Commit Graph

595 Commits

Author SHA1 Message Date
Brian C. Lane
0a71478ac4 Adjust the new templates for locked root
also remote the auth line so that it uses the defaults.

Related: rhbz#1628645
Related: rhbz#1628646
Related: rhbz#1628647
Related: rhbz#1628648
2018-10-09 15:14:53 -07:00
Brian C. Lane
0cb4d04479 Lock the root account, except on live-iso
If we leave the root account w/o a password people will use it that way,
leading to insecure images. Also if we use a default password. So lock
the root account in the templates.

Users will need to do one of these things:
 1. Use [[customizations.user]] in their blueprint to configure root or
    another user.
 2. Use [[customizations.sshkey]] to set a key for root
 2. Install a package that configures a user at install time
 3. Install a package that sets up a user at boot time (eg. cloud-init)

This also drops the auth line from the kickstart templates, allowing it
to use the default password algoritm instead of md5.

Resolves: rhbz#1626122
2018-10-09 15:11:51 -07:00
David Shea
2304a73676 Add virt guest agents to the qcow2 compose
(cherry picked from commit d5a1993640)
2018-10-02 12:56:56 -04:00
David Shea
de6e1d027e Add a vmdk compose type.
This is similar to the AMI type, but also adds open-vm-tools and does not do
anything special to the partitioning

(cherry picked from commit 1056bfc25b)
2018-10-02 12:56:52 -04:00
David Shea
68c1a7aa96 Add a vhd compose type for Azure images
This does pretty much the same things as the AMI compose type, but also
replaces NetworkManager with the Azure linux agent.

(cherry picked from commit e0c236ff36)
2018-10-02 12:56:47 -04:00
David Shea
f79fd46f1f Add an ami compose type for AWS images
This differs from lmc's --make-ami in that creates a full disk image instead of
an fsimage. Create a raw disk image with a / and /boot partitions, and enable
sshd, chronyd, and cockpit by default.

(cherry picked from commit 18188bf6cf)
2018-10-02 12:56:33 -04:00
Brian C. Lane
02dc3404a8 Move disklabel and UEFI support to compose.py
Currently we are making MBR disk images for qcow2 and partitioned disk,
so the UEFI packages aren't required at this point.

Move the clearpart command into compose.py so that in the futute it can
use clearpart --disklabel to create a GPT image, and add the required
packages to the package set.
2018-08-09 15:26:09 -07:00
Brian C. Lane
a5ddd5e3bf Add redhat.exec to s390 .treeinfo
Resolves: rhbz#1593657
(cherry picked from commit 6d9187d559)
2018-06-21 11:22:55 -07:00
Colin Walters
e5ef195a3b templates: Stop using gconfset
We had only been indirectly pulling in GConf, and anyways
nothing was listening to these keys.

<kalev> I still think it's a fallout from 27a90d973f

Really in general, if we wanted to make changes like this
it'd probably be a lot simpler to do them on boot or so.

https://bugzilla.redhat.com/show_bug.cgi?id=1581838
(cherry picked from commit bb3d8edd06)
2018-05-24 09:13:05 -07:00
Brian C. Lane
8bd028e9d0 Update composer templates for use with Fedora 2018-05-17 10:34:35 -07:00
Brian C. Lane
cb0158ca22 Add lorax-composer and the composer kickstart templates 2018-05-17 10:34:34 -07:00
Brian C. Lane
751780664a Remove -boot-info-table from s390 boot.iso creation (#1478448)
It corrupts the kernel+initrd and isn't needed when booting on s390.

Related: rhbz#1478448
(cherry picked from commit 081da8859a)
2018-05-16 10:50:54 -07:00
Dan Horák
1c06fccfe8 change installed packages on ppc
- drop kernel-bootwrapper as it was used with 32-bit ppc
- replace ppc64-utils meta-package (to be retired) with the real requirements

(cherry picked from commit 1d32a0cb36)
2018-05-16 10:40:06 -07:00
Dan Horák
8ba16e8f15 drop support for 32-bit ppc
(cherry picked from commit d95cb93df0)
2018-05-16 10:39:58 -07:00
Dan Horák
d569830f50 remove redundant mkdir
(cherry picked from commit 2fd3174684)
2018-05-16 10:39:51 -07:00
Martin Kolman
16009e092e Fix anaconda metapackage name
"anaconda-install-deps" was the original placeholder name
of the metapackage and it looks like I forgot to change it
to "anaconda-install-env-deps", which is the final name
we have decided sounds better.

Oops! (it's even correct in the commit message...)

(cherry picked from commit db9e2a1e41)
Signed-off-by: Brian C. Lane <bcl@redhat.com>
2018-04-09 09:11:17 -07:00
Martin Kolman
bd81fa5d60 Include the anaconda-install-env-deps metapackage
Use the anaconda-install-env-deps metapackage to pull in the
Anaconda dependencies needed in the installation environment.

The anaconda-install-env-deps metapackage lists all install time
dependencies and makes it possible for packages such as
Initial Setup to depend on Anaconda without pulling all
the (mainly storage related) install time dependencies
to the installed system.

The same is applicable for dirinstall which also does
not require the install time dependencies as it is just
installing to a local folder.

Also drop the tmux and gdb dependencies from the template as
both have been added to the metapackage to make install time
dependency tracking more consistent.

(cherry picked from commit 106f330bb2)
Signed-off-by: Brian C. Lane <bcl@redhat.com>
2018-04-09 09:11:17 -07:00
Dusty Mabe
7a4be526cd
cleanup: don't remove libgstgl
It looks like gnome-helper grew a dependency on it so let's not remove
it. From today's pungi run we can see this error in the verify:

```
libgstgl-1.0.so.0, needed by /usr/bin/gnome-help, not found
```
2018-02-26 12:30:57 -05:00
Brian C. Lane
857dbff2ce Revert "add system-logos dependency for syslinux"
This reverts commit 13e234ae02.

system-logos is not needed in the runtime-install.tmpl because the
correct *-logos package is already installed by the _install_branding
code in treebuilder.py
2018-02-23 10:16:48 -08:00
Peter Robinson
13e234ae02 add system-logos dependency for syslinux
The x86.tmpl explicitly references the syslinux-splash provided in
the system-logos package and fails if it's not there so implicitly
install it on arches where syslinux is supported to ensure it's
there. Fixes rhbz #1529239

Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
2018-02-22 17:01:55 -08:00
Adam Williamson
396cee89bf Really don't try to build EFI images on i386
The previous attempt to fix this failed because of operator
ordering, so we actually still tried to build EFI images on
i386, so i386 lives failed. This really fixes it. I tested. I
actually built a 32-bit live and it worked.

Resolves: rhbz#1539085

Signed-off-by: Adam Williamson <awilliam@redhat.com>
2018-02-22 16:48:03 -08:00
Peter Jones
6b0b624638 Don't try to build efi images for basearch=i386.
This shouldn't have been turned on when we switched to doing ia32-efi
images on x86_64; just having the file available isn't where we want
that policy decision to be.

Resolves: rhbz#1539085

Signed-off-by: Peter Jones <pjones@redhat.com>
2018-01-26 09:57:25 -08:00
Adam Williamson
4dc0fc8b39 Don't try and install kernel-PAE on i686 any more
kernel-PAE has been intentionally removed from Rawhide kernel
builds; Fedora 27 will be the last release with kernel-PAE for
i686. So we need to not try and install it in future. See
http://pkgs.fedoraproject.org/rpms/kernel/c/21e4b8338 (it's a
big commit, but the change is in there, it's the second change
in kernel.spec).

Signed-off-by: Adam Williamson <awilliam@redhat.com>
2018-01-02 10:08:51 -08:00
Vendula Poncova
179ef628d4 Add dependencies for SE/HMC
(cherry-picked from a commit d8aee3b)
2017-11-27 12:01:30 -08:00
Stephen Gallagher
5584b6ac56 Storaged re-merged with udisks2 upstream
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2017-10-24 11:09:13 -07:00
Vendula Poncova
78a4e96015 Add swaplabel command
It is required by libblockdev.
2017-10-09 11:45:56 -07:00
Brian C. Lane
ec3a9af378 s390 doesn't need to graft product.img and updates.img into /images (#1496461)
The /images directory is already grafted into the iso, so it doesn't
need a specific line for the .img files.
2017-09-27 09:50:11 -07:00
Dan Horák
acb503db9f update graft variable in s390 template 2017-09-27 09:43:10 -07:00
Brian C. Lane
3607a10986 Restore all of the grub2-tools on x86_64 and i386 (#1492197)
These can be useful during installation or rescue.
(They are already present on ppc64)
2017-09-15 12:10:39 -07:00
Adam Williamson
5ace9bdec4 x86.tmpl: initially define compressargs as empty string
pjones and I happened to notice this suspicious line in the
lmc log for a Fedora 27 live image compose:

2017-08-25 16:04:55,327 DEBUG pylorax.ltmpl: template line 25: installimg None usr/share/lorax//product/ images/product.img

That 'None' does not look right. I believe this is the problem.
The command is defined as `installimg ${compressargs} ...`, and
a few lines earlier, `compressargs` is initially assigned (in
Python) as `None`. `None`, in Python, stringifies to the string
'None'. So unless we're on i386 (where `compressargs` gets
defined to an actual string of arguments in a conditional), we
wind up passing in the string 'None' as the first arg to the
`installimg` command.

To fix this, `compressargs` should be initially set to the empty
string rather than `None`.
2017-08-25 13:24:24 -07:00
Adam Williamson
35f954531b x86.tmpl: ensure efiarch64 is defined
pjones missed an initial definition for this variable, so i686
composes are failing with 'referenced before assignment':

https://koji.fedoraproject.org/koji/taskinfo?taskID=21459938
2017-08-25 13:24:17 -07:00
Peter Jones
fc017a1654 Fix grub2-efi-ia32-cdboot and shim-ia32 bits.
These should be x86_64 only, because that's what the packages are.

Signed-off-by: Peter Jones <pjones@redhat.com>
2017-08-24 12:05:21 -07:00
Peter Jones
3a9808c49d Make 64-bit kernel on 32-bit firmware work for x86 efi machines
This enables Baytrail and similar atom CPUs that typically ship with a
32-bit firmware, but have a 64-bit capable CPU.

Signed-off-by: Peter Jones <pjones@redhat.com>
2017-08-24 09:27:04 -07:00
Adam Williamson
a67b45ab0d Don't install rdma bits on 32-bit ARM (#1483278)
Per dledford, RDMA fundamentally cannot work reliably on 32-bit
ARM arches, so as part of the re-organization of the relevant
packages, building them on 32-bit ARM has been disabled (for
F27+). Thus we should adjust lorax not to try and install them
on 32-bit ARM. Also change the package name, the 'rdma' package
is obsoleted by 'rdma-core'. This commit should not be applied
to branches for older distros.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
2017-08-23 09:48:41 -07:00
Brian C. Lane
dc6b827d9d Add creation of a bootable s390 iso (#1478448)
Use mk-s390-cdboot to create a combined kernel+initrd and then build a
boot.iso using it.
2017-08-14 14:29:47 -07:00
Brian C. Lane
3382a24498 Fix systemctl command (#1478247)
When multiple units are passed to systemctl and one fails it doesn't
finish the others. Change the template command to call systemctl for
each unit individually.

This also removes the lvm2-activation-generator in runtime-cleanup.tmpl
2017-08-14 14:29:47 -07:00
Brian C. Lane
8154b3f7a3 Include the dracut fips module in the initrd (#1341280)
This will allow anaconda to fetch kickstarts using https when installing
with fips=1

Leave vmlinuz and .vmlinuz.hmac in /boot

dracut-fips module needs the vmlinuz.hmac file in order to boot.
2017-08-14 13:20:27 -07:00
Adam Williamson
2bb06be2f2 runtime-cleanup: preserve a couple more gstreamer libs
As of webkitgtk4-2.17.5-1.fc27 , it needs these two as well as
the others. This is breaking Rawhide composes at present.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
2017-08-02 17:15:43 -07:00
Dennis Gilmore
ac971d1b1e perl is needed on all arches now
/usr/bin/rxe_cfg from libibverbs needs perl. so include it everywhere.

Signed-off-by: Dennis Gilmore <dennis@ausil.us>
2017-07-31 07:38:07 -07:00
Jonathan Lebon
698d8c5109 runtime-cleanup.tmpl: don't delete localedef
This is required in the future for anaconda to be able to inspect the
supported locales in Atomic Host installations. This is the same patch
as https://github.com/rhinstaller/lorax/pull/194 but for the master
branch.
2017-07-06 11:58:20 -07:00
Sinny Kumari
b2283fada2 Don't remove libmenu.so library during cleanup on PowerPC
Library libmenu.so is needed by lp_diag binary from ppc64-diag
package. It leads to incomplete finish of compose iso generation
on Power. Keeping libmenu.so on PowerPC should fix the problem.

Resolves: rhbz#1461775

Signed-off-by: Sinny Kumari <sinny@redhat.com>
2017-06-19 14:40:32 +05:30
Brian C. Lane
cd4d866e9f Remove filegraft from arm.tmpl (#1457906)
It isn't used at all, so remove it instead of crashing.
2017-06-01 08:06:57 -07:00
Brian C. Lane
f3d262c8f7 arm.tmpl import basename (#1457055) 2017-05-31 08:32:34 -07:00
Brian C. Lane
33308c227c Add support for aarch64 live images
This adds the aarch64 template, and the grub2-efi config file to the
live template directory.

Resolves: rhbz#1369014
2017-05-30 09:46:10 -07:00
Peter Robinson
5bbd05e620 Add ppc64-diag for Power64 platforms
As per RHBZ #1433859 ppc64-diag is needed for dynamic pci hotplug in
virtual guest.

Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
2017-04-24 14:23:38 -07:00
Brian C. Lane
c91278a17d livemedia-creator: Add release license files to / of the iso
This used to be handled by a %post section of the kickstart, but that
won't work with lmc, so do it in the template instead.
2017-03-15 08:22:23 -07:00
Brian C. Lane
9fe59eed0b lorax: Add release license files to / of the iso 2017-03-15 08:22:23 -07:00
Dusty Mabe
d6b805ae09 add ostree to get installed in anaconda environment
rpm-ostree used to have a requirement on the ostree rpm. It no
longer has that dependency, but rather requires ostree-libs. However,
we call ostree directly in some cases so we need to have it installed.
2017-02-27 11:22:55 -08:00
Jiri Konecny
957e1af948 Add dependency for lvmdump -l command (#1255659)
This is required for pre installation logging feature in Anaconda.

The libpcap library is dependency for nmap-ncat which is dependency for
lvmdump -l.
2017-02-22 09:42:31 -08:00
Brian C. Lane
d95e69aa34 Create /dev/random and /dev/urandom before running rpm -qa (#1420523)
In order to run rpm inside the newly created image it now needs to
create a couple device nodes to satisfy nss, which is used by rpm.
2017-02-21 10:24:56 -08:00