Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP3:GA
SLES15-SP3-CHOST-BYOS
config.sh
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File config.sh of Package SLES15-SP3-CHOST-BYOS
#!/bin/bash #================ # FILE : config.sh #---------------- # PROJECT : openSUSE KIWI Image System # COPYRIGHT : (c) 2019 SUSE LLC. All rights reserved # : # AUTHOR : Public Cloud Team public-cloud-dev@susecloud.net # : # BELONGS TO : Operating System images # : # DESCRIPTION : configuration script for SUSE based # : operating systems # : # : # STATUS : BETA #---------------- #====================================== # Functions... #-------------------------------------- test -f /.kconfig && . /.kconfig test -f /.profile && . /.profile #====================================== # Greeting... #-------------------------------------- echo "Configure image: [$kiwi_iname]..." #====================================== # Setup baseproduct link #-------------------------------------- suseSetupProduct #====================================== # Setup the build keys #-------------------------------------- suseImportBuildKey # Set sysconfig for default variable we want to change baseUpdateSysConfig \ /etc/sysconfig/keyboard COMPOSETABLE "clear latin1.add" baseUpdateSysConfig \ /etc/sysconfig/language INSTALLED_LANGUAGES "" baseUpdateSysConfig \ /etc/sysconfig/language RC_LANG "C.UTF-8" baseUpdateSysConfig \ /etc/sysconfig/security POLKIT_DEFAULT_PRIVS restrictive baseUpdateSysConfig \ /etc/sysconfig/windowmanager DEFAULT_WM "" baseUpdateSysConfig \ /etc/sysconfig/windowmanager INSTALL_DESKTOP_EXTENSIONS no # Set sysconfig for things that are not setup by default, net new echo 'CONSOLE_ENCODING="UTF-8"' >> /etc/sysconfig/console echo 'CONSOLE_FONT="lat9w-16.psfu"' >> /etc/sysconfig/console echo 'CONSOLE_SCREENMAP="trivial"' >> /etc/sysconfig/console echo 'DEFAULT_TIMEZONE="Etc/UTC"' >> /etc/sysconfig/clock echo 'HWCLOCK="-u"' >> /etc/sysconfig/clock echo 'UTC=true' >> /etc/sysconfig/clock # Configuration outside of sysconfig # Set to pass k8s certification, related to bsc#1167810 echo 'net.ipv4.conf.all.rp_filter = 1' >> /etc/sysctl.d/52-chost-netconfig.conf # PM-1830 echo 'VARIANT_ID="chost"' >> /etc/os-release date_stamp=`date +'%Y%m%d'` echo "VARIANT_VERSION=\"$date_stamp\"" >> /etc/os-release # Setup policy kit [ -x /sbin/set_polkit_default_privs ] && /sbin/set_polkit_default_privs # Remove the password for root sed -i 's/^root:[^:]*:/root:*:/' /etc/shadow # Do not use delta rpms in the cloud sed -i 's/# download.use_deltarpm = true/download.use_deltarpm = false/' /etc/zypp/zypp.conf # Allow root access on serial console egrep -q '^ttyS0$' /etc/securetty || echo ttyS0 >> /etc/securetty # Avoid weird characters in YaST echo "# yast in Public Cloud images fix" >> /etc/profile echo "NCURSES_NO_UTF8_ACS=1" >> /etc/profile echo "export NCURSES_NO_UTF8_ACS" >> /etc/profile # Activate services suseInsertService boot.device-mapper suseInsertService docker suseInsertService docker-img-store-setup-xfs suseInsertService haveged suseInsertService sshd # Image type specific # Deactivate services suseRemoveService acpid suseRemoveService boot.efivars suseRemoveService boot.lvm suseRemoveService boot.md suseRemoveService boot.multipath suseRemoveService display-manager suseRemoveService kbd # Framework specific settings if [ "$kiwi_profiles" = "Ali" ]; then baseUpdateSysConfig /etc/sysconfig/network/dhcp DHCLIENT_SET_HOSTNAME no sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config # Service setup suseInsertService cloud-init-local suseInsertService cloud-init suseInsertService cloud-config suseInsertService cloud-final fi if [[ "$kiwi_profiles" == Azure ]]; then baseUpdateSysConfig /etc/sysconfig/network/dhcp DHCLIENT_SET_HOSTNAME no # Need keep alive traffic of Azure disconnects the connection rather quickly sed -i 's/#ClientAliveInterval 0/ClientAliveInterval 180/' /etc/ssh/sshd_config # Disable agent auto-update sed -i -e 's/AutoUpdate.Enabled=y/AutoUpdate.Enabled=n/' /etc/waagent.conf # Generate all supported SSH host key types sed -i -e 's/SshHostKeyPairType=rsa/SshHostKeyPairType=auto/' /etc/waagent.conf # Implement password policy # Length: 6-72 characters long # Contain any combination of 3 of the following: # - a lowercase character # - an uppercase character # - a number # - a special character sed -i 's/pam_cracklib.so/pam_cracklib.so minlen=6 dcredit=1 ucredit=1 lcredit=1 ocredit=1 minclass=3/' /etc/pam.d/common-password-pc # Service setup suseInsertService chronyd suseInsertService cloud-init-local suseInsertService cloud-init suseInsertService cloud-config suseInsertService cloud-final suseInsertService waagent fi if [[ "$kiwi_profiles" == EC2 ]]; then arch=`uname -m` # No Xen based instance types for ARM, no need for custom config if [ "$arch" = "aarch64" ];then rm -rf /etc/dracut.conf.d/07-aws-type-switch.conf fi baseUpdateSysConfig /etc/sysconfig/network/dhcp DHCLIENT_SET_HOSTNAME no sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config # Disable password based login via ssh sed -i 's/#ChallengeResponseAuthentication yes/ChallengeResponseAuthentication no/' /etc/ssh/sshd_config # Service setup suseInsertService chronyd suseInsertService cloud-init-local suseInsertService cloud-init suseInsertService cloud-config suseInsertService cloud-final fi if [[ "$kiwi_profiles" == GCE ]]; then baseUpdateSysConfig /etc/sysconfig/network/dhcp DHCLIENT_SET_HOSTNAME yes sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config # Disable password based login via ssh sed -i 's/#ChallengeResponseAuthentication yes/ChallengeResponseAuthentication no/' /etc/ssh/sshd_config # Create the boto config file echo '[Boto] ca_certificates_file = system' >> /etc/boto.cfg # gsutil clobbers boto.cfg create the template file and hope for the best echo '[Boto] ca_certificates_file = system' >> /etc/boto.cfg.template # Python 3 issue bsc#1116242 echo '[InstanceSetup]' >> /etc/default/instance_configs.cfg.distro echo 'set_boto_config = false' >> /etc/default/instance_configs.cfg.distro # Service setup suseInsertService chronyd suseInsertService google-guest-agent suseInsertService google-osconfig-agent suseInsertService google-shutdown-scripts suseInsertService google-startup-scripts suseInsertService rootgrow systemctl enable google-oslogin-cache.timer fi if [[ "$kiwi_profiles" == OpenStack ]]; then baseUpdateSysConfig /etc/sysconfig/network/dhcp DHCLIENT_SET_HOSTNAME no sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config # Disable password based login via ssh sed -i 's/#ChallengeResponseAuthentication yes/ChallengeResponseAuthentication no/' /etc/ssh/sshd_config # Service setup suseInsertService cloud-init-local suseInsertService cloud-init suseInsertService cloud-config suseInsertService cloud-final fi exit 0
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor