From 27a0af11ddf8d95f6723d55f2f24a1b5d750b5d9 Mon Sep 17 00:00:00 2001 From: Dennis Gilmore Date: Apr 11 2016 19:09:19 +0000 Subject: remove cloud from atomic kickstarts and point at new repo location Signed-off-by: Dennis Gilmore --- diff --git a/fedora-atomic-vagrant.ks b/fedora-atomic-vagrant.ks new file mode 100644 index 0000000..822311a --- /dev/null +++ b/fedora-atomic-vagrant.ks @@ -0,0 +1,36 @@ +# Like the Atomic cloud image, but tuned for vagrant. Enable +# the vagrant user, disable cloud-init. + +%include fedora-atomic.ks + +services --disabled=cloud-init,cloud-init-local,cloud-config,cloud-final + +user --name=vagrant --password=vagrant +rootpw vagrant + +# The addition of the net.ifnames=0 and biosdevnames=0 option ensures that +# even on VirtualBox virt, we get a primary network device with "eth0" as the name +# This simplifies things and allows a single disk image for both supported Vagrant +# platforms (virtualbox and kvm) +bootloader --timeout=1 --append="no_timer_check console=tty1 console=ttyS0,115200n8 net.ifnames=0 biosdevname=0" + + +%post --erroronfail + +# Work around cloud-init being both disabled and enabled; need +# to refactor to a common base. +systemctl mask cloud-init cloud-init-local cloud-config cloud-final + +# Vagrant setup +sed -i 's,Defaults\\s*requiretty,Defaults !requiretty,' /etc/sudoers +echo 'vagrant ALL=NOPASSWD: ALL' > /etc/sudoers.d/vagrant-nopasswd +sed -i 's/.*UseDNS.*/UseDNS no/' /etc/ssh/sshd_config +mkdir -m 0700 -p ~vagrant/.ssh +cat > ~vagrant/.ssh/authorized_keys << EOKEYS +ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key +EOKEYS +chmod 600 ~vagrant/.ssh/authorized_keys +chown -R vagrant:vagrant ~vagrant/.ssh/ + +%end + diff --git a/fedora-atomic.ks b/fedora-atomic.ks new file mode 100644 index 0000000..ed8d4f1 --- /dev/null +++ b/fedora-atomic.ks @@ -0,0 +1,129 @@ +# Fedora Atomic is a cloud-focused spin implementing the Project +# Atomic patterns. Note that this replicates the same tree which can +# now be installed on bare metal. + +# This image allocates most space to an LVM-managed thin pool +# dedicated for Docker containers, and uses docker-storage-setup to +# dynamically resize storage on boot. + +text +lang en_US.UTF-8 +keyboard us +timezone --utc Etc/UTC + +auth --useshadow --passalgo=sha512 +selinux --enforcing +rootpw --lock --iscrypted locked +user --name=none + +firewall --disabled + +bootloader --timeout=1 --append="no_timer_check console=tty1 console=ttyS0,115200n8" + +network --bootproto=dhcp --device=link --activate --onboot=on +services --disabled=network +services --enabled=sshd,rsyslog,cloud-init,cloud-init-local,cloud-config,cloud-final + +zerombr +clearpart --all +# Atomic differs from cloud - we want LVM +part /boot --size=300 --fstype="ext4" +part pv.01 --grow +volgroup atomicos pv.01 +logvol / --size=3000 --fstype="xfs" --name=root --vgname=atomicos + +# Equivalent of %include fedora-repo.ks +ostreesetup --nogpg --osname=fedora-atomic --remote=fedora-atomic --url=https://kojipkgs.fedoraproject.org/compose/atomic/rawhide/ --ref=fedora-atomic/rawhide/x86_64/docker-host + +reboot + +%post --erroronfail +# See https://github.com/projectatomic/rpm-ostree/issues/42 +ostree remote delete fedora-atomic +ostree remote add --set=gpg-verify=false fedora-atomic 'https://dl.fedoraproject.org/pub/fedora/linux/atomic/rawhide/' + +# older versions of livecd-tools do not follow "rootpw --lock" line above +# https://bugzilla.redhat.com/show_bug.cgi?id=964299 +passwd -l root +# remove the user anaconda forces us to make +userdel -r none + +# Configure docker-storage-setup to resize the partition table on boot +# https://github.com/projectatomic/docker-storage-setup/pull/25 +echo 'GROWPART=true' > /etc/sysconfig/docker-storage-setup + +echo -n "Getty fixes" +# although we want console output going to the serial console, we don't +# actually have the opportunity to login there. FIX. +# we don't really need to auto-spawn _any_ gettys. +sed -i '/^#NAutoVTs=.*/ a\ +NAutoVTs=0' /etc/systemd/logind.conf + +echo -n "Network fixes" +# initscripts don't like this file to be missing. +cat > /etc/sysconfig/network << EOF +NETWORKING=yes +NOZEROCONF=yes +EOF + +# For cloud images, 'eth0' _is_ the predictable device name, since +# we don't want to be tied to specific virtual (!) hardware +rm -f /etc/udev/rules.d/70* +ln -s /dev/null /etc/udev/rules.d/80-net-setup-link.rules + +# simple eth0 config, again not hard-coded to the build hardware +cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF +DEVICE="eth0" +BOOTPROTO="dhcp" +ONBOOT="yes" +TYPE="Ethernet" +PERSISTENT_DHCLIENT="yes" +EOF + +# generic localhost names +cat > /etc/hosts << EOF +127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 +::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 + +EOF +echo . + + +# Because memory is scarce resource in most cloud/virt environments, +# and because this impedes forensics, we are differing from the Fedora +# default of having /tmp on tmpfs. +echo "Disabling tmpfs for /tmp." +systemctl mask tmp.mount + +# make sure firstboot doesn't start +echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot + +# Uncomment this if you want to use cloud init but suppress the creation +# of an "ec2-user" account. This will, in the absence of further config, +# cause the ssh key from a metadata source to be put in the root account. +#cat < /etc/cloud/cloud.cfg.d/50_suppress_ec2-user_use_root.cfg +#users: [] +#disable_root: 0 +#EOF + +echo "Removing random-seed so it's not the same in every image." +rm -f /var/lib/random-seed + +echo "Packages within this cloud image:" +echo "-----------------------------------------------------------------------" +rpm -qa +echo "-----------------------------------------------------------------------" +# Note that running rpm recreates the rpm db files which aren't needed/wanted +rm -f /var/lib/rpm/__db* + +echo "Zeroing out empty space." +# This forces the filesystem to reclaim space from deleted files +dd bs=1M if=/dev/zero of=/var/tmp/zeros || : +rm -f /var/tmp/zeros +echo "(Don't worry -- that out-of-space error was expected.)" + +echo "Adding Developer Mode GRUB2 menu item." +/usr/libexec/atomic-devmode/bootentry add + +%end + diff --git a/fedora-cloud-atomic-vagrant.ks b/fedora-cloud-atomic-vagrant.ks deleted file mode 100644 index 0ad0586..0000000 --- a/fedora-cloud-atomic-vagrant.ks +++ /dev/null @@ -1,36 +0,0 @@ -# Like the Atomic cloud image, but tuned for vagrant. Enable -# the vagrant user, disable cloud-init. - -%include fedora-cloud-atomic.ks - -services --disabled=cloud-init,cloud-init-local,cloud-config,cloud-final - -user --name=vagrant --password=vagrant -rootpw vagrant - -# The addition of the net.ifnames=0 and biosdevnames=0 option ensures that -# even on VirtualBox virt, we get a primary network device with "eth0" as the name -# This simplifies things and allows a single disk image for both supported Vagrant -# platforms (virtualbox and kvm) -bootloader --timeout=1 --append="no_timer_check console=tty1 console=ttyS0,115200n8 net.ifnames=0 biosdevname=0" - - -%post --erroronfail - -# Work around cloud-init being both disabled and enabled; need -# to refactor to a common base. -systemctl mask cloud-init cloud-init-local cloud-config cloud-final - -# Vagrant setup -sed -i 's,Defaults\\s*requiretty,Defaults !requiretty,' /etc/sudoers -echo 'vagrant ALL=NOPASSWD: ALL' > /etc/sudoers.d/vagrant-nopasswd -sed -i 's/.*UseDNS.*/UseDNS no/' /etc/ssh/sshd_config -mkdir -m 0700 -p ~vagrant/.ssh -cat > ~vagrant/.ssh/authorized_keys << EOKEYS -ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key -EOKEYS -chmod 600 ~vagrant/.ssh/authorized_keys -chown -R vagrant:vagrant ~vagrant/.ssh/ - -%end - diff --git a/fedora-cloud-atomic.ks b/fedora-cloud-atomic.ks deleted file mode 100644 index 2caa8ce..0000000 --- a/fedora-cloud-atomic.ks +++ /dev/null @@ -1,129 +0,0 @@ -# Fedora Atomic is a cloud-focused spin implementing the Project -# Atomic patterns. Note that this replicates the same tree which can -# now be installed on bare metal. - -# This image allocates most space to an LVM-managed thin pool -# dedicated for Docker containers, and uses docker-storage-setup to -# dynamically resize storage on boot. - -text -lang en_US.UTF-8 -keyboard us -timezone --utc Etc/UTC - -auth --useshadow --passalgo=sha512 -selinux --enforcing -rootpw --lock --iscrypted locked -user --name=none - -firewall --disabled - -bootloader --timeout=1 --append="no_timer_check console=tty1 console=ttyS0,115200n8" - -network --bootproto=dhcp --device=link --activate --onboot=on -services --disabled=network -services --enabled=sshd,rsyslog,cloud-init,cloud-init-local,cloud-config,cloud-final - -zerombr -clearpart --all -# Atomic differs from cloud - we want LVM -part /boot --size=300 --fstype="ext4" -part pv.01 --grow -volgroup atomicos pv.01 -logvol / --size=3000 --fstype="xfs" --name=root --vgname=atomicos - -# Equivalent of %include fedora-repo.ks -ostreesetup --nogpg --osname=fedora-atomic --remote=fedora-atomic --url=http://kojipkgs.fedoraproject.org/mash/atomic/rawhide/ --ref=fedora-atomic/rawhide/x86_64/docker-host - -reboot - -%post --erroronfail -# See https://github.com/projectatomic/rpm-ostree/issues/42 -ostree remote delete fedora-atomic -ostree remote add --set=gpg-verify=false fedora-atomic 'https://dl.fedoraproject.org/pub/fedora/linux/atomic/rawhide/' - -# older versions of livecd-tools do not follow "rootpw --lock" line above -# https://bugzilla.redhat.com/show_bug.cgi?id=964299 -passwd -l root -# remove the user anaconda forces us to make -userdel -r none - -# Configure docker-storage-setup to resize the partition table on boot -# https://github.com/projectatomic/docker-storage-setup/pull/25 -echo 'GROWPART=true' > /etc/sysconfig/docker-storage-setup - -echo -n "Getty fixes" -# although we want console output going to the serial console, we don't -# actually have the opportunity to login there. FIX. -# we don't really need to auto-spawn _any_ gettys. -sed -i '/^#NAutoVTs=.*/ a\ -NAutoVTs=0' /etc/systemd/logind.conf - -echo -n "Network fixes" -# initscripts don't like this file to be missing. -cat > /etc/sysconfig/network << EOF -NETWORKING=yes -NOZEROCONF=yes -EOF - -# For cloud images, 'eth0' _is_ the predictable device name, since -# we don't want to be tied to specific virtual (!) hardware -rm -f /etc/udev/rules.d/70* -ln -s /dev/null /etc/udev/rules.d/80-net-setup-link.rules - -# simple eth0 config, again not hard-coded to the build hardware -cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF -DEVICE="eth0" -BOOTPROTO="dhcp" -ONBOOT="yes" -TYPE="Ethernet" -PERSISTENT_DHCLIENT="yes" -EOF - -# generic localhost names -cat > /etc/hosts << EOF -127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 -::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 - -EOF -echo . - - -# Because memory is scarce resource in most cloud/virt environments, -# and because this impedes forensics, we are differing from the Fedora -# default of having /tmp on tmpfs. -echo "Disabling tmpfs for /tmp." -systemctl mask tmp.mount - -# make sure firstboot doesn't start -echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot - -# Uncomment this if you want to use cloud init but suppress the creation -# of an "ec2-user" account. This will, in the absence of further config, -# cause the ssh key from a metadata source to be put in the root account. -#cat < /etc/cloud/cloud.cfg.d/50_suppress_ec2-user_use_root.cfg -#users: [] -#disable_root: 0 -#EOF - -echo "Removing random-seed so it's not the same in every image." -rm -f /var/lib/random-seed - -echo "Packages within this cloud image:" -echo "-----------------------------------------------------------------------" -rpm -qa -echo "-----------------------------------------------------------------------" -# Note that running rpm recreates the rpm db files which aren't needed/wanted -rm -f /var/lib/rpm/__db* - -echo "Zeroing out empty space." -# This forces the filesystem to reclaim space from deleted files -dd bs=1M if=/dev/zero of=/var/tmp/zeros || : -rm -f /var/tmp/zeros -echo "(Don't worry -- that out-of-space error was expected.)" - -echo "Adding Developer Mode GRUB2 menu item." -/usr/libexec/atomic-devmode/bootentry add - -%end -