File config.sh of Package SLES15-SP4-SAP-BYOS
#!/bin/bash
#================
# FILE : config.sh
#----------------
# PROJECT : SUSE Public Cloud recipes
# COPYRIGHT : (c) 2022 SUSE LLC. All rights reserved
# :
# CONTACT : Public Cloud Team public-cloud-dev@susecloud.net
# :
# BELONGS TO : Operating System images
# :
# DESCRIPTION : OS configuration script
# :
# :
# STATUS : Production
# GENERATED BY : keg 1.2.0 on 2022-02-03 10:11:40
#----------------
#======================================
# Functions...
#--------------------------------------
test -f /.kconfig && . /.kconfig
test -f /.profile && . /.profile
#======================================
# Fail build on error
#--------------------------------------
set -e
#======================================
# Greeting...
#--------------------------------------
echo "Configure image: [$kiwi_iname]..."
#======================================
# Setup the build keys
#--------------------------------------
suseImportBuildKey
# keg: included from common-sysconfig
baseUpdateSysConfig /etc/sysconfig/keyboard COMPOSETABLE "clear latin1.add"
baseUpdateSysConfig /etc/sysconfig/language INSTALLED_LANGUAGES ""
baseUpdateSysConfig /etc/sysconfig/language RC_LANG "C.UTF-8"
baseUpdateSysConfig /etc/sysconfig/security POLKIT_DEFAULT_PRIVS "restrictive"
baseUpdateSysConfig /etc/sysconfig/windowmanager DEFAULT_WM ""
baseUpdateSysConfig /etc/sysconfig/windowmanager INSTALL_DESKTOP_EXTENSIONS "no"
# keg: included from common-sysconfig
cat >> "/etc/profile" <<EOF
# yast in Public Cloud images fix
NCURSES_NO_UTF8_ACS=1
export NCURSES_NO_UTF8_ACS
EOF
cat >> "/etc/sysconfig/console" <<EOF
CONSOLE_ENCODING="UTF-8"
CONSOLE_FONT="lat9w-16.psfu"
CONSOLE_SCREENMAP="trivial"
EOF
# keg: included from sles4sap-variant
cat >> "/etc/os-release" <<EOF
VARIANT_ID="sles-sap"
EOF
# keg: included from common-config
# Start generate /etc/motd
#
source /etc/os-release
OS_PRETTY_NAME="$PRETTY_NAME"
OS_VERSION_MAJOR="${VERSION_ID%.*}"
ARCH="`uname -m`"
for suma_prod in /etc/products.d/SUSE-Manager-Server.prod /etc/products.d/SUSE-Manager-Proxy.prod
do
if [[ -f $suma_prod ]]; then
SUMA_VERSION=`sed -n -r -e '/<version>/s/( *<version>)([^<]*)(.*)/\2/p' $suma_prod`
break
fi
done
test -f etc/products.d/SLES_SAP.prod && OS_PRETTY_NAME="$OS_PRETTY_NAME for SAP Applications"
get_motd_includes()
{
if [ -d /etc/motd.d ]; then
for inc in `ls /etc/motd.d` ; do
echo "r /etc/motd.d/${inc}"
done
fi
}
test -f /etc/motd-caption && cap_replace="r /etc/motd-caption"
motd_func="\
s/{OS_PRETTY_NAME}/$OS_PRETTY_NAME/g
s/{OS_VERSION_MAJOR}/$OS_VERSION_MAJOR/g
s/{ARCH}/$ARCH/g
s/{SUMA_VERSION}/$SUMA_VERSION/g
/{CAPTION}/{
$cap_replace
d
}
/{INCLUDES}/{
`get_motd_includes`
d
}"
for motd in /etc/motd* ; do
test -f $motd || continue
sed -i -e "$motd_func" $motd
done
test -d /etc/motd.d && rm -r /etc/motd.d
test -f /etc/motd-caption && rm /etc/motd-caption
#
# End generate /etc/motd
[ -x /sbin/set_polkit_default_privs ] && /sbin/set_polkit_default_privs
sed -i -e 's/^root:[^:]*:/root:*:/' /etc/shadow
prodfiles=(`grep -l '<codestream>' /etc/products.d/*prod`)
for p in $prodfiles ; do
grep -q '<flavor>extension</flavor>' $p || prodfile="$prodfile $p"
done
if [[ ${#prodfile[*]} -ne 1 ]]; then
echo "No base product package installed or base product ambiguous." >&2
false
else
ln -sf `basename "${prodfile[0]}"` /etc/products.d/baseproduct
fi
sed -i -e 's/# download.use_deltarpm = true/download.use_deltarpm = false/' \
/etc/zypp/zypp.conf
# keg: included from common-services
baseInsertService boot.device-mapper
baseInsertService haveged
baseInsertService sshd
baseRemoveService acpid
baseRemoveService boot.efivars
baseRemoveService boot.lvm
baseRemoveService boot.md
baseRemoveService boot.multipath
baseRemoveService display-manager
baseRemoveService kbd
if [[ $kiwi_profiles = Azure ]]; then
# keg: included from azure-config
baseUpdateSysConfig /etc/sysconfig/network/dhcp DHCLIENT_SET_HOSTNAME "no"
# keg: included from azure-tools-sysconfig
baseUpdateSysConfig /etc/sysconfig/network/config NETCONFIG_MODULES_ORDER "cloud-netconfig dns-resolver dns-bind dns-dnsmasq nis ntp-runtime"
# keg: included from azure-config
dc=/etc/dhclient.conf
if grep -qE '^timeout' $dc ; then
sed -r -i 's/^timeout.*/timeout 300;/' $dc
else
echo 'timeout 300;' >> $dc
fi
# Implement password policy
# Length: 6-72 characters long
# Contain any combination of 3 of the following:
# - a lowercase character
# - an uppercase character
# - a number
# - a special character
pwd_policy="minlen=6 dcredit=1 ucredit=1 lcredit=1 ocredit=1 minclass=3"
sed -i -e "s/pam_cracklib.so/pam_cracklib.so $pwd_policy/" \
/etc/pam.d/common-password-pc
sed -i -e 's/#ClientAliveInterval 0/ClientAliveInterval 180/' \
/etc/ssh/sshd_config
sed -i -e "s/#ChallengeResponseAuthentication yes/ChallengeResponseAuthentication no/" \
/etc/ssh/sshd_config
# Disable agent auto-update
sed -i -e 's/AutoUpdate.Enabled=y/AutoUpdate.Enabled=n/' \
/etc/waagent.conf
# Generate all supported SSH host key types
sed -i -e 's/SshHostKeyPairType=rsa/SshHostKeyPairType=auto/' \
/etc/waagent.conf
# Leave the ephemeral disk handling to cloud-init
sed -i -e 's/ResourceDisk.Format=y/ResourceDisk.Format=n/' \
/etc/waagent.conf
# keg: included from azure-tools-scripts
# Keep the default kernel log level (bsc#1169201)
sed -i -e 's/$klogConsoleLogLevel/#$klogConsoleLogLevel/' /etc/rsyslog.conf
# keg: included from vm-services
baseInsertService chronyd
baseInsertService haveged
# keg: included from azure-config
baseInsertService cloud-config
baseInsertService cloud-final
baseInsertService cloud-init
baseInsertService cloud-init-local
baseInsertService waagent
# keg: included from azure-tools-config
systemctl enable cloud-netconfig.timer
systemctl enable regionsrv-enabler-azure.timer
fi
if [[ $kiwi_profiles = EC2 ]]; then
# keg: included from ec2-sysconfig
baseUpdateSysConfig /etc/sysconfig/network/dhcp DHCLIENT_SET_HOSTNAME "no"
# keg: included from aws-tools
baseUpdateSysConfig /etc/sysconfig/network/config NETCONFIG_MODULES_ORDER "cloud-netconfig dns-resolver dns-bind dns-dnsmasq nis ntp-runtime"
# keg: included from ec2-config
# No Xen based instance types for ARM, no need for custom config
if [ "`uname -m`" = "aarch64" ]; then
rm -f /etc/dracut.conf.d/07-*.conf
fi
sed -i -e "s/#ChallengeResponseAuthentication yes/ChallengeResponseAuthentication no/" \
/etc/ssh/sshd_config
# Disable password based login via ssh
sed -i -e 's/#PasswordAuthentication yes/PasswordAuthentication no/' \
/etc/ssh/sshd_config
# keg: included from vm-services
baseInsertService chronyd
baseInsertService haveged
# keg: included from ec2-services
baseInsertService cloud-config
baseInsertService cloud-final
baseInsertService cloud-init
baseInsertService cloud-init-local
# keg: included from aws-tools
systemctl enable cloud-netconfig.timer
fi
if [[ $kiwi_profiles = GCE ]]; then
# keg: included from gce-sysconfig
baseUpdateSysConfig /etc/sysconfig/network/dhcp DHCLIENT_SET_HOSTNAME "yes"
# keg: included from gce-tools
baseUpdateSysConfig /etc/sysconfig/network/config NETCONFIG_MODULES_ORDER "cloud-netconfig dns-resolver dns-bind dns-dnsmasq nis ntp-runtime"
# keg: included from gce-config
cat >> "/etc/boto.cfg" <<EOF
[Boto]
ca_certificates_file = system
EOF
cat >> "/etc/boto.cfg.template" <<EOF
[Boto]
ca_certificates_file = system
EOF
cat >> "/etc/default/instance_configs.cfg.distro" <<EOF
[InstanceSetup]
set_boto_config = false
EOF
# keg: included from gce-config
sed -i -e "s/#ChallengeResponseAuthentication yes/ChallengeResponseAuthentication no/" \
/etc/ssh/sshd_config
# Disable password based login via ssh
sed -i -e 's/#PasswordAuthentication yes/PasswordAuthentication no/' \
/etc/ssh/sshd_config
# keg: included from vm-services
baseInsertService chronyd
baseInsertService haveged
# keg: included from gce-services
baseInsertService google-guest-agent
baseInsertService google-osconfig-agent
systemctl enable google-oslogin-cache.timer
baseInsertService google-shutdown-scripts
baseInsertService google-startup-scripts
baseInsertService rootgrow
fi
