File config.sh of Package SLES12-SP5-GCE

#!/bin/bash
#================
# FILE          : config.sh
#----------------
# PROJECT       : OpenSuSE KIWI Image System
# COPYRIGHT     : (c) 2013 SUSE LINUX Products GmbH. All rights reserved
#               :
# AUTHOR        : Public Cloud Team  public-cloud-dev@susecloud.net
#               :
# BELONGS TO    : Operating System images
#               :
# DESCRIPTION   : configuration script for SUSE based
#               : operating systems
#               :
#               :
# STATUS        : Production
#----------------
#======================================
# Functions...
#--------------------------------------
test -f /.kconfig && . /.kconfig
test -f /.profile && . /.profile

#======================================
# Greeting...
#--------------------------------------
echo "Configure image: [$kiwi_iname]..."

# Baseproduct link set in profile specific code at the end

#======================================
# Setup the build keys
#--------------------------------------
suseImportBuildKey

#=========================================
# Set sysconfig options
#-----------------------------------------
# These are all set by YaST but not by KIWI
baseUpdateSysConfig /etc/sysconfig/console CONSOLE_FONT "lat9w-16.psfu"
baseUpdateSysConfig /etc/sysconfig/console CONSOLE_SCREENMAP trivial
baseUpdateSysConfig /etc/sysconfig/kernel MODULES_LOADED_ON_BOOT "acpiphp"
baseUpdateSysConfig /etc/sysconfig/keyboard COMPOSETABLE "clear latin1.add"
baseUpdateSysConfig /etc/sysconfig/language INSTALLED_LANGUAGES ""
baseUpdateSysConfig /etc/sysconfig/language RC_LANG "C.UTF-8"
baseUpdateSysConfig /etc/sysconfig/network/dhcp DHCLIENT_SET_HOSTNAME yes
baseUpdateSysConfig /etc/sysconfig/network/dhcp WRITE_HOSTNAME_TO_HOSTS no
baseUpdateSysConfig /etc/sysconfig/security POLKIT_DEFAULT_PRIVS restrictive
baseUpdateSysConfig /etc/sysconfig/SuSEfirewall2 FW_LOAD_MODULES "nf_conntrack_netbios_ns"
baseUpdateSysConfig /etc/sysconfig/SuSEfirewall2 FW_DEV_EXT "any eth0"
baseUpdateSysConfig /etc/sysconfig/SuSEfirewall2 FW_LOG_DROP_CRIT yes
baseUpdateSysConfig /etc/sysconfig/SuSEfirewall2 FW_LOG_DROP_ALL no
baseUpdateSysConfig /etc/sysconfig/SuSEfirewall2 FW_LOG_ACCEPT_CRIT yes
baseUpdateSysConfig /etc/sysconfig/SuSEfirewall2 FW_LOG_ACCEPT_ALL no
baseUpdateSysConfig /etc/sysconfig/SuSEfirewall2 FW_ALLOW_FW_BROADCAST_EXT no
baseUpdateSysConfig /etc/sysconfig/SuSEfirewall2 FW_ALLOW_FW_BROADCAST_INT no
baseUpdateSysConfig /etc/sysconfig/SuSEfirewall2 FW_ALLOW_FW_BROADCAST_DMZ no
baseUpdateSysConfig /etc/sysconfig/SuSEfirewall2 FW_IGNORE_FW_BROADCAST_INT no
baseUpdateSysConfig /etc/sysconfig/SuSEfirewall2 FW_IGNORE_FW_BROADCAST_DMZ no
baseUpdateSysConfig /etc/sysconfig/SuSEfirewall2 FW_IPSEC_TRUST no
# ntp force sync on startup
baseUpdateSysConfig /etc/sysconfig/ntp NTPD_FORCE_SYNC_ON_STARTUP "yes"
baseUpdateSysConfig /etc/sysconfig/ntp NTPD_FORCE_SYNC_HWCLOCK_ON_STARTUP "yes"

# Set sysconfig for things that are not setup by default, net new
echo 'CONSOLE_ENCODING="UTF-8"' >> /etc/sysconfig/console
echo 'CONSOLE_FONT="lat9w-16.psfu"' >> /etc/sysconfig/console
echo 'CONSOLE_SCREENMAP="trivial"' >> /etc/sysconfig/console
echo 'DEFAULT_TIMEZONE="Etc/UTC"' >> /etc/sysconfig/clock
echo 'HWCLOCK="-u"' >> /etc/sysconfig/clock
echo 'UTC=true' >> /etc/sysconfig/clock
echo '
# The YaST-internal identifier of the attached keyboard.
#
YAST_KEYBOARD="english-us,pc104"' >> /etc/sysconfig/keyboard

# Set up ntp server
sed -i 's/server 127/#server 127/' /etc/ntp.conf
sed -i 's/fudge  127/#fudge  127/' /etc/ntp.conf
sed -i 's/keys/#keys/' /etc/ntp.conf
sed -i 's/trustedkey/#trustedkey/' /etc/ntp.conf
sed -i 's/requestkey/#requestkey/' /etc/ntp.conf
echo "server metadata.google.internal iburst" >> /etc/ntp.conf

# replace HOSTNAME file with link to file being created by Google startup code
rm /etc/HOSTNAME
ln -s /etc/hostname /etc/HOSTNAME

# Setup policy kit
[ -x /sbin/set_polkit_default_privs ] && /sbin/set_polkit_default_privs


[ -f /etc/modprobe.d/unsupported-modules ] && sed -i -r -e 's/^(allow_unsupported_modules[[:space:]]*).*/\10/' /etc/modprobe.d/unsupported-modules

# Disable password based login via ssh
sed -i 's/#ChallengeResponseAuthentication yes/ChallengeResponseAuthentication no/' /etc/ssh/sshd_config

# Remove the password for root
# Note the string matches the password set in the config file
sed -i 's/$1$wYJUgpM5$RXMMeASDc035eX.NbYWFl0/*/' /etc/shadow

# Create the boto config file
echo  '[Boto]
ca_certificates_file = system' >> /etc/boto.cfg

# gsutil clobbers boto.cfg create the template file and hope for the best
echo  '[Boto]
ca_certificates_file = system' >> /etc/boto.cfg.template

# Speed up name resolution for the metadata server
# Handled as overlay, see https://github.com/SUSE/kiwi/issues/817
#echo '169.254.169.254 metadata.google.internal metadata.google.internal' >> /etc/hosts
#echo '' >> /etc/hosts

# Do not use delta rpms in the cloud
sed -i 's/# download.use_deltarpm = true/download.use_deltarpm = false/' /etc/zypp/zypp.conf

# Avoid weird characters in YaST
echo "# yast in Public CLoud images fix" >> /etc/profile
echo "NCURSES_NO_UTF8_ACS=1" >> /etc/profile
echo "export NCURSES_NO_UTF8_ACS" >> /etc/profile

# bsc#1145125 fork fails on large systems set task limit
echo "DefaultTasksMax=65536" >> /etc/systemd/system.conf

#======================================
# Activate services
#--------------------------------------
# Generic
suseInsertService boot.device-mapper
suseInsertService haveged
suseInsertService ntpd
suseInsertService sshd
suseRemoveService acpid
suseRemoveService boot.lvm
suseRemoveService boot.md
suseRemoveService boot.multipath
suseRemoveService display-manager
suseRemoveService kbd
# Framework specific
suseInsertService google-accounts-daemon
suseInsertService google-clock-skew-daemon
suseInsertService google-instance-setup
suseInsertService google-network-daemon
suseInsertService google-shutdown-scripts
suseInsertService google-startup-scripts
suseInsertService google-optimize-local-ssd
suseInsertService rootgrow

#======================================
# Configure flavor specifics
#--------------------------------------
if [[ "$kiwi_profiles" == On-Demand ]]; then
  mv /etc/motd.on-demand /etc/motd
  rm -f /etc/motd.byos /etc/motd.sap-byos /etc/motd.sap-on-demand
  suseSetupProduct
  suseInsertService guestregister
fi

if [[ "$kiwi_profiles" == BYOS ]]; then
  mv /etc/motd.byos /etc/motd
  /etc/motd.on-demand /etc/motd.sap-byos /etc/motd.sap-on-demand
  suseSetupProduct
fi

if [[ "$kiwi_profiles" == SAP-On-Demand ]]; then
  mv /etc/motd.sap-on-demand /etc/motd
  rm -f /etc/motd.byos /etc/motd.on-demand /etc/motd.sap-byos
  pushd /etc/products.d
  ln -sf SLES_SAP.prod baseproduct
  popd
  suseInsertService guestregister
fi

if [[ "$kiwi_profiles" == SAP-BYOS ]]; then
  mv /etc/motd.sap-byos /etc/motd
  rm -f /etc/motd.byos /etc/motd.on-demand /etc/motd.sap-on-demand
  pushd /etc/products.d
  ln -sf SLES_SAP.prod baseproduct
  popd
fi


exit 0
Places

File config.sh of Package SLES12-SP5-GCE

Places
