3 commits - container/container-medium-19.ks container/container-medium-20.ks container/container-small-19.ks container/container-small-20.ks generic/fedora-20-cloud.ks

Matthew Miller mattdm at fedoraproject.org
Wed Oct 23 17:54:55 UTC 2013


 container/container-medium-19.ks |    1 -
 container/container-medium-20.ks |    1 -
 container/container-small-19.ks  |    1 -
 container/container-small-20.ks  |    1 -
 generic/fedora-20-cloud.ks       |   34 +++-------------------------------
 5 files changed, 3 insertions(+), 35 deletions(-)

New commits:
commit c7464dd3d99f03049708c4fbd3e280c53ac60a74
Author: Matthew Miller <mattdm at mattdm.org>
Date:   Wed Oct 23 13:53:52 2013 -0400

    make / smaller so it will at least launch in openstack tiny instances.
    (note that in most cases growpart will take care of expanding this as approprate)

diff --git a/generic/fedora-20-cloud.ks b/generic/fedora-20-cloud.ks
index c0b986e..40e764d 100644
--- a/generic/fedora-20-cloud.ks
+++ b/generic/fedora-20-cloud.ks
@@ -29,7 +29,7 @@ services --enabled=network,sshd,rsyslog,cloud-init,cloud-init-local,cloud-config
 
 zerombr
 clearpart --all
-part / --size 2048 --fstype ext4
+part / --size 1000 --fstype ext4
 
 # Repositories
 repo --name=fedora --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-20&arch=$basearch


commit 211981ef0dcdc0a2e3992e15f15b3fdf25ea0e20
Author: Matthew Miller <mattdm at mattdm.org>
Date:   Wed Oct 23 13:50:28 2013 -0400

    by popular demand, disable the iptables firewall entirely.

diff --git a/generic/fedora-20-cloud.ks b/generic/fedora-20-cloud.ks
index 2c9294e..c0b986e 100644
--- a/generic/fedora-20-cloud.ks
+++ b/generic/fedora-20-cloud.ks
@@ -19,14 +19,12 @@ auth --useshadow --enablemd5
 selinux --enforcing
 rootpw --lock --iscrypted locked
 
-# this is actually not used, but a static firewall
-# matching these rules is generated below.
-firewall --service=ssh
+firewall --disabled
 
 bootloader --timeout=1 --append="console=ttyS0,115200n8 console=tty0" extlinux
 
 network --bootproto=dhcp --device=eth0 --onboot=on
-services --enabled=network,sshd,rsyslog,iptables,cloud-init,cloud-init-local,cloud-config,cloud-final
+services --enabled=network,sshd,rsyslog,cloud-init,cloud-init-local,cloud-config,cloud-final
 
 
 zerombr
@@ -69,10 +67,6 @@ syslinux-extlinux
 # Needed initially, but removed below.
 firewalld
 
-# Basic firewall. If you're going to rely on your cloud service's
-# security groups you can remove this.
-iptables-services
-
 # cherry-pick a few things from @standard
 tar
 rsync
@@ -141,28 +135,6 @@ yum -C -y remove linux-firmware
 echo "Removing firewalld."
 yum -C -y remove firewalld --setopt="clean_requirements_on_remove=1"
 
-# Non-firewalld-firewall
-echo -n "Writing static firewall"
-cat <<EOF > /etc/sysconfig/iptables
-# Simple static firewall loaded by iptables.service. Replace
-# this with your own custom rules, run lokkit, or switch to 
-# shorewall or firewalld as your needs dictate.
-*filter
-:INPUT ACCEPT [0:0]
-:FORWARD ACCEPT [0:0]
-:OUTPUT ACCEPT [0:0]
--A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
--A INPUT -p icmp -j ACCEPT
--A INPUT -i lo -j ACCEPT
--A INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 22 -j ACCEPT
-#-A INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 80 -j ACCEPT
-#-A INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 443 -j ACCEPT
--A INPUT -j REJECT --reject-with icmp-host-prohibited
--A FORWARD -j REJECT --reject-with icmp-host-prohibited
-COMMIT
-EOF
-echo .
-
 # Another one needed at install time but not after that, and it pulls
 # in some unneeded deps (like, newt and slang)
 echo "Removing authconfig."


commit a8d12254e33bd998bc6ad285c6b956917159e833
Author: Matthew Miller <mattdm at mattdm.org>
Date:   Tue Oct 22 12:34:26 2013 -0400

    uh, don't create device file that i will then be just removing.

diff --git a/container/container-medium-19.ks b/container/container-medium-19.ks
index 44df6f4..484fb50 100644
--- a/container/container-medium-19.ks
+++ b/container/container-medium-19.ks
@@ -67,7 +67,6 @@ echo .
 
 # create devices which appliance-creator does not
 ln -s /proc/kcore /dev/core
-mknod -m 600 /dev/console c 5 1
 mknod -m 660 /dev/loop0 b 7 0
 mknod -m 660 /dev/loop1 b 7 1
 rm -rf /dev/console
diff --git a/container/container-medium-20.ks b/container/container-medium-20.ks
index a644264..05cd1b2 100644
--- a/container/container-medium-20.ks
+++ b/container/container-medium-20.ks
@@ -68,7 +68,6 @@ echo .
 
 # create devices which appliance-creator does not
 ln -s /proc/kcore /dev/core
-mknod -m 600 /dev/console c 5 1
 mknod -m 660 /dev/loop0 b 7 0
 mknod -m 660 /dev/loop1 b 7 1
 rm -rf /dev/console
diff --git a/container/container-small-19.ks b/container/container-small-19.ks
index 3fcd63d..5273bac 100644
--- a/container/container-small-19.ks
+++ b/container/container-small-19.ks
@@ -61,7 +61,6 @@ echo .
 
 # create devices which appliance-creator does not
 ln -s /proc/kcore /dev/core
-mknod -m 600 /dev/console c 5 1
 mknod -m 660 /dev/loop0 b 7 0
 mknod -m 660 /dev/loop1 b 7 1
 rm -rf /dev/console
diff --git a/container/container-small-20.ks b/container/container-small-20.ks
index bc44013..4cfad1a 100644
--- a/container/container-small-20.ks
+++ b/container/container-small-20.ks
@@ -61,7 +61,6 @@ echo .
 
 # create devices which appliance-creator does not
 ln -s /proc/kcore /dev/core
-mknod -m 600 /dev/console c 5 1
 mknod -m 660 /dev/loop0 b 7 0
 mknod -m 660 /dev/loop1 b 7 1
 rm -rf /dev/console




More information about the cloud mailing list