5 commits - generic/fedora-18-x86_64-cloud.ks generic/fedora-18-x86_64.ks generic/fedora-18-x86_64-minimal.ks

Matthew Miller mattdm at fedoraproject.org
Thu Dec 13 01:13:34 UTC 2012 

 generic/fedora-18-x86_64-cloud.ks   |    8 --
 generic/fedora-18-x86_64-minimal.ks |  111 ++++++++++++++++++++++++++++++++++++
 generic/fedora-18-x86_64.ks         |    8 --
 3 files changed, 117 insertions(+), 10 deletions(-)

New commits:
commit cad2376ff3967ed53397140001804a879789fc86
Author: Matthew Miller <mattdm at mattdm.org>
Date:   Wed Dec 12 20:12:36 2012 -0500

    This is intended to be as obsessively minimal as we can reasonably
    get and still be Fedora. It won't be the base of our default cloud image.

diff --git a/generic/fedora-18-x86_64-minimal.ks b/generic/fedora-18-x86_64-minimal.ks
new file mode 100644
index 0000000..b760eb3
--- /dev/null
+++ b/generic/fedora-18-x86_64-minimal.ks
@@ -0,0 +1,111 @@
+# This is a basic Fedora 18 spin designed to work in OpenStack and other
+# private cloud environments. It's configured with cloud-init so it will
+# take advantage of ec2-compatible metadata services for provisioning
+# ssh keys. That also currently creates an ec2-user account; we'll probably
+# want to make that something generic by default. The root password is empty
+# by default.
+
+lang en_US.UTF-8
+keyboard us
+timezone --utc America/New_York
+auth --useshadow --enablemd5
+selinux --enforcing
+# this is actually not used, but a static firewall
+# matching these rules is generated below.
+firewall --service=ssh --service=http --service=https
+bootloader --timeout=0 --location=mbr --driveorder=sda
+network --bootproto=dhcp --device=eth0 --onboot=on
+services --enabled=network,sshd,rsyslog,iptables
+
+
+# Define how large you want your rootfs to be
+part biosboot --fstype=biosboot --size=1 --ondisk sda
+part / --size 1024 --fstype ext4 --ondisk sda
+
+# Repositories
+repo --name=fedora --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-18&arch=$basearch
+
+# We start with @core, and then add a few more packages to make a nice
+# functional Fedora-like but still reasonably minimal cloud image.
+%packages --nobase
+ at core
+kernel
+grub2
+firewalld
+iptables-services
+
+
+# and, some things from @core we can do without in a minimal install
+-biosdevname
+-plymouth
+-NetworkManager
+-polkit
+
+# ultra-minimal, in fact.
+-e2fsprogs
+-audit
+-rsyslog
+-parted
+-openssh-clients
+-rootfiles
+-sendmail
+-sudo
+
+%end
+
+# Configuration
+%post --erroronfail
+
+cat <<EOF > /etc/fstab
+LABEL=_/   /         ext4    defaults        1 1
+EOF
+
+
+# grub tweaks
+echo GRUB_TIMEOUT=0 > /etc/default/grub
+sed -ie 's/^set timeout=5/set timeout=0/' /boot/grub2/grub.cfg
+
+# for EC2, need to figure out how to set up menu.list for pv-grub
+
+# setup systemd to boot to the right runlevel
+rm -f /etc/systemd/system/default.target
+ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
+
+# because we didn't install rsyslog, enable persistent journal
+mkdir /var/log/journal/ 
+
+# this is installed by default but we don't need it in virt
+yum -C -y remove linux-firmware
+
+# remove firewalld; was supposed to be optional in F18, but is required to
+# be present for image building. 
+yum -C -y remove firewalld
+#
+yum -C -y remove cairo dbus-glib dbus-python ebtables fontconfig fontpackages-filesystem gobject-introspection js libdrm libpciaccess libpng libselinux-python libwayland-client libwayland-server libX11 libX11-common libXau libxcb libXdamage libXext libXfixes libXrender libXxf86vm mesa-libEGL mesa-libgbm mesa-libGL mesa-libglapi pixman polkit pycairo pygobject2 pygobject3 python-decorator python-slip python-slip-dbus
+
+# Non-firewalld-firewall
+cat <<EOF > /etc/sysconfig/iptables
+# Simple static firewall loaded by iptables.service. Replace
+# this with your own custom rules, run lokkit, or switch to 
+# shorewall or firewalld as your needs dictate.
+*filter
+:INPUT ACCEPT [0:0]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+-A INPUT -p icmp -j ACCEPT
+-A INPUT -i lo -j ACCEPT
+-A INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 22 -j ACCEPT
+-A INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 80 -j ACCEPT
+-A INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 443 -j ACCEPT
+-A INPUT -j REJECT --reject-with icmp-host-prohibited
+-A FORWARD -j REJECT --reject-with icmp-host-prohibited
+COMMIT
+EOF
+
+# This forces the filesystem to reclaim space from deleted files
+dd bs=1M if=/dev/zero of=/var/tmp/zeros || :
+rm -f /var/tmp/zeros
+
+%end
+


commit f1529007ecc7ca129d8ae96c3b4bd47a2bd196c6
Author: Matthew Miller <mattdm at mattdm.org>
Date:   Mon Nov 12 23:08:29 2012 -0500

    go back to mirrorlist instead of hardcoded repo

diff --git a/generic/fedora-18-x86_64-cloud.ks b/generic/fedora-18-x86_64-cloud.ks
index cef6b13..72225ec 100644
--- a/generic/fedora-18-x86_64-cloud.ks
+++ b/generic/fedora-18-x86_64-cloud.ks
@@ -21,9 +21,7 @@ part biosboot --fstype=biosboot --size=1 --ondisk sda
 part / --size 4000 --fstype ext4 --ondisk sda
 
 # Repositories
-#repo --name=fedora --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-18&arch=$basearch
-#temporarily hardcode because many mirrors don't have 0.7
-repo --name=fedoradev --baseurl=http://linux.seas.harvard.edu/fedora/linux/development/18/x86_64/os/
+repo --name=fedora --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-18&arch=$basearch
 
 # We start with @core, and then add a few more packages to make a nice
 # functional Fedora-like but still reasonably minimal cloud image.
diff --git a/generic/fedora-18-x86_64.ks b/generic/fedora-18-x86_64.ks
index a67db5d..dd0b1f7 100644
--- a/generic/fedora-18-x86_64.ks
+++ b/generic/fedora-18-x86_64.ks
@@ -18,9 +18,7 @@ part biosboot --fstype=biosboot --size=1 --ondisk sda
 part / --size 4000 --fstype ext4 --ondisk sda
 
 # Repositories
-#repo --name=fedora --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-18&arch=$basearch
-#temporarily hardcode because many mirrors don't have 0.7
-repo --name=fedoradev --baseurl=http://linux.seas.harvard.edu/fedora/linux/development/18/x86_64/os/
+repo --name=fedora --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-18&arch=$basearch
 
 # We start with @core, and then add a few more packages to make a nice
 # functional Fedora-like but still reasonably minimal cloud image.


commit d79eb2cd230e8c77468a95242f4d07189228d273
Author: Matthew Miller <mattdm at mattdm.org>
Date:   Mon Nov 12 23:04:21 2012 -0500

    man-db is now in @core anyway

diff --git a/generic/fedora-18-x86_64-cloud.ks b/generic/fedora-18-x86_64-cloud.ks
index 04ac166..cef6b13 100644
--- a/generic/fedora-18-x86_64-cloud.ks
+++ b/generic/fedora-18-x86_64-cloud.ks
@@ -31,7 +31,6 @@ repo --name=fedoradev --baseurl=http://linux.seas.harvard.edu/fedora/linux/devel
 @core
 cloud-init
 kernel
-man-db
 grub2
 # if we're not going to be installing firewalld, we need this
 iptables-services
diff --git a/generic/fedora-18-x86_64.ks b/generic/fedora-18-x86_64.ks
index d93deab..a67db5d 100644
--- a/generic/fedora-18-x86_64.ks
+++ b/generic/fedora-18-x86_64.ks
@@ -27,7 +27,6 @@ repo --name=fedoradev --baseurl=http://linux.seas.harvard.edu/fedora/linux/devel
 %packages --nobase
 @core
 kernel
-man-db
 grub2
 # if we're not going to be installing firewalld, we need this
 iptables-services


commit eb4ce910f06a774fe02f85b3056fd1c92b77f3e3
Author: Matthew Miller <mattdm at mattdm.org>
Date:   Mon Nov 12 23:03:28 2012 -0500

    remove pciutils; no one could remember why it's there

diff --git a/generic/fedora-18-x86_64-cloud.ks b/generic/fedora-18-x86_64-cloud.ks
index 97fc6f7..04ac166 100644
--- a/generic/fedora-18-x86_64-cloud.ks
+++ b/generic/fedora-18-x86_64-cloud.ks
@@ -30,7 +30,6 @@ repo --name=fedoradev --baseurl=http://linux.seas.harvard.edu/fedora/linux/devel
 %packages --nobase
 @core
 cloud-init
-pciutils
 kernel
 man-db
 grub2
diff --git a/generic/fedora-18-x86_64.ks b/generic/fedora-18-x86_64.ks
index ebf96ca..d93deab 100644
--- a/generic/fedora-18-x86_64.ks
+++ b/generic/fedora-18-x86_64.ks
@@ -26,7 +26,6 @@ repo --name=fedoradev --baseurl=http://linux.seas.harvard.edu/fedora/linux/devel
 # functional Fedora-like but still reasonably minimal cloud image.
 %packages --nobase
 @core
-pciutils
 kernel
 man-db
 grub2


commit a2012e2fbea0abe2f53337cf5c7d5b69976a52f7
Author: Matthew Miller <mattdm at mattdm.org>
Date:   Mon Nov 12 22:54:59 2012 -0500

    if we're not installing firewalld, we need iptables-services

diff --git a/generic/fedora-18-x86_64-cloud.ks b/generic/fedora-18-x86_64-cloud.ks
index 1d1b1c6..97fc6f7 100644
--- a/generic/fedora-18-x86_64-cloud.ks
+++ b/generic/fedora-18-x86_64-cloud.ks
@@ -34,6 +34,8 @@ pciutils
 kernel
 man-db
 grub2
+# if we're not going to be installing firewalld, we need this
+iptables-services
 
 # and, some things from @core we can do without
 -biosdevname
diff --git a/generic/fedora-18-x86_64.ks b/generic/fedora-18-x86_64.ks
index 2fb0699..ebf96ca 100644
--- a/generic/fedora-18-x86_64.ks
+++ b/generic/fedora-18-x86_64.ks
@@ -30,6 +30,8 @@ pciutils
 kernel
 man-db
 grub2
+# if we're not going to be installing firewalld, we need this
+iptables-services
 
 # and, some things from @core we can do without
 -biosdevname

More information about the cloud mailing list