Compare commits
No commits in common. "main" and "r10" have entirely different histories.
89
README.md
89
README.md
@ -1,22 +1,79 @@
|
||||
**Note**: This repository is mirrored at the [RESF Git Service](https://git.resf.org/sig_core/kickstarts)
|
||||
and [Rocky Linux GitHub](https://github.com/rocky-linux/kickstarts)
|
||||
# R10 specific kickstarts
|
||||
|
||||
This is the kickstarts repository for Rocky Linux. These kickstarts help us
|
||||
make a variety of images, such as:
|
||||
This branch has Rocky Linux 10 specific kickstarts. These kickstarts vary
|
||||
between cloud images and live images provided in our repositories and
|
||||
mirrors.
|
||||
|
||||
* Live images (eg GNOME/Workstation, XFCE, KDE)
|
||||
* Cloud Images (eg EC2, GenericCloud for OpenStack, Azure)
|
||||
* Various container images
|
||||
## Structure
|
||||
|
||||
Each major version gets their own separate branch or branches, depending on the
|
||||
nature of the images and where development is for Rocky Linux.
|
||||
In the root of the repository are the general kickstarts in use that any
|
||||
user can pick up, use, or modify to their liking to make their own Rocky
|
||||
Linux live images, cloud images, and so on. These kickstarts are generated
|
||||
by templates that live in the various directories in this repository.
|
||||
|
||||
If you find that there is an error with a kickstart, there are problems with
|
||||
the images produced from these kickstarts, or you have suggestions to fix
|
||||
them, please open an issue. You can open an issue or PR at both the
|
||||
[RESF Git Service](https://git.resf.org/sig_core/kickstarts) or at our
|
||||
[GitHub Organization](https://github.com/rocky-linux/kickstarts)
|
||||
* `cloud` -> Cloud image templates
|
||||
* `live` -> Live image templates
|
||||
* `container` -> Container image templates
|
||||
|
||||
When opening a PR, please ensure it is against the correct branch.
|
||||
These kickstarts are generated using `ksflatten`. Changes made to the
|
||||
kickstarts generally match between the templates and the full kickstarts
|
||||
in the root.
|
||||
|
||||
-Release Engineering
|
||||
For SIG/Core's usage, we use the `live` area as a "working" directory,
|
||||
where we use the split parts in our automation for the images and the
|
||||
pre-flattened versions are there for the convenience of all users. This
|
||||
is easier than using the pre-made ones in empanadas.
|
||||
|
||||
## Building Live Images
|
||||
|
||||
To build live images, you will need to use `livecd-creator` or
|
||||
`livemedia-creator`. The former is simpler to use and generally works without
|
||||
many issues. The latter can be a bit more tricky to work with and typically
|
||||
runs the installer virtually. However, it can be used without a virtual machine
|
||||
like in a mock shell.
|
||||
|
||||
Optionally, it is possible to use `empanadas` found in the SIG/Core toolkit.
|
||||
|
||||
### Automatic: Using empanadas
|
||||
|
||||
To be filled.
|
||||
|
||||
### Manual: Using livemedia-creator
|
||||
|
||||
To use livemedia-creator without using virt, you can use a mock shell. To
|
||||
setup a mock chroot for the purpose of building a live image, you would
|
||||
set it up like so:
|
||||
|
||||
```
|
||||
# Install mock if you haven't already
|
||||
% dnf install epel-release -y
|
||||
% dnf install mock -y
|
||||
|
||||
# Add a user to the mock group
|
||||
% usermod -a -G mock user
|
||||
|
||||
# As the user, setup the mock environment
|
||||
% mock -r rocky-10-x86_64 --init
|
||||
% mock -r rocky-10-x86_64 --install lorax-lmc-novirt vim-minimal pykickstart git
|
||||
# You may need to be in permissive mode temporarily if you have issues
|
||||
% setenforce 0
|
||||
# Enter the shell
|
||||
% mock -r rocky-10-x86_64 --shell --isolation=simple --enable-network
|
||||
|
||||
# Clone the kickstarts and run an installation
|
||||
% git clone https://github.com/rocky-linux/kickstarts -b r9
|
||||
% cd kickstarts
|
||||
% livemedia-creator --ks Rocky-9-Workstation.ks \
|
||||
--no-virt \
|
||||
--resultdir /var/lmc \
|
||||
--project="Rocky Linux" \
|
||||
--make-iso \
|
||||
--volid Rocky-Workstation-9 \
|
||||
--iso-only \
|
||||
--iso-name Rocky-Workstation-9-x86_64.iso \
|
||||
--releasever=9 \
|
||||
--nomacboot # This option is important to set, mkfs.hfsplus is not available
|
||||
```
|
||||
|
||||
With the example above, all of the results will appear in
|
||||
`/var/lib/mock/rocky-10-x86_64/root/var/lmc`.
|
||||
|
273
Rocky-10-Azure-Base.ks
Normal file
273
Rocky-10-Azure-Base.ks
Normal file
@ -0,0 +1,273 @@
|
||||
#version=DEVEL
|
||||
# Keyboard layouts
|
||||
keyboard 'us'
|
||||
# Root password
|
||||
rootpw --iscrypted thereisnopasswordanditslocked
|
||||
# System language
|
||||
lang en_US.UTF-8
|
||||
# Shutdown after installation
|
||||
shutdown
|
||||
# System timezone
|
||||
timezone UTC --isUtc
|
||||
# Use text mode install
|
||||
text
|
||||
# Network information
|
||||
network --bootproto=dhcp --device=link --activate
|
||||
# Use network installation
|
||||
url --url="https://download.rockylinux.org/stg/rocky/10/BaseOS/$basearch/os/"
|
||||
# System authorization information
|
||||
# Firewall configuration
|
||||
firewall --enabled --service=ssh
|
||||
firstboot --disable
|
||||
# SELinux configuration
|
||||
selinux --enforcing
|
||||
|
||||
# System services
|
||||
services --disabled="kdump,rhsmcertd" --enabled="NetworkManager,sshd,rsyslog,chronyd,cloud-init,cloud-init-local,cloud-config,cloud-final,rngd"
|
||||
# System bootloader configuration
|
||||
bootloader --append="rootdelay=300 console=ttyS0 earlyprintk=ttyS0 no_timer_check crashkernel=auto net.ifnames=0" --location=mbr --timeout=1
|
||||
|
||||
# Disk partitioning information
|
||||
# NOTE(neil): 2023-05-12 NONE of reqpart, clearpart, zerombr can be used. We
|
||||
# are creating partitions manually in %pre to ensure proper ordering as
|
||||
# Anaconda does NOT ensure the ordering `part` commands.
|
||||
part /boot/efi --fstype="efi" --onpart=vda1
|
||||
part /boot --fstype="xfs" --label=boot --onpart=vda2
|
||||
part prepboot --fstype="prepboot" --onpart=vda3
|
||||
part biosboot --fstype="biosboot" --onpart=vda4
|
||||
part / --size=8000 --fstype="xfs" --mkfsoptions "-m bigtime=0,inobtcount=0" --grow --onpart=vda5
|
||||
|
||||
%pre
|
||||
# Clear the Master Boot Record
|
||||
dd if=/dev/zero of=/dev/vda bs=512 count=1
|
||||
# Create a new GPT partition table
|
||||
parted /dev/vda mklabel gpt
|
||||
# Create a partition for /boot/efi
|
||||
parted /dev/vda mkpart primary fat32 1MiB 100MiB
|
||||
parted /dev/vda set 1 boot on
|
||||
# Create a partition for /boot
|
||||
parted /dev/vda mkpart primary xfs 100MiB 1100MiB
|
||||
# Create a partition for prep
|
||||
parted /dev/vda mkpart primary 1100MiB 1104MiB
|
||||
# Create a partition for bios_grub
|
||||
parted /dev/vda mkpart primary 1104MiB 1105MiB
|
||||
# Create a partition for LVM
|
||||
parted /dev/vda mkpart primary xfs 1106MiB 10.7GB
|
||||
|
||||
%end
|
||||
|
||||
%post --erroronfail
|
||||
passwd -d root
|
||||
passwd -l root
|
||||
|
||||
systemctl enable waagent
|
||||
|
||||
# Attempting to force legacy BIOS boot if we boot from UEFI
|
||||
if [ "$(arch)" = "x86_64" ]; then
|
||||
dnf install grub2-pc-modules grub2-pc -y
|
||||
grub2-install --target=i386-pc /dev/vda
|
||||
fi
|
||||
|
||||
# Ensure that the pmbr_boot flag is off
|
||||
parted /dev/vda disk_set pmbr_boot off
|
||||
|
||||
# Common Cloud Tweaks
|
||||
# setup systemd to boot to the right runlevel
|
||||
rm -f /etc/systemd/system/default.target
|
||||
ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
|
||||
echo .
|
||||
|
||||
# remove linux-firmware as we're virt and it's half a gig
|
||||
dnf -C -y remove linux-firmware
|
||||
|
||||
# Remove firewalld; it is required to be present for install/image building.
|
||||
# but we dont ship it in cloud
|
||||
dnf -C -y remove firewalld --setopt="clean_requirements_on_remove=1"
|
||||
dnf -C -y remove avahi\*
|
||||
sed -i '/^#NAutoVTs=.*/ a\
|
||||
NAutoVTs=0' /etc/systemd/logind.conf
|
||||
|
||||
echo "virtual-guest" > /etc/tuned/active_profile
|
||||
|
||||
cat << EOF | tee -a /etc/NetworkManager/conf.d/dhcp-timeout.conf
|
||||
# Configure dhcp timeout to 300s by default
|
||||
[connection]
|
||||
ipv4.dhcp-timeout=300
|
||||
EOF
|
||||
|
||||
cat > /etc/sysconfig/network << EOF
|
||||
NETWORKING=yes
|
||||
NOZEROCONF=yes
|
||||
EOF
|
||||
|
||||
# Remove build-time resolvers to fix #16948
|
||||
truncate -s 0 /etc/resolv.conf
|
||||
|
||||
# generic localhost names
|
||||
cat > /etc/hosts << EOF
|
||||
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
|
||||
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
|
||||
|
||||
EOF
|
||||
echo .
|
||||
|
||||
# azure settings
|
||||
# Configure waagent for cloud-init
|
||||
sed -i 's/Provisioning.UseCloudInit=n/Provisioning.UseCloudInit=y/g' /etc/waagent.conf
|
||||
sed -i 's/Provisioning.Enabled=y/Provisioning.Enabled=n/g' /etc/waagent.conf
|
||||
|
||||
# Azure: handle sr-iov and networkmanaeger
|
||||
cat << EOF | tee -a /etc/udev/rules.d/68-azure-sriov-nm-unmanaged.rules
|
||||
# Accelerated Networking on Azure exposes a new SRIOV interface to the VM.
|
||||
# This interface is transparently bonded to the synthetic interface,
|
||||
# so NetworkManager should just ignore any SRIOV interfaces.
|
||||
SUBSYSTEM=="net", DRIVERS=="hv_pci", ACTION=="add", ENV{NM_UNMANAGED}="1"
|
||||
EOF
|
||||
|
||||
# Azure: Time sync for linux
|
||||
## Setup udev rule for ptp_hyperv
|
||||
cat << EOF | tee -a /etc/udev/rules.d/98-hyperv-ptp.rules
|
||||
## See: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/time-sync#check-for-ptp-clock-source
|
||||
SUBSYSTEM=="ptp", ATTR{clock_name}=="hyperv", SYMLINK += "ptp_hyperv"
|
||||
EOF
|
||||
|
||||
# Configure chrony to use ptp_hyperv
|
||||
cat << EOF | tee -a /etc/chrony.conf
|
||||
# Setup hyperv PTP device as refclock
|
||||
refclock PHC /dev/ptp_hyperv poll 3 dpoll -2 offset 0 stratum 2
|
||||
EOF
|
||||
|
||||
# Azure: Blacklist modules
|
||||
cat << EOF | tee -a /etc/modprobe.d/azure-blacklist.conf
|
||||
blacklist amdgpu
|
||||
blacklist nouveau
|
||||
blacklist radeon
|
||||
EOF
|
||||
|
||||
# Azure: cloud-init customizations for Hyperv
|
||||
cat << EOF | tee /etc/cloud/cloud.cfg.d/10-azure-kvp.cfg
|
||||
# Enable logging to the Hyper-V kvp in Azure
|
||||
reporting:
|
||||
logging:
|
||||
type: log
|
||||
telemetry:
|
||||
type: hyperv
|
||||
EOF
|
||||
|
||||
# Kernel and Drivers
|
||||
# Add drivers when building in VMWare, Vbox, or KVM (KVM)
|
||||
cat << EOF | tee -a /etc/dracut.conf.d/80-azure.conf
|
||||
add_drivers+=" hv_vmbus hv_netvsc hv_storvsc "
|
||||
EOF
|
||||
|
||||
dracut -f -v
|
||||
|
||||
cat <<EOL > /etc/sysconfig/kernel
|
||||
# UPDATEDEFAULT specifies if new-kernel-pkg should make
|
||||
# new kernels the default
|
||||
UPDATEDEFAULT=yes
|
||||
|
||||
# DEFAULTKERNEL specifies the default kernel package type
|
||||
DEFAULTKERNEL=kernel
|
||||
EOL
|
||||
|
||||
# make sure firstboot doesn't start
|
||||
echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot
|
||||
|
||||
# rocky cloud user
|
||||
sed -i '1i # Modified for cloud image' /etc/cloud/cloud.cfg
|
||||
sed -i 's/name: cloud-user/name: rocky/g' /etc/cloud/cloud.cfg
|
||||
echo -e 'rocky\tALL=(ALL)\tNOPASSWD: ALL' >> /etc/sudoers
|
||||
|
||||
# this shouldn't be the case, but we'll do it anyway
|
||||
sed -i 's|^enabled=1|enabled=0|' /etc/yum/pluginconf.d/product-id.conf
|
||||
sed -i 's|^enabled=1|enabled=0|' /etc/yum/pluginconf.d/subscription-manager.conf
|
||||
|
||||
dnf clean all
|
||||
truncate -c -s 0 /var/log/dnf.log
|
||||
|
||||
# XXX instance type markers - MUST match Rocky Infra expectation
|
||||
echo 'azure' > /etc/yum/vars/infra
|
||||
|
||||
# Azure Cleanup
|
||||
sudo rm -f /var/log/waagent.log
|
||||
sudo cloud-init clean
|
||||
waagent -force -deprovision+user
|
||||
|
||||
# Common cleanup
|
||||
rm -f ~/.bash_history
|
||||
export HISTSIZE=0
|
||||
|
||||
rm -f /var/lib/systemd/random-seed
|
||||
rm -rf /root/anaconda-ks.cfg
|
||||
rm -rf /root/install.log
|
||||
rm -rf /root/install.log.syslog
|
||||
rm -rf "/var/lib/yum/*"
|
||||
rm -rf "/var/log/anaconda*"
|
||||
rm -rf /var/log/yum.log
|
||||
|
||||
# Wipe machineid
|
||||
cat /dev/null > /etc/machine-id
|
||||
|
||||
# Fix selinux
|
||||
touch /var/log/cron
|
||||
touch /var/log/boot.log
|
||||
mkdir -p /var/cache/yum
|
||||
/usr/sbin/fixfiles -R -a restore
|
||||
|
||||
true
|
||||
|
||||
%end
|
||||
|
||||
%packages
|
||||
@core
|
||||
NetworkManager
|
||||
WALinuxAgent
|
||||
chrony
|
||||
cloud-init
|
||||
cloud-utils-growpart
|
||||
dhcp-client
|
||||
dnf-utils
|
||||
dracut-config-generic
|
||||
firewalld
|
||||
gdisk
|
||||
grub2
|
||||
hyperv-daemons
|
||||
kernel
|
||||
rng-tools
|
||||
rocky-release
|
||||
rsync
|
||||
tar
|
||||
yum-utils
|
||||
-aic94xx-firmware
|
||||
-alsa-firmware
|
||||
-alsa-lib
|
||||
-alsa-tools-firmware
|
||||
-biosdevname
|
||||
-iprutils
|
||||
-ivtv-firmware
|
||||
-iwl100-firmware
|
||||
-iwl1000-firmware
|
||||
-iwl105-firmware
|
||||
-iwl135-firmware
|
||||
-iwl2000-firmware
|
||||
-iwl2030-firmware
|
||||
-iwl3160-firmware
|
||||
-iwl3945-firmware
|
||||
-iwl4965-firmware
|
||||
-iwl5000-firmware
|
||||
-iwl5150-firmware
|
||||
-iwl6000-firmware
|
||||
-iwl6000g2a-firmware
|
||||
-iwl6000g2b-firmware
|
||||
-iwl6050-firmware
|
||||
-iwl7260-firmware
|
||||
-langpacks-*
|
||||
-langpacks-en
|
||||
-libertas-sd8686-firmware
|
||||
-libertas-sd8787-firmware
|
||||
-libertas-usb8388-firmware
|
||||
-plymouth
|
||||
-qemu-guest-agent
|
||||
|
||||
%end
|
279
Rocky-10-Azure-LVM.ks
Normal file
279
Rocky-10-Azure-LVM.ks
Normal file
@ -0,0 +1,279 @@
|
||||
#version=DEVEL
|
||||
# Keyboard layouts
|
||||
keyboard 'us'
|
||||
# Root password
|
||||
rootpw --iscrypted thereisnopasswordanditslocked
|
||||
# System language
|
||||
lang en_US.UTF-8
|
||||
# Shutdown after installation
|
||||
shutdown
|
||||
# System timezone
|
||||
timezone UTC --isUtc
|
||||
# Use text mode install
|
||||
text
|
||||
# Network information
|
||||
network --bootproto=dhcp --device=link --activate
|
||||
# Use network installation
|
||||
url --url="https://download.rockylinux.org/stg/rocky/10/BaseOS/$basearch/os/"
|
||||
# System authorization information
|
||||
# Firewall configuration
|
||||
firewall --enabled --service=ssh
|
||||
firstboot --disable
|
||||
# SELinux configuration
|
||||
selinux --enforcing
|
||||
|
||||
# System services
|
||||
services --disabled="kdump,rhsmcertd" --enabled="NetworkManager,sshd,rsyslog,chronyd,cloud-init,cloud-init-local,cloud-config,cloud-final,rngd"
|
||||
# System bootloader configuration
|
||||
bootloader --append="rootdelay=300 console=ttyS0 earlyprintk=ttyS0 no_timer_check crashkernel=auto net.ifnames=0" --location=mbr --timeout=1
|
||||
# Clear the Master Boot Record
|
||||
#zerombr
|
||||
# Partition clearing information
|
||||
#clearpart --all --initlabel --disklabel=gpt
|
||||
# Disk partitioning information
|
||||
part /boot/efi --fstype="efi" --onpart=vda1
|
||||
part /boot --fstype="xfs" --label=boot --onpart=vda2
|
||||
part prepboot --fstype="prepboot" --onpart=vda3
|
||||
part biosboot --fstype="biosboot" --onpart=vda4
|
||||
part pv.01 --grow --ondisk=vda --onpart=vda5
|
||||
volgroup rocky pv.01
|
||||
logvol / --grow --size=8000 --mkfsoptions="-m bigtime=0,inobtcount=0" --name=root --vgname=rocky
|
||||
|
||||
%pre
|
||||
# Clear the Master Boot Record
|
||||
dd if=/dev/zero of=/dev/vda bs=512 count=1
|
||||
# Create a new GPT partition table
|
||||
parted /dev/vda mklabel gpt
|
||||
# Create a partition for /boot/efi
|
||||
parted /dev/vda mkpart primary fat32 1MiB 100MiB
|
||||
parted /dev/vda set 1 boot on
|
||||
# Create a partition for /boot
|
||||
parted /dev/vda mkpart primary xfs 100MiB 1100MiB
|
||||
# Create a partition for prep
|
||||
parted /dev/vda mkpart primary 1100MiB 1104MiB
|
||||
# Create a partition for bios_grub
|
||||
parted /dev/vda mkpart primary 1104MiB 1105MiB
|
||||
# Create a partition for LVM
|
||||
parted /dev/vda mkpart primary ext2 1106MiB 10.7GB
|
||||
parted /dev/vda set 5 lvm on
|
||||
|
||||
%end
|
||||
|
||||
%post --erroronfail
|
||||
passwd -d root
|
||||
passwd -l root
|
||||
|
||||
systemctl enable waagent
|
||||
|
||||
# Attempting to force legacy BIOS boot if we boot from UEFI
|
||||
if [ "$(arch)" = "x86_64" ]; then
|
||||
dnf install grub2-pc-modules grub2-pc -y
|
||||
grub2-install --target=i386-pc /dev/vda
|
||||
fi
|
||||
|
||||
# Ensure that the pmbr_boot flag is off
|
||||
parted /dev/vda disk_set pmbr_boot off
|
||||
|
||||
# Common Cloud Tweaks
|
||||
# setup systemd to boot to the right runlevel
|
||||
rm -f /etc/systemd/system/default.target
|
||||
ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
|
||||
echo .
|
||||
|
||||
# remove linux-firmware as we're virt and it's half a gig
|
||||
dnf -C -y remove linux-firmware
|
||||
|
||||
# Remove firewalld; it is required to be present for install/image building.
|
||||
# but we dont ship it in cloud
|
||||
dnf -C -y remove firewalld --setopt="clean_requirements_on_remove=1"
|
||||
dnf -C -y remove avahi\*
|
||||
sed -i '/^#NAutoVTs=.*/ a\
|
||||
NAutoVTs=0' /etc/systemd/logind.conf
|
||||
|
||||
echo "virtual-guest" > /etc/tuned/active_profile
|
||||
|
||||
cat << EOF | tee -a /etc/NetworkManager/conf.d/dhcp-timeout.conf
|
||||
# Configure dhcp timeout to 300s by default
|
||||
[connection]
|
||||
ipv4.dhcp-timeout=300
|
||||
EOF
|
||||
|
||||
cat > /etc/sysconfig/network << EOF
|
||||
NETWORKING=yes
|
||||
NOZEROCONF=yes
|
||||
EOF
|
||||
|
||||
# Remove build-time resolvers to fix #16948
|
||||
truncate -s 0 /etc/resolv.conf
|
||||
|
||||
# generic localhost names
|
||||
cat > /etc/hosts << EOF
|
||||
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
|
||||
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
|
||||
|
||||
EOF
|
||||
echo .
|
||||
|
||||
# azure settings
|
||||
# Configure waagent for cloud-init
|
||||
sed -i 's/Provisioning.UseCloudInit=n/Provisioning.UseCloudInit=y/g' /etc/waagent.conf
|
||||
sed -i 's/Provisioning.Enabled=y/Provisioning.Enabled=n/g' /etc/waagent.conf
|
||||
|
||||
# Azure: handle sr-iov and networkmanaeger
|
||||
cat << EOF | tee -a /etc/udev/rules.d/68-azure-sriov-nm-unmanaged.rules
|
||||
# Accelerated Networking on Azure exposes a new SRIOV interface to the VM.
|
||||
# This interface is transparently bonded to the synthetic interface,
|
||||
# so NetworkManager should just ignore any SRIOV interfaces.
|
||||
SUBSYSTEM=="net", DRIVERS=="hv_pci", ACTION=="add", ENV{NM_UNMANAGED}="1"
|
||||
EOF
|
||||
|
||||
# Azure: Time sync for linux
|
||||
## Setup udev rule for ptp_hyperv
|
||||
cat << EOF | tee -a /etc/udev/rules.d/98-hyperv-ptp.rules
|
||||
## See: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/time-sync#check-for-ptp-clock-source
|
||||
SUBSYSTEM=="ptp", ATTR{clock_name}=="hyperv", SYMLINK += "ptp_hyperv"
|
||||
EOF
|
||||
|
||||
# Configure chrony to use ptp_hyperv
|
||||
cat << EOF | tee -a /etc/chrony.conf
|
||||
# Setup hyperv PTP device as refclock
|
||||
refclock PHC /dev/ptp_hyperv poll 3 dpoll -2 offset 0 stratum 2
|
||||
EOF
|
||||
|
||||
# Azure: Blacklist modules
|
||||
cat << EOF | tee -a /etc/modprobe.d/azure-blacklist.conf
|
||||
blacklist amdgpu
|
||||
blacklist nouveau
|
||||
blacklist radeon
|
||||
EOF
|
||||
|
||||
# Azure: cloud-init customizations for Hyperv
|
||||
cat << EOF | tee /etc/cloud/cloud.cfg.d/10-azure-kvp.cfg
|
||||
# Enable logging to the Hyper-V kvp in Azure
|
||||
reporting:
|
||||
logging:
|
||||
type: log
|
||||
telemetry:
|
||||
type: hyperv
|
||||
EOF
|
||||
|
||||
# Kernel and Drivers
|
||||
# Add drivers when building in VMWare, Vbox, or KVM (KVM)
|
||||
cat << EOF | tee -a /etc/dracut.conf.d/80-azure.conf
|
||||
add_drivers+=" hv_vmbus hv_netvsc hv_storvsc "
|
||||
EOF
|
||||
|
||||
dracut -f -v
|
||||
|
||||
cat <<EOL > /etc/sysconfig/kernel
|
||||
# UPDATEDEFAULT specifies if new-kernel-pkg should make
|
||||
# new kernels the default
|
||||
UPDATEDEFAULT=yes
|
||||
|
||||
# DEFAULTKERNEL specifies the default kernel package type
|
||||
DEFAULTKERNEL=kernel
|
||||
EOL
|
||||
|
||||
# make sure firstboot doesn't start
|
||||
echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot
|
||||
|
||||
# rocky cloud user
|
||||
sed -i '1i # Modified for cloud image' /etc/cloud/cloud.cfg
|
||||
sed -i 's/name: cloud-user/name: rocky/g' /etc/cloud/cloud.cfg
|
||||
echo -e 'rocky\tALL=(ALL)\tNOPASSWD: ALL' >> /etc/sudoers
|
||||
|
||||
# this shouldn't be the case, but we'll do it anyway
|
||||
sed -i 's|^enabled=1|enabled=0|' /etc/yum/pluginconf.d/product-id.conf
|
||||
sed -i 's|^enabled=1|enabled=0|' /etc/yum/pluginconf.d/subscription-manager.conf
|
||||
|
||||
dnf clean all
|
||||
truncate -c -s 0 /var/log/dnf.log
|
||||
|
||||
# XXX instance type markers - MUST match Rocky Infra expectation
|
||||
echo 'azure' > /etc/yum/vars/infra
|
||||
|
||||
# Azure Cleanup
|
||||
sudo rm -f /var/log/waagent.log
|
||||
sudo cloud-init clean
|
||||
waagent -force -deprovision+user
|
||||
|
||||
# Common cleanup
|
||||
rm -f ~/.bash_history
|
||||
export HISTSIZE=0
|
||||
|
||||
rm -f /var/lib/systemd/random-seed
|
||||
rm -rf /root/anaconda-ks.cfg
|
||||
rm -rf /root/install.log
|
||||
rm -rf /root/install.log.syslog
|
||||
rm -rf "/var/lib/yum/*"
|
||||
rm -rf "/var/log/anaconda*"
|
||||
rm -rf /var/log/yum.log
|
||||
|
||||
# Wipe machineid
|
||||
cat /dev/null > /etc/machine-id
|
||||
|
||||
# Fix selinux
|
||||
touch /var/log/cron
|
||||
touch /var/log/boot.log
|
||||
mkdir -p /var/cache/yum
|
||||
/usr/sbin/fixfiles -R -a restore
|
||||
|
||||
# LVM Variant Fix, remove system.devices
|
||||
rm -fv /etc/lvm/devices/system.devices
|
||||
|
||||
true
|
||||
|
||||
%end
|
||||
|
||||
%packages
|
||||
@core
|
||||
NetworkManager
|
||||
WALinuxAgent
|
||||
chrony
|
||||
cloud-init
|
||||
cloud-utils-growpart
|
||||
dhcp-client
|
||||
dnf-utils
|
||||
dracut-config-generic
|
||||
firewalld
|
||||
gdisk
|
||||
grub2
|
||||
hyperv-daemons
|
||||
kernel
|
||||
rng-tools
|
||||
rocky-release
|
||||
rsync
|
||||
tar
|
||||
yum-utils
|
||||
-aic94xx-firmware
|
||||
-alsa-firmware
|
||||
-alsa-lib
|
||||
-alsa-tools-firmware
|
||||
-biosdevname
|
||||
-iprutils
|
||||
-ivtv-firmware
|
||||
-iwl100-firmware
|
||||
-iwl1000-firmware
|
||||
-iwl105-firmware
|
||||
-iwl135-firmware
|
||||
-iwl2000-firmware
|
||||
-iwl2030-firmware
|
||||
-iwl3160-firmware
|
||||
-iwl3945-firmware
|
||||
-iwl4965-firmware
|
||||
-iwl5000-firmware
|
||||
-iwl5150-firmware
|
||||
-iwl6000-firmware
|
||||
-iwl6000g2a-firmware
|
||||
-iwl6000g2b-firmware
|
||||
-iwl6050-firmware
|
||||
-iwl7260-firmware
|
||||
-langpacks-*
|
||||
-langpacks-en
|
||||
-libertas-sd8686-firmware
|
||||
-libertas-sd8787-firmware
|
||||
-libertas-usb8388-firmware
|
||||
-plymouth
|
||||
-qemu-guest-agent
|
||||
|
||||
%end
|
109
Rocky-10-Container-Base.ks
Normal file
109
Rocky-10-Container-Base.ks
Normal file
@ -0,0 +1,109 @@
|
||||
# This is a minimal Rocky kickstart designed for docker.
|
||||
# It will not produce a bootable system
|
||||
# To use this kickstart, run make
|
||||
|
||||
# Basic setup information
|
||||
url --url https://download.rockylinux.org/stg/rocky/10/BaseOS/$basearch/os/
|
||||
|
||||
text
|
||||
bootloader --disable
|
||||
firewall --disabled
|
||||
network --bootproto=dhcp --device=link --activate --onboot=on
|
||||
rootpw --lock --iscrypted locked
|
||||
selinux --disabled
|
||||
shutdown
|
||||
|
||||
keyboard us
|
||||
lang en_US.UTF-8
|
||||
timezone --utc --nontp UTC
|
||||
|
||||
# Disk setup
|
||||
zerombr
|
||||
clearpart --all --initlabel
|
||||
autopart --noboot --nohome --noswap --nolvm --fstype=ext4
|
||||
|
||||
# This breaks everything, apparently
|
||||
%addon com_redhat_kdump --disable
|
||||
%end
|
||||
|
||||
# Package setup
|
||||
%packages --excludedocs --inst-langs=en --nocore --exclude-weakdeps
|
||||
bash
|
||||
binutils
|
||||
coreutils-single
|
||||
crypto-policies-scripts
|
||||
curl-minimal
|
||||
findutils
|
||||
glibc-minimal-langpack
|
||||
gzip
|
||||
hostname
|
||||
libcurl-minimal
|
||||
libusbx
|
||||
less
|
||||
rocky-release
|
||||
rootfiles
|
||||
tar
|
||||
usermode
|
||||
vim-minimal
|
||||
yum
|
||||
|
||||
-dosfstools
|
||||
-kexec-tools
|
||||
-e2fsprogs
|
||||
-firewalld
|
||||
-fuse-libs
|
||||
-gettext*
|
||||
-gnupg2-smime
|
||||
-grub\*
|
||||
-iptables
|
||||
-kernel
|
||||
-libss
|
||||
-langpacks-*
|
||||
-langpacks-en
|
||||
-os-prober*
|
||||
-pinentry
|
||||
-qemu-guest-agent
|
||||
-shared-mime-info
|
||||
-trousers
|
||||
-xfsprogs
|
||||
-xkeyboard-config
|
||||
%end
|
||||
|
||||
%post --erroronfail --log=/root/anaconda-post.log
|
||||
# container customizations inside the chroot
|
||||
|
||||
# Stay compatible
|
||||
echo 'container' > /etc/dnf/vars/infra
|
||||
|
||||
#Generate installtime file record
|
||||
/bin/date +%Y%m%d_%H%M > /etc/BUILDTIME
|
||||
|
||||
# Limit languages to help reduce size.
|
||||
LANG="en_US"
|
||||
echo "%_install_langs $LANG" > /etc/rpm/macros.image-language-conf
|
||||
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1727489
|
||||
echo 'LANG="C.UTF-8"' > /etc/locale.conf
|
||||
|
||||
# systemd fixes
|
||||
:> /etc/machine-id
|
||||
umount /run
|
||||
systemd-tmpfiles --create --boot
|
||||
|
||||
# mask mounts and login bits
|
||||
systemctl mask \
|
||||
console-getty.service \
|
||||
dev-hugepages.mount \
|
||||
getty.target \
|
||||
sys-fs-fuse-connections.mount \
|
||||
systemd-logind.service \
|
||||
systemd-remount-fs.service
|
||||
|
||||
# Cleanup the image
|
||||
rm -f /etc/udev/hwdb.bin
|
||||
rm -rf /usr/lib/udev/hwdb.d/ \
|
||||
/boot /var/lib/dnf/history.* \
|
||||
"/tmp/*" "/tmp/.*" || true
|
||||
|
||||
|
||||
%end
|
103
Rocky-10-Container-Minimal.ks
Normal file
103
Rocky-10-Container-Minimal.ks
Normal file
@ -0,0 +1,103 @@
|
||||
# This is a minimal Rocky kickstart designed for docker.
|
||||
# It will not produce a bootable system
|
||||
# To use this kickstart, run make
|
||||
|
||||
# Basic setup information
|
||||
|
||||
text
|
||||
bootloader --disable
|
||||
firewall --disabled
|
||||
network --bootproto=dhcp --device=link --activate --onboot=on
|
||||
rootpw --lock --iscrypted locked
|
||||
selinux --disabled
|
||||
shutdown
|
||||
|
||||
keyboard us
|
||||
lang en_US.UTF-8
|
||||
timezone --utc --nontp UTC
|
||||
|
||||
# Disk setup
|
||||
zerombr
|
||||
clearpart --all --initlabel
|
||||
autopart --noboot --nohome --noswap --nolvm --fstype=ext4
|
||||
|
||||
# This breaks everything, apparently
|
||||
%addon com_redhat_kdump --disable
|
||||
%end
|
||||
|
||||
# Package setup
|
||||
%packages --excludedocs --inst-langs=en --nocore --exclude-weakdeps
|
||||
bash
|
||||
coreutils-single
|
||||
glibc-minimal-langpack
|
||||
microdnf
|
||||
rocky-release
|
||||
util-linux
|
||||
|
||||
-brotli
|
||||
-dosfstools
|
||||
-e2fsprogs
|
||||
-firewalld
|
||||
-fuse-libs
|
||||
-gettext*
|
||||
-gnupg2-smime
|
||||
-grub\*
|
||||
-hostname
|
||||
-iptables
|
||||
-iputils
|
||||
-kernel
|
||||
-kexec-tools
|
||||
-less
|
||||
-libss
|
||||
-os-prober*
|
||||
-pinentry
|
||||
-qemu-guest-agent
|
||||
-rootfiles
|
||||
-shared-mime-info
|
||||
-tar
|
||||
-trousers
|
||||
-vim-minimal
|
||||
-xfsprogs
|
||||
-xkeyboard-config
|
||||
-yum
|
||||
%end
|
||||
|
||||
%post --erroronfail --log=/root/anaconda-post.log
|
||||
# container customizations inside the chroot
|
||||
|
||||
|
||||
rpm --rebuilddb
|
||||
|
||||
/bin/date +%Y-%m-%d_%H:%M:%S > /etc/BUILDTIME
|
||||
|
||||
echo 'container' > /etc/dnf/vars/infra
|
||||
|
||||
LANG="en_US"
|
||||
echo '%_install_langs en_US.UTF-8' > /etc/rpm/macros.image-language-conf
|
||||
echo 'LANG="C.UTF-8"' > /etc/locale.conf
|
||||
|
||||
rm -f /var/lib/dnf/history.*
|
||||
rm -fr "/var/log/*" "/tmp/*" "/tmp/.*"
|
||||
|
||||
for dir in $(ls -d "/usr/share/{locale,i18n}/*" | grep -v 'en_US\|all_languages\|locale\.alias'); do rm -fr $dir; done
|
||||
|
||||
# systemd fixes
|
||||
umount /run
|
||||
systemd-tmpfiles --create --boot
|
||||
|
||||
# mask mounts and login bits
|
||||
systemctl mask \
|
||||
console-getty.service \
|
||||
dev-hugepages.mount \
|
||||
getty.target \
|
||||
sys-fs-fuse-connections.mount \
|
||||
systemd-logind.service \
|
||||
systemd-remount-fs.service
|
||||
|
||||
# Cleanup the image
|
||||
rm -f /etc/udev/hwdb.bin
|
||||
rm -rf /usr/lib/udev/hwdb.d/ \
|
||||
/boot /var/lib/dnf/history.* \
|
||||
"/tmp/*" "/tmp/.*" || true
|
||||
|
||||
%end
|
112
Rocky-10-Container-UBI.ks
Normal file
112
Rocky-10-Container-UBI.ks
Normal file
@ -0,0 +1,112 @@
|
||||
# This is a minimal Rocky kickstart designed for docker.
|
||||
# It will not produce a bootable system
|
||||
# To use this kickstart, run make
|
||||
|
||||
# Basic setup information
|
||||
url --url https://download.rockylinux.org/stg/rocky/10/BaseOS/$basearch/os/
|
||||
|
||||
text
|
||||
bootloader --disable
|
||||
firewall --disabled
|
||||
network --bootproto=dhcp --device=link --activate --onboot=on
|
||||
rootpw --lock --iscrypted locked
|
||||
selinux --disabled
|
||||
shutdown
|
||||
|
||||
keyboard us
|
||||
lang en_US.UTF-8
|
||||
timezone --utc --nontp Etc/UTC
|
||||
|
||||
# Disk setup
|
||||
zerombr
|
||||
clearpart --all --initlabel
|
||||
autopart --noboot --nohome --noswap --nolvm --fstype=ext4
|
||||
|
||||
# This breaks everything, apparently
|
||||
%addon com_redhat_kdump --disable
|
||||
%end
|
||||
|
||||
# Package setup
|
||||
%packages --ignoremissing --excludedocs --inst-langs=en --nocore --exclude-weakdeps
|
||||
bash
|
||||
coreutils-single
|
||||
crypto-policies-scripts
|
||||
curl-minimal
|
||||
findutils
|
||||
gdb-gdbserver
|
||||
glibc-minimal-langpack
|
||||
gzip
|
||||
libcurl-minimal
|
||||
systemd
|
||||
rocky-release
|
||||
rootfiles
|
||||
tar
|
||||
util-linux
|
||||
vim-minimal
|
||||
which
|
||||
yum
|
||||
|
||||
-dosfstools
|
||||
-kexec-tools
|
||||
-e2fsprogs
|
||||
-firewalld
|
||||
-fuse-libs
|
||||
-gettext*
|
||||
-gnupg2-smime
|
||||
-grub\*
|
||||
-iptables
|
||||
-kernel
|
||||
-libss
|
||||
-os-prober*
|
||||
-pinentry
|
||||
-qemu-guest-agent
|
||||
-shared-mime-info
|
||||
-trousers
|
||||
-xfsprogs
|
||||
-xkeyboard-config
|
||||
%end
|
||||
|
||||
%post --erroronfail --log=/root/anaconda-post.log
|
||||
set -eux
|
||||
# container customizations inside the chroot
|
||||
|
||||
# Stay compatible
|
||||
echo 'container' > /etc/dnf/vars/infra
|
||||
|
||||
#Generate installtime file record
|
||||
/bin/date +%Y%m%d_%H%M > /etc/BUILDTIME
|
||||
|
||||
# Limit languages to help reduce size.
|
||||
LANG="en_US"
|
||||
echo "%_install_langs $LANG" > /etc/rpm/macros.image-language-conf
|
||||
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1727489
|
||||
echo 'LANG="C.UTF-8"' > /etc/locale.conf
|
||||
|
||||
# systemd fixes
|
||||
:> /etc/machine-id
|
||||
umount /run
|
||||
systemd-tmpfiles --create --boot
|
||||
|
||||
# mask mounts and login bits
|
||||
systemctl mask \
|
||||
console-getty.service \
|
||||
dev-hugepages.mount \
|
||||
getty.target \
|
||||
sys-fs-fuse-connections.mount \
|
||||
systemd-logind.service \
|
||||
systemd-remount-fs.service
|
||||
|
||||
# Remove network configuration files leftover from anaconda installation
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1713089
|
||||
rm -f /etc/sysconfig/network-scripts/ifcfg-*
|
||||
|
||||
# Cleanup the image
|
||||
rm -f /etc/udev/hwdb.bin
|
||||
rm -rf /usr/lib/udev/hwdb.d/ \
|
||||
/boot /var/lib/dnf/history.* \
|
||||
/var/cache/* /var/log/* \
|
||||
"/tmp/*" "/tmp/.*" || true
|
||||
|
||||
|
||||
%end
|
229
Rocky-10-EC2-Base.ks
Normal file
229
Rocky-10-EC2-Base.ks
Normal file
@ -0,0 +1,229 @@
|
||||
text
|
||||
lang en_US.UTF-8
|
||||
keyboard us
|
||||
timezone UTC --utc
|
||||
# Disk
|
||||
bootloader --append="console=ttyS0,115200n8 console=tty0 net.ifnames=0 rd.blacklist=nouveau nvme_core.io_timeout=4294967295" --location=mbr --timeout=1
|
||||
selinux --enforcing
|
||||
firewall --enabled --service=ssh
|
||||
firstboot --disable
|
||||
# Network information
|
||||
network --bootproto=dhcp --device=link --activate --onboot=on
|
||||
# Root password
|
||||
services --disabled="kdump,rhsmcertd" --enabled="NetworkManager,sshd,rsyslog,chronyd,cloud-init,cloud-init-local,cloud-config,cloud-final,rngd"
|
||||
rootpw --iscrypted thereisnopasswordanditslocked
|
||||
|
||||
# Disk partitioning information
|
||||
# NOTE(neil): 2023-05-12 NONE of reqpart, clearpart, zerombr can be used. We
|
||||
# are creating partitions manually in %pre to ensure proper ordering as
|
||||
# Anaconda does NOT ensure the ordering `part` commands.
|
||||
part /boot/efi --fstype="efi" --onpart=vda1
|
||||
part /boot --fstype="xfs" --label=boot --onpart=vda2
|
||||
part prepboot --fstype="prepboot" --onpart=vda3
|
||||
part biosboot --fstype="biosboot" --onpart=vda4
|
||||
part / --size=8000 --fstype="xfs" --mkfsoptions "-m bigtime=0,inobtcount=0" --grow --onpart=vda5
|
||||
|
||||
shutdown
|
||||
|
||||
%pre
|
||||
# Clear the Master Boot Record
|
||||
dd if=/dev/zero of=/dev/vda bs=512 count=1
|
||||
# Create a new GPT partition table
|
||||
parted /dev/vda mklabel gpt
|
||||
# Create a partition for /boot/efi
|
||||
parted /dev/vda mkpart primary fat32 1MiB 100MiB
|
||||
parted /dev/vda set 1 boot on
|
||||
# Create a partition for /boot
|
||||
parted /dev/vda mkpart primary xfs 100MiB 1100MiB
|
||||
# Create a partition for prep
|
||||
parted /dev/vda mkpart primary 1100MiB 1104MiB
|
||||
# Create a partition for bios_grub
|
||||
parted /dev/vda mkpart primary 1104MiB 1105MiB
|
||||
# Create a partition for LVM
|
||||
parted /dev/vda mkpart primary xfs 1106MiB 10.7GB
|
||||
|
||||
%end
|
||||
|
||||
%packages
|
||||
@core
|
||||
rocky-release
|
||||
kernel
|
||||
yum-utils
|
||||
-aic94xx-firmware
|
||||
-alsa-firmware
|
||||
-alsa-lib
|
||||
-alsa-tools-firmware
|
||||
-ivtv-firmware
|
||||
-iwl1000-firmware
|
||||
-iwl100-firmware
|
||||
-iwl105-firmware
|
||||
-iwl135-firmware
|
||||
-iwl2000-firmware
|
||||
-iwl2030-firmware
|
||||
-iwl3160-firmware
|
||||
-iwl3945-firmware
|
||||
-iwl4965-firmware
|
||||
-iwl5000-firmware
|
||||
-iwl5150-firmware
|
||||
-iwl6000-firmware
|
||||
-iwl6000g2a-firmware
|
||||
-iwl6000g2b-firmware
|
||||
-iwl6050-firmware
|
||||
-iwl7260-firmware
|
||||
-libertas-sd8686-firmware
|
||||
-libertas-sd8787-firmware
|
||||
-libertas-usb8388-firmware
|
||||
|
||||
cloud-init
|
||||
cloud-utils-growpart
|
||||
gdisk
|
||||
dracut-config-generic
|
||||
grub2
|
||||
firewalld
|
||||
|
||||
# some stuff that's missing from core or things we want
|
||||
tar
|
||||
rsync
|
||||
dhcp-client
|
||||
NetworkManager
|
||||
rng-tools
|
||||
|
||||
-biosdevname
|
||||
-plymouth
|
||||
-iprutils
|
||||
-langpacks-*
|
||||
-langpacks-en
|
||||
%end
|
||||
|
||||
%post --erroronfail
|
||||
passwd -d root
|
||||
passwd -l root
|
||||
|
||||
# Attempting to force legacy BIOS boot if we boot from UEFI
|
||||
if [ "$(arch)" = "x86_64" ]; then
|
||||
dnf install grub2-pc-modules grub2-pc -y
|
||||
grub2-install --target=i386-pc /dev/vda
|
||||
fi
|
||||
|
||||
# Ensure that the pmbr_boot flag is off
|
||||
parted /dev/vda disk_set pmbr_boot off
|
||||
|
||||
# setup systemd to boot to the right runlevel
|
||||
rm -f /etc/systemd/system/default.target
|
||||
ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
|
||||
echo .
|
||||
|
||||
dnf -C -y remove linux-firmware
|
||||
|
||||
# Remove firewalld; it is required to be present for install/image building.
|
||||
# but we dont ship it in cloud
|
||||
dnf -C -y remove firewalld --setopt="clean_requirements_on_remove=1"
|
||||
dnf -C -y remove avahi\*
|
||||
sed -i '/^#NAutoVTs=.*/ a\
|
||||
NAutoVTs=0' /etc/systemd/logind.conf
|
||||
|
||||
cat > /etc/sysconfig/network << EOF
|
||||
NETWORKING=yes
|
||||
NOZEROCONF=yes
|
||||
EOF
|
||||
|
||||
# this should *really* be an empty file - gotta make anaconda happy
|
||||
truncate -s 0 /etc/resolv.conf
|
||||
|
||||
# For cloud images, 'eth0' _is_ the predictable device name, since
|
||||
# we don't want to be tied to specific virtual (!) hardware
|
||||
rm -f /etc/udev/rules.d/70*
|
||||
ln -s /dev/null /etc/udev/rules.d/80-net-name-slot.rules
|
||||
|
||||
# simple eth0 config, again not hard-coded to the build hardware
|
||||
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
|
||||
DEVICE="eth0"
|
||||
BOOTPROTO="dhcp"
|
||||
ONBOOT="yes"
|
||||
TYPE="Ethernet"
|
||||
USERCTL="yes"
|
||||
PEERDNS="yes"
|
||||
IPV6INIT="no"
|
||||
PERSISTENT_DHCLIENT="1"
|
||||
EOF
|
||||
|
||||
# generic localhost names
|
||||
cat > /etc/hosts << EOF
|
||||
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
|
||||
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
|
||||
|
||||
EOF
|
||||
echo .
|
||||
|
||||
cat <<EOL > /etc/sysconfig/kernel
|
||||
# UPDATEDEFAULT specifies if new-kernel-pkg should make
|
||||
# new kernels the default
|
||||
UPDATEDEFAULT=yes
|
||||
|
||||
# DEFAULTKERNEL specifies the default kernel package type
|
||||
DEFAULTKERNEL=kernel
|
||||
EOL
|
||||
|
||||
# make sure firstboot doesn't start
|
||||
echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot
|
||||
|
||||
if ! grep -q growpart /etc/cloud/cloud.cfg; then
|
||||
sed -i 's/ - resizefs/ - growpart\n - resizefs/' /etc/cloud/cloud.cfg
|
||||
fi
|
||||
|
||||
# rocky cloud user
|
||||
sed -i '1i # Modified for cloud image' /etc/cloud/cloud.cfg
|
||||
sed -i 's/name: cloud-user/name: rocky/g' /etc/cloud/cloud.cfg
|
||||
echo -e 'rocky\tALL=(ALL)\tNOPASSWD: ALL' >> /etc/sudoers
|
||||
|
||||
# this shouldn't be the case, but we'll do it anyway
|
||||
sed -i 's|^enabled=1|enabled=0|' /etc/yum/pluginconf.d/product-id.conf
|
||||
sed -i 's|^enabled=1|enabled=0|' /etc/yum/pluginconf.d/subscription-manager.conf
|
||||
|
||||
dnf clean all
|
||||
truncate -c -s 0 /var/log/dnf.log
|
||||
|
||||
# XXX instance type markers - MUST match Rocky Infra expectation
|
||||
echo 'ec2' > /etc/yum/vars/infra
|
||||
|
||||
rm -rf /var/log/yum.log
|
||||
rm -rf "/var/lib/yum/*"
|
||||
rm -rf /root/install.log
|
||||
rm -rf /root/install.log.syslog
|
||||
rm -rf /root/anaconda-ks.cfg
|
||||
rm -rf /var/log/anaconda*
|
||||
|
||||
touch /var/log/cron
|
||||
touch /var/log/boot.log
|
||||
mkdir -p /var/cache/yum
|
||||
/usr/sbin/fixfiles -R -a restore
|
||||
|
||||
# remove these for ec2 debugging
|
||||
sed -i -e 's/ rhgb quiet//' /boot/grub/grub.conf
|
||||
|
||||
cat > /etc/modprobe.d/blacklist-nouveau.conf << EOL
|
||||
blacklist nouveau
|
||||
EOL
|
||||
|
||||
# enable resizing on copied AMIs
|
||||
echo 'install_items+=" sgdisk "' > /etc/dracut.conf.d/sgdisk.conf
|
||||
|
||||
# Only x86 has xen support at this time
|
||||
if [[ "$(arch)" == "x86_64" ]]; then
|
||||
echo 'add_drivers+=" xen-netfront xen-blkfront "' > /etc/dracut.conf.d/xen.conf
|
||||
fi
|
||||
|
||||
# Rerun dracut for the installed kernel (not the running kernel):
|
||||
KERNEL_VERSION=$(rpm -q kernel --qf '%{V}-%{R}.%{arch}\n')
|
||||
dracut -f /boot/initramfs-$KERNEL_VERSION.img $KERNEL_VERSION
|
||||
|
||||
cat /dev/null > /etc/machine-id
|
||||
|
||||
cat >> /etc/chrony.conf << EOF
|
||||
|
||||
# Amazon Time Sync Service
|
||||
server 169.254.169.123 prefer iburst minpoll 4 maxpoll 4
|
||||
EOF
|
||||
|
||||
%end
|
||||
|
234
Rocky-10-EC2-LVM.ks
Normal file
234
Rocky-10-EC2-LVM.ks
Normal file
@ -0,0 +1,234 @@
|
||||
text
|
||||
lang en_US.UTF-8
|
||||
keyboard us
|
||||
timezone UTC --utc
|
||||
# Disk
|
||||
bootloader --append="console=ttyS0,115200n8 console=tty0 net.ifnames=0 rd.blacklist=nouveau nvme_core.io_timeout=4294967295" --location=mbr --timeout=1
|
||||
selinux --enforcing
|
||||
firewall --enabled --service=ssh
|
||||
firstboot --disable
|
||||
# Network information
|
||||
network --bootproto=dhcp --device=link --activate --onboot=on
|
||||
# Root password
|
||||
services --disabled="kdump,rhsmcertd" --enabled="NetworkManager,sshd,rsyslog,chronyd,cloud-init,cloud-init-local,cloud-config,cloud-final,rngd"
|
||||
rootpw --iscrypted thereisnopasswordanditslocked
|
||||
|
||||
# Partition stuff - Should work for x86 and aarch64
|
||||
#zerombr
|
||||
#clearpart --all --initlabel --disklabel=gpt
|
||||
#reqpart
|
||||
part /boot/efi --fstype=efi --asprimary --onpart=vda1
|
||||
part /boot --fstype=xfs --label=boot --onpart=vda2
|
||||
part prepboot --fstype=prepboot --asprimary --onpart=vda3
|
||||
part biosboot --fstype=biosboot --asprimary --onpart=vda4
|
||||
part pv.01 --grow --onpart=vda5
|
||||
volgroup rocky pv.01
|
||||
logvol / --vgname=rocky --size=8000 --name=root --grow --mkfsoptions "-m bigtime=0,inobtcount=0"
|
||||
shutdown
|
||||
|
||||
%pre
|
||||
# Clear the Master Boot Record
|
||||
dd if=/dev/zero of=/dev/vda bs=512 count=1
|
||||
# Create a new GPT partition table
|
||||
parted /dev/vda mklabel gpt
|
||||
# Create a partition for /boot/efi
|
||||
parted /dev/vda mkpart primary fat32 1MiB 100MiB
|
||||
parted /dev/vda set 1 boot on
|
||||
# Create a partition for /boot
|
||||
parted /dev/vda mkpart primary xfs 100MiB 1100MiB
|
||||
# Create a partition for prep
|
||||
parted /dev/vda mkpart primary 1100MiB 1104MiB
|
||||
# Create a partition for bios_grub
|
||||
parted /dev/vda mkpart primary 1104MiB 1105MiB
|
||||
# Create a partition for LVM
|
||||
parted /dev/vda mkpart primary ext2 1106MiB 10.7GB
|
||||
parted /dev/vda set 5 lvm on
|
||||
|
||||
%end
|
||||
|
||||
%packages
|
||||
@core
|
||||
rocky-release
|
||||
kernel
|
||||
yum-utils
|
||||
-aic94xx-firmware
|
||||
-alsa-firmware
|
||||
-alsa-lib
|
||||
-alsa-tools-firmware
|
||||
-ivtv-firmware
|
||||
-iwl1000-firmware
|
||||
-iwl100-firmware
|
||||
-iwl105-firmware
|
||||
-iwl135-firmware
|
||||
-iwl2000-firmware
|
||||
-iwl2030-firmware
|
||||
-iwl3160-firmware
|
||||
-iwl3945-firmware
|
||||
-iwl4965-firmware
|
||||
-iwl5000-firmware
|
||||
-iwl5150-firmware
|
||||
-iwl6000-firmware
|
||||
-iwl6000g2a-firmware
|
||||
-iwl6000g2b-firmware
|
||||
-iwl6050-firmware
|
||||
-iwl7260-firmware
|
||||
-libertas-sd8686-firmware
|
||||
-libertas-sd8787-firmware
|
||||
-libertas-usb8388-firmware
|
||||
|
||||
cloud-init
|
||||
cloud-utils-growpart
|
||||
gdisk
|
||||
dracut-config-generic
|
||||
grub2
|
||||
firewalld
|
||||
|
||||
# some stuff that's missing from core or things we want
|
||||
tar
|
||||
rsync
|
||||
dhcp-client
|
||||
NetworkManager
|
||||
rng-tools
|
||||
|
||||
-biosdevname
|
||||
-plymouth
|
||||
-iprutils
|
||||
-langpacks-*
|
||||
-langpacks-en
|
||||
%end
|
||||
|
||||
%post --erroronfail
|
||||
passwd -d root
|
||||
passwd -l root
|
||||
|
||||
# Attempting to force legacy BIOS boot if we boot from UEFI
|
||||
if [ "$(arch)" = "x86_64" ]; then
|
||||
dnf install grub2-pc-modules grub2-pc -y
|
||||
grub2-install --target=i386-pc /dev/vda
|
||||
fi
|
||||
|
||||
# Ensure that the pmbr_boot flag is off
|
||||
parted /dev/vda disk_set pmbr_boot off
|
||||
|
||||
# setup systemd to boot to the right runlevel
|
||||
rm -f /etc/systemd/system/default.target
|
||||
ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
|
||||
echo .
|
||||
|
||||
dnf -C -y remove linux-firmware
|
||||
|
||||
# Remove firewalld; it is required to be present for install/image building.
|
||||
# but we dont ship it in cloud
|
||||
dnf -C -y remove firewalld --setopt="clean_requirements_on_remove=1"
|
||||
dnf -C -y remove avahi\*
|
||||
sed -i '/^#NAutoVTs=.*/ a\
|
||||
NAutoVTs=0' /etc/systemd/logind.conf
|
||||
|
||||
cat > /etc/sysconfig/network << EOF
|
||||
NETWORKING=yes
|
||||
NOZEROCONF=yes
|
||||
EOF
|
||||
|
||||
# this should *really* be an empty file - gotta make anaconda happy
|
||||
truncate -s 0 /etc/resolv.conf
|
||||
|
||||
# For cloud images, 'eth0' _is_ the predictable device name, since
|
||||
# we don't want to be tied to specific virtual (!) hardware
|
||||
rm -f /etc/udev/rules.d/70*
|
||||
ln -s /dev/null /etc/udev/rules.d/80-net-name-slot.rules
|
||||
|
||||
# simple eth0 config, again not hard-coded to the build hardware
|
||||
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
|
||||
DEVICE="eth0"
|
||||
BOOTPROTO="dhcp"
|
||||
ONBOOT="yes"
|
||||
TYPE="Ethernet"
|
||||
USERCTL="yes"
|
||||
PEERDNS="yes"
|
||||
IPV6INIT="no"
|
||||
PERSISTENT_DHCLIENT="1"
|
||||
EOF
|
||||
|
||||
# generic localhost names
|
||||
cat > /etc/hosts << EOF
|
||||
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
|
||||
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
|
||||
|
||||
EOF
|
||||
echo .
|
||||
|
||||
cat <<EOL > /etc/sysconfig/kernel
|
||||
# UPDATEDEFAULT specifies if new-kernel-pkg should make
|
||||
# new kernels the default
|
||||
UPDATEDEFAULT=yes
|
||||
|
||||
# DEFAULTKERNEL specifies the default kernel package type
|
||||
DEFAULTKERNEL=kernel
|
||||
EOL
|
||||
|
||||
# make sure firstboot doesn't start
|
||||
echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot
|
||||
|
||||
if ! grep -q growpart /etc/cloud/cloud.cfg; then
|
||||
sed -i 's/ - resizefs/ - growpart\n - resizefs/' /etc/cloud/cloud.cfg
|
||||
fi
|
||||
|
||||
# rocky cloud user
|
||||
sed -i '1i # Modified for cloud image' /etc/cloud/cloud.cfg
|
||||
sed -i 's/name: cloud-user/name: rocky/g' /etc/cloud/cloud.cfg
|
||||
echo -e 'rocky\tALL=(ALL)\tNOPASSWD: ALL' >> /etc/sudoers
|
||||
|
||||
# this shouldn't be the case, but we'll do it anyway
|
||||
sed -i 's|^enabled=1|enabled=0|' /etc/yum/pluginconf.d/product-id.conf
|
||||
sed -i 's|^enabled=1|enabled=0|' /etc/yum/pluginconf.d/subscription-manager.conf
|
||||
|
||||
dnf clean all
|
||||
truncate -c -s 0 /var/log/dnf.log
|
||||
|
||||
# XXX instance type markers - MUST match Rocky Infra expectation
|
||||
echo 'ec2' > /etc/yum/vars/infra
|
||||
|
||||
rm -rf /var/log/yum.log
|
||||
rm -rf "/var/lib/yum/*"
|
||||
rm -rf /root/install.log
|
||||
rm -rf /root/install.log.syslog
|
||||
rm -rf /root/anaconda-ks.cfg
|
||||
rm -rf /var/log/anaconda*
|
||||
|
||||
touch /var/log/cron
|
||||
touch /var/log/boot.log
|
||||
mkdir -p /var/cache/yum
|
||||
/usr/sbin/fixfiles -R -a restore
|
||||
|
||||
# remove these for ec2 debugging
|
||||
sed -i -e 's/ rhgb quiet//' /boot/grub/grub.conf
|
||||
|
||||
cat > /etc/modprobe.d/blacklist-nouveau.conf << EOL
|
||||
blacklist nouveau
|
||||
EOL
|
||||
|
||||
# enable resizing on copied AMIs
|
||||
echo 'install_items+=" sgdisk "' > /etc/dracut.conf.d/sgdisk.conf
|
||||
|
||||
# Only x86 has xen support at this time
|
||||
if [[ "$(arch)" == "x86_64" ]]; then
|
||||
echo 'add_drivers+=" xen-netfront xen-blkfront "' > /etc/dracut.conf.d/xen.conf
|
||||
fi
|
||||
|
||||
# Rerun dracut for the installed kernel (not the running kernel):
|
||||
KERNEL_VERSION=$(rpm -q kernel --qf '%{V}-%{R}.%{arch}\n')
|
||||
dracut -f /boot/initramfs-$KERNEL_VERSION.img $KERNEL_VERSION
|
||||
|
||||
cat /dev/null > /etc/machine-id
|
||||
|
||||
cat >> /etc/chrony.conf << EOF
|
||||
|
||||
# Amazon Time Sync Service
|
||||
server 169.254.169.123 prefer iburst minpoll 4 maxpoll 4
|
||||
EOF
|
||||
|
||||
# LVM Variant Fix, remove system.devices
|
||||
rm -fv /etc/lvm/devices/system.devices
|
||||
|
||||
%end
|
||||
|
188
Rocky-10-GenericArm-Minimal.ks
Normal file
188
Rocky-10-GenericArm-Minimal.ks
Normal file
@ -0,0 +1,188 @@
|
||||
# Generated by pykickstart v3.41
|
||||
#version=DEVEL
|
||||
# Firewall configuration
|
||||
firewall --enabled --port=22:tcp
|
||||
# Keyboard layouts
|
||||
# old format: keyboard us
|
||||
# new format:
|
||||
keyboard --vckeymap=us --xlayouts='us'
|
||||
# System language
|
||||
lang en_US.UTF-8
|
||||
# Network information
|
||||
network --bootproto=dhcp --device=link --activate
|
||||
# Shutdown after installation
|
||||
shutdown
|
||||
repo --name="rocky9-baseos" --baseurl=https://download.rockylinux.org/stg/rocky/10/BaseOS/aarch64/os/
|
||||
repo --name="rocky9-appstream" --baseurl=https://download.rockylinux.org/stg/rocky/10/AppStream/aarch64/os/
|
||||
repo --name="rocky9-powertools" --baseurl=https://download.rockylinux.org/stg/rocky/10/CRB/aarch64/os/
|
||||
repo --name="instKern" --baseurl=https://rockyrepos.gnulab.org/gen_aarch64_el9/ --cost=100 --install
|
||||
#Root password
|
||||
rootpw --lock
|
||||
# SELinux configuration
|
||||
selinux --enforcing
|
||||
# System services
|
||||
services --enabled="sshd,NetworkManager,chronyd"
|
||||
# System timezone
|
||||
timezone UTC --utc --nontp
|
||||
# Use network installation
|
||||
url --url="https://download.rockylinux.org/stg/rocky/10/BaseOS/aarch64/os/"
|
||||
# System bootloader configuration
|
||||
bootloader --location=mbr --driveorder="sda"
|
||||
# Partition clearing information
|
||||
clearpart --all --initlabel
|
||||
# Disk partitioning information
|
||||
part /boot/efi --asprimary --fstype="efi" --size=512
|
||||
part /boot --asprimary --fstype="ext4" --size=1024 --label=boot
|
||||
part swap --asprimary --fstype="swap" --size=512 --label=swap
|
||||
part / --asprimary --fstype="ext4" --size=3072 --label=rootfs
|
||||
|
||||
%pre
|
||||
|
||||
#End of Pre script for partitions
|
||||
%end
|
||||
|
||||
%post
|
||||
# Mandatory README file
|
||||
cat >/root/README << EOF
|
||||
== Rocky Linux 9 ==
|
||||
|
||||
If you want to automatically resize your / partition, just type the following (as root user):
|
||||
rootfs-expand
|
||||
|
||||
EOF
|
||||
|
||||
%end
|
||||
|
||||
%post
|
||||
# Setting correct yum variable to use raspberrypi kernel repo
|
||||
#echo "generic" > /etc/dnf/vars/kvariant
|
||||
#
|
||||
# Creating rocky user and add to wheel group
|
||||
/sbin/useradd -c "Rocky Linux default user" -G wheel -m -U rocky
|
||||
echo "rockylinux" | passwd --stdin rocky
|
||||
# Generic efi filename for VMs
|
||||
mkdir -p /boot/efi/EFI/BOOT
|
||||
if [ -d /boot/efi/EFI/rocky/ ] && [ -f /boot/efi/EFI/rocky/grubaa64.efi ];then
|
||||
for j in grub.cfg grubenv;do
|
||||
mv -f /boot/grub2/${j} /boot/efi/EFI/rocky/
|
||||
ln -s ../efi/EFI/rocky/${j} /boot/grub2/${j}
|
||||
done
|
||||
cp -f /boot/efi/EFI/rocky/grubaa64.efi /boot/efi/EFI/BOOT/BOOTAA64.EFI
|
||||
fi
|
||||
|
||||
cp -f /usr/share/uboot/rpi_3/u-boot.bin /boot/efi/rpi3-u-boot.bin
|
||||
cp -f /usr/share/uboot/rpi_4/u-boot.bin /boot/efi/rpi4-u-boot.bin
|
||||
|
||||
rpm -e dracut-config-generic
|
||||
|
||||
#setup dtb link by running "creating 10-devicetree.install"
|
||||
if [ -x /lib/kernel/install.d/10-devicetree.install ];then
|
||||
/lib/kernel/install.d/10-devicetree.install remove
|
||||
fi
|
||||
|
||||
### Write /etc/sysconfig/kernel
|
||||
cat << EOF > /etc/sysconfig/kernel
|
||||
# Written by image installer
|
||||
# UPDATEDEFAULT specifies if new-kernel-pkg should make new kernels the default
|
||||
UPDATEDEFAULT=yes
|
||||
|
||||
# DEFAULTKERNEL specifies the default kernel package type
|
||||
DEFAULTKERNEL=kernel-core
|
||||
EOF
|
||||
chmod 644 /etc/sysconfig/kernel
|
||||
|
||||
### Write grub defaults, turn off OS probing as it is always wrong for image creation
|
||||
cat << EOF > /etc/default/grub
|
||||
GRUB_TIMEOUT=5
|
||||
GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
|
||||
GRUB_DEFAULT=saved
|
||||
GRUB_DISABLE_SUBMENU=true
|
||||
GRUB_TERMINAL_OUTPUT="console"
|
||||
GRUB_CMDLINE_LINUX=""
|
||||
GRUB_DISABLE_RECOVERY="true"
|
||||
GRUB_DISABLE_OS_PROBER="true"
|
||||
GRUB_ENABLE_BLSCFG="false"
|
||||
EOF
|
||||
chmod 644 /etc/default/grub
|
||||
# fixing the rpmdb
|
||||
rpm --rebuilddb
|
||||
# remove /boot/dtb for some rpi to boot
|
||||
rm -f /boot/dtb
|
||||
%end
|
||||
|
||||
%post
|
||||
# Remove ifcfg-link on pre generated images
|
||||
rm -f /etc/sysconfig/network-scripts/ifcfg-link
|
||||
|
||||
# Remove machine-id on pre generated images
|
||||
rm -f /etc/machine-id
|
||||
touch /etc/machine-id
|
||||
|
||||
%end
|
||||
|
||||
%post
|
||||
cat >/usr/local/bin/rootfs-expand << EOF
|
||||
|
||||
#!/bin/bash
|
||||
clear
|
||||
part=\$(mount |grep '^/dev.* / ' |awk '{print \$1}')
|
||||
if [ -z "\$part" ];then
|
||||
echo "Error detecting rootfs"
|
||||
exit -1
|
||||
fi
|
||||
dev=\$(echo \$part|sed 's/[0-9]*\$//g')
|
||||
devlen=\${#dev}
|
||||
num=\${part:\$devlen}
|
||||
if [[ "\$dev" =~ ^/dev/mmcblk[0-9]*p\$ ]];then
|
||||
dev=\${dev:0:-1}
|
||||
fi
|
||||
if [ ! -x /usr/bin/growpart ];then
|
||||
echo "Please install cloud-utils-growpart (sudo yum install cloud-utils-growpart)"
|
||||
exit -2
|
||||
fi
|
||||
if [ ! -x /usr/sbin/resize2fs ];then
|
||||
echo "Please install e2fsprogs (sudo yum install e2fsprogs)"
|
||||
exit -3
|
||||
fi
|
||||
echo \$part \$dev \$num
|
||||
|
||||
echo "Extending partition \$num to max size ...."
|
||||
growpart \$dev \$num
|
||||
echo "Resizing ext4 filesystem ..."
|
||||
resize2fs \$part
|
||||
echo "Done."
|
||||
df -h |grep \$part
|
||||
EOF
|
||||
|
||||
chmod +x /usr/local/bin/rootfs-expand
|
||||
%end
|
||||
|
||||
%packages
|
||||
@core
|
||||
NetworkManager-wifi
|
||||
bash-completion
|
||||
bcm2711-firmware
|
||||
bcm2835-firmware
|
||||
bcm283x-firmware
|
||||
bcm283x-overlays
|
||||
chrony
|
||||
cloud-utils-growpart
|
||||
dracut-config-generic
|
||||
efibootmgr
|
||||
glibc-langpack-en
|
||||
grub2-common
|
||||
grub2-efi-aa64
|
||||
grub2-efi-aa64-modules
|
||||
grubby
|
||||
kernel
|
||||
kernel-core
|
||||
nano
|
||||
net-tools
|
||||
shim-aa64
|
||||
systemd-udev
|
||||
uboot-images-armv8
|
||||
uboot-tools
|
||||
-dracut-config-rescue
|
||||
-java-11-*
|
||||
|
||||
%end
|
226
Rocky-10-GenericCloud-Base.ks
Normal file
226
Rocky-10-GenericCloud-Base.ks
Normal file
@ -0,0 +1,226 @@
|
||||
text
|
||||
lang en_US.UTF-8
|
||||
keyboard us
|
||||
timezone --utc UTC
|
||||
# Disk
|
||||
bootloader --append="console=ttyS0,115200n8 no_timer_check crashkernel=auto net.ifnames=0" --location=mbr --timeout=1
|
||||
selinux --enforcing
|
||||
firewall --enabled --service=ssh
|
||||
firstboot --disable
|
||||
# Network information
|
||||
network --bootproto=dhcp --device=link --activate --onboot=on
|
||||
# Root password
|
||||
services --disabled="kdump,rhsmcertd" --enabled="NetworkManager,sshd,rsyslog,chronyd,cloud-init,cloud-init-local,cloud-config,cloud-final,rngd"
|
||||
rootpw --iscrypted thereisnopasswordanditslocked
|
||||
|
||||
# Disk partitioning information
|
||||
# NOTE(neil): 2023-05-12 NONE of reqpart, clearpart, zerombr can be used. We
|
||||
# are creating partitions manually in %pre to ensure proper ordering as
|
||||
# Anaconda does NOT ensure the ordering `part` commands.
|
||||
part /boot/efi --fstype="efi" --onpart=vda1
|
||||
part /boot --fstype="xfs" --label=boot --onpart=vda2
|
||||
part prepboot --fstype="prepboot" --onpart=vda3
|
||||
part biosboot --fstype="biosboot" --onpart=vda4
|
||||
part / --size=8000 --fstype="xfs" --mkfsoptions "-m bigtime=0,inobtcount=0" --grow --onpart=vda5
|
||||
shutdown
|
||||
|
||||
%pre
|
||||
# Clear the Master Boot Record
|
||||
dd if=/dev/zero of=/dev/vda bs=512 count=1
|
||||
# Create a new GPT partition table
|
||||
parted /dev/vda mklabel gpt
|
||||
# Create a partition for /boot/efi
|
||||
parted /dev/vda mkpart primary fat32 1MiB 100MiB
|
||||
parted /dev/vda set 1 boot on
|
||||
# Create a partition for /boot
|
||||
parted /dev/vda mkpart primary xfs 100MiB 1100MiB
|
||||
# Create a partition for prep
|
||||
parted /dev/vda mkpart primary 1100MiB 1104MiB
|
||||
# Create a partition for bios_grub
|
||||
parted /dev/vda mkpart primary 1104MiB 1105MiB
|
||||
# Create a partition for LVM
|
||||
parted /dev/vda mkpart primary xfs 1106MiB 10.7GB
|
||||
|
||||
%end
|
||||
|
||||
%packages
|
||||
@core
|
||||
rocky-release
|
||||
dnf
|
||||
kernel
|
||||
yum
|
||||
nfs-utils
|
||||
dnf-utils
|
||||
hostname
|
||||
-aic94xx-firmware
|
||||
-alsa-firmware
|
||||
-alsa-lib
|
||||
-alsa-tools-firmware
|
||||
-ivtv-firmware
|
||||
-iwl1000-firmware
|
||||
-iwl100-firmware
|
||||
-iwl105-firmware
|
||||
-iwl135-firmware
|
||||
-iwl2000-firmware
|
||||
-iwl2030-firmware
|
||||
-iwl3160-firmware
|
||||
-iwl3945-firmware
|
||||
-iwl4965-firmware
|
||||
-iwl5000-firmware
|
||||
-iwl5150-firmware
|
||||
-iwl6000-firmware
|
||||
-iwl6000g2a-firmware
|
||||
-iwl6000g2b-firmware
|
||||
-iwl6050-firmware
|
||||
-iwl7260-firmware
|
||||
-libertas-sd8686-firmware
|
||||
-libertas-sd8787-firmware
|
||||
-libertas-usb8388-firmware
|
||||
|
||||
cloud-init
|
||||
cloud-utils-growpart
|
||||
python3-jsonschema
|
||||
dracut-config-generic
|
||||
-dracut-config-rescue
|
||||
firewalld
|
||||
|
||||
# some stuff that's missing from core or things we want
|
||||
tar
|
||||
tcpdump
|
||||
rsync
|
||||
rng-tools
|
||||
cockpit-ws
|
||||
cockpit-system
|
||||
qemu-guest-agent
|
||||
virt-what
|
||||
|
||||
-biosdevname
|
||||
-plymouth
|
||||
-iprutils
|
||||
# Fixes an s390x issue
|
||||
#-langpacks-*
|
||||
-langpacks-en
|
||||
%end
|
||||
|
||||
%post --erroronfail
|
||||
passwd -d root
|
||||
passwd -l root
|
||||
|
||||
# Attempting to force legacy BIOS boot if we boot from UEFI
|
||||
if [ "$(arch)" = "x86_64" ]; then
|
||||
dnf install grub2-pc-modules grub2-pc -y
|
||||
grub2-install --target=i386-pc /dev/vda
|
||||
fi
|
||||
|
||||
# Ensure that the pmbr_boot flag is off
|
||||
parted /dev/vda disk_set pmbr_boot off
|
||||
|
||||
# setup systemd to boot to the right runlevel
|
||||
rm -f /etc/systemd/system/default.target
|
||||
ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
|
||||
echo .
|
||||
|
||||
# we don't need this in virt
|
||||
dnf -C -y remove linux-firmware
|
||||
|
||||
# Remove firewalld; it is required to be present for install/image building.
|
||||
# but we dont ship it in cloud
|
||||
dnf -C -y remove firewalld --setopt="clean_requirements_on_remove=1"
|
||||
dnf -C -y remove avahi\*
|
||||
sed -i '/^#NAutoVTs=.*/ a\
|
||||
NAutoVTs=0' /etc/systemd/logind.conf
|
||||
|
||||
cat > /etc/sysconfig/network << EOF
|
||||
NETWORKING=yes
|
||||
NOZEROCONF=yes
|
||||
EOF
|
||||
|
||||
# this should *really* be an empty file - gotta make anaconda happy
|
||||
truncate -s 0 /etc/resolv.conf
|
||||
|
||||
# For cloud images, 'eth0' _is_ the predictable device name, since
|
||||
# we don't want to be tied to specific virtual (!) hardware
|
||||
rm -f /etc/udev/rules.d/70*
|
||||
ln -s /dev/null /etc/udev/rules.d/80-net-name-slot.rules
|
||||
rm -f /etc/sysconfig/network-scripts/ifcfg-*
|
||||
|
||||
# simple eth0 config, again not hard-coded to the build hardware
|
||||
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
|
||||
DEVICE="eth0"
|
||||
BOOTPROTO="dhcp"
|
||||
BOOTPROTOv6="dhcp"
|
||||
ONBOOT="yes"
|
||||
TYPE="Ethernet"
|
||||
USERCTL="yes"
|
||||
PEERDNS="yes"
|
||||
IPV6INIT="yes"
|
||||
PERSISTENT_DHCLIENT="1"
|
||||
EOF
|
||||
|
||||
echo "virtual-guest" > /etc/tuned/active_profile
|
||||
|
||||
# generic localhost names
|
||||
cat > /etc/hosts << EOF
|
||||
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
|
||||
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
|
||||
|
||||
EOF
|
||||
echo .
|
||||
|
||||
#systemctl mask tmp.mount
|
||||
|
||||
cat <<EOL > /etc/sysconfig/kernel
|
||||
# UPDATEDEFAULT specifies if new-kernel-pkg should make
|
||||
# new kernels the default
|
||||
UPDATEDEFAULT=yes
|
||||
|
||||
# DEFAULTKERNEL specifies the default kernel package type
|
||||
DEFAULTKERNEL=kernel
|
||||
EOL
|
||||
|
||||
|