--- common-blacklist.ks | 161 ------------------------------------------------- common-install.ks | 19 ------ common-pkgs.ks | 78 ------------------------ common-post.ks | 167 --------------------------------------------------- ovirt-node-image.ks | 118 ------------------------------------ 5 files changed, 0 insertions(+), 543 deletions(-) delete mode 100644 common-blacklist.ks delete mode 100644 common-install.ks delete mode 100644 common-pkgs.ks delete mode 100644 common-post.ks delete mode 100644 ovirt-node-image.ks
diff --git a/common-blacklist.ks b/common-blacklist.ks deleted file mode 100644 index 3499ccf..0000000 --- a/common-blacklist.ks +++ /dev/null @@ -1,161 +0,0 @@ -# -*-Shell-script-*- -%post - -echo "Removing excess RPMs" - -# kernel pulls in mkinitrd which pulls in isomd5sum which pulls in python, -# and livecd-tools needs lokkit to configure SELinux. -# However, this is just an install-time dependency; we can remove -# it afterwards, which we do here -RPMS="system-config-firewall-tui system-config-network-tui rhpl \ - rpm-python kudzu libsemanage-python" - -RPMS="$RPMS mkinitrd isomd5sum dmraid checkpolicy" - -# Remove additional RPMs forcefully -RPMS="$RPMS gamin pm-utils kbd usermode vbetool ConsoleKit hdparm \ - efibootmgr linux-atm-libs fedora-release-notes \ - psmisc cryptsetup-luks pciutils mtools syslinux \ - wireless-tools radeontool libicu gnupg2 \ - fedora-logos" - -# cronie pulls in exim (sendmail) which pulls in all kinds of perl deps -RPMS="$RPMS exim perl-version perl-Pod-Simple perl-libs perl-Module-Pluggable \ - perl-Pod-Escapes perl" - -RPMS="$RPMS sysklogd" - -# workaround for gpxe issue with the virt-preview qemu on F11 host kernel -# https://bugzilla.redhat.com/show_bug.cgi?id=512358 -RPMS="$RPMS gpxe-roms-qemu" -ln -snf ../etherboot/e1000-82542.zrom /usr/share/qemu/pxe-e1000.bin -ln -snf ../etherboot/ne.zrom /usr/share/qemu/pxe-ne2k_pci.bin -ln -snf ../etherboot/pcnet32.zrom /usr/share/qemu/pxe-pcnet.bin -ln -snf ../etherboot/rtl8139.zrom /usr/share/qemu/pxe-rtl8139.bin -ln -snf ../etherboot/virtio-net.zrom /usr/share/qemu/pxe-virtio.bin - -# Things we could probably remove if libvirt didn't link against them -#RPMS="$RPMS avahi PolicyKit xen-libs" - -# Things we could probably remove if qemu-kvm didn't link against them -#RPMS="$RPMS SDL alsa-lib" - -# Pam complains when this is missing -#RPMS="$RPM ConsoleKit-libs" - -for rpm in $RPMS; do - rpm -v -e --nodeps $rpm 2> /dev/null -done - -# the following are lists of kernel modules we are pretty sure we won't need; -# note that these can be single files or whole directories. They are specified -# starting at $MODULES; so if you want to remove the NLS stuff from the -# fs subdir, your mods entry would be "fs/nls" -fs_mods="fs/nls fs/9p fs/affs fs/autofs fs/autofs4 fs/befs fs/bfs fs/cifs \ - fs/coda fs/cramfs fs/dlm fs/ecryptfs fs/efs fs/exportfs fs/ext4 \ - fs/freevxfs fs/gfs2 fs/hfs fs/hfsplus fs/jbd2 fs/jffs \ - fs/jffs2 fs/jfs fs/minix fs/ncpfs fs/ocfs2 fs/qnx4 fs/reiserfs \ - fs/romfs fs/sysv fs/udf fs/ufs fs/xfs" - -net_mods="net/9p net/appletalk net/atm net/ax25 \ - net/bluetooth net/dccp net/decnet net/ieee80211 net/ipx net/irda \ - net/mac80211 net/netrom net/rfkill net/rose net/sched net/tipc \ - net/wanrouter net/wireless" - -driver_mods="drivers/auxdisplay drivers/net/appletalk \ - drivers/net/hamradio drivers/net/pcmcia drivers/net/tokenring \ - drivers/net/wireless drivers/net/irda drivers/atm drivers/usb/atm \ - drivers/acpi drivers/char/drm drivers/char/mwave \ - drivers/char/ipmp drivers/char/pcmcia drivers/crypto \ - drivers/firmware drivers/memstick drivers/mmc drivers/mfs \ - drivers/parport drivers/video drivers/watchdog drivers/net/ppp* \ - drivers/usb/serial drivers/usb/misc drivers/usb/class \ - drivers/usb/image drivers/rtc drivers/char/lp*" - -misc_mods="drivers/bluetooth drivers/firewire drivers/i2c drivers/isdn \ - drivers/media drivers/misc drivers/leds drivers/mtd drivers/w1 sound \ - drivers/input drivers/pcmcia drivers/scsi/pcmcia" - -echo "Removing excess kernel modules" -MODULES="/lib/modules/*/kernel" -RM="rm -rf" - -for mods in $fs_mods $net_mods $misc_mods $driver_mods ; do - $RM $MODULES/$mods -done - -echo "Removing all timezones except for UTC" -find /usr/share/zoneinfo -regextype egrep -type f \ - ! -regex ".*/UTC|.*/GMT" -exec $RM {} \; - -echo "Removing blacklisted files and directories" -blacklist="/etc/alsa /etc/pki /usr/share/hwdata/MonitorsDB \ - /usr/share/hwdata/oui.txt /usr/share/hwdata/videoaliases \ - /usr/share/firstboot /usr/share/lua /usr/share/kde4 /usr/share/pixmaps \ - /usr/share/hwdata/videodrivers /usr/share/icons /usr/share/fedora-release \ - /usr/share/tabset /usr/share/libvirt /usr/share/augeas/lenses/tests \ - /usr/share/tc /usr/share/emacs /usr/share/info \ - /usr/src /usr/etc /usr/games /usr/include /usr/local \ - /usr/sbin/{dell*,sasldblistusers2,build-locale-archive,glibc_post_upgrade.*}" -blacklist_lib="/usr/{,lib64}/tc \ - /usr/lib{,64}/tls /usr/lib{,64}/sse2 \ - /usr/lib{,64}/pkgconfig /usr/lib{,64}/nss \ - /usr/lib{,64}/games /usr/lib{,64}/alsa-lib /usr/lib{,64}/fs/reiserfs \ - /usr/lib{,64}/krb5 /usr/lib{,64}/hal /usr/lib{,64}/gio \ - /usr/lib/locale /usr/lib/syslinux" -blacklist_pango="/usr/lib{,64}/pango /usr/lib{,64}/libpango* \ - /etc/pango /usr/bin/pango*" -blacklist_hal="/usr/bin/hal-disable-polling \ - /usr/bin/hal-is-caller-locked-out /usr/bin/hal-is-caller-privileged \ - /usr/bin/hal-lock /usr/bin/hal-set-property /usr/bin/hal-setup-keymap" -blacklist_ssh="/usr/bin/sftp /usr/bin/slogin /usr/bin/ssh /usr/bin/ssh-add \ - /usr/bin/ssh-agent /usr/bin/ssh-copy-id /usr/bin/ssh-keyscan" -blacklist_docs="/usr/share/omf /usr/share/gnome /usr/share/doc \ - /usr/share/locale /usr/share/libthai /usr/share/man \ - /usr/share/X11 /usr/share/i18n" - -eval $RM $blacklist $blacklist_lib $blacklist_pango $blacklist_hal \ - $blacklist_ssh $blacklist_docs - -echo "Cleanup empty directory structures in /usr/share" -find /usr/share -type d -exec rmdir {} \; > /dev/null 2>&1 - -echo "Cleanup excess selinux modules" -$RM /usr/share/selinux - -echo "Removing python source files" -find / -name '*.py' -exec rm -f {} \; -find / -name '*.pyo' -exec rm -f {} \; - -echo "Running image-minimizer..." -%end - -%post --nochroot --interpreter image-minimizer -drop /usr/lib/libboost* -keep /usr/lib/libboost_program_options.so* -keep /usr/lib/libboost_filesystem.so* -keep /usr/lib/libboost_thread-mt.so* -keep /usr/lib/libboost_system.so* -drop /usr/lib64/libboost* -keep /usr/lib64/libboost_program_options.so* -keep /usr/lib64/libboost_filesystem.so* -keep /usr/lib64/libboost_thread-mt.so* -keep /usr/lib64/libboost_system.so* -drop /usr/kerberos -keep /usr/kerberos/bin/kinit -keep /usr/kerberos/bin/klist -drop /lib/firmware -keep /lib/firmware/3com -keep /lib/firmware/acenic -keep /lib/firmware/adaptec -keep /lib/firmware/advansys -keep /lib/firmware/bnx2 -keep /lib/firmware/cxgb3 -keep /lib/firmware/e100 -keep /lib/firmware/myricom -keep /lib/firmware/qlogic -keep /lib/firmware/sun -keep /lib/firmware/tehuti -keep /lib/firmware/tigon -%end - diff --git a/common-install.ks b/common-install.ks deleted file mode 100644 index d6620f7..0000000 --- a/common-install.ks +++ /dev/null @@ -1,19 +0,0 @@ -lang C -keyboard us -timezone --utc UTC -auth --useshadow --enablemd5 -selinux --enforcing -firewall --disabled -part / --size 650 --fstype ext2 -services --enabled=auditd,ntpd,ntpdate,collectd,iptables,network,rsyslog,libvirt-qpid,multipathd -# This requires a new fixed version of livecd-creator to honor the --append settings. -bootloader --timeout=30 --append="console=tty0 console=ttyS0,115200n8" - -# not included by default in Fedora 10 livecd initramfs -device virtio_blk -device virtio_pci -device scsi_wait_scan - -# multipath kmods -device dm-multipath -device dm-round-robin diff --git a/common-pkgs.ks b/common-pkgs.ks deleted file mode 100644 index d0d5170..0000000 --- a/common-pkgs.ks +++ /dev/null @@ -1,78 +0,0 @@ -audit -bc -kernel -hwdata -passwd -policycoreutils -rootfiles -dhclient -openssh-clients -openssh-server -kvm -libmlx4 -ovirt-node-stateless -ovirt-node-selinux -ovirt-node-logos -ovirt-node-release --selinux-policy-targeted -selinux-policy-minimum -vim-minimal -sudo -python -python-libs -python-setuptools -db4 -vconfig -python-virtinst -matahari -#debugging -hdparm -sos -gdb -ltrace -strace -sysstat -tcpdump -pstack -pciutils -numactl -file -lsof -newt-python -/usr/bin/kvmtrace -#remove --audit-libs-python --ustr --authconfig --wireless-tools --setserial --prelink --newt-python --newt --kudzu --libselinux-python --rhpl --kbd --usermode --fedora-logos --dmraid --gzip --less --which --parted --nash --tar --libuser --mtools --cpio --sysklogd -/usr/sbin/lokkit -isomd5sum -irqbalance -cpuspeed -acpid -device-mapper-multipath -kpartx -# workaround for gpxe issue with the virt-preview qemu on F11 host kernel -# https://bugzilla.redhat.com/show_bug.cgi?id=512358 -etherboot-zroms-kvm diff --git a/common-post.ks b/common-post.ks deleted file mode 100644 index f8e4a54..0000000 --- a/common-post.ks +++ /dev/null @@ -1,167 +0,0 @@ -# -*-Shell-script-*- -echo "Starting Kickstart Post" -PATH=/sbin:/usr/sbin:/bin:/usr/bin -export PATH - -# Import SELinux Modules -echo "Enabling selinux modules" -SEMODULES="base automount avahi consolekit cyrus dhcp dnsmasq guest hal ipsec \ -iscsi kerberos kerneloops ldap lockdev logadm mozilla ntp ovirt-node-selinux \ -polkit portmap qemu rpcbind sasl snmp stunnel sysstat tcpd unprivuser \ -unconfined usbmodules userhelper virt" - -lokkit -v --selinuxtype=minimum -tmpdir=$(mktemp -d) - -for semodule in $SEMODULES; do - found=0 - pp_file=/usr/share/selinux/minimum/$semodule.pp - if [ -f $pp_file.bz2 ]; then - bzip2 -dc $pp_file.bz2 > "$tmpdir/$semodule.pp" - rm $pp_file.bz2 - found=1 - elif [ -f $pp_file ]; then - mv $pp_file "$tmpdir" - found=1 - fi - # Don't put "base.pp" on the list. - test $semodule = base \ - && continue - test $found=1 \ - && modules="$modules $semodule.pp" -done - -if test -n "$modules"; then - (cd "$tmpdir" \ - && test -f base.pp \ - && semodule -v -b base.pp -i $modules \ - && semodule -v -B ) -fi -rm -rf "$tmpdir" - -echo "Running ovirt-install-node-stateless" -ovirt-install-node-stateless - -echo "Creating shadow files" -# because we aren't installing authconfig, we aren't setting up shadow -# and gshadow properly. Do it by hand here -pwconv -grpconv - -echo "Forcing C locale" -# force logins (via ssh, etc) to use C locale, since we remove locales -cat >> /etc/profile << \EOF -# oVirt: force our locale to C since we don't have locale stuff' -export LC_ALL=C LANG=C -EOF - -echo "Configuring IPTables" -# here, we need to punch the appropriate holes in the firewall -cat > /etc/sysconfig/iptables << \EOF -# oVirt automatically generated firewall configuration -*filter -:INPUT ACCEPT [0:0] -:FORWARD ACCEPT [0:0] -:OUTPUT ACCEPT [0:0] --A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT --A INPUT -p icmp -j ACCEPT --A INPUT -i lo -j ACCEPT -# libvirt --A INPUT -p tcp --dport 16509 -j ACCEPT -# SSH --A INPUT -p tcp --dport 22 -j ACCEPT -# anyterm --A INPUT -p tcp --dport 81 -j ACCEPT -# guest consoles --A INPUT -p tcp -m multiport --dports 5800:6000 -j ACCEPT -# migration --A INPUT -p tcp -m multiport --dports 49152:49216 -j ACCEPT --A INPUT -j REJECT --reject-with icmp-host-prohibited --A FORWARD -m physdev ! --physdev-is-bridged -j REJECT --reject-with icmp-host-prohibited -COMMIT -EOF -# configure IPv6 firewall, default is all ACCEPT -cat > /etc/sysconfig/ip6tables << \EOF -# oVirt automatically generated firewall configuration -*filter -:INPUT ACCEPT [0:0] -:FORWARD ACCEPT [0:0] -:OUTPUT ACCEPT [0:0] --A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT --A INPUT -p ipv6-icmp -j ACCEPT --A INPUT -i lo -j ACCEPT -# libvirt --A INPUT -p tcp --dport 16509 -j ACCEPT -# SSH --A INPUT -p tcp --dport 22 -j ACCEPT -# anyterm --A INPUT -p tcp --dport 81 -j ACCEPT -# guest consoles --A INPUT -p tcp -m multiport --dports 5800:6000 -j ACCEPT -# migration --A INPUT -p tcp -m multiport --dports 49152:49216 -j ACCEPT --A INPUT -j REJECT --reject-with icmp6-adm-prohibited --A FORWARD -m physdev ! --physdev-is-bridged -j REJECT --reject-with icmp6-adm-prohibited -COMMIT -EOF - -# remove errors from /sbin/dhclient-script -DHSCRIPT=/sbin/dhclient-script -sed -i 's/mv /cp -p /g' $DHSCRIPT -sed -i '/rm -f.*${interface}/d' $DHSCRIPT -sed -i '/rm -f \/etc\/localtime/d' $DHSCRIPT -sed -i '/rm -f \/etc\/ntp.conf/d' $DHSCRIPT -sed -i '/rm -f \/etc\/yp.conf/d' $DHSCRIPT - -if rpm -q --qf '%{release}' ovirt-node | grep -q "^0\." ; then - echo "Building in developer mode, leaving root account unlocked" - augtool <<\EOF -set /files/etc/ssh/sshd_config/PermitEmptyPasswords yes -save -EOF -else - echo "Building in production mode, locking root account" - passwd -l root -fi - -# directories required in the image with the correct perms -# config persistance currently handles only regular files -mkdir -p /root/.ssh -chmod 700 /root/.ssh - -# fix iSCSI/LVM startup issue -sed -i 's/node\.session\.initial_login_retry_max.*/node.session.initial_login_retry_max = 60/' /etc/iscsi/iscsid.conf - -# root's bash profile -cat >> /root/.bashrc <<EOF -# aliases used for the temporary -function mod_vi() { - /bin/vi \$@ - restorecon -v \$@ -} -alias vi="mod_vi" -alias ping='ping -c 3' -EOF - -# Remove the default logrotate daily cron job -# since we run it every 10 minutes instead. -rm -f /etc/cron.daily/logrotate - -# comment out /etc/* entries in rwtab to prevent overlapping mounts -touch /var/lib/random-seed -mkdir /live -mkdir /boot -sed -i '/^files \/etc*/ s/^/#/' /etc/rwtab -cat > /etc/rwtab.d/ovirt <<EOF -dirs /var/lib/multipath -files /etc -dirs /var/lib/dnsmasq -files /var/cache/libvirt -files /var/cache/hald -files /var/empty/sshd/etc/localtime -files /var/lib/dbus -files /var/lib/libvirt -empty /mnt -empty /live -empty /boot -EOF diff --git a/ovirt-node-image.ks b/ovirt-node-image.ks deleted file mode 100644 index 6b9e2ac..0000000 --- a/ovirt-node-image.ks +++ /dev/null @@ -1,118 +0,0 @@ -%include common-install.ks - -%include repos.ks - -%packages --excludedocs --nobase -%include common-pkgs.ks - -%end - -%post -# cleanup rpmdb to allow non-matching host and chroot RPM versions -rm -f /var/lib/rpm/__db* -%include common-post.ks - -touch /.autorelabel - -# prepare for STATE_MOUNT in rc.sysinit -augtool <<\EOF -set /files/etc/sysconfig/readonly-root/TEMPORARY_STATE NOT_OVIRT_FIRSTBOOT -set /files/etc/sysconfig/readonly-root/STATE_LABEL CONFIG -set /files/etc/sysconfig/readonly-root/STATE_MOUNT /config -set /files/etc/sysconfig/readonly-root/READONLY yes -save -EOF -# use persistent state unless firstboot is forced -# XXX auges shellvars lens does not accept this value -sed -i 's...@not_ovirt_firstboot@$(if cat /proc/cmdline|grep -qv ovirt_firstboot; then printf "yes"; else printf "no"; fi)@' /etc/sysconfig/readonly-root -# prepare mount points for local storage -mkdir -p /boot -mkdir -p /config -mkdir -p /data -mkdir -p /liveos -echo "/dev/HostVG/Config /config ext3 defaults,noauto 0 0" >> /etc/fstab -%end - -%post -# Create initial manifests -manifests=/tmp/manifests -mkdir -p $manifests -rpm -qa --qf '%{name}-%{version}-%{release}.%{arch}\n' | sort \ - > $manifests/rpm-manifest.txt -rpm -qa --qf '%{sourcerpm}\n' | sort -u > $manifests/srpm-manifest.txt -du -akx --exclude=/var/cache/yum / > $manifests/file-manifest.txt -du -x --exclude=/var/cache/yum / > $manifests/dir-manifest.txt -%end - -%include common-blacklist.ks - -%post --nochroot -if [ -f "ovirt-authorized_keys" ]; then - echo "Adding authorized_keys to Image" - mkdir -p $INSTALL_ROOT/root/.ssh - cp -v ovirt-authorized_keys $INSTALL_ROOT/root/.ssh/authorized_keys - chown -R root:root $INSTALL_ROOT/root/.ssh - chmod 755 $INSTALL_ROOT/root/.ssh - chmod 644 $INSTALL_ROOT/root/.ssh/authorized_keys -fi - -echo "Fixing boot menu" -# remove quiet from Node bootparams, added by livecd-creator -sed -i -e 's/ quiet//' $LIVE_ROOT/isolinux/isolinux.cfg - -# add stand-alone boot entry -awk ' -BEGIN { - # append additional default boot parameters - add_boot_params="check" -} -/^label linux0/ { linux0=1 } -linux0==1 && $1=="append" { - $0=$0 " " add_boot_params - append0=$0 -} -linux0==1 && $1=="label" && $2!="linux0" { - linux0=2 - print "label stand-alone" - print " menu label Boot in stand-alone mode" - print " kernel vmlinuz0" - gsub("console=tty0", "", append0) - print append0" ovirt_standalone console=tty0" -} -{ print } -' $LIVE_ROOT/isolinux/isolinux.cfg > $LIVE_ROOT/isolinux/isolinux.cfg.standalone -mv $LIVE_ROOT/isolinux/isolinux.cfg.standalone $LIVE_ROOT/isolinux/isolinux.cfg - -%end - -%post -# Create post-image processing manifests -manifests=/tmp/manifests -mkdir -p $manifests -rpm -qa --qf '%{name}-%{version}-%{release}.%{arch}\n' | sort \ - > $manifests/rpm-manifest-post.txt -rpm -qa --qf '%{sourcerpm}\n' | sort -u > $manifests/srpm-manifest-post.txt -du -akx --exclude=/var/cache/yum / > $manifests/file-manifest-post.txt -du -x --exclude=/var/cache/yum / > $manifests/dir-manifest-post.txt - -ver=$(rpm -q --qf '%{version}' ovirt-node) -rel=$(rpm -q --qf '%{release}' ovirt-node) -arch=$(rpm -q --qf '%{arch}' ovirt-node) -echo "oVirt Node release $ver-$rel-$arch" > $manifests/ovirt-release -tar -cvf ovirt-node-image-manifests-$ver-$rel.$arch.tar -C /tmp manifests -ln -nf ovirt-node-image-manifests-$ver-$rel.$arch.tar ovirt-node-image-manifests.tar -rm -Rf $manifests -%end - -%post --nochroot -# Move manifest tar to build directory -mv $INSTALL_ROOT/ovirt-node-image-manifests*.tar . - -# only works on x86, x86_64 -if [ "$(uname -i)" = "i386" -o "$(uname -i)" = "x86_64" ]; then - if [ ! -d $LIVE_ROOT/LiveOS ]; then mkdir -p $LIVE_ROOT/LiveOS ; fi - cp /usr/bin/livecd-iso-to-disk $LIVE_ROOT/LiveOS - cp /usr/bin/livecd-iso-to-pxeboot $LIVE_ROOT/LiveOS -fi -%end - -- 1.6.2.5 _______________________________________________ Ovirt-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/ovirt-devel
