To maintain consistency with the other options this changes firewall to
combine the existing settings from the image template with the settings
from the blueprint.
Also updated the docs, added a new test for it, and sorted the output
for consistency.
(cherry picked from commit 3e08389a0f)
Resolves: rhbz#1709595
Make it clear that the services are added to services already listed in
the image templates, and that you can specify any systemd unit filename.
Older releases are more restrictive, and this documentation will need to
be updated when these changes are backported.
(cherry picked from commit 4f701e7e92)
Related: rhbz#1709595
Add support for enabling and disabling systemd services in the
blueprint. It works like this:
[customizations.services]
enabled = ["sshd", "cockpit.socket", "httpd"]
disabled = ["postfix", "telnetd"]
They are *added* to any existing settings in the kickstart templates.
(cherry picked from commit 1111aee92d)
Related: rhbz#1709595
You can now open ports in the firewall, using port numbers or service
names:
[customizations.firewall]
ports = ["22:tcp", "80:tcp", "imap:tcp", "53:tcp", "53:udp"]
Or enable/disable services registered with firewalld:
[customizations.firewall.services]
enabled = ["ftp", "ntp", "dhcp"]
disabled = ["telnet"]
If the template contains firewall --disabled it cannot be overridden,
under the assumption that it is required for the image to boot in the
selected environment.
(cherry picked from commit 4d35668ab5)
Related: rhbz#1709595
You can now set the keyboard layout and language. Eg.
[customizations.locale]
languages = ["en_CA.utf8", "en_HK.utf8"]
keyboard = "de (dvorak)"
Existing entries in the kickstart templates are replaced with the new
ones. If there are no entries then it will default to 'keyboard us' and
'lang en_US.UTF-8'
Includes tests, and leaves the existing keyboard and lang entries in the
templates with a note that they can be replaced by the blueprint.
(cherry picked from commit e5a8700bdf)
Related: rhbz#1709595
This fixes the customizations list problem earlier than in
add_customizations.
In the recipe it should be [customizations] not [[customizations]]
which creates a list. If it was used that way grab the first element and
replace the list with it.
(cherry picked from commit 67007dfa60)
Related: rhbz#1709595
For example:
[customizations.timezone]
timezone = "US/Samoa"
ntpservers = ["0.pool.ntp.org"]
Also includes tests.
This removes the timezone kickstart command from all of the templates
except for google.ks which needs to set it's own ntp servers and timezone.
If timezone isn't included in the blueprint, and it is not already in a
template, it will be set to 'timezone UTC' by default.
If timezone is set in a template it is left as-is, under the assumption
that the image type requires it to boot correctly.
(cherry picked from commit 9bdbb29662)
Related: rhbz#1709595
The goal here is to do the minimum needed to get the images setup for
use so they can have more complex customizations applied later.
I think this list is a pretty good minimal set of features without going
full kickstart.
(cherry picked from commit 95c288d829)
Related: rhbz#1709595
The filesystem was too small because Anaconda always adds the kernel,
but the template uses --nocore so it doesn't take that into account.
Add it to the template so that the filesystem size will be large enough
to hold the extra packages.
Resolves: rhbz#1709792
You would need to run reset to regain control of your terminal after
this happened, so this turns off the monitor and serial port mux to
stdout.
Resolves: rhbz#1691632
- verify SemVer .patch number will be automatically updated when
we push the blueprint a second time without changing version
- verify show displays the content in TOML format and it matches
what is on disk. Because of that also start with empty packages
and groups fields in the initial toml. If they are missing they
will be added automatically by lorax-composer and this simplifies
the test
- verify delete works
Related: rhbz#1698368
libdnf-0.22.5-5 changed something and now the repos with fake urls are
failing when loaded by test_server.py (they still work fine with
test_projects.py) so only use the 'good' repos with the test_server.py
tests -- the others weren't needed for any of its tests anyway.
Related: rhbz#1678937
And make buildstamp test ignore the version number, since it might be
devel or it might be an actual version when running against the
installed package.
Related: rhbz#1678937
Use it for the save, delete, push testing for composer-cli
tests. Otherwise the test runs fine the first time and fails after that
if you don't re-install the test environment.
Related: rhbz#1678937
This will help with testing outside of a container. Use pip3 install -r
requirements-test.txt to install the modules used for testing.
Related: rhbz#1678937
This compose type creates a partitioned disk as a qcow2 file, but with
only one partition instead of using a separate /boot.
(cherry picked from commit 44e14176bb)
Resolves: rhbz#1689140
This option will create an optionally compressed tarball containing a
disk image. This format is used by Google's Compute Engine.
This also adds a new option, tar_disk_name, to set the name of the disk
image that will be wrapped in the final tarball. opts.image_name
continues to be the final output file name.
(cherry picked from commit c941b82b0c)
Related: rhbz#1689140
Modify imgutils.compress to allow the "rootdir" argument to be either a
directory or a single file to add to an archive.
(cherry picked from commit c585b91422)
Related: rhbz#1689140
If provided, round the disk image size up to a multiple of the value.
This allows for image formats with specific size-alignment requirements
(e.g., disk size must be in GiB).
(cherry picked from commit 8ef4f431d8)
Related: rhbz#1689140
If a repository has `sslcacert`, `sslclientcert`, or `ssclientkey` set,
pass them to anaconda through the kickstart file. This is mostly the
case when using RHEL repositories that are accessed through a
subscription.
(cherry picked from commit e194b5926c)
Resolves: rhbz#1663950
The root account checks are applied to generated and deployed images
to make sure that root account is locked, except for live ISO.
Related: rhbz#1626122
The first build for 8.1.0 contained some bugs that referenced old 8.0.0
bugs. I edited the spec in dist-git and the changes need to be reflected
here as well.
Related: rhbz#1678937
This allows iso builds to include the extra kernel boot parameters by
passing them to the arch-specific live/*tmpl template.
Also adds tests to make sure it is written to config.toml in the build
metadata.
Resolves: rhbz#1687743
The shlex splitting can fail, resulting in error messages like:
ERROR livemedia-creator: No closing quotation
without any context in the log files. This logs the line that failed to
be split and expanded.
Related: rhbz#1687743
This adds a new livemedia-creator argument, --extra-boot-args, which can
be used to add arguments to the kernel command-line in the templates.
Related: rhbz#1687743
