This is required to ensure that SELinux is configured properly while
building. It fixes the problem with building tar, and should be
installed in the other image types for consistency.
Resolves: rhbz#1654795
If we leave the root account w/o a password people will use it that way,
leading to insecure images. Also if we use a default password. So lock
the root account in the templates.
Users will need to do one of these things:
1. Use [[customizations.user]] in their blueprint to configure root or
another user.
2. Use [[customizations.sshkey]] to set a key for root
2. Install a package that configures a user at install time
3. Install a package that sets up a user at boot time (eg. cloud-init)
This also drops the auth line from the kickstart templates, allowing it
to use the default password algoritm instead of md5.
Resolves: rhbz#1626120
Currently we are making MBR disk images for qcow2 and partitioned disk,
so the UEFI packages aren't required at this point.
Move the clearpart command into compose.py so that in the futute it can
use clearpart --disklabel to create a GPT image, and add the required
packages to the package set.
The default size is always going to be wrong, so try to estimate a more
reasonable amount of space. This is more complicated than you would
expect, yum's installedsize doesn't take into account the block size of
the filesystem, nor any extra artifacts generated by pre/post scripts.
So in the end we end up with a minimum image size of 1GiB, a partition
that is 40% larger than the estimated space needed, and a disk image
that increases size in 1GiB increments. This is still better than having
a fixed 4GiB / partition that was either too large or too small.
This ended up requiring more intrusive changes, but it should be the
most complex of the output types. After moving the core of
livemedia-creator into a function I added more settings to compose_args,
and more defaults to start_build. It now pulls the release information
from /etc/os-release, and produces a bootable .iso
This adds the ability to build a tar output image. The /compose and
/compose/types API routes are now available.
To start a build POST a JSON body to /compose, like this:
{"recipe_name":"glusterfs", "compose_type":"tar", "branch":"master"}
This will return a unique build id:
{
"build_id": "4d13abb6-aa4e-4c80-a671-0b867e6e77f6",
"status": true
}
which will be used to keep track of the build status (routes for this
do not exist yet).
When multiple units are passed to systemctl and one fails it doesn't
finish the others. Change the template command to call systemctl for
each unit individually.
This also removes the lvm2-activation-generator in runtime-cleanup.tmpl
Resolves: rhbz#1478247
This will allow anaconda to fetch kickstarts using https when installing
with fips=1
Leave vmlinuz and .vmlinuz.hmac in /boot
dracut-fips module needs the vmlinuz.hmac file in order to boot.
Resolves: rhbz#1341280
We didn't add "efiarch32" on aarch64 because it made no sense, but we
need to because it's not an optional argument in the other template.
Just make it efiarch32=None.
Also fixes a typo in share/live/uefi.tmpl
Related: rhbz#1310775
This adds the aarch64 template, and the grub2-efi config file to the
live template directory.
Resolves: rhbz#1369014
(cherry picked from commit 89c7a93508b7328fc9c180164b23fae29bcd022b)
It doesn't run because we remove the libcairo-script* libraries, and
isn't needed by anything in the installation environment. Its presence
causes automated tests checking for missing libs to raise an error.
Resolves: rhbz#1355681
We didn't add "efiarch32" on aarch64 because it made no sense, but we
need to because it's not an optional argument in the other template.
Just make it efiarch32=None.
Related: rhbz#1310775
Signed-off-by: Peter Jones <pjones@redhat.com>
This enables Baytrail and similar atom CPUs that typically ship with a
32-bit firmware, but have a 64-bit capable CPU.
Resolves: rhbz#1310775
Signed-off-by: Peter Jones <pjones@redhat.com>
The latest POWER platform allows a host machine to configure guests
running in a different endian mode. Guests configured in this way may
have their bootloader configuration file corrupted after installation if
the file was not fully written to disk. The host machine would read the
journal and try to finish writing the file in the wrong endian mode.
Issuing an fsfreeze and unfreeze gives more assurance that the
configuration file is properly written before a reboot; this patch adds
fsfreeze to the installer runtime environment.
Related: rhbz#1315468
(cherry picked from commit 9543a46dac)
Resolves: rhbz#1382611
The kernel messages will be read from journal so don't use additional imlkog
module to read them duplicitly.
Fixup of
commit b5d0b1fd79
This is required for pre installation log feature in Anaconda.
The libpcap library is dependency for nmap-ncat which is dependency for
lvmdump -l.
Related: rhbz#1255659
There's something racy here; in my Atomic Workstation CI/CD I'm seeing:
```
01:12:43 symlink /lib/systemd/system/rngd.service etc/systemd/system/basic.target.wants/rngd.service
01:12:43 FileNotFoundError: [Errno 2] No such file or directory: '/lib/systemd/system/rngd.service' -> '/var/tmp/lorax.7cgdtz1_/installtree/etc/systemd/system/basic.target.wants/rngd.service'
```
Rather than debug this right now, let's just make sure it exists,
like we do right above for `tmp.mount`.
(cherry picked from commit 4f1f118cee)
Signed-off-by: Brian C. Lane <bcl@redhat.com>
Resolves: rhbz#1377430
Related: rhbz#1369439
Keep it same as in RHEL 7.2. They increase the size of the /tmp/syslog file
from ~280K to ~1M, and can be obtained from journal if needed.
Resolves: rhbz#1369439
Rsyslogd used to read messages from /dev/log together with systemd-journald
which resulted in NetworkManager messages not being passed to syslog due to a
race condition during starting NetworkManager and rsyslogd service. So use
imjournal rsyslog plugin that picks messages from journald instead of using the
/dev/log socket. Same as regular RHEL 7 system.
spice-vdagent, half of the thing that lets copy/paste work across a
spice connection, added sound support, I guess, so now we need
alsa-libs.
(cherry picked from commit 89441cd675)
Resolves: rhbz#1347737
In order for selinux to properly label the system it needs to see that
the config file exists.
Also remove the old code trying to copy in a selinux config file, it
never worked -- the removepkg would remove it.
(cherry picked from commit d6584e1d77)
Resolves: rhbz#1332147
When using the template install command copying the same file to itself
shouldn't crash. Just log the error and continue.
Also copy the s390 configuration files for use with livemedia-creator
Resolves: rhbz#1269213
(cherry picked from commit 701ab02619)
This will help improve the entropy situation with non-x86 hardware. rngd
will add entropy from hardware rng sources.
Resolves: rhbz#1258516
(cherry picked from commit 690feba381)
The ast module depends on:
drm,drm_kms_helper,ttm,syscopyarea,i2c-core,sysfillrect,sysimgblt,i2c-algo-bit
This retains the syscopyarea, sysfillrect, and sysimgblt modules.
Resolves: rhbz#1272658