From a272436f455447cae4337369ac37161331f5361d Mon Sep 17 00:00:00 2001
From: Matthew Miller <mattdm@mattdm.org>
Date: Mon, 2 Jun 2014 12:04:23 -0400
Subject: [PATCH] the future Fedora Atomic, although this is currently just
 regular. it will diverge soon

---
 fedora-cloud-atomic.ks | 226 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 226 insertions(+)
 create mode 100644 fedora-cloud-atomic.ks

diff --git a/fedora-cloud-atomic.ks b/fedora-cloud-atomic.ks
new file mode 100644
index 0000000..69ff3f2
--- /dev/null
+++ b/fedora-cloud-atomic.ks
@@ -0,0 +1,226 @@
+# Fedora Atomic is a cloud-focused spin implementing the Project Atomic
+# patterns. 
+#
+# RIGHT NOW, this is very like the traditional cloud image -- this is
+# just a starting point.
+
+text
+lang en_US.UTF-8
+keyboard us
+timezone --utc Etc/UTC
+
+auth --useshadow --enablemd5
+selinux --enforcing
+rootpw --lock --iscrypted locked
+user --name=none
+
+firewall --disabled
+
+bootloader --timeout=1 --append="console=tty1 console=ttyS0,115200n8" extlinux
+
+network --bootproto=dhcp --device=eth0 --activate --onboot=on
+services --enabled=network,sshd,rsyslog,cloud-init,cloud-init-local,cloud-config,cloud-final
+
+zerombr
+clearpart --all
+part / --size 3000 --fstype ext4
+
+%include fedora-repo.ks
+
+
+reboot
+
+# Package list.
+%packages
+kernel-core
+@core
+grubby
+
+# cloud-init does magical things with EC2 metadata, including provisioning
+# a user account with ssh keys.
+cloud-init
+
+# this is used by openstack's cloud orchestration framework (and it's small)
+heat-cfntools
+
+# need this for growpart, because parted doesn't yet support resizepart
+# https://bugzilla.redhat.com/show_bug.cgi?id=966993
+cloud-utils-growpart
+
+# We need this image to be portable; also, rescue mode isn't useful here.
+dracut-config-generic
+-dracut-config-rescue
+
+syslinux-extlinux 
+
+# Needed initially, but removed below.
+firewalld
+
+# cherry-pick a few things from @standard
+tar
+rsync
+
+# Some things from @core we can do without in a minimal install
+-biosdevname
+-plymouth
+-NetworkManager
+-iprutils
+-kbd
+-uboot-tools
+-kernel
+
+%end
+
+
+
+%post --erroronfail
+
+# Create grub.conf for EC2. This used to be done by appliance creator but
+# anaconda doesn't do it. And, in case appliance-creator is used, we're
+# overriding it here so that both cases get the exact same file.
+# Note that the console line is different -- that's because EC2 provides
+# different virtual hardware, and this is a convenient way to act differently
+echo -n "Creating grub.conf for pvgrub"
+rootuuid=$( awk '$2=="/" { print $1 };'  /etc/fstab )
+mkdir /boot/grub
+echo -e 'default=0\ntimeout=0\n\n' > /boot/grub/grub.conf
+for kv in $( ls -1v /boot/vmlinuz* |grep -v rescue |sed s/.*vmlinuz-//  ); do
+  echo "title Fedora ($kv)" >> /boot/grub/grub.conf
+  echo -e "\troot (hd0)" >> /boot/grub/grub.conf
+  echo -e "\tkernel /boot/vmlinuz-$kv ro root=$rootuuid console=hvc0 LANG=en_US.UTF-8" >> /boot/grub/grub.conf
+  echo -e "\tinitrd /boot/initramfs-$kv.img" >> /boot/grub/grub.conf
+  echo
+done
+
+
+#link grub.conf to menu.lst for ec2 to work
+echo -n "Linking menu.lst to old-style grub.conf for pv-grub"
+ln -sf grub.conf /boot/grub/menu.lst
+ln -sf /boot/grub/grub.conf /etc/grub.conf
+
+# older versions of livecd-tools do not follow "rootpw --lock" line above
+# https://bugzilla.redhat.com/show_bug.cgi?id=964299
+passwd -l root
+# remove the user anaconda forces us to make
+userdel -r none
+
+# Kickstart specifies timeout in seconds; syslinux uses 10ths.
+# 0 means wait forever, so instead we'll go with 1.
+sed -i 's/^timeout 10/timeout 1/' /boot/extlinux/extlinux.conf
+
+# setup systemd to boot to the right runlevel
+echo -n "Setting default runlevel to multiuser text mode"
+rm -f /etc/systemd/system/default.target
+ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
+echo .
+
+# If you want to remove rsyslog and just use journald, remove this!
+echo -n "Disabling persistent journal"
+rmdir /var/log/journal/ 
+echo . 
+
+# this is installed by default but we don't need it in virt
+echo "Removing linux-firmware package."
+yum -C -y remove linux-firmware
+
+# Remove firewalld; was supposed to be optional in F18+, but is required to
+# be present for install/image building.
+echo "Removing firewalld."
+yum -C -y remove firewalld --setopt="clean_requirements_on_remove=1"
+
+# Another one needed at install time but not after that, and it pulls
+# in some unneeded deps (like, newt and slang)
+echo "Removing authconfig."
+yum -C -y remove authconfig --setopt="clean_requirements_on_remove=1"
+
+echo -n "Getty fixes"
+# although we want console output going to the serial console, we don't
+# actually have the opportunity to login there. FIX.
+# we don't really need to auto-spawn _any_ gettys.
+sed -i '/^#NAutoVTs=.*/ a\
+NAutoVTs=0' /etc/systemd/logind.conf
+
+echo -n "Network fixes"
+# initscripts don't like this file to be missing.
+cat > /etc/sysconfig/network << EOF
+NETWORKING=yes
+NOZEROCONF=yes
+EOF
+
+# For cloud images, 'eth0' _is_ the predictable device name, since
+# we don't want to be tied to specific virtual (!) hardware
+rm -f /etc/udev/rules.d/70*
+ln -s /dev/null /etc/udev/rules.d/80-net-name-slot.rules
+
+# simple eth0 config, again not hard-coded to the build hardware
+cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
+DEVICE="eth0"
+BOOTPROTO="dhcp"
+ONBOOT="yes"
+TYPE="Ethernet"
+PERSISTENT_DHCLIENT="yes"
+EOF
+
+# generic localhost names
+cat > /etc/hosts << EOF
+127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
+::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
+
+EOF
+echo .
+
+
+# Because memory is scarce resource in most cloud/virt environments,
+# and because this impedes forensics, we are differing from the Fedora
+# default of having /tmp on tmpfs.
+echo "Disabling tmpfs for /tmp."
+systemctl mask tmp.mount
+
+# make sure firstboot doesn't start
+echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot
+
+# Uncomment this if you want to use cloud init but suppress the creation
+# of an "ec2-user" account. This will, in the absence of further config,
+# cause the ssh key from a metadata source to be put in the root account.
+#cat <<EOF > /etc/cloud/cloud.cfg.d/50_suppress_ec2-user_use_root.cfg
+#users: []
+#disable_root: 0
+#EOF
+
+echo "Removing random-seed so it's not the same in every image."
+rm -f /var/lib/random-seed
+
+echo "Cleaning old yum repodata."
+yum history new
+yum clean all
+truncate -c -s 0 /var/log/yum.log
+
+echo "Import RPM GPG key"
+releasever=$(rpm -q --qf '%{version}\n' fedora-release)
+basearch=$(uname -i)
+rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
+
+echo "Packages within this cloud image:"
+echo "-----------------------------------------------------------------------"
+rpm -qa
+echo "-----------------------------------------------------------------------"
+# Note that running rpm recreates the rpm db files which aren't needed/wanted
+rm -f /var/lib/rpm/__db*
+
+
+echo "Fixing SELinux contexts."
+touch /var/log/cron
+touch /var/log/boot.log
+mkdir -p /var/cache/yum
+chattr -i /boot/extlinux/ldlinux.sys
+/usr/sbin/fixfiles -R -a restore
+chattr +i /boot/extlinux/ldlinux.sys
+
+echo "Zeroing out empty space."
+# This forces the filesystem to reclaim space from deleted files
+dd bs=1M if=/dev/zero of=/var/tmp/zeros || :
+rm -f /var/tmp/zeros
+echo "(Don't worry -- that out-of-space error was expected.)"
+
+%end
+