Overview

File config.sh of Package SLES12-SP4-SAP-Azure-BYOS

#!/bin/bash
#================
# FILE          : config.sh
#----------------
# PROJECT       : OpenSuSE KIWI Image System
# COPYRIGHT     : (c) 2013 SUSE LINUX Products GmbH. All rights reserved
#               :
# AUTHOR        : Robert Schweikert <rjschwei@suse.com>
#               :
# BELONGS TO    : Operating System images
#               :
# DESCRIPTION   : configuration script for SUSE based
#               : operating systems
#               :
#               :
# STATUS        : BETA
#----------------
#======================================
# Functions...
#--------------------------------------
test -f /.kconfig && . /.kconfig
test -f /.profile && . /.profile

#======================================
# Greeting...
#--------------------------------------
echo "Configure image: [$kiwi_iname]..."

#======================================
# Setup baseproduct link
#--------------------------------------
pushd /etc/products.d
ln -sf SLES_SAP.prod baseproduct
popd

#======================================
# Setup the build keys
#--------------------------------------
suseImportBuildKey

#=========================================
# Set sysconfig options
#-----------------------------------------
# These are all set by YaST but not by KIWI
baseUpdateSysConfig /etc/sysconfig/bootloader LOADER_TYPE grub2
baseUpdateSysConfig /etc/sysconfig/clock HWCLOCK "-u"
baseUpdateSysConfig /etc/sysconfig/clock TIMEZONE UTC
baseUpdateSysConfig /etc/sysconfig/console CONSOLE_FONT "lat9w-16.psfu"
baseUpdateSysConfig /etc/sysconfig/console CONSOLE_SCREENMAP trivial
baseUpdateSysConfig /etc/sysconfig/keyboard COMPOSETABLE "clear latin1.add"
baseUpdateSysConfig /etc/sysconfig/language INSTALLED_LANGUAGES ""
baseUpdateSysConfig /etc/sysconfig/language RC_LANG "en_US.UTF-8"
baseUpdateSysConfig /etc/sysconfig/mouse MOUSEDEVICE ""
baseUpdateSysConfig /etc/sysconfig/network/config NETCONFIG_MODULES_ORDER "cloud-netconfig dns-resolver dns-bind dns-dnsmasq nis ntp-runtime"
baseUpdateSysConfig /etc/sysconfig/network/dhcp DHCLIENT_SET_HOSTNAME yes
baseUpdateSysConfig /etc/sysconfig/network/dhcp WRITE_HOSTNAME_TO_HOSTS no
baseUpdateSysConfig /etc/sysconfig/security POLKIT_DEFAULT_PRIVS restrictive
baseUpdateSysConfig /etc/sysconfig/storage USED_FS_LIST ext4
baseUpdateSysConfig /etc/sysconfig/SuSEfirewall2 FW_LOAD_MODULES "nf_conntrack_netbios_ns"
baseUpdateSysConfig /etc/sysconfig/SuSEfirewall2 FW_DEV_EXT "any eth0"
baseUpdateSysConfig /etc/sysconfig/SuSEfirewall2 FW_LOG_DROP_CRIT yes
baseUpdateSysConfig /etc/sysconfig/SuSEfirewall2 FW_LOG_DROP_ALL no
baseUpdateSysConfig /etc/sysconfig/SuSEfirewall2 FW_LOG_ACCEPT_CRIT yes
baseUpdateSysConfig /etc/sysconfig/SuSEfirewall2 FW_LOG_ACCEPT_ALL no
baseUpdateSysConfig /etc/sysconfig/SuSEfirewall2 FW_ALLOW_FW_BROADCAST_EXT no
baseUpdateSysConfig /etc/sysconfig/SuSEfirewall2 FW_ALLOW_FW_BROADCAST_INT no
baseUpdateSysConfig /etc/sysconfig/SuSEfirewall2 FW_ALLOW_FW_BROADCAST_DMZ no
baseUpdateSysConfig /etc/sysconfig/SuSEfirewall2 FW_IGNORE_FW_BROADCAST_INT no
baseUpdateSysConfig /etc/sysconfig/SuSEfirewall2 FW_IGNORE_FW_BROADCAST_DMZ no
baseUpdateSysConfig /etc/sysconfig/SuSEfirewall2 FW_IPSEC_TRUST no
baseUpdateSysConfig /etc/sysconfig/windowmanager X_MOUSE_CURSOR ""
baseUpdateSysConfig /etc/sysconfig/windowmanager DEFAULT_WM ""

# New entries in sysconfig
echo 'DEFAULT_TIMEZONE="UTC"' >> /etc/sysconfig/clock

echo '
# Encoding used for output of non-ascii characters.
#
CONSOLE_ENCODING="UTF-8"' >> /etc/sysconfig/console

echo '
# The YaST-internal identifier of the attached keyboard.
#
YAST_KEYBOARD="english-us,pc104"' >> /etc/sysconfig/keyboard

echo '
# The full name of the attached mouse.
#
FULLNAME=""

# The YaST-internal identifier of the attached mouse.
#
YAST_MOUSE="none"

# Mouse device used for the X11 system.
#
XMOUSEDEVICE=""

# The number of buttons of the attached mouse.
#
BUTTONS="0"

# The number of wheels of the attached mouse.
#
WHEELS="0"' >> /etc/sysconfig/mouse

echo 'DISPLAYMANAGER_SHUTDOWN="root"
DISPLAYMANAGER=""
DISPLAYMANAGER_REMOTE_ACCESS="no"
DISPLAYMANAGER_ROOT_LOGIN_REMOTE="no"' > /etc/sysconfig/displaymanager

rm /etc/sysconfig/mcelog

# Set up ntp server
#sed -i 's/server 127/#server 127/' /etc/ntp.conf
#sed -i 's/fudge  127/#fudge  127/' /etc/ntp.conf
#echo "server 169.254.169.254 iburst"

# Setup policy kit
[ -x /sbin/set_polkit_default_privs ] && /sbin/set_polkit_default_privs


[ -f /etc/modprobe.d/unsupported-modules ] && sed -i -r -e 's/^(allow_unsupported_modules[[:space:]]*).*/\10/' /etc/modprobe.d/unsupported-modules

# Set the keep alive interval
sed -i 's/#ClientAliveInterval 0/ClientAliveInterval 180/' /etc/ssh/sshd_config

# Disable default targetpw directive
sed -i -e '/^Defaults targetpw/,/^$/ s/^/#/' /etc/sudoers

# WALinuxAgent configuration settings
# Disable agent auto-update
sed -i -e 's/AutoUpdate.Enabled=y/AutoUpdate.Enabled=n/' /etc/waagent.conf

# Remove the password for root
# Note the string matches the password set in the config file
sed -i 's/$1$wYJUgpM5$RXMMeASDc035eX.NbYWFl0/*/' /etc/shadow

# Implement password policy
# Length: 6-72 characters long
# Contain any combination of 3 of the following:
#   - a lowercase character
#   - an uppercase character
#   - a number
#   - a special character
sed -i 's/pam_cracklib.so/pam_cracklib.so minlen=6 dcredit=1 ucredit=1 lcredit=1 ocredit=1 minclass=3/' /etc/pam.d/common-password-pc

# Delete resolv.conf
rm /etc/resolv.conf

# Do not use delta rpms in the cloud
sed -i 's/# download.use_deltarpm = true/download.use_deltarpm = false/' /etc/zypp/zypp.conf

# Allow forced root login on the serial console bsc#1080692
sed -i 's/sulogin;/sulogin --force;/' /usr/lib/systemd/system/emergency.service

#========================================
# Files that may vary from build to build
#----------------------------------------

# Keep track of files with randomly created unique IDs or random numbers
function random_file() { true ; }
random_file /etc/cron.d/novell.com-suse_register
random_file /etc/ntp.keys
random_file /zypp/credentials.d/NCCcredentials
random_file /var/lib/dbus/machine-id
random_file /var/lib/zypp/AnonymousUniqueId

# Keep track of files with embedded timestamps
function timestamp_file() { true ; }
timestamp_file /etc/gconf/gconf.xml.schemas/%gconf-tree.xml
timestamp_file /var/lib/PolicyKit/user-haldaemon.auths

# These caches are based only on data on the filesystem (system independent)
function cache_file() { true ; }
cache_file filesonly /etc/gtk-2.0/gdk-pixbuf64.loaders
cache_file filesonly /etc/gtk-2.0/gdk-pixbuf.loaders
cache_file filesonly /etc/gtk-2.0/gtk64.immodules
cache_file filesonly /etc/gtk-2.0/gtk.immodules
cache_file filesonly /etc/init.d/.depend.boot
cache_file filesonly /etc/init.d/.depend.halt
cache_file filesonly /etc/init.d/.depend.start
cache_file filesonly /etc/init.d/.depend.stop
cache_file filesonly /etc/rc.d/.depend.boot
cache_file filesonly /etc/rc.d/.depend.halt
cache_file filesonly /etc/rc.d/.depend.start
cache_file filesonly /etc/rc.d/.depend.stop
cache_file filesonly /etc/pango/pango64.modules
cache_file filesonly /etc/pango/pango.modules
cache_file filesonly /usr/share/info/dir
cache_file filesonly /var/adm/SuSEconfig/md5/etc/postfix/main.cf

#======================================
# Activate services
#--------------------------------------
#suseInsertService boot.device-mapper
suseInsertService sshd
suseInsertService haveged
# The hv daemons get started by udev rules we keep these here
# as a reminder to not explicitly enable the services
#suseInsertService hv_fcopy_daemon
#suseInsertService hv_kvp_daemon
#suseInsertService hv_vss_daemon
suseInsertService waagent
suseRemoveService boot.lvm
suseRemoveService boot.md
suseRemoveService display-manager
suseRemoveService kbd
suseRemoveService smartd

# Cleanup
rm /var/lib/rpm/__db.*

#======================================
# Umount kernel filesystems
#--------------------------------------
baseCleanMount

exit 0
openSUSE Build Service is sponsored by
Places