File config.sh of Package openSUSE-Leap-15.2-Guests
#!/bin/bash
#================
# FILE : config.sh
#----------------
# PROJECT : openSUSE KIWI Image System
# COPYRIGHT : (c) 2020 SUSE LLC. All rights reserved
# :
# AUTHOR : Public Cloud Team public-cloud-dev@susecloud.net
# :
# BELONGS TO : Operating System images
# :
# DESCRIPTION : configuration script for SUSE based
# : operating systems
# :
# :
# STATUS : Production
#----------------
#======================================
# Functions...
#--------------------------------------
test -f /.kconfig && . /.kconfig
test -f /.profile && . /.profile
#======================================
# Greeting...
#--------------------------------------
echo "Configure image: [$kiwi_iname]..."
#======================================
# Setup baseproduct link
#--------------------------------------
suseSetupProduct
#======================================
# Setup the build keys
#--------------------------------------
suseImportBuildKey
#=========================================
# Set sysconfig options
#-----------------------------------------
# Set sysconfig for default variable we want to change
baseUpdateSysConfig \
/etc/sysconfig/keyboard COMPOSETABLE "clear latin1.add"
baseUpdateSysConfig \
/etc/sysconfig/language INSTALLED_LANGUAGES ""
baseUpdateSysConfig \
/etc/sysconfig/language RC_LANG "C.UTF-8"
baseUpdateSysConfig \
/etc/sysconfig/security POLKIT_DEFAULT_PRIVS restrictive
baseUpdateSysConfig \
/etc/sysconfig/windowmanager DEFAULT_WM ""
baseUpdateSysConfig \
/etc/sysconfig/windowmanager INSTALL_DESKTOP_EXTENSIONS no
# Set sysconfig settings that are not setup by default, net new
echo 'CONSOLE_ENCODING="UTF-8"' >> /etc/sysconfig/console
echo 'CONSOLE_FONT="lat9w-16.psfu"' >> /etc/sysconfig/console
echo 'CONSOLE_SCREENMAP="trivial"' >> /etc/sysconfig/console
echo 'DEFAULT_TIMEZONE="Etc/UTC"' >> /etc/sysconfig/clock
echo 'HWCLOCK="-u"' >> /etc/sysconfig/clock
echo 'UTC=true' >> /etc/sysconfig/clock
# Configuration outside of sysconfig
# Setup policy kit
[ -x /sbin/set_polkit_default_privs ] && /sbin/set_polkit_default_privs
# Remove the password for root
sed -i 's/^root:[^:]*:/root:*:/' /etc/shadow
# Do not use delta rpms in the cloud
sed -i 's/# download.use_deltarpm = true/download.use_deltarpm = false/' \
/etc/zypp/zypp.conf
# Allow root access on serial console
egrep -q '^ttyS0$' /etc/securetty || echo ttyS0 >> /etc/securetty
# Avoid weird characters in YaST
echo "# yast in Public Cloud images fix" >> /etc/profile
echo "NCURSES_NO_UTF8_ACS=1" >> /etc/profile
echo "export NCURSES_NO_UTF8_ACS" >> /etc/profile
# Activate services
suseInsertService boot.device-mapper
suseInsertService haveged
suseInsertService sshd
# Image type specific
# Deactivate services
suseRemoveService acpid
suseRemoveService boot.efivars
suseRemoveService boot.lvm
suseRemoveService boot.md
suseRemoveService boot.multipath
suseRemoveService display-manager
suseRemoveService kbd
# Platform specific settings
if [ "$kiwi_profiles" = "Azure" ]; then
baseUpdateSysConfig \
/etc/sysconfig/network/dhcp DHCLIENT_SET_HOSTNAME no
# Disable no challenge on ssh key login
ssh_option=ChallengeResponseAuthentication
sed -i "s/#${ssh_option} yes/${ssh_option} no/" \
/etc/ssh/sshd_config
# cloud-netconfig
echo '# Support dynamic multinic configuration' \
>> /etc/sysconfig/network/config
net_modules="cloud-netconfig dns-resolver dns-bind dns-dnsmasq nis ntp-runtime"
echo "NETCONFIG_MODULES_ORDER=\"$net_modules\"" \
>> /etc/sysconfig/network/config
# Need to allow modules from Enterprise Build Service
if [ -f /etc/modprobe.d/unsupported-modules ];then
sed -i -r -e 's/^(allow_unsupported_modules[[:space:]]*).*/\10/' \
/etc/modprobe.d/unsupported-modules
fi
# Need keep alive traffic of Azure disconnects the connection rather quickly
sed -i 's/#ClientAliveInterval 0/ClientAliveInterval 180/' \
/etc/ssh/sshd_config
# Disable agent auto-update
sed -i -e 's/AutoUpdate.Enabled=y/AutoUpdate.Enabled=n/' \
/etc/waagent.conf
# Generate all supported SSH host key types
sed -i -e 's/SshHostKeyPairType=rsa/SshHostKeyPairType=auto/' \
/etc/waagent.conf
# Implement password policy
# Length: 6-72 characters long
# Contain any combination of 3 of the following:
# - a lowercase character
# - an uppercase character
# - a number
# - a special character
pwd_policy="minlen=6 dcredit=1 ucredit=1 lcredit=1 ocredit=1 minclass=3"
sed -i "s/pam_cracklib.so/pam_cracklib.so $pwd_policy/" \
/etc/pam.d/common-password-pc
# Allow forced root login on the serial console bsc#1080692
sed -i 's/sulogin;/sulogin --force;/' \
/usr/lib/systemd/system/emergency.service
# Keep the default kernel log level (bsc#1169201)
sed -i 's/$klogConsoleLogLevel/#$klogConsoleLogLevel/' /etc/rsyslog.conf
# Activate/De-activeta services
suseInsertService chronyd
suseInsertService cloud-init-local
suseInsertService cloud-init
suseInsertService cloud-config
suseInsertService cloud-final
suseInsertService cloud-netconfig.timer
suseInsertService waagent
fi
if [ "$kiwi_profiles" = "EC2" ];then
# Customize motd per arch
arch=`uname -m`
sed -i "s/MYARCH/$arch/" /etc/motd
baseUpdateSysConfig \
/etc/sysconfig/network/dhcp DHCLIENT_SET_HOSTNAME no
# cloud-netconfig
echo '# Support dynamic multinic configuration' \
>> /etc/sysconfig/network/config
net_modules="cloud-netconfig dns-resolver dns-bind dns-dnsmasq nis ntp-runtime"
echo "NETCONFIG_MODULES_ORDER=\"$net_modules\"" \
>> /etc/sysconfig/network/config
# Disable password based login via ssh
ssh_option=ChallengeResponseAuthentication
sed -i "s/#${ssh_option} yes/${ssh_option} no/" \
/etc/ssh/sshd_config
sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' \
/etc/ssh/sshd_config
# Repo setup
arch=`uname -m`
if [ "$arch" = "aarch64" ];then
mv /etc/zypp.aarch64/repos.d /etc/zypp/
rm -rf /etc/zypp.aarch64
rm -rf /etc/zypp.x86_64
else
mv /etc/zypp.x86_64/repos.d /etc/zypp/
rm -rf /etc/zypp.aarch64
rm -rf /etc/zypp.x86_64
fi
# Activate/De-activeta services
suseInsertService chronyd
suseInsertService cloud-init-local
suseInsertService cloud-init
suseInsertService cloud-config
suseInsertService cloud-final
suseInsertService cloud-netconfig.timer
fi
if [ "$kiwi_profiles" = "GCE" ];then
baseUpdateSysConfig \
/etc/sysconfig/network/dhcp DHCLIENT_SET_HOSTNAME yes
# cloud-netconfig
echo '# Support dynamic multinic configuration' \
>> /etc/sysconfig/network/config
net_modules="cloud-netconfig dns-resolver dns-bind dns-dnsmasq nis ntp-runtime"
echo "NETCONFIG_MODULES_ORDER=\"$net_modules\"" \
>> /etc/sysconfig/network/config
# Disable password based login via ssh
ssh_option=ChallengeResponseAuthentication
sed -i "s/#${ssh_option} yes/${ssh_option} no/" \
/etc/ssh/sshd_config
sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' \
/etc/ssh/sshd_config
# Create the boto config file
echo '[Boto]' >> /etc/boto.cfg
echo ' ca_certificates_file = system' >> /etc/boto.cfg
# gsutil clobbers boto.cfg create the template file and hope for the best
echo '[Boto]' >> /etc/boto.cfg.template
echo ' ca_certificates_file = system' >> /etc/boto.cfg.template
# Python 3 issue bsc#1116242
echo '[InstanceSetup]' >> /etc/default/instance_configs.cfg.distro
echo 'set_boto_config = false' >> /etc/default/instance_configs.cfg.distro
# Activate/De-activeta services
suseInsertService chronyd
suseInsertService google-guest-agent
suseInsertService google-osconfig-agent
suseInsertService google-shutdown-scripts
suseInsertService google-startup-scripts
suseInsertService rootgrow
systemctl enable google-oslogin-cache.timer
fi
if [ "$kiwi_profiles" = "NoCloud" ];then
baseUpdateSysConfig \
/etc/sysconfig/network/dhcp DHCLIENT_SET_HOSTNAME no
# cloud-netconfig
echo '# Support dynamic multinic configuration' \
>> /etc/sysconfig/network/config
net_modules="cloud-netconfig dns-resolver dns-bind dns-dnsmasq nis ntp-runtime"
echo "NETCONFIG_MODULES_ORDER=\"$net_modules\"" \
>> /etc/sysconfig/network/config
# Disable password based login via ssh
ssh_option=ChallengeResponseAuthentication
sed -i "s/#${ssh_option} yes/${ssh_option} no/" \
/etc/ssh/sshd_config
sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' \
/etc/ssh/sshd_config
# Activate/De-activate services
suseInsertService chronyd
suseInsertService qemu-guest-agent
suseInsertService rootgrow
suseInsertService cloud-init-local
suseInsertService cloud-init
suseInsertService cloud-config
suseInsertService cloud-final
fi
exit 0