File config.sh of Package SLES15-SP5-HPC
#!/bin/bash
#================
# FILE : config.sh
#----------------
# PROJECT : SUSE Public Cloud recipes
# COPYRIGHT : (c) 2023 SUSE LLC. All rights reserved
# :
# CONTACT : Public Cloud Team public-cloud-dev@susecloud.net
# :
# BELONGS TO : Operating System images
# :
# DESCRIPTION : OS configuration script
# :
# :
# STATUS : Production
# GENERATED BY : keg 1.1.0 on 2023-02-17 14:33:46
#----------------
#======================================
# Functions...
#--------------------------------------
test -f /.kconfig && . /.kconfig
test -f /.profile && . /.profile
#======================================
# Fail build on error
#--------------------------------------
set -e
#======================================
# Greeting...
#--------------------------------------
echo "Configure image: [$kiwi_iname]..."
#======================================
# Setup the build keys
#--------------------------------------
suseImportBuildKey
# keg: included from common-sysconfig
baseUpdateSysConfig /etc/sysconfig/keyboard COMPOSETABLE "clear latin1.add"
baseUpdateSysConfig /etc/sysconfig/language INSTALLED_LANGUAGES ""
baseUpdateSysConfig /etc/sysconfig/language RC_LANG "C.UTF-8"
baseUpdateSysConfig /etc/sysconfig/security POLKIT_DEFAULT_PRIVS "restrictive"
baseUpdateSysConfig /etc/sysconfig/windowmanager DEFAULT_WM ""
baseUpdateSysConfig /etc/sysconfig/windowmanager INSTALL_DESKTOP_EXTENSIONS "no"
# keg: included from common-files
cat >> "/etc/profile" <<EOF
# yast in Public Cloud images fix
NCURSES_NO_UTF8_ACS=1
export NCURSES_NO_UTF8_ACS
EOF
cat >> "/etc/sysconfig/console" <<EOF
CONSOLE_ENCODING="UTF-8"
CONSOLE_FONT="lat9w-16.psfu"
CONSOLE_SCREENMAP="trivial"
EOF
cat >> "/etc/zypp/locks" <<EOF
type: package
match_type: glob
case_sensitive: on
solvable_name: plymouth*
EOF
# keg: included from hpc-variant
cat >> "/etc/os-release" <<EOF
VARIANT_ID="sles-hpc"
EOF
# keg: included from hpc-memlock-unlimited
cat > "/etc/security/limits.d/hpc.conf" <<EOF
* - memlock unlimited
EOF
# keg: included from common-config
# Start generate /etc/motd
#
source /etc/os-release
OS_PRETTY_NAME="$PRETTY_NAME"
OS_VERSION_MAJOR="${VERSION_ID%.*}"
ARCH="`uname -m`"
for suma_prod in /etc/products.d/SUSE-Manager-Server.prod /etc/products.d/SUSE-Manager-Proxy.prod
do
if [[ -f $suma_prod ]]; then
SUMA_VERSION=`sed -n -r -e '/<version>/s/( *<version>)([^<]*)(.*)/\2/p' $suma_prod`
break
fi
done
test -f etc/products.d/SLES_SAP.prod && OS_PRETTY_NAME="$OS_PRETTY_NAME for SAP Applications"
get_motd_includes()
{
if [ -d /etc/motd.d ]; then
for inc in `ls /etc/motd.d` ; do
echo "r /etc/motd.d/${inc}"
done
fi
}
test -f /etc/motd-caption && cap_replace="r /etc/motd-caption"
motd_func="\
s/{OS_PRETTY_NAME}/$OS_PRETTY_NAME/g
s/{OS_VERSION_MAJOR}/$OS_VERSION_MAJOR/g
s/{ARCH}/$ARCH/g
s/{SUMA_VERSION}/$SUMA_VERSION/g
/{CAPTION}/{
$cap_replace
d
}
/{INCLUDES}/{
`get_motd_includes`
d
}"
for motd in /etc/motd* ; do
test -f $motd || continue
sed -i -e "$motd_func" $motd
done
test -d /etc/motd.d && rm -r /etc/motd.d
test -f /etc/motd-caption && rm /etc/motd-caption
#
# End generate /etc/motd
[ -x /sbin/set_polkit_default_privs ] && /sbin/set_polkit_default_privs
# Generation of the iscsi config file moved to %post of the package
# This implies that all instances have the same iscsi initiator name as the
# file is generated during image build. We do not want this (bsc#1202540)
rm -rf /etc/iscsi/initiatorname.iscsi
sed -i -e 's/^root:[^:]*:/root:*:/' /etc/shadow
prodfiles=(`grep -l '<codestream>' /etc/products.d/*prod`)
for p in $prodfiles ; do
grep -q '<flavor>extension</flavor>' $p || prodfile="$prodfile $p"
done
if [[ ${#prodfile[*]} -ne 1 ]]; then
echo "No base product package installed or base product ambiguous." >&2
false
else
ln -sf `basename "${prodfile[0]}"` /etc/products.d/baseproduct
fi
sed -i -e 's/# download.use_deltarpm = true/download.use_deltarpm = false/' \
/etc/zypp/zypp.conf
sed -i -e 's/latest,latest-1,running/latest,running/' /etc/zypp/zypp.conf
# keg: included from common-services
baseInsertService boot.device-mapper
baseInsertService haveged
baseInsertService sshd
baseRemoveService boot.efivars
baseRemoveService boot.lvm
baseRemoveService boot.md
baseRemoveService boot.multipath
baseRemoveService display-manager
baseRemoveService kbd
# keg: included from guestregister
baseInsertService guestregister
# keg: included from hpc-iscsid
baseRemoveService iscsi
baseRemoveService iscsid
if [[ $kiwi_profiles = Azure ]]; then
# keg: included from azure-cloud-netconfig
baseUpdateSysConfig /etc/sysconfig/network/config NETCONFIG_MODULES_ORDER "cloud-netconfig dns-resolver dns-bind dns-dnsmasq nis ntp-runtime"
# keg: included from azure-set-hostname
baseUpdateSysConfig /etc/sysconfig/network/dhcp DHCLIENT_SET_HOSTNAME "no"
# keg: included from azure-scripts
# Implement password policy
# Length: 6-72 characters long
# Contain any combination of 3 of the following:
# - a lowercase character
# - an uppercase character
# - a number
# - a special character
pwd_policy="minlen=6 dcredit=1 ucredit=1 lcredit=1 ocredit=1 minclass=3"
sed -i -e "s/pam_cracklib.so/pam_cracklib.so $pwd_policy/" \
/etc/pam.d/common-password-pc
sed -i -e 's/#ClientAliveInterval 0/ClientAliveInterval 180/' \
/etc/ssh/sshd_config
# keg: included from azure-default-kernel-log-level
# Keep the default kernel log level (bsc#1169201)
sed -i -e 's/$klogConsoleLogLevel/#$klogConsoleLogLevel/' /etc/rsyslog.conf
# keg: included from azure-dhclient-timeout
dc=/etc/dhclient.conf
if grep -qE '^timeout' $dc ; then
sed -r -i 's/^timeout.*/timeout 300;/' $dc
else
echo 'timeout 300;' >> $dc
fi
# keg: included from azure-sshd-config
sed -i -e "s/#ChallengeResponseAuthentication yes/ChallengeResponseAuthentication no/" \
/etc/ssh/sshd_config
# keg: included from azure-waagent
# Disable agent auto-update
sed -i -e 's/AutoUpdate.Enabled=y/AutoUpdate.Enabled=n/' \
/etc/waagent.conf
# Generate all supported SSH host key types
sed -i -e 's/SshHostKeyPairType=rsa/SshHostKeyPairType=auto/' \
/etc/waagent.conf
# Leave the ephemeral disk handling to cloud-init
sed -i -e 's/ResourceDisk.Format=y/ResourceDisk.Format=n/' \
/etc/waagent.conf
# keg: included from waagent-rdma
# HPC only. While there is no more specific driver we still need to enable
# RDMA to make the logic in the agent set up the IB interface
sed -i -e 's/# OS.EnableRDMA=y/OS.EnableRDMA=y/' /etc/waagent.conf
# keg: included from vm-services
baseInsertService chronyd
# keg: included from azure-cloud-netconfig
systemctl enable cloud-netconfig.timer
# keg: included from azure-services
baseInsertService cloud-config
baseInsertService cloud-final
baseInsertService cloud-init
baseInsertService cloud-init-local
baseInsertService waagent
# keg: included from azure-regionsrv-timer
systemctl enable regionsrv-enabler-azure.timer
fi
if [[ $kiwi_profiles = EC2 ]]; then
# keg: included from ec2-cloud-netconfig
baseUpdateSysConfig /etc/sysconfig/network/config NETCONFIG_MODULES_ORDER "cloud-netconfig dns-resolver dns-bind dns-dnsmasq nis ntp-runtime"
# keg: included from ec2-set-hostname
baseUpdateSysConfig /etc/sysconfig/network/dhcp DHCLIENT_SET_HOSTNAME "no"
# keg: included from grub-root-label-workaround-bsc#1197616
cat >> "/etc/default/grub" <<EOF
GRUB_CMDLINE_LINUX="root=LABEL=ROOT"
SUSE_REMOVE_LINUX_ROOT_PARAM=true
EOF
# keg: included from ec2-scripts
# No Xen based instance types for ARM, no need for custom config
if [ "`uname -m`" = "aarch64" ]; then
rm -f /etc/dracut.conf.d/07-*.conf
fi
sed -i -e "s/#ChallengeResponseAuthentication yes/ChallengeResponseAuthentication no/" \
/etc/ssh/sshd_config
# Disable password based login via ssh
sed -i -e 's/#PasswordAuthentication yes/PasswordAuthentication no/' \
/etc/ssh/sshd_config
# keg: included from vm-services
baseInsertService chronyd
# keg: included from ec2-services
baseInsertService cloud-config
baseInsertService cloud-final
baseInsertService cloud-init
baseInsertService cloud-init-local
# keg: included from ec2-cloud-netconfig
systemctl enable cloud-netconfig.timer
fi
if [[ $kiwi_profiles = GCE ]]; then
# keg: included from gce-sysconfig-netconfig
baseUpdateSysConfig /etc/sysconfig/network/config NETCONFIG_MODULES_ORDER "cloud-netconfig dns-resolver dns-bind dns-dnsmasq nis ntp-runtime"
# keg: included from gce-set-hostname
baseUpdateSysConfig /etc/sysconfig/network/dhcp DHCLIENT_SET_HOSTNAME "yes"
# keg: included from gce-config
cat >> "/etc/boto.cfg" <<EOF
[Boto]
ca_certificates_file = system
EOF
cat >> "/etc/boto.cfg.template" <<EOF
[Boto]
ca_certificates_file = system
EOF
cat >> "/etc/default/instance_configs.cfg.distro" <<EOF
[InstanceSetup]
set_boto_config = false
EOF
# keg: included from gce-config
sed -i -e "s/#ChallengeResponseAuthentication yes/ChallengeResponseAuthentication no/" \
/etc/ssh/sshd_config
# Disable password based login via ssh
sed -i -e 's/#PasswordAuthentication yes/PasswordAuthentication no/' \
/etc/ssh/sshd_config
# keg: included from vm-services
baseInsertService chronyd
# keg: included from gce-services
baseInsertService google-guest-agent
baseInsertService google-osconfig-agent
systemctl enable google-oslogin-cache.timer
baseInsertService google-shutdown-scripts
baseInsertService google-startup-scripts
baseInsertService rootgrow
fi
