Overview

File config.sh of Package SLES15-SP1-OCI-BYOS

#!/bin/bash
#================
# FILE          : config.sh
#----------------
# PROJECT       : openSUSE KIWI Image System
# COPYRIGHT     : (c) 2019 SUSE LLC. All rights reserved
#               :
# AUTHOR        : Public Cloud Team public-cloud-dev@susecloud.net
#               :
# BELONGS TO    : Operating System images
#               :
# DESCRIPTION   : configuration script for SUSE based
#               : operating systems
#               :
#               :
# STATUS        : Production
#----------------
#======================================
# Functions...
#--------------------------------------
test -f /.kconfig && . /.kconfig
test -f /.profile && . /.profile

#======================================
# Greeting...
#--------------------------------------
echo "Configure image: [$kiwi_iname]..."

#======================================
# Setup base product
#--------------------------------------
suseSetupProduct

#======================================
# Setup the build keys
#--------------------------------------
suseImportBuildKey

#=========================================
# Set sysconfig options
#-----------------------------------------

# Set sysconfig for default variable we want to change
baseUpdateSysConfig /etc/sysconfig/bootloader LOADER_TYPE grub2
baseUpdateSysConfig /etc/sysconfig/keyboard COMPOSETABLE "clear latin1.add"
baseUpdateSysConfig /etc/sysconfig/language INSTALLED_LANGUAGES ""
baseUpdateSysConfig /etc/sysconfig/language RC_LANG "C.UTF-8"
baseUpdateSysConfig /etc/sysconfig/network/dhcp DHCLIENT_SET_HOSTNAME no
baseUpdateSysConfig /etc/sysconfig/network/dhcp WRITE_HOSTNAME_TO_HOSTS no
baseUpdateSysConfig /etc/sysconfig/security POLKIT_DEFAULT_PRIVS restrictive
baseUpdateSysConfig /etc/sysconfig/SuSEfirewall2 FW_LOAD_MODULES "nf_conntrack_netbios_ns"
baseUpdateSysConfig /etc/sysconfig/SuSEfirewall2 FW_DEV_EXT "any eth0"
baseUpdateSysConfig /etc/sysconfig/SuSEfirewall2 FW_LOG_DROP_CRIT yes
baseUpdateSysConfig /etc/sysconfig/SuSEfirewall2 FW_LOG_DROP_ALL no
baseUpdateSysConfig /etc/sysconfig/SuSEfirewall2 FW_LOG_ACCEPT_CRIT yes
baseUpdateSysConfig /etc/sysconfig/SuSEfirewall2 FW_LOG_ACCEPT_ALL no
baseUpdateSysConfig /etc/sysconfig/SuSEfirewall2 FW_ALLOW_FW_BROADCAST_EXT no
baseUpdateSysConfig /etc/sysconfig/SuSEfirewall2 FW_ALLOW_FW_BROADCAST_INT no
baseUpdateSysConfig /etc/sysconfig/SuSEfirewall2 FW_ALLOW_FW_BROADCAST_DMZ no
baseUpdateSysConfig /etc/sysconfig/SuSEfirewall2 FW_IGNORE_FW_BROADCAST_INT no
baseUpdateSysConfig /etc/sysconfig/SuSEfirewall2 FW_IGNORE_FW_BROADCAST_DMZ no
baseUpdateSysConfig /etc/sysconfig/SuSEfirewall2 FW_IPSEC_TRUST no
baseUpdateSysConfig /etc/sysconfig/windowmanager DEFAULT_WM ""
baseUpdateSysConfig /etc/sysconfig/windowmanager INSTALL_DESKTOP_EXTENSIONS no

# Set sysconfig for things that are not setup by default, net new
echo 'CONSOLE_ENCODING="UTF-8"' >> /etc/sysconfig/console
echo 'CONSOLE_FONT="lat9w-16.psfu"' >> /etc/sysconfig/console
echo 'CONSOLE_SCREENMAP="trivial"' >> /etc/sysconfig/console
echo 'DEFAULT_TIMEZONE="Etc/UTC"' >> /etc/sysconfig/clock
echo 'HWCLOCK="-u"' >> /etc/sysconfig/clock
echo 'UTC=true' >> /etc/sysconfig/clock
echo '
# The YaST-internal identifier of the attached keyboard.
#
YAST_KEYBOARD="english-us,pc104"' >> /etc/sysconfig/keyboard

echo 'SECURE_BOOT="yes"
TRUSTED_BOOT="no"
' >> /etc/sysconfig/bootloader

# Configuration outside of sysconfig
# Setup policy kit
[ -x /sbin/set_polkit_default_privs ] && /sbin/set_polkit_default_privs

# Disable password based login via ssh
sed -i 's/#ChallengeResponseAuthentication yes/ChallengeResponseAuthentication no/' /etc/ssh/sshd_config
sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config

# Remove the password for root
# Note the string matches the password set in the config file
sed -i 's/$1$wYJUgpM5$RXMMeASDc035eX.NbYWFl0/*/' /etc/shadow

# Do not use delta rpms in the cloud
sed -i 's/# download.use_deltarpm = true/download.use_deltarpm = false/' \
    /etc/zypp/zypp.conf

if [ -f /etc/modprobe.d/unsupported-modules ];then
    sed -i -r -e 's/^(allow_unsupported_modules[[:space:]]*).*/\10/' \
        /etc/modprobe.d/unsupported-modules
fi

# Disable memory hotplug bsc#1028173
sed -i 's/SUBSYSTEM=="memory"/#SUBSYSTEM=="memory"/' \
    /usr/lib/udev/rules.d/80-hotplug-cpu-mem.rules

#======================================
# Activate services
#--------------------------------------
suseInsertService boot.device-mapper
suseInsertService sshd
suseInsertService cloud-init-local
suseInsertService cloud-init
suseInsertService cloud-config
suseInsertService cloud-final
suseInsertService haveged
suseInsertService iscsid.service
suseInsertService iscsiuio.service
suseInsertService ntpd
suseRemoveService acpid
suseRemoveService boot.efivars
suseRemoveService boot.lvm
suseRemoveService boot.md
suseRemoveService boot.multipath
suseRemoveService display-manager
suseRemoveService kbd

#======================================
# Umount kernel filesystems
#--------------------------------------
baseCleanMount

exit 0
openSUSE Build Service is sponsored by
Places