Commit Graph

22 Commits

Author SHA1 Message Date
Brian C. Lane
3e08389a0f Change customizations.firewall to append items instead of replace
To maintain consistency with the other options this changes firewall to
combine the existing settings from the image template with the settings
from the blueprint.

Also updated the docs, added a new test for it, and sorted the output
for consistency.
2019-05-02 16:21:36 -07:00
Brian C. Lane
4f701e7e92 Update customizations.services documentation
Make it clear that the services are added to services already listed in
the image templates, and that you can specify any systemd unit filename.

Older releases are more restrictive, and this documentation will need to
be updated when these changes are backported.
2019-05-02 16:21:36 -07:00
Brian C. Lane
4d35668ab5 lorax-composer: Add firewall support to blueprints
You can now open ports in the firewall, using port numbers or service
names:

    [customizations.firewall]
    ports = ["22:tcp", "80:tcp", "imap:tcp", "53:tcp", "53:udp"]

Or enable/disable services registered with firewalld:

     [customizations.firewall.services]
     enabled = ["ftp", "ntp", "dhcp"]
     disabled = ["telnet"]

If the template contains firewall --disabled it cannot be overridden,
under the assumption that it is required for the image to boot in the
selected environment.
2019-05-02 16:21:36 -07:00
Brian C. Lane
e5a8700bdf lorax-composer: Add locale support to blueprints
You can now set the keyboard layout and language. Eg.

[customizations.locale]
languages = ["en_CA.utf8", "en_HK.utf8"]
keyboard = "de (dvorak)"

Existing entries in the kickstart templates are replaced with the new
ones. If there are no entries then it will default to 'keyboard us' and
'lang en_US.UTF-8'

Includes tests, and leaves the existing keyboard and lang entries in the
templates with a note that they can be replaced by the blueprint.
2019-05-02 16:21:36 -07:00
Brian C. Lane
2929deaf01 Update docs for new timezone section 2019-05-02 16:21:36 -07:00
Brian C. Lane
95c288d829 Proposal for adding to the blueprint customizations
The goal here is to do the minimum needed to get the images setup for
use so they can have more complex customizations applied later.
I think this list is a pretty good minimal set of features without going
full kickstart.
2019-05-02 16:21:36 -07:00
Brian C. Lane
59464286f9 lorax-composer: Add the ability to append to the kernel command-line
Sometimes it is necessary to modify the kernel command-line of the
image, this adds support for a [customizations.kernel] section to the
blueprint:

[customizations.kernel]
append = "nosmt=force"

This will be appended to the kickstart's bootloader --append argument.

Includes tests for modifying the bootloader line, the kickstart
template, and examining the final-kickstart.ks created for a compose.
2019-03-26 11:06:57 -07:00
Brian C. Lane
f6f2308765 Add pylorax.api.gitrpm module and tests
This handles creating the rpm from the dictionary describing the
repository and rpm. Also adds tests for archive and rpm creation.
2019-03-15 11:18:12 -07:00
Brian C. Lane
d7b96c8f0f Add support for [[repos.git]] section to blueprints
This adds support, documentation, and testing for a [[repos.git]]
blueprint section that can be used to install files from a git
repository. It will create an rpm that will be added to the build,
and included in the metadata that can be downloaded. This allows you to
accurately keep track of the source of configuration files and extra
metadata that is added to the build.

The source repo and reference will be listed in the rpm's summary making
it easy to discover on the installed system.
2019-03-15 11:18:12 -07:00
Brian C. Lane
35b8957f12 Remove SELinux Permissive checks
Anaconda, Lorax, lorax-composer, and livemedia-creator can all now run
with SELinux in Enforcing mode. It does not need to be disabled and if
there are denials they should be reported as a bug.

Log the current state of SELinux when starting, update the
documentation.
2018-11-29 11:06:26 -08:00
Alexander Todorov
6631002a81 Update docs with info about ssh keys
it looks like the key value expects the entire content of
~/.ssh/id_rsa.pub
2018-11-08 10:32:42 +02:00
Brian C. Lane
c017300ad6 Revert "Rename composer-cli to composer"
This reverts commit c9be91c879.

It conflicts with the PHP dependency manager project named 'composer'
2018-10-08 09:23:47 -07:00
Brian C. Lane
f360ef9216 Lock the root account, except on live-iso
If we leave the root account w/o a password people will use it that way,
leading to insecure images. Also if we use a default password. So lock
the root account in the templates.

Users will need to do one of these things:
 1. Use [[customizations.user]] in their blueprint to configure root or
    another user.
 2. Use [[customizations.sshkey]] to set a key for root
 2. Install a package that configures a user at install time
 3. Install a package that sets up a user at boot time (eg. cloud-init)

This also drops the auth line from the kickstart templates, allowing it
to use the default password algoritm instead of md5.

Resolves: rhbz#1626122
2018-10-02 13:59:42 -07:00
Lars Karlitski
c9be91c879 Rename composer-cli to composer 2018-09-20 12:02:03 +03:00
Brian C. Lane
04fd94f44b Add documentation for using a DVD as the package source 2018-08-21 11:28:35 -07:00
Brian C. Lane
83e5f3f885 Add a note about using lorax-composer.service
Update the docs to make it clear that .socket will be slow to respond to
the first request, and to use .service to speed it up.
2018-08-13 16:41:44 -07:00
Chris Lumens
bf95a3310b Document that you shouldn't run lorax-composer twice.
(cherry picked from commit 052828047c)
2018-07-26 10:41:56 -04:00
Chris Lumens
76d376fe18 Add support for groups to blueprints.
Nothing is currently being done with this information, but it will be
soon.

(cherry picked from commit 0f69d2084c)
2018-07-18 13:48:25 -07:00
Brian C. Lane
9e41052992 Fix a couple typos in lorax-composer docs.
The description of blueprint versions was wrong, now it is
correct.
2018-06-29 14:15:54 -07:00
Brian C. Lane
6d677b2207 Add support for user defined package sources API
This lives under /api/v0/projects/source/*

See the documentation for details
2018-06-04 15:45:36 -07:00
Brian C. Lane
e963af3b1a Fix documentation for enabling lorax-composer.socket
It needs to be enabled AND started for it to work.
2018-05-14 14:09:46 -07:00
Brian C. Lane
ad549a4601 Add documentation for lorax-composer and composer-cli 2018-05-14 13:00:15 -07:00