generic/fedora-20-cloud.ks

[Dennis Gilmore]

 generic/fedora-20-cloud.ks |   15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

New commits:
commit 3eb95005f76ed2af8253f635be70dd94e292a171
Author: Dennis Gilmore <dennis at ausil.us>
Date:   Sun Oct 13 23:27:00 2013 -0500

    Breaks comppses
    Revert "anaconda no longer requires firewalld"
    
    This reverts commit c3df27a4f11705831502415a5e03b0fe3a19383d.

diff --git a/generic/fedora-20-cloud.ks b/generic/fedora-20-cloud.ks
index 62582a8..2c9294e 100644
--- a/generic/fedora-20-cloud.ks
+++ b/generic/fedora-20-cloud.ks
@@ -19,8 +19,9 @@ auth --useshadow --enablemd5
 selinux --enforcing
 rootpw --lock --iscrypted locked
 
-# a static firewall allowing ssh is configured below
-firewall --disabled
+# this is actually not used, but a static firewall
+# matching these rules is generated below.
+firewall --service=ssh
 
 bootloader --timeout=1 --append="console=ttyS0,115200n8 console=tty0" extlinux
 
@@ -65,10 +66,11 @@ dracut-config-generic
 # by anaconda, but appliance-creator needs the hint
 syslinux-extlinux 
 
+# Needed initially, but removed below.
+firewalld
 
 # Basic firewall. If you're going to rely on your cloud service's
-# security groups you can remove iptables-services.
--firewalld
+# security groups you can remove this.
 iptables-services
 
 # cherry-pick a few things from @standard
@@ -134,6 +136,11 @@ echo .
 echo "Removing linux-firmware package."
 yum -C -y remove linux-firmware
 
+# Remove firewalld; was supposed to be optional in F18+, but is required to
+# be present for install/image building.
+echo "Removing firewalld."
+yum -C -y remove firewalld --setopt="clean_requirements_on_remove=1"
+
 # Non-firewalld-firewall
 echo -n "Writing static firewall"
 cat <<EOF > /etc/sysconfig/iptables