Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP7:Update
SLES15-SP6-BYOS
config.sh
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File config.sh of Package SLES15-SP6-BYOS
#!/bin/bash #================ # FILE : config.sh #---------------- # PROJECT : SUSE Public Cloud recipes # COPYRIGHT : (c) 2024 SUSE LLC. All rights reserved # : # CONTACT : Public Cloud Team public-cloud-dev@susecloud.net # : # BELONGS TO : Operating System images # : # DESCRIPTION : OS configuration script #---------------- #====================================== # Functions... #-------------------------------------- test -f /.kconfig && . /.kconfig test -f /.profile && . /.profile #====================================== # Fail build on error #-------------------------------------- set -e #====================================== # Greeting... #-------------------------------------- echo "Configure image: [$kiwi_iname]..." #====================================== # Setup the build keys #-------------------------------------- suseImportBuildKey # keg: included from common-sysconfig baseUpdateSysConfig /etc/sysconfig/keyboard COMPOSETABLE "clear latin1.add" baseUpdateSysConfig /etc/sysconfig/language INSTALLED_LANGUAGES "" baseUpdateSysConfig /etc/sysconfig/language RC_LANG "C.UTF-8" baseUpdateSysConfig /etc/sysconfig/security POLKIT_DEFAULT_PRIVS "restrictive" baseUpdateSysConfig /etc/sysconfig/windowmanager DEFAULT_WM "" baseUpdateSysConfig /etc/sysconfig/windowmanager INSTALL_DESKTOP_EXTENSIONS "no" # keg: included from common-files cat >> "/etc/profile" <<EOF # yast in Public Cloud images fix NCURSES_NO_UTF8_ACS=1 export NCURSES_NO_UTF8_ACS EOF cat >> "/etc/sysconfig/console" <<EOF CONSOLE_ENCODING="UTF-8" CONSOLE_FONT="lat9w-16.psfu" CONSOLE_SCREENMAP="trivial" EOF # keg: included from sle-files-plymouth-lock cat >> "/etc/zypp/locks" <<EOF type: package match_type: glob case_sensitive: on solvable_name: plymouth* EOF # keg: included from common-config # Start generate /etc/motd # source /etc/os-release OS_PRETTY_NAME="$PRETTY_NAME" OS_VERSION_MAJOR="${VERSION_ID%.*}" OS_VERSION="${VERSION_ID}" ARCH="`uname -m`" for suma_prod in /etc/products.d/SUSE-Manager-Server.prod /etc/products.d/SUSE-Manager-Proxy.prod do if [[ -f $suma_prod ]]; then SUMA_VERSION=`sed -n -r -e '/<version>/s/( *<version>)([^<]*)(.*)/\2/p' $suma_prod` break fi done test -f etc/products.d/SLES_SAP.prod && OS_PRETTY_NAME="$OS_PRETTY_NAME for SAP Applications" get_motd_includes() { if [ -d /etc/motd.d ]; then for inc in `ls /etc/motd.d` ; do echo "r /etc/motd.d/${inc}" done fi } test -f /etc/motd-caption && cap_replace="r /etc/motd-caption" motd_func="\ s/{OS_PRETTY_NAME}/$OS_PRETTY_NAME/g s/{OS_VERSION_MAJOR}/$OS_VERSION_MAJOR/g s/{OS_VERSION}/$OS_VERSION/g s/{ARCH}/$ARCH/g s/{SUMA_VERSION}/$SUMA_VERSION/g /{CAPTION}/{ $cap_replace d } /{INCLUDES}/{ `get_motd_includes` d }" for motd in /etc/motd* ; do test -f $motd || continue sed -i -e "$motd_func" $motd done test -d /etc/motd.d && rm -r /etc/motd.d test -f /etc/motd-caption && rm /etc/motd-caption # # End generate /etc/motd [ -x /sbin/set_polkit_default_privs ] && /sbin/set_polkit_default_privs # Generation of the iscsi config file moved to %post of the package # This implies that all instances have the same iscsi initiator name as the # file is generated during image build. We do not want this (bsc#1202540) rm -rf /etc/iscsi/initiatorname.iscsi sed -i -e 's/^root:[^:]*:/root:*:/' /etc/shadow # NOTE: This needs to be adapted to ALP readarray -t prodfiles < <(grep -l '<codestream>' /etc/products.d/*prod) base_prodfiles=() for p in "${prodfiles[@]}" ; do grep -q '<flavor>' "$p" || base_prodfiles+=("$p") done if [[ ${#base_prodfiles[*]} -ne 1 ]]; then echo "No base product package installed or base product ambiguous." >&2 false else ln -sf `basename "${base_prodfiles[0]}"` /etc/products.d/baseproduct fi sed -i -e 's/# download.use_deltarpm = true/download.use_deltarpm = false/' \ /etc/zypp/zypp.conf sed -i -e 's/latest,latest-1,running/latest,running/' /etc/zypp/zypp.conf # keg: included from common-services baseInsertService boot.device-mapper baseInsertService haveged baseInsertService sshd baseRemoveService boot.efivars baseRemoveService boot.lvm baseRemoveService boot.md baseRemoveService boot.multipath baseRemoveService display-manager baseRemoveService kbd if [[ $kiwi_profiles = Azure ]]; then # keg: included from azure-cloud-netconfig baseUpdateSysConfig /etc/sysconfig/network/config NETCONFIG_MODULES_ORDER "cloud-netconfig dns-resolver dns-bind dns-dnsmasq nis ntp-runtime" # keg: included from azure-set-hostname baseUpdateSysConfig /etc/sysconfig/network/dhcp DHCLIENT_SET_HOSTNAME "no" # keg: included from azure-scripts # Implement password policy # Length: 6-72 characters long # Contain any combination of 3 of the following: # - a lowercase character # - an uppercase character # - a number # - a special character pwd_policy="minlen=6 dcredit=1 ucredit=1 lcredit=1 ocredit=1 minclass=3" sed -i -e "s/pam_cracklib.so/pam_cracklib.so $pwd_policy/" \ /etc/pam.d/common-password-pc test -f /etc/ssh/sshd_config || cp /usr/etc/ssh/sshd_config /etc/ssh/ sed -i -e 's/#ClientAliveInterval 0/ClientAliveInterval 180/' \ /etc/ssh/sshd_config test -f /etc/sudoers || cp /usr/etc/sudoers /etc/ sed -i -e '/^Defaults targetpw/ s/^/#/' \ -e '/^ALL *ALL=(ALL) *ALL/ s/^/#/' /etc/sudoers # keg: included from azure-default-kernel-log-level # Keep the default kernel log level (bsc#1169201) sed -i -e 's/$klogConsoleLogLevel/#$klogConsoleLogLevel/' /etc/rsyslog.conf # keg: included from azure-dhclient-timeout dc=/etc/dhclient.conf if grep -qE '^timeout' $dc ; then sed -r -i 's/^timeout.*/timeout 300;/' $dc else echo 'timeout 300;' >> $dc fi # keg: included from azure-sshd-config test -f /etc/ssh/sshd_config || cp /usr/etc/ssh/sshd_config /etc/ssh/ sed -i -e "s/#ChallengeResponseAuthentication yes/ChallengeResponseAuthentication no/" \ /etc/ssh/sshd_config # keg: included from vm-services baseInsertService chronyd # keg: included from azure-cloud-netconfig systemctl enable cloud-netconfig.timer # keg: included from azure-services baseInsertService cloud-config baseInsertService cloud-final baseInsertService cloud-init baseInsertService cloud-init-local baseInsertService waagent # keg: included from azure-regionsrv-timer systemctl enable regionsrv-enabler-azure.timer fi if [[ $kiwi_profiles = EC2 ]]; then # keg: included from ec2-cloud-netconfig baseUpdateSysConfig /etc/sysconfig/network/config NETCONFIG_MODULES_ORDER "cloud-netconfig dns-resolver dns-bind dns-dnsmasq nis ntp-runtime" # keg: included from ec2-set-hostname baseUpdateSysConfig /etc/sysconfig/network/dhcp DHCLIENT_SET_HOSTNAME "no" # keg: included from grub-root-label-workaround-bsc#1197616 cat >> "/etc/default/grub" <<EOF GRUB_CMDLINE_LINUX="root=LABEL=ROOT" SUSE_REMOVE_LINUX_ROOT_PARAM=true EOF # keg: included from ec2-scripts # No Xen based instance types for ARM, no need for custom config if [ "`uname -m`" = "aarch64" ]; then rm -f /etc/dracut.conf.d/07-*.conf fi test -f /etc/ssh/sshd_config || cp /usr/etc/ssh/sshd_config /etc/ssh/ sed -i -e "s/#ChallengeResponseAuthentication yes/ChallengeResponseAuthentication no/" \ /etc/ssh/sshd_config # Disable password based login via ssh test -f /etc/ssh/sshd_config || cp /usr/etc/ssh/sshd_config /etc/ssh/ sed -i -e 's/#PasswordAuthentication yes/PasswordAuthentication no/' \ /etc/ssh/sshd_config # keg: included from vm-services baseInsertService chronyd # keg: included from ec2-services baseInsertService cloud-config baseInsertService cloud-final baseInsertService cloud-init baseInsertService cloud-init-local # keg: included from ec2-cloud-netconfig systemctl enable cloud-netconfig.timer fi if [[ $kiwi_profiles = GCE ]]; then # keg: included from gce-sysconfig-netconfig baseUpdateSysConfig /etc/sysconfig/network/config NETCONFIG_MODULES_ORDER "cloud-netconfig dns-resolver dns-bind dns-dnsmasq nis ntp-runtime" # keg: included from gce-set-hostname baseUpdateSysConfig /etc/sysconfig/network/dhcp DHCLIENT_SET_HOSTNAME "yes" # keg: included from gce-config cat >> "/etc/boto.cfg" <<EOF [Boto] ca_certificates_file = system EOF cat >> "/etc/boto.cfg.template" <<EOF [Boto] ca_certificates_file = system EOF cat >> "/etc/default/instance_configs.cfg.distro" <<EOF [InstanceSetup] set_boto_config = false EOF # keg: included from gce-config test -f /etc/ssh/sshd_config || cp /usr/etc/ssh/sshd_config /etc/ssh/ sed -i -e "s/#ChallengeResponseAuthentication yes/ChallengeResponseAuthentication no/" \ /etc/ssh/sshd_config # Disable password based login via ssh test -f /etc/ssh/sshd_config || cp /usr/etc/ssh/sshd_config /etc/ssh/ sed -i -e 's/#PasswordAuthentication yes/PasswordAuthentication no/' \ /etc/ssh/sshd_config # keg: included from vm-services baseInsertService chronyd # keg: included from gce-services baseInsertService google-guest-agent baseInsertService google-osconfig-agent systemctl enable google-oslogin-cache.timer baseInsertService google-shutdown-scripts baseInsertService google-startup-scripts baseInsertService rootgrow # keg: included from gce-cloud-netconfig systemctl enable cloud-netconfig.timer fi
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
