Compare commits

...

No commits in common. "main" and "r10" have entirely different histories.
main ... r10

153 changed files with 12543 additions and 16 deletions

View File

@ -1,22 +1,79 @@
**Note**: This repository is mirrored at the [RESF Git Service](https://git.resf.org/sig_core/kickstarts)
and [Rocky Linux GitHub](https://github.com/rocky-linux/kickstarts)
# R10 specific kickstarts
This is the kickstarts repository for Rocky Linux. These kickstarts help us
make a variety of images, such as:
This branch has Rocky Linux 10 specific kickstarts. These kickstarts vary
between cloud images and live images provided in our repositories and
mirrors.
* Live images (eg GNOME/Workstation, XFCE, KDE)
* Cloud Images (eg EC2, GenericCloud for OpenStack, Azure)
* Various container images
## Structure
Each major version gets their own separate branch or branches, depending on the
nature of the images and where development is for Rocky Linux.
In the root of the repository are the general kickstarts in use that any
user can pick up, use, or modify to their liking to make their own Rocky
Linux live images, cloud images, and so on. These kickstarts are generated
by templates that live in the various directories in this repository.
If you find that there is an error with a kickstart, there are problems with
the images produced from these kickstarts, or you have suggestions to fix
them, please open an issue. You can open an issue or PR at both the
[RESF Git Service](https://git.resf.org/sig_core/kickstarts) or at our
[GitHub Organization](https://github.com/rocky-linux/kickstarts)
* `cloud` -> Cloud image templates
* `live` -> Live image templates
* `container` -> Container image templates
When opening a PR, please ensure it is against the correct branch.
These kickstarts are generated using `ksflatten`. Changes made to the
kickstarts generally match between the templates and the full kickstarts
in the root.
-Release Engineering
For SIG/Core's usage, we use the `live` area as a "working" directory,
where we use the split parts in our automation for the images and the
pre-flattened versions are there for the convenience of all users. This
is easier than using the pre-made ones in empanadas.
## Building Live Images
To build live images, you will need to use `livecd-creator` or
`livemedia-creator`. The former is simpler to use and generally works without
many issues. The latter can be a bit more tricky to work with and typically
runs the installer virtually. However, it can be used without a virtual machine
like in a mock shell.
Optionally, it is possible to use `empanadas` found in the SIG/Core toolkit.
### Automatic: Using empanadas
To be filled.
### Manual: Using livemedia-creator
To use livemedia-creator without using virt, you can use a mock shell. To
setup a mock chroot for the purpose of building a live image, you would
set it up like so:
```
# Install mock if you haven't already
% dnf install epel-release -y
% dnf install mock -y
# Add a user to the mock group
% usermod -a -G mock user
# As the user, setup the mock environment
% mock -r rocky-10-x86_64 --init
% mock -r rocky-10-x86_64 --install lorax-lmc-novirt vim-minimal pykickstart git
# You may need to be in permissive mode temporarily if you have issues
% setenforce 0
# Enter the shell
% mock -r rocky-10-x86_64 --shell --isolation=simple --enable-network
# Clone the kickstarts and run an installation
% git clone https://github.com/rocky-linux/kickstarts -b r9
% cd kickstarts
% livemedia-creator --ks Rocky-9-Workstation.ks \
--no-virt \
--resultdir /var/lmc \
--project="Rocky Linux" \
--make-iso \
--volid Rocky-Workstation-9 \
--iso-only \
--iso-name Rocky-Workstation-9-x86_64.iso \
--releasever=9 \
--nomacboot # This option is important to set, mkfs.hfsplus is not available
```
With the example above, all of the results will appear in
`/var/lib/mock/rocky-10-x86_64/root/var/lmc`.

273
Rocky-10-Azure-Base.ks Normal file
View File

@ -0,0 +1,273 @@
#version=DEVEL
# Keyboard layouts
keyboard 'us'
# Root password
rootpw --iscrypted thereisnopasswordanditslocked
# System language
lang en_US.UTF-8
# Shutdown after installation
shutdown
# System timezone
timezone UTC --isUtc
# Use text mode install
text
# Network information
network --bootproto=dhcp --device=link --activate
# Use network installation
url --url="https://download.rockylinux.org/stg/rocky/10/BaseOS/$basearch/os/"
# System authorization information
# Firewall configuration
firewall --enabled --service=ssh
firstboot --disable
# SELinux configuration
selinux --enforcing
# System services
services --disabled="kdump,rhsmcertd" --enabled="NetworkManager,sshd,rsyslog,chronyd,cloud-init,cloud-init-local,cloud-config,cloud-final,rngd"
# System bootloader configuration
bootloader --append="rootdelay=300 console=ttyS0 earlyprintk=ttyS0 no_timer_check crashkernel=auto net.ifnames=0" --location=mbr --timeout=1
# Disk partitioning information
# NOTE(neil): 2023-05-12 NONE of reqpart, clearpart, zerombr can be used. We
# are creating partitions manually in %pre to ensure proper ordering as
# Anaconda does NOT ensure the ordering `part` commands.
part /boot/efi --fstype="efi" --onpart=vda1
part /boot --fstype="xfs" --label=boot --onpart=vda2
part prepboot --fstype="prepboot" --onpart=vda3
part biosboot --fstype="biosboot" --onpart=vda4
part / --size=8000 --fstype="xfs" --mkfsoptions "-m bigtime=0,inobtcount=0" --grow --onpart=vda5
%pre
# Clear the Master Boot Record
dd if=/dev/zero of=/dev/vda bs=512 count=1
# Create a new GPT partition table
parted /dev/vda mklabel gpt
# Create a partition for /boot/efi
parted /dev/vda mkpart primary fat32 1MiB 100MiB
parted /dev/vda set 1 boot on
# Create a partition for /boot
parted /dev/vda mkpart primary xfs 100MiB 1100MiB
# Create a partition for prep
parted /dev/vda mkpart primary 1100MiB 1104MiB
# Create a partition for bios_grub
parted /dev/vda mkpart primary 1104MiB 1105MiB
# Create a partition for LVM
parted /dev/vda mkpart primary xfs 1106MiB 10.7GB
%end
%post --erroronfail
passwd -d root
passwd -l root
systemctl enable waagent
# Attempting to force legacy BIOS boot if we boot from UEFI
if [ "$(arch)" = "x86_64" ]; then
dnf install grub2-pc-modules grub2-pc -y
grub2-install --target=i386-pc /dev/vda
fi
# Ensure that the pmbr_boot flag is off
parted /dev/vda disk_set pmbr_boot off
# Common Cloud Tweaks
# setup systemd to boot to the right runlevel
rm -f /etc/systemd/system/default.target
ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
echo .
# remove linux-firmware as we're virt and it's half a gig
dnf -C -y remove linux-firmware
# Remove firewalld; it is required to be present for install/image building.
# but we dont ship it in cloud
dnf -C -y remove firewalld --setopt="clean_requirements_on_remove=1"
dnf -C -y remove avahi\*
sed -i '/^#NAutoVTs=.*/ a\
NAutoVTs=0' /etc/systemd/logind.conf
echo "virtual-guest" > /etc/tuned/active_profile
cat << EOF | tee -a /etc/NetworkManager/conf.d/dhcp-timeout.conf
# Configure dhcp timeout to 300s by default
[connection]
ipv4.dhcp-timeout=300
EOF
cat > /etc/sysconfig/network << EOF
NETWORKING=yes
NOZEROCONF=yes
EOF
# Remove build-time resolvers to fix #16948
truncate -s 0 /etc/resolv.conf
# generic localhost names
cat > /etc/hosts << EOF
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
EOF
echo .
# azure settings
# Configure waagent for cloud-init
sed -i 's/Provisioning.UseCloudInit=n/Provisioning.UseCloudInit=y/g' /etc/waagent.conf
sed -i 's/Provisioning.Enabled=y/Provisioning.Enabled=n/g' /etc/waagent.conf
# Azure: handle sr-iov and networkmanaeger
cat << EOF | tee -a /etc/udev/rules.d/68-azure-sriov-nm-unmanaged.rules
# Accelerated Networking on Azure exposes a new SRIOV interface to the VM.
# This interface is transparently bonded to the synthetic interface,
# so NetworkManager should just ignore any SRIOV interfaces.
SUBSYSTEM=="net", DRIVERS=="hv_pci", ACTION=="add", ENV{NM_UNMANAGED}="1"
EOF
# Azure: Time sync for linux
## Setup udev rule for ptp_hyperv
cat << EOF | tee -a /etc/udev/rules.d/98-hyperv-ptp.rules
## See: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/time-sync#check-for-ptp-clock-source
SUBSYSTEM=="ptp", ATTR{clock_name}=="hyperv", SYMLINK += "ptp_hyperv"
EOF
# Configure chrony to use ptp_hyperv
cat << EOF | tee -a /etc/chrony.conf
# Setup hyperv PTP device as refclock
refclock PHC /dev/ptp_hyperv poll 3 dpoll -2 offset 0 stratum 2
EOF
# Azure: Blacklist modules
cat << EOF | tee -a /etc/modprobe.d/azure-blacklist.conf
blacklist amdgpu
blacklist nouveau
blacklist radeon
EOF
# Azure: cloud-init customizations for Hyperv
cat << EOF | tee /etc/cloud/cloud.cfg.d/10-azure-kvp.cfg
# Enable logging to the Hyper-V kvp in Azure
reporting:
logging:
type: log
telemetry:
type: hyperv
EOF
# Kernel and Drivers
# Add drivers when building in VMWare, Vbox, or KVM (KVM)
cat << EOF | tee -a /etc/dracut.conf.d/80-azure.conf
add_drivers+=" hv_vmbus hv_netvsc hv_storvsc "
EOF
dracut -f -v
cat <<EOL > /etc/sysconfig/kernel
# UPDATEDEFAULT specifies if new-kernel-pkg should make
# new kernels the default
UPDATEDEFAULT=yes
# DEFAULTKERNEL specifies the default kernel package type
DEFAULTKERNEL=kernel
EOL
# make sure firstboot doesn't start
echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot
# rocky cloud user
sed -i '1i # Modified for cloud image' /etc/cloud/cloud.cfg
sed -i 's/name: cloud-user/name: rocky/g' /etc/cloud/cloud.cfg
echo -e 'rocky\tALL=(ALL)\tNOPASSWD: ALL' >> /etc/sudoers
# this shouldn't be the case, but we'll do it anyway
sed -i 's|^enabled=1|enabled=0|' /etc/yum/pluginconf.d/product-id.conf
sed -i 's|^enabled=1|enabled=0|' /etc/yum/pluginconf.d/subscription-manager.conf
dnf clean all
truncate -c -s 0 /var/log/dnf.log
# XXX instance type markers - MUST match Rocky Infra expectation
echo 'azure' > /etc/yum/vars/infra
# Azure Cleanup
sudo rm -f /var/log/waagent.log
sudo cloud-init clean
waagent -force -deprovision+user
# Common cleanup
rm -f ~/.bash_history
export HISTSIZE=0
rm -f /var/lib/systemd/random-seed
rm -rf /root/anaconda-ks.cfg
rm -rf /root/install.log
rm -rf /root/install.log.syslog
rm -rf "/var/lib/yum/*"
rm -rf "/var/log/anaconda*"
rm -rf /var/log/yum.log
# Wipe machineid
cat /dev/null > /etc/machine-id
# Fix selinux
touch /var/log/cron
touch /var/log/boot.log
mkdir -p /var/cache/yum
/usr/sbin/fixfiles -R -a restore
true
%end
%packages
@core
NetworkManager
WALinuxAgent
chrony
cloud-init
cloud-utils-growpart
dhcp-client
dnf-utils
dracut-config-generic
firewalld
gdisk
grub2
hyperv-daemons
kernel
rng-tools
rocky-release
rsync
tar
yum-utils
-aic94xx-firmware
-alsa-firmware
-alsa-lib
-alsa-tools-firmware
-biosdevname
-iprutils
-ivtv-firmware
-iwl100-firmware
-iwl1000-firmware
-iwl105-firmware
-iwl135-firmware
-iwl2000-firmware
-iwl2030-firmware
-iwl3160-firmware
-iwl3945-firmware
-iwl4965-firmware
-iwl5000-firmware
-iwl5150-firmware
-iwl6000-firmware
-iwl6000g2a-firmware
-iwl6000g2b-firmware
-iwl6050-firmware
-iwl7260-firmware
-langpacks-*
-langpacks-en
-libertas-sd8686-firmware
-libertas-sd8787-firmware
-libertas-usb8388-firmware
-plymouth
-qemu-guest-agent
%end

279
Rocky-10-Azure-LVM.ks Normal file
View File

@ -0,0 +1,279 @@
#version=DEVEL
# Keyboard layouts
keyboard 'us'
# Root password
rootpw --iscrypted thereisnopasswordanditslocked
# System language
lang en_US.UTF-8
# Shutdown after installation
shutdown
# System timezone
timezone UTC --isUtc
# Use text mode install
text
# Network information
network --bootproto=dhcp --device=link --activate
# Use network installation
url --url="https://download.rockylinux.org/stg/rocky/10/BaseOS/$basearch/os/"
# System authorization information
# Firewall configuration
firewall --enabled --service=ssh
firstboot --disable
# SELinux configuration
selinux --enforcing
# System services
services --disabled="kdump,rhsmcertd" --enabled="NetworkManager,sshd,rsyslog,chronyd,cloud-init,cloud-init-local,cloud-config,cloud-final,rngd"
# System bootloader configuration
bootloader --append="rootdelay=300 console=ttyS0 earlyprintk=ttyS0 no_timer_check crashkernel=auto net.ifnames=0" --location=mbr --timeout=1
# Clear the Master Boot Record
#zerombr
# Partition clearing information
#clearpart --all --initlabel --disklabel=gpt
# Disk partitioning information
part /boot/efi --fstype="efi" --onpart=vda1
part /boot --fstype="xfs" --label=boot --onpart=vda2
part prepboot --fstype="prepboot" --onpart=vda3
part biosboot --fstype="biosboot" --onpart=vda4
part pv.01 --grow --ondisk=vda --onpart=vda5
volgroup rocky pv.01
logvol / --grow --size=8000 --mkfsoptions="-m bigtime=0,inobtcount=0" --name=root --vgname=rocky
%pre
# Clear the Master Boot Record
dd if=/dev/zero of=/dev/vda bs=512 count=1
# Create a new GPT partition table
parted /dev/vda mklabel gpt
# Create a partition for /boot/efi
parted /dev/vda mkpart primary fat32 1MiB 100MiB
parted /dev/vda set 1 boot on
# Create a partition for /boot
parted /dev/vda mkpart primary xfs 100MiB 1100MiB
# Create a partition for prep
parted /dev/vda mkpart primary 1100MiB 1104MiB
# Create a partition for bios_grub
parted /dev/vda mkpart primary 1104MiB 1105MiB
# Create a partition for LVM
parted /dev/vda mkpart primary ext2 1106MiB 10.7GB
parted /dev/vda set 5 lvm on
%end
%post --erroronfail
passwd -d root
passwd -l root
systemctl enable waagent
# Attempting to force legacy BIOS boot if we boot from UEFI
if [ "$(arch)" = "x86_64" ]; then
dnf install grub2-pc-modules grub2-pc -y
grub2-install --target=i386-pc /dev/vda
fi
# Ensure that the pmbr_boot flag is off
parted /dev/vda disk_set pmbr_boot off
# Common Cloud Tweaks
# setup systemd to boot to the right runlevel
rm -f /etc/systemd/system/default.target
ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
echo .
# remove linux-firmware as we're virt and it's half a gig
dnf -C -y remove linux-firmware
# Remove firewalld; it is required to be present for install/image building.
# but we dont ship it in cloud
dnf -C -y remove firewalld --setopt="clean_requirements_on_remove=1"
dnf -C -y remove avahi\*
sed -i '/^#NAutoVTs=.*/ a\
NAutoVTs=0' /etc/systemd/logind.conf
echo "virtual-guest" > /etc/tuned/active_profile
cat << EOF | tee -a /etc/NetworkManager/conf.d/dhcp-timeout.conf
# Configure dhcp timeout to 300s by default
[connection]
ipv4.dhcp-timeout=300
EOF
cat > /etc/sysconfig/network << EOF
NETWORKING=yes
NOZEROCONF=yes
EOF
# Remove build-time resolvers to fix #16948
truncate -s 0 /etc/resolv.conf
# generic localhost names
cat > /etc/hosts << EOF
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
EOF
echo .
# azure settings
# Configure waagent for cloud-init
sed -i 's/Provisioning.UseCloudInit=n/Provisioning.UseCloudInit=y/g' /etc/waagent.conf
sed -i 's/Provisioning.Enabled=y/Provisioning.Enabled=n/g' /etc/waagent.conf
# Azure: handle sr-iov and networkmanaeger
cat << EOF | tee -a /etc/udev/rules.d/68-azure-sriov-nm-unmanaged.rules
# Accelerated Networking on Azure exposes a new SRIOV interface to the VM.
# This interface is transparently bonded to the synthetic interface,
# so NetworkManager should just ignore any SRIOV interfaces.
SUBSYSTEM=="net", DRIVERS=="hv_pci", ACTION=="add", ENV{NM_UNMANAGED}="1"
EOF
# Azure: Time sync for linux
## Setup udev rule for ptp_hyperv
cat << EOF | tee -a /etc/udev/rules.d/98-hyperv-ptp.rules
## See: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/time-sync#check-for-ptp-clock-source
SUBSYSTEM=="ptp", ATTR{clock_name}=="hyperv", SYMLINK += "ptp_hyperv"
EOF
# Configure chrony to use ptp_hyperv
cat << EOF | tee -a /etc/chrony.conf
# Setup hyperv PTP device as refclock
refclock PHC /dev/ptp_hyperv poll 3 dpoll -2 offset 0 stratum 2
EOF
# Azure: Blacklist modules
cat << EOF | tee -a /etc/modprobe.d/azure-blacklist.conf
blacklist amdgpu
blacklist nouveau
blacklist radeon
EOF
# Azure: cloud-init customizations for Hyperv
cat << EOF | tee /etc/cloud/cloud.cfg.d/10-azure-kvp.cfg
# Enable logging to the Hyper-V kvp in Azure
reporting:
logging:
type: log
telemetry:
type: hyperv
EOF
# Kernel and Drivers
# Add drivers when building in VMWare, Vbox, or KVM (KVM)
cat << EOF | tee -a /etc/dracut.conf.d/80-azure.conf
add_drivers+=" hv_vmbus hv_netvsc hv_storvsc "
EOF
dracut -f -v
cat <<EOL > /etc/sysconfig/kernel
# UPDATEDEFAULT specifies if new-kernel-pkg should make
# new kernels the default
UPDATEDEFAULT=yes
# DEFAULTKERNEL specifies the default kernel package type
DEFAULTKERNEL=kernel
EOL
# make sure firstboot doesn't start
echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot
# rocky cloud user
sed -i '1i # Modified for cloud image' /etc/cloud/cloud.cfg
sed -i 's/name: cloud-user/name: rocky/g' /etc/cloud/cloud.cfg
echo -e 'rocky\tALL=(ALL)\tNOPASSWD: ALL' >> /etc/sudoers
# this shouldn't be the case, but we'll do it anyway
sed -i 's|^enabled=1|enabled=0|' /etc/yum/pluginconf.d/product-id.conf
sed -i 's|^enabled=1|enabled=0|' /etc/yum/pluginconf.d/subscription-manager.conf
dnf clean all
truncate -c -s 0 /var/log/dnf.log
# XXX instance type markers - MUST match Rocky Infra expectation
echo 'azure' > /etc/yum/vars/infra
# Azure Cleanup
sudo rm -f /var/log/waagent.log
sudo cloud-init clean
waagent -force -deprovision+user
# Common cleanup
rm -f ~/.bash_history
export HISTSIZE=0
rm -f /var/lib/systemd/random-seed
rm -rf /root/anaconda-ks.cfg
rm -rf /root/install.log
rm -rf /root/install.log.syslog
rm -rf "/var/lib/yum/*"
rm -rf "/var/log/anaconda*"
rm -rf /var/log/yum.log
# Wipe machineid
cat /dev/null > /etc/machine-id
# Fix selinux
touch /var/log/cron
touch /var/log/boot.log
mkdir -p /var/cache/yum
/usr/sbin/fixfiles -R -a restore
# LVM Variant Fix, remove system.devices
rm -fv /etc/lvm/devices/system.devices
true
%end
%packages
@core
NetworkManager
WALinuxAgent
chrony
cloud-init
cloud-utils-growpart
dhcp-client
dnf-utils
dracut-config-generic
firewalld
gdisk
grub2
hyperv-daemons
kernel
rng-tools
rocky-release
rsync
tar
yum-utils
-aic94xx-firmware
-alsa-firmware
-alsa-lib
-alsa-tools-firmware
-biosdevname
-iprutils
-ivtv-firmware
-iwl100-firmware
-iwl1000-firmware
-iwl105-firmware
-iwl135-firmware
-iwl2000-firmware
-iwl2030-firmware
-iwl3160-firmware
-iwl3945-firmware
-iwl4965-firmware
-iwl5000-firmware
-iwl5150-firmware
-iwl6000-firmware
-iwl6000g2a-firmware
-iwl6000g2b-firmware
-iwl6050-firmware
-iwl7260-firmware
-langpacks-*
-langpacks-en
-libertas-sd8686-firmware
-libertas-sd8787-firmware
-libertas-usb8388-firmware
-plymouth
-qemu-guest-agent
%end

109
Rocky-10-Container-Base.ks Normal file
View File

@ -0,0 +1,109 @@
# This is a minimal Rocky kickstart designed for docker.
# It will not produce a bootable system
# To use this kickstart, run make
# Basic setup information
url --url https://download.rockylinux.org/stg/rocky/10/BaseOS/$basearch/os/
text
bootloader --disable
firewall --disabled
network --bootproto=dhcp --device=link --activate --onboot=on
rootpw --lock --iscrypted locked
selinux --disabled
shutdown
keyboard us
lang en_US.UTF-8
timezone --utc --nontp UTC
# Disk setup
zerombr
clearpart --all --initlabel
autopart --noboot --nohome --noswap --nolvm --fstype=ext4
# This breaks everything, apparently
%addon com_redhat_kdump --disable
%end
# Package setup
%packages --excludedocs --inst-langs=en --nocore --exclude-weakdeps
bash
binutils
coreutils-single
crypto-policies-scripts
curl-minimal
findutils
glibc-minimal-langpack
gzip
hostname
libcurl-minimal
libusbx
less
rocky-release
rootfiles
tar
usermode
vim-minimal
yum
-dosfstools
-kexec-tools
-e2fsprogs
-firewalld
-fuse-libs
-gettext*
-gnupg2-smime
-grub\*
-iptables
-kernel
-libss
-langpacks-*
-langpacks-en
-os-prober*
-pinentry
-qemu-guest-agent
-shared-mime-info
-trousers
-xfsprogs
-xkeyboard-config
%end
%post --erroronfail --log=/root/anaconda-post.log
# container customizations inside the chroot
# Stay compatible
echo 'container' > /etc/dnf/vars/infra
#Generate installtime file record
/bin/date +%Y%m%d_%H%M > /etc/BUILDTIME
# Limit languages to help reduce size.
LANG="en_US"
echo "%_install_langs $LANG" > /etc/rpm/macros.image-language-conf
# https://bugzilla.redhat.com/show_bug.cgi?id=1727489
echo 'LANG="C.UTF-8"' > /etc/locale.conf
# systemd fixes
:> /etc/machine-id
umount /run
systemd-tmpfiles --create --boot
# mask mounts and login bits
systemctl mask \
console-getty.service \
dev-hugepages.mount \
getty.target \
sys-fs-fuse-connections.mount \
systemd-logind.service \
systemd-remount-fs.service
# Cleanup the image
rm -f /etc/udev/hwdb.bin
rm -rf /usr/lib/udev/hwdb.d/ \
/boot /var/lib/dnf/history.* \
"/tmp/*" "/tmp/.*" || true
%end

View File

@ -0,0 +1,103 @@
# This is a minimal Rocky kickstart designed for docker.
# It will not produce a bootable system
# To use this kickstart, run make
# Basic setup information
text
bootloader --disable
firewall --disabled
network --bootproto=dhcp --device=link --activate --onboot=on
rootpw --lock --iscrypted locked
selinux --disabled
shutdown
keyboard us
lang en_US.UTF-8
timezone --utc --nontp UTC
# Disk setup
zerombr
clearpart --all --initlabel
autopart --noboot --nohome --noswap --nolvm --fstype=ext4
# This breaks everything, apparently
%addon com_redhat_kdump --disable
%end
# Package setup
%packages --excludedocs --inst-langs=en --nocore --exclude-weakdeps
bash
coreutils-single
glibc-minimal-langpack
microdnf
rocky-release
util-linux
-brotli
-dosfstools
-e2fsprogs
-firewalld
-fuse-libs
-gettext*
-gnupg2-smime
-grub\*
-hostname
-iptables
-iputils
-kernel
-kexec-tools
-less
-libss
-os-prober*
-pinentry
-qemu-guest-agent
-rootfiles
-shared-mime-info
-tar
-trousers
-vim-minimal
-xfsprogs
-xkeyboard-config
-yum
%end
%post --erroronfail --log=/root/anaconda-post.log
# container customizations inside the chroot
rpm --rebuilddb
/bin/date +%Y-%m-%d_%H:%M:%S > /etc/BUILDTIME
echo 'container' > /etc/dnf/vars/infra
LANG="en_US"
echo '%_install_langs en_US.UTF-8' > /etc/rpm/macros.image-language-conf
echo 'LANG="C.UTF-8"' > /etc/locale.conf
rm -f /var/lib/dnf/history.*
rm -fr "/var/log/*" "/tmp/*" "/tmp/.*"
for dir in $(ls -d "/usr/share/{locale,i18n}/*" | grep -v 'en_US\|all_languages\|locale\.alias'); do rm -fr $dir; done
# systemd fixes
umount /run
systemd-tmpfiles --create --boot
# mask mounts and login bits
systemctl mask \
console-getty.service \
dev-hugepages.mount \
getty.target \
sys-fs-fuse-connections.mount \
systemd-logind.service \
systemd-remount-fs.service
# Cleanup the image
rm -f /etc/udev/hwdb.bin
rm -rf /usr/lib/udev/hwdb.d/ \
/boot /var/lib/dnf/history.* \
"/tmp/*" "/tmp/.*" || true
%end

112
Rocky-10-Container-UBI.ks Normal file
View File

@ -0,0 +1,112 @@
# This is a minimal Rocky kickstart designed for docker.
# It will not produce a bootable system
# To use this kickstart, run make
# Basic setup information
url --url https://download.rockylinux.org/stg/rocky/10/BaseOS/$basearch/os/
text
bootloader --disable
firewall --disabled
network --bootproto=dhcp --device=link --activate --onboot=on
rootpw --lock --iscrypted locked
selinux --disabled
shutdown
keyboard us
lang en_US.UTF-8
timezone --utc --nontp Etc/UTC
# Disk setup
zerombr
clearpart --all --initlabel
autopart --noboot --nohome --noswap --nolvm --fstype=ext4
# This breaks everything, apparently
%addon com_redhat_kdump --disable
%end
# Package setup
%packages --ignoremissing --excludedocs --inst-langs=en --nocore --exclude-weakdeps
bash
coreutils-single
crypto-policies-scripts
curl-minimal
findutils
gdb-gdbserver
glibc-minimal-langpack
gzip
libcurl-minimal
systemd
rocky-release
rootfiles
tar
util-linux
vim-minimal
which
yum
-dosfstools
-kexec-tools
-e2fsprogs
-firewalld
-fuse-libs
-gettext*
-gnupg2-smime
-grub\*
-iptables
-kernel
-libss
-os-prober*
-pinentry
-qemu-guest-agent
-shared-mime-info
-trousers
-xfsprogs
-xkeyboard-config
%end
%post --erroronfail --log=/root/anaconda-post.log
set -eux
# container customizations inside the chroot
# Stay compatible
echo 'container' > /etc/dnf/vars/infra
#Generate installtime file record
/bin/date +%Y%m%d_%H%M > /etc/BUILDTIME
# Limit languages to help reduce size.
LANG="en_US"
echo "%_install_langs $LANG" > /etc/rpm/macros.image-language-conf
# https://bugzilla.redhat.com/show_bug.cgi?id=1727489
echo 'LANG="C.UTF-8"' > /etc/locale.conf
# systemd fixes
:> /etc/machine-id
umount /run
systemd-tmpfiles --create --boot
# mask mounts and login bits
systemctl mask \
console-getty.service \
dev-hugepages.mount \
getty.target \
sys-fs-fuse-connections.mount \
systemd-logind.service \
systemd-remount-fs.service
# Remove network configuration files leftover from anaconda installation
# https://bugzilla.redhat.com/show_bug.cgi?id=1713089
rm -f /etc/sysconfig/network-scripts/ifcfg-*
# Cleanup the image
rm -f /etc/udev/hwdb.bin
rm -rf /usr/lib/udev/hwdb.d/ \
/boot /var/lib/dnf/history.* \
/var/cache/* /var/log/* \
"/tmp/*" "/tmp/.*" || true
%end

229
Rocky-10-EC2-Base.ks Normal file
View File

@ -0,0 +1,229 @@
text
lang en_US.UTF-8
keyboard us
timezone UTC --utc
# Disk
bootloader --append="console=ttyS0,115200n8 console=tty0 net.ifnames=0 rd.blacklist=nouveau nvme_core.io_timeout=4294967295" --location=mbr --timeout=1
selinux --enforcing
firewall --enabled --service=ssh
firstboot --disable
# Network information
network --bootproto=dhcp --device=link --activate --onboot=on
# Root password
services --disabled="kdump,rhsmcertd" --enabled="NetworkManager,sshd,rsyslog,chronyd,cloud-init,cloud-init-local,cloud-config,cloud-final,rngd"
rootpw --iscrypted thereisnopasswordanditslocked
# Disk partitioning information
# NOTE(neil): 2023-05-12 NONE of reqpart, clearpart, zerombr can be used. We
# are creating partitions manually in %pre to ensure proper ordering as
# Anaconda does NOT ensure the ordering `part` commands.
part /boot/efi --fstype="efi" --onpart=vda1
part /boot --fstype="xfs" --label=boot --onpart=vda2
part prepboot --fstype="prepboot" --onpart=vda3
part biosboot --fstype="biosboot" --onpart=vda4
part / --size=8000 --fstype="xfs" --mkfsoptions "-m bigtime=0,inobtcount=0" --grow --onpart=vda5
shutdown
%pre
# Clear the Master Boot Record
dd if=/dev/zero of=/dev/vda bs=512 count=1
# Create a new GPT partition table
parted /dev/vda mklabel gpt
# Create a partition for /boot/efi
parted /dev/vda mkpart primary fat32 1MiB 100MiB
parted /dev/vda set 1 boot on
# Create a partition for /boot
parted /dev/vda mkpart primary xfs 100MiB 1100MiB
# Create a partition for prep
parted /dev/vda mkpart primary 1100MiB 1104MiB
# Create a partition for bios_grub
parted /dev/vda mkpart primary 1104MiB 1105MiB
# Create a partition for LVM
parted /dev/vda mkpart primary xfs 1106MiB 10.7GB
%end
%packages
@core
rocky-release
kernel
yum-utils
-aic94xx-firmware
-alsa-firmware
-alsa-lib
-alsa-tools-firmware
-ivtv-firmware
-iwl1000-firmware
-iwl100-firmware
-iwl105-firmware
-iwl135-firmware
-iwl2000-firmware
-iwl2030-firmware
-iwl3160-firmware
-iwl3945-firmware
-iwl4965-firmware
-iwl5000-firmware
-iwl5150-firmware
-iwl6000-firmware
-iwl6000g2a-firmware
-iwl6000g2b-firmware
-iwl6050-firmware
-iwl7260-firmware
-libertas-sd8686-firmware
-libertas-sd8787-firmware
-libertas-usb8388-firmware
cloud-init
cloud-utils-growpart
gdisk
dracut-config-generic
grub2
firewalld
# some stuff that's missing from core or things we want
tar
rsync
dhcp-client
NetworkManager
rng-tools
-biosdevname
-plymouth
-iprutils
-langpacks-*
-langpacks-en
%end
%post --erroronfail
passwd -d root
passwd -l root
# Attempting to force legacy BIOS boot if we boot from UEFI
if [ "$(arch)" = "x86_64" ]; then
dnf install grub2-pc-modules grub2-pc -y
grub2-install --target=i386-pc /dev/vda
fi
# Ensure that the pmbr_boot flag is off
parted /dev/vda disk_set pmbr_boot off
# setup systemd to boot to the right runlevel
rm -f /etc/systemd/system/default.target
ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
echo .
dnf -C -y remove linux-firmware
# Remove firewalld; it is required to be present for install/image building.
# but we dont ship it in cloud
dnf -C -y remove firewalld --setopt="clean_requirements_on_remove=1"
dnf -C -y remove avahi\*
sed -i '/^#NAutoVTs=.*/ a\
NAutoVTs=0' /etc/systemd/logind.conf
cat > /etc/sysconfig/network << EOF
NETWORKING=yes
NOZEROCONF=yes
EOF
# this should *really* be an empty file - gotta make anaconda happy
truncate -s 0 /etc/resolv.conf
# For cloud images, 'eth0' _is_ the predictable device name, since
# we don't want to be tied to specific virtual (!) hardware
rm -f /etc/udev/rules.d/70*
ln -s /dev/null /etc/udev/rules.d/80-net-name-slot.rules
# simple eth0 config, again not hard-coded to the build hardware
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
DEVICE="eth0"
BOOTPROTO="dhcp"
ONBOOT="yes"
TYPE="Ethernet"
USERCTL="yes"
PEERDNS="yes"
IPV6INIT="no"
PERSISTENT_DHCLIENT="1"
EOF
# generic localhost names
cat > /etc/hosts << EOF
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
EOF
echo .
cat <<EOL > /etc/sysconfig/kernel
# UPDATEDEFAULT specifies if new-kernel-pkg should make
# new kernels the default
UPDATEDEFAULT=yes
# DEFAULTKERNEL specifies the default kernel package type
DEFAULTKERNEL=kernel
EOL
# make sure firstboot doesn't start
echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot
if ! grep -q growpart /etc/cloud/cloud.cfg; then
sed -i 's/ - resizefs/ - growpart\n - resizefs/' /etc/cloud/cloud.cfg
fi
# rocky cloud user
sed -i '1i # Modified for cloud image' /etc/cloud/cloud.cfg
sed -i 's/name: cloud-user/name: rocky/g' /etc/cloud/cloud.cfg
echo -e 'rocky\tALL=(ALL)\tNOPASSWD: ALL' >> /etc/sudoers
# this shouldn't be the case, but we'll do it anyway
sed -i 's|^enabled=1|enabled=0|' /etc/yum/pluginconf.d/product-id.conf
sed -i 's|^enabled=1|enabled=0|' /etc/yum/pluginconf.d/subscription-manager.conf
dnf clean all
truncate -c -s 0 /var/log/dnf.log
# XXX instance type markers - MUST match Rocky Infra expectation
echo 'ec2' > /etc/yum/vars/infra
rm -rf /var/log/yum.log
rm -rf "/var/lib/yum/*"
rm -rf /root/install.log
rm -rf /root/install.log.syslog
rm -rf /root/anaconda-ks.cfg
rm -rf /var/log/anaconda*
touch /var/log/cron
touch /var/log/boot.log
mkdir -p /var/cache/yum
/usr/sbin/fixfiles -R -a restore
# remove these for ec2 debugging
sed -i -e 's/ rhgb quiet//' /boot/grub/grub.conf
cat > /etc/modprobe.d/blacklist-nouveau.conf << EOL
blacklist nouveau
EOL
# enable resizing on copied AMIs
echo 'install_items+=" sgdisk "' > /etc/dracut.conf.d/sgdisk.conf
# Only x86 has xen support at this time
if [[ "$(arch)" == "x86_64" ]]; then
echo 'add_drivers+=" xen-netfront xen-blkfront "' > /etc/dracut.conf.d/xen.conf
fi
# Rerun dracut for the installed kernel (not the running kernel):
KERNEL_VERSION=$(rpm -q kernel --qf '%{V}-%{R}.%{arch}\n')
dracut -f /boot/initramfs-$KERNEL_VERSION.img $KERNEL_VERSION
cat /dev/null > /etc/machine-id
cat >> /etc/chrony.conf << EOF
# Amazon Time Sync Service
server 169.254.169.123 prefer iburst minpoll 4 maxpoll 4
EOF
%end

234
Rocky-10-EC2-LVM.ks Normal file
View File

@ -0,0 +1,234 @@
text
lang en_US.UTF-8
keyboard us
timezone UTC --utc
# Disk
bootloader --append="console=ttyS0,115200n8 console=tty0 net.ifnames=0 rd.blacklist=nouveau nvme_core.io_timeout=4294967295" --location=mbr --timeout=1
selinux --enforcing
firewall --enabled --service=ssh
firstboot --disable
# Network information
network --bootproto=dhcp --device=link --activate --onboot=on
# Root password
services --disabled="kdump,rhsmcertd" --enabled="NetworkManager,sshd,rsyslog,chronyd,cloud-init,cloud-init-local,cloud-config,cloud-final,rngd"
rootpw --iscrypted thereisnopasswordanditslocked
# Partition stuff - Should work for x86 and aarch64
#zerombr
#clearpart --all --initlabel --disklabel=gpt
#reqpart
part /boot/efi --fstype=efi --asprimary --onpart=vda1
part /boot --fstype=xfs --label=boot --onpart=vda2
part prepboot --fstype=prepboot --asprimary --onpart=vda3
part biosboot --fstype=biosboot --asprimary --onpart=vda4
part pv.01 --grow --onpart=vda5
volgroup rocky pv.01
logvol / --vgname=rocky --size=8000 --name=root --grow --mkfsoptions "-m bigtime=0,inobtcount=0"
shutdown
%pre
# Clear the Master Boot Record
dd if=/dev/zero of=/dev/vda bs=512 count=1
# Create a new GPT partition table
parted /dev/vda mklabel gpt
# Create a partition for /boot/efi
parted /dev/vda mkpart primary fat32 1MiB 100MiB
parted /dev/vda set 1 boot on
# Create a partition for /boot
parted /dev/vda mkpart primary xfs 100MiB 1100MiB
# Create a partition for prep
parted /dev/vda mkpart primary 1100MiB 1104MiB
# Create a partition for bios_grub
parted /dev/vda mkpart primary 1104MiB 1105MiB
# Create a partition for LVM
parted /dev/vda mkpart primary ext2 1106MiB 10.7GB
parted /dev/vda set 5 lvm on
%end
%packages
@core
rocky-release
kernel
yum-utils
-aic94xx-firmware
-alsa-firmware
-alsa-lib
-alsa-tools-firmware
-ivtv-firmware
-iwl1000-firmware
-iwl100-firmware
-iwl105-firmware
-iwl135-firmware
-iwl2000-firmware
-iwl2030-firmware
-iwl3160-firmware
-iwl3945-firmware
-iwl4965-firmware
-iwl5000-firmware
-iwl5150-firmware
-iwl6000-firmware
-iwl6000g2a-firmware
-iwl6000g2b-firmware
-iwl6050-firmware
-iwl7260-firmware
-libertas-sd8686-firmware
-libertas-sd8787-firmware
-libertas-usb8388-firmware
cloud-init
cloud-utils-growpart
gdisk
dracut-config-generic
grub2
firewalld
# some stuff that's missing from core or things we want
tar
rsync
dhcp-client
NetworkManager
rng-tools
-biosdevname
-plymouth
-iprutils
-langpacks-*
-langpacks-en
%end
%post --erroronfail
passwd -d root
passwd -l root
# Attempting to force legacy BIOS boot if we boot from UEFI
if [ "$(arch)" = "x86_64" ]; then
dnf install grub2-pc-modules grub2-pc -y
grub2-install --target=i386-pc /dev/vda
fi
# Ensure that the pmbr_boot flag is off
parted /dev/vda disk_set pmbr_boot off
# setup systemd to boot to the right runlevel
rm -f /etc/systemd/system/default.target
ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
echo .
dnf -C -y remove linux-firmware
# Remove firewalld; it is required to be present for install/image building.
# but we dont ship it in cloud
dnf -C -y remove firewalld --setopt="clean_requirements_on_remove=1"
dnf -C -y remove avahi\*
sed -i '/^#NAutoVTs=.*/ a\
NAutoVTs=0' /etc/systemd/logind.conf
cat > /etc/sysconfig/network << EOF
NETWORKING=yes
NOZEROCONF=yes
EOF
# this should *really* be an empty file - gotta make anaconda happy
truncate -s 0 /etc/resolv.conf
# For cloud images, 'eth0' _is_ the predictable device name, since
# we don't want to be tied to specific virtual (!) hardware
rm -f /etc/udev/rules.d/70*
ln -s /dev/null /etc/udev/rules.d/80-net-name-slot.rules
# simple eth0 config, again not hard-coded to the build hardware
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
DEVICE="eth0"
BOOTPROTO="dhcp"
ONBOOT="yes"
TYPE="Ethernet"
USERCTL="yes"
PEERDNS="yes"
IPV6INIT="no"
PERSISTENT_DHCLIENT="1"
EOF
# generic localhost names
cat > /etc/hosts << EOF
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
EOF
echo .
cat <<EOL > /etc/sysconfig/kernel
# UPDATEDEFAULT specifies if new-kernel-pkg should make
# new kernels the default
UPDATEDEFAULT=yes
# DEFAULTKERNEL specifies the default kernel package type
DEFAULTKERNEL=kernel
EOL
# make sure firstboot doesn't start
echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot
if ! grep -q growpart /etc/cloud/cloud.cfg; then
sed -i 's/ - resizefs/ - growpart\n - resizefs/' /etc/cloud/cloud.cfg
fi
# rocky cloud user
sed -i '1i # Modified for cloud image' /etc/cloud/cloud.cfg
sed -i 's/name: cloud-user/name: rocky/g' /etc/cloud/cloud.cfg
echo -e 'rocky\tALL=(ALL)\tNOPASSWD: ALL' >> /etc/sudoers
# this shouldn't be the case, but we'll do it anyway
sed -i 's|^enabled=1|enabled=0|' /etc/yum/pluginconf.d/product-id.conf
sed -i 's|^enabled=1|enabled=0|' /etc/yum/pluginconf.d/subscription-manager.conf
dnf clean all
truncate -c -s 0 /var/log/dnf.log
# XXX instance type markers - MUST match Rocky Infra expectation
echo 'ec2' > /etc/yum/vars/infra
rm -rf /var/log/yum.log
rm -rf "/var/lib/yum/*"
rm -rf /root/install.log
rm -rf /root/install.log.syslog
rm -rf /root/anaconda-ks.cfg
rm -rf /var/log/anaconda*
touch /var/log/cron
touch /var/log/boot.log
mkdir -p /var/cache/yum
/usr/sbin/fixfiles -R -a restore
# remove these for ec2 debugging
sed -i -e 's/ rhgb quiet//' /boot/grub/grub.conf
cat > /etc/modprobe.d/blacklist-nouveau.conf << EOL
blacklist nouveau
EOL
# enable resizing on copied AMIs
echo 'install_items+=" sgdisk "' > /etc/dracut.conf.d/sgdisk.conf
# Only x86 has xen support at this time
if [[ "$(arch)" == "x86_64" ]]; then
echo 'add_drivers+=" xen-netfront xen-blkfront "' > /etc/dracut.conf.d/xen.conf
fi
# Rerun dracut for the installed kernel (not the running kernel):
KERNEL_VERSION=$(rpm -q kernel --qf '%{V}-%{R}.%{arch}\n')
dracut -f /boot/initramfs-$KERNEL_VERSION.img $KERNEL_VERSION
cat /dev/null > /etc/machine-id
cat >> /etc/chrony.conf << EOF
# Amazon Time Sync Service
server 169.254.169.123 prefer iburst minpoll 4 maxpoll 4
EOF
# LVM Variant Fix, remove system.devices
rm -fv /etc/lvm/devices/system.devices
%end

View File

@ -0,0 +1,188 @@
# Generated by pykickstart v3.41
#version=DEVEL
# Firewall configuration
firewall --enabled --port=22:tcp
# Keyboard layouts
# old format: keyboard us
# new format:
keyboard --vckeymap=us --xlayouts='us'
# System language
lang en_US.UTF-8
# Network information
network --bootproto=dhcp --device=link --activate
# Shutdown after installation
shutdown
repo --name="rocky9-baseos" --baseurl=https://download.rockylinux.org/stg/rocky/10/BaseOS/aarch64/os/
repo --name="rocky9-appstream" --baseurl=https://download.rockylinux.org/stg/rocky/10/AppStream/aarch64/os/
repo --name="rocky9-powertools" --baseurl=https://download.rockylinux.org/stg/rocky/10/CRB/aarch64/os/
repo --name="instKern" --baseurl=https://rockyrepos.gnulab.org/gen_aarch64_el9/ --cost=100 --install
#Root password
rootpw --lock
# SELinux configuration
selinux --enforcing
# System services
services --enabled="sshd,NetworkManager,chronyd"
# System timezone
timezone UTC --utc --nontp
# Use network installation
url --url="https://download.rockylinux.org/stg/rocky/10/BaseOS/aarch64/os/"
# System bootloader configuration
bootloader --location=mbr --driveorder="sda"
# Partition clearing information
clearpart --all --initlabel
# Disk partitioning information
part /boot/efi --asprimary --fstype="efi" --size=512
part /boot --asprimary --fstype="ext4" --size=1024 --label=boot
part swap --asprimary --fstype="swap" --size=512 --label=swap
part / --asprimary --fstype="ext4" --size=3072 --label=rootfs
%pre
#End of Pre script for partitions
%end
%post
# Mandatory README file
cat >/root/README << EOF
== Rocky Linux 9 ==
If you want to automatically resize your / partition, just type the following (as root user):
rootfs-expand
EOF
%end
%post
# Setting correct yum variable to use raspberrypi kernel repo
#echo "generic" > /etc/dnf/vars/kvariant
#
# Creating rocky user and add to wheel group
/sbin/useradd -c "Rocky Linux default user" -G wheel -m -U rocky
echo "rockylinux" | passwd --stdin rocky
# Generic efi filename for VMs
mkdir -p /boot/efi/EFI/BOOT
if [ -d /boot/efi/EFI/rocky/ ] && [ -f /boot/efi/EFI/rocky/grubaa64.efi ];then
for j in grub.cfg grubenv;do
mv -f /boot/grub2/${j} /boot/efi/EFI/rocky/
ln -s ../efi/EFI/rocky/${j} /boot/grub2/${j}
done
cp -f /boot/efi/EFI/rocky/grubaa64.efi /boot/efi/EFI/BOOT/BOOTAA64.EFI
fi
cp -f /usr/share/uboot/rpi_3/u-boot.bin /boot/efi/rpi3-u-boot.bin
cp -f /usr/share/uboot/rpi_4/u-boot.bin /boot/efi/rpi4-u-boot.bin
rpm -e dracut-config-generic
#setup dtb link by running "creating 10-devicetree.install"
if [ -x /lib/kernel/install.d/10-devicetree.install ];then
/lib/kernel/install.d/10-devicetree.install remove
fi
### Write /etc/sysconfig/kernel
cat << EOF > /etc/sysconfig/kernel
# Written by image installer
# UPDATEDEFAULT specifies if new-kernel-pkg should make new kernels the default
UPDATEDEFAULT=yes
# DEFAULTKERNEL specifies the default kernel package type
DEFAULTKERNEL=kernel-core
EOF
chmod 644 /etc/sysconfig/kernel
### Write grub defaults, turn off OS probing as it is always wrong for image creation
cat << EOF > /etc/default/grub
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_LINUX=""
GRUB_DISABLE_RECOVERY="true"
GRUB_DISABLE_OS_PROBER="true"
GRUB_ENABLE_BLSCFG="false"
EOF
chmod 644 /etc/default/grub
# fixing the rpmdb
rpm --rebuilddb
# remove /boot/dtb for some rpi to boot
rm -f /boot/dtb
%end
%post
# Remove ifcfg-link on pre generated images
rm -f /etc/sysconfig/network-scripts/ifcfg-link
# Remove machine-id on pre generated images
rm -f /etc/machine-id
touch /etc/machine-id
%end
%post
cat >/usr/local/bin/rootfs-expand << EOF
#!/bin/bash
clear
part=\$(mount |grep '^/dev.* / ' |awk '{print \$1}')
if [ -z "\$part" ];then
echo "Error detecting rootfs"
exit -1
fi
dev=\$(echo \$part|sed 's/[0-9]*\$//g')
devlen=\${#dev}
num=\${part:\$devlen}
if [[ "\$dev" =~ ^/dev/mmcblk[0-9]*p\$ ]];then
dev=\${dev:0:-1}
fi
if [ ! -x /usr/bin/growpart ];then
echo "Please install cloud-utils-growpart (sudo yum install cloud-utils-growpart)"
exit -2
fi
if [ ! -x /usr/sbin/resize2fs ];then
echo "Please install e2fsprogs (sudo yum install e2fsprogs)"
exit -3
fi
echo \$part \$dev \$num
echo "Extending partition \$num to max size ...."
growpart \$dev \$num
echo "Resizing ext4 filesystem ..."
resize2fs \$part
echo "Done."
df -h |grep \$part
EOF
chmod +x /usr/local/bin/rootfs-expand
%end
%packages
@core
NetworkManager-wifi
bash-completion
bcm2711-firmware
bcm2835-firmware
bcm283x-firmware
bcm283x-overlays
chrony
cloud-utils-growpart
dracut-config-generic
efibootmgr
glibc-langpack-en
grub2-common
grub2-efi-aa64
grub2-efi-aa64-modules
grubby
kernel
kernel-core
nano
net-tools
shim-aa64
systemd-udev
uboot-images-armv8
uboot-tools
-dracut-config-rescue
-java-11-*
%end

View File

@ -0,0 +1,226 @@
text
lang en_US.UTF-8
keyboard us
timezone --utc UTC
# Disk
bootloader --append="console=ttyS0,115200n8 no_timer_check crashkernel=auto net.ifnames=0" --location=mbr --timeout=1
selinux --enforcing
firewall --enabled --service=ssh
firstboot --disable
# Network information
network --bootproto=dhcp --device=link --activate --onboot=on
# Root password
services --disabled="kdump,rhsmcertd" --enabled="NetworkManager,sshd,rsyslog,chronyd,cloud-init,cloud-init-local,cloud-config,cloud-final,rngd"
rootpw --iscrypted thereisnopasswordanditslocked
# Disk partitioning information
# NOTE(neil): 2023-05-12 NONE of reqpart, clearpart, zerombr can be used. We
# are creating partitions manually in %pre to ensure proper ordering as
# Anaconda does NOT ensure the ordering `part` commands.
part /boot/efi --fstype="efi" --onpart=vda1
part /boot --fstype="xfs" --label=boot --onpart=vda2
part prepboot --fstype="prepboot" --onpart=vda3
part biosboot --fstype="biosboot" --onpart=vda4
part / --size=8000 --fstype="xfs" --mkfsoptions "-m bigtime=0,inobtcount=0" --grow --onpart=vda5
shutdown
%pre
# Clear the Master Boot Record
dd if=/dev/zero of=/dev/vda bs=512 count=1
# Create a new GPT partition table
parted /dev/vda mklabel gpt
# Create a partition for /boot/efi
parted /dev/vda mkpart primary fat32 1MiB 100MiB
parted /dev/vda set 1 boot on
# Create a partition for /boot
parted /dev/vda mkpart primary xfs 100MiB 1100MiB
# Create a partition for prep
parted /dev/vda mkpart primary 1100MiB 1104MiB
# Create a partition for bios_grub
parted /dev/vda mkpart primary 1104MiB 1105MiB
# Create a partition for LVM
parted /dev/vda mkpart primary xfs 1106MiB 10.7GB
%end
%packages
@core
rocky-release
dnf
kernel
yum
nfs-utils
dnf-utils
hostname
-aic94xx-firmware
-alsa-firmware
-alsa-lib
-alsa-tools-firmware
-ivtv-firmware
-iwl1000-firmware
-iwl100-firmware
-iwl105-firmware
-iwl135-firmware
-iwl2000-firmware
-iwl2030-firmware
-iwl3160-firmware
-iwl3945-firmware
-iwl4965-firmware
-iwl5000-firmware
-iwl5150-firmware
-iwl6000-firmware
-iwl6000g2a-firmware
-iwl6000g2b-firmware
-iwl6050-firmware
-iwl7260-firmware
-libertas-sd8686-firmware
-libertas-sd8787-firmware
-libertas-usb8388-firmware
cloud-init
cloud-utils-growpart
python3-jsonschema
dracut-config-generic
-dracut-config-rescue
firewalld
# some stuff that's missing from core or things we want
tar
tcpdump
rsync
rng-tools
cockpit-ws
cockpit-system
qemu-guest-agent
virt-what
-biosdevname
-plymouth
-iprutils
# Fixes an s390x issue
#-langpacks-*
-langpacks-en
%end
%post --erroronfail
passwd -d root
passwd -l root
# Attempting to force legacy BIOS boot if we boot from UEFI
if [ "$(arch)" = "x86_64" ]; then
dnf install grub2-pc-modules grub2-pc -y
grub2-install --target=i386-pc /dev/vda
fi
# Ensure that the pmbr_boot flag is off
parted /dev/vda disk_set pmbr_boot off
# setup systemd to boot to the right runlevel
rm -f /etc/systemd/system/default.target
ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
echo .
# we don't need this in virt
dnf -C -y remove linux-firmware
# Remove firewalld; it is required to be present for install/image building.
# but we dont ship it in cloud
dnf -C -y remove firewalld --setopt="clean_requirements_on_remove=1"
dnf -C -y remove avahi\*
sed -i '/^#NAutoVTs=.*/ a\
NAutoVTs=0' /etc/systemd/logind.conf
cat > /etc/sysconfig/network << EOF
NETWORKING=yes
NOZEROCONF=yes
EOF
# this should *really* be an empty file - gotta make anaconda happy
truncate -s 0 /etc/resolv.conf
# For cloud images, 'eth0' _is_ the predictable device name, since
# we don't want to be tied to specific virtual (!) hardware
rm -f /etc/udev/rules.d/70*
ln -s /dev/null /etc/udev/rules.d/80-net-name-slot.rules
rm -f /etc/sysconfig/network-scripts/ifcfg-*
# simple eth0 config, again not hard-coded to the build hardware
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
DEVICE="eth0"
BOOTPROTO="dhcp"
BOOTPROTOv6="dhcp"
ONBOOT="yes"
TYPE="Ethernet"
USERCTL="yes"
PEERDNS="yes"
IPV6INIT="yes"
PERSISTENT_DHCLIENT="1"
EOF
echo "virtual-guest" > /etc/tuned/active_profile
# generic localhost names
cat > /etc/hosts << EOF
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
EOF
echo .
#systemctl mask tmp.mount
cat <<EOL > /etc/sysconfig/kernel
# UPDATEDEFAULT specifies if new-kernel-pkg should make
# new kernels the default
UPDATEDEFAULT=yes
# DEFAULTKERNEL specifies the default kernel package type
DEFAULTKERNEL=kernel
EOL
# make sure firstboot doesn't start
echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot
# just in case
if ! grep -q growpart /etc/cloud/cloud.cfg; then
sed -i 's/ - resizefs/ - growpart\n - resizefs/' /etc/cloud/cloud.cfg
fi
# temporary until 22.2
sed -i 's/^system_info:/locale: C.UTF-8\nsystem_info:/' /etc/cloud/cloud.cfg
# rocky cloud user
sed -i '1i # Modified for cloud image' /etc/cloud/cloud.cfg
echo -e 'rocky\tALL=(ALL)\tNOPASSWD: ALL' >> /etc/sudoers
sed -i 's/name: cloud-user/name: rocky/g' /etc/cloud/cloud.cfg
# these shouldn't be enabled, but just in case
sed -i 's|^enabled=1|enabled=0|' /etc/yum/pluginconf.d/product-id.conf
sed -i 's|^enabled=1|enabled=0|' /etc/yum/pluginconf.d/subscription-manager.conf
dnf clean all