File config.sh of Package SLES12-SP5-Azure
#!/bin/bash #================ # FILE : config.sh #---------------- # PROJECT : OpenSuSE KIWI Image System # COPYRIGHT : (c) 2013 SUSE LINUX Products GmbH. All rights reserved # : # AUTHOR : Robert Schweikert <rjschwei@suse.com> # : # BELONGS TO : Operating System images # : # DESCRIPTION : configuration script for SUSE based # : operating systems # : # : # STATUS : BETA #---------------- #====================================== # Functions... #-------------------------------------- test -f /.kconfig && . /.kconfig test -f /.profile && . /.profile #====================================== # Greeting... #-------------------------------------- echo "Configure image: [$kiwi_iname]..." # Baseproduct link set in profile specific code at the end #====================================== # Setup the build keys #-------------------------------------- suseImportBuildKey #========================================= # Set sysconfig options #----------------------------------------- # These are all set by YaST but not by KIWI baseUpdateSysConfig /etc/sysconfig/console CONSOLE_FONT "lat9w-16.psfu" baseUpdateSysConfig /etc/sysconfig/console CONSOLE_SCREENMAP trivial baseUpdateSysConfig /etc/sysconfig/keyboard COMPOSETABLE "clear latin1.add" baseUpdateSysConfig /etc/sysconfig/language INSTALLED_LANGUAGES "" baseUpdateSysConfig /etc/sysconfig/language RC_LANG "C.UTF-8" baseUpdateSysConfig /etc/sysconfig/network/dhcp DHCLIENT_SET_HOSTNAME yes baseUpdateSysConfig /etc/sysconfig/network/dhcp WRITE_HOSTNAME_TO_HOSTS no baseUpdateSysConfig /etc/sysconfig/security POLKIT_DEFAULT_PRIVS restrictive baseUpdateSysConfig /etc/sysconfig/storage USED_FS_LIST ext4 baseUpdateSysConfig /etc/sysconfig/SuSEfirewall2 FW_LOAD_MODULES "nf_conntrack_netbios_ns" baseUpdateSysConfig /etc/sysconfig/SuSEfirewall2 FW_DEV_EXT "any eth0" baseUpdateSysConfig /etc/sysconfig/SuSEfirewall2 FW_LOG_DROP_CRIT yes baseUpdateSysConfig /etc/sysconfig/SuSEfirewall2 FW_LOG_DROP_ALL no baseUpdateSysConfig /etc/sysconfig/SuSEfirewall2 FW_LOG_ACCEPT_CRIT yes baseUpdateSysConfig /etc/sysconfig/SuSEfirewall2 FW_LOG_ACCEPT_ALL no baseUpdateSysConfig /etc/sysconfig/SuSEfirewall2 FW_ALLOW_FW_BROADCAST_EXT no baseUpdateSysConfig /etc/sysconfig/SuSEfirewall2 FW_ALLOW_FW_BROADCAST_INT no baseUpdateSysConfig /etc/sysconfig/SuSEfirewall2 FW_ALLOW_FW_BROADCAST_DMZ no baseUpdateSysConfig /etc/sysconfig/SuSEfirewall2 FW_IGNORE_FW_BROADCAST_INT no baseUpdateSysConfig /etc/sysconfig/SuSEfirewall2 FW_IGNORE_FW_BROADCAST_DMZ no baseUpdateSysConfig /etc/sysconfig/SuSEfirewall2 FW_IPSEC_TRUST no # Set sysconfig for things that are not setup by default, net new echo 'CONSOLE_ENCODING="UTF-8"' >> /etc/sysconfig/console echo 'CONSOLE_FONT="lat9w-16.psfu"' >> /etc/sysconfig/console echo 'CONSOLE_SCREENMAP="trivial"' >> /etc/sysconfig/console echo 'DEFAULT_TIMEZONE="Etc/UTC"' >> /etc/sysconfig/clock echo 'HWCLOCK="-u"' >> /etc/sysconfig/clock echo 'UTC=true' >> /etc/sysconfig/clock echo ' # The YaST-internal identifier of the attached keyboard. # YAST_KEYBOARD="english-us,pc104"' >> /etc/sysconfig/keyboard # Setup policy kit [ -x /sbin/set_polkit_default_privs ] && /sbin/set_polkit_default_privs [ -f /etc/modprobe.d/unsupported-modules ] && sed -i -r -e 's/^(allow_unsupported_modules[[:space:]]*).*/\10/' /etc/modprobe.d/unsupported-modules # Set the keep alive interval sed -i 's/#ClientAliveInterval 0/ClientAliveInterval 180/' /etc/ssh/sshd_config # Disable default targetpw directive sed -i -e '/^Defaults targetpw/,/^$/ s/^/#/' /etc/sudoers sed -i -e '/^ALL *ALL=(ALL) *ALL/ s/^/#/' /etc/sudoers # WALinuxAgent configuration settings # Disable agent auto-update sed -i -e 's/AutoUpdate.Enabled=y/AutoUpdate.Enabled=n/' /etc/waagent.conf # Remove the password for root # Note the string matches the password set in the config file sed -i 's/$1$wYJUgpM5$RXMMeASDc035eX.NbYWFl0/*/' /etc/shadow # Implement password policy # Length: 6-72 characters long # Contain any combination of 3 of the following: # - a lowercase character # - an uppercase character # - a number # - a special character sed -i 's/pam_cracklib.so/pam_cracklib.so minlen=6 dcredit=1 ucredit=1 lcredit=1 ocredit=1 minclass=3/' /etc/pam.d/common-password-pc # Do not use delta rpms in the cloud sed -i 's/# download.use_deltarpm = true/download.use_deltarpm = false/' /etc/zypp/zypp.conf # Allow forced root login on the serial console bsc#1080692 sed -i 's/sulogin;/sulogin --force;/' /usr/lib/systemd/system/emergency.service # Avoid weird characters in YaST echo "# yast in Public CLoud images fix" >> /etc/profile echo "NCURSES_NO_UTF8_ACS=1" >> /etc/profile echo "export NCURSES_NO_UTF8_ACS" >> /etc/profile #====================================== # Activate services #-------------------------------------- # Generic #suseInsertService boot.device-mapper suseInsertService haveged suseInsertService sshd # The hv daemons get started by udev rules we keep these here # as a reminder to not explicitly enable the services #suseInsertService hv_fcopy_daemon #suseInsertService hv_kvp_daemon #suseInsertService hv_vss_daemon suseRemoveService boot.lvm suseRemoveService boot.md suseRemoveService display-manager suseRemoveService kbd suseRemoveService smartd # Framework specific suseInsertService waagent #====================================== # Configure flavor specifics #-------------------------------------- if [[ "$kiwi_profiles" == Basic-On-Demand ]] || [[ "$kiwi_profiles" == Standard-On-Demand ]]; then baseUpdateSysConfig /etc/sysconfig/network/config NETCONFIG_MODULES_ORDER "cloud-netconfig dns-resolver dns-bind dns-dnsmasq nis ntp-runtime" mv /etc/motd.on-demand /etc/motd rm -f /etc/motd.byos /etc/motd.hpc-on-demand /etc/motd.sap-byos /etc/motd.sap-on-demand /etc/motd.hpc-byos suseInsertService guestregister suseSetupProduct systemctl enable cloud-netconfig.timer fi if [[ "$kiwi_profiles" == BYOS ]]; then baseUpdateSysConfig /etc/sysconfig/network/config NETCONFIG_MODULES_ORDER "cloud-netconfig dns-resolver dns-bind dns-dnsmasq nis ntp-runtime" mv /etc/motd.byos /etc/motd rm -f /etc/motd.hpc-on-demand /etc/motd.on-demand /etc/motd.sap-byos /etc/motd.sap-on-demand /etc/motd.hpc-byos suseSetupProduct systemctl enable cloud-netconfig.timer fi if [[ "$kiwi_profiles" == HPC-On-Demand ]]; then baseUpdateSysConfig /etc/sysconfig/network/config NETCONFIG_MODULES_ORDER "cloud-netconfig dns-resolver dns-bind dns-dnsmasq nis ntp-runtime" mv /etc/motd.hpc-on-demand /etc/motd rm -f /etc/motd.byos /etc/motd.on-demand /etc/motd.sap-byos /etc/motd.sap-on-demand /etc/motd.hpc-byos suseInsertService guestregister suseSetupProduct systemctl enable cloud-netconfig.timer fi if [[ "$kiwi_profiles" == HPC-BYOS ]]; then baseUpdateSysConfig /etc/sysconfig/network/config NETCONFIG_MODULES_ORDER "cloud-netconfig dns-resolver dns-bind dns-dnsmasq nis ntp-runtime" mv /etc/motd.hpc-byos /etc/motd rm -f /etc/motd.on-demand /etc/motd.byos /etc/motd.hpc-on-demand /etc/motd.sap-on-demand /etc/motd.sap-byos suseSetupProduct systemctl enable cloud-netconfig.timer fi if [[ "$kiwi_profiles" == SAP-On-Demand ]]; then mv /etc/motd.sap-on-demand /etc/motd rm -f /etc/motd.byos /etc/motd.hpc-on-demand /etc/motd.on-demand /etc/motd.sap-byos /etc/motd.hpc-byos suseInsertService guestregister pushd /etc/products.d ln -sf SLES_SAP.prod baseproduct popd fi if [[ "$kiwi_profiles" == SAP-BYOS ]]; then mv /etc/motd.sap-byos /etc/motd rm -f /etc/motd.byos /etc/motd.hpc-on-demand /etc/motd.on-demand /etc/motd.sap-on-demand /etc/motd.hpc-byos pushd /etc/products.d ln -sf SLES_SAP.prod baseproduct popd fi exit 0
