File config.sh of Package SLES15-SP3-CHOST-BYOS

#!/bin/bash
#================
# FILE          : config.sh
#----------------
# PROJECT       : openSUSE KIWI Image System
# COPYRIGHT     : (c) 2019 SUSE LLC. All rights reserved
#               :
# AUTHOR        : Public Cloud Team public-cloud-dev@susecloud.net
#               :
# BELONGS TO    : Operating System images
#               :
# DESCRIPTION   : configuration script for SUSE based
#               : operating systems
#               :
#               :
# STATUS        : BETA
#----------------
#======================================
# Functions...
#--------------------------------------
test -f /.kconfig && . /.kconfig
test -f /.profile && . /.profile

#======================================
# Greeting...
#--------------------------------------
echo "Configure image: [$kiwi_iname]..."

#======================================
# Setup baseproduct link
#--------------------------------------
suseSetupProduct

#======================================
# Setup the build keys
#--------------------------------------
suseImportBuildKey

# Set sysconfig for default variable we want to change
baseUpdateSysConfig \
    /etc/sysconfig/keyboard COMPOSETABLE "clear latin1.add"
baseUpdateSysConfig \
    /etc/sysconfig/language INSTALLED_LANGUAGES ""
baseUpdateSysConfig \
    /etc/sysconfig/language RC_LANG "C.UTF-8"
baseUpdateSysConfig \
    /etc/sysconfig/security POLKIT_DEFAULT_PRIVS restrictive
baseUpdateSysConfig \
    /etc/sysconfig/windowmanager DEFAULT_WM ""
baseUpdateSysConfig \
    /etc/sysconfig/windowmanager INSTALL_DESKTOP_EXTENSIONS no

# Set sysconfig for things that are not setup by default, net new
echo 'CONSOLE_ENCODING="UTF-8"' >> /etc/sysconfig/console
echo 'CONSOLE_FONT="lat9w-16.psfu"' >> /etc/sysconfig/console
echo 'CONSOLE_SCREENMAP="trivial"' >> /etc/sysconfig/console
echo 'DEFAULT_TIMEZONE="Etc/UTC"' >> /etc/sysconfig/clock
echo 'HWCLOCK="-u"' >> /etc/sysconfig/clock
echo 'UTC=true' >> /etc/sysconfig/clock

# Configuration outside of sysconfig
# Set to pass k8s certification, related to bsc#1167810
echo 'net.ipv4.conf.all.rp_filter = 1' >> /etc/sysctl.d/52-chost-netconfig.conf

# PM-1830
echo 'VARIANT_ID="chost"' >> /etc/os-release
date_stamp=`date +'%Y%m%d'`
echo "VARIANT_VERSION=\"$date_stamp\"" >> /etc/os-release

# Setup policy kit
[ -x /sbin/set_polkit_default_privs ] && /sbin/set_polkit_default_privs

# Remove the password for root
sed -i 's/^root:[^:]*:/root:*:/' /etc/shadow

# Do not use delta rpms in the cloud
sed -i 's/# download.use_deltarpm = true/download.use_deltarpm = false/' /etc/zypp/zypp.conf

# Allow root access on serial console
egrep -q '^ttyS0$' /etc/securetty || echo ttyS0 >> /etc/securetty

# Avoid weird characters in YaST
echo "# yast in Public Cloud images fix" >> /etc/profile
echo "NCURSES_NO_UTF8_ACS=1" >> /etc/profile
echo "export NCURSES_NO_UTF8_ACS" >> /etc/profile

# Activate services
suseInsertService boot.device-mapper
suseInsertService docker
suseInsertService docker-img-store-setup-xfs
suseInsertService haveged
suseInsertService sshd
# Image type specific

# Deactivate services
suseRemoveService acpid
suseRemoveService boot.efivars
suseRemoveService boot.lvm
suseRemoveService boot.md
suseRemoveService boot.multipath
suseRemoveService display-manager
suseRemoveService kbd

# Framework specific settings
if [ "$kiwi_profiles" = "Ali" ]; then
    baseUpdateSysConfig /etc/sysconfig/network/dhcp DHCLIENT_SET_HOSTNAME no
    sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
    # Service setup
    suseInsertService cloud-init-local
    suseInsertService cloud-init
    suseInsertService cloud-config
    suseInsertService cloud-final
fi

if [[ "$kiwi_profiles" == Azure ]]; then
    baseUpdateSysConfig /etc/sysconfig/network/dhcp DHCLIENT_SET_HOSTNAME no
    # Need keep alive traffic of Azure disconnects the connection rather quickly
    sed -i 's/#ClientAliveInterval 0/ClientAliveInterval 180/' /etc/ssh/sshd_config
    # Disable agent auto-update
    sed -i -e 's/AutoUpdate.Enabled=y/AutoUpdate.Enabled=n/' /etc/waagent.conf
    # Generate all supported SSH host key types
    sed -i -e 's/SshHostKeyPairType=rsa/SshHostKeyPairType=auto/' /etc/waagent.conf
    # Implement password policy
    # Length: 6-72 characters long
    # Contain any combination of 3 of the following:
    #   - a lowercase character
    #   - an uppercase character
    #   - a number
    #   - a special character
    sed -i 's/pam_cracklib.so/pam_cracklib.so minlen=6 dcredit=1 ucredit=1 lcredit=1 ocredit=1 minclass=3/' /etc/pam.d/common-password-pc

    # Service setup
    suseInsertService chronyd
    suseInsertService cloud-init-local
    suseInsertService cloud-init
    suseInsertService cloud-config
    suseInsertService cloud-final
    suseInsertService waagent
fi
if [[ "$kiwi_profiles" == EC2 ]]; then
    arch=`uname -m`
    # No Xen based instance types for ARM, no need for custom config
    if [ "$arch" = "aarch64" ];then
        rm -rf /etc/dracut.conf.d/07-aws-type-switch.conf
    fi
    
    baseUpdateSysConfig /etc/sysconfig/network/dhcp DHCLIENT_SET_HOSTNAME no
    sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
    # Disable password based login via ssh
    sed -i 's/#ChallengeResponseAuthentication yes/ChallengeResponseAuthentication no/' /etc/ssh/sshd_config

    # Service setup
    suseInsertService chronyd
    suseInsertService cloud-init-local
    suseInsertService cloud-init
    suseInsertService cloud-config
    suseInsertService cloud-final
fi
if [[ "$kiwi_profiles" == GCE ]]; then
    baseUpdateSysConfig /etc/sysconfig/network/dhcp DHCLIENT_SET_HOSTNAME yes
    sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
    # Disable password based login via ssh
    sed -i 's/#ChallengeResponseAuthentication yes/ChallengeResponseAuthentication no/' /etc/ssh/sshd_config

    # Create the boto config file
    echo  '[Boto]
ca_certificates_file = system' >> /etc/boto.cfg

    # gsutil clobbers boto.cfg create the template file and hope for the best
    echo  '[Boto]
ca_certificates_file = system' >> /etc/boto.cfg.template

    # Python 3 issue bsc#1116242
    echo '[InstanceSetup]'  >> /etc/default/instance_configs.cfg.distro
    echo 'set_boto_config = false'  >> /etc/default/instance_configs.cfg.distro
    # Service setup
    suseInsertService chronyd
    suseInsertService google-guest-agent
    suseInsertService google-osconfig-agent
    suseInsertService google-shutdown-scripts
    suseInsertService google-startup-scripts
    suseInsertService rootgrow

    systemctl enable google-oslogin-cache.timer
fi
if [[ "$kiwi_profiles" == OpenStack ]]; then
    baseUpdateSysConfig /etc/sysconfig/network/dhcp DHCLIENT_SET_HOSTNAME no
    sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
    # Disable password based login via ssh
    sed -i 's/#ChallengeResponseAuthentication yes/ChallengeResponseAuthentication no/' /etc/ssh/sshd_config
    # Service setup
    suseInsertService cloud-init-local
    suseInsertService cloud-init
    suseInsertService cloud-config
    suseInsertService cloud-final
fi

exit 0