template out various images for r8
This commit is contained in:
parent
fe05feaf54
commit
d87d62e00f
215
cloud/rocky-azure-base.ks
Normal file
215
cloud/rocky-azure-base.ks
Normal file
@ -0,0 +1,215 @@
|
||||
%include rocky-cloud-base.ks
|
||||
%include rocky-cloud-parts-base.ks
|
||||
%include rocky-cloud-azure-packages.ks
|
||||
|
||||
bootloader --append="rootdelay=300 console=ttyS0 earlyprintk=ttyS0 no_timer_check crashkernel=auto net.ifnames=0" --location=mbr --timeout=1
|
||||
|
||||
%post --erroronfail
|
||||
passwd -d root
|
||||
passwd -l root
|
||||
|
||||
# Attempting to force legacy BIOS boot if we boot from UEFI
|
||||
# This was backported from our 9 kickstarts to address some issues.
|
||||
if [ "$(arch)" = "x86_64" ]; then
|
||||
dnf install grub2-pc-modules grub2-pc -y
|
||||
grub2-install --target=i386-pc /dev/vda
|
||||
fi
|
||||
|
||||
# Ensure that the pmbr_boot flag is off
|
||||
parted /dev/vda disk_set pmbr_boot off
|
||||
|
||||
###
|
||||
# Common Cloud Tweaks
|
||||
###
|
||||
|
||||
# setup systemd to boot to the right runlevel
|
||||
rm -f /etc/systemd/system/default.target
|
||||
ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
|
||||
echo .
|
||||
|
||||
# remove linux-firmware as we're virt and it's half a gig
|
||||
dnf -C -y remove linux-firmware
|
||||
|
||||
# Remove firewalld; it is required to be present for install/image building.
|
||||
# but we dont ship it in cloud
|
||||
dnf -C -y remove firewalld --setopt="clean_requirements_on_remove=1"
|
||||
dnf -C -y remove avahi\*
|
||||
sed -i '/^#NAutoVTs=.*/ a\
|
||||
NAutoVTs=0' /etc/systemd/logind.conf
|
||||
|
||||
echo "virtual-guest" > /etc/tuned/active_profile
|
||||
|
||||
###
|
||||
# Networking Changes
|
||||
###
|
||||
|
||||
# For cloud images, 'eth0' _is_ the predictable device name, since
|
||||
# we don't want to be tied to specific virtual (!) hardware
|
||||
rm -f /etc/udev/rules.d/70*
|
||||
ln -s /dev/null /etc/udev/rules.d/80-net-name-slot.rules
|
||||
|
||||
# simple eth0 config, again not hard-coded to the build hardware
|
||||
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
|
||||
DEVICE=eth0
|
||||
ONBOOT=yes
|
||||
BOOTPROTO=dhcp
|
||||
TYPE=Ethernet
|
||||
USERCTL=no
|
||||
PEERDNS=yes
|
||||
IPV6INIT=no
|
||||
NM_CONTROLLED=yes
|
||||
IPV4_DHCP_TIMEOUT=300
|
||||
EOF
|
||||
|
||||
cat << EOF | tee -a /etc/NetworkManager/conf.d/dhcp-timeout.conf
|
||||
# Configure dhcp timeout to 300s by default
|
||||
[connection]
|
||||
ipv4.dhcp-timeout=300
|
||||
EOF
|
||||
|
||||
|
||||
cat > /etc/sysconfig/network << EOF
|
||||
NETWORKING=yes
|
||||
NOZEROCONF=yes
|
||||
EOF
|
||||
|
||||
# Remove build-time resolvers to fix #16948
|
||||
echo > /etc/resolv.conf
|
||||
|
||||
# generic localhost names
|
||||
cat > /etc/hosts << EOF
|
||||
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
|
||||
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
|
||||
|
||||
EOF
|
||||
echo .
|
||||
|
||||
|
||||
###
|
||||
# Services
|
||||
###
|
||||
|
||||
systemctl mask tmp.mount
|
||||
|
||||
###
|
||||
# azure
|
||||
###
|
||||
# Setup WALinux Agent
|
||||
dnf -y install WALinuxAgent
|
||||
systemctl enable waagent
|
||||
|
||||
# Configure waagent for cloud-init
|
||||
sed -i 's/Provisioning.UseCloudInit=n/Provisioning.UseCloudInit=y/g' /etc/waagent.conf
|
||||
sed -i 's/Provisioning.Enabled=y/Provisioning.Enabled=n/g' /etc/waagent.conf
|
||||
|
||||
|
||||
|
||||
# Azure: handle sr-iov and networkmanaeger
|
||||
cat << EOF | tee -a /etc/udev/rules.d/68-azure-sriov-nm-unmanaged.rules
|
||||
# Accelerated Networking on Azure exposes a new SRIOV interface to the VM.
|
||||
# This interface is transparently bonded to the synthetic interface,
|
||||
# so NetworkManager should just ignore any SRIOV interfaces.
|
||||
SUBSYSTEM=="net", DRIVERS=="hv_pci", ACTION=="add", ENV{NM_UNMANAGED}="1"
|
||||
EOF
|
||||
|
||||
# Azure: Time sync for linux
|
||||
## Setup udev rule for ptp_hyperv
|
||||
cat << EOF | tee -a /etc/udev/rules.d/98-hyperv-ptp.rules
|
||||
## See: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/time-sync#check-for-ptp-clock-source
|
||||
SUBSYSTEM=="ptp", ATTR{clock_name}=="hyperv", SYMLINK += "ptp_hyperv"
|
||||
EOF
|
||||
|
||||
# Configure chrony to use ptp_hyperv
|
||||
cat << EOF | tee -a /etc/chrony.conf
|
||||
# Setup hyperv PTP device as refclock
|
||||
refclock PHC /dev/ptp_hyperv poll 3 dpoll -2 offset 0 stratum 2
|
||||
EOF
|
||||
|
||||
# Azure: Blacklist modules
|
||||
cat << EOF | tee -a /etc/modprobe.d/azure-blacklist.conf
|
||||
blacklist amdgpu
|
||||
blacklist nouveau
|
||||
blacklist radeon
|
||||
EOF
|
||||
|
||||
# Azure: cloud-init customizations for Hyperv
|
||||
cat << EOF | tee /etc/cloud/cloud.cfg.d/10-azure-kvp.cfg
|
||||
# Enable logging to the Hyper-V kvp in Azure
|
||||
reporting:
|
||||
logging:
|
||||
type: log
|
||||
telemetry:
|
||||
type: hyperv
|
||||
EOF
|
||||
|
||||
###
|
||||
# Kernel and Drivers
|
||||
###
|
||||
|
||||
# Add drivers when building in VMWare, Vbox, or KVM (KVM)
|
||||
cat << EOF | tee -a /etc/dracut.conf.d/80-azure.conf
|
||||
add_drivers+=" hv_vmbus hv_netvsc hv_storvsc "
|
||||
EOF
|
||||
|
||||
dracut -f -v
|
||||
|
||||
cat <<EOL > /etc/sysconfig/kernel
|
||||
# UPDATEDEFAULT specifies if new-kernel-pkg should make
|
||||
# new kernels the default
|
||||
UPDATEDEFAULT=yes
|
||||
|
||||
# DEFAULTKERNEL specifies the default kernel package type
|
||||
DEFAULTKERNEL=kernel
|
||||
EOL
|
||||
|
||||
# make sure firstboot doesn't start
|
||||
echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot
|
||||
|
||||
# rocky cloud user
|
||||
echo -e 'rocky\tALL=(ALL)\tNOPASSWD: ALL' >> /etc/sudoers
|
||||
sed -i 's/name: cloud-user/name: rocky/g' /etc/cloud/cloud.cfg
|
||||
|
||||
dnf clean all
|
||||
|
||||
# XXX instance type markers - MUST match Rocky Infra expectation
|
||||
echo 'azure' > /etc/yum/vars/infra
|
||||
|
||||
# change dhcp client retry/timeouts to resolve #6866
|
||||
|
||||
|
||||
###
|
||||
# Cleanup
|
||||
###
|
||||
|
||||
###
|
||||
# Azure Cleanup
|
||||
###
|
||||
sudo rm -f /var/log/waagent.log
|
||||
sudo cloud-init clean
|
||||
waagent -force -deprovision+user
|
||||
|
||||
|
||||
# Commont cleanup
|
||||
rm -f ~/.bash_history
|
||||
export HISTSIZE=0
|
||||
|
||||
rm -f /var/lib/systemd/random-seed
|
||||
rm -rf /root/anaconda-ks.cfg
|
||||
rm -rf /root/install.log
|
||||
rm -rf /root/install.log.syslog
|
||||
rm -rf /var/lib/yum/*
|
||||
rm -rf /var/log/anaconda*
|
||||
rm -rf /var/log/yum.log
|
||||
|
||||
# Wipe machineid
|
||||
cat /dev/null > /etc/machine-id
|
||||
|
||||
# Fix selinux
|
||||
touch /var/log/cron
|
||||
touch /var/log/boot.log
|
||||
mkdir -p /var/cache/yum
|
||||
/usr/sbin/fixfiles -R -a restore
|
||||
|
||||
true
|
||||
|
||||
%end
|
215
cloud/rocky-azure-lvm.ks
Normal file
215
cloud/rocky-azure-lvm.ks
Normal file
@ -0,0 +1,215 @@
|
||||
%include rocky-cloud-base.ks
|
||||
%include rocky-cloud-parts-lvm.ks
|
||||
%include rocky-cloud-azure-packages.ks
|
||||
|
||||
bootloader --append="rootdelay=300 console=ttyS0 earlyprintk=ttyS0 no_timer_check crashkernel=auto net.ifnames=0" --location=mbr --timeout=1
|
||||
|
||||
%post --erroronfail
|
||||
passwd -d root
|
||||
passwd -l root
|
||||
|
||||
# Attempting to force legacy BIOS boot if we boot from UEFI
|
||||
# This was backported from our 9 kickstarts to address some issues.
|
||||
if [ "$(arch)" = "x86_64" ]; then
|
||||
dnf install grub2-pc-modules grub2-pc -y
|
||||
grub2-install --target=i386-pc /dev/vda
|
||||
fi
|
||||
|
||||
# Ensure that the pmbr_boot flag is off
|
||||
parted /dev/vda disk_set pmbr_boot off
|
||||
|
||||
###
|
||||
# Common Cloud Tweaks
|
||||
###
|
||||
|
||||
# setup systemd to boot to the right runlevel
|
||||
rm -f /etc/systemd/system/default.target
|
||||
ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
|
||||
echo .
|
||||
|
||||
# remove linux-firmware as we're virt and it's half a gig
|
||||
dnf -C -y remove linux-firmware
|
||||
|
||||
# Remove firewalld; it is required to be present for install/image building.
|
||||
# but we dont ship it in cloud
|
||||
dnf -C -y remove firewalld --setopt="clean_requirements_on_remove=1"
|
||||
dnf -C -y remove avahi\*
|
||||
sed -i '/^#NAutoVTs=.*/ a\
|
||||
NAutoVTs=0' /etc/systemd/logind.conf
|
||||
|
||||
echo "virtual-guest" > /etc/tuned/active_profile
|
||||
|
||||
###
|
||||
# Networking Changes
|
||||
###
|
||||
|
||||
# For cloud images, 'eth0' _is_ the predictable device name, since
|
||||
# we don't want to be tied to specific virtual (!) hardware
|
||||
rm -f /etc/udev/rules.d/70*
|
||||
ln -s /dev/null /etc/udev/rules.d/80-net-name-slot.rules
|
||||
|
||||
# simple eth0 config, again not hard-coded to the build hardware
|
||||
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
|
||||
DEVICE=eth0
|
||||
ONBOOT=yes
|
||||
BOOTPROTO=dhcp
|
||||
TYPE=Ethernet
|
||||
USERCTL=no
|
||||
PEERDNS=yes
|
||||
IPV6INIT=no
|
||||
NM_CONTROLLED=yes
|
||||
IPV4_DHCP_TIMEOUT=300
|
||||
EOF
|
||||
|
||||
cat << EOF | tee -a /etc/NetworkManager/conf.d/dhcp-timeout.conf
|
||||
# Configure dhcp timeout to 300s by default
|
||||
[connection]
|
||||
ipv4.dhcp-timeout=300
|
||||
EOF
|
||||
|
||||
|
||||
cat > /etc/sysconfig/network << EOF
|
||||
NETWORKING=yes
|
||||
NOZEROCONF=yes
|
||||
EOF
|
||||
|
||||
# Remove build-time resolvers to fix #16948
|
||||
echo > /etc/resolv.conf
|
||||
|
||||
# generic localhost names
|
||||
cat > /etc/hosts << EOF
|
||||
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
|
||||
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
|
||||
|
||||
EOF
|
||||
echo .
|
||||
|
||||
|
||||
###
|
||||
# Services
|
||||
###
|
||||
|
||||
systemctl mask tmp.mount
|
||||
|
||||
###
|
||||
# azure
|
||||
###
|
||||
# Setup WALinux Agent
|
||||
dnf -y install WALinuxAgent
|
||||
systemctl enable waagent
|
||||
|
||||
# Configure waagent for cloud-init
|
||||
sed -i 's/Provisioning.UseCloudInit=n/Provisioning.UseCloudInit=y/g' /etc/waagent.conf
|
||||
sed -i 's/Provisioning.Enabled=y/Provisioning.Enabled=n/g' /etc/waagent.conf
|
||||
|
||||
|
||||
|
||||
# Azure: handle sr-iov and networkmanaeger
|
||||
cat << EOF | tee -a /etc/udev/rules.d/68-azure-sriov-nm-unmanaged.rules
|
||||
# Accelerated Networking on Azure exposes a new SRIOV interface to the VM.
|
||||
# This interface is transparently bonded to the synthetic interface,
|
||||
# so NetworkManager should just ignore any SRIOV interfaces.
|
||||
SUBSYSTEM=="net", DRIVERS=="hv_pci", ACTION=="add", ENV{NM_UNMANAGED}="1"
|
||||
EOF
|
||||
|
||||
# Azure: Time sync for linux
|
||||
## Setup udev rule for ptp_hyperv
|
||||
cat << EOF | tee -a /etc/udev/rules.d/98-hyperv-ptp.rules
|
||||
## See: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/time-sync#check-for-ptp-clock-source
|
||||
SUBSYSTEM=="ptp", ATTR{clock_name}=="hyperv", SYMLINK += "ptp_hyperv"
|
||||
EOF
|
||||
|
||||
# Configure chrony to use ptp_hyperv
|
||||
cat << EOF | tee -a /etc/chrony.conf
|
||||
# Setup hyperv PTP device as refclock
|
||||
refclock PHC /dev/ptp_hyperv poll 3 dpoll -2 offset 0 stratum 2
|
||||
EOF
|
||||
|
||||
# Azure: Blacklist modules
|
||||
cat << EOF | tee -a /etc/modprobe.d/azure-blacklist.conf
|
||||
blacklist amdgpu
|
||||
blacklist nouveau
|
||||
blacklist radeon
|
||||
EOF
|
||||
|
||||
# Azure: cloud-init customizations for Hyperv
|
||||
cat << EOF | tee /etc/cloud/cloud.cfg.d/10-azure-kvp.cfg
|
||||
# Enable logging to the Hyper-V kvp in Azure
|
||||
reporting:
|
||||
logging:
|
||||
type: log
|
||||
telemetry:
|
||||
type: hyperv
|
||||
EOF
|
||||
|
||||
###
|
||||
# Kernel and Drivers
|
||||
###
|
||||
|
||||
# Add drivers when building in VMWare, Vbox, or KVM (KVM)
|
||||
cat << EOF | tee -a /etc/dracut.conf.d/80-azure.conf
|
||||
add_drivers+=" hv_vmbus hv_netvsc hv_storvsc "
|
||||
EOF
|
||||
|
||||
dracut -f -v
|
||||
|
||||
cat <<EOL > /etc/sysconfig/kernel
|
||||
# UPDATEDEFAULT specifies if new-kernel-pkg should make
|
||||
# new kernels the default
|
||||
UPDATEDEFAULT=yes
|
||||
|
||||
# DEFAULTKERNEL specifies the default kernel package type
|
||||
DEFAULTKERNEL=kernel
|
||||
EOL
|
||||
|
||||
# make sure firstboot doesn't start
|
||||
echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot
|
||||
|
||||
# rocky cloud user
|
||||
echo -e 'rocky\tALL=(ALL)\tNOPASSWD: ALL' >> /etc/sudoers
|
||||
sed -i 's/name: cloud-user/name: rocky/g' /etc/cloud/cloud.cfg
|
||||
|
||||
dnf clean all
|
||||
|
||||
# XXX instance type markers - MUST match Rocky Infra expectation
|
||||
echo 'azure' > /etc/yum/vars/infra
|
||||
|
||||
# change dhcp client retry/timeouts to resolve #6866
|
||||
|
||||
|
||||
###
|
||||
# Cleanup
|
||||
###
|
||||
|
||||
###
|
||||
# Azure Cleanup
|
||||
###
|
||||
sudo rm -f /var/log/waagent.log
|
||||
sudo cloud-init clean
|
||||
waagent -force -deprovision+user
|
||||
|
||||
|
||||
# Commont cleanup
|
||||
rm -f ~/.bash_history
|
||||
export HISTSIZE=0
|
||||
|
||||
rm -f /var/lib/systemd/random-seed
|
||||
rm -rf /root/anaconda-ks.cfg
|
||||
rm -rf /root/install.log
|
||||
rm -rf /root/install.log.syslog
|
||||
rm -rf /var/lib/yum/*
|
||||
rm -rf /var/log/anaconda*
|
||||
rm -rf /var/log/yum.log
|
||||
|
||||
# Wipe machineid
|
||||
cat /dev/null > /etc/machine-id
|
||||
|
||||
# Fix selinux
|
||||
touch /var/log/cron
|
||||
touch /var/log/boot.log
|
||||
mkdir -p /var/cache/yum
|
||||
/usr/sbin/fixfiles -R -a restore
|
||||
|
||||
true
|
||||
|
||||
%end
|
62
cloud/rocky-cloud-azure-packages.ks
Normal file
62
cloud/rocky-cloud-azure-packages.ks
Normal file
@ -0,0 +1,62 @@
|
||||
%packages
|
||||
@core
|
||||
chrony
|
||||
dnf
|
||||
yum
|
||||
cloud-init
|
||||
cloud-utils-growpart
|
||||
NetworkManager
|
||||
dracut-config-generic
|
||||
dracut-norescue
|
||||
firewalld
|
||||
gdisk
|
||||
grub2
|
||||
kernel
|
||||
nfs-utils
|
||||
rsync
|
||||
tar
|
||||
dnf-utils
|
||||
yum-utils
|
||||
-aic94xx-firmware
|
||||
-alsa-firmware
|
||||
-alsa-lib
|
||||
-alsa-tools-firmware
|
||||
-ivtv-firmware
|
||||
-iwl100-firmware
|
||||
-iwl1000-firmware
|
||||
-iwl105-firmware
|
||||
-iwl135-firmware
|
||||
-iwl2000-firmware
|
||||
-iwl2030-firmware
|
||||
-iwl3160-firmware
|
||||
-iwl3945-firmware
|
||||
-iwl4965-firmware
|
||||
-iwl5000-firmware
|
||||
-iwl5150-firmware
|
||||
-iwl6000-firmware
|
||||
-iwl6000g2a-firmware
|
||||
-iwl6000g2b-firmware
|
||||
-iwl6050-firmware
|
||||
-iwl7260-firmware
|
||||
-libertas-sd8686-firmware
|
||||
-libertas-sd8787-firmware
|
||||
-libertas-usb8388-firmware
|
||||
-biosdevname
|
||||
-iprutils
|
||||
-plymouth
|
||||
|
||||
python3-jsonschema
|
||||
qemu-guest-agent
|
||||
dhcp-client
|
||||
cockpit-ws
|
||||
cockpit-system
|
||||
-langpacks-*
|
||||
-langpacks-en
|
||||
|
||||
rocky-release
|
||||
rng-tools
|
||||
|
||||
WALinuxAgent
|
||||
hyperv-daemons
|
||||
|
||||
%end
|
58
cloud/rocky-cloud-base-packages.ks
Normal file
58
cloud/rocky-cloud-base-packages.ks
Normal file
@ -0,0 +1,58 @@
|
||||
%packages
|
||||
@core
|
||||
chrony
|
||||
dnf
|
||||
yum
|
||||
cloud-init
|
||||
cloud-utils-growpart
|
||||
NetworkManager
|
||||
dracut-config-generic
|
||||
dracut-norescue
|
||||
firewalld
|
||||
gdisk
|
||||
grub2
|
||||
kernel
|
||||
nfs-utils
|
||||
rsync
|
||||
tar
|
||||
dnf-utils
|
||||
yum-utils
|
||||
-aic94xx-firmware
|
||||
-alsa-firmware
|
||||
-alsa-lib
|
||||
-alsa-tools-firmware
|
||||
-ivtv-firmware
|
||||
-iwl100-firmware
|
||||
-iwl1000-firmware
|
||||
-iwl105-firmware
|
||||
-iwl135-firmware
|
||||
-iwl2000-firmware
|
||||
-iwl2030-firmware
|
||||
-iwl3160-firmware
|
||||
-iwl3945-firmware
|
||||
-iwl4965-firmware
|
||||
-iwl5000-firmware
|
||||
-iwl5150-firmware
|
||||
-iwl6000-firmware
|
||||
-iwl6000g2a-firmware
|
||||
-iwl6000g2b-firmware
|
||||
-iwl6050-firmware
|
||||
-iwl7260-firmware
|
||||
-libertas-sd8686-firmware
|
||||
-libertas-sd8787-firmware
|
||||
-libertas-usb8388-firmware
|
||||
-biosdevname
|
||||
-iprutils
|
||||
-plymouth
|
||||
|
||||
python3-jsonschema
|
||||
qemu-guest-agent
|
||||
dhcp-client
|
||||
cockpit-ws
|
||||
cockpit-system
|
||||
-langpacks-*
|
||||
-langpacks-en
|
||||
|
||||
rocky-release
|
||||
rng-tools
|
||||
%end
|
17
cloud/rocky-cloud-base.ks
Normal file
17
cloud/rocky-cloud-base.ks
Normal file
@ -0,0 +1,17 @@
|
||||
text
|
||||
lang en_US.UTF-8
|
||||
keyboard us
|
||||
timezone UTC --isUtc
|
||||
# Disk
|
||||
auth --enableshadow --passalgo=sha512
|
||||
selinux --enforcing
|
||||
firewall --enabled --service=ssh
|
||||
firstboot --disable
|
||||
# Network information
|
||||
network --bootproto=dhcp --device=link --activate --onboot=on
|
||||
network --hostname=localhost.localdomain
|
||||
# Root password
|
||||
services --disabled="kdump" --enabled="NetworkManager,sshd,rsyslog,chronyd,cloud-init,cloud-init-local,cloud-config,cloud-final,rngd"
|
||||
rootpw --iscrypted thereisnopasswordanditslocked
|
||||
url --url https://download.rockylinux.org/stg/rocky/8/BaseOS/$basearch/os/
|
||||
shutdown
|
58
cloud/rocky-cloud-ocp-packages.ks
Normal file
58
cloud/rocky-cloud-ocp-packages.ks
Normal file
@ -0,0 +1,58 @@
|
||||
%packages
|
||||
@core
|
||||
chrony
|
||||
cloud-init
|
||||
cloud-utils-growpart
|
||||
cockpit-system
|
||||
cockpit-ws
|
||||
dhcp-client
|
||||
dnf
|
||||
dnf-utils
|
||||
dracut-config-generic
|
||||
firewalld
|
||||
gdisk
|
||||
grub2
|
||||
iscsi-initiator-utils
|
||||
kernel
|
||||
NetworkManager
|
||||
nfs-utils
|
||||
oci-utils
|
||||
python3-jsonschema
|
||||
qemu-guest-agent
|
||||
rng-tools
|
||||
rocky-release
|
||||
rsync
|
||||
tar
|
||||
yum
|
||||
yum-utils
|
||||
|
||||
-aic94xx-firmware
|
||||
-alsa-firmware
|
||||
-alsa-lib
|
||||
-alsa-tools-firmware
|
||||
-biosdevname
|
||||
-iprutils
|
||||
-ivtv-firmware
|
||||
-iwl100-firmware
|
||||
-iwl1000-firmware
|
||||
-iwl105-firmware
|
||||
-iwl135-firmware
|
||||
-iwl2000-firmware
|
||||
-iwl2030-firmware
|
||||
-iwl3160-firmware
|
||||
-iwl3945-firmware
|
||||
-iwl4965-firmware
|
||||
-iwl5000-firmware
|
||||
-iwl5150-firmware
|
||||
-iwl6000-firmware
|
||||
-iwl6000g2a-firmware
|
||||
-iwl6000g2b-firmware
|
||||
-iwl6050-firmware
|
||||
-iwl7260-firmware
|
||||
-langpacks-*
|
||||
-langpacks-en
|
||||
-libertas-sd8686-firmware
|
||||
-libertas-sd8787-firmware
|
||||
-libertas-usb8388-firmware
|
||||
-plymouth
|
||||
%end
|
6
cloud/rocky-cloud-parts-base.ks
Normal file
6
cloud/rocky-cloud-parts-base.ks
Normal file
@ -0,0 +1,6 @@
|
||||
zerombr
|
||||
clearpart --all --initlabel --disklabel=gpt
|
||||
part biosboot --size=1 --fstype=biosboot --asprimary
|
||||
part /boot/efi --size=100 --fstype=efi --asprimary
|
||||
part /boot --size=1000 --fstype=xfs --asprimary --label=boot
|
||||
part / --size=8000 --fstype="xfs" --mkfsoptions "-m bigtime=0,inobtcount=0" --grow
|
8
cloud/rocky-cloud-parts-lvm.ks
Normal file
8
cloud/rocky-cloud-parts-lvm.ks
Normal file
@ -0,0 +1,8 @@
|
||||
zerombr
|
||||
clearpart --all --initlabel --disklabel=gpt
|
||||
part biosboot --size=1 --fstype=biosboot --asprimary
|
||||
part /boot/efi --size=100 --fstype=efi --asprimary
|
||||
part /boot --size=1000 --fstype=xfs --asprimary --label=boot
|
||||
part pv.01 --size=1 --ondisk=vda --asprimary --grow
|
||||
volgroup rocky pv.01
|
||||
logvol / --vgname=rocky --size=8000 --name=root --grow
|
136
cloud/rocky-ec2-base.ks
Normal file
136
cloud/rocky-ec2-base.ks
Normal file
@ -0,0 +1,136 @@
|
||||
%include rocky-cloud-base.ks
|
||||
%include rocky-cloud-parts-base.ks
|
||||
%include rocky-cloud-base-packages.ks
|
||||
|
||||
bootloader --append="console=ttyS0,115200n8 no_timer_check crashkernel=auto net.ifnames=0 nvme_core.io_timeout=4294967295 nvme_core.max_retries=10" --location=mbr --timeout=1
|
||||
|
||||
%post --erroronfail
|
||||
passwd -d root
|
||||
passwd -l root
|
||||
|
||||
# Attempting to force legacy BIOS boot if we boot from UEFI
|
||||
# This was backported from our 9 kickstarts to address some issues.
|
||||
if [ "$(arch)" = "x86_64" ]; then
|
||||
dnf install grub2-pc-modules grub2-pc -y
|
||||
grub2-install --target=i386-pc /dev/vda
|
||||
fi
|
||||
|
||||
# Ensure that the pmbr_boot flag is off
|
||||
parted /dev/vda disk_set pmbr_boot off
|
||||
|
||||
# setup systemd to boot to the right runlevel
|
||||
rm -f /etc/systemd/system/default.target
|
||||
ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
|
||||
echo .
|
||||
|
||||
dnf -C -y remove linux-firmware
|
||||
|
||||
# Remove firewalld; it is required to be present for install/image building.
|
||||
# but we dont ship it in cloud
|
||||
dnf -C -y remove firewalld --setopt="clean_requirements_on_remove=1"
|
||||
dnf -C -y remove avahi\*
|
||||
sed -i '/^#NAutoVTs=.*/ a\
|
||||
NAutoVTs=0' /etc/systemd/logind.conf
|
||||
|
||||
cat > /etc/sysconfig/network << EOF
|
||||
NETWORKING=yes
|
||||
NOZEROCONF=yes
|
||||
EOF
|
||||
|
||||
# For cloud images, 'eth0' _is_ the predictable device name, since
|
||||
# we don't want to be tied to specific virtual (!) hardware
|
||||
rm -f /etc/udev/rules.d/70*
|
||||
ln -s /dev/null /etc/udev/rules.d/80-net-name-slot.rules
|
||||
|
||||
# simple eth0 config, again not hard-coded to the build hardware
|
||||
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
|
||||
DEVICE="eth0"
|
||||
BOOTPROTO="dhcp"
|
||||
ONBOOT="yes"
|
||||
TYPE="Ethernet"
|
||||
USERCTL="yes"
|
||||
PEERDNS="yes"
|
||||
IPV6INIT="no"
|
||||
PERSISTENT_DHCLIENT="1"
|
||||
EOF
|
||||
|
||||
echo "virtual-guest" > /etc/tuned/active_profile
|
||||
|
||||
# generic localhost names
|
||||
cat > /etc/hosts << EOF
|
||||
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
|
||||
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
|
||||
|
||||
EOF
|
||||
echo .
|
||||
|
||||
systemctl mask tmp.mount
|
||||
|
||||
cat <<EOL > /etc/sysconfig/kernel
|
||||
# UPDATEDEFAULT specifies if new-kernel-pkg should make
|
||||
# new kernels the default
|
||||
UPDATEDEFAULT=yes
|
||||
|
||||
# DEFAULTKERNEL specifies the default kernel package type
|
||||
DEFAULTKERNEL=kernel
|
||||
EOL
|
||||
|
||||
# make sure firstboot doesn't start
|
||||
echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot
|
||||
|
||||
# rocky cloud user
|
||||
echo -e 'rocky\tALL=(ALL)\tNOPASSWD: ALL' >> /etc/sudoers
|
||||
sed -i 's/name: cloud-user/name: rocky/g' /etc/cloud/cloud.cfg
|
||||
|
||||
dnf clean all
|
||||
|
||||
# XXX instance type markers - MUST match Rocky Infra expectation
|
||||
echo 'ec2' > /etc/yum/vars/infra
|
||||
|
||||
# change dhcp client retry/timeouts to resolve #6866
|
||||
cat >> /etc/dhcp/dhclient.conf << EOF
|
||||
|
||||
timeout 300;
|
||||
retry 60;
|
||||
EOF
|
||||
|
||||
|
||||
rm -rf /var/log/yum.log
|
||||
rm -rf /var/lib/yum/*
|
||||
rm -rf /root/install.log
|
||||
rm -rf /root/install.log.syslog
|
||||
rm -rf /root/anaconda-ks.cfg
|
||||
rm -rf /var/log/anaconda*
|
||||
|
||||
rm -f /var/lib/systemd/random-seed
|
||||
|
||||
cat /dev/null > /etc/machine-id
|
||||
|
||||
echo "Fixing SELinux contexts."
|
||||
touch /var/log/cron
|
||||
touch /var/log/boot.log
|
||||
mkdir -p /var/cache/yum
|
||||
/usr/sbin/fixfiles -R -a restore
|
||||
|
||||
# remove these for ec2 debugging
|
||||
sed -i -e 's/ rhgb quiet//' /boot/grub/grub.conf
|
||||
|
||||
cat > /etc/modprobe.d/blacklist-nouveau.conf << EOL
|
||||
blacklist nouveau
|
||||
EOL
|
||||
|
||||
# enable resizing on copied AMIs
|
||||
echo 'install_items+=" sgdisk "' > /etc/dracut.conf.d/sgdisk.conf
|
||||
|
||||
echo 'add_drivers+="xen-netfront xen-blkfront "' > /etc/dracut.conf.d/xen.conf
|
||||
# Rerun dracut for the installed kernel (not the running kernel):
|
||||
KERNEL_VERSION=$(rpm -q kernel --qf '%{V}-%{R}.%{arch}\n')
|
||||
dracut -f /boot/initramfs-$KERNEL_VERSION.img $KERNEL_VERSION
|
||||
|
||||
|
||||
# reorder console entries
|
||||
sed -i 's/console=tty0/console=tty0 console=ttyS0,115200n8/' /boot/grub2/grub.cfg
|
||||
|
||||
true
|
||||
|
||||
%end
|
136
cloud/rocky-ec2-lvm.ks
Normal file
136
cloud/rocky-ec2-lvm.ks
Normal file
@ -0,0 +1,136 @@
|
||||
%include rocky-cloud-base.ks
|
||||
%include rocky-cloud-parts-lvm.ks
|
||||
%include rocky-cloud-base-packages.ks
|
||||
|
||||
bootloader --append="console=ttyS0,115200n8 no_timer_check crashkernel=auto net.ifnames=0 nvme_core.io_timeout=4294967295 nvme_core.max_retries=10" --location=mbr --timeout=1
|
||||
|
||||
%post --erroronfail
|
||||
passwd -d root
|
||||
passwd -l root
|
||||
|
||||
# Attempting to force legacy BIOS boot if we boot from UEFI
|
||||
# This was backported from our 9 kickstarts to address some issues.
|
||||
if [ "$(arch)" = "x86_64" ]; then
|
||||
dnf install grub2-pc-modules grub2-pc -y
|
||||
grub2-install --target=i386-pc /dev/vda
|
||||
fi
|
||||
|
||||
# Ensure that the pmbr_boot flag is off
|
||||
parted /dev/vda disk_set pmbr_boot off
|
||||
|
||||
# setup systemd to boot to the right runlevel
|
||||
rm -f /etc/systemd/system/default.target
|
||||
ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
|
||||
echo .
|
||||
|
||||
dnf -C -y remove linux-firmware
|
||||
|
||||
# Remove firewalld; it is required to be present for install/image building.
|
||||
# but we dont ship it in cloud
|
||||
dnf -C -y remove firewalld --setopt="clean_requirements_on_remove=1"
|
||||
dnf -C -y remove avahi\*
|
||||
sed -i '/^#NAutoVTs=.*/ a\
|
||||
NAutoVTs=0' /etc/systemd/logind.conf
|
||||
|
||||
cat > /etc/sysconfig/network << EOF
|
||||
NETWORKING=yes
|
||||
NOZEROCONF=yes
|
||||
EOF
|
||||
|
||||
# For cloud images, 'eth0' _is_ the predictable device name, since
|
||||
# we don't want to be tied to specific virtual (!) hardware
|
||||
rm -f /etc/udev/rules.d/70*
|
||||
ln -s /dev/null /etc/udev/rules.d/80-net-name-slot.rules
|
||||
|
||||
# simple eth0 config, again not hard-coded to the build hardware
|
||||
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
|
||||
DEVICE="eth0"
|
||||
BOOTPROTO="dhcp"
|
||||
ONBOOT="yes"
|
||||
TYPE="Ethernet"
|
||||
USERCTL="yes"
|
||||
PEERDNS="yes"
|
||||
IPV6INIT="no"
|
||||
PERSISTENT_DHCLIENT="1"
|
||||
EOF
|
||||
|
||||
echo "virtual-guest" > /etc/tuned/active_profile
|
||||
|
||||
# generic localhost names
|
||||
cat > /etc/hosts << EOF
|
||||
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
|
||||
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
|
||||
|
||||
EOF
|
||||
echo .
|
||||
|
||||
systemctl mask tmp.mount
|
||||
|
||||
cat <<EOL > /etc/sysconfig/kernel
|
||||
# UPDATEDEFAULT specifies if new-kernel-pkg should make
|
||||
# new kernels the default
|
||||
UPDATEDEFAULT=yes
|
||||
|
||||
# DEFAULTKERNEL specifies the default kernel package type
|
||||
DEFAULTKERNEL=kernel
|
||||
EOL
|
||||
|
||||
# make sure firstboot doesn't start
|
||||
echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot
|
||||
|
||||
# rocky cloud user
|
||||
echo -e 'rocky\tALL=(ALL)\tNOPASSWD: ALL' >> /etc/sudoers
|
||||
sed -i 's/name: cloud-user/name: rocky/g' /etc/cloud/cloud.cfg
|
||||
|
||||
dnf clean all
|
||||
|
||||
# XXX instance type markers - MUST match Rocky Infra expectation
|
||||
echo 'ec2' > /etc/yum/vars/infra
|
||||
|
||||
# change dhcp client retry/timeouts to resolve #6866
|
||||
cat >> /etc/dhcp/dhclient.conf << EOF
|
||||
|
||||
timeout 300;
|
||||
retry 60;
|
||||
EOF
|
||||
|
||||
|
||||
rm -rf /var/log/yum.log
|
||||
rm -rf /var/lib/yum/*
|
||||
rm -rf /root/install.log
|
||||
rm -rf /root/install.log.syslog
|
||||
rm -rf /root/anaconda-ks.cfg
|
||||
rm -rf /var/log/anaconda*
|
||||
|
||||
rm -f /var/lib/systemd/random-seed
|
||||
|
||||
cat /dev/null > /etc/machine-id
|
||||
|
||||
echo "Fixing SELinux contexts."
|
||||
touch /var/log/cron
|
||||
touch /var/log/boot.log
|
||||
mkdir -p /var/cache/yum
|
||||
/usr/sbin/fixfiles -R -a restore
|
||||
|
||||
# remove these for ec2 debugging
|
||||
sed -i -e 's/ rhgb quiet//' /boot/grub/grub.conf
|
||||
|
||||
cat > /etc/modprobe.d/blacklist-nouveau.conf << EOL
|
||||
blacklist nouveau
|
||||
EOL
|
||||
|
||||
# enable resizing on copied AMIs
|
||||
echo 'install_items+=" sgdisk "' > /etc/dracut.conf.d/sgdisk.conf
|
||||
|
||||
echo 'add_drivers+="xen-netfront xen-blkfront "' > /etc/dracut.conf.d/xen.conf
|
||||
# Rerun dracut for the installed kernel (not the running kernel):
|
||||
KERNEL_VERSION=$(rpm -q kernel --qf '%{V}-%{R}.%{arch}\n')
|
||||
dracut -f /boot/initramfs-$KERNEL_VERSION.img $KERNEL_VERSION
|
||||
|
||||
|
||||
# reorder console entries
|
||||
sed -i 's/console=tty0/console=tty0 console=ttyS0,115200n8/' /boot/grub2/grub.cfg
|
||||
|
||||
true
|
||||
|
||||
%end
|
123
cloud/rocky-genclo-base.ks
Normal file
123
cloud/rocky-genclo-base.ks
Normal file
@ -0,0 +1,123 @@
|
||||
%include rocky-cloud-base.ks
|
||||
%include rocky-cloud-parts-base.ks
|
||||
%include rocky-cloud-base-packages.ks
|
||||
|
||||
bootloader --append="console=ttyS0,115200n8 no_timer_check crashkernel=auto net.ifnames=0" --location=mbr --timeout=1
|
||||
|
||||
%post --erroronfail
|
||||
passwd -d root
|
||||
passwd -l root
|
||||
|
||||
# Attempting to force legacy BIOS boot if we boot from UEFI
|
||||
# This was backported from our 9 kickstarts to address some issues.
|
||||
if [ "$(arch)" = "x86_64" ]; then
|
||||
dnf install grub2-pc-modules grub2-pc -y
|
||||
grub2-install --target=i386-pc /dev/vda
|
||||
fi
|
||||
|
||||
# Ensure that the pmbr_boot flag is off
|
||||
parted /dev/vda disk_set pmbr_boot off
|
||||
|
||||
# setup systemd to boot to the right runlevel
|
||||
rm -f /etc/systemd/system/default.target
|
||||
ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
|
||||
echo .
|
||||
|
||||
dnf -C -y remove linux-firmware
|
||||
|
||||
# Remove firewalld; it is required to be present for install/image building.
|
||||
# but we dont ship it in cloud
|
||||
dnf -C -y remove firewalld --setopt="clean_requirements_on_remove=1"
|
||||
dnf -C -y remove avahi\*
|
||||
sed -i '/^#NAutoVTs=.*/ a\
|
||||
NAutoVTs=0' /etc/systemd/logind.conf
|
||||
|
||||
cat > /etc/sysconfig/network << EOF
|
||||
NETWORKING=yes
|
||||
NOZEROCONF=yes
|
||||
EOF
|
||||
|
||||
# Remove build-time resolvers to fix #16948
|
||||
echo > /etc/resolv.conf
|
||||
|
||||
# For cloud images, 'eth0' _is_ the predictable device name, since
|
||||
# we don't want to be tied to specific virtual (!) hardware
|
||||
rm -f /etc/udev/rules.d/70*
|
||||
ln -s /dev/null /etc/udev/rules.d/80-net-name-slot.rules
|
||||
|
||||
# simple eth0 config, again not hard-coded to the build hardware
|
||||
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
|
||||
DEVICE="eth0"
|
||||
BOOTPROTO="dhcp"
|
||||
ONBOOT="yes"
|
||||
TYPE="Ethernet"
|
||||
USERCTL="yes"
|
||||
PEERDNS="yes"
|
||||
IPV6INIT="no"
|
||||
PERSISTENT_DHCLIENT="1"
|
||||
EOF
|
||||
|
||||
echo "virtual-guest" > /etc/tuned/active_profile
|
||||
|
||||
# generic localhost names
|
||||
cat > /etc/hosts << EOF
|
||||
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
|
||||
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
|
||||
|
||||
EOF
|
||||
echo .
|
||||
|
||||
systemctl mask tmp.mount
|
||||
|
||||
cat <<EOL > /etc/sysconfig/kernel
|
||||
# UPDATEDEFAULT specifies if new-kernel-pkg should make
|
||||
# new kernels the default
|
||||
UPDATEDEFAULT=yes
|
||||
|
||||
# DEFAULTKERNEL specifies the default kernel package type
|
||||
DEFAULTKERNEL=kernel
|
||||
EOL
|
||||
|
||||
# make sure firstboot doesn't start
|
||||
echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot
|
||||
|
||||
# rocky cloud user
|
||||
echo -e 'rocky\tALL=(ALL)\tNOPASSWD: ALL' >> /etc/sudoers
|
||||
sed -i 's/name: cloud-user/name: rocky/g' /etc/cloud/cloud.cfg
|
||||
|
||||
dnf clean all
|
||||
|
||||
# XXX instance type markers - MUST match Rocky Infra expectation
|
||||
echo 'genclo' > /etc/yum/vars/infra
|
||||
|
||||
# change dhcp client retry/timeouts to resolve #6866
|
||||
cat >> /etc/dhcp/dhclient.conf << EOF
|
||||
|
||||
timeout 300;
|
||||
retry 60;
|
||||
EOF
|
||||
|
||||
|
||||
rm -rf /var/log/yum.log
|
||||
rm -rf /var/lib/yum/*
|
||||
rm -rf /root/install.log
|
||||
rm -rf /root/install.log.syslog
|
||||
rm -rf /root/anaconda-ks.cfg
|
||||
rm -rf /var/log/anaconda*
|
||||
|
||||
rm -f /var/lib/systemd/random-seed
|
||||
|
||||
cat /dev/null > /etc/machine-id
|
||||
|
||||
echo "Fixing SELinux contexts."
|
||||
touch /var/log/cron
|
||||
touch /var/log/boot.log
|
||||
mkdir -p /var/cache/yum
|
||||
/usr/sbin/fixfiles -R -a restore
|
||||
|
||||
# reorder console entries
|
||||
sed -i 's/console=tty0/console=tty0 console=ttyS0,115200n8/' /boot/grub2/grub.cfg
|
||||
|
||||
true
|
||||
|
||||
%end
|
123
cloud/rocky-genclo-lvm.ks
Normal file
123
cloud/rocky-genclo-lvm.ks
Normal file
@ -0,0 +1,123 @@
|
||||
%include rocky-cloud-base.ks
|
||||
%include rocky-cloud-parts-lvm.ks
|
||||
%include rocky-cloud-base-packages.ks
|
||||
|
||||
bootloader --append="console=ttyS0,115200n8 no_timer_check crashkernel=auto net.ifnames=0" --location=mbr --timeout=1
|
||||
|
||||
%post --erroronfail
|
||||
passwd -d root
|
||||
passwd -l root
|
||||
|
||||
# Attempting to force legacy BIOS boot if we boot from UEFI
|
||||
# This was backported from our 9 kickstarts to address some issues.
|
||||
if [ "$(arch)" = "x86_64" ]; then
|
||||
dnf install grub2-pc-modules grub2-pc -y
|
||||
grub2-install --target=i386-pc /dev/vda
|
||||
fi
|
||||
|
||||
# Ensure that the pmbr_boot flag is off
|
||||
parted /dev/vda disk_set pmbr_boot off
|
||||
|
||||
# setup systemd to boot to the right runlevel
|
||||
rm -f /etc/systemd/system/default.target
|
||||
ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
|
||||
echo .
|
||||
|
||||
dnf -C -y remove linux-firmware
|
||||
|
||||
# Remove firewalld; it is required to be present for install/image building.
|
||||
# but we dont ship it in cloud
|
||||
dnf -C -y remove firewalld --setopt="clean_requirements_on_remove=1"
|
||||
dnf -C -y remove avahi\*
|
||||
sed -i '/^#NAutoVTs=.*/ a\
|
||||
NAutoVTs=0' /etc/systemd/logind.conf
|
||||
|
||||
cat > /etc/sysconfig/network << EOF
|
||||
NETWORKING=yes
|
||||
NOZEROCONF=yes
|
||||
EOF
|
||||
|
||||
# Remove build-time resolvers to fix #16948
|
||||
echo > /etc/resolv.conf
|
||||
|
||||
# For cloud images, 'eth0' _is_ the predictable device name, since
|
||||
# we don't want to be tied to specific virtual (!) hardware
|
||||
rm -f /etc/udev/rules.d/70*
|
||||
ln -s /dev/null /etc/udev/rules.d/80-net-name-slot.rules
|
||||
|
||||
# simple eth0 config, again not hard-coded to the build hardware
|
||||
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
|
||||
DEVICE="eth0"
|
||||
BOOTPROTO="dhcp"
|
||||
ONBOOT="yes"
|
||||
TYPE="Ethernet"
|
||||
USERCTL="yes"
|
||||
PEERDNS="yes"
|
||||
IPV6INIT="no"
|
||||
PERSISTENT_DHCLIENT="1"
|
||||
EOF
|
||||
|
||||
echo "virtual-guest" > /etc/tuned/active_profile
|
||||
|
||||
# generic localhost names
|
||||
cat > /etc/hosts << EOF
|
||||
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
|
||||
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
|
||||
|
||||
EOF
|
||||
echo .
|
||||
|
||||
systemctl mask tmp.mount
|
||||
|
||||
cat <<EOL > /etc/sysconfig/kernel
|
||||
# UPDATEDEFAULT specifies if new-kernel-pkg should make
|
||||
# new kernels the default
|
||||
UPDATEDEFAULT=yes
|
||||
|
||||
# DEFAULTKERNEL specifies the default kernel package type
|
||||
DEFAULTKERNEL=kernel
|
||||
EOL
|
||||
|
||||
# make sure firstboot doesn't start
|
||||
echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot
|
||||
|
||||
# rocky cloud user
|
||||
echo -e 'rocky\tALL=(ALL)\tNOPASSWD: ALL' >> /etc/sudoers
|
||||
sed -i 's/name: cloud-user/name: rocky/g' /etc/cloud/cloud.cfg
|
||||
|
||||
dnf clean all
|
||||
|
||||
# XXX instance type markers - MUST match Rocky Infra expectation
|
||||
echo 'genclo' > /etc/yum/vars/infra
|
||||
|
||||
# change dhcp client retry/timeouts to resolve #6866
|
||||
cat >> /etc/dhcp/dhclient.conf << EOF
|
||||
|
||||
timeout 300;
|
||||
retry 60;
|
||||
EOF
|
||||
|
||||
|
||||
rm -rf /var/log/yum.log
|
||||
rm -rf /var/lib/yum/*
|
||||
rm -rf /root/install.log
|
||||
rm -rf /root/install.log.syslog
|
||||
rm -rf /root/anaconda-ks.cfg
|
||||
rm -rf /var/log/anaconda*
|
||||
|
||||
rm -f /var/lib/systemd/random-seed
|
||||
|
||||
cat /dev/null > /etc/machine-id
|
||||
|
||||
echo "Fixing SELinux contexts."
|
||||
touch /var/log/cron
|
||||
touch /var/log/boot.log
|
||||
mkdir -p /var/cache/yum
|
||||
/usr/sbin/fixfiles -R -a restore
|
||||
|
||||
# reorder console entries
|
||||
sed -i 's/console=tty0/console=tty0 console=ttyS0,115200n8/' /boot/grub2/grub.cfg
|
||||
|
||||
true
|
||||
|
||||
%end
|
224
cloud/rocky-ocp.ks
Normal file
224
cloud/rocky-ocp.ks
Normal file
@ -0,0 +1,224 @@
|
||||
%include rocky-cloud-base.ks
|
||||
%include rocky-cloud-parts-lvm.ks
|
||||
%include rocky-cloud-ocp-packages.ks
|
||||
|
||||
bootloader --append="console=ttyS0,115200n8 console=tty0 no_timer_check crashkernel=auto net.ifnames=0 LANG=en_US.UTF-8 transparent_hugepage=never rd.luks=0 rd.md=0 rd.dm=0 rd.lvm.vg=rocky rd.lvm.lv=rocky/root rd.net.timeout.dhcp=10" --location=mbr --timeout=1
|
||||
repo --name="oraclelinux-addons" --baseurl=http://yum.oracle.com/repo/OracleLinux/OL8/addons/$basearch/ --install --includepkgs="oci-utils"
|
||||
|
||||
%post --erroronfail
|
||||
# Attempting to force legacy BIOS boot if we boot from UEFI
|
||||
# This was backported from our 9 kickstarts to address some issues.
|
||||
if [ "$(arch)" = "x86_64" ]; then
|
||||
dnf install grub2-pc-modules grub2-pc -y
|
||||
grub2-install --target=i386-pc /dev/vda
|
||||
fi
|
||||
|
||||
# Ensure that the pmbr_boot flag is off
|
||||
parted /dev/vda disk_set pmbr_boot off
|
||||
|
||||
# setup systemd to boot to the right runlevel
|
||||
rm -f /etc/systemd/system/default.target
|
||||
ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
|
||||
echo .
|
||||
|
||||
dnf -C -y remove linux-firmware
|
||||
|
||||
# Remove firewalld; it is required to be present for install/image building.
|
||||
# but we dont ship it in cloud
|
||||
dnf -C -y remove firewalld --setopt="clean_requirements_on_remove=1"
|
||||
dnf -C -y remove avahi\*
|
||||
sed -i '/^#NAutoVTs=.*/ a\
|
||||
NAutoVTs=0' /etc/systemd/logind.conf
|
||||
|
||||
cat > /etc/sysconfig/network << EOF
|
||||
NETWORKING=yes
|
||||
NOZEROCONF=yes
|
||||
EOF
|
||||
|
||||
# Remove build-time resolvers to fix #16948
|
||||
echo > /etc/resolv.conf
|
||||
|
||||
# For cloud images, 'eth0' _is_ the predictable device name, since
|
||||
# we don't want to be tied to specific virtual (!) hardware
|
||||
rm -f /etc/udev/rules.d/70*
|
||||
ln -s /dev/null /etc/udev/rules.d/80-net-name-slot.rules
|
||||
|
||||
# simple eth0 config, again not hard-coded to the build hardware
|
||||
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
|
||||
DEVICE="eth0"
|
||||
BOOTPROTO="dhcp"
|
||||
ONBOOT="yes"
|
||||
TYPE="Ethernet"
|
||||
USERCTL="yes"
|
||||
PEERDNS="yes"
|
||||
IPV6INIT="no"
|
||||
PERSISTENT_DHCLIENT="1"
|
||||
EOF
|
||||
|
||||
echo "virtual-guest" > /etc/tuned/active_profile
|
||||
|
||||
# generic localhost names
|
||||
cat > /etc/hosts << EOF
|
||||
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
|
||||
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
|
||||
|
||||
EOF
|
||||
echo .
|
||||
|
||||
systemctl mask tmp.mount
|
||||
|
||||
cat <<EOL > /etc/sysconfig/kernel
|
||||
# UPDATEDEFAULT specifies if new-kernel-pkg should make
|
||||
# new kernels the default
|
||||
UPDATEDEFAULT=yes
|
||||
|
||||
# DEFAULTKERNEL specifies the default kernel package type
|
||||
DEFAULTKERNEL=kernel
|
||||
EOL
|
||||
|
||||
# make sure firstboot doesn't start
|
||||
echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot
|
||||
|
||||
# rocky cloud user
|
||||
echo -e 'rocky\tALL=(ALL)\tNOPASSWD: ALL' >> /etc/sudoers
|
||||
sed -i 's/name: cloud-user/name: rocky/g' /etc/cloud/cloud.cfg
|
||||
|
||||
dnf clean all
|
||||
|
||||
# XXX instance type markers - MUST match Rocky Infra expectation
|
||||
echo 'oci' > /etc/yum/vars/infra
|
||||
|
||||
# change dhcp client retry/timeouts to resolve #6866
|
||||
cat >> /etc/dhcp/dhclient.conf << EOF
|
||||
|
||||
timeout 300;
|
||||
retry 60;
|
||||
EOF
|
||||
|
||||
|
||||
rm -rf /var/log/yum.log
|
||||
rm -rf "/var/lib/yum/*"
|
||||
rm -rf /root/install.log
|
||||
rm -rf /root/install.log.syslog
|
||||
rm -rf /root/anaconda-ks.cfg
|
||||
rm -rf /var/log/anaconda*
|
||||
|
||||
rm -f /var/lib/systemd/random-seed
|
||||
|
||||
cat /dev/null > /etc/machine-id
|
||||
|
||||
echo "Fixing SELinux contexts."
|
||||
touch /var/log/cron
|
||||
touch /var/log/boot.log
|
||||
mkdir -p /var/cache/yum
|
||||
/usr/sbin/fixfiles -R -a restore
|
||||
|
||||
# remove these for debugging
|
||||
sed -i -e 's/ rhgb quiet//' /boot/grub/grub.conf
|
||||
|
||||
# enable resizing on copied AMIs
|
||||
echo 'install_items+=" sgdisk "' > /etc/dracut.conf.d/sgdisk.conf
|
||||
|
||||
|
||||
# OCI - Start ocid on boot
|
||||
systemctl enable ocid.service
|
||||
|
||||
# OCI - Need iscsi as a dracut module
|
||||
echo 'add_dracutmodules+="iscsi"' > /etc/dracut.conf.d/iscsi.conf
|
||||
|
||||
# OCI - Virtio drivers
|
||||
echo 'add_drivers+="virtio virtio_blk virtio_net virtio_pci virtio_ring virtio_scsi virtio_console"' > /etc/dracut.conf.d/virtio.conf
|
||||
|
||||
# OCI - YOLO
|
||||
mkdir -p /usr/lib/dracut/modules.d/95oci
|
||||
OCIDRACUT="H4sIAGtFHmMAA+2WWW/bOBCA/Vr+illZzQXoluPUhgMURYrmpS02fevuGpJIWYQVUiWpJoHr/15S
|
||||
crLZZBs3QA8U5QfYosQ5NUNSrRRBTfMAi6xoVXDOcVsT6ePg2YgXNBh8C0LNeDTqrpq7124cpfF4
|
||||
nIzT8fhwEEaj+HA8gNE38b6FVqpMAAwE5+ohuW3zvyjtw/UnLMtr4lFZSOrlV00mpS+rR/rYUv84
|
||||
StJBlIx10ZNREscD/SRNkwGE3yXjO/zm9R/+EeSUBbJCQ/AOPNANQCYgK1LXniwEbdQUKMOEKU9l
|
||||
ufT6eUbrqRby8kzSwuNlKYmaQDo1JrQhcjkBJWdHIC9mKUg9TIEoKGlN1FVDZtobGr7NVFFB11nm
|
||||
3YLikNU1v4A8ozXwVgEtQVUEullM5RKKjGkZQTJ8BTmBkrcMo6Eg5QTeiCxvFxMYJmESxWGYImRc
|
||||
wYLo8i7gOMDkY8Dauob4eCeCT5/Ah1uN7+mhbmx0+vrs5M93s10kZo67Mp6Hec2L5WTtIB1Oby3n
|
||||
vIYQBPa76P1+XcDODrwHj4DjCgf+nprYGSDQlFwA69KgDNy93ooERpR5uD8FzDs5w3utv+qEnz6d
|
||||
HKwdmIHTudE2TdgFZ4qyltwodGk2mZBk3snNO0dfTlh7vc722sQ9bcftInCMmiCqFQyiG+lN2HPC
|
||||
ipm7J5WYC9LUWUH+VXMC/fsrLp39TgtzRuAe3RQpKr5JcAJnS9o0lC3AveXD930HjnfiR4lDl/7y
|
||||
XC5uqUkjT7CZdgJ13gSdHbP+FcHebSNOr3VJFYSopGgXfWX1S21ZmgV109c3rYCuwzgxe6oJ+/Ts
|
||||
xdkpbPR5oyhn15l+leR/kuw13L6BdeFAEgwehd3gn7fP372a+QdusBK9ilSYmniq9RTc1eU0MBKB
|
||||
HnwI11P9n6x3/ycP3QsXme4E56VeoNr4g9GZt/az9zbLdrac//29p7f3tnn8wb9h2/dfchjdOf/D
|
||||
OIns+f8j2Jz/+iD/4V8ARUWK5d4+rNCTzRkTojVCmDSEYXl/gjJdqrruJ8zNvOJ8CY0gXqt3NTg6
|
||||
0vufjg5T8YXvVkeb+dkv3GKxWCwWi8VisVgsFovFYrFYLBaLxWL5jnwGdMMrBgAoAAA="
|
||||
|
||||
base64 -d <<<"$OCIDRACUT" | tar -xz
|
||||
|
||||
OCICLOUDCFG="IyBPQ0kgY2xvdWQtaW5pdCBjb25maWd1cmF0aW9uCmRhdGFzb3VyY2VfbGlzdDogWydPcmFjbGUn
|
||||
LCAnT3BlblN0YWNrJ10KZGF0YXNvdXJjZToKICBPcGVuU3RhY2s6CiAgICBtZXRhZGF0YV91cmxz
|
||||
OiBbJ2h0dHA6Ly8xNjkuMjU0LjE2OS4yNTQnXQogICAgdGltZW91dDogMTAKICAgIG1heF93YWl0
|
||||
OiAyMAoKIyBzd2FwIGZpbGUKc3dhcDoKICAgZmlsZW5hbWU6IC8uc3dhcGZpbGUKICAgc2l6ZTog
|
||||
ImF1dG8iCgpjbG91ZF9pbml0X21vZHVsZXM6CiMgT0NJOiBkaXNrX3NldHVwIGlzIGRpc2FibGVk
|
||||
CiMtIGRpc2tfc2V0dXAKIC0gbWlncmF0b3IKIC0gYm9vdGNtZAogLSB3cml0ZS1maWxlcwojIE9D
|
||||
STogVGhlIGdyb3dwYXJ0IG1vZHVsZSBpcyBkaXNhYmxlZCBieSBkZWZhdWx0LiBUbyBlbmFibGUg
|
||||
YXV0b21hdGljIGJvb3Qgdm9sdW1lIHJlc2l6aW5nLCB1bmNvbW1lbnQKIyB0aGUgYmVsb3cgZW50
|
||||
cnkgZm9yICctIGdyb3dwYXJ0JyBhbmQgcmVib290LiBBbGwgdGhlIGRlcGVuZGVudCBwYWNrYWdl
|
||||
cyBmb3IgdGhlIGdyb3dwYXJ0CiMgbW9kdWxlIHRvIHdvcmsgc3VjaCBhcyBjbG91ZC11dGlscy1n
|
||||
cm93cGFydCBhbmQgZ2Rpc2sgYXJlIGFscmVhZHkgaW5jbHVkZWQgaW4gdGhlIGltYWdlLgojLSBn
|
||||
cm93cGFydAogLSByZXNpemVmcwojIE9DSTogc2V0X2hvc3RuYW1lLCB1cGRhdGVfaG9zdG5hbWUs
|
||||
IHVwZGF0ZV9ldGNfaG9zdHMgYXJlIGRpc2FibGVkCiMtIHNldF9ob3N0bmFtZQojLSB1cGRhdGVf
|
||||
aG9zdG5hbWUKIy0gdXBkYXRlX2V0Y19ob3N0cwogLSByc3lzbG9nCiAtIHVzZXJzLWdyb3Vwcwog
|
||||
LSBzc2gKCmNsb3VkX2NvbmZpZ19tb2R1bGVzOgogLSBtb3VudHMKIC0gbG9jYWxlCiAtIHNldC1w
|
||||
YXNzd29yZHMKIyBPQ0k6IHJoX3N1YnNjcmlwdGlvbiBpcyBkaXNhYmxlZAojLSByaF9zdWJzY3Jp
|
||||
cHRpb24KIC0geXVtLWFkZC1yZXBvCiAtIHBhY2thZ2UtdXBkYXRlLXVwZ3JhZGUtaW5zdGFsbAog
|
||||
LSB0aW1lem9uZQogLSBudHAKIC0gcHVwcGV0CiAtIGNoZWYKIC0gc2FsdC1taW5pb24KIC0gbWNv
|
||||
bGxlY3RpdmUKIC0gZGlzYWJsZS1lYzItbWV0YWRhdGEKIC0gcnVuY21kCgpjbG91ZF9maW5hbF9t
|
||||
b2R1bGVzOgogLSByaWdodHNjYWxlX3VzZXJkYXRhCiAtIHNjcmlwdHMtcGVyLW9uY2UKIC0gc2Ny
|
||||
aXB0cy1wZXItYm9vdAogLSBzY3JpcHRzLXBlci1pbnN0YW5jZQogLSBzY3JpcHRzLXVzZXIKIC0g
|
||||
c3NoLWF1dGhrZXktZmluZ2VycHJpbnRzCiAtIGtleXMtdG8tY29uc29sZQogLSBwaG9uZS1ob21l
|
||||
CiAtIGZpbmFsLW1lc3NhZ2UKIyBPQ0k6IHBvd2VyLXN0YXRlLWNoYW5nZSBpcyBkaXNhYmxlZAoj
|
||||
LSBwb3dlci1zdGF0ZS1jaGFuZ2UKCg=="
|
||||
|
||||
base64 -d <<<"$OCICLOUDCFG" >> /etc/cloud/cloud.cfg.d/99_oci.cfg
|
||||
|
||||
# Rerun dracut for the installed kernel (not the running kernel):
|
||||
KERNEL_VERSION=$(rpm -q kernel --qf '%%{V}-%%{R}.%%{arch}\n')
|
||||
dracut -f /boot/initramfs-$KERNEL_VERSION.img $KERNEL_VERSION
|
||||
|
||||
# OCI needs Iscsi
|
||||
grubby --args="libiscsi.debug_libiscsi_eh=1 netroot=iscsi:169.254.0.2:::1:iqn.2015-02.oracle.boot:uefi ip=dhcp rd.iscsi.bypass rd.iscsi.param=node.session.timeo.replacement_timeout=6000" --update-kernel "/boot/vmlinuz-$KERNEL_VERSION"
|
||||
|
||||
passwd -d root
|
||||
passwd -l root
|
||||
|
||||
# Copyright (C) 2020 Oracle Corp., Inc. All rights reserved.
|
||||
# Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl
|
||||
#
|
||||
# /usr/lib/oci-linux-config/cloud/scripts/initramfs-mod/net.sh
|
||||
#
|
||||
|
||||
echo "$(date) - OCI initramfs network modification script started."
|
||||
|
||||
# Symlink network config files where cloud-init >= 19.4 expects them
|
||||
DRACUT_CFG=/run/initramfs/state/etc/sysconfig/network-scripts
|
||||
CI_DIR=/run
|
||||
if [ -d $DRACUT_CFG ]; then
|
||||
FILE_COUNT=`ls $DRACUT_CFG | wc -l`
|
||||
if [ $FILE_COUNT -eq 0 ]; then
|
||||
# Create dummy file if dracut did not create network device config
|
||||
dummycfg=$CI_DIR/net-dummy.conf
|
||||
echo "DEVICE=\"dummy\"" > $dummycfg
|
||||
echo "BOOTPROTO=dhcp" >> $dummycfg
|
||||
echo "$(date) - Creating dummy config $dummycfg."
|
||||
else
|
||||
for dcfg in $DRACUT_CFG/*; do
|
||||
filename=${dcfg##*/}
|
||||
devname=${filename##ifcfg-}
|
||||
cicfg=$CI_DIR/net-$devname.conf
|
||||
if [ ! -e $cicfg ]; then
|
||||
echo "$(date) - Creating symlink from $dcfg to $cicfg."
|
||||
ln -s $dcfg $cicfg
|
||||
fi
|
||||
done
|
||||
fi
|
||||
fi
|
||||
|
||||
echo "$(date) - OCI initramfs network modification script done."
|
||||
true
|
||||
|
||||
%end
|
75
container/rocky-container-base.ks
Normal file
75
container/rocky-container-base.ks
Normal file
@ -0,0 +1,75 @@
|
||||
%include rocky-container.ks
|
||||
|
||||
%packages --ignoremissing --excludedocs --instLangs=en --nocore --excludeWeakdeps
|
||||
bash
|
||||
binutils
|
||||
coreutils-single
|
||||
glibc-minimal-langpack
|
||||
hostname
|
||||
iputils # this pulls in systemd, lets ask for it by name, too
|
||||
less
|
||||
systemd
|
||||
rocky-release
|
||||
rootfiles
|
||||
tar
|
||||
vim-minimal
|
||||
yum
|
||||
|
||||
-brotli
|
||||
-dosfstools
|
||||
-kexec-tools
|
||||
-e2fsprogs
|
||||
-firewalld
|
||||
-fuse-libs
|
||||
-gettext*
|
||||
-gnupg2-smime
|
||||
-grub\*
|
||||
-iptables
|
||||
-kernel
|
||||
-libss
|
||||
-os-prober*
|
||||
-pinentry
|
||||
-qemu-guest-agent
|
||||
-shared-mime-info
|
||||
-trousers
|
||||
-xfsprogs
|
||||
-xkeyboard-config
|
||||
%end
|
||||
|
||||
%post --erroronfail --log=/root/anaconda-post.log
|
||||
# container customizations inside the chroot
|
||||
|
||||
# Stay compatible
|
||||
echo 'container' > /etc/dnf/vars/infra
|
||||
|
||||
#Generate installtime file record
|
||||
/bin/date +%Y%m%d_%H%M > /etc/BUILDTIME
|
||||
|
||||
# Limit languages to help reduce size.
|
||||
LANG="en_US"
|
||||
echo "%_install_langs $LANG" > /etc/rpm/macros.image-language-conf
|
||||
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1727489
|
||||
echo 'LANG="C.UTF-8"' > /etc/locale.conf
|
||||
|
||||
# systemd fixes
|
||||
:> /etc/machine-id
|
||||
umount /run
|
||||
systemd-tmpfiles --create --boot
|
||||
|
||||
# mask mounts and login bits
|
||||
systemctl mask \
|
||||
console-getty.service \
|
||||
dev-hugepages.mount \
|
||||
getty.target \
|
||||
sys-fs-fuse-connections.mount \
|
||||
systemd-logind.service \
|
||||
systemd-remount-fs.service
|
||||
|
||||
# Cleanup the image
|
||||
rm -f /etc/udev/hwdb.bin
|
||||
rm -rf /usr/lib/udev/hwdb.d/ \
|
||||
/boot /var/lib/dnf/history.* \
|
||||
/tmp/* /tmp/.* || true
|
||||
|
||||
%end
|
77
container/rocky-container-minimal.ks
Normal file
77
container/rocky-container-minimal.ks
Normal file
@ -0,0 +1,77 @@
|
||||
%include rocky-container.ks
|
||||
|
||||
%packages --ignoremissing --excludedocs --instLangs=en --nocore --excludeWeakdeps
|
||||
bash
|
||||
coreutils-single
|
||||
glibc-minimal-langpack
|
||||
systemd
|
||||
microdnf
|
||||
rocky-release
|
||||
|
||||
-brotli
|
||||
-dosfstools
|
||||
-e2fsprogs
|
||||
-firewalld
|
||||
-fuse-libs
|
||||
-gettext*
|
||||
-gnupg2-smime
|
||||
-grub\*
|
||||
-hostname
|
||||
-iptables
|
||||
-iputils
|
||||
-kernel
|
||||
-kexec-tools
|
||||
-less
|
||||
-libss
|
||||
-os-prober*
|
||||
-pinentry
|
||||
-qemu-guest-agent
|
||||
-rootfiles
|
||||
-shared-mime-info
|
||||
-tar
|
||||
-trousers
|
||||
-vim-minimal
|
||||
-xfsprogs
|
||||
-xkeyboard-config
|
||||
-yum
|
||||
%end
|
||||
|
||||
%post --erroronfail --log=/root/anaconda-post.log
|
||||
# container customizations inside the chroot
|
||||
|
||||
|
||||
rpm --rebuilddb
|
||||
|
||||
/bin/date +%Y-%m-%d_%H:%M:%S > /etc/BUILDTIME
|
||||
|
||||
echo 'container' > /etc/dnf/vars/infra
|
||||
|
||||
LANG="en_US"
|
||||
echo '%_install_langs en_US.UTF-8' > /etc/rpm/macros.image-language-conf
|
||||
echo 'LANG="C.UTF-8"' > /etc/locale.conf
|
||||
|
||||
rm -f /var/lib/dnf/history.*
|
||||
rm -fr "/var/log/*" "/tmp/*" "/tmp/.*"
|
||||
|
||||
for dir in $(ls -d "/usr/share/{locale,i18n}/*" | grep -v 'en_US\|all_languages\|locale\.alias'); do rm -fr $dir; done
|
||||
|
||||
# systemd fixes
|
||||
umount /run
|
||||
systemd-tmpfiles --create --boot
|
||||
|
||||
# mask mounts and login bits
|
||||
systemctl mask \
|
||||
console-getty.service \
|
||||
dev-hugepages.mount \
|
||||
getty.target \
|
||||
sys-fs-fuse-connections.mount \
|
||||
systemd-logind.service \
|
||||
systemd-remount-fs.service
|
||||
|
||||
# Cleanup the image
|
||||
rm -f /etc/udev/hwdb.bin
|
||||
rm -rf /usr/lib/udev/hwdb.d/ \
|
||||
/boot /var/lib/dnf/history.* \
|
||||
"/tmp/*" "/tmp/.*" || true
|
||||
|
||||
%end
|
78
container/rocky-container-ubi.ks
Normal file
78
container/rocky-container-ubi.ks
Normal file
@ -0,0 +1,78 @@
|
||||
%include rocky-container.ks
|
||||
|
||||
%packages --ignoremissing --excludedocs --instLangs=en --nocore --excludeWeakdeps
|
||||
bash
|
||||
binutils
|
||||
brotli
|
||||
coreutils-single
|
||||
crypto-policies-scripts
|
||||
dmidecode
|
||||
findutils
|
||||
glibc-minimal-langpack
|
||||
libcurl
|
||||
systemd
|
||||
rocky-release
|
||||
rootfiles
|
||||
tar
|
||||
vim-minimal
|
||||
which
|
||||
yum
|
||||
|
||||
|
||||
-dosfstools
|
||||
-e2fsprogs
|
||||
-firewalld
|
||||
-fuse-libs
|
||||
-gettext*
|
||||
-gnupg2-smime
|
||||
-grub\*
|
||||
-iptables
|
||||
-kernel
|
||||
-kexec-tools
|
||||
-libss
|
||||
-os-prober*
|
||||
-pinentry
|
||||
-qemu-guest-agent
|
||||
-shared-mime-info
|
||||
-trousers
|
||||
-xfsprogs
|
||||
-xkeyboard-config
|
||||
%end
|
||||
|
||||
%post --erroronfail --log=/root/anaconda-post.log
|
||||
# container customizations inside the chroot
|
||||
|
||||
# Stay compatible
|
||||
echo 'container' > /etc/dnf/vars/infra
|
||||
|
||||
#Generate installtime file record
|
||||
/bin/date +%Y%m%d_%H%M > /etc/BUILDTIME
|
||||
|
||||
# Limit languages to help reduce size.
|
||||
LANG="en_US"
|
||||
echo "%_install_langs $LANG" > /etc/rpm/macros.image-language-conf
|
||||
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1727489
|
||||
echo 'LANG="C.UTF-8"' > /etc/locale.conf
|
||||
|
||||
# systemd fixes
|
||||
:> /etc/machine-id
|
||||
umount /run
|
||||
systemd-tmpfiles --create --boot
|
||||
|
||||
# mask mounts and login bits
|
||||
systemctl mask \
|
||||
console-getty.service \
|
||||
dev-hugepages.mount \
|
||||
getty.target \
|
||||
sys-fs-fuse-connections.mount \
|
||||
systemd-logind.service \
|
||||
systemd-remount-fs.service
|
||||
|
||||
# Cleanup the image
|
||||
rm -f /etc/udev/hwdb.bin
|
||||
rm -rf /usr/lib/udev/hwdb.d/ \
|
||||
/boot /var/lib/dnf/history.* \
|
||||
/tmp/* /tmp/.* || true
|
||||
|
||||
%end
|
18
container/rocky-container.ks
Normal file
18
container/rocky-container.ks
Normal file
@ -0,0 +1,18 @@
|
||||
url --url https://download.rockylinux.org/stg/rocky/8/BaseOS/$basearch/os/
|
||||
|
||||
text
|
||||
bootloader --disable
|
||||
firewall --disabled
|
||||
network --bootproto=dhcp --device=link --activate --onboot=on
|
||||
rootpw --lock --iscrypted locked
|
||||
selinux --disabled
|
||||
shutdown
|
||||
|
||||
keyboard us
|
||||
lang en_US.UTF-8
|
||||
timezone --isUtc --nontp UTC
|
||||
|
||||
# Disk setup
|
||||
zerombr
|
||||
clearpart --all --initlabel
|
||||
autopart --noboot --nohome --noswap --nolvm --fstype=ext4
|
25
vagrant/rocky-vagrant-base.ks
Normal file
25
vagrant/rocky-vagrant-base.ks
Normal file
@ -0,0 +1,25 @@
|
||||
url --url https://download.rockylinux.org/stg/rocky/8/BaseOS/$basearch/os/
|
||||
repo --name=plus --baseurl=http://dl.rockylinux.org/pub/rocky/8/plus/$basearch/os
|
||||
|
||||
text
|
||||
keyboard --vckeymap us
|
||||
lang en_US
|
||||
skipx
|
||||
network --bootproto=dhcp --device=link --activate --onboot=on
|
||||
rootpw --plaintext vagrant
|
||||
firewall --disabled
|
||||
timezone --utc UTC
|
||||
services --enabled=vmtoolsd
|
||||
# The biosdevname and ifnames options ensure we get "eth0" as our interface
|
||||
# even in environments like virtualbox that emulate a real NW card
|
||||
bootloader --timeout=1 --append="no_timer_check console=tty0 console=ttyS0,115200n8 net.ifnames=0 biosdevname=0 elevator=noop"
|
||||
zerombr
|
||||
clearpart --all --initlabel
|
||||
reqpart
|
||||
part / --fstype=xfs --asprimary --size=1024 --grow
|
||||
|
||||
user --name=vagrant --plaintext --password=vagrant
|
||||
|
||||
shutdown
|
||||
%addon com_redhat_kdump --disable
|
||||
%end
|
94
vagrant/rocky-vagrant-libvirt.ks
Normal file
94
vagrant/rocky-vagrant-libvirt.ks
Normal file
@ -0,0 +1,94 @@
|
||||
%include rocky-vagrant-base.ks
|
||||
%include rocky-vagrant-packages-hyperv.ks
|
||||
|
||||
%post
|
||||
# configure swap to a file
|
||||
fallocate -l 2G /swapfile
|
||||
chmod 600 /swapfile
|
||||
mkswap /swapfile
|
||||
echo "/swapfile none swap defaults 0 0" >> /etc/fstab
|
||||
|
||||
# sudo
|
||||
echo "%vagrant ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/vagrant
|
||||
chmod 0440 /etc/sudoers.d/vagrant
|
||||
|
||||
# Fix for https://github.com/CentOS/sig-cloud-instance-build/issues/38
|
||||
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
|
||||
DEVICE="eth0"
|
||||
BOOTPROTO="dhcp"
|
||||
ONBOOT="yes"
|
||||
TYPE="Ethernet"
|
||||
PERSISTENT_DHCLIENT="yes"
|
||||
EOF
|
||||
|
||||
# sshd: disable password authentication and DNS checks
|
||||
ex -s /etc/ssh/sshd_config <<EOF
|
||||
:%substitute/^\(PasswordAuthentication\) yes$/\1 no/
|
||||
:%substitute/^#\(UseDNS\) yes$/&\r\1 no/
|
||||
:update
|
||||
:quit
|
||||
EOF
|
||||
cat >>/etc/sysconfig/sshd <<EOF
|
||||
|
||||
# Decrease connection time by preventing reverse DNS lookups
|
||||
# (see https://lists.centos.org/pipermail/centos-devel/2016-July/014981.html
|
||||
# and man sshd for more information)
|
||||
OPTIONS="-u0"
|
||||
EOF
|
||||
|
||||
# Default insecure vagrant key
|
||||
mkdir -m 0700 -p /home/vagrant/.ssh
|
||||
echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key" >> /home/vagrant/.ssh/authorized_keys
|
||||
chmod 600 /home/vagrant/.ssh/authorized_keys
|
||||
chown -R vagrant:vagrant /home/vagrant/.ssh
|
||||
|
||||
# Fix for issue #76, regular users can gain admin privileges via su
|
||||
ex -s /etc/pam.d/su <<'EOF'
|
||||
# allow vagrant to use su, but prevent others from becoming root or vagrant
|
||||
/^account\s\+sufficient\s\+pam_succeed_if.so uid = 0 use_uid quiet$/
|
||||
:append
|
||||
account [success=1 default=ignore] \\
|
||||
pam_succeed_if.so user = vagrant use_uid quiet
|
||||
account required pam_succeed_if.so user notin root:vagrant
|
||||
.
|
||||
:update
|
||||
:quit
|
||||
EOF
|
||||
|
||||
# systemd should generate a new machine id during the first boot, to
|
||||
# avoid having multiple Vagrant instances with the same id in the local
|
||||
# network. /etc/machine-id should be empty, but it must exist to prevent
|
||||
# boot errors (e.g. systemd-journald failing to start).
|
||||
:>/etc/machine-id
|
||||
|
||||
echo 'vag' > /etc/yum/vars/infra
|
||||
|
||||
# Blacklist the floppy module to avoid probing timeouts
|
||||
echo blacklist floppy > /etc/modprobe.d/nofloppy.conf
|
||||
chcon -u system_u -r object_r -t modules_conf_t /etc/modprobe.d/nofloppy.conf
|
||||
|
||||
# Customize the initramfs
|
||||
pushd /etc/dracut.conf.d
|
||||
# Enable VMware PVSCSI support for VMware Fusion guests.
|
||||
echo 'add_drivers+=" vmw_pvscsi "' > vmware-fusion-drivers.conf
|
||||
echo 'add_drivers+=" hv_netvsc hv_storvsc hv_utils hv_vmbus hid-hyperv "' > hyperv-drivers.conf
|
||||
# There's no floppy controller, but probing for it generates timeouts
|
||||
echo 'omit_drivers+=" floppy "' > nofloppy.conf
|
||||
popd
|
||||
# Fix the SELinux context of the new files
|
||||
restorecon -f - <<EOF
|
||||
/etc/sudoers.d/vagrant
|
||||
/etc/dracut.conf.d/vmware-fusion-drivers.conf
|
||||
/etc/dracut.conf.d/hyperv-drivers.conf
|
||||
/etc/dracut.conf.d/nofloppy.conf
|
||||
EOF
|
||||
|
||||
# Rerun dracut for the installed kernel (not the running kernel):
|
||||
KERNEL_VERSION=$(rpm -q kernel --qf '%{version}-%{release}.%{arch}\n')
|
||||
dracut -f /boot/initramfs-${KERNEL_VERSION}.img ${KERNEL_VERSION}
|
||||
|
||||
# Seal for deployment
|
||||
rm -rf /etc/ssh/ssh_host_*
|
||||
hostnamectl set-hostname localhost.localdomain
|
||||
rm -rf /etc/udev/rules.d/70-*
|
||||
%end
|
34
vagrant/rocky-vagrant-packages-hyperv.ks
Normal file
34
vagrant/rocky-vagrant-packages-hyperv.ks
Normal file
@ -0,0 +1,34 @@
|
||||
%packages --instLangs=en
|
||||
bash-completion
|
||||
man-pages
|
||||
bzip2
|
||||
rsync
|
||||
nfs-utils
|
||||
cifs-utils
|
||||
chrony
|
||||
yum-utils
|
||||
hyperv-daemons
|
||||
open-vm-tools
|
||||
# Vagrant boxes aren't normally visible, no need for Plymouth
|
||||
-plymouth
|
||||
# Microcode updates cannot work in a VM
|
||||
-microcode_ctl
|
||||
# Firmware packages are not needed in a VM
|
||||
-iwl100-firmware
|
||||
-iwl1000-firmware
|
||||
-iwl105-firmware
|
||||
-iwl135-firmware
|
||||
-iwl2000-firmware
|
||||
-iwl2030-firmware
|
||||
-iwl3160-firmware
|
||||
-iwl3945-firmware
|
||||
-iwl4965-firmware
|
||||
-iwl5000-firmware
|
||||
-iwl5150-firmware
|
||||
-iwl6000-firmware
|
||||
-iwl6000g2a-firmware
|
||||
-iwl6050-firmware
|
||||
-iwl7260-firmware
|
||||
# Don't build rescue initramfs
|
||||
-dracut-config-rescue
|
||||
%end
|
33
vagrant/rocky-vagrant-packages.ks
Normal file
33
vagrant/rocky-vagrant-packages.ks
Normal file
@ -0,0 +1,33 @@
|
||||
%packages --instLangs=en
|
||||
bash-completion
|
||||
man-pages
|
||||
bzip2
|
||||
rsync
|
||||
nfs-utils
|
||||
cifs-utils
|
||||
chrony
|
||||
yum-utils
|
||||
open-vm-tools
|
||||
# Vagrant boxes aren't normally visible, no need for Plymouth
|
||||
-plymouth
|
||||
# Microcode updates cannot work in a VM
|
||||
-microcode_ctl
|
||||
# Firmware packages are not needed in a VM
|
||||
-iwl100-firmware
|
||||
-iwl1000-firmware
|
||||
-iwl105-firmware
|
||||
-iwl135-firmware
|
||||
-iwl2000-firmware
|
||||
-iwl2030-firmware
|
||||
-iwl3160-firmware
|
||||
-iwl3945-firmware
|
||||
-iwl4965-firmware
|
||||
-iwl5000-firmware
|
||||
-iwl5150-firmware
|
||||
-iwl6000-firmware
|
||||
-iwl6000g2a-firmware
|
||||
-iwl6050-firmware
|
||||
-iwl7260-firmware
|
||||
# Don't build rescue initramfs
|
||||
-dracut-config-rescue
|
||||
%end
|
108
vagrant/rocky-vagrant-vbox.ks
Normal file
108
vagrant/rocky-vagrant-vbox.ks
Normal file
@ -0,0 +1,108 @@
|
||||
%include rocky-vagrant-base.ks
|
||||
%include rocky-vagrant-packages-hyperv.ks
|
||||
|
||||
%post
|
||||
# configure swap to a file
|
||||
fallocate -l 2G /swapfile
|
||||
chmod 600 /swapfile
|
||||
mkswap /swapfile
|
||||
echo "/swapfile none swap defaults 0 0" >> /etc/fstab
|
||||
|
||||
# sudo
|
||||
echo "%vagrant ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/vagrant
|
||||
chmod 0440 /etc/sudoers.d/vagrant
|
||||
|
||||
# Fix for https://github.com/CentOS/sig-cloud-instance-build/issues/38
|
||||
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
|
||||
DEVICE="eth0"
|
||||
BOOTPROTO="dhcp"
|
||||
ONBOOT="yes"
|
||||
TYPE="Ethernet"
|
||||
PERSISTENT_DHCLIENT="yes"
|
||||
EOF
|
||||
|
||||
# sshd: disable password authentication and DNS checks
|
||||
# for virtualbox we're disabling it after provisioning
|
||||
|
||||
# Decrease connection time by preventing reverse DNS lookups
|
||||
# (see https://lists.centos.org/pipermail/centos-devel/2016-July/014981.html
|
||||
# and man sshd for more information)
|
||||
OPTIONS="-u0"
|
||||
EOF
|
||||
|
||||
# Default insecure vagrant key
|
||||
mkdir -m 0700 -p /home/vagrant/.ssh
|
||||
echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key" >> /home/vagrant/.ssh/authorized_keys
|
||||
chmod 600 /home/vagrant/.ssh/authorized_keys
|
||||
chown -R vagrant:vagrant /home/vagrant/.ssh
|
||||
|
||||
# Fix for issue #76, regular users can gain admin privileges via su
|
||||
ex -s /etc/pam.d/su <<'EOF'
|
||||
# allow vagrant to use su, but prevent others from becoming root or vagrant
|
||||
/^account\s\+sufficient\s\+pam_succeed_if.so uid = 0 use_uid quiet$/
|
||||
:append
|
||||
account [success=1 default=ignore] \\
|
||||
pam_succeed_if.so user = vagrant use_uid quiet
|
||||
account required pam_succeed_if.so user notin root:vagrant
|
||||
.
|
||||
:update
|
||||
:quit
|
||||
EOF
|
||||
|
||||
# Install VBoxGuestAdditions for installed kernel
|
||||
kver=$(rpm -q --queryformat="%{VERSION}-%{RELEASE}.%{ARCH}" kernel)
|
||||
dnf -y install kernel-devel gcc make perl elfutils-libelf-devel
|
||||
curl -L -o /tmp/vboxadditions.iso https://download.virtualbox.org/virtualbox/6.1.34/VBoxGuestAdditions_6.1.34.iso
|
||||
mkdir -p /media/VBoxGuestAdditions
|
||||
mount -o loop,ro /tmp/vboxadditions.iso /media/VBoxGuestAdditions
|
||||
mkdir -p /tmp/VBoxGuestAdditions
|
||||
sh /media/VBoxGuestAdditions/VBoxLinuxAdditions.run --nox11 --noexec --keep --target /tmp/VBoxGuestAdditions
|
||||
pushd /tmp/VBoxGuestAdditions
|
||||
./install.sh
|
||||
/sbin/rcvboxadd quicksetup all
|
||||
popd
|
||||
ls "/lib/modules/${kver}/misc/"
|
||||
modinfo "/lib/modules/${kver}/misc/vboxsf.ko"
|
||||
rm -rf /tmp/VBoxGuestAdditions
|
||||
umount /media/VBoxGuestAdditions
|
||||
rm -f /tmp/vboxadditions.iso
|
||||
rmdir /media/VBoxGuestAdditions
|
||||
dnf -y remove kernel-devel gcc make perl elfutils-libelf-devel
|
||||
|
||||
# systemd should generate a new machine id during the first boot, to
|
||||
# avoid having multiple Vagrant instances with the same id in the local
|
||||
# network. /etc/machine-id should be empty, but it must exist to prevent
|
||||
# boot errors (e.g. systemd-journald failing to start).
|
||||
:>/etc/machine-id
|
||||
|
||||
echo 'vag' > /etc/yum/vars/infra
|
||||
|
||||
# Blacklist the floppy module to avoid probing timeouts
|
||||
echo blacklist floppy > /etc/modprobe.d/nofloppy.conf
|
||||
chcon -u system_u -r object_r -t modules_conf_t /etc/modprobe.d/nofloppy.conf
|
||||
|
||||
# Customize the initramfs
|
||||
pushd /etc/dracut.conf.d
|
||||
# Enable VMware PVSCSI support for VMware Fusion guests.
|
||||
echo 'add_drivers+=" vmw_pvscsi "' > vmware-fusion-drivers.conf
|
||||
echo 'add_drivers+=" hv_netvsc hv_storvsc hv_utils hv_vmbus hid-hyperv "' > hyperv-drivers.conf
|
||||
# There's no floppy controller, but probing for it generates timeouts
|
||||
echo 'omit_drivers+=" floppy "' > nofloppy.conf
|
||||
popd
|
||||
# Fix the SELinux context of the new files
|
||||
restorecon -f - <<EOF
|
||||
/etc/sudoers.d/vagrant
|
||||
/etc/dracut.conf.d/vmware-fusion-drivers.conf
|
||||
/etc/dracut.conf.d/hyperv-drivers.conf
|
||||
/etc/dracut.conf.d/nofloppy.conf
|
||||
EOF
|
||||
|
||||
# Rerun dracut for the installed kernel (not the running kernel):
|
||||
KERNEL_VERSION=$(rpm -q kernel --qf '%{version}-%{release}.%{arch}\n')
|
||||
dracut -f /boot/initramfs-${KERNEL_VERSION}.img ${KERNEL_VERSION}
|
||||
|
||||
# Seal for deployment
|
||||
rm -rf /etc/ssh/ssh_host_*
|
||||
hostnamectl set-hostname localhost.localdomain
|
||||
rm -rf /etc/udev/rules.d/70-*
|
||||
%end
|
97
vagrant/rocky-vagrant-vmware.ks
Normal file
97
vagrant/rocky-vagrant-vmware.ks
Normal file
@ -0,0 +1,97 @@
|
||||
%include rocky-vagrant-base.ks
|
||||
%include rocky-vagrant-packages.ks
|
||||
|
||||
%post
|
||||
# configure swap to a file
|
||||
fallocate -l 2G /swapfile
|
||||
chmod 600 /swapfile
|
||||
mkswap /swapfile
|
||||
echo "/swapfile none swap defaults 0 0" >> /etc/fstab
|
||||
|
||||
# sudo
|
||||
echo "%vagrant ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/vagrant
|
||||
chmod 0440 /etc/sudoers.d/vagrant
|
||||
|
||||
# vmware needs open-vm-tools; on aarch, this is in plus
|
||||
dnf config-manager --set-enabled=plus
|
||||
|
||||
|
||||
# Fix for https://github.com/CentOS/sig-cloud-instance-build/issues/38
|
||||
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
|
||||
DEVICE="eth0"
|
||||
BOOTPROTO="dhcp"
|
||||
ONBOOT="yes"
|
||||
TYPE="Ethernet"
|
||||
PERSISTENT_DHCLIENT="yes"
|
||||
EOF
|
||||
|
||||
# sshd: disable password authentication and DNS checks
|
||||
ex -s /etc/ssh/sshd_config <<EOF
|
||||
:%substitute/^\(PasswordAuthentication\) yes$/\1 no/
|
||||
:%substitute/^#\(UseDNS\) yes$/&\r\1 no/
|
||||
:update
|
||||
:quit
|
||||
EOF
|
||||
cat >>/etc/sysconfig/sshd <<EOF
|
||||
|
||||
# Decrease connection time by preventing reverse DNS lookups
|
||||
# (see https://lists.centos.org/pipermail/centos-devel/2016-July/014981.html
|
||||
# and man sshd for more information)
|
||||
OPTIONS="-u0"
|
||||
EOF
|
||||
|
||||
# Default insecure vagrant key
|
||||
mkdir -m 0700 -p /home/vagrant/.ssh
|
||||
echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key" >> /home/vagrant/.ssh/authorized_keys
|
||||
chmod 600 /home/vagrant/.ssh/authorized_keys
|
||||
chown -R vagrant:vagrant /home/vagrant/.ssh
|
||||
|
||||
# Fix for issue #76, regular users can gain admin privileges via su
|
||||
ex -s /etc/pam.d/su <<'EOF'
|
||||
# allow vagrant to use su, but prevent others from becoming root or vagrant
|
||||
/^account\s\+sufficient\s\+pam_succeed_if.so uid = 0 use_uid quiet$/
|
||||
:append
|
||||
account [success=1 default=ignore] \\
|
||||
pam_succeed_if.so user = vagrant use_uid quiet
|
||||
account required pam_succeed_if.so user notin root:vagrant
|
||||
.
|
||||
:update
|
||||
:quit
|
||||
EOF
|
||||
|
||||
# systemd should generate a new machine id during the first boot, to
|
||||
# avoid having multiple Vagrant instances with the same id in the local
|
||||
# network. /etc/machine-id should be empty, but it must exist to prevent
|
||||
# boot errors (e.g. systemd-journald failing to start).
|
||||
:>/etc/machine-id
|
||||
|
||||
echo 'vag' > /etc/yum/vars/infra
|
||||
|
||||
# Blacklist the floppy module to avoid probing timeouts
|
||||
echo blacklist floppy > /etc/modprobe.d/nofloppy.conf
|
||||
chcon -u system_u -r object_r -t modules_conf_t /etc/modprobe.d/nofloppy.conf
|
||||
|
||||
# Customize the initramfs
|
||||
pushd /etc/dracut.conf.d
|
||||
# Enable VMware PVSCSI support for VMware Fusion guests.
|
||||
echo 'add_drivers+=" vmw_pvscsi "' > vmware-fusion-drivers.conf
|
||||
echo 'add_drivers+=" hv_netvsc hv_storvsc hv_utils hv_vmbus hid-hyperv "' > hyperv-drivers.conf
|
||||
# There's no floppy controller, but probing for it generates timeouts
|
||||
echo 'omit_drivers+=" floppy "' > nofloppy.conf
|
||||
popd
|
||||
# Fix the SELinux context of the new files
|
||||
restorecon -f - <<EOF
|
||||
/etc/sudoers.d/vagrant
|
||||
/etc/dracut.conf.d/vmware-fusion-drivers.conf
|
||||
/etc/dracut.conf.d/nofloppy.conf
|
||||
EOF
|
||||
|
||||
# Rerun dracut for the installed kernel (not the running kernel):
|
||||
KERNEL_VERSION=$(rpm -q kernel --qf '%{version}-%{release}.%{arch}\n')
|
||||
dracut -f /boot/initramfs-${KERNEL_VERSION}.img ${KERNEL_VERSION}
|
||||
|
||||
# Seal for deployment
|
||||
rm -rf /etc/ssh/ssh_host_*
|
||||
hostnamectl set-hostname localhost.localdomain
|
||||
rm -rf /etc/udev/rules.d/70-*
|
||||
%end
|
Loading…
Reference in New Issue
Block a user