diff --git a/README.livemedia-creator b/README.livemedia-creator new file mode 100644 index 00000000..9999258f --- /dev/null +++ b/README.livemedia-creator @@ -0,0 +1,170 @@ + +INTRO +----- +livemedia-creator uses Anaconda, kickstart and Lorax to create bootable media +such as live iso's that use the same install path as a normal system install. + +The general idea is to use virt-install to install into a disk image and then +use the disk image to create the bootable media. + +livemedia-creator --help will describe all of the options available. At the +minimum you need: + +--make-iso to create a final bootable .iso +--iso to specify the Anaconda install media to use with virt-install +--ks is the kickstart to use to install the system + + +QUICKSTART +---------- +sudo livemedia-creator --make-iso \ +--iso=/extra/iso/Fedora-16-x86_64-netinst.iso --ks=./fedora-livemedia.ks + +If you are using the lorax git repo you can run it like so: + +sudo PATH=./src/sbin/:$PATH PYTHONPATH=./src/ ./src/sbin/livemedia-creator \ +--make-iso --iso=/extra/iso/Fedora-16-x86_64-netinst.iso \ +--ks=./docs/livemedia-example.ks --lorax-templates=./share/ + +If you want to watch the install you can pass '--vnc vnc' and use a vnc +client to connect to localhost:0 + +This is usually a good idea when testing changes to the kickstart. It tries +to monitor the logs for fatal errors, but may not catch everything. + + +HOW IT WORKS +------------ +The --make-* switches define the final output. Currently only --make-iso +is working. + +You then need to either pass --iso and --ks in order to create a disk image +using virt-install, or --disk-image to use a disk image from a previous run +to create the .iso + +virt-install boots using the passed Anaconda installer iso and installs the +system based on the kickstart. The %post section of the kickstart is used to +customize the installed system in the same way that current spin-kickstarts +do. + +livemedia-creator monitors the install process for problems by watching the +install logs. They are written to the current directory or to the base directory +specified by the --logfile command. You can also monitor the install by passing +--vnc vnc and using a vnc client. This is recommended when first modifying a +kickstart, since there are still places where Anaconda may get stuck without +the log monitor catching it. + +The output from this process is a partitioned disk image. kpartx can be used +to mount and examine it when there is a problem with the install. It can also +be booted using kvm. + +Once the disk image is created it copies the / partition into a formatted +disk image which is then used as the input to lorax for creation of the +final media. + +The final image is created by lorax, using the templates in /usr/share/lorax/ +or the directory specified by --lorax-templates + +Currently the standard lorax templates are used to make a bootable iso, but +it should be possible to modify them to output other results. They are +written using the Mako template system which is very flexible. + + +KICKSTARTS +---------- +Existing spin kickstarts can be used to create live media with a few changes. +Here are the steps I used to convert the XFCE spin. + +1. Flatten the xfce kickstart using ksflatten +2. Add zerombr so you don't get the disk init dialog +3. Add clearpart --all +4. Add swap and biosboot partitions +5. bootloader target +6. Add shutdown to the kickstart +7. Add network --bootproto=dhcp --activate to activate the network + This works for F16 builds but for F15 and before you need to pass + something on the cmdline that activate the network, like sshd. + +livemedia-creator --kernel-args="sshd" + +8. Add a root password + +rootpw rootme +network --bootproto=dhcp --activate +zerombr +clearpart --all +bootloader --location=mbr +part biosboot --size=1 +part swap --size=512 +shutdown + +9. In the livesys script section of the %post remove the root password. This + really depends on how the spin wants to work. You could add the live user + that you create to the %wheel group so that sudo works if you wanted to. + +passwd -d root > /dev/null + +10. Remove /etc/fstab in %post, dracut handles mounting the rootfs + +cat /dev/null > /dev/fstab + +11. Don't delete initramfs files from /boot in %post +12. Have grub-efi in the package list + +One drawback to using virt-install is that it pulls the packages from +the repo each time you run it. To speed things up you either need a local +mirror of the packages, or you can use a caching proxy. When using a proxy +you pass it to livemedia-creator like so: + +--kernel-args="proxy=http://proxy.yourdomain.com:3128" + +You also need to use a specific mirror instead of mirrormanager so that the +packages will get cached: + +url --url="http://download.fedora.redhat.com/pub/fedora/linux/development/16/x86_64/os/" + +You can also add an update repo, but don't name it updates. Add --proxy to +it as well. + + +DEBUGGING PROBLEMS +------------------ +Cleaning up an aborted (ctrl-c) virt-install run (as root): +virsh list to show the name of the virt +virsh destroy +virsh undefine +umount /tmp/tmpXXXX +rm -rf /tmp/tmpXXXX +rm /tmp/diskXXXXX + +The logs from the virt-install run are stored in virt-install.log, +logs from livemedia-creator are in livemedia.log and program.log + +You can add --image-only to skip the .iso creation and examine the resulting +disk image. Or you can pass --keep-image to keep it around after lorax is +run. + + +THE FUTURE +---------- +The current release only supports creating live iso's. In the future +I want it to be able to create ami images as well as appliance images. + +It is also limited to x86 architectures because of it's use of virt-install. +I hope to be able to support other arches by using Anaconda's image install +feature instead of virt-install. This will require that livemedia-creator +be running on the same release as is being created in order to avoid odd +problems. + +I would like to provide a set of alternate lorax template scripts to create +other media. + + +HACKING +------- +Development on this will take place as part of the lorax project, and on the +anaconda-devel-list mailing list. + +Feedback, enhancements and bugs are welcome. +You can use http://bugzilla.redhat.com to report bugs. + diff --git a/docs/fedora-livemedia.ks b/docs/fedora-livemedia.ks new file mode 100644 index 00000000..667b560f --- /dev/null +++ b/docs/fedora-livemedia.ks @@ -0,0 +1,388 @@ +#version=DEVEL +sshpw --username=root --plaintext randOmStrinGhERE +# Firewall configuration +firewall --enabled --service=mdns +# Use network installation +url --url="http://download.fedora.redhat.com/pub/fedora/linux/releases/16/Everything/x86_64/os/" +# X Window System configuration information +xconfig --startxonboot +# Root password +rootpw --plaintext removethispw +# Network information +network --bootproto=dhcp --device=eth0 --onboot=on --activate +# System authorization information +auth --useshadow --enablemd5 +# System keyboard +keyboard us +# System language +lang en_US.UTF-8 +# SELinux configuration +selinux --enforcing +# Installation logging level +logging --level=info +# Shutdown after installation +shutdown +# System services +services --disabled="network,sshd" --enabled="NetworkManager" +# System timezone +timezone US/Eastern +# System bootloader configuration +bootloader --location=mbr +# Clear the Master Boot Record +zerombr +# Partition clearing information +clearpart --all +# Disk partitioning information +part biosboot --size=1 +part / --fstype="ext4" --size=4000 +part swap --size=1000 + +%post +# FIXME: it'd be better to get this installed from a package +cat > /etc/rc.d/init.d/livesys << EOF +#!/bin/bash +# +# live: Init script for live image +# +# chkconfig: 345 00 99 +# description: Init script for live image. + +. /etc/init.d/functions + +if ! strstr "\`cat /proc/cmdline\`" liveimg || [ "\$1" != "start" ]; then + exit 0 +fi + +if [ -e /.liveimg-configured ] ; then + configdone=1 +fi + +exists() { + which \$1 >/dev/null 2>&1 || return + \$* +} + +touch /.liveimg-configured + +# mount live image +if [ -b \`readlink -f /dev/live\` ]; then + mkdir -p /mnt/live + mount -o ro /dev/live /mnt/live 2>/dev/null || mount /dev/live /mnt/live +fi + +livedir="LiveOS" +for arg in \`cat /proc/cmdline\` ; do + if [ "\${arg##live_dir=}" != "\${arg}" ]; then + livedir=\${arg##live_dir=} + return + fi +done + +# enable swaps unless requested otherwise +swaps=\`blkid -t TYPE=swap -o device\` +if ! strstr "\`cat /proc/cmdline\`" noswap && [ -n "\$swaps" ] ; then + for s in \$swaps ; do + action "Enabling swap partition \$s" swapon \$s + done +fi +if ! strstr "\`cat /proc/cmdline\`" noswap && [ -f /mnt/live/\${livedir}/swap.img ] ; then + action "Enabling swap file" swapon /mnt/live/\${livedir}/swap.img +fi + +mountPersistentHome() { + # support label/uuid + if [ "\${homedev##LABEL=}" != "\${homedev}" -o "\${homedev##UUID=}" != "\${homedev}" ]; then + homedev=\`/sbin/blkid -o device -t "\$homedev"\` + fi + + # if we're given a file rather than a blockdev, loopback it + if [ "\${homedev##mtd}" != "\${homedev}" ]; then + # mtd devs don't have a block device but get magic-mounted with -t jffs2 + mountopts="-t jffs2" + elif [ ! -b "\$homedev" ]; then + loopdev=\`losetup -f\` + if [ "\${homedev##/mnt/live}" != "\${homedev}" ]; then + action "Remounting live store r/w" mount -o remount,rw /mnt/live + fi + losetup \$loopdev \$homedev + homedev=\$loopdev + fi + + # if it's encrypted, we need to unlock it + if [ "\$(/sbin/blkid -s TYPE -o value \$homedev 2>/dev/null)" = "crypto_LUKS" ]; then + echo + echo "Setting up encrypted /home device" + plymouth ask-for-password --command="cryptsetup luksOpen \$homedev EncHome" + homedev=/dev/mapper/EncHome + fi + + # and finally do the mount + mount \$mountopts \$homedev /home + # if we have /home under what's passed for persistent home, then + # we should make that the real /home. useful for mtd device on olpc + if [ -d /home/home ]; then mount --bind /home/home /home ; fi + [ -x /sbin/restorecon ] && /sbin/restorecon /home + if [ -d /home/liveuser ]; then USERADDARGS="-M" ; fi +} + +findPersistentHome() { + for arg in \`cat /proc/cmdline\` ; do + if [ "\${arg##persistenthome=}" != "\${arg}" ]; then + homedev=\${arg##persistenthome=} + return + fi + done +} + +if strstr "\`cat /proc/cmdline\`" persistenthome= ; then + findPersistentHome +elif [ -e /mnt/live/\${livedir}/home.img ]; then + homedev=/mnt/live/\${livedir}/home.img +fi + +# if we have a persistent /home, then we want to go ahead and mount it +if ! strstr "\`cat /proc/cmdline\`" nopersistenthome && [ -n "\$homedev" ] ; then + action "Mounting persistent /home" mountPersistentHome +fi + +# make it so that we don't do writing to the overlay for things which +# are just tmpdirs/caches +mount -t tmpfs -o mode=0755 varcacheyum /var/cache/yum +mount -t tmpfs tmp /tmp +mount -t tmpfs vartmp /var/tmp +[ -x /sbin/restorecon ] && /sbin/restorecon /var/cache/yum /tmp /var/tmp >/dev/null 2>&1 + +if [ -n "\$configdone" ]; then + exit 0 +fi + +# add fedora user with no passwd +action "Adding live user" useradd \$USERADDARGS -c "Live System User" liveuser +passwd -d liveuser > /dev/null + +# turn off firstboot for livecd boots +chkconfig --level 345 firstboot off 2>/dev/null +# We made firstboot a native systemd service, so it can no longer be turned +# off with chkconfig. It should be possible to turn it off with systemctl, but +# that doesn't work right either. For now, this is good enough: the firstboot +# service will start up, but this tells it not to run firstboot. I suspect the +# other services 'disabled' below are not actually getting disabled properly, +# with systemd, but we can look into that later. - AdamW 2010/08 F14Alpha +echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot + +# don't start yum-updatesd for livecd boots +chkconfig --level 345 yum-updatesd off 2>/dev/null + +# turn off mdmonitor by default +chkconfig --level 345 mdmonitor off 2>/dev/null + +# turn off setroubleshoot on the live image to preserve resources +chkconfig --level 345 setroubleshoot off 2>/dev/null + +# don't do packagekit checking by default +gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t string /apps/gnome-packagekit/update-icon/frequency_get_updates never >/dev/null +gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t string /apps/gnome-packagekit/update-icon/frequency_get_upgrades never >/dev/null +gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t string /apps/gnome-packagekit/update-icon/frequency_refresh_cache never >/dev/null +gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-packagekit/update-icon/notify_available false >/dev/null +gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-packagekit/update-icon/notify_distro_upgrades false >/dev/null +gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-packagekit/enable_check_firmware false >/dev/null +gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-packagekit/enable_check_hardware false >/dev/null +gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-packagekit/enable_codec_helper false >/dev/null +gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-packagekit/enable_font_helper false >/dev/null +gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-packagekit/enable_mime_type_helper false >/dev/null + + +# don't start cron/at as they tend to spawn things which are +# disk intensive that are painful on a live image +chkconfig --level 345 crond off 2>/dev/null +chkconfig --level 345 atd off 2>/dev/null +chkconfig --level 345 anacron off 2>/dev/null +chkconfig --level 345 readahead_early off 2>/dev/null +chkconfig --level 345 readahead_later off 2>/dev/null + +# Stopgap fix for RH #217966; should be fixed in HAL instead +touch /media/.hal-mtab + +# workaround clock syncing on shutdown that we don't want (#297421) +sed -i -e 's/hwclock/no-such-hwclock/g' /etc/rc.d/init.d/halt + +# and hack so that we eject the cd on shutdown if we're using a CD... +if strstr "\`cat /proc/cmdline\`" CDLABEL= ; then + cat >> /sbin/halt.local << FOE +#!/bin/bash +# XXX: This often gets stuck during shutdown because /etc/init.d/halt +# (or something else still running) wants to read files from the block\ +# device that was ejected. Disable for now. Bug #531924 +# we want to eject the cd on halt, but let's also try to avoid +# io errors due to not being able to get files... +#cat /sbin/halt > /dev/null +#cat /sbin/reboot > /dev/null +#/usr/sbin/eject -p -m \$(readlink -f /dev/live) >/dev/null 2>&1 +#echo "Please remove the CD from your drive and press Enter to finish restarting" +#read -t 30 < /dev/console +FOE +chmod +x /sbin/halt.local +fi + +EOF + +# bah, hal starts way too late +cat > /etc/rc.d/init.d/livesys-late << EOF +#!/bin/bash +# +# live: Late init script for live image +# +# chkconfig: 345 99 01 +# description: Late init script for live image. + +. /etc/init.d/functions + +if ! strstr "\`cat /proc/cmdline\`" liveimg || [ "\$1" != "start" ] || [ -e /.liveimg-late-configured ] ; then + exit 0 +fi + +exists() { + which \$1 >/dev/null 2>&1 || return + \$* +} + +touch /.liveimg-late-configured + +# read some variables out of /proc/cmdline +for o in \`cat /proc/cmdline\` ; do + case \$o in + ks=*) + ks="--kickstart=\${o#ks=}" + ;; + xdriver=*) + xdriver="\${o#xdriver=}" + ;; + esac +done + +# if liveinst or textinst is given, start anaconda +if strstr "\`cat /proc/cmdline\`" liveinst ; then + plymouth --quit + /usr/sbin/liveinst \$ks +fi +if strstr "\`cat /proc/cmdline\`" textinst ; then + plymouth --quit + /usr/sbin/liveinst --text \$ks +fi + +# configure X, allowing user to override xdriver +if [ -n "\$xdriver" ]; then + cat > /etc/X11/xorg.conf.d/00-xdriver.conf <> /etc/rc.d/init.d/livesys << EOF +# disable screensaver locking +gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-screensaver/lock_enabled false >/dev/null +gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /desktop/gnome/lockdown/disable_lock_screen true >/dev/null + +# set up timed auto-login for after 60 seconds +cat >> /etc/gdm/custom.conf << FOE +[daemon] +AutomaticLoginEnable=True +AutomaticLogin=liveuser +FOE + +# Show harddisk install on the desktop +sed -i -e 's/NoDisplay=true/NoDisplay=false/' /usr/share/applications/liveinst.desktop +mkdir /home/liveuser/Desktop +cp /usr/share/applications/liveinst.desktop /home/liveuser/Desktop +chown -R liveuser.liveuser /home/liveuser/Desktop +chmod a+x /home/liveuser/Desktop/liveinst.desktop + +# But not trash and home +gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/nautilus/desktop/trash_icon_visible false >/dev/null +gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/nautilus/desktop/home_icon_visible false >/dev/null + +# Turn off PackageKit-command-not-found while uninstalled +sed -i -e 's/^SoftwareSourceSearch=true/SoftwareSourceSearch=false/' /etc/PackageKit/CommandNotFound.conf + +# Use the animated laughlin background by default +gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -t str -s /desktop/gnome/background/picture_filename /usr/share/backgrounds/laughlin/default-tod/laughlin.xml + +EOF + +# Remove root password +passwd -d root > /dev/null + +# fstab from the install won't match anything. remove it and let dracut +# handle mounting. +cat /dev/null > /etc/fstab + +%end + +%packages +@admin-tools +@base +@base-x +@core +@dial-up +@fonts +@gnome-desktop +@graphical-internet +@hardware-support +@input-methods +#@office +#@printing +#@sound-and-video +anaconda +ibus-pinyin-db-android +isomd5sum +kernel +laughlin-backgrounds-animated-gnome +memtest86+ +nss-mdns +-ibus-pinyin-db-open-phrase +-smartmontools +grub-efi +grub2 + +%end