Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:cabelo:Images:Leap_15.5
openSUSE-Leap-15.5-mini-Guests
config.sh
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File config.sh of Package openSUSE-Leap-15.5-mini-Guests
#!/bin/bash #================ # FILE : config.sh #---------------- # PROJECT : openSUSE KIWI Image System # COPYRIGHT : (c) 2022 SUSE LLC. All rights reserved # : # AUTHOR : Public Cloud Team public-cloud-dev@susecloud.net # : # BELONGS TO : Operating System images # : # DESCRIPTION : configuration script for SUSE based # : operating systems # : # : # STATUS : Production #---------------- #====================================== # Functions... #-------------------------------------- test -f /.kconfig && . /.kconfig test -f /.profile && . /.profile #====================================== # Greeting... #-------------------------------------- echo "Configure image: [$kiwi_iname]..." #====================================== # Setup baseproduct link #-------------------------------------- suseSetupProduct #====================================== # Setup the build keys #-------------------------------------- suseImportBuildKey #========================================= # Set sysconfig options #----------------------------------------- # Set sysconfig for default variable we want to change baseUpdateSysConfig \ /etc/sysconfig/keyboard COMPOSETABLE "clear latin1.add" baseUpdateSysConfig \ /etc/sysconfig/language INSTALLED_LANGUAGES "" baseUpdateSysConfig \ /etc/sysconfig/language RC_LANG "C.UTF-8" baseUpdateSysConfig \ /etc/sysconfig/security POLKIT_DEFAULT_PRIVS restrictive baseUpdateSysConfig \ /etc/sysconfig/windowmanager DEFAULT_WM "" baseUpdateSysConfig \ /etc/sysconfig/windowmanager INSTALL_DESKTOP_EXTENSIONS no # Set sysconfig settings that are not setup by default, net new echo 'CONSOLE_ENCODING="UTF-8"' >> /etc/sysconfig/console echo 'CONSOLE_FONT="lat9w-16.psfu"' >> /etc/sysconfig/console echo 'CONSOLE_SCREENMAP="trivial"' >> /etc/sysconfig/console echo 'DEFAULT_TIMEZONE="Etc/UTC"' >> /etc/sysconfig/clock echo 'HWCLOCK="-u"' >> /etc/sysconfig/clock echo 'UTC=true' >> /etc/sysconfig/clock # Configuration outside of sysconfig # Setup policy kit [ -x /sbin/set_polkit_default_privs ] && /sbin/set_polkit_default_privs # Remove the password for root sed -i 's/^root:[^:]*:/root:*:/' /etc/shadow # Do not use delta rpms in the cloud sed -i 's/# download.use_deltarpm = true/download.use_deltarpm = false/' \ /etc/zypp/zypp.conf # Allow root access on serial console egrep -q '^ttyS0$' /etc/securetty || echo ttyS0 >> /etc/securetty cat >> "/etc/profile" <<EOF # yast in Public Cloud images fix NCURSES_NO_UTF8_ACS=1 export NCURSES_NO_UTF8_ACS EOF cat >> "/etc/sysconfig/console" <<EOF CONSOLE_ENCODING="UTF-8" CONSOLE_FONT="lat9w-16.psfu" CONSOLE_SCREENMAP="trivial" EOF cat >> "/etc/zypp/locks" <<EOF type: package match_type: glob case_sensitive: on solvable_name: plymouth* EOF # Repo setup do not clobber the built in sle related repos # repo setup is no longer arch specific mv /etc/img_build_repos.d/* /etc/zypp/repos.d rm -rf /etc/img_build_repos.d/ # Customize motd per arch arch=`uname -m` sed -i "s/MYARCH/$arch/" /etc/motd # Activate services suseInsertService boot.device-mapper suseInsertService haveged suseInsertService sshd # Image type specific # Deactivate services suseRemoveService acpid suseRemoveService boot.efivars suseRemoveService boot.lvm suseRemoveService boot.md suseRemoveService boot.multipath suseRemoveService display-manager suseRemoveService kbd # Platform specific settings if [ "$kiwi_profiles" = "Azure" ]; then baseUpdateSysConfig \ /etc/sysconfig/network/dhcp DHCLIENT_SET_HOSTNAME no # Disable no challenge on ssh key login ssh_option=ChallengeResponseAuthentication sed -i "s/#${ssh_option} yes/${ssh_option} no/" \ /etc/ssh/sshd_config # cloud-netconfig echo '# Support dynamic multinic configuration' \ >> /etc/sysconfig/network/config net_modules="cloud-netconfig dns-resolver dns-bind dns-dnsmasq nis ntp-runtime" echo "NETCONFIG_MODULES_ORDER=\"$net_modules\"" \ >> /etc/sysconfig/network/config # Need to allow modules from Enterprise Build Service if [ -f /etc/modprobe.d/unsupported-modules ];then sed -i -r -e 's/^(allow_unsupported_modules[[:space:]]*).*/\10/' \ /etc/modprobe.d/unsupported-modules fi # Need keep alive traffic of Azure disconnects the connection rather quickly sed -i 's/#ClientAliveInterval 0/ClientAliveInterval 180/' \ /etc/ssh/sshd_config # Disable agent auto-update sed -i -e 's/AutoUpdate.Enabled=y/AutoUpdate.Enabled=n/' \ /etc/waagent.conf # Generate all supported SSH host key types sed -i -e 's/SshHostKeyPairType=rsa/SshHostKeyPairType=auto/' \ /etc/waagent.conf # Leave the ephemeral disk handling to cloud-init sed -i -e 's/ResourceDisk.Format=y/ResourceDisk.Format=n/' \ /etc/waagent.conf # Implement password policy # Length: 6-72 characters long # Contain any combination of 3 of the following: # - a lowercase character # - an uppercase character # - a number # - a special character pwd_policy="minlen=6 dcredit=1 ucredit=1 lcredit=1 ocredit=1 minclass=3" sed -i "s/pam_cracklib.so/pam_cracklib.so $pwd_policy/" \ /etc/pam.d/common-password-pc # Keep the default kernel log level (bsc#1169201) sed -i 's/$klogConsoleLogLevel/#$klogConsoleLogLevel/' /etc/rsyslog.conf # Activate/De-activeta services suseInsertService chronyd suseInsertService cloud-init-local suseInsertService cloud-init suseInsertService cloud-config suseInsertService cloud-final systemctl enable cloud-netconfig.timer suseInsertService waagent fi if [ "$kiwi_profiles" = "EC2" ];then # No Xen based instance types for ARM, no need for custom config if [ "$arch" = "aarch64" ];then rm -rf /etc/dracut.conf.d/07-aws-type-switch.conf fi baseUpdateSysConfig \ /etc/sysconfig/network/dhcp DHCLIENT_SET_HOSTNAME no # cloud-netconfig echo '# Support dynamic multinic configuration' \ >> /etc/sysconfig/network/config net_modules="cloud-netconfig dns-resolver dns-bind dns-dnsmasq nis ntp-runtime" echo "NETCONFIG_MODULES_ORDER=\"$net_modules\"" \ >> /etc/sysconfig/network/config # Disable password based login via ssh ssh_option=ChallengeResponseAuthentication sed -i "s/#${ssh_option} yes/${ssh_option} no/" \ /etc/ssh/sshd_config sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' \ /etc/ssh/sshd_config # Activate/De-activeta services suseInsertService chronyd suseInsertService cloud-init-local suseInsertService cloud-init suseInsertService cloud-config suseInsertService cloud-final systemctl enable cloud-netconfig.timer fi if [ "$kiwi_profiles" = "GCE" ];then baseUpdateSysConfig \ /etc/sysconfig/network/dhcp DHCLIENT_SET_HOSTNAME yes # Disable password based login via ssh ssh_option=ChallengeResponseAuthentication sed -i "s/#${ssh_option} yes/${ssh_option} no/" \ /etc/ssh/sshd_config sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' \ /etc/ssh/sshd_config # cloud-netconfig echo '# Support dynamic multinic configuration' \ >> /etc/sysconfig/network/config net_modules="cloud-netconfig dns-resolver dns-bind dns-dnsmasq nis ntp-runtime" echo "NETCONFIG_MODULES_ORDER=\"$net_modules\"" \ >> /etc/sysconfig/network/config # Create the boto config file echo '[Boto]' >> /etc/boto.cfg echo ' ca_certificates_file = system' >> /etc/boto.cfg # gsutil clobbers boto.cfg create the template file and hope for the best echo '[Boto]' >> /etc/boto.cfg.template echo ' ca_certificates_file = system' >> /etc/boto.cfg.template # Python 3 issue bsc#1116242 echo '[InstanceSetup]' >> /etc/default/instance_configs.cfg.distro echo 'set_boto_config = false' >> /etc/default/instance_configs.cfg.distro # Activate/De-activeta services suseInsertService chronyd suseInsertService google-guest-agent suseInsertService google-osconfig-agent suseInsertService google-shutdown-scripts suseInsertService google-startup-scripts suseInsertService rootgrow systemctl enable google-oslogin-cache.timer fi if [ "$kiwi_profiles" = "NoCloud" ];then baseUpdateSysConfig \ /etc/sysconfig/network/dhcp DHCLIENT_SET_HOSTNAME no # cloud-netconfig echo '# Support dynamic multinic configuration' \ >> /etc/sysconfig/network/config net_modules="cloud-netconfig dns-resolver dns-bind dns-dnsmasq nis ntp-runtime" echo "NETCONFIG_MODULES_ORDER=\"$net_modules\"" \ >> /etc/sysconfig/network/config # Disable password based login via ssh ssh_option=ChallengeResponseAuthentication sed -i "s/#${ssh_option} yes/${ssh_option} no/" \ /etc/ssh/sshd_config sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' \ /etc/ssh/sshd_config # Activate/De-activate services suseInsertService chronyd suseInsertService qemu-guest-agent suseInsertService rootgrow suseInsertService cloud-init-local suseInsertService cloud-init suseInsertService cloud-config suseInsertService cloud-final fi exit 0
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
