0cb4d04479
If we leave the root account w/o a password people will use it that way,
leading to insecure images. Also if we use a default password. So lock
the root account in the templates.
Users will need to do one of these things:
1. Use [[customizations.user]] in their blueprint to configure root or
another user.
2. Use [[customizations.sshkey]] to set a key for root
2. Install a package that configures a user at install time
3. Install a package that sets up a user at boot time (eg. cloud-init)
This also drops the auth line from the kickstart templates, allowing it
to use the default password algoritm instead of md5.
Resolves: rhbz#1626122
35 lines
894 B
Plaintext
35 lines
894 B
Plaintext
# Lorax Composer filesystem output kickstart template
|
|
|
|
# Firewall configuration
|
|
firewall --enabled
|
|
|
|
# NOTE: The root account is locked by default
|
|
# Network information
|
|
network --bootproto=dhcp --onboot=on --activate
|
|
# System keyboard
|
|
keyboard --xlayouts=us --vckeymap=us
|
|
# System language
|
|
lang en_US.UTF-8
|
|
# SELinux configuration
|
|
selinux --enforcing
|
|
# Installation logging level
|
|
logging --level=info
|
|
# Shutdown after installation
|
|
shutdown
|
|
# System timezone
|
|
timezone US/Eastern
|
|
# System bootloader configuration (unpartitioned fs image doesn't use a bootloader)
|
|
bootloader --location=none
|
|
|
|
%post
|
|
# Remove random-seed
|
|
rm /var/lib/systemd/random-seed
|
|
%end
|
|
|
|
# NOTE Do NOT add any other sections after %packages
|
|
%packages --nocore
|
|
# Packages requires to support this output format go here
|
|
policycoreutils
|
|
|
|
# NOTE lorax-composer will add the blueprint packages below here, including the final %end
|