Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP2:GA
SLES15-SP1-Azure-Standard
config.sh
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File config.sh of Package SLES15-SP1-Azure-Standard
#!/bin/bash #================ # FILE : config.sh #---------------- # PROJECT : openSUSE KIWI Image System # COPYRIGHT : (c) 2018 SUSE LLC. All rights reserved # : # AUTHOR : Public Cloud Team public-cloud-dev@susecloud.net # : # BELONGS TO : Operating System images # : # DESCRIPTION : configuration script for SUSE based # : operating systems # : # : # STATUS : Production #---------------- #====================================== # Functions... #-------------------------------------- test -f /.kconfig && . /.kconfig test -f /.profile && . /.profile #====================================== # Greeting... #-------------------------------------- echo "Configure image: [$kiwi_iname]..." #====================================== # Setup baseproduct link #-------------------------------------- suseSetupProduct #====================================== # Setup the build keys #-------------------------------------- suseImportBuildKey #========================================= # Set sysconfig options #----------------------------------------- # Set sysconfig for default variable we want to change baseUpdateSysConfig /etc/sysconfig/keyboard COMPOSETABLE "clear latin1.add" baseUpdateSysConfig /etc/sysconfig/language INSTALLED_LANGUAGES "" baseUpdateSysConfig /etc/sysconfig/language RC_LANG "C.UTF-8" baseUpdateSysConfig /etc/sysconfig/network/dhcp DHCLIENT_SET_HOSTNAME no baseUpdateSysConfig /etc/sysconfig/network/dhcp WRITE_HOSTNAME_TO_HOSTS no baseUpdateSysConfig /etc/sysconfig/security POLKIT_DEFAULT_PRIVS restrictive baseUpdateSysConfig /etc/sysconfig/SuSEfirewall2 FW_LOAD_MODULES "nf_conntrack_netbios_ns" baseUpdateSysConfig /etc/sysconfig/SuSEfirewall2 FW_DEV_EXT "any eth0" baseUpdateSysConfig /etc/sysconfig/SuSEfirewall2 FW_LOG_DROP_CRIT yes baseUpdateSysConfig /etc/sysconfig/SuSEfirewall2 FW_LOG_DROP_ALL no baseUpdateSysConfig /etc/sysconfig/SuSEfirewall2 FW_LOG_ACCEPT_CRIT yes baseUpdateSysConfig /etc/sysconfig/SuSEfirewall2 FW_LOG_ACCEPT_ALL no baseUpdateSysConfig /etc/sysconfig/SuSEfirewall2 FW_ALLOW_FW_BROADCAST_EXT no baseUpdateSysConfig /etc/sysconfig/SuSEfirewall2 FW_ALLOW_FW_BROADCAST_INT no baseUpdateSysConfig /etc/sysconfig/SuSEfirewall2 FW_ALLOW_FW_BROADCAST_DMZ no baseUpdateSysConfig /etc/sysconfig/SuSEfirewall2 FW_IGNORE_FW_BROADCAST_INT no baseUpdateSysConfig /etc/sysconfig/SuSEfirewall2 FW_IGNORE_FW_BROADCAST_DMZ no baseUpdateSysConfig /etc/sysconfig/SuSEfirewall2 FW_IPSEC_TRUST no baseUpdateSysConfig /etc/sysconfig/windowmanager DEFAULT_WM "" baseUpdateSysConfig /etc/sysconfig/windowmanager INSTALL_DESKTOP_EXTENSIONS no # Set sysconfig for things that are not setup by default, net new echo 'CONSOLE_ENCODING="UTF-8"' >> /etc/sysconfig/console echo 'CONSOLE_FONT="lat9w-16.psfu"' >> /etc/sysconfig/console echo 'CONSOLE_SCREENMAP="trivial"' >> /etc/sysconfig/console echo 'DEFAULT_TIMEZONE="Etc/UTC"' >> /etc/sysconfig/clock echo 'HWCLOCK="-u"' >> /etc/sysconfig/clock echo 'UTC=true' >> /etc/sysconfig/clock echo ' # The YaST-internal identifier of the attached keyboard. # YAST_KEYBOARD="english-us,pc104"' >> /etc/sysconfig/keyboard echo '# Support dynamic multinic configuration' >> /etc/sysconfig/network/config echo 'NETCONFIG_MODULES_ORDER="cloud-netconfig dns-resolver dns-bind dns-dnsmasq nis ntp-runtime"' >> /etc/sysconfig/network/config # Configuration outside of sysconfig # Setup policy kit [ -x /sbin/set_polkit_default_privs ] && /sbin/set_polkit_default_privs # Disable password based login via ssh sed -i 's/#ChallengeResponseAuthentication yes/ChallengeResponseAuthentication no/' /etc/ssh/sshd_config # Remove the password for root # Note the string matches the password set in the config file sed -i 's/$1$wYJUgpM5$RXMMeASDc035eX.NbYWFl0/*/' /etc/shadow # Do not use delta rpms in the cloud sed -i 's/# download.use_deltarpm = true/download.use_deltarpm = false/' /etc/zypp/zypp.conf # Allow root access on serial console egrep -q '^ttyS0$' /etc/securetty || echo ttyS0 >> /etc/securetty # Platform specific settings # Need to allow modules from Enterprise Build Service [ -f /etc/modprobe.d/unsupported-modules ] && sed -i -r -e 's/^(allow_unsupported_modules[[:space:]]*).*/\10/' /etc/modprobe.d/unsupported-modules # Need keep alive traffic of Azure disconnects the connection rather quickly sed -i 's/#ClientAliveInterval 0/ClientAliveInterval 180/' /etc/ssh/sshd_config # Disable agent auto-update sed -i -e 's/AutoUpdate.Enabled=y/AutoUpdate.Enabled=n/' /etc/waagent.conf # Implement password policy # Length: 6-72 characters long # Contain any combination of 3 of the following: # - a lowercase character # - an uppercase character # - a number # - a special character sed -i 's/pam_cracklib.so/pam_cracklib.so minlen=6 dcredit=1 ucredit=1 lcredit=1 ocredit=1 minclass=3/' /etc/pam.d/common-password-pc # Allow forced root login on the serial console bsc#1080692 sed -i 's/sulogin;/sulogin --force;/' /usr/lib/systemd/system/emergency.service # Avoid weird characters in YaST echo "# yast in Public CLoud images fix" >> /etc/profile echo "NCURSES_NO_UTF8_ACS=1" >> /etc/profile echo "export NCURSES_NO_UTF8_ACS" >> /etc/profile #====================================== # Activate/De-activeta services #-------------------------------------- # Generic suseInsertService boot.device-mapper suseInsertService haveged suseInsertService sshd suseRemoveService acpid suseRemoveService boot.efivars suseRemoveService boot.lvm suseRemoveService boot.md suseRemoveService boot.multipath suseRemoveService display-manager suseRemoveService kbd systemctl enable cloud-netconfig.timer # Framework specific suseInsertService waagent # Image specific suseInsertService guestregister #====================================== # Umount kernel filesystems #-------------------------------------- baseCleanMount exit 0
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor