generic/fedora-18-x86_64-cloud.ks | 8 --
generic/fedora-18-x86_64-minimal.ks | 111 ++++++++++++++++++++++++++++++++++++
generic/fedora-18-x86_64.ks | 8 --
3 files changed, 117 insertions(+), 10 deletions(-)
New commits:
commit cad2376ff3967ed53397140001804a879789fc86
Author: Matthew Miller <mattdm(a)mattdm.org>
Date: Wed Dec 12 20:12:36 2012 -0500
This is intended to be as obsessively minimal as we can reasonably
get and still be Fedora. It won't be the base of our default cloud image.
diff --git a/generic/fedora-18-x86_64-minimal.ks b/generic/fedora-18-x86_64-minimal.ks
new file mode 100644
index 0000000..b760eb3
--- /dev/null
+++ b/generic/fedora-18-x86_64-minimal.ks
@@ -0,0 +1,111 @@
+# This is a basic Fedora 18 spin designed to work in OpenStack and other
+# private cloud environments. It's configured with cloud-init so it will
+# take advantage of ec2-compatible metadata services for provisioning
+# ssh keys. That also currently creates an ec2-user account; we'll probably
+# want to make that something generic by default. The root password is empty
+# by default.
+
+lang en_US.UTF-8
+keyboard us
+timezone --utc America/New_York
+auth --useshadow --enablemd5
+selinux --enforcing
+# this is actually not used, but a static firewall
+# matching these rules is generated below.
+firewall --service=ssh --service=http --service=https
+bootloader --timeout=0 --location=mbr --driveorder=sda
+network --bootproto=dhcp --device=eth0 --onboot=on
+services --enabled=network,sshd,rsyslog,iptables
+
+
+# Define how large you want your rootfs to be
+part biosboot --fstype=biosboot --size=1 --ondisk sda
+part / --size 1024 --fstype ext4 --ondisk sda
+
+# Repositories
+repo --name=fedora
--mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-18&arch=$basearch
+
+# We start with @core, and then add a few more packages to make a nice
+# functional Fedora-like but still reasonably minimal cloud image.
+%packages --nobase
+@core
+kernel
+grub2
+firewalld
+iptables-services
+
+
+# and, some things from @core we can do without in a minimal install
+-biosdevname
+-plymouth
+-NetworkManager
+-polkit
+
+# ultra-minimal, in fact.
+-e2fsprogs
+-audit
+-rsyslog
+-parted
+-openssh-clients
+-rootfiles
+-sendmail
+-sudo
+
+%end
+
+# Configuration
+%post --erroronfail
+
+cat <<EOF > /etc/fstab
+LABEL=_/ / ext4 defaults 1 1
+EOF
+
+
+# grub tweaks
+echo GRUB_TIMEOUT=0 > /etc/default/grub
+sed -ie 's/^set timeout=5/set timeout=0/' /boot/grub2/grub.cfg
+
+# for EC2, need to figure out how to set up menu.list for pv-grub
+
+# setup systemd to boot to the right runlevel
+rm -f /etc/systemd/system/default.target
+ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
+
+# because we didn't install rsyslog, enable persistent journal
+mkdir /var/log/journal/
+
+# this is installed by default but we don't need it in virt
+yum -C -y remove linux-firmware
+
+# remove firewalld; was supposed to be optional in F18, but is required to
+# be present for image building.
+yum -C -y remove firewalld
+#
+yum -C -y remove cairo dbus-glib dbus-python ebtables fontconfig fontpackages-filesystem
gobject-introspection js libdrm libpciaccess libpng libselinux-python libwayland-client
libwayland-server libX11 libX11-common libXau libxcb libXdamage libXext libXfixes
libXrender libXxf86vm mesa-libEGL mesa-libgbm mesa-libGL mesa-libglapi pixman polkit
pycairo pygobject2 pygobject3 python-decorator python-slip python-slip-dbus
+
+# Non-firewalld-firewall
+cat <<EOF > /etc/sysconfig/iptables
+# Simple static firewall loaded by iptables.service. Replace
+# this with your own custom rules, run lokkit, or switch to
+# shorewall or firewalld as your needs dictate.
+*filter
+:INPUT ACCEPT [0:0]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+-A INPUT -p icmp -j ACCEPT
+-A INPUT -i lo -j ACCEPT
+-A INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 22 -j ACCEPT
+-A INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 80 -j ACCEPT
+-A INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 443 -j ACCEPT
+-A INPUT -j REJECT --reject-with icmp-host-prohibited
+-A FORWARD -j REJECT --reject-with icmp-host-prohibited
+COMMIT
+EOF
+
+# This forces the filesystem to reclaim space from deleted files
+dd bs=1M if=/dev/zero of=/var/tmp/zeros || :
+rm -f /var/tmp/zeros
+
+%end
+
commit f1529007ecc7ca129d8ae96c3b4bd47a2bd196c6
Author: Matthew Miller <mattdm(a)mattdm.org>
Date: Mon Nov 12 23:08:29 2012 -0500
go back to mirrorlist instead of hardcoded repo
diff --git a/generic/fedora-18-x86_64-cloud.ks b/generic/fedora-18-x86_64-cloud.ks
index cef6b13..72225ec 100644
--- a/generic/fedora-18-x86_64-cloud.ks
+++ b/generic/fedora-18-x86_64-cloud.ks
@@ -21,9 +21,7 @@ part biosboot --fstype=biosboot --size=1 --ondisk sda
part / --size 4000 --fstype ext4 --ondisk sda
# Repositories
-#repo --name=fedora
--mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-18&arch=$basearch
-#temporarily hardcode because many mirrors don't have 0.7
-repo --name=fedoradev
--baseurl=http://linux.seas.harvard.edu/fedora/linux/development/18/x86_64/os/
+repo --name=fedora
--mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-18&arch=$basearch
# We start with @core, and then add a few more packages to make a nice
# functional Fedora-like but still reasonably minimal cloud image.
diff --git a/generic/fedora-18-x86_64.ks b/generic/fedora-18-x86_64.ks
index a67db5d..dd0b1f7 100644
--- a/generic/fedora-18-x86_64.ks
+++ b/generic/fedora-18-x86_64.ks
@@ -18,9 +18,7 @@ part biosboot --fstype=biosboot --size=1 --ondisk sda
part / --size 4000 --fstype ext4 --ondisk sda
# Repositories
-#repo --name=fedora
--mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-18&arch=$basearch
-#temporarily hardcode because many mirrors don't have 0.7
-repo --name=fedoradev
--baseurl=http://linux.seas.harvard.edu/fedora/linux/development/18/x86_64/os/
+repo --name=fedora
--mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-18&arch=$basearch
# We start with @core, and then add a few more packages to make a nice
# functional Fedora-like but still reasonably minimal cloud image.
commit d79eb2cd230e8c77468a95242f4d07189228d273
Author: Matthew Miller <mattdm(a)mattdm.org>
Date: Mon Nov 12 23:04:21 2012 -0500
man-db is now in @core anyway
diff --git a/generic/fedora-18-x86_64-cloud.ks b/generic/fedora-18-x86_64-cloud.ks
index 04ac166..cef6b13 100644
--- a/generic/fedora-18-x86_64-cloud.ks
+++ b/generic/fedora-18-x86_64-cloud.ks
@@ -31,7 +31,6 @@ repo --name=fedoradev
--baseurl=http://linux.seas.harvard.edu/fedora/linux/devel
@core
cloud-init
kernel
-man-db
grub2
# if we're not going to be installing firewalld, we need this
iptables-services
diff --git a/generic/fedora-18-x86_64.ks b/generic/fedora-18-x86_64.ks
index d93deab..a67db5d 100644
--- a/generic/fedora-18-x86_64.ks
+++ b/generic/fedora-18-x86_64.ks
@@ -27,7 +27,6 @@ repo --name=fedoradev
--baseurl=http://linux.seas.harvard.edu/fedora/linux/devel
%packages --nobase
@core
kernel
-man-db
grub2
# if we're not going to be installing firewalld, we need this
iptables-services
commit eb4ce910f06a774fe02f85b3056fd1c92b77f3e3
Author: Matthew Miller <mattdm(a)mattdm.org>
Date: Mon Nov 12 23:03:28 2012 -0500
remove pciutils; no one could remember why it's there
diff --git a/generic/fedora-18-x86_64-cloud.ks b/generic/fedora-18-x86_64-cloud.ks
index 97fc6f7..04ac166 100644
--- a/generic/fedora-18-x86_64-cloud.ks
+++ b/generic/fedora-18-x86_64-cloud.ks
@@ -30,7 +30,6 @@ repo --name=fedoradev
--baseurl=http://linux.seas.harvard.edu/fedora/linux/devel
%packages --nobase
@core
cloud-init
-pciutils
kernel
man-db
grub2
diff --git a/generic/fedora-18-x86_64.ks b/generic/fedora-18-x86_64.ks
index ebf96ca..d93deab 100644
--- a/generic/fedora-18-x86_64.ks
+++ b/generic/fedora-18-x86_64.ks
@@ -26,7 +26,6 @@ repo --name=fedoradev
--baseurl=http://linux.seas.harvard.edu/fedora/linux/devel
# functional Fedora-like but still reasonably minimal cloud image.
%packages --nobase
@core
-pciutils
kernel
man-db
grub2
commit a2012e2fbea0abe2f53337cf5c7d5b69976a52f7
Author: Matthew Miller <mattdm(a)mattdm.org>
Date: Mon Nov 12 22:54:59 2012 -0500
if we're not installing firewalld, we need iptables-services
diff --git a/generic/fedora-18-x86_64-cloud.ks b/generic/fedora-18-x86_64-cloud.ks
index 1d1b1c6..97fc6f7 100644
--- a/generic/fedora-18-x86_64-cloud.ks
+++ b/generic/fedora-18-x86_64-cloud.ks
@@ -34,6 +34,8 @@ pciutils
kernel
man-db
grub2
+# if we're not going to be installing firewalld, we need this
+iptables-services
# and, some things from @core we can do without
-biosdevname
diff --git a/generic/fedora-18-x86_64.ks b/generic/fedora-18-x86_64.ks
index 2fb0699..ebf96ca 100644
--- a/generic/fedora-18-x86_64.ks
+++ b/generic/fedora-18-x86_64.ks
@@ -30,6 +30,8 @@ pciutils
kernel
man-db
grub2
+# if we're not going to be installing firewalld, we need this
+iptables-services
# and, some things from @core we can do without
-biosdevname
Show replies by date