lorax/share/composer/qcow2.ks
Brian C. Lane 8963c33e16 Lock the root account, except on live-iso
If we leave the root account w/o a password people will use it that way,
leading to insecure images. Also if we use a default password. So lock
the root account in the templates.

Users will need to do one of these things:
 1. Use [[customizations.user]] in their blueprint to configure root or
    another user.
 2. Use [[customizations.sshkey]] to set a key for root
 2. Install a package that configures a user at install time
 3. Install a package that sets up a user at boot time (eg. cloud-init)

This also drops the auth line from the kickstart templates, allowing it
to use the default password algoritm instead of md5.

Resolves: rhbz#1626122
2018-10-05 09:09:10 -07:00

39 lines
810 B
Plaintext

# Lorax Composer qcow2 output kickstart template
# Firewall configuration
firewall --enabled
# NOTE: The root account is locked by default
# Network information
network --bootproto=dhcp --onboot=on --activate
# System keyboard
keyboard --xlayouts=us --vckeymap=us
# System language
lang en_US.UTF-8
# SELinux configuration
selinux --enforcing
# Installation logging level
logging --level=info
# Shutdown after installation
shutdown
# System timezone
timezone US/Eastern
# System bootloader configuration
bootloader --location=mbr
%post
# Remove random-seed
rm /var/lib/systemd/random-seed
%end
%packages
kernel
-dracut-config-rescue
grub2
# Make sure virt guest agents are installed
qemu-guest-agent
spice-vdagent
# NOTE lorax-composer will add the recipe packages below here, including the final %end