5 commits - generic/fedora-18-x86_64-minimal.ks

Matthew Miller mattdm at fedoraproject.org
Thu Dec 13 15:30:42 UTC 2012 

 generic/fedora-18-x86_64-minimal.ks |   58 +++++++++++++++++++++++++++---------
 1 file changed, 45 insertions(+), 13 deletions(-)

New commits:
commit 7e8b4ca4673a5386ee7a7890883379bd606595d3
Author: Matthew Miller <mattdm at mattdm.org>
Date:   Thu Dec 13 10:23:43 2012 -0500

    relatime

diff --git a/generic/fedora-18-x86_64-minimal.ks b/generic/fedora-18-x86_64-minimal.ks
index 9609d2d..c93832c 100644
--- a/generic/fedora-18-x86_64-minimal.ks
+++ b/generic/fedora-18-x86_64-minimal.ks
@@ -71,7 +71,7 @@ iptables-services
 
 echo -n "Writing fstab"
 cat <<EOF > /etc/fstab
-LABEL=_/   /         ext4    defaults        1 1
+LABEL=_/   /         ext4    defaults,relatime        1 1
 EOF
 echo .
 


commit f414d98bb75c04f413cbb7125aee32a404661210
Author: Matthew Miller <mattdm at mattdm.org>
Date:   Thu Dec 13 10:01:10 2012 -0500

    echo some comments in the post script

diff --git a/generic/fedora-18-x86_64-minimal.ks b/generic/fedora-18-x86_64-minimal.ks
index db0b1ce..9609d2d 100644
--- a/generic/fedora-18-x86_64-minimal.ks
+++ b/generic/fedora-18-x86_64-minimal.ks
@@ -69,34 +69,44 @@ iptables-services
 
 %post --erroronfail
 
+echo -n "Writing fstab"
 cat <<EOF > /etc/fstab
 LABEL=_/   /         ext4    defaults        1 1
 EOF
+echo .
 
-
-# grub tweaks
+echo -n "Grub tweaks"
 echo GRUB_TIMEOUT=0 > /etc/default/grub
 sed -ie 's/^set timeout=5/set timeout=0/' /boot/grub2/grub.cfg
+echo .
 
 # for EC2, need to figure out how to set up menu.list for pv-grub
 
+
 # setup systemd to boot to the right runlevel
+echo -n "Setting default runlevel to multiuser text mode"
 rm -f /etc/systemd/system/default.target
 ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
+echo .
 
 # because we didn't install rsyslog, enable persistent journal
+echo -n "Enabling persistent journal"
 mkdir /var/log/journal/ 
+echo .
 
 # this is installed by default but we don't need it in virt
+echo "Removing linux-firmware package."
 yum -C -y remove linux-firmware
 
 # Remove firewalld; was supposed to be optional in F18, but is required to
 # be present for install/image building.
+echo "Removing firewalld and dependencies"
 yum -C -y remove firewalld
 # These are all pulled in by firewalld
 yum -C -y remove cairo dbus-glib dbus-python ebtables fontconfig fontpackages-filesystem gobject-introspection js libdrm libpciaccess libpng libselinux-python libwayland-client libwayland-server libX11 libX11-common libXau libxcb libXdamage libXext libXfixes libXrender libXxf86vm mesa-libEGL mesa-libgbm mesa-libGL mesa-libglapi pixman polkit pycairo pygobject2 pygobject3 python-decorator python-slip python-slip-dbus
 
 # Non-firewalld-firewall
+echo -n "Writing static firewall"
 cat <<EOF > /etc/sysconfig/iptables
 # Simple static firewall loaded by iptables.service. Replace
 # this with your own custom rules, run lokkit, or switch to 
@@ -115,15 +125,19 @@ cat <<EOF > /etc/sysconfig/iptables
 -A FORWARD -j REJECT --reject-with icmp-host-prohibited
 COMMIT
 EOF
+echo .
 
 # Because memory is scarce resource in most cloud/virt environments,
 # and because this impedes forensics, we are differing from the Fedora
 # default of having /tmp on tmpfs.
+echo "Disabling tmpfs for /tmp."
 systemctl mask tmp.mount
 
+echo "Zeroing out empty space."
 # This forces the filesystem to reclaim space from deleted files
 dd bs=1M if=/dev/zero of=/var/tmp/zeros || :
 rm -f /var/tmp/zeros
+echo "(Don't worry -- that out-of-space error was expected.)"
 
 %end
 


commit b3502d2e9da149691a5b985b960152de61c1cd62
Author: Matthew Miller <mattdm at mattdm.org>
Date:   Thu Dec 13 09:38:50 2012 -0500

    tmp in disk instead of tmpfs

diff --git a/generic/fedora-18-x86_64-minimal.ks b/generic/fedora-18-x86_64-minimal.ks
index e2acef4..db0b1ce 100644
--- a/generic/fedora-18-x86_64-minimal.ks
+++ b/generic/fedora-18-x86_64-minimal.ks
@@ -116,6 +116,11 @@ cat <<EOF > /etc/sysconfig/iptables
 COMMIT
 EOF
 
+# Because memory is scarce resource in most cloud/virt environments,
+# and because this impedes forensics, we are differing from the Fedora
+# default of having /tmp on tmpfs.
+systemctl mask tmp.mount
+
 # This forces the filesystem to reclaim space from deleted files
 dd bs=1M if=/dev/zero of=/var/tmp/zeros || :
 rm -f /var/tmp/zeros


commit 7923fea15cd6e70109df9932491159629189f555
Author: Matthew Miller <mattdm at mattdm.org>
Date:   Thu Dec 13 08:52:57 2012 -0500

    rootfs-resize doesn't work

diff --git a/generic/fedora-18-x86_64-minimal.ks b/generic/fedora-18-x86_64-minimal.ks
index e3e777d..e2acef4 100644
--- a/generic/fedora-18-x86_64-minimal.ks
+++ b/generic/fedora-18-x86_64-minimal.ks
@@ -22,8 +22,6 @@ network --bootproto=dhcp --device=eth0 --onboot=on
 services --enabled=network,sshd,rsyslog,iptables
 
 
-# Define how large you want your rootfs to be. 
-# See root-resizefs below.
 part biosboot --fstype=biosboot --size=1 --ondisk sda
 part / --size 1024 --fstype ext4 --ondisk sda
 
@@ -48,10 +46,6 @@ firewalld
 # security groups you can remove this.
 iptables-services
 
-# Grows the filesystem to match the actual device size. You could instead
-# choose the final size above and remove this.
-rootfs-resize
-
 # Some things from @core we can do without in a minimal install
 -biosdevname
 -plymouth
@@ -126,8 +120,5 @@ EOF
 dd bs=1M if=/dev/zero of=/var/tmp/zeros || :
 rm -f /var/tmp/zeros
 
-# This is used by rootfs-resize
-touch /.rootfs-repartition
-
 %end
 


commit e00949b300e88568d7c128013e85172cd9258f7e
Author: Matthew Miller <mattdm at mattdm.org>
Date:   Thu Dec 13 07:59:14 2012 -0500

    add some notes (and rootfs-resize)

diff --git a/generic/fedora-18-x86_64-minimal.ks b/generic/fedora-18-x86_64-minimal.ks
index b760eb3..e3e777d 100644
--- a/generic/fedora-18-x86_64-minimal.ks
+++ b/generic/fedora-18-x86_64-minimal.ks
@@ -8,40 +8,58 @@
 lang en_US.UTF-8
 keyboard us
 timezone --utc America/New_York
+
 auth --useshadow --enablemd5
 selinux --enforcing
+
 # this is actually not used, but a static firewall
 # matching these rules is generated below.
 firewall --service=ssh --service=http --service=https
+
 bootloader --timeout=0 --location=mbr --driveorder=sda
+
 network --bootproto=dhcp --device=eth0 --onboot=on
 services --enabled=network,sshd,rsyslog,iptables
 
 
-# Define how large you want your rootfs to be
+# Define how large you want your rootfs to be. 
+# See root-resizefs below.
 part biosboot --fstype=biosboot --size=1 --ondisk sda
 part / --size 1024 --fstype ext4 --ondisk sda
 
 # Repositories
 repo --name=fedora --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-18&arch=$basearch
 
-# We start with @core, and then add a few more packages to make a nice
-# functional Fedora-like but still reasonably minimal cloud image.
+
+# Packag list.
+# "Obsessively minimal as we can reasonably get and still be Fedora."
 %packages --nobase
 @core
 kernel
+
+# Not needed with pv-grub (as in EC2). Would be nice to have
+# something smaller for F19 (syslinux?), but this is what we have now.
 grub2
+
+# Needed initially, but removed below.
 firewalld
+
+# Basic firewall. If you're going to rely on your cloud service's
+# security groups you can remove this.
 iptables-services
 
+# Grows the filesystem to match the actual device size. You could instead
+# choose the final size above and remove this.
+rootfs-resize
 
-# and, some things from @core we can do without in a minimal install
+# Some things from @core we can do without in a minimal install
 -biosdevname
 -plymouth
 -NetworkManager
 -polkit
 
-# ultra-minimal, in fact.
+# These are "leaf" packages which can be done without in an ultra-minimal
+# install, but which actually remove typical functionality
 -e2fsprogs
 -audit
 -rsyslog
@@ -53,7 +71,8 @@ iptables-services
 
 %end
 
-# Configuration
+
+
 %post --erroronfail
 
 cat <<EOF > /etc/fstab
@@ -77,10 +96,10 @@ mkdir /var/log/journal/
 # this is installed by default but we don't need it in virt
 yum -C -y remove linux-firmware
 
-# remove firewalld; was supposed to be optional in F18, but is required to
-# be present for image building. 
+# Remove firewalld; was supposed to be optional in F18, but is required to
+# be present for install/image building.
 yum -C -y remove firewalld
-#
+# These are all pulled in by firewalld
 yum -C -y remove cairo dbus-glib dbus-python ebtables fontconfig fontpackages-filesystem gobject-introspection js libdrm libpciaccess libpng libselinux-python libwayland-client libwayland-server libX11 libX11-common libXau libxcb libXdamage libXext libXfixes libXrender libXxf86vm mesa-libEGL mesa-libgbm mesa-libGL mesa-libglapi pixman polkit pycairo pygobject2 pygobject3 python-decorator python-slip python-slip-dbus
 
 # Non-firewalld-firewall
@@ -107,5 +126,8 @@ EOF
 dd bs=1M if=/dev/zero of=/var/tmp/zeros || :
 rm -f /var/tmp/zeros
 
+# This is used by rootfs-resize
+touch /.rootfs-repartition
+
 %end

More information about the cloud mailing list