Commit Graph

605 Commits

Author SHA1 Message Date
Brian C. Lane
97b138c3d1 lorax-composer: Install selinux-policy-targeted in images
This is required to ensure that SELinux is configured properly while
building. It fixes the problem with building tar, and should be
installed in the other image types for consistency.

Resolves: rhbz#1645189
2018-11-29 13:05:01 -08:00
Vendula Poncova
b594fa99bc Fix vhd images
Images don't work without these fixes:

* Enable Network Manager.
* Disable cloud-init.
* Add Hyper-V modules into initramfs.

Fixes specific for RHEL:

* Create ifcfg-eth0 required by waagent.
* Install python3 and net-tools required by waagent.

Recommended changes:

* Use recommended kernel boot args.
* Disable kdump.

Related: rhbz#1628648
2018-10-12 12:37:50 -07:00
Brian C. Lane
58236a6b61 Add an openstack image type
This is a qcow2 image with cloud-init in the template.

(cherry picked from commit 98f8b23129)

Resolves: rhbz#1628645
2018-10-09 11:55:30 -07:00
David Shea
da0435bc90 Add cloud-init to vhd images.
cloud-init can be used in Azure now

(cherry picked from commit ac9a2fdbc5)

Related: rhbz#1628648
2018-10-09 11:35:42 -04:00
David Shea
6bcb2823d4 Replace /etc/machine-id with an empty file
Since these images can be used to create multiple machines, they should
not have a unique machine-id attached to them. Replace /etc/machine-id
with an empty file so that it will be regenerated at boot time.

(cherry picked from commit 6fab72d894)

Related: rhbz#1628645
Related: rhbz#1628646
Related: rhbz#1628647
Related: rhbz#1628648
2018-10-09 11:34:48 -04:00
Lars Karlitski
43aedf6a15 Add and enable cloud-init for ami images
Images don't work at all on AWS without cloud-init.

Fixes #492

(cherry picked from commit 81d38b6445)

Related: rhbz#1628647
2018-10-05 11:28:17 -04:00
David Shea
d94ed86cd3 Add virt guest agents to the qcow2 compose
(cherry picked from commit d5a1993640)

Resolves: rhbz#1628645
2018-10-02 13:06:59 -04:00
David Shea
1a23dc0f2b Add a vmdk compose type.
This is similar to the AMI type, but also adds open-vm-tools and does not do
anything special to the partitioning

(cherry picked from commit 1056bfc25b)

Resolves: rhbz#1628646
2018-10-02 13:06:56 -04:00
David Shea
1c1f97ad70 Add a vhd compose type for Azure images
This does pretty much the same things as the AMI compose type, but also
replaces NetworkManager with the Azure linux agent.

(cherry picked from commit e0c236ff36)

Resolves: rhbz#1628648
2018-10-02 13:06:10 -04:00
David Shea
253689ff49 Add an ami compose type for AWS images
This differs from lmc's --make-ami in that creates a full disk image instead of
an fsimage. Create a raw disk image with a / and /boot partitions, and enable
sshd, chronyd, and cockpit by default.

(cherry picked from commit 18188bf6cf)

Resolves: rhbz#1628647
2018-10-02 13:05:40 -04:00
Brian C. Lane
85d7d3d01a Lock the root account, except on live-iso
If we leave the root account w/o a password people will use it that way,
leading to insecure images. Also if we use a default password. So lock
the root account in the templates.

Users will need to do one of these things:
 1. Use [[customizations.user]] in their blueprint to configure root or
    another user.
 2. Use [[customizations.sshkey]] to set a key for root
 2. Install a package that configures a user at install time
 3. Install a package that sets up a user at boot time (eg. cloud-init)

This also drops the auth line from the kickstart templates, allowing it
to use the default password algoritm instead of md5.

Resolves: rhbz#1626122
2018-09-28 15:34:58 -07:00
Brian C. Lane
551474ac8d Add prefixdevname support to the boot.iso
Resolves: rhbz#1623000
2018-09-17 16:19:07 -07:00
Radek Vykydal
9594d87ab8 Bring back import-state.service
The service is a part of initscripts package which is no more pulled in as a
transitive dependcy so we have to require it explicitly.

Resolves: rhbz#1618668
2018-08-20 08:36:40 -07:00
Brian C. Lane
22a6852b44 Move disklabel and UEFI support to compose.py
Currently we are making MBR disk images for qcow2 and partitioned disk,
so the UEFI packages aren't required at this point.

Move the clearpart command into compose.py so that in the futute it can
use clearpart --disklabel to create a GPT image, and add the required
packages to the package set.
2018-08-09 15:35:57 -07:00
Radek Vykydal
9196f4b92a Don't activate default auto connections after switchroot
Resolves: rhbz#1555934

Add NetworkManager config file turning default auto connections off.
2018-07-20 09:15:44 -07:00
Brian C. Lane
1e4ac3eb5e Use system-logos in live-iso.ks 2018-07-19 12:00:05 -07:00
Adam Williamson
bbd2e7b4ca Install 'hostname' in runtime-install (for iSCSI)
As explained in detail in the bug, 'hostname' must be installed
for the dracut 95iscsi module to work (and thus for key iscsi
modules to be included in the initramfs generated by lorax). Up
till recently, we got it as a dependency of initscripts, but
when network-scripts split from initscripts, the dependency went
with it. Now nothing else pulls it in as a dep, so let's just
pull it in explicitly here.

Resolves: rhbz#1599183

Signed-off-by: Adam Williamson <awilliam@redhat.com>
(cherry picked from commit 7f805287ca)
2018-07-09 10:06:24 -07:00
Brian C. Lane
089f0309fa Add redhat.exec to s390 .treeinfo
Resolves: rhbz#1593657
(cherry picked from commit 6d9187d559)
2018-06-21 11:23:30 -07:00
Colin Walters
e5ef195a3b templates: Stop using gconfset
We had only been indirectly pulling in GConf, and anyways
nothing was listening to these keys.

<kalev> I still think it's a fallout from 27a90d973f

Really in general, if we wanted to make changes like this
it'd probably be a lot simpler to do them on boot or so.

https://bugzilla.redhat.com/show_bug.cgi?id=1581838
(cherry picked from commit bb3d8edd06)
2018-05-24 09:13:05 -07:00
Brian C. Lane
8bd028e9d0 Update composer templates for use with Fedora 2018-05-17 10:34:35 -07:00
Brian C. Lane
cb0158ca22 Add lorax-composer and the composer kickstart templates 2018-05-17 10:34:34 -07:00
Brian C. Lane
751780664a Remove -boot-info-table from s390 boot.iso creation (#1478448)
It corrupts the kernel+initrd and isn't needed when booting on s390.

Related: rhbz#1478448
(cherry picked from commit 081da8859a)
2018-05-16 10:50:54 -07:00
Dan Horák
1c06fccfe8 change installed packages on ppc
- drop kernel-bootwrapper as it was used with 32-bit ppc
- replace ppc64-utils meta-package (to be retired) with the real requirements

(cherry picked from commit 1d32a0cb36)
2018-05-16 10:40:06 -07:00
Dan Horák
8ba16e8f15 drop support for 32-bit ppc
(cherry picked from commit d95cb93df0)
2018-05-16 10:39:58 -07:00
Dan Horák
d569830f50 remove redundant mkdir
(cherry picked from commit 2fd3174684)
2018-05-16 10:39:51 -07:00
Martin Kolman
16009e092e Fix anaconda metapackage name
"anaconda-install-deps" was the original placeholder name
of the metapackage and it looks like I forgot to change it
to "anaconda-install-env-deps", which is the final name
we have decided sounds better.

Oops! (it's even correct in the commit message...)

(cherry picked from commit db9e2a1e41)
Signed-off-by: Brian C. Lane <bcl@redhat.com>
2018-04-09 09:11:17 -07:00
Martin Kolman
bd81fa5d60 Include the anaconda-install-env-deps metapackage
Use the anaconda-install-env-deps metapackage to pull in the
Anaconda dependencies needed in the installation environment.

The anaconda-install-env-deps metapackage lists all install time
dependencies and makes it possible for packages such as
Initial Setup to depend on Anaconda without pulling all
the (mainly storage related) install time dependencies
to the installed system.

The same is applicable for dirinstall which also does
not require the install time dependencies as it is just
installing to a local folder.

Also drop the tmux and gdb dependencies from the template as
both have been added to the metapackage to make install time
dependency tracking more consistent.

(cherry picked from commit 106f330bb2)
Signed-off-by: Brian C. Lane <bcl@redhat.com>
2018-04-09 09:11:17 -07:00
Dusty Mabe
7a4be526cd
cleanup: don't remove libgstgl
It looks like gnome-helper grew a dependency on it so let's not remove
it. From today's pungi run we can see this error in the verify:

```
libgstgl-1.0.so.0, needed by /usr/bin/gnome-help, not found
```
2018-02-26 12:30:57 -05:00
Brian C. Lane
857dbff2ce Revert "add system-logos dependency for syslinux"
This reverts commit 13e234ae02.

system-logos is not needed in the runtime-install.tmpl because the
correct *-logos package is already installed by the _install_branding
code in treebuilder.py
2018-02-23 10:16:48 -08:00
Peter Robinson
13e234ae02 add system-logos dependency for syslinux
The x86.tmpl explicitly references the syslinux-splash provided in
the system-logos package and fails if it's not there so implicitly
install it on arches where syslinux is supported to ensure it's
there. Fixes rhbz #1529239

Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
2018-02-22 17:01:55 -08:00
Adam Williamson
396cee89bf Really don't try to build EFI images on i386
The previous attempt to fix this failed because of operator
ordering, so we actually still tried to build EFI images on
i386, so i386 lives failed. This really fixes it. I tested. I
actually built a 32-bit live and it worked.

Resolves: rhbz#1539085

Signed-off-by: Adam Williamson <awilliam@redhat.com>
2018-02-22 16:48:03 -08:00
Peter Jones
6b0b624638 Don't try to build efi images for basearch=i386.
This shouldn't have been turned on when we switched to doing ia32-efi
images on x86_64; just having the file available isn't where we want
that policy decision to be.

Resolves: rhbz#1539085

Signed-off-by: Peter Jones <pjones@redhat.com>
2018-01-26 09:57:25 -08:00
Adam Williamson
4dc0fc8b39 Don't try and install kernel-PAE on i686 any more
kernel-PAE has been intentionally removed from Rawhide kernel
builds; Fedora 27 will be the last release with kernel-PAE for
i686. So we need to not try and install it in future. See
http://pkgs.fedoraproject.org/rpms/kernel/c/21e4b8338 (it's a
big commit, but the change is in there, it's the second change
in kernel.spec).

Signed-off-by: Adam Williamson <awilliam@redhat.com>
2018-01-02 10:08:51 -08:00
Vendula Poncova
179ef628d4 Add dependencies for SE/HMC
(cherry-picked from a commit d8aee3b)
2017-11-27 12:01:30 -08:00
Stephen Gallagher
5584b6ac56 Storaged re-merged with udisks2 upstream
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2017-10-24 11:09:13 -07:00
Vendula Poncova
78a4e96015 Add swaplabel command
It is required by libblockdev.
2017-10-09 11:45:56 -07:00
Brian C. Lane
ec3a9af378 s390 doesn't need to graft product.img and updates.img into /images (#1496461)
The /images directory is already grafted into the iso, so it doesn't
need a specific line for the .img files.
2017-09-27 09:50:11 -07:00
Dan Horák
acb503db9f update graft variable in s390 template 2017-09-27 09:43:10 -07:00
Brian C. Lane
3607a10986 Restore all of the grub2-tools on x86_64 and i386 (#1492197)
These can be useful during installation or rescue.
(They are already present on ppc64)
2017-09-15 12:10:39 -07:00
Adam Williamson
5ace9bdec4 x86.tmpl: initially define compressargs as empty string
pjones and I happened to notice this suspicious line in the
lmc log for a Fedora 27 live image compose:

2017-08-25 16:04:55,327 DEBUG pylorax.ltmpl: template line 25: installimg None usr/share/lorax//product/ images/product.img

That 'None' does not look right. I believe this is the problem.
The command is defined as `installimg ${compressargs} ...`, and
a few lines earlier, `compressargs` is initially assigned (in
Python) as `None`. `None`, in Python, stringifies to the string
'None'. So unless we're on i386 (where `compressargs` gets
defined to an actual string of arguments in a conditional), we
wind up passing in the string 'None' as the first arg to the
`installimg` command.

To fix this, `compressargs` should be initially set to the empty
string rather than `None`.
2017-08-25 13:24:24 -07:00
Adam Williamson
35f954531b x86.tmpl: ensure efiarch64 is defined
pjones missed an initial definition for this variable, so i686
composes are failing with 'referenced before assignment':

https://koji.fedoraproject.org/koji/taskinfo?taskID=21459938
2017-08-25 13:24:17 -07:00
Peter Jones
fc017a1654 Fix grub2-efi-ia32-cdboot and shim-ia32 bits.
These should be x86_64 only, because that's what the packages are.

Signed-off-by: Peter Jones <pjones@redhat.com>
2017-08-24 12:05:21 -07:00
Peter Jones
3a9808c49d Make 64-bit kernel on 32-bit firmware work for x86 efi machines
This enables Baytrail and similar atom CPUs that typically ship with a
32-bit firmware, but have a 64-bit capable CPU.

Signed-off-by: Peter Jones <pjones@redhat.com>
2017-08-24 09:27:04 -07:00
Adam Williamson
a67b45ab0d Don't install rdma bits on 32-bit ARM (#1483278)
Per dledford, RDMA fundamentally cannot work reliably on 32-bit
ARM arches, so as part of the re-organization of the relevant
packages, building them on 32-bit ARM has been disabled (for
F27+). Thus we should adjust lorax not to try and install them
on 32-bit ARM. Also change the package name, the 'rdma' package
is obsoleted by 'rdma-core'. This commit should not be applied
to branches for older distros.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
2017-08-23 09:48:41 -07:00
Brian C. Lane
dc6b827d9d Add creation of a bootable s390 iso (#1478448)
Use mk-s390-cdboot to create a combined kernel+initrd and then build a
boot.iso using it.
2017-08-14 14:29:47 -07:00
Brian C. Lane
3382a24498 Fix systemctl command (#1478247)
When multiple units are passed to systemctl and one fails it doesn't
finish the others. Change the template command to call systemctl for
each unit individually.

This also removes the lvm2-activation-generator in runtime-cleanup.tmpl
2017-08-14 14:29:47 -07:00
Brian C. Lane
8154b3f7a3 Include the dracut fips module in the initrd (#1341280)
This will allow anaconda to fetch kickstarts using https when installing
with fips=1

Leave vmlinuz and .vmlinuz.hmac in /boot

dracut-fips module needs the vmlinuz.hmac file in order to boot.
2017-08-14 13:20:27 -07:00
Adam Williamson
2bb06be2f2 runtime-cleanup: preserve a couple more gstreamer libs
As of webkitgtk4-2.17.5-1.fc27 , it needs these two as well as
the others. This is breaking Rawhide composes at present.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
2017-08-02 17:15:43 -07:00
Dennis Gilmore
ac971d1b1e perl is needed on all arches now
/usr/bin/rxe_cfg from libibverbs needs perl. so include it everywhere.

Signed-off-by: Dennis Gilmore <dennis@ausil.us>
2017-07-31 07:38:07 -07:00
Jonathan Lebon
698d8c5109 runtime-cleanup.tmpl: don't delete localedef
This is required in the future for anaconda to be able to inspect the
supported locales in Atomic Host installations. This is the same patch
as https://github.com/rhinstaller/lorax/pull/194 but for the master
branch.
2017-07-06 11:58:20 -07:00