Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:15-SP2
SLES15-SP2-BYOS
config.sh
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File config.sh of Package SLES15-SP2-BYOS
#!/bin/bash #================ # FILE : config.sh #---------------- # PROJECT : openSUSE KIWI Image System # COPYRIGHT : (c) 2018 SUSE LLC. All rights reserved # : # AUTHOR : Public Cloud Team public-cloud-dev@susecloud.net # : # BELONGS TO : Operating System images # : # DESCRIPTION : configuration script for SUSE based # : operating systems # : # : # STATUS : Production #---------------- #====================================== # Functions... #-------------------------------------- test -f /.kconfig && . /.kconfig test -f /.profile && . /.profile #====================================== # Greeting... #-------------------------------------- echo "Configure image: [$kiwi_iname]..." #====================================== # Setup baseproduct link #-------------------------------------- suseSetupProduct #====================================== # Setup the build keys #-------------------------------------- suseImportBuildKey #========================================= # Set sysconfig options #----------------------------------------- # Set sysconfig for default variable we want to change baseUpdateSysConfig \ /etc/sysconfig/keyboard COMPOSETABLE "clear latin1.add" baseUpdateSysConfig \ /etc/sysconfig/language INSTALLED_LANGUAGES "" baseUpdateSysConfig \ /etc/sysconfig/language RC_LANG "C.UTF-8" baseUpdateSysConfig \ /etc/sysconfig/security POLKIT_DEFAULT_PRIVS restrictive baseUpdateSysConfig \ /etc/sysconfig/windowmanager DEFAULT_WM "" baseUpdateSysConfig \ /etc/sysconfig/windowmanager INSTALL_DESKTOP_EXTENSIONS no # Set sysconfig settings that are not setup by default, net new echo 'CONSOLE_ENCODING="UTF-8"' >> /etc/sysconfig/console echo 'CONSOLE_FONT="lat9w-16.psfu"' >> /etc/sysconfig/console echo 'CONSOLE_SCREENMAP="trivial"' >> /etc/sysconfig/console echo 'DEFAULT_TIMEZONE="Etc/UTC"' >> /etc/sysconfig/clock echo 'HWCLOCK="-u"' >> /etc/sysconfig/clock echo 'UTC=true' >> /etc/sysconfig/clock # Configuration outside of sysconfig # Setup policy kit [ -x /sbin/set_polkit_default_privs ] && /sbin/set_polkit_default_privs # Remove the password for root sed -i 's/^root:[^:]*:/root:*:/' /etc/shadow # Do not use delta rpms in the cloud sed -i 's/# download.use_deltarpm = true/download.use_deltarpm = false/' \ /etc/zypp/zypp.conf # Allow root access on serial console egrep -q '^ttyS0$' /etc/securetty || echo ttyS0 >> /etc/securetty # Avoid weird characters in YaST echo "# yast in Public Cloud images fix" >> /etc/profile echo "NCURSES_NO_UTF8_ACS=1" >> /etc/profile echo "export NCURSES_NO_UTF8_ACS" >> /etc/profile # Activate services suseInsertService boot.device-mapper suseInsertService haveged suseInsertService sshd # Image type specific # Deactivate services suseRemoveService acpid suseRemoveService boot.efivars suseRemoveService boot.lvm suseRemoveService boot.md suseRemoveService boot.multipath suseRemoveService display-manager suseRemoveService kbd # Platform specific settings if [ "$kiwi_profiles" = "Azure" ]; then baseUpdateSysConfig \ /etc/sysconfig/network/dhcp DHCLIENT_SET_HOSTNAME no # Disable no challenge on ssh key login ssh_option=ChallengeResponseAuthentication sed -i "s/#${ssh_option} yes/${ssh_option} no/" \ /etc/ssh/sshd_config # cloud-netconfig echo '# Support dynamic multinic configuration' \ >> /etc/sysconfig/network/config net_modules="cloud-netconfig dns-resolver dns-bind dns-dnsmasq nis ntp-runtime" echo "NETCONFIG_MODULES_ORDER=\"$net_modules\"" \ >> /etc/sysconfig/network/config # Need to allow modules from Enterprise Build Service if [ -f /etc/modprobe.d/unsupported-modules ];then sed -i -r -e 's/^(allow_unsupported_modules[[:space:]]*).*/\10/' \ /etc/modprobe.d/unsupported-modules fi # Need keep alive traffic of Azure disconnects the connection rather quickly sed -i 's/#ClientAliveInterval 0/ClientAliveInterval 180/' \ /etc/ssh/sshd_config # Disable agent auto-update sed -i -e 's/AutoUpdate.Enabled=y/AutoUpdate.Enabled=n/' \ /etc/waagent.conf # Generate all supported SSH host key types sed -i -e 's/SshHostKeyPairType=rsa/SshHostKeyPairType=auto/' \ /etc/waagent.conf # Implement password policy # Length: 6-72 characters long # Contain any combination of 3 of the following: # - a lowercase character # - an uppercase character # - a number # - a special character pwd_policy="minlen=6 dcredit=1 ucredit=1 lcredit=1 ocredit=1 minclass=3" sed -i "s/pam_cracklib.so/pam_cracklib.so $pwd_policy/" \ /etc/pam.d/common-password-pc # Allow forced root login on the serial console bsc#1080692 sed -i 's/sulogin;/sulogin --force;/' \ /usr/lib/systemd/system/emergency.service # Keep the default kernel log level (bsc#1169201) sed -i 's/$klogConsoleLogLevel/#$klogConsoleLogLevel/' /etc/rsyslog.conf # Activate/De-activeta services suseInsertService chronyd suseInsertService cloud-init-local suseInsertService cloud-init suseInsertService cloud-config suseInsertService cloud-final suseInsertService cloud-netconfig.timer suseInsertService waagent fi if [ "$kiwi_profiles" = "EC2-HVM" ];then # Customize motd per arch arch=`uname -m` sed -i "s/MYARCH/$arch/" /etc/motd baseUpdateSysConfig \ /etc/sysconfig/network/dhcp DHCLIENT_SET_HOSTNAME no # cloud-netconfig echo '# Support dynamic multinic configuration' \ >> /etc/sysconfig/network/config net_modules="cloud-netconfig dns-resolver dns-bind dns-dnsmasq nis ntp-runtime" echo "NETCONFIG_MODULES_ORDER=\"$net_modules\"" \ >> /etc/sysconfig/network/config # Disable password based login via ssh ssh_option=ChallengeResponseAuthentication sed -i "s/#${ssh_option} yes/${ssh_option} no/" \ /etc/ssh/sshd_config sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' \ /etc/ssh/sshd_config # Activate/De-activeta services suseInsertService chronyd suseInsertService cloud-init-local suseInsertService cloud-init suseInsertService cloud-config suseInsertService cloud-final suseInsertService cloud-netconfig.timer fi if [ "$kiwi_profiles" = "GCE" ];then baseUpdateSysConfig \ /etc/sysconfig/network/dhcp DHCLIENT_SET_HOSTNAME yes # Disable password based login via ssh ssh_option=ChallengeResponseAuthentication sed -i "s/#${ssh_option} yes/${ssh_option} no/" \ /etc/ssh/sshd_config sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' \ /etc/ssh/sshd_config # Create the boto config file echo '[Boto]' >> /etc/boto.cfg echo ' ca_certificates_file = system' >> /etc/boto.cfg # gsutil clobbers boto.cfg create the template file and hope for the best echo '[Boto]' >> /etc/boto.cfg.template echo ' ca_certificates_file = system' >> /etc/boto.cfg.template # Python 3 issue bsc#1116242 echo '[InstanceSetup]' >> /etc/default/instance_configs.cfg.distro echo 'set_boto_config = false' >> /etc/default/instance_configs.cfg.distro # Activate/De-activeta services suseInsertService chronyd suseInsertService google-accounts-daemon suseInsertService google-clock-skew-daemon suseInsertService google-instance-setup suseInsertService google-network-daemon suseInsertService google-optimize-local-ssd suseInsertService google-set-multiqueue suseInsertService google-shutdown-scripts suseInsertService google-startup-scripts suseInsertService rootgrow fi if [ "$kiwi_profiles" = "OCI" ];then baseUpdateSysConfig \ /etc/sysconfig/network/dhcp DHCLIENT_SET_HOSTNAME no echo 'SECURE_BOOT="yes" TRUSTED_BOOT="no" ' >> /etc/sysconfig/bootloader # Disable password based login via ssh ssh_option=ChallengeResponseAuthentication sed -i "s/#${ssh_option} yes/${ssh_option} no/" \ /etc/ssh/sshd_config sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' \ /etc/ssh/sshd_config # Need to allow modules from Enterprise Build Service if [ -f /etc/modprobe.d/unsupported-modules ];then sed -i -r -e 's/^(allow_unsupported_modules[[:space:]]*).*/\10/' \ /etc/modprobe.d/unsupported-modules fi # Disable memory hotplug bsc#1028173 sed -i 's/SUBSYSTEM=="memory"/#SUBSYSTEM=="memory"/' \ /usr/lib/udev/rules.d/80-hotplug-cpu-mem.rules # iscid setup sed -i 's/node.session.timeo.replacement_timeout/# node.session.timeo.replacement_timeout' /etc/iscsi/iscsid.conf sed -i 's/node.conn[0].timeo.noop_out_interval/# node.conn[0].timeo.noop_out_interval' /etc/iscsi/iscsid.conf sed -i 's/node.conn[0].timeo.noop_out_timeout/# node.conn[0].timeo.noop_out_timeout' /etc/iscsi/iscsid.conf echo '#' >> /etc/iscsi/iscsid.conf echo '# OCI deviations from default' echo 'node.conn[0].timeo.noop_out_interval = 0' >> /etc/iscsi/iscsid.conf echo 'node.conn[0].timeo.noop_out_timeout = 0' >> /etc/iscsi/iscsid.conf echo 'node.session.timeo.replacement_timeout = 6000' >> /etc/iscsi/iscsid.conf # Activate/De-activeta services suseInsertService chronyd suseInsertService cloud-init-local suseInsertService cloud-init suseInsertService cloud-config suseInsertService cloud-final suseInsertService firewalld suseInsertService iscsid.service suseInsertService iscsiuio.service fi exit 0
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor