Proposal for adding to the blueprint customizations

The goal here is to do the minimum needed to get the images setup for
use so they can have more complex customizations applied later.
I think this list is a pretty good minimal set of features without going
full kickstart.
This commit is contained in:
Brian C. Lane 2019-03-07 09:30:55 -08:00
parent 21e141a84c
commit 95c288d829

View File

@ -175,10 +175,16 @@ for selecting optional packages.
Customizations Customizations
~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~
The ``[[customizations]]`` section can be used to configure the hostname of the final image. eg.:: The ``[customizations]`` section can be used to configure the hostname,
language, and timezone of the final image. eg.::
[[customizations]] [customizations]
hostname = "baseimage" hostname = "baseimage"
timezone = "US/Eastern"
These are all optional and may be left out to use the defaults.
The values supported by ``timezone`` can be listed by running ``timedatectl list-timezones``.
[customizations.kernel] [customizations.kernel]
@ -282,6 +288,69 @@ Note that the repository is cloned in full each time a build is started, so poin
repository with a large amount of history may take a while to clone and use a significant repository with a large amount of history may take a while to clone and use a significant
amount of disk space. The clone is temporary and is removed once the rpm is created. amount of disk space. The clone is temporary and is removed once the rpm is created.
[customizations.locale]
*************************
Customize the locale settings for the system::
[[customizations.locale]]
language = "en_US.UTF-8"
keyboard = "us"
The values supported by ``language`` can be listed by running ``localectl list-locales`` from
the command line.
The values supported by ``keyboard`` can be listed by running ``localectl list-keymaps`` from
the command line.
[customizations.firewall]
*************************
By default the firewall blocks all access except for services that enable their ports explicitly,
like ``sshd``. This command can be used to open other ports or services. Ports are configured using
the port:protocol format::
[customizations.firewall.ports]
enabled = ["80:tcp", "imap:tcp", "53:tcp", "53:udp"]
disabled = ["23:tcp", "mysql:tcp"]
Numeric ports, or their names from ``/etc/services`` can be used in the ``ports`` enabled/disabled lists.
If the distribution uses ``firewalld`` you can specify services listed by ``firewall-cmd --get-services``
in a ``customizations.firewall.services`` section::
[customizations.firewall.services]
enabled = ["ftp", "ntp", "dhcp"]
Note that these are different from the names in ``/etc/services``, and only ``enabled`` is supported.
Both are optional, if they are not used leave them out or set them to an empty list ``[]``. If you
only want the default firewall setup this section can be omitted from the blueprint.
[customizations.services]
*************************
This section can be used to control which services are enabled at boot time. Some image types
already have services enabled or disabled in order for the image to work correctly, and cannot
be overridden. eg. ``ami`` requires ``sshd``, ``chronyd``, and ``cloud-init``. Without them the image will
not boot.
The service names are systemd service units. On RHEL7 only ``.service`` units can be
enabled or disabled. Other releases may specify any systemd unit file, eg. ``cockpit.socket``
[customizations.services]
enabled = ["sshd", "cockpit.socket", "httpd"]
disabled = ["postfix", "telnetd"]
.. warning::
The service must be installed, otherwise systemd will fail when trying to enable or disable
the nonexistant service.
TODO -- Confirm this is still true and if not, on which releases
Adding Output Types Adding Output Types
------------------- -------------------