_succeed_if.so user notin root:vagrant
.
:update
:quit
EOF
# systemd should generate a new machine id during the first boot, to
# avoid having multiple Vagrant instances with the same id in the local
# network. /etc/machine-id should be empty, but it must exist to prevent
# boot errors (e.g. systemd-journald failing to start).
:>/etc/machine-id
echo 'vag' > /etc/yum/vars/infra
# Blacklist the floppy module to avoid probing timeouts
echo blacklist floppy > /etc/modprobe.d/nofloppy.conf
chcon -u system_u -r object_r -t modules_conf_t /etc/modprobe.d/nofloppy.conf
# Customize the initramfs
pushd /etc/dracut.conf.d
# Enable VMware PVSCSI support for VMware Fusion guests.
echo 'add_drivers+=" vmw_pvscsi "' > vmware-fusion-drivers.conf
echo 'add_drivers+=" hv_netvsc hv_storvsc hv_utils hv_vmbus hid-hyperv "' > hyperv-drivers.conf
# There's no floppy controller, but probing for it generates timeouts
echo 'omit_drivers+=" floppy "' > nofloppy.conf
popd
# Fix the SELinux context of the new files
restorecon -f - <<EOF
/etc/sudoers.d/vagrant
/etc/dracut.conf.d/vmware-fusion-drivers.conf
/etc/dracut.conf.d/hyperv-drivers.conf
/etc/dracut.conf.d/nofloppy.conf
EOF
# Rerun dracut for the installed kernel (not the running kernel):
KERNEL_VERSION=$(rpm -q kernel --qf '%{version}-%{release}.%{arch}\n')
dracut -f /boot/initramfs-${KERNEL_VERSION}.img ${KERNEL_VERSION}
# Seal for deployment
rm -rf /etc/ssh/ssh_host_*
hostnamectl set-hostname localhost.localdomain
rm -rf /etc/udev/rules.d/70-*
%end

View File

@ -0,0 +1,34 @@
%packages --instLangs=en
bash-completion
man-pages
bzip2
rsync
nfs-utils
cifs-utils
chrony
yum-utils
hyperv-daemons
open-vm-tools
# Vagrant boxes aren't normally visible, no need for Plymouth
-plymouth
# Microcode updates cannot work in a VM
-microcode_ctl
# Firmware packages are not needed in a VM
-iwl100-firmware
-iwl1000-firmware
-iwl105-firmware
-iwl135-firmware
-iwl2000-firmware
-iwl2030-firmware
-iwl3160-firmware
-iwl3945-firmware
-iwl4965-firmware
-iwl5000-firmware
-iwl5150-firmware
-iwl6000-firmware
-iwl6000g2a-firmware
-iwl6050-firmware
-iwl7260-firmware
# Don't build rescue initramfs
-dracut-config-rescue
%end

View File

@ -0,0 +1,33 @@
%packages --instLangs=en
bash-completion
man-pages
bzip2
rsync
nfs-utils
cifs-utils
chrony
yum-utils
open-vm-tools
# Vagrant boxes aren't normally visible, no need for Plymouth
-plymouth
# Microcode updates cannot work in a VM
-microcode_ctl
# Firmware packages are not needed in a VM
-iwl100-firmware
-iwl1000-firmware
-iwl105-firmware
-iwl135-firmware
-iwl2000-firmware
-iwl2030-firmware
-iwl3160-firmware
-iwl3945-firmware
-iwl4965-firmware
-iwl5000-firmware
-iwl5150-firmware
-iwl6000-firmware
-iwl6000g2a-firmware
-iwl6050-firmware
-iwl7260-firmware
# Don't build rescue initramfs
-dracut-config-rescue
%end

View File

@ -0,0 +1,108 @@
%include rocky-vagrant-base.ks
%include rocky-vagrant-packages-hyperv.ks
%post
# configure swap to a file
fallocate -l 2G /swapfile
chmod 600 /swapfile
mkswap /swapfile
echo "/swapfile none swap defaults 0 0" >> /etc/fstab
# sudo
echo "%vagrant ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/vagrant
chmod 0440 /etc/sudoers.d/vagrant
# Fix for https://github.com/CentOS/sig-cloud-instance-build/issues/38
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
DEVICE="eth0"
BOOTPROTO="dhcp"
ONBOOT="yes"
TYPE="Ethernet"
PERSISTENT_DHCLIENT="yes"
EOF
# sshd: disable password authentication and DNS checks
# for virtualbox we're disabling it after provisioning
# Decrease connection time by preventing reverse DNS lookups
# (see https://lists.centos.org/pipermail/centos-devel/2016-July/014981.html
# and man sshd for more information)
OPTIONS="-u0"
EOF
# Default insecure vagrant key
mkdir -m 0700 -p /home/vagrant/.ssh
echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key" >> /home/vagrant/.ssh/authorized_keys
chmod 600 /home/vagrant/.ssh/authorized_keys
chown -R vagrant:vagrant /home/vagrant/.ssh
# Fix for issue #76, regular users can gain admin privileges via su
ex -s /etc/pam.d/su <<'EOF'
# allow vagrant to use su, but prevent others from becoming root or vagrant
/^account\s\+sufficient\s\+pam_succeed_if.so uid = 0 use_uid quiet$/
:append
account [success=1 default=ignore] \\
pam_succeed_if.so user = vagrant use_uid quiet
account required pam_succeed_if.so user notin root:vagrant
.
:update
:quit
EOF
# Install VBoxGuestAdditions for installed kernel
kver=$(rpm -q --queryformat="%{VERSION}-%{RELEASE}.%{ARCH}" kernel)
dnf -y install kernel-devel gcc make perl elfutils-libelf-devel
curl -L -o /tmp/vboxadditions.iso https://download.virtualbox.org/virtualbox/6.1.34/VBoxGuestAdditions_6.1.34.iso
mkdir -p /media/VBoxGuestAdditions
mount -o loop,ro /tmp/vboxadditions.iso /media/VBoxGuestAdditions
mkdir -p /tmp/VBoxGuestAdditions
sh /media/VBoxGuestAdditions/VBoxLinuxAdditions.run --nox11 --noexec --keep --target /tmp/VBoxGuestAdditions
pushd /tmp/VBoxGuestAdditions
./install.sh
/sbin/rcvboxadd quicksetup all
popd
ls "/lib/modules/${kver}/misc/"
modinfo "/lib/modules/${kver}/misc/vboxsf.ko"
rm -rf /tmp/VBoxGuestAdditions
umount /media/VBoxGuestAdditions
rm -f /tmp/vboxadditions.iso
rmdir /media/VBoxGuestAdditions
dnf -y remove kernel-devel gcc make perl elfutils-libelf-devel
# systemd should generate a new machine id during the first boot, to
# avoid having multiple Vagrant instances with the same id in the local
# network. /etc/machine-id should be empty, but it must exist to prevent
# boot errors (e.g. systemd-journald failing to start).
:>/etc/machine-id
echo 'vag' > /etc/yum/vars/infra
# Blacklist the floppy module to avoid probing timeouts
echo blacklist floppy > /etc/modprobe.d/nofloppy.conf
chcon -u system_u -r object_r -t modules_conf_t /etc/modprobe.d/nofloppy.conf
# Customize the initramfs
pushd /etc/dracut.conf.d
# Enable VMware PVSCSI support for VMware Fusion guests.
echo 'add_drivers+=" vmw_pvscsi "' > vmware-fusion-drivers.conf
echo 'add_drivers+=" hv_netvsc hv_storvsc hv_utils hv_vmbus hid-hyperv "' > hyperv-drivers.conf
# There's no floppy controller, but probing for it generates timeouts
echo 'omit_drivers+=" floppy "' > nofloppy.conf
popd
# Fix the SELinux context of the new files
restorecon -f - <<EOF
/etc/sudoers.d/vagrant
/etc/dracut.conf.d/vmware-fusion-drivers.conf
/etc/dracut.conf.d/hyperv-drivers.conf
/etc/dracut.conf.d/nofloppy.conf
EOF
# Rerun dracut for the installed kernel (not the running kernel):
KERNEL_VERSION=$(rpm -q kernel --qf '%{version}-%{release}.%{arch}\n')
dracut -f /boot/initramfs-${KERNEL_VERSION}.img ${KERNEL_VERSION}
# Seal for deployment
rm -rf /etc/ssh/ssh_host_*
hostnamectl set-hostname localhost.localdomain
rm -rf /etc/udev/rules.d/70-*
%end

View File

@ -0,0 +1,97 @@
%include rocky-vagrant-base.ks
%include rocky-vagrant-packages.ks
%post
# configure swap to a file
fallocate -l 2G /swapfile
chmod 600 /swapfile
mkswap /swapfile
echo "/swapfile none swap defaults 0 0" >> /etc/fstab
# sudo
echo "%vagrant ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/vagrant
chmod 0440 /etc/sudoers.d/vagrant
# vmware needs open-vm-tools; on aarch, this is in plus
dnf config-manager --set-enabled=plus
# Fix for https://github.com/CentOS/sig-cloud-instance-build/issues/38
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
DEVICE="eth0"
BOOTPROTO="dhcp"
ONBOOT="yes"
TYPE="Ethernet"
PERSISTENT_DHCLIENT="yes"
EOF
# sshd: disable password authentication and DNS checks
ex -s /etc/ssh/sshd_config <<EOF
:%substitute/^\(PasswordAuthentication\) yes$/\1 no/
:%substitute/^#\(UseDNS\) yes$/&\r\1 no/
:update
:quit
EOF
cat >>/etc/sysconfig/sshd <<EOF
# Decrease connection time by preventing reverse DNS lookups
# (see https://lists.centos.org/pipermail/centos-devel/2016-July/014981.html
# and man sshd for more information)
OPTIONS="-u0"
EOF
# Default insecure vagrant key
mkdir -m 0700 -p /home/vagrant/.ssh
echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key" >> /home/vagrant/.ssh/authorized_keys
chmod 600 /home/vagrant/.ssh/authorized_keys
chown -R vagrant:vagrant /home/vagrant/.ssh
# Fix for issue #76, regular users can gain admin privileges via su
ex -s /etc/pam.d/su <<'EOF'
# allow vagrant to use su, but prevent others from becoming root or vagrant
/^account\s\+sufficient\s\+pam_succeed_if.so uid = 0 use_uid quiet$/
:append
account [success=1 default=ignore] \\
pam_succeed_if.so user = vagrant use_uid quiet
account required pam_succeed_if.so user notin root:vagrant
.
:update
:quit
EOF
# systemd should generate a new machine id during the first boot, to
# avoid having multiple Vagrant instances with the same id in the local
# network. /etc/machine-id should be empty, but it must exist to prevent
# boot errors (e.g. systemd-journald failing to start).
:>/etc/machine-id
echo 'vag' > /etc/yum/vars/infra
# Blacklist the floppy module to avoid probing timeouts
echo blacklist floppy > /etc/modprobe.d/nofloppy.conf
chcon -u system_u -r object_r -t modules_conf_t /etc/modprobe.d/nofloppy.conf
# Customize the initramfs
pushd /etc/dracut.conf.d
# Enable VMware PVSCSI support for VMware Fusion guests.
echo 'add_drivers+=" vmw_pvscsi "' > vmware-fusion-drivers.conf
echo 'add_drivers+=" hv_netvsc hv_storvsc hv_utils hv_vmbus hid-hyperv "' > hyperv-drivers.conf
# There's no floppy controller, but probing for it generates timeouts
echo 'omit_drivers+=" floppy "' > nofloppy.conf
popd
# Fix the SELinux context of the new files
restorecon -f - <<EOF
/etc/sudoers.d/vagrant
/etc/dracut.conf.d/vmware-fusion-drivers.conf
/etc/dracut.conf.d/nofloppy.conf
EOF
# Rerun dracut for the installed kernel (not the running kernel):
KERNEL_VERSION=$(rpm -q kernel --qf '%{version}-%{release}.%{arch}\n')
dracut -f /boot/initramfs-${KERNEL_VERSION}.img ${KERNEL_VERSION}
# Seal for deployment
rm -rf /etc/ssh/ssh_host_*
hostnamectl set-hostname localhost.localdomain
rm -rf /etc/udev/rules.d/70-*
%end