ec2/fedora-19-i386-ec2.ks ec2/fedora-19-x86_64-ec2.ks

Dennis Gilmore ausil at fedoraproject.org
Thu Apr 25 18:09:24 UTC 2013 

 ec2/fedora-19-i386-ec2.ks   |  167 ++++++++++++++++++++++++++++++++++++++++++++
 ec2/fedora-19-x86_64-ec2.ks |  167 ++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 334 insertions(+)

New commits:
commit ce7040e9f1974d9df61da61e2f2f0089dd2ebf61
Author: Dennis Gilmore <dennis at ausil.us>
Date:   Thu Apr 25 13:08:40 2013 -0500

    add f19 ec2 kickstarts

diff --git a/ec2/fedora-19-i386-ec2.ks b/ec2/fedora-19-i386-ec2.ks
new file mode 100644
index 0000000..928f342
--- /dev/null
+++ b/ec2/fedora-19-i386-ec2.ks
@@ -0,0 +1,167 @@
+# This is a basic Fedora 18 spin designed to work in Amazon EC2.
+# It's configured with cloud-init so it will take advantage of
+# ec2-compatible metadata services for provisioning ssh keys. That also
+# currently creates an ec2-user account; we'll probably want to make that
+# something generic by default. The root password is empty by default.
+#
+# Note that unlike the standard F18 install, this image has /tmp on disk
+# rather than in tmpfs, since memory is usually at a premium.
+
+lang en_US.UTF-8
+keyboard us
+timezone --utc America/New_York
+
+auth --useshadow --enablemd5
+selinux --enforcing
+
+# this is actually not used, but a static firewall
+# matching these rules is generated below.
+firewall --service=ssh
+
+bootloader --timeout=0 --location=mbr --driveorder=sda
+
+network --bootproto=dhcp --device=eth0 --onboot=on
+services --enabled=network,sshd,rsyslog,iptables,cloud-init,cloud-init-local,cloud-config,cloud-final
+
+# This would let fussy grub2 install, but will break in EC2
+#part biosboot --fstype=biosboot --size=1 --ondisk sda
+part / --size 10000 --fstype ext4 --ondisk sda
+
+# Repositories
+repo --name=fedora --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-19&arch=$basearch
+
+
+# Package list.
+%packages --nobase
+ at core
+kernel-PAE
+
+# cloud-init does magical things with EC2 metadata, including provisioning
+# a user account with ssh keys.
+cloud-init
+
+# Needed initially, but removed below.
+firewalld
+
+# Basic firewall. If you're going to rely on your cloud service's
+# security groups you can remove this.
+iptables-services
+
+# cherry-pick a few things from @standard
+tmpwatch
+tar
+rsync
+
+# Some things from @core we can do without in a minimal install
+-biosdevname
+-plymouth
+-NetworkManager
+-polkit
+
+%end
+
+
+
+%post --erroronfail
+
+echo -n "Writing fstab"
+cat <<EOF > /etc/fstab
+LABEL=_/   /         ext4    defaults        1 1
+EOF
+echo .
+
+# workaround xen performance issue (bz 651861)
+echo "hwcap 1 nosegneg" > /etc/ld.so.conf.d/libc6-xen.conf
+
+echo -n "Grub tweaks"
+echo GRUB_TIMEOUT=0 > /etc/default/grub
+sed -i '1i# This file is for use with pv-grub; legacy grub is not installed in this image' /boot/grub/grub.conf
+sed -i 's/^timeout=5/timeout=0/' /boot/grub/grub.conf
+sed -i 's/^default=1/default=0/' /boot/grub/grub.conf
+sed -i '/splashimage/d' /boot/grub/grub.conf
+# need to file a bug on this one
+sed -i 's/root=.*/root=LABEL=_\//' /boot/grub/grub.conf
+echo .
+if ! [[ -e /boot/grub/menu.lst ]]; then
+  echo -n "Linking menu.lst to old-style grub.conf for pv-grub"
+  ln /boot/grub/grub.conf /boot/grub/menu.lst
+  ln -sf /boot/grub/grub.conf /etc/grub.conf
+fi
+
+# setup systemd to boot to the right runlevel
+echo -n "Setting default runlevel to multiuser text mode"
+rm -f /etc/systemd/system/default.target
+ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
+echo .
+
+# If you want to remove rsyslog and just use journald, also uncomment this.
+#echo -n "Enabling persistent journal"
+#mkdir /var/log/journal/ 
+#echo .
+
+# this is installed by default but we don't need it in virt
+echo "Removing linux-firmware package."
+yum -C -y remove linux-firmware
+
+# Remove firewalld; was supposed to be optional in F18, but is required to
+# be present for install/image building.
+echo "Removing firewalld."
+yum -C -y remove firewalld
+
+# Non-firewalld-firewall
+echo -n "Writing static firewall"
+cat <<EOF > /etc/sysconfig/iptables
+# Simple static firewall loaded by iptables.service. Replace
+# this with your own custom rules, run lokkit, or switch to 
+# shorewall or firewalld as your needs dictate.
+*filter
+:INPUT ACCEPT [0:0]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+-A INPUT -p icmp -j ACCEPT
+-A INPUT -i lo -j ACCEPT
+-A INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 22 -j ACCEPT
+#-A INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 80 -j ACCEPT
+#-A INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 443 -j ACCEPT
+-A INPUT -j REJECT --reject-with icmp-host-prohibited
+-A FORWARD -j REJECT --reject-with icmp-host-prohibited
+COMMIT
+EOF
+echo .
+
+# Because memory is scarce resource in most cloud/virt environments,
+# and because this impedes forensics, we are differing from the Fedora
+# default of having /tmp on tmpfs.
+echo "Disabling tmpfs for /tmp."
+systemctl mask tmp.mount
+
+# appliance-creator does not make this important file.
+if [ ! -e /etc/sysconfig/kernel ]; then
+echo "Creating /etc/sysconfig/kernel."
+cat <<EOF > /etc/sysconfig/kernel
+# UPDATEDEFAULT specifies if new-kernel-pkg should make
+# new kernels the default
+UPDATEDEFAULT=yes
+
+# DEFAULTKERNEL specifies the default kernel package type
+DEFAULTKERNEL=kernel-PAE
+EOF
+fi 
+
+# Uncomment this if you want to use cloud init but suppress the creation
+# of an "ec2-user" account. This will, in the absence of further config,
+# cause the ssh key from a metadata source to be put in the root account.
+#cat <<EOF > /etc/cloud/cloud.cfg.d/50_suppress_ec2-user_use_root.cfg
+#users: []
+#disable_root: 0
+#EOF
+
+echo "Zeroing out empty space."
+# This forces the filesystem to reclaim space from deleted files
+dd bs=1M if=/dev/zero of=/var/tmp/zeros || :
+rm -f /var/tmp/zeros
+echo "(Don't worry -- that out-of-space error was expected.)"
+
+%end
+
diff --git a/ec2/fedora-19-x86_64-ec2.ks b/ec2/fedora-19-x86_64-ec2.ks
new file mode 100644
index 0000000..3250fd4
--- /dev/null
+++ b/ec2/fedora-19-x86_64-ec2.ks
@@ -0,0 +1,167 @@
+# This is a basic Fedora 18 spin designed to work in Amazon EC2.
+# It's configured with cloud-init so it will take advantage of
+# ec2-compatible metadata services for provisioning ssh keys. That also
+# currently creates an ec2-user account; we'll probably want to make that
+# something generic by default. The root password is empty by default.
+#
+# Note that unlike the standard F18 install, this image has /tmp on disk
+# rather than in tmpfs, since memory is usually at a premium.
+
+lang en_US.UTF-8
+keyboard us
+timezone --utc America/New_York
+
+auth --useshadow --enablemd5
+selinux --enforcing
+
+# this is actually not used, but a static firewall
+# matching these rules is generated below.
+firewall --service=ssh
+
+bootloader --timeout=0 --location=mbr --driveorder=sda
+
+network --bootproto=dhcp --device=eth0 --onboot=on
+services --enabled=network,sshd,rsyslog,iptables,cloud-init,cloud-init-local,cloud-config,cloud-final
+
+# This would let fussy grub2 install, but will break in EC2
+#part biosboot --fstype=biosboot --size=1 --ondisk sda
+part / --size 10000 --fstype ext4 --ondisk sda
+
+# Repositories
+repo --name=fedora --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-18&arch=$basearch
+
+
+# Package list.
+%packages --nobase
+ at core
+kernel
+
+# cloud-init does magical things with EC2 metadata, including provisioning
+# a user account with ssh keys.
+cloud-init
+
+# Needed initially, but removed below.
+firewalld
+
+# Basic firewall. If you're going to rely on your cloud service's
+# security groups you can remove this.
+iptables-services
+
+# cherry-pick a few things from @standard
+tmpwatch
+tar
+rsync
+
+# Some things from @core we can do without in a minimal install
+-biosdevname
+-plymouth
+-NetworkManager
+-polkit
+
+%end
+
+
+
+%post --erroronfail
+
+echo -n "Writing fstab"
+cat <<EOF > /etc/fstab
+LABEL=_/   /         ext4    defaults        1 1
+EOF
+echo .
+
+# workaround xen performance issue (bz 651861)
+echo "hwcap 1 nosegneg" > /etc/ld.so.conf.d/libc6-xen.conf
+
+echo -n "Grub tweaks"
+echo GRUB_TIMEOUT=0 > /etc/default/grub
+sed -i '1i# This file is for use with pv-grub; legacy grub is not installed in this image' /boot/grub/grub.conf
+sed -i 's/^timeout=5/timeout=0/' /boot/grub/grub.conf
+sed -i 's/^default=1/default=0/' /boot/grub/grub.conf
+sed -i '/splashimage/d' /boot/grub/grub.conf
+# need to file a bug on this one
+sed -i 's/root=.*/root=LABEL=_\//' /boot/grub/grub.conf
+echo .
+if ! [[ -e /boot/grub/menu.lst ]]; then
+  echo -n "Linking menu.lst to old-style grub.conf for pv-grub"
+  ln /boot/grub/grub.conf /boot/grub/menu.lst
+  ln -sf /boot/grub/grub.conf /etc/grub.conf
+fi
+
+# setup systemd to boot to the right runlevel
+echo -n "Setting default runlevel to multiuser text mode"
+rm -f /etc/systemd/system/default.target
+ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
+echo .
+
+# If you want to remove rsyslog and just use journald, also uncomment this.
+#echo -n "Enabling persistent journal"
+#mkdir /var/log/journal/ 
+#echo .
+
+# this is installed by default but we don't need it in virt
+echo "Removing linux-firmware package."
+yum -C -y remove linux-firmware
+
+# Remove firewalld; was supposed to be optional in F18, but is required to
+# be present for install/image building.
+echo "Removing firewalld."
+yum -C -y remove firewalld
+
+# Non-firewalld-firewall
+echo -n "Writing static firewall"
+cat <<EOF > /etc/sysconfig/iptables
+# Simple static firewall loaded by iptables.service. Replace
+# this with your own custom rules, run lokkit, or switch to 
+# shorewall or firewalld as your needs dictate.
+*filter
+:INPUT ACCEPT [0:0]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+-A INPUT -p icmp -j ACCEPT
+-A INPUT -i lo -j ACCEPT
+-A INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 22 -j ACCEPT
+#-A INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 80 -j ACCEPT
+#-A INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 443 -j ACCEPT
+-A INPUT -j REJECT --reject-with icmp-host-prohibited
+-A FORWARD -j REJECT --reject-with icmp-host-prohibited
+COMMIT
+EOF
+echo .
+
+# Because memory is scarce resource in most cloud/virt environments,
+# and because this impedes forensics, we are differing from the Fedora
+# default of having /tmp on tmpfs.
+echo "Disabling tmpfs for /tmp."
+systemctl mask tmp.mount
+
+# appliance-creator does not make this important file.
+if [ ! -e /etc/sysconfig/kernel ]; then
+echo "Creating /etc/sysconfig/kernel."
+cat <<EOF > /etc/sysconfig/kernel
+# UPDATEDEFAULT specifies if new-kernel-pkg should make
+# new kernels the default
+UPDATEDEFAULT=yes
+
+# DEFAULTKERNEL specifies the default kernel package type
+DEFAULTKERNEL=kernel
+EOF
+fi 
+
+# Uncomment this if you want to use cloud init but suppress the creation
+# of an "ec2-user" account. This will, in the absence of further config,
+# cause the ssh key from a metadata source to be put in the root account.
+#cat <<EOF > /etc/cloud/cloud.cfg.d/50_suppress_ec2-user_use_root.cfg
+#users: []
+#disable_root: 0
+#EOF
+
+echo "Zeroing out empty space."
+# This forces the filesystem to reclaim space from deleted files
+dd bs=1M if=/dev/zero of=/var/tmp/zeros || :
+rm -f /var/tmp/zeros
+echo "(Don't worry -- that out-of-space error was expected.)"
+
+%end
+

More information about the cloud mailing list