File config.kiwi of Package SLES15-SP7-SAP-Hardened-BYOS
<?xml version="1.0" encoding="utf-8"?>
<!-- Image description generated by keg on 2025-04-30 11:52:40 -->
<!-- OBS-Profiles: @BUILD_FLAVOR@ -->
<!-- OBS-IgnorePackage: rpm -->
<!-- OBS-ExclusiveArch: x86_64 -->
<image schemaversion="7.5" name="SLES15-SP7-SAP-Hardened-BYOS" displayname="SLES15-SP7-SAP-Hardened-BYOS">
<description type="system">
<author>Public Cloud Team</author>
<contact>public-cloud-dev@susecloud.net</contact>
<specification>SUSE Linux Enterprise Server for SAP Applications 15 SP7 BYOS hardened guest image</specification>
</description>
<profiles>
<profile name="Azure" description="Azure configuration"/>
<profile name="EC2" description="EC2 configuration"/>
<profile name="GCE" description="GCE configuration"/>
</profiles>
<preferences>
<keytable>us</keytable>
<locale>en_US</locale>
<packagemanager>zypper</packagemanager>
<rpm-check-signatures>false</rpm-check-signatures>
<timezone>UTC</timezone>
<version>0.9.3</version>
</preferences>
<preferences profiles="Azure">
<type bootpartition="true" firmware="uefi" devicepersistency="by-uuid" filesystem="xfs" image="oem" kernelcmdline="console=ttyS0 net.ifnames=0 dis_ucode_ldr earlyprintk=ttyS0 multipath=off nvme_core.io_timeout=240 rootdelay=300 scsi_mod.use_blk_mq=1 USE_BY_UUID_DEVICE_NAMES=1 systemd.unified_cgroup_hierarchy=1" bootpartsize="1024" efipartsize="512" format="vhd-fixed" formatoptions="force_size" vhdfixedtag="7ab0a676-cae4-46be-8ee1-7a28b0559989">
<size unit="M">30720</size>
<bootloader name="grub2" timeout="1" console="serial" timeout_style="countdown"/>
</type>
</preferences>
<preferences profiles="EC2">
<type bootpartition="false" firmware="uefi" devicepersistency="by-label" filesystem="xfs" image="oem" kernelcmdline="console=ttyS0 net.ifnames=0 8250.nr_uarts=4 dis_ucode_ldr multipath=off nvme_core.admin_timeout=4294967295 nvme_core.io_timeout=4294967295 systemd.unified_cgroup_hierarchy=1">
<size unit="M">10240</size>
<bootloader name="grub2" timeout="1"/>
<machine xen_loader="hvmloader"/>
</type>
</preferences>
<preferences profiles="GCE">
<type bootpartition="false" firmware="uefi" devicepersistency="by-label" filesystem="xfs" image="oem" kernelcmdline="console=ttyS0,115200 net.ifnames=0 dis_ucode_ldr multipath=off systemd.unified_cgroup_hierarchy=1" format="gce" gcelicense="6035015651111738499">
<size unit="M">10240</size>
<bootloader name="grub2" timeout="1" console="serial"/>
</type>
</preferences>
<users>
<user name="root" groups="root" home="/root" password="$1$wYJUgpM5$RXMMeASDc035eX.NbYWFl0"/>
</users>
<repository type="rpm-md">
<source path="obsrepositories:/"/>
</repository>
<packages type="bootstrap">
<!-- begin namespace bootstrap -->
<package name="filesystem"/>
<package name="glibc-locale"/>
<!-- end namespace bootstrap -->
<!-- begin namespace rpm_ndb -->
<package name="rpm-ndb"/>
<!-- end namespace rpm_ndb -->
</packages>
<packages type="image">
<!-- begin namespace common -->
<package name="audit"/>
<package name="blog"/>
<package name="chrony"/>
<package name="dosfstools"/>
<package name="dracut"/>
<package name="grub2"/>
<package name="hostname"/>
<package name="iputils"/>
<package name="kdump"/>
<package name="openssh"/>
<package name="parted"/>
<package name="sudo"/>
<package name="supportutils"/>
<package name="suse-build-key"/>
<package name="system-group-hardware"/>
<package name="system-group-wheel"/>
<package name="system-user-nobody"/>
<package name="systemd"/>
<package name="terminfo"/>
<package name="timezone"/>
<package name="udev"/>
<package name="which"/>
<package name="xfsprogs"/>
<!-- end namespace common -->
<!-- begin namespace common_suse_connect -->
<package name="suseconnect-ng"/>
<!-- end namespace common_suse_connect -->
<!-- begin namespace common_tpm -->
<package name="tpm2.0-tools"/>
<!-- end namespace common_tpm -->
<!-- begin namespace sle_common -->
<package name="aaa_base-extras"/>
<package name="at"/>
<package name="at-spi2-core"/>
<package name="attr"/>
<package name="autofs"/>
<package name="bc"/>
<package name="binutils"/>
<package name="blktrace"/>
<package name="cifs-utils"/>
<package name="crash"/>
<package name="cronie"/>
<package name="curl"/>
<package name="cyrus-sasl"/>
<package name="cyrus-sasl-digestmd5"/>
<package name="cyrus-sasl-gssapi"/>
<package name="cyrus-sasl-plain"/>
<package name="cyrus-sasl-saslauthd"/>
<package name="deltarpm"/>
<package name="dhcp-client"/>
<package name="dos2unix"/>
<package name="ethtool"/>
<package name="expect"/>
<package name="fontconfig"/>
<package name="fonts-config"/>
<package name="fping"/>
<package name="glibc-i18ndata"/>
<package name="hostinfo"/>
<package name="iproute2"/>
<package name="irqbalance"/>
<package name="krb5-client"/>
<package name="ksh"/>
<package name="libyui-ncurses-pkg"/>
<package name="lockdev"/>
<package name="lvm2"/>
<package name="man"/>
<package name="man-pages"/>
<package name="mozilla-nss-certs"/>
<package name="netcat-openbsd"/>
<package name="nfs-client"/>
<package name="nfs-kernel-server"/>
<package name="nscd"/>
<package name="openldap2-client"/>
<package name="patterns-base-minimal_base"/>
<package name="polkit-default-privs"/>
<package name="psmisc"/>
<package name="quota"/>
<package name="rsync"/>
<package name="rsyslog"/>
<package name="screen"/>
<package name="sle-module-public-cloud-release"/>
<package name="strace"/>
<package name="supportutils-plugin-suse-public-cloud"/>
<package name="system-user-mail"/>
<package name="tcpd"/>
<package name="tcpdump"/>
<package name="tcsh"/>
<package name="telnet"/>
<package name="vim"/>
<package name="wget"/>
<package name="wicked"/>
<package name="yast2"/>
<package name="yast2-add-on"/>
<package name="yast2-audit-laf"/>
<package name="yast2-bootloader"/>
<package name="yast2-core"/>
<package name="yast2-country"/>
<package name="yast2-country-data"/>
<package name="yast2-dhcp-server"/>
<package name="yast2-dns-server"/>
<package name="yast2-firewall"/>
<package name="yast2-ftp-server"/>
<package name="yast2-hardware-detection"/>
<package name="yast2-http-server"/>
<package name="yast2-iscsi-client"/>
<package name="yast2-iscsi-lio-server"/>
<package name="yast2-kdump"/>
<package name="yast2-ldap"/>
<package name="yast2-mail"/>
<package name="yast2-network"/>
<package name="yast2-nfs-client"/>
<package name="yast2-nfs-common"/>
<package name="yast2-nfs-server"/>
<package name="yast2-nis-client"/>
<package name="yast2-nis-server"/>
<package name="yast2-ntp-client"/>
<package name="yast2-online-update"/>
<package name="yast2-online-update-frontend"/>
<package name="yast2-packager"/>
<package name="yast2-pam"/>
<package name="yast2-perl-bindings"/>
<package name="yast2-pkg-bindings"/>
<package name="yast2-printer"/>
<package name="yast2-registration"/>
<package name="yast2-samba-client"/>
<package name="yast2-samba-server"/>
<package name="yast2-security"/>
<package name="yast2-squid"/>
<package name="yast2-sudo"/>
<package name="yast2-support"/>
<package name="yast2-sysconfig"/>
<package name="yast2-tftp-server"/>
<package name="yast2-transfer"/>
<package name="yast2-trans-stats"/>
<package name="yast2-tune"/>
<package name="yast2-update"/>
<package name="yast2-users"/>
<package name="yast2-xml"/>
<package name="yast2-ycp-ui-bindings"/>
<package name="yp-tools"/>
<package name="zip"/>
<package name="zsh"/>
<!-- end namespace sle_common -->
<!-- begin namespace sle_cnf -->
<package name="scout-command-not-found"/>
<!-- end namespace sle_cnf -->
<!-- begin namespace sle_sysvcompat -->
<package name="systemd-sysvcompat"/>
<!-- end namespace sle_sysvcompat -->
<!-- begin namespace sle_nfsidmap -->
<package name="libnfsidmap1"/>
<!-- end namespace sle_nfsidmap -->
<!-- begin namespace zypper_lifecycle_plugin -->
<package name="zypper-lifecycle-plugin"/>
<!-- end namespace zypper_lifecycle_plugin -->
<!-- begin namespace hardened_base -->
<package name="aide"/>
<package name="audit-audispd-plugins"/>
<package name="firewalld-lang"/>
<package name="mozilla-nss-tools"/>
<package name="opensc"/>
<package name="openscap"/>
<package name="openscap-utils"/>
<package name="pam_pkcs11"/>
<package name="pcsc-ccid"/>
<package name="pcsc-lite"/>
<package name="pcsc-tools"/>
<package name="perl-pcsc"/>
<package name="scap-security-guide"/>
<package name="pcsc-lite"/>
<!-- end namespace hardened_base -->
<!-- begin namespace yast2_schema -->
<package name="yast2-schema-default"/>
<!-- end namespace yast2_schema -->
<!-- begin namespace billing_flavor_check -->
<package name="python-instance-billing-flavor-check"/>
<!-- end namespace billing_flavor_check -->
<!-- begin namespace sap_base -->
<package name="bing"/>
<package name="bonnie"/>
<package name="cluster-md-kmp-default"/>
<package name="cpupower"/>
<package name="dlm-kmp-default"/>
<package name="drbd-kmp-default"/>
<package name="fence-agents"/>
<package name="findutils-locate"/>
<package name="gfs2-kmp-default"/>
<package name="glibc-32bit" arch="x86_64"/>
<package name="HANA-Firewall"/>
<package name="hawk2"/>
<package name="ipmitool"/>
<package name="libatomic1"/>
<package name="libdlm"/>
<package name="libgthread-2_0-0"/>
<package name="libgtk-2_0-0"/>
<package name="libjpeg62"/>
<package name="libpng12-0"/>
<package name="libxml2-tools"/>
<package name="libyui-qt"/>
<package name="ocfs2-kmp-default"/>
<package name="patterns-ha-ha_sles"/>
<package name="patterns-sles-base"/>
<package name="patterns-sles-sap_server"/>
<package name="release-notes-sles-for-sap"/>
<package name="SAPHanaSR"/>
<package name="SAPHanaSR-doc"/>
<package name="sap-suse-cluster-connector"/>
<package name="saptune"/>
<package name="socat"/>
<package name="supportutils-plugin-ha-sap"/>
<package name="tuned"/>
<package name="xauth"/>
<package name="xkbcomp"/>
<package name="xorg-x11-Xvnc"/>
<package name="yast2-control-center-qt"/>
<package name="yast2-hana-firewall"/>
<package name="yast2-sap-ha"/>
<package name="yast2-sap-scp"/>
<package name="yast2-sap-scp-prodlist"/>
<!-- end namespace sap_base -->
<!-- begin namespace sap_release -->
<package name="SLES_SAP-release"/>
<!-- end namespace sap_release -->
<!-- begin namespace sap_libnsl1 -->
<package name="libnsl1"/>
<!-- end namespace sap_libnsl1 -->
<!-- begin namespace sap_byos -->
<package name="drbd-formula"/>
<package name="habootstrap-formula"/>
<package name="iscsi-formula"/>
<package name="python3-shaptools"/>
<package name="salt-shaptools"/>
<package name="saphanabootstrap-formula"/>
<package name="sapnwbootstrap-formula"/>
<package name="salt-minion"/>
<!-- end namespace sap_byos -->
<!-- begin namespace sap_extra -->
<package name="docker"/>
<package name="libvirt-client"/>
<!-- end namespace sap_extra -->
<!-- begin namespace sap_byos_modules -->
<package name="sle-ha-release"/>
<package name="sle-module-development-tools-release"/>
<package name="sle-module-containers-release"/>
<package name="sle-module-sap-applications-release"/>
<!-- end namespace sap_byos_modules -->
</packages>
<packages type="image" profiles="Azure">
<archive name="azure.tar.gz"/>
<!-- begin namespace default_bootloader -->
<package name="grub2-x86_64-efi" arch="x86_64"/>
<!-- end namespace default_bootloader -->
<!-- begin namespace default_shim -->
<package name="shim"/>
<!-- end namespace default_shim -->
<!-- begin namespace default_oem_repart -->
<package name="dracut-kiwi-oem-repart"/>
<!-- end namespace default_oem_repart -->
<!-- begin namespace azure_base -->
<package name="hyper-v"/>
<!-- end namespace azure_base -->
<!-- begin namespace azure_cryptsetup -->
<package name="cryptsetup"/>
<!-- end namespace azure_cryptsetup -->
<!-- begin namespace azure_init -->
<package name="cloud-init"/>
<package name="cloud-init-config-suse"/>
<package name="python-azure-agent"/>
<!-- end namespace azure_init -->
<!-- begin namespace azure_kernel -->
<package name="kernel-default" arch="x86_64"/>
<!-- end namespace azure_kernel -->
<!-- begin namespace azure_cloud_netconfig -->
<package name="cloud-netconfig-azure"/>
<!-- end namespace azure_cloud_netconfig -->
<!-- begin namespace azure_tools -->
<package name="azure-cli"/>
<package name="lsscsi"/>
<package name="python311-azure-sdk"/>
<package name="python3-azuremetadata"/>
<!-- end namespace azure_tools -->
<!-- begin namespace azure_registration -->
<package name="cloud-regionsrv-client"/>
<package name="cloud-regionsrv-client-plugin-azure"/>
<package name="regionsrv-certs"/>
<package name="regionServiceClientConfigAzure"/>
<package name="regionServiceCertsAzure"/>
<!-- end namespace azure_registration -->
<!-- begin namespace azure_regionsrv_client_addon -->
<package name="cloud-regionsrv-client-addon-azure"/>
<!-- end namespace azure_regionsrv_client_addon -->
<!-- begin namespace azure_waagent_config -->
<package name="python-azure-agent-config-server"/>
<!-- end namespace azure_waagent_config -->
<!-- begin namespace azure_dracut_config -->
<package name="microsoft-dracut-config"/>
<!-- end namespace azure_dracut_config -->
<!-- begin namespace azure_vm_utils -->
<package name="azure-vm-utils"/>
<!-- end namespace azure_vm_utils -->
<!-- begin namespace azure_insserv_compat -->
<package name="insserv-compat"/>
<!-- end namespace azure_insserv_compat -->
<!-- begin namespace azure_sap -->
<package name="fence-agents-azure-arm"/>
<!-- end namespace azure_sap -->
</packages>
<packages type="image" profiles="EC2">
<archive name="ec2.tar.gz"/>
<!-- begin namespace default_bootloader -->
<package name="grub2-x86_64-efi" arch="x86_64"/>
<!-- end namespace default_bootloader -->
<!-- begin namespace default_kernel -->
<package name="kernel-default"/>
<!-- end namespace default_kernel -->
<!-- begin namespace default_shim -->
<package name="shim"/>
<!-- end namespace default_shim -->
<!-- begin namespace default_oem_repart -->
<package name="dracut-kiwi-oem-repart"/>
<!-- end namespace default_oem_repart -->
<!-- begin namespace ec2_base -->
<package name="grub2-x86_64-xen" arch="x86_64"/>
<package name="xen-libs" arch="x86_64"/>
<package name="xen-tools-domU" arch="x86_64"/>
<!-- end namespace ec2_base -->
<!-- begin namespace ec2_cloud_netconfig -->
<package name="cloud-netconfig-ec2"/>
<!-- end namespace ec2_cloud_netconfig -->
<!-- begin namespace ec2_init -->
<package name="cloud-init"/>
<package name="cloud-init-config-suse"/>
<!-- end namespace ec2_init -->
<!-- begin namespace ec2_tools -->
<package name="amazon-ssm-agent"/>
<package name="aws-cli"/>
<package name="python3-ec2metadata"/>
<!-- end namespace ec2_tools -->
<!-- begin namespace ec2_image_utils -->
<package name="python311-ec2imgutils"/>
<!-- end namespace ec2_image_utils -->
<!-- begin namespace ec2_registration -->
<package name="cloud-regionsrv-client"/>
<package name="cloud-regionsrv-client-plugin-ec2"/>
<package name="regionsrv-certs"/>
<package name="regionServiceClientConfigEC2"/>
<package name="regionServiceCertsEC2"/>
<!-- end namespace ec2_registration -->
<!-- begin namespace ec2_dracut_config -->
<package name="amazon-dracut-config"/>
<!-- end namespace ec2_dracut_config -->
<!-- begin namespace no_ssh_pwd_root_login -->
<package name="openssh-server-config-disallow-rootlogin"/>
<!-- end namespace no_ssh_pwd_root_login -->
</packages>
<packages type="image" profiles="GCE">
<archive name="gce.tar.gz"/>
<!-- begin namespace default_bootloader -->
<package name="grub2-x86_64-efi" arch="x86_64"/>
<!-- end namespace default_bootloader -->
<!-- begin namespace default_kernel -->
<package name="kernel-default"/>
<!-- end namespace default_kernel -->
<!-- begin namespace default_shim -->
<package name="shim"/>
<!-- end namespace default_shim -->
<!-- begin namespace default_oem_repart -->
<package name="dracut-kiwi-oem-repart"/>
<!-- end namespace default_oem_repart -->
<!-- begin namespace gce_cloud_netconfig -->
<package name="cloud-netconfig-gce"/>
<!-- end namespace gce_cloud_netconfig -->
<!-- begin namespace gce_init -->
<package name="google-guest-agent"/>
<package name="google-guest-configs"/>
<package name="google-guest-oslogin"/>
<package name="google-osconfig-agent"/>
<package name="kernel-default"/>
<!-- end namespace gce_init -->
<!-- begin namespace gce_tools -->
<package name="python3-gcemetadata"/>
<!-- end namespace gce_tools -->
<!-- begin namespace gce_registration -->
<package name="cloud-regionsrv-client"/>
<package name="cloud-regionsrv-client-plugin-gce"/>
<package name="regionsrv-certs"/>
<package name="regionServiceClientConfigGCE"/>
<package name="regionServiceCertsGCE"/>
<!-- end namespace gce_registration -->
<!-- begin namespace gce_dracut_config -->
<package name="google-dracut-config"/>
<!-- end namespace gce_dracut_config -->
<!-- begin namespace no_ssh_pwd_root_login -->
<package name="openssh-server-config-disallow-rootlogin"/>
<!-- end namespace no_ssh_pwd_root_login -->
<!-- begin namespace gce_sap_agent -->
<package name="google-cloud-sap-agent"/>
<!-- end namespace gce_sap_agent -->
<!-- begin namespace gce_google_auth -->
<package name="python3-google-api-python-client"/>
<package name="python3-google-auth"/>
<package name="python3-google-auth-httplib2"/>
<package name="python3-pyroute2"/>
<!-- end namespace gce_google_auth -->
<!-- begin namespace gce_fence_agents_deps -->
<package name="python3-fasteners"/>
<package name="python3-monotonic"/>
<package name="python3-oauth2client"/>
<package name="python3-oauth2client-gce"/>
<package name="python3-pycryptodome"/>
<!-- end namespace gce_fence_agents_deps -->
</packages>
</image>
