openSUSE Build Service

Overview Repositories Revisions Requests Users Attributes Meta

File config.sh of Package jeos-sta

#!/bin/bash
#================
# FILE          : config.sh
#----------------
# PROJECT       : OpenSuSE KIWI Image System
# COPYRIGHT     : (c) 2006 SUSE LINUX Products GmbH. All rights reserved
#               :
# AUTHOR        : Marcus Schaefer <ms@suse.de>
#               :
# BELONGS TO    : Operating System images
#               :
# DESCRIPTION   : configuration script for SUSE based
#               : operating systems
#               :
#               :
# STATUS        : BETA
#----------------
#======================================
# Variables...
#--------------------------------------
DISTVERSION='15.6'
DISTURL='http://download.opensuse.org/'
GATEWAY='192.168.42.254'
DNS='192.168.42.254 192.168.42.4 192.168.42.2'
NTP='192.168.42.254 192.168.42.4 192.168.42.2'
SYSLOG_SERVER='192.168.42.254'
MONITORING_SERVER="$SYSLOG_SERVER"
MAIL_SERVER='192.168.42.254'
#======================================
# Functions...
#--------------------------------------
test -f /.kconfig && . /.kconfig
test -f /.profile && . /.profile

set -euxo pipefail

#======================================
# Greeting...
#--------------------------------------
echo "Configure image: [$kiwi_iname] [$kiwi_profiles]..."

#======================================
# add missing fonts
#--------------------------------------
# Systemd controls the console font now
echo FONT="eurlatgr.psfu" >> /etc/vconsole.conf

#======================================
# prepare for setting root pw, timezone
#--------------------------------------
echo "** reset machine settings"
rm -f /etc/machine-id \
      /var/lib/zypp/AnonymousUniqueId \
      /var/lib/systemd/random-seed

echo "** Running ldconfig ..."
/sbin/ldconfig

#======================================
# SSL Certificates Configuration
#--------------------------------------
echo '** Rehashing SSL Certificates...'
update-ca-certificates

if [ ! -s /var/log/zypper.log ]; then
	> /var/log/zypper.log
fi
#======================================
# Specify default systemd target
#--------------------------------------
baseSetRunlevel multi-user.target

#======================================
# Setup baseproduct link
#--------------------------------------
suseSetupProduct

#======================================
# Add missing gpg keys to rpm
#--------------------------------------
suseImportBuildKey

#======================================
# Remove all locales beside:
#--------------------------------------
baseStripLocales en de

#======================================
# Remove all translations beside:
#--------------------------------------
baseStripTranslations en de

#
# Repos
#
# /etc/zypp/zypp.conf
sed -e "s@# download.use_deltarpm.*@download.use_deltarpm = false@" \
    -e "s@.*solver.dupAllowVendorChange.*@solver.dupAllowVendorChange = false@" \
    -e "s@.*solver.onlyRequires.*@solver.onlyRequires = true@" \
    -i /etc/zypp/zypp.conf

#======================================
# Import trusted rpm keys
#--------------------------------------
for i in /usr/lib/rpm/gnupg/keys/gpg-pubkey*asc; do
    # importing can fail if it already exists
    rpm --import $i || true
done

# additional RPM keys
rm -rf /tmp/keys
mkdir /tmp/keys
# home:lrupp key ce29457a
cat << EOF >> /tmp/keys/t1
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.5 (GNU/Linux)

mQGiBEeWWUARBADL5eao29rf4hmU1jf4CcFwz2bvZQlEZwl+uHqPmgw0XkkyG3fo
VCfTOdmEePmOj0SleEugaSbpX2QDxaeavZbgXvhFnPGkBarjiiNyb70w/3nY+42g
xIro06WHJ35ObJSbVJjz74gKSvB/VeBLt5TODqWhcv0b6b2ti1eczqPblwCg9iMr
SyNH3ee/sdelqpHI7Z79KKsD/1sqsWAlSDepS1zpa4Nah5Yla1rnwLQI/RlwbUPh
ZPSVKqT3CPCVf9gsxJZwAYj33yynYvw12M2y6cUK7KkTmWkqz0MhCyS6xV59xtu4
L2NUPwBLyIacaMJbMRoQROU8dAsuW4yi3VzUCEWeHHycr2oAkjn0p3hQJk2dp9LF
NBPYBACGyNVs26HsWp6uP85E4AfItFu5+mv1+pwNeIpA0eAbTP+UsEZ1hD6jJlzQ
oNc0XEKuzSnDCp51H7danCrzXaHUbLBfMmO15wNia9uScEtQlflm8R83YcRJvt70
GQhZJ/ku8672KFq2TTPYlgP1q+4BWP3Y05RQUQseqPg1s9W7CLQ2aG9tZTpscnVw
cCBPQlMgUHJvamVjdCA8aG9tZTpscnVwcEBidWlsZC5vcGVuc3VzZS5vcmc+iGYE
ExECACYFAldtkKACGwMFCRP152AGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRDo
FKSvzilFeoR5AKCS8XjcS4UcMkJp2+WM2Uh3N5SzjgCfS7VIh534jlQ9wmxXvAem
zDbQhBmIRgQTEQIABgUCR5ZZQAAKCRA7MBG3a51lI6/lAJ47PAI7htM/A3RECOrv
zF5808JpvACfSSsGkVegDsD2DVxG6JxdmVk2VvI=
=sqPF
-----END PGP PUBLIC KEY BLOCK-----
EOF
rpm --import /tmp/keys/t1
# openSUSE:Backports
cat << EOF >> /tmp/keys/t2
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: rpm-4.14.1 (NSS-3)

mQENBFVoS3UBCAC2SATmg4+9L7G0FVrtWC34ltD+FUeaBbqcEn9mlFTJRSNcGdRd
0/lXOmTTIq0j7yxPXebyrEmMEDJ6wSdvH8seeO41iYe8dim0/qdlan7tRTkYiQVH
uMzwvyhF2wRgN0/GM+4/ELYV7+YMrHn1Ty5l0N6g4mTpe0OM5xCf0j3H/pAG40cv
y6+hMcmHTvEHrbH4+fJZxbPkV18BGCEWFAZlS5e+1M6STm4+FXKSX26oeYL/ZkT7
FkQGEyLMIqBSYMVV+ooidONy1Ct0WsgwKk+c0myZ2ZWgUoE1FhUeZgWXD3t3eJbV
6L1dMX3o51NX8nb6YcV3GYXObjjvIgFVnnnNABEBAAG0Rm9wZW5TVVNFOkJhY2tw
b3J0cyBPQlMgUHJvamVjdCA8b3BlblNVU0U6QmFja3BvcnRzQGJ1aWxkLm9wZW5z
dXNlLm9yZz6JAT4EEwECACgFAl2Uo4ECGwMFCQxLCAwGCwkIBwMCBhUIAgkKCwQW
AgMBAh4BAheAAAoJEJwhTUBlF2Vl48QH/39wmpkDh8c6g6QdkACrf503VgLrLS/1
tHlp8decgeN3qoDiCBCek1HqfzTFQSStcWm7KanKIW5fBFSp6Lkqb32yBsibW4Kk
R6x76zqbvmd4YfM6b1qMIzpACghgke8zKePdPpp0JXOU8duIaqf5eQNw91RMhsBZ
alDy7MaSitOH/XzNiZW+V9lZnrma0ySqVJLqIPpB0s7U5YIblPpLl0qxi0VqqTRS
6WZkjopvT3RKk8X/N4xAhxcQW07KOKkqmfPliKazTVPzPL542pnTH2yF9Wpv8bhQ
FyzFthGE9Ri8tVm0r6UOElR0Bg7zA6A0NPUWKmgY37YCRpfz3DDE8Gw=
=mq0p
-----END PGP PUBLIC KEY BLOCK-----
EOF
rpm --import /tmp/keys/t2
rm -rf /tmp/keys

# add repos
rm -rf /etc/zypp/repos.d/*
zypper ar --no-check "${DISTURL}/distribution/leap/\$releasever/repo/oss"       repo-oss
zypper ar --no-check --refresh "${DISTURL}/update/leap/\$releasever/oss"        repo-update-oss
zypper ar --no-check --refresh "${DISTURL}/repositories/home:/lrupp/\$releasever/" home_lrupp
zypper ar --no-check --refresh "${DISTURL}/update/leap/\$releasever/sle/"       repo-sle-update
zypper ar --no-check --refresh "${DISTURL}/update/leap/\$releasever/backports/" repo-backports-update

#
# Network
#
echo "Setting $GATEWAY as default gateway"
echo "default $GATEWAY - -" >> /etc/sysconfig/network/routes
# ifup lo

# DNS
test -f /etc/resolv.conf && rm /etc/resolv.conf
echo "options attempts:1 timeout:1" > /etc/resolv.conf
for server in $DNS; do
	echo "nameserver $server" >> /etc/resolv.conf
done

# NTP
# hardwire ntp server config
NTP_CONFIG='/etc/chrony.conf'
cat << EOF > "$NTP_CONFIG"
# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
# step clock on any clock update (VM)
makestep 1 -1
# Enable kernel synchronization of the real-time clock (RTC).
rtcsync
# Specify directory for log files.
logdir /var/log/chrony
# Also include any directives found in configuration files in /etc/chrony.d
include /etc/chrony.d/*.conf
EOF

for server in $NTP; do
	echo "server $server iburst" >> "$NTP_CONFIG"
done

#
# Boot setup
#
# adapt dracut
echo "Don't wait for swap during boot"
echo "nowaitforswap=yes" >> /etc/dracut.conf.d/10-disable_swap.conf

# allow root login via serial console for debugging
echo "Allow root login via serial console"
echo "# for debugging purposes" >> /etc/securetty
echo ttyS0 >> /etc/securetty
echo ttyS1 >> /etc/securetty
echo hvc0 >> /etc/securetty
echo console >> /etc/securetty

# grub2
echo "Configuring bootloader"
GRUBCONF='/etc/default/grub'
echo "GRUB_DISABLE_OS_PROBER=true" >> $GRUBCONF
if test `uname -m` = "x86_64" ; then
    echo "adding x86 specials to $GRUBCONF ..."
    echo "GRUB_TERMINAL=\"serial console\"" >> $GRUBCONF
    echo "GRUB_HIDDEN_TIMEOUT=0" >> $GRUBCONF
    echo "GRUB_TIMEOUT=2" >> $GRUBCONF
    echo "GRUB_SERIAL_COMMAND=\"serial --speed=115200\"" >> $GRUBCONF
	mkdir -p /config/etc/default
	cp -a $GRUBCONF /config/etc/default/grub.test
#	grub2-mkconfig -o /boot/grub2/grub.cfg
fi

#
# Services
#
# remote logging
echo "Configuring remote logging"
cat << EOF >> /etc/rsyslog.d/remote.conf
\$WorkDirectory /var/spool/rsyslog
\$ActionQueueFileName uniqName
\$ActionQueueMaxDiskSpace 1g
\$ActionQueueSaveOnShutdown on
\$ActionQueueType LinkedList
\$ActionResumeRetryCount -1
*.* @@$SYSLOG_SERVER
EOF

# Monitoring (nrpe)
if [ -f /etc/nrpe.cfg ]; then
  sed -e "s|allowed_hosts=127.0.0.1,::1|allowed_hosts=127.0.0.1,${MONITORING_SERVER},::1|g;" \
      -i /etc/nrpe.cfg
fi

#
# /etc/sysconfig
#
# security
echo "Configuring default file permissions"
echo "PERMISSION_SECURITY=\"secure local\"" >> /etc/sysconfig/security
chkstat --system --set

# cron
echo "Configuring cron to run each day at 19:30 local time"
echo "DAILY_TIME=\"19:30\"" >> /etc/sysconfig/cron

# postfix
echo "Setup postfix to run locally"
F=$(mktemp temp.XXXXXX)
sed "s|POSTFIX_RELAYHOST=.*|POSTFIX_RELAYHOST=\"[$MAIL_SERVER]:25\"|g; \
     s|POSTFIX_NULLCLIENT=.*|POSTFIX_NULLCLIENT=\"yes\"|g; \
     s|POSTFIX_BASIC_SPAM_PREVENTION=.*|POSTFIX_BASIC_SPAM_PREVENTION=\"hard\"|g; \
     s|POSTFIX_REGISTER_SLP=.*|POSTFIX_REGISTER_SLP=\"no\"|g; \
     s|POSTFIX_ADD_MYNETWORKS_STYLE=.*|POSTFIX_ADD_MYNETWORKS_STYLE=\"host\"|g;" \
     /etc/sysconfig/postfix "${F}"
mv "${F}" /etc/sysconfig/postfix
/usr/sbin/config.postfix || :

# enable important services
echo "enable important services"
#         rsyslogd.service \
#         xinetd.service \
for i in \
         chronyd.service \
         haveged.service \
         numad.service \
         nrpe.service \
         postfix.service \
         sshd.service \
         tuned.service \
; do
    echo "enabling $i"
    baseInsertService $i
    /usr/bin/systemctl enable $i
done
echo "disable non-important services"
#         lvm2-lvmetad.service \
for i in \
         dbus-org.opensuse.Network.DHCP6.service \
         mdcheck_continue.timer  \
         mdcheck_start.timer  \
         mdmonitor-oneshot.timer \
         lvm2-lvmpolld.socket \
         lvm2-monitor.service \
         check-battery.timer \
; do
    echo "disabling $i"
    baseRemoveService $i
    /usr/bin/systemctl disable $i
done

exit 0

Places

File config.sh of Package jeos-sta

Places