scp in openssh 8.7 will change to use sftp protocol. See
https://github.com/openssh/openssh-portable/pull/194 for details.
This enables the sshd internal-sftp implementation so that newer scp
versions will continue to work as expected. Note that the sshd service
is only running during the installation if inst.sshd is passed on the
kernel cmdline.
Resolves: rhbz#2041770
Some of the options have been removed, others are now the default.
MOTD still needs to be printed, the boot environment doesn't include the
pam motd module.
Resolves: rhbz#1872892
(cherry picked from commit 51a4a93f90)
mk-s390-cdboot has stopped working because the kernel outgrew the
hard-coded offset it used when creating cdboot.img. IBM now has a script
in s390utils that can do the same thing so use the upstream script
instead.
This drops mk-s390-cdboot script, switches the s390 templates to use
mk-s390image from s390utils.
It adds @ROOT@ to cdboot.prm, and sets inst.stage2 so that the installer
image will be found when booting the iso.
Related: rhbz#1892404
Include the generic.ins file on the s390 boot iso, so it's directly bootable
on an LPAR. The full iso already had generic.ins included.
(cherry picked from commit 0dbfe28745)
Signed-off-by: Brian C. Lane <bcl@redhat.com>
Related: rhbz#1844517
Anaconda creates a user for connecting via ssh during the installation when the sshpw kickstart command is used. The user is created with "/sbin/nologin" shell when /etc/default/useradd is missing, which prevents the user from log into the running installation.
Resolves: rhbz#1838677
This new setting for 'find_multipaths' tries to prevent things like
LVM from going ahead and activating LVM on the individual disks/paths
until there is reasonable certainty (via a timeout) that the device
is not a component of a multipath set.
NOTE: 'smart' is supported by device-mapper-multipath v0.7.7 and later.
Resolves: rhbz#1676777
(cherry picked from commit b8c1e706bb)
Signed-off-by: Brian C. Lane <bcl@redhat.com>
dracut renamed this module so the files were being removed from the
install.img (BUT not from the initramfs). They are necessary for the
shutdown eject feature to work.
Related: rhbz#1805405
The eject utility moved into util-linux and the package was dropped, but
since the runtime-cleanup template is using `removefrom util-linux
--allbut` it was never added to the boot.iso after the move.
This removes the package request for eject and adds it to the list of
binaries to keep from util-linux.
Related: rhbz#1805405
This adds cloud-init support to the vhd image.
Also limits the cloud-init datasource to Azure, and includes
cloud-utils-growpart to expand the filesystem to fit the available
space.
Resolves: rhbz#1754711
(cherry picked from commit f7688f9c8d)
It was substituting _ which didn't match what pungi uses for creating
the DVD. Make things consistent and use - as the replacement character.
(cherry picked from commit 372bef945f)
Related: rhbz#1757338
You can now set the keyboard layout and language. Eg.
[customizations.locale]
languages = ["en_CA.utf8", "en_HK.utf8"]
keyboard = "de (dvorak)"
Existing entries in the kickstart templates are replaced with the new
ones. If there are no entries then it will default to 'keyboard us' and
'lang en_US.UTF-8'
Includes tests, and leaves the existing keyboard and lang entries in the
templates with a note that they can be replaced by the blueprint.
(cherry picked from commit e5a8700bdf)
Related: rhbz#1709595
For example:
[customizations.timezone]
timezone = "US/Samoa"
ntpservers = ["0.pool.ntp.org"]
Also includes tests.
This removes the timezone kickstart command from all of the templates
except for google.ks which needs to set it's own ntp servers and timezone.
If timezone isn't included in the blueprint, and it is not already in a
template, it will be set to 'timezone UTC' by default.
If timezone is set in a template it is left as-is, under the assumption
that the image type requires it to boot correctly.
(cherry picked from commit 9bdbb29662)
Related: rhbz#1709595
The filesystem was too small because Anaconda always adds the kernel,
but the template uses --nocore so it doesn't take that into account.
Add it to the template so that the filesystem size will be large enough
to hold the extra packages.
Resolves: rhbz#1709792
This compose type creates a partitioned disk as a qcow2 file, but with
only one partition instead of using a separate /boot.
(cherry picked from commit 44e14176bb)
Resolves: rhbz#1689140
This adds a new livemedia-creator argument, --extra-boot-args, which can
be used to add arguments to the kernel command-line in the templates.
Related: rhbz#1687743
In order to support iso creation on multiple arches with the templates
we need to be able to select different packages based on arch.
lorax-composer uses the arch-specific Lorax templates in order to
generate the output iso so this patch:
1. Creates a new template and type to parse it, live-install.tmpl
which contains only installpkg commands and #if clauses for arch
2. Removes bootloader related packages from the live-iso.ks
3. Remove dracut-config-rescue exclusion because it can cause problems
with some blueprints.
4. Switch logo requirement to system-logos which is satisfied by
generic-logos or fedora-logos. This prevents conflicts when a blueprint
installs fedora-release-workstation.
So in the future, if x86.tmpl, etc. need a new package to support
creating the iso it should be added to the correct section in
./share/live/live-install.tmpl
Resolves: rhbz#1673744
If a package is excluded in the template and later added by a blueprint
or dependency, anaconda will fail to finish the installation. So remove
the -dracut-config-rescue exclusion and instead remove the rescue
artifacts in %post
Related: rhbz#1673744
Some platforms, like ppc64, require that the /boot partition be present.
It doesn't hurt to have it there on other platforms so instead of trying
to add per-arch kickstart templates just use reqpart --add-boot
everywhere.
Related: rhbz#1673744
Apparently nobody has used these since the switch to py3, xrange is now
range and it needs to read the file in binary mode when generating the
sha256.
Related: rhbz#1673744
Some platforms do not have grub2, and some require other partitions.
Anaconda will add platform specific partitions if the 'reqpart' command
is included, and it will add bootloader specific packages to the list if
they are needed.
Related: rhbz#1673744
This is required to ensure that SELinux is configured properly while
building. It fixes the problem with building tar, and should be
installed in the other image types for consistency.
Resolves: rhbz#1645189
Images don't work without these fixes:
* Enable Network Manager.
* Disable cloud-init.
* Add Hyper-V modules into initramfs.
Fixes specific for RHEL:
* Create ifcfg-eth0 required by waagent.
* Install python3 and net-tools required by waagent.
Recommended changes:
* Use recommended kernel boot args.
* Disable kdump.
Related: rhbz#1628648
Since these images can be used to create multiple machines, they should
not have a unique machine-id attached to them. Replace /etc/machine-id
with an empty file so that it will be regenerated at boot time.
(cherry picked from commit 6fab72d894)
Related: rhbz#1628645
Related: rhbz#1628646
Related: rhbz#1628647
Related: rhbz#1628648
This is similar to the AMI type, but also adds open-vm-tools and does not do
anything special to the partitioning
(cherry picked from commit 1056bfc25b)
Resolves: rhbz#1628646
This does pretty much the same things as the AMI compose type, but also
replaces NetworkManager with the Azure linux agent.
(cherry picked from commit e0c236ff36)
Resolves: rhbz#1628648
This differs from lmc's --make-ami in that creates a full disk image instead of
an fsimage. Create a raw disk image with a / and /boot partitions, and enable
sshd, chronyd, and cockpit by default.
(cherry picked from commit 18188bf6cf)
Resolves: rhbz#1628647
If we leave the root account w/o a password people will use it that way,
leading to insecure images. Also if we use a default password. So lock
the root account in the templates.
Users will need to do one of these things:
1. Use [[customizations.user]] in their blueprint to configure root or
another user.
2. Use [[customizations.sshkey]] to set a key for root
2. Install a package that configures a user at install time
3. Install a package that sets up a user at boot time (eg. cloud-init)
This also drops the auth line from the kickstart templates, allowing it
to use the default password algoritm instead of md5.
Resolves: rhbz#1626122
The service is a part of initscripts package which is no more pulled in as a
transitive dependcy so we have to require it explicitly.
Resolves: rhbz#1618668
Currently we are making MBR disk images for qcow2 and partitioned disk,
so the UEFI packages aren't required at this point.
Move the clearpart command into compose.py so that in the futute it can
use clearpart --disklabel to create a GPT image, and add the required
packages to the package set.
As explained in detail in the bug, 'hostname' must be installed
for the dracut 95iscsi module to work (and thus for key iscsi
modules to be included in the initramfs generated by lorax). Up
till recently, we got it as a dependency of initscripts, but
when network-scripts split from initscripts, the dependency went
with it. Now nothing else pulls it in as a dep, so let's just
pull it in explicitly here.
Resolves: rhbz#1599183
Signed-off-by: Adam Williamson <awilliam@redhat.com>
(cherry picked from commit 7f805287ca)
Brian C. Lane
Dan Horák
jstodola
David Lehman
Jan Stodola
David Shea
Vendula Poncova
Lars Karlitski
Radek Vykydal
Adam Williamson